Windows Live: Smartscreen - Your link-clicking conscience

As many of you may have noticed, Microsoft has introduced a new feature to Windows Live Messenger. SmartScreen is a handy bit of code that either allows a user to directly access a whitelisted site, redirects the user to specific interstitial pages, or systematically denies direct access; all based on the content of a posted link.

Typically, a WLM contact list is populated by the user's friends or close personal contacts. Increasingly, "block-checker" and other services have been harvesting usernames and passwords for reuse as link-spam bots that typically message individuals on the affected user's contact list. Since a typical layer of trust is implied with previously permitted contacts, malcious redirection and malware installing links have become prevalent, as many users can attest. SmartScreen provides a barrier between these (and all) links that might be accessed by the user.

Sites that are known to harbour malicious code and/or phishing pages are automatically flagged with a block page.

This page acts much like Google's malware/phishing system; by forcing users to directly copy and paste the link (along with providing a warning), users are more informed of the potential risks, including the specific warning that the aforementioned site has been known to be malicious in nature.

Sites that have high-traffic and are known NOT to contain such malicious material are indexed by SmartScreen. Users are able to directly access these sites with no impediment. Low-traffic or cases of minor abuse are prefixed with an informational page that allows the user to continue but also reminds the individual NOT to enter their Live password if so prompted.

Even as power users, we all know how a cleverly worded "Hey LOOK AT THIS PIC + link" can sometimes be enticing. To a normal user, the invitation can be quite desirable. With SmartScreen, Microsoft has added an extra layer of protection for the "average-Joe" and provided that extra half-second to remind a power-user that what they are doing might be costly. Through a clean implementation not only in Messenger but across Windows Live Wave 4, Microsoft has taken a proactive stance to the most common social-engineering threat.

Report a problem with article
Previous Story

3D to scorch laps worldwide

Next Story

TechSpot: Latest in Smartphones Q3 2010

14 Comments

Commenting is disabled on this article.

This feature has been integrated into the Microsoft Live Essentials products like Windows Messenger as they all now have online access to your 'cloud' storage and can integrate with your social networking sites like Facebook, etc.

This IS NOT about a BROWSER getting this feature, as IE was one of the first browsers to incorporate Smartscreen technology.

(In fact if many will remember it made Google angry at IE7 because it would identify the cross site tracking pixels and links that Google uses in their advertising which forced them to stop being as invasive as IE7 was blocking access to the Google Ads initially when it found the cross site tracking tricks.) PS Chrome won't flag Google Ad or Ad partner content as malicious or fake even if it is...

Isn't this included in IE since IE7. But it didn't seem to do anything. Most of the time saying something along the lines that it couldn't check the page because it can't connect to MS servers or something.
Anyway good to see it extended to WLM.

You are right, I have been on thepiratebay.org sometimes and the ads aren't very safe and sometimes it starts freezing IE8 for me but the Smartscreen halts the page and it says on some big red page that the website was unsafe. I can go back to thepiratebay.org when those certain ads aren't there, but it is nice to have something help me out when the entire browser stops responding.

This is a good feature for people to stay say around the internet because you never know you might just stumble on somthing bad or a virus.

TBH I find it a PITA. I'm also curious how effective things like this and UAC popups really are for the less technically inclined users they are aiming to protect as I imagine many of them will just immediately click continue anyway. Pretty much every link in MSN lately has had that second warning and at that frequency I imagine people will quickly become accustomed to just ignoring it completely.

Smigit said,
TBH I find it a PITA. I'm also curious how effective things like this and UAC popups really are for the less technically inclined users they are aiming to protect as I imagine many of them will just immediately click continue anyway. Pretty much every link in MSN lately has had that second warning and at that frequency I imagine people will quickly become accustomed to just ignoring it completely.

that smartscreen stuff from Firefox and now microsoft (I noticed that IE has a similar feature nowadays) is the only thing when i see it popping up, i dont even visit the site. or go in a Inprivate session to visit it. Think it'll mostly be the same for others if they know what it is. You wont get a warning screen on 'known' sites.

Shadowzz said,

that smartscreen stuff from Firefox and now microsoft (I noticed that IE has a similar feature nowadays) is the only thing when i see it popping up, i dont even visit the site. or go in a Inprivate session to visit it. Think it'll mostly be the same for others if they know what it is. You wont get a warning screen on 'known' sites.

Like most security features you will find in Firefox Today, Internet Explorer was the first to implement it.

Yes but their known site list currently in the beta seems narrow. Like I said, about 3/4 of the links I've had are getting that popup, ones for local stores or even some more major sites.

For it to be effective the list of 'known' sites has to be improved so they don't condition people to simply hit 'continue'.