Microsoft is rolling out a new tool dubbed “scareware blocker,” which uses machine learning and computer vision to identify a very pervasive type of online scam.
“Scareware” has blighted the web almost since its inception, often in the form of fake antivirus software that claims to have detected a non-existent threat on a user’s machine. They then either trick the user into installing a malicious program, or paying for software they don’t need.
Just last year, two tech support firms were forced to pay $26 million as part of a settlement with the U.S. Federal Trade Commission (FTC), which had accused the companies of deceptive marketing practices, including using fake Windows pop-ups, to scam consumers.
“These companies used scare tactics and lies about threats to consumers’ personal computers to bilk consumers, particularly older consumers, out of tens of millions of dollars,” Samuel Levine, director of the FTC’s Bureau of Consumer Protection, said in a statement at the time.
Microsoft already offers some tools to block scammy websites that have been detected and reported elsewhere, but the new feature is all about blocking previously unknown scam tools when they attempt to open a full-screen page.
Microsoft first teased the blocker at its Ignite conference in November, but now it’s calling on users to help test the feature through a preview program in its Edge browser.
Setting up
Scareware blocker requires the user to activate the feature through the “Privacy, search, and services” setting in Edge.
This adds an additional level of security to what exists within the likes of Microsoft Defender SmartScreen, which already looks for suspicious activity on web pages. Scareware blocker specifically intervenes if a scam tool attempts to open a full-screen page, a tactic that can make it more difficult both to identify a scam and circumvent it — for example, a user might not know to hit the “Esc” key to exit full-screen mode.
Microsoft said it used thousands of real-world sample scams to train the machine learning model that underpins scareware blocker. It then uses computer vision to compare these samples with new scams it encounters in real-time.
If the tool suspects potential scareware, it will exit full-screen mode, stop any audio playback (e.g. an alarm or voice) that might accompany the scam, and give the user the option to continue to the page or close it completely.
Privacy
The fact that Microsoft is using computer vision to analyze users’ screens might raise concerns. There are some parallels with Microsoft’s controversial AI-powered Recall feature, which takes snapshots of users’ screens to create a searchable history of everything they’ve done on the computer.
However, with scareware blocker, Microsoft maintains that the machine learning model runs locally on the user’s machine, and nothing is saved or sent to the cloud.
To improve the model and broader Defender SmartScreen software, Microsoft is also soliciting feedback from early adopters, presenting them an option to share a screenshot of the scam with Microsoft. Users can also report scenarios where scareware blocker makes a mistake and blocks a genuine website.
