Sophos researcher questions Microsoft's claims on infected downloads

Early last week saw Microsoft noting that its SmartScreen technology built into Internet Explorer 7 and upwards had tracked users' downloads – a possible security issue in itself, Infosecurity notes – and found that one in every 14 were infected.

According to Sophos' Chester Wisniewski, this percentage suggests there are as many as five million malware attacks against Internet Explorer users, meaning that users are falling victim to malicious downloads far more often than drive-by exploits.

"While these statistics are fascinating and very useful for those of us without the ability to collect this type of information, Microsoft is comparing apples to... nothing", he said in his latest security blog.

Wisniewski, a senior security advisor with Sophos Canada, says that SmartScreen is "unable to prevent exploits from convincing Adobe Reader, iTunes, RealPlayer, Adobe Flash, Java and other technologies from downloading malicious content, and Microsoft hasn't presented any data on how often exploits are actually being used."

The purpose of their post, he asserts, is to point out the success of Microsoft's reputation filtering they added in Internet Explorer 9.

"While it is an interesting step forward, Microsoft's own statistics raise more questions than they answer", he says, adding that Microsoft reports that 90% of downloads do not trigger a warning, which implies that one in every 10 times a usert tries to grab something, they get a scary warning message.

"When I receive this scary warning message, there is a 30% to 75% chance that it is a false positive", he says.

"This reminds me of an article I wrote for Virus Bulletin last year about browser SSL certificate warnings. Considering the scary warning messages that browsers display to users and the frequency with which they are confronted with these warnings, we end up training our users to simply click through", he noted.

The problem, says Wiesniewski, is that users think that, if the action were truly dangerous, then they would have been blocked.

Even worse, he adds, if up to 75% of the time you get the warning you are downloading a legitimate file, will you continue to pay attention to the warning when it really matters?

The bottom line, the Sophos Canada senior researcher goes on to say, is that he does not believe most computer users are equipped with the knowledge necessary to make good decisions regarding deeply technical problems.

"When they are confronted with a question attempting to stop them from making a mistake it is often viewed as an annoying roadblock", he says.

"As security experts we need to make safety online as black and white as possible. While SmartScreen is doing a great job at stopping known badware, I'm not convinced that reputation technologies that require users to make technological decisions are the right answer to the problem", he adds.

What’s Hot on Infosecurity Magazine?