Windows 8 SmartScreen filter reporting back to Microsoft
The SmartScreen Filter is a new technology in the Windows 8 operating system that is protecting users from installing unsigned applications, malicious programs or click on links that lead to known phishing websites. This works with hash values that the program creates on the local system. These hashes are then send to Microsoft where they are checked against a database before a result is returned to the local PC.
Earlier today Nadim Kobeissi revealed that Microsoft's SmartScreen Filter was informing Microsoft about every software installation on the system. The issues that he identified with the process are listed below:
- Microsoft will be informed about every program that you download and install on Windows 8
- Communication between the local PC and the Microsoft server may be intercepted so that attackers may get hold of the information
The first point he makes should be obvious as the product is designed this way. The local PC communicates with the server to retrieve the information needed to either display the warning message on the screen or not. While Microsoft could record the hashes and assign IP addresses to them, there is no proof that Microsoft does that.
The second point is only true if the communication uses an insecure protocol. Nadim found the web server toÂ support insecure SSLv2 connections, but did not provide proof that SmartScreen Filter was using SSLv2 when communicating with the server.
Lastly, he pointed out that users were not given an option about SmartScreen Filter in first place. While that is true for users who select the Express Setup option during installation, it is not true for users who select Customize here. Under Settings, there is an option to turn SmartFillter off for Internet Explorer or Windows apps and files.
Do not get me wrong. Some of the points that he is making need some explaining from Microsoft so that you and I understand exactly how data is transferred and if data is stored by Microsoft. For now, it is a too sensationalist and without proof that this is really a privacy issue.
If you do not want to take any risks, disable SmartScreen Filter to stay on the safe side.
Update: Microsoft responded to the claims and confirmed that the insecure protocol is not used to transfer the data. The company furthermore noted that it does not use the data to identify, contact or target advertising to its users, and that the data is not shared with third parties.Advertisement