IE8 Security Part VIII: SmartScreen Filter Release Candidate Update

The SmartScreen Filter helps protect IE8 users against phishing scams and sites distributing malware. In a previous post, Eric described the SmartScreen features and improvements over the Phishing Filter in IE7, such as anti-malware support, new user interface, and better performance. Today I’m going to talk about how SmartScreen works with other features to combat malware, and describe the changes we’ve made in the IE8 Release Candidate to help keep you safe.

Real-World Malware Attacks
Malware authors are always trying to come up with new ways to infect your computer, and one common method is by tricking you into downloading what you think is a legitimate program. We recently saw an interesting example of such a trick, as reported by the SANS Internet Storm Center and the Grand Forks Herald. Fake parking tickets placed on cars around a city directed users to a website where they would need to install a toolbar to view pictures of their violation; the toolbar turned out to be malware. The database used by the SmartScreen Filter was immediately updated, and any user who tried to download this malware toolbar would have had it blocked, if they were running IE8 with the SmartScreen Filter enabled.

Malware Attacks in the Browser
Generally speaking, there are two ways malicious sites can attempt to infect your computer. One way is to exploit vulnerabilities in a web browser to automatically install malware without any user interaction, also known as a drive-by download. The other way is to lure or trick the user into choosing to download and run a program that is in fact malware, as in the example above. For complete protection, we must guard against both avenues of attack.

Source- IE Blog