Windows 8 SmartScreen filter reporting back to Microsoft
The SmartScreen Filter is a new technology in the Windows 8 operating system that is protecting users from installing unsigned applications, malicious programs or click on links that lead to known phishing websites. This works with hash values that the program creates on the local system. These hashes are then send to Microsoft where they are checked against a database before a result is returned to the local PC.
Earlier today Nadim Kobeissi revealed that Microsoft's SmartScreen Filter was informing Microsoft about every software installation on the system. The issues that he identified with the process are listed below:
- Microsoft will be informed about every program that you download and install on Windows 8
- Communication between the local PC and the Microsoft server may be intercepted so that attackers may get hold of the information
The first point he makes should be obvious as the product is designed this way. The local PC communicates with the server to retrieve the information needed to either display the warning message on the screen or not. While Microsoft could record the hashes and assign IP addresses to them, there is no proof that Microsoft does that.
The second point is only true if the communication uses an insecure protocol. Nadim found the web server toÂ support insecure SSLv2 connections, but did not provide proof that SmartScreen Filter was using SSLv2 when communicating with the server.
Lastly, he pointed out that users were not given an option about SmartScreen Filter in first place. While that is true for users who select the Express Setup option during installation, it is not true for users who select Customize here. Under Settings, there is an option to turn SmartFillter off for Internet Explorer or Windows apps and files.
Do not get me wrong. Some of the points that he is making need some explaining from Microsoft so that you and I understand exactly how data is transferred and if data is stored by Microsoft. For now, it is a too sensationalist and without proof that this is really a privacy issue.
If you do not want to take any risks, disable SmartScreen Filter to stay on the safe side.
Update: Microsoft responded to the claims and confirmed that the insecure protocol is not used to transfer the data. The company furthermore noted that it does not use the data to identify, contact or target advertising to its users, and that the data is not shared with third parties.Advertisement
We can expect them to remove the ability to turn this off in SP1. This is one way to prevent piracy…stop us from installing software unless we get it from them. Linux could get a much bigger boost than we think.
I’m not a Microsoft employee to be constantly watched. Windows 8 all the time keeps you connected to Microsoft, why should I share my life with them?
I’ll stick with my Windows 7 as far as possible and I have two machines running Ubuntu. In the future … bye, bye Windows …
According to updates on his original post, Microsoft appears to have switched the protocol to SSLv3 as a result of his post.
Also it appears that not only hashes, but file names are reported.
I don’t care what this “SmartScreen Filter” is supposed to do, it should not be on by default and the end user should be informed about it in advance. We do not know what Microsoft does with this information and that, too, should be clearly stated in advance.
I hope it doesn t surprise anyone…
It’s gonna get worst and worst this way.
Do you thought that the “big brother” age was a myth, a legend, a “conspiracy theory” or a thing of a far future ?
It’s happening right here, everyday, before your eyes…
And just think when even your entire Os will be “clouded”…
Now that DOJ’s restrictions on Microsoft ended, Microsoft is free to go back to its previous dubious ways.
win8 is starting to look like a disaster if you’re a desktop user.
No. I has looked like a disaster from the beginning.
latest news: MS has issued a clumsy, unconvincing reply to this