Windows 8 SmartScreen filter reporting back to Microsoft - gHacks Tech News

Windows 8 SmartScreen filter reporting back to Microsoft

The SmartScreen Filter is a new technology in the Windows 8 operating system that is protecting users from installing unsigned applications, malicious programs or click on links that lead to known phishing websites. This works with hash values that the program creates on the local system. These hashes are then send to Microsoft where they are checked against a database before a result is returned to the local PC.

Earlier today Nadim Kobeissi revealed that Microsoft's SmartScreen Filter was informing Microsoft about every software installation on the system. The issues that he identified with the process are listed below:

  • Microsoft will be informed about every program that you download and install on Windows 8
  • Communication between the local PC and the Microsoft server may be intercepted so that attackers may get hold of the information

The first point he makes should be obvious as the product is designed this way. The local PC communicates with the server to retrieve the information needed to either display the warning message on the screen or not. While Microsoft could record the hashes and assign IP addresses to them, there is no proof that Microsoft does that.

The second point is only true if the communication uses an insecure protocol. Nadim found the web server to  support insecure SSLv2 connections, but did not provide proof that SmartScreen Filter was using SSLv2 when communicating with the server.

Lastly, he pointed out that users were not given an option about SmartScreen Filter in first place. While that is true for users who select the Express Setup option during installation, it is not true for users who select Customize here. Under Settings, there is an option to turn SmartFillter off for Internet Explorer or Windows apps and files.

turn off smartscreen filter

Do not get me wrong. Some of the points that he is making need some explaining from Microsoft so that you and I understand exactly how data is transferred and if data is stored by Microsoft. For now, it is a too sensationalist and without proof that this is really a privacy issue.

If you do not want to take any risks, disable SmartScreen Filter to stay on the safe side.

Update: Microsoft responded to the claims and confirmed that the insecure protocol is not used to transfer the data. The company furthermore noted that it does not use the data to identify, contact or target advertising to its users, and that the data is not shared with third parties.





  • We need your help

    Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

    We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.

    If you like our content, and would like to help, please consider making a contribution:

    Comments

    1. anony said on August 24, 2012 at 3:32 pm
      Reply

      Walled Garden™

      1. Jim said on August 24, 2012 at 4:40 pm
        Reply

        We can expect them to remove the ability to turn this off in SP1. This is one way to prevent piracy…stop us from installing software unless we get it from them. Linux could get a much bigger boost than we think.

    2. SCBright said on August 25, 2012 at 1:37 am
      Reply

      I’m not a Microsoft employee to be constantly watched. Windows 8 all the time keeps you connected to Microsoft, why should I share my life with them?

      I’ll stick with my Windows 7 as far as possible and I have two machines running Ubuntu. In the future … bye, bye Windows …

    3. Richard Steven Hack said on August 25, 2012 at 1:44 am
      Reply

      According to updates on his original post, Microsoft appears to have switched the protocol to SSLv3 as a result of his post.

      Also it appears that not only hashes, but file names are reported.

      I don’t care what this “SmartScreen Filter” is supposed to do, it should not be on by default and the end user should be informed about it in advance. We do not know what Microsoft does with this information and that, too, should be clearly stated in advance.

    4. FREEEEMAN said on August 25, 2012 at 3:03 am
      Reply

      I hope it doesn t surprise anyone…

      It’s gonna get worst and worst this way.

      Do you thought that the “big brother” age was a myth, a legend, a “conspiracy theory” or a thing of a far future ?

      It’s happening right here, everyday, before your eyes…

      And just think when even your entire Os will be “clouded”…

      1. ilev said on August 25, 2012 at 10:55 am
        Reply

        +1
        Now that DOJ’s restrictions on Microsoft ended, Microsoft is free to go back to its previous dubious ways.

    5. jimmyjamesjimmy said on August 25, 2012 at 12:30 pm
      Reply

      win8 is starting to look like a disaster if you’re a desktop user.

      1. kalmly said on August 25, 2012 at 2:24 pm
        Reply

        No. I has looked like a disaster from the beginning.

    6. lookmann said on August 27, 2012 at 6:38 am
      Reply

      hi,
      latest news: MS has issued a clumsy, unconvincing reply to this

      http://news.softpedia.com/news/Microsoft-Windows-8-SmartScreen-Does-Not-Breach-User-Privacy-288079.shtml

    Leave a Reply