Microsoft turns on reputation check for IE9

Microsoft has activated a feature in its forthcoming Internet Explorer 9 browser that will eliminate security warnings when Internet surfers download "reputable" software, but the feature could potentially trigger malicious software warnings on legitimate products developed by smaller organisations or the open source community.

In a blog post, Microsoft program manager Ryan Colvin said that the SmartScreen application reputation feature was designed to "reduce the number of generic, unhelpful warnings consumers see when downloading programs".

Programs that are identified by Microsoft as reputable won't generate any warning before the user downloads them, but programs which are not commonly used will continue to trigger an on-screen message.

Currently, IE generates warnings for virtually any kind of download, which often results in users ignoring them. Colvin predicted that with the new arrangement, most users would not see a warning about potential malware more than three times a year, potentially improving their effectiveness. The application reputation option builds on a similarly-branded feature added to IE8 to identify potentially malicious sites.

While popular applications (such as IE's rival browsers Firefox and Chrome) won't trigger the warnings, SmartScreen could represent a potential headache for smaller independent software developers and open source projects, especially if they are not signed up to Microsoft's formal developer programs.

In the post, Colvin notes that applications which are digitally signed via Authenticode and which feature the Windows Logo will have a better reputation.

While Windows 7 Logo certification itself is free, certificates to sign applications cost $US99. As a result, some smaller development projects oft ignore those steps.

Internet Explorer 9 is currently in beta testing. Microsoft has not set a final release date.