A type of scam that uses social engineering
Scareware, also called alarmware or alarm software, is a proven scam. The principle: use emotional manipulation to make the user believe that their system is infected, then make them believe that to get out of this bad situation, they must pay, download other software (a real virus) or communicate personal information. Microsoft is experimenting with a new way to protect itself in Edge.
First of all, let's emphasize that the fight against this scareware is not new. A quick search carried out as part of this paper referred us to two articles in particular. The first, dated 2018, explains how "Windows Defender is now hunting down scareware". The second is even older, since it dates back to 2009. Its subject: an alert launched against the latter by… Microsoft.
Fifteen years later, the company is still experimenting with ways to repel this scareware. One of the ramparts put in place for several months is Microsoft Defender SmartScreen, a protection system against malicious sites that is based on a regularly updated index.
In order to more specifically target alarming software, Microsoft has injected Scareware blocker into Windows Insider. Presented in November at the Ignite conference, it "adds a new first line of defense to help protect users exposed to a scam if it tries to open a page in full screen", explains Microsoft.
In practice, Scareware blocker uses a machine learning model that runs locally on the computer. It compares the page displayed in full screen to thousands of examples of scams shared by the community. It is thus able to recognize the telltale signs of scareware. When it detects a fraudulent page, Scareware blocker alerts the user. The latter can still decide to access the web page if it considers that there is no risk. As reported above, Microsoft specifies that "the model runs locally, without saving or sending images to the cloud".
The power of AI, well supported by the community
Of course, the protection is not infallible. In addition, in order to improve its reliability, the Redmond firm invites the user who has been pertinently warned by the blocker to report the malicious site (via a classic reporting system) in order to protect others. Conversely, it urges them to report false alerts affecting healthy pages.
To experience this feature now, you must be a Windows Insider member. The feature is enabled in Edge settings (a browser restart will be required).
As IBM writes on its website, scareware uses "fear to push people to download malware, spend money or transmit personal data". A priori rather comfortable with a PC and therefore not inclined to experience great panic in such situations, Insiders probably do not represent the population targeted by Scareware blocker. But as you will have understood, the objective here is to refine the protection before a general deployment.
Source: Microsoft
0 Comments