Dean Hachamovitch at IE Team had a whew experience when he received an email from his friend with a suspicious link in it last week at PDC. He clicked and opened the link in IE 8 because 1) he trusts his friend; and 2) the link didn’t look very suspicious to him. Guess what he got.
What really saved him from being attacked by this malware site is the new feature introduced in IE8 called SmartScreen Filter. And this is a good story that actually happened in real on how technique like this can really save your day.
IE 7 introduced the Phishing Filter, a dynamic security feature designed to warn users when they attempts to visit known-phishing sites. IE 8 made this approach a bit further and developed the SmartScreen Filter, a replacement of Phishing Filter that improves in a number of ways:
- Improved user interface
- Faster performance
- New heuristics & enhanced telemetry
- Anti-Malware support
- Improved Group Policy support
These really helped improve IE8’s security to another level and gives users more confident using the browser that is safe and reliable when surfing the wild land.
The IE8 SmartScreen Filter is designed to combat both phishing and malware sites while protecting your privacy and enabling high-performance browsing. The setting is set to ON by default but I suggest you to double check to make sure it stays on. It may save your day next time.
You can find the setting under Advance tab in Internet Option. It’s in Security category and almost near the bottom.
PS. I tried the phishing link on IE8 on my Windows 7, and it appears the same.
PPS. I also tried it on both Firefox 3.5.5 and Google Chrome 3.0. Both browsers detected this phishing attack and reported the similar result. So if you are using either of these browsers, make sure to use the latest versions with latest patches installed.