Sophos Analyst Attacks Microsoft For Hyping IE9 Security

A Sophos security researcher has slammed Microsoft for painting a one-sided picture of the malware-blocking capabilities of its Internet Explorer 9 web browser.

In an interview with Computer World, Chet Wisniewski, a researcher at the UK based security firm Sophos, reacted to a blog post made by Microsoft about the SmartScreen technology in Internet Explorer 9.

The blog post claims that the SmartScreen Application Reputation feature prevents people from downloading malicious files. But as the Sophos researcher pointed out, 30 percent to 75 percent of the block files were legitimate ones.

"If that's true, will you continue to pay attention to the warning when it really matters? People may get sick of it, just like they did with [User Account Control] warning in Vista." the researcher said, referring to the number of false positives.

User Account Control was meant to give users greater information about what their systems were doing, but in practice it bogged down routine operations and was one of the main complaints about Microsoft Vista.

The researcher claimed that Microsoft failed to give the actual number of exploits that IE 9 was able to block and dismissed the blog post as a PR stunt.

"They're not comparing their numbers with actual exploits, so I feel like they're lying to me. No way do I ever get near a factual argument,” Wisniewski said.