A new Windows 10 update should protect Microsoft Edge and Internet Explorer 11 users against so called drive-by attacks. Drive-by attacks, also known as drive-by-downloads, abuse vulnerabilities in browsers and browser plugins to automatically install malware on computers. Visiting a hacked or malicious website can be sufficient for a system to become infected. Also advertisements serving malicious code can be a source of infection.
Most drive-by attacks abuse known vulnerabilities for which patches have been released already. Therefore they can't infect users that have installed the latest updates. Unfortunately not everyone updates in time and the timeframe between the release of updates and exploits is getting shorter. Even worse, the number of zero-day attacks, where attackers abuse an unpatched vulnerability, has increased.
"Given this trend, users have less time to update to a secure state and can no longer rely on staying patched as a reliable EK (exploit kit, red.) defense", Microsoft writes. To protect users against these kind of attacks the company has released an evolved version of its SmartScreen technology. This is the filter used by Internet Explorer and Edge to detect malicious website and to block access to them.
"Drive-by attacks need to be detected and prevented before any web content is parsed and rendered", Microsoft explains. This means that the browsers would need to execute some code before the page is loaded, potentially making the browser experience slowing. However the company has found a way to make sure the performance remains on par.
"To avoid impacting browsing performance, SmartScreen helps protect against drive-by attacks by using a small cache file created by the SmartScreen service", Microsoft writes. "This cache file is periodically updated by your browser to help keep you protected and to ensure that calls to the SmartScreen service are only made if we believe there’s a high probability of malicious content on a page."
When the new SmartScreen technology detects a potentially malicious website it will show a red warning and the content won’t render in either Microsoft Edge or Internet Explorer 11 on Windows 10.
