These days, most “hacks” are more about an attacker’s ability to exploit your download habits, as opposed to exploiting holes in your firewall. In a review of Internet Explorer’s feedback reports, Microsoft found that 1 in every 14 programs downloaded are in some way malicious. The software giant also warned that more often than not, it’s the hacker’s mind-games that cause a malware attack rather than the software’s own vulnerabilities.
“Social-engineering attacks, like tricking a user into running a malicious program, are far more common than attacks on security vulnerabilities, “said Jeb Haber, program manager for Microsoft SmartScreen in a blog post. Since the release of Internet Explorer 8 in March of 2009, SmartScreen technology has prevented over 1.5 million malware attacks.
Haber added that the problem of user-downloaded malware is a “huge” one, and “getting bigger.” The most recent version of Internet Explorer, IE9, double-checks the reputation of each site visited and notifies the user if they happen to be hanging out in questionable/unknown territories.
“Most people would be cautious about buying something online from a complete stranger,” Haber said. “Using reputation software helps protect users from newly released malware programs – pretending to be legitimate software programs – that are not yet detected by existing defense mechanisms,” he said.