Researcher Raises Alarm Over Windows 8's SmartScreen Filter

26

Comments

+ Add a Comment
avatar

Jerjef

I read this article and all I can say else, "and what else is new?"
This is a sad reality that every technology company in the world is recording your every move. Google is notorious for it, every web browser does it, hell even the squeaky clean Apple does it http://venturebeat.com/2011/04/20/why-is-apple-recording-iphone-and-ipad-users-locations/.

There's no use complaining about it because no one is listening. If the companies were concerned with what you think, they would've stopped doing it long ago.

If you don't like it go live in the woods like Grizzly Adams because that's the only way you can escape it.

avatar

big_montana

A better write up on Ars:

"There are some technical problems with Kobeissi's complaint. Although he says that the server supports SSLv2, that is only part of the story. Windows clients using the operating system's built-in SSL capabilities don't, by default, support SSLv2. They support SSLv3 and TLS 1.0, neither of which is vulnerable to the same eavesdropping attacks that SSLv2 is susceptible to. A comment on Kobeissi's blog states that, in practice, the connection uses TLS 1.0. While TLS 1.0 does have some flaws when used in other contexts, it rules out trivial eavesdropping by malicious third parties.

This still means that Microsoft could determine which programs individual IP addresses are using. There would be some implementation issues to address first, however. Microsoft only receives the executable name and its hash. Sometimes the executable name is useful, containing the software name and version information, but a lot of the time it will be simply "setup.exe" (unfortunately, as it's very annoying if you ever want to find the installer for a program after you've downloaded it).

This leaves the hashes. Microsoft likely doesn't have a mapping from file hashes to actual executables, so it can't immediately tell which hash corresponds to which actual executable, but it could, in principle, trawl the Web looking for executables and computing their hashes. With this, the company could know that a particular IP address was running a particular program, or at least its installer.

If Microsoft cross-referenced this with other information it collects, such as Microsoft Account information, it could possibly even associate names with executables."

It sure seems like he's trying to ride the Windows 8 hate train with an inflammatory post which is light on facts and heavy on assumptions, all of which will be used by the uninformed as "yet another reason" to dislike Windows 8. It's Vista all over again, and not because of the software quality, but by the would-be journalists who can't get their facts straight before mouthing off on the internet.

avatar

DasHellMutt

This

avatar

whitneymr

It doesn't make a tinkers damn what they say they'll do with the info they gather because once they get a subpena from a federal grand jury they'll hand it over so fast it'll make your head swim. Also if the laws change to forbid them from dumping the data they'll do it the next day.

The only thing scarier than MS with your private info is feds saying "thank you" and taking it from them.

avatar

svelasquez123

For all you saying this is another reason not to upgrade from Windows 7. Windows 7 sends the same info to the same servers already. Open up fiddler or other traffic inspection tool and install an app from the web. The same exact server is contacted with the same information about the application.

avatar

rathb18

WOW why are so many people complaining about a feature that CAN BE DISABLED???? DO you people really like to bitch just to hear you voice or what??

avatar

maxeeemum

It's Big Brother in a nutshell! Most people don't know what it is or does and can't disable it. So why was this story written for and why did M$ make changes.

Check this link to disable Smart Screen and read the comments at the end. They are pretty funny.

http://www.howtogeek.com/75356/how-to-turn-off-or-disable-the-smartscreen-filter-in-windows-8/

avatar

Bullwinkle J Moose

Why do we need to find the spyware in the first place and figure out how to shut it off assuming we find it in the first place?

