Microsoft’s integration of its App Rep security technology inside Windows 8 offers users of the platform an effective defence against socially-engineered malware (SEM) that offsets its potentially intrusive behaviour, an analysis from analyst NSS Labs has argued.
First added to Internet Explorer 9 in 2011, App Rep (originally known as ‘SmartScreen Application Reputation’) is designed to block malicious downloads, regardless of whether the user has agreed to the action or not using User Account Control (UAC). If a downloaded application is unknown or lacks a valid certificate, it will be stopped in its tracks.
A similar technology is used in IE10, Google Chrome, McAfee’s SiteAdvisor and AVG LinkScanner although it is absent in Mozilla’s Firefox and Apple’s Safari which is presumably what gave Microsoft the idea of adding App Rep as a layer inside Windows 8 and 8.1; all users of the OS would feel the benefit even if their browser lacked such protection.
After reviewing a series of tests it conducted between 2009 and 2013, NSS Labs concludes that App Rep and the general field of Content Agnostic Malware Protection (CAMP) it represents should be viewed as successful enough to justify its addition to Windows 8.
The analysis does point out some downsides, including the tendency to occasionally block legitimate apps from smaller but unknown software firms as well as the fact that App Rep allows Microsoft to record the name of every downloaded file as well as the IP address it was pulled from.
“There are concerns over the implications for privacy, particularly if a government agency is able to subpoena the database of information,” said NSS Labs research director, Randy Abrams. “While consumers and enterprises should be aware of App Rep’s reporting mechanism, the risk of privacy violations is minimal,” he added.
Users also needed to understand that App Rep couldn’t defend against more serious attacks using software exploits nor malicious browser add-ons, he said.
A larger question is whether is whether the addition of App Rep helps or hinders the uptake of Windows 8 by businesses. In this market, the possibility of false positives (i.e. blocking legitimate downloads) potentially adds expense as well as inconvenience.
Abrams’ view is that Microsoft’s adding of security to the OS rather than as separate elements is a positive development.
“Given the security improvements of Windows 8, enterprise customers should consider it during their next refresh cycle,” he said.
NSS Labs has previously given App Rep the thumbs up, finding its implementation in IE10 superior in some respects to the reputation engines built into Chrome and Firefox.