Windows 8 Tells Microsoft About Everything You Install, Not Very Securely

JMH

Emeritus, Contributor
Joined
Apr 2, 2012
Posts
7,197
I've recently been using the final, Released to Manufacturing version of Windows 8 on one of my computers, to much delight. I've been very impressed by how fast, well-designed, functional and capable this latest iteration of Windows is. However, my tinkering around from a security/privacy perspective has left me concerned.

Nadim Kobeissi may be young, but already the hacker and programmer has done more to fight for privacy and internet rights than most of us ever will. Now, he sheds light on the fact that Microsoft knows everything we install on our Windows 8 devices.

Windows 8 has a new featured called Windows SmartScreen, which is turned on by default. Windows SmartScreen's purpose is to "screen" every single application you try to install from the Internet in order to inform you whether it's safe to proceed with installing it or not. Here's how SmartScreen works:

http://gizmodo.com/5937649/windows-8-tells-microsoft-about-everything-you-install-not-very-securely
 
Microsoft denies Windows 8 app spying via SmartScreen


Microsoft has moved to quell fears that Windows 8 is building up a detailed record of all applications stored on client machines via its SmartScreen application.

An analysis
by security researcher Nadim Kobeissi noticed a potential privacy violation in Windows 8's SmartScreen system, which checks applications that the user wants to install against a database of known dodgy code and warns the user if Redmond's records suggest there may be a problem.

"The big problem is that Windows 8 is configured to immediately tell Microsoft about every app you download and install," Kobeissi wrote. "This is a very serious privacy problem, specifically because Microsoft is the central point of authority and data collection/retention here and therefore becomes vulnerable to being served judicial subpoenas or National Security Letters intended to monitor targeted users."

To make matters worse, the install logs are sent to Microsoft and can be snooped by third-parties, the researcher claims, since the mechanism supports the SSLv2 protocol which is known to be breakable. While it's possible to turn off SmartScreen, it's not easy, and the OS will remind you periodically to turn it back on.

http://www.theregister.co.uk/2012/08/25/windows8_smartscreen_spying/
 

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top