The SmartScreen Filter in Internet Explorer will be updated in June to protect you against online advertising that might harm your computer. It’s a long overdue step to provide basic protection that really should have been covered years ago by your antivirus program.
The scum writing misleading “advertisements” have become more brazen, putting up outright lies to fool you into installing their crap. As long as they meet minimal standards (more or less, they promise not to sell your credit card number to the Russian mafia), their “ads” are not technically malware and your security software ignores it. There are details here about the differences between adware and malware.
It feels like we’re under siege. The screen shots above are typical of things you might see pop up on screen as you surf around. Sometimes it’s hard to tell whether they’re generated by the website you tried to visit, or through an ad injected into that website by some ad network. All of them have two things in common: (1) everything they say is a lie; and (2) if you click on a button, you may unknowingly install programs that hopelessly muck up your computer.
When you’re browsing the web with Internet Explorer, it runs all websites through Smartscreen Filter, which warns you if you click on a link to a phishing website or a website that might attempt to install a virus or other malware. Google Chrome calls its similar feature “Safe Browsing.” Until now, none of the browsers or security programs have provided any protection against dangerous advertisements.
Starting June 1, Internet Explorer will block misleading advertisements with a full-window warning. It will look something like this image.
Microsoft will be trying to walk a fine line. Lots of companies put ads on the Internet. It’s what Google does for a living. Microsoft and Apple invest millions of dollars in online advertising. Every big company puts ads on websites. It’s not easy to decide which ads are acceptable and which ads are not worthy and should be blocked. Some of the worst offenders are large companies with executives that wear suits and drive expensive cars. (Conduit is a billion dollar company with 400 employees that distributes useless toolbars and mucks up browser settings by the hundreds of millions. Download.com, part of CNET, a division of CBS, has a “pure evil” process designed explicitly to fool you into putting adware on your computer.)
Microsoft has listed the criteria that it will use for blocking adware.
Advertisements: The advertisement should not mislead you into visiting another site or downloading files.
Advertisements shown to a user:
- Must not mislead or deceive, or confuse with the intent to mislead or deceive
- Must be distinguishable from website content
- Must not contain malicious code
- Must not invoke a file download
We don’t know if that will be sufficient to block Conduit and Download.com and companies like them, but at least it will knock out the worst of the small fry.
If Microsoft takes the lead, perhaps other companies will follow. It would help our online security if we could count on the same protection from Chrome, Firefox, and our security programs.
Until this is available, remember one of the Rules For Computer Safety: If a web site brings something up on your screen that might be malware, turn your computer off with the power button. Get your hands off the mouse and do not click on “OK,” “Cancel,” or the X in the upper right corner! Anything that you click might lower the defenses on the computer and install malware.