Microsoft SmartScreen, integrated with Microsoft Edge, Internet Explorer web browsers, and the Windows operating system, has helped protect users from socially engineered attacks such as phishing and malware downloads since its initial release in Internet Explorer 7. With URL reputation checks and Application Reputation protection, SmartScreen has protected users from billions of web-based attacks in the last 8 years

With the latest Windows 10 updates, Microsoft has extended SmartScreen to include protection from drive-by attacks in Microsoft Edge and Internet Explorer 11.

Drive-by attacks are malicious web attacks that tend to start on trusted websites, targeting security vulnerabilities in commonly used software. What’s more, they often don’t require any user interaction – so there’s nothing to click, nothing to download – and infection is usually invisible.

Drive-by attacks make use of services known as exploit kits (EKs) to scale effectively. These are tools that first check your PC for software vulnerabilities (tracked publicly as CVEs) and then try to exploit them. The vulnerabilities can be either newly discovered ones – also known as 0-days – or ones that have already been fixed in popular software.

Microsoft has cultivated a broad set of data from sources like Microsoft Edge, Internet Explorer, Bing, Defender and the Enhanced Mitigation Experience Toolkit (EMET) to be able to see these attacks as they emerge, and to turn this information into the intelligence that powers SmartScreen drive-by protection in the browser.

This cross-company data intelligence effort brings together information not just about the browsing experience or web infrastructure, but also about behavioral telemetry from across the Windows operating system. This can help us to detect potential attacks in progress and detect emerging threats.

Unlike existing SmartScreen protection from socially engineered attacks, drive-by attacks need to be detected and prevented before any web content is parsed and rendered. To avoid impacting browsing performance, SmartScreen helps protect against drive-by attacks by using a small cache file created by the SmartScreen service. This cache file is periodically updated by your browser to help keep you protected and to ensure that calls to the SmartScreen service are only made if we believe there’s a high probability of malicious content on a page.

If SmartScreen determines that a website is potentially malicious, you’ll see a red warning and the content won’t render in either Microsoft Edge or Internet Explorer 11 on Windows 10.

SmartScreen also has the ability to warn you about potentially malicious frames, such as unsafe ads. In the past, unsafe frames on a page would result in a full-page warning, even if the webpage hosting the content was safe. Now, SmartScreen can show you warnings for only the frames that are found to be malicious, letting you continue to interact with the rest of the page.