Windows 8 SmartScreen filter reporting back to Microsoft

Martin Brinkmann
Aug 24, 2012
Updated • Aug 27, 2012
Microsoft, Security, Windows 8

The SmartScreen Filter is a new technology in the Windows 8 operating system that is protecting users from installing unsigned applications, malicious programs or click on links that lead to known phishing websites. This works with hash values that the program creates on the local system. These hashes are then send to Microsoft where they are checked against a database before a result is returned to the local PC.

Earlier today Nadim Kobeissi revealed that Microsoft's SmartScreen Filter was informing Microsoft about every software installation on the system. The issues that he identified with the process are listed below:

  • Microsoft will be informed about every program that you download and install on Windows 8
  • Communication between the local PC and the Microsoft server may be intercepted so that attackers may get hold of the information

The first point he makes should be obvious as the product is designed this way. The local PC communicates with the server to retrieve the information needed to either display the warning message on the screen or not. While Microsoft could record the hashes and assign IP addresses to them, there is no proof that Microsoft does that.

The second point is only true if the communication uses an insecure protocol. Nadim found the web server to  support insecure SSLv2 connections, but did not provide proof that SmartScreen Filter was using SSLv2 when communicating with the server.

Lastly, he pointed out that users were not given an option about SmartScreen Filter in first place. While that is true for users who select the Express Setup option during installation, it is not true for users who select Customize here. Under Settings, there is an option to turn SmartFillter off for Internet Explorer or Windows apps and files.

turn off smartscreen filter

Do not get me wrong. Some of the points that he is making need some explaining from Microsoft so that you and I understand exactly how data is transferred and if data is stored by Microsoft. For now, it is a too sensationalist and without proof that this is really a privacy issue.

If you do not want to take any risks, disable SmartScreen Filter to stay on the safe side.

Update: Microsoft responded to the claims and confirmed that the insecure protocol is not used to transfer the data. The company furthermore noted that it does not use the data to identify, contact or target advertising to its users, and that the data is not shared with third parties.


Tutorials & Tips

Previous Post: «
Next Post: «


  1. lookmann said on August 27, 2012 at 6:38 am

    latest news: MS has issued a clumsy, unconvincing reply to this

  2. jimmyjamesjimmy said on August 25, 2012 at 12:30 pm

    win8 is starting to look like a disaster if you’re a desktop user.

    1. kalmly said on August 25, 2012 at 2:24 pm

      No. I has looked like a disaster from the beginning.

  3. FREEEEMAN said on August 25, 2012 at 3:03 am

    I hope it doesn t surprise anyone…

    It’s gonna get worst and worst this way.

    Do you thought that the “big brother” age was a myth, a legend, a “conspiracy theory” or a thing of a far future ?

    It’s happening right here, everyday, before your eyes…

    And just think when even your entire Os will be “clouded”…

    1. ilev said on August 25, 2012 at 10:55 am

      Now that DOJ’s restrictions on Microsoft ended, Microsoft is free to go back to its previous dubious ways.

  4. Richard Steven Hack said on August 25, 2012 at 1:44 am

    According to updates on his original post, Microsoft appears to have switched the protocol to SSLv3 as a result of his post.

    Also it appears that not only hashes, but file names are reported.

    I don’t care what this “SmartScreen Filter” is supposed to do, it should not be on by default and the end user should be informed about it in advance. We do not know what Microsoft does with this information and that, too, should be clearly stated in advance.

  5. SCBright said on August 25, 2012 at 1:37 am

    I’m not a Microsoft employee to be constantly watched. Windows 8 all the time keeps you connected to Microsoft, why should I share my life with them?

    I’ll stick with my Windows 7 as far as possible and I have two machines running Ubuntu. In the future … bye, bye Windows …

  6. anony said on August 24, 2012 at 3:32 pm

    Walled Gardenâ„¢

    1. Jim said on August 24, 2012 at 4:40 pm

      We can expect them to remove the ability to turn this off in SP1. This is one way to prevent piracy…stop us from installing software unless we get it from them. Linux could get a much bigger boost than we think.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.