And WHY is this a feature? (What does it provide ME?)

avatar

rathb18

It provides none tech people with a way of knowing what app's are safe and what are not safe to install which for some could be a very useful feature and who cares if it send's a little info back to Microsoft it's not like there's any privacy in today's world anyway so you may as well live with it and not waste your whole life trying to hide it.

avatar

Meat_Juice

Seriously thinking of trying my hand at Linux as I read there's a new build coming out around Octoberish. More resolute to take a pass on Win 8 than ever.

avatar

maxeeemum

Yet another reason not to use Windows 8!

avatar

don2041

The personal computer [PC] is dead, long live the public computer {PC]

avatar

USraging

I don't have a problem with the feature, because cross checking that applications are safe would help out the common user from making all those bad mistakes that i have to fix. On the other hand i do not agree with verbally saying that information will be deleted from their servers when they have time. They need to make a opt out feature for me to be ok with this. But i would be more worried about what your isp servers logs than Microsoft keeping a list of applications installed on your system.

avatar

eastbayrae

If it had an Apple logo on it none of you would have said shit and begged Apple to take you money.

avatar

maxeeemum

Wrong! "None of us" here use Apple! Even though Win8 upsets me I think Apple is worse. Never have or will buy an Apple product.

avatar

Neufeldt2002

What they are not telling you is that this is another way to target advertising at you. Yes the other stuff is there that you should be worried about, remote uninstall, spying, etc, but they can and will use these bits of info to target ads at you as well. Have a lot of games installed, more gaming ads your direction. Installing that movie app? here are some movies you might like. Searching online for Hemorrhoid cream through Metro's version of IE, here's an ad for you. All at the convenience of being placed on your start screen. The more I find out about Win 8 the less I like it. Improvements mean squat if it spy's on you, and uses you for targeted ads and sells you out to the local gov because you thought you would try this programme over an approved MS one. Some may actually like this idea, and more the pity I guess, but people really need to wake up to what MS is really doing. It's time to start looking for an alternative before all privacy and rights are gone.

avatar

Budman_NC

VERY well said Neufeldt2002! I can't understand why the Win8 proponents are OK with this.

avatar

pratikrawankar

Windows 8 is a big bitch _________ good to know information

tracking user data ________bigger than MS super cookies seen last year with big problem

avatar

Happy

And we're just supposed to take Microsoft's word that they don't keep this info and won't give it to the government if the government silently requests it for purposes of so called "national security"?!??!

avatar

Nastyman

It looks to me like win7 is going to turn into another XP and last forever. I don't want Microsoft or anyone else to know what I install and run on my PC at all. It is no ones business at all!Privacy invasion is what this is for sure AND IT SHOULD BE STOPPED! The guberment is supposed to protect our right to privacy...sure they are...vote all those bastards out! They are not doing their job at all.

Nasty

avatar

warptek2010

Problem with voting out the bastards is you might might elect new bastards or they might become bastards once they get into the 'system'.

avatar

pratikrawankar

+1 windows 7 another XP will last long over 2015 ___may be even more with 30-35 % market share

avatar

igoka

Looks like MS wants to have full control and it's always "think of a children", "this is for your protection" motto. This is really big. Like another commenter said I don't worry about it because I'm not going to use it , period. Vote with your wallet.

avatar

sirnotapearing

watch after the launch they will start using smart screen to prevent installs of application that are free. probably will turn into another e-book fiasco.

avatar

m35g35

I am not worried about it. The last thing MS is too piss off their user base. With more viable options today, consumer can change quickly.
I am running it and got the message once. It threw me for a second and I moved on. So, now they have information about a photography program, big deal. What concerns me more is how Google tracks my web usage. That is why I moved to startpage to get away from that crap.

avatar

Bullwinkle J Moose

Sheet, this is the least of your worries with this spyware platform...

Oh wait, I have a tinfoil hat don't I?

Never mind then...
Go back to sleep

avatar

pastorbob

I'm not worried about it because I will never use Windows 8. If and when the time comes that Windows 7 is not a viable option for me I will switch to Ubuntu. Everything I am currently doing I can do through that OS.

avatar

Zoandar

"Yes, we CAN monitor every single little thing you do with your computer, but we promise to delete it 'periodically', so no need to worry". (The Cretaceous "period" lasted 80 million years.)

If this stuff keeps surfacing, I will be utterly amazed if Win8 ever sees general public acceptance. It seems the deeper anyone is looking, the more malignant it appears to be.

avatar

don2041

I agree 110%

Log in to MaximumPC directly or log in using Facebook

Forgot your username or password?
Click here for help.

Login with Facebook
Log in using Facebook to share comments and articles easily with your Facebook feed.