SmartScreen Filter the Next UAC 2.0?
Now that most of us have stopped whining about the User Account Control screen Microsoft is trying to build a better program trap. Their newest plan is to expand a tool called SmartScreen Filter. I’ve discovered both the good and bad with the plan.
Last month I investigated the need to have a code signing certificate for programs distributed by download. This added expense for developers can range from $100 to $500 depending on the company providing the security review and certificate.
June 5th: Software Code Signing Certificates. Do you care?
My ultimate decision was to continue purchasing a certificate because it was respectful to folks upgrading to our new WinPatrol and set a good example to anyone new to downloading WinPatrol. I also discovered if an application isn’t signed it’s nearly impossible to download using Internet Explorer with its SmartScreen Filter enabled. While this is currently a feature of Internet Explorer expect to find SmartScreen Filter integrated into Windows 8.
Currently, when you try to download a new program which isn’t signed using Internet Explorer you’ll most likely see the following warning…
As I wrote about previously, even if you click “Actions”, Microsoft discourages you from downloading the file and essentially hides the sequence needed to continue your download.
When I released WinPatrol v25 signed with my brand new certificate I was in for a shock from "SmartScreen Filter". While the message for my signed app was now yellow it still implied that WinPatrol was most likely a dangerous choice.
I received dozens of Emails from long time WinPatrol users most thinking that Microsoft was reporting a false positive. It turns out that SmartScreen Filter doesn’t 100% trust a code signing certificate. Based on recent events, they shouldn’t.
SmartScreen Filter is about trust and “Reputation”
SmartScreen Filter is best known as a tool to detect phishing websites based on their reputation. As you now know it also controls the files you download based on their reputation.
On the first night when WinPatrol v25 was released SmartScreen Filter put up what I’d call a level one warning. The screen says “this program is not commonly downloaded” but most developers might argue it will never get downloaded with warnings this scary.
The only way to continue downloading was to click “More Options”. By the next day WinPatrol had accumulated enough downloads that its reputation improved enough to receive what I call “SmartScreen Filter” level two warning screen. When folks clicked on the “Action” button they’d still see a scary screen but downloading was a little easier.
While Internet Explorer continued to warn that WinPatrol could be harmful at least allow folks were able to “Run anyway”. As a developer who just purchased a brand new code signing certificate I was still annoyed that Microsoft was recommending “Don’t run this program”.
After two days of scary warnings the WinPatrol setup program had finally become ScreenSmart worthy. When launching our setup program everyone now receives normal installation screens starting with the traditional User Account Control screen. Like SmartScreen Filter the UAC is designed to warn users before running apps that might be dangerous.
User Account Control
Even for signed applications the UAC protection has no white list. It has no way for a program to build its reputation. It currently doesn’t connect to the internet to collect or verify information on the program you’re about to run. Essentially, UAC is an extra step users must agree to before running a program which has special rights or permissions. It hasn’t really changed much since its introduction.
On the other hand, while I’d like to see the scary messages rewritten, SmartScreen does provide an advantage over User Account Control. It has great potential for growth and improvement. The SmartScreen Filter connects to the Internet and evaluates a file before it’s allowed to run. Instead of being a tool to detect phishing sites, Windows 8 users will become familiar with SmartScreen Filter anytime they want to run a file downloaded from the internet.
When you hear Microsoft promoting Windows 8 as more secure, this will be one of the reasons. It provides a serious security layer that many users will like, especially if they have kids. Others won’t like it and have already written articles on how to disable it. Beta versions of Windows 8 includes two SmartScreen options under the Folder Options dialog. If done properly I can imagine some users reducing their UAC setting in favor of SmartScreen Filter.
I’m told next year when I renew my certificate I’ll need to rebuild my reputation again. That means when I make an update available using a new code signing certificate we’ll spend another couple days scaring users. I haven’t talked to other developers to find out if two days is normal for legitimate signed application. I’m also curious if determining a reputation will change for applications downloaded from the Microsoft Store for Windows 8.
The only true failure occurred when I clicked on the “What’s SmartScreen Filter?” link. Something like SmartScreen Filter really needs a help screen instead of the following results which I can only guess is an error that can easily be fixed.
I’d also hope that SmartScreen Filter provides a special category for programs which install a 2nd unrelated application. Just this morning I was approached by yet another toolbar company offering me big bucks to install their toolbar as part of our WinPatrol setup. In my opinion, these programs do cause harm and should never receive a good reputation.
Either way, I’m sure you’ll hear more about this topic. I’m curious about SmartScreen and will pass along more information as I discover it.
SmartScreen Filter: Frequently Asked Questions
Microsoft Security Advisory:
Unauthorized Digital Certificates Could Allow Spoofing