I must confess when Firefox 2.0 was made publicly available I had to move from Internet Explorer 6, since it´s features were very outdated and had no tabbed browsing. Since then, Internet Explorer team got a “wake up call” and started to add new features, improve functionalities and adopt web standards.
I don´t want to talk about all through Internet Explorer history here. I do want to highlight a particular great security feature introduced by IE Team: SmartScreen Filter (formerly Phishing Filter on Internet Explorer 7).
SmartScreen Filter has been first introduced on Internet Explorer 7, named as Phishing Filter. Then Microsoft has released IE 8 and greatly improved SmartScreen technology. This improvement was compared to other market solutions. The results can be seen in the below graphic:
Figure 1 – Internet Explorer 8 vs. Other browsers
Almost two years later Microsoft Released To Web a new version of Internet Explorer, the version 9.0. This version came with many others security features and even better SmartScreen rates accordingly to NSS Labs research.
Figure 2 – Internet Explorer 9 vs. Other browsers
The whole reason I´m talking about it is because the other day a member of www.isaserver.org message boards came up with a question on how to block a certain malicious URL. He was worried about the fact that some user could be tricked to access it and get infected.
The way he wanted to block was not supported by ISA firewall syntax to block Domains and URLs.
Now what!? The war is over and the bad guys won this round? I say, no way!!!
Event though his first recommendations was to not try to access the malicious URL I started a test machine using latest Microsoft Operating System and browser software fully updated. As soon as I try to access the malicious URL the Internet Explorer 9 has returned the follow screen to me:
Figure 3 – Internet Explorer 9 SmartScreen in action
How cool is that!!??
For the matter of fact I also submitted the URL to Virus Total website for analysis on a different variety of web filters:
Figure 4 – Screenshot from VirusTotal website
As you can see only 3 of 16 web filters identified the URL as malicious. How do you think NSS Labs tests are accurate now?
Internet Explorer SmartScreen filter has done its job. How about Microsoft firewall technology? Can it block the malicious URL?? What´s the problem with that?
The truth is that none of ISA firewalls versions have a built-in URL Filtering functionality (it can be installed as an add-on though). On the other hand, the most recent version of Microsoft firewall (Forefront Threat Management Gateway (TMG) 2010) has URL Filtering out-of-the-box!
Forefront TMG 2010 leverages Microsoft Reputation Services (MRS) to query URLs categories.
Since I´m evaluating TMG 2010 at the company I work I decided to test it. At TMG 2010 GUI you can query a URL to check what category it belongs to.
Figure 5 – TMG 2010 GUI query
You can see this URL is categorized as Malicious and Spam URLs. We can assume from now that TMG will successfully block the URL, if a deny rule is blocking these categories, when an user try to access it, right?
That´s right! However, since I´m testing TMG 2010 I do not assume anything, I want to be certain! This is the result when I am trying to access this URL from a machine behind TMG 2010:
Figure 6 – TMG 2010 block page
As expected TMG 2010 successfully blocked the page!
Oh! To make it clear I returned to use Internet Explorer when the version 8 was launched and still using IE since then!
The bottom line is that Microsoft has been heavily investing in security in the past years. No matter if you are a home user or a corporate user, your back it is being covered.