As many of you may have noticed, Microsoft has introduced a new feature to Windows Live Messenger. SmartScreen is a handy bit of code that either allows a user to directly access a whitelisted site, redirects the user to specific interstitial pages, or systematically denies direct access; all based on the content of a posted link.
Typically, a WLM contact list is populated by the user's friends or close personal contacts. Increasingly, "block-checker" and other services have been harvesting usernames and passwords for reuse as link-spam bots that typically message individuals on the affected user's contact list. Since a typical layer of trust is implied with previously permitted contacts, malcious redirection and malware installing links have become prevalent, as many users can attest. SmartScreen provides a barrier between these (and all) links that might be accessed by the user.
Sites that are known to harbour malicious code and/or phishing pages are automatically flagged with a block page.
This page acts much like Google's malware/phishing system; by forcing users to directly copy and paste the link (along with providing a warning), users are more informed of the potential risks, including the specific warning that the aforementioned site has been known to be malicious in nature.
Sites that have high-traffic and are known NOT to contain such malicious material are indexed by SmartScreen. Users are able to directly access these sites with no impediment. Low-traffic or cases of minor abuse are prefixed with an informational page that allows the user to continue but also reminds the individual NOT to enter their Live password if so prompted.
Even as power users, we all know how a cleverly worded "Hey LOOK AT THIS PIC + link" can sometimes be enticing. To a normal user, the invitation can be quite desirable. With SmartScreen, Microsoft has added an extra layer of protection for the "average-Joe" and provided that extra half-second to remind a power-user that what they are doing might be costly. Through a clean implementation not only in Messenger but across Windows Live Wave 4, Microsoft has taken a proactive stance to the most common social-engineering threat.
14 Comments - Add comment