Wave 4: SmartScreen for URLs

Those of you who are trying out the new Windows Live Essentials Beta, probably already came across some of these:
But what are those? Never saw those before (no difference whether you use Internet Explorer or not)! What happened? It’s a new user safety feature in Wave 4: SmartScreen for URLs.

Every time you click an URL from within Messenger or on any of the Windows Live websites, such as Profile and Photos, the web request is first examined by this SmartScreen service (redirection via rdir.us). The service checks the reputation of the link prior to navigation with three potential outcomes:

1. Direct Navigation (Redirection)
If the website has a positive reputation, and you aren’t watching the link in the address bar, you won’t notice the difference. You’ll get to the site “directly.”

2. Block
But what if the site has a bad reputation? For example, one that hosts a malware or a phishing scam? Then you’ll get this red one:

Fair enough, you’ve been warned! Do not enter (don’t see how with that block in place anyway).

3. Informational
How about neither, just some not widely known low traffic website? Then you get the first one I showed you, the Protect your password warning. This one is also shown if the site has had a history of abuse. Continue at your own discretion.

Now this feature may seem like a good idea, but is it really? For the novice it could be, as they get warned when trying to enter a malicious site. Providing this site has been reported! Beware of fake sense of safety, a site may have not been reported yet! Every bit helps?

And then the informational warnings, you will come across those mostly. Those who know how to recognize a malicious link will only find these annoying, after all it does prevent you from going to that site quickly. First it takes time to scan the site, so you wait for that SmartScreen warning to show up. Then, once it does, you have to click Continue before you finally get to the site you want. What a waste of time, no? Can’t the feature be disabled by the user then? No it can’t! No option anywhere, and if you disable the SmartScreen Filter in IE it still does the SmartScreen for URLs bit (in fact it does it in any browser, so no escaping there either). And what happens with the URLs during the redirect? Are they only scanned, or are they kept? The team says they will study the data and learn from it. What will happen if the redirect/SmartScreen service is off (or worse hacked)? Even though John Scarrow did his best to write up a post explaining this new feature, it still leaves some questions unanswered.

What do you think about this new safety feature? Good/bad? Suggestions for improvement (I’d say make it optional)? Leave them in the comments below.