Windows 8 tells Microsoft about everything you install

Status
Not open for further replies.

Spirit

Level 2
Thread author
May 17, 2012
1,832
Windows 8 tells Microsoft about everything you install

Known computer security researcher Nadim Kobeissi has posted up some interesting information on the behavior of Windows 8 whenever you install an application. According to some quick researching he did, the Windows SmartScreen feature reports every application a user installs to Microsoft, and does so in a way that could be intercepted by malicious hackers.


The Windows SmartScreen feature is enabled by default and is designed to tell end users whether the application they have downloaded from the internet is safe to install on their machine. It does this by gathering some info upon opening the installer, sending it to Microsoft and then waiting for a response to see if said installer has a valid certificate. As Kobeissi mentions, this means information about every single application downloaded and installed is sent to Microsoft.

He dug further to discover the information sent could potentially be intercepted by a malicious hacker, as Microsoft uses an "outdated and insecure" method of HTTPS encrypted communications. If a hacker did manage to steal all the information on a user's application installation habits, they could make a profile of the user and use that to find other exploitable weaknesses.

The issue with SmartScreen is currently only prevalent in Windows 8 as it's the first time Microsoft has integrated SmartScreen at an OS level (Windows 7 only features SmartScreen in applications like Internet Explorer). You can disable SmartScreen so you are no longer reporting your installation habits to Microsoft, but this is apparently not easy to do and results in periodic nags to re-enable it.

Chances are Microsoft will not do anything about their implementation of SmartScreen, so as it stands now it could be a privacy and security risk.



via
 

McLovin

Level 78
Verified
Honorary Member
Malware Hunter
Apr 17, 2011
9,228
Using an "outdated and insecure" method of HTTPS encrypted communications, that's Microsoft for you. Well for Internet Explorer I try and stay clear of it.
 
D

Deleted member 178

That is not good...

offtopic: the number 8 in Vietnam has a second meaning equivalent to "talk" , so that news really confirm that Win8 is talkative :p
 

MrXidus

Super Moderator (Leave of absence)
Apr 17, 2011
2,503
I do not require this feature and have disabled it.

I have UAC on and that's already overkill for my superior knowledge. /s

Thanks.
 
D

Deleted member 178

MrXidus said:
I have UAC on and that's already overkill for my superior knowledge. /s

lol, MrXidus , you dont need UAC, because you do a fresh reinstallation every day :p
 

MrXidus

Super Moderator (Leave of absence)
Apr 17, 2011
2,503
Umbra Corp. said:
MrXidus said:
I have UAC on and that's already overkill for my superior knowledge. /s

lol, MrXidus , you dont need UAC, because you do a fresh reinstallation every day :p

Actually, I'm taking a big risk and have stepped it up to weekly now. :) /s
 

malbky

Level 1
Jun 23, 2011
1,011
LOL, everyday install. He beats my record of a 1-2month reinstall. Thats really some bad news. Windows 8 is showing signs of getting messed up big time. Next a virus will exploit smart screen filter and then like MS did for gadgets they will get a patch to completely disable it.
 

Overkill

Level 31
Verified
Honorary Member
Feb 15, 2012
2,128
MrXidus said:
Umbra Corp. said:
MrXidus said:
I have UAC on and that's already overkill for my superior knowledge. /s

lol, MrXidus , you dont need UAC, because you do a fresh reinstallation every day :p

Actually, I'm taking a big risk and have stepped it up to weekly now. :) /s

Are you serious?
You re-install windows that frequently?

As far as this topic, you need to use IE i'm assuming for MS to spy on you?
 

samit

Level 12
Verified
Nov 4, 2011
830
Microsoft has responded to our inquiry regarding the research made by Nadim Kobeissi – the developer of Cryptocat – on the Windows 8 SmartScreen Application Reputation service and the potential privacy risks that come with it.

“Windows SmartScreen Application Reputation is a file-reputation service that helps users make safer decisions about the programs they download and run. In order to deliver file reputation, information about the files is sent to our reputation services,” a Microsoft spokesperson told Softpedia via email.
http://news.softpedia.com/news/Micr...een-Does-Not-Breach-User-Privacy-288079.shtml
 

MrXidus

Super Moderator (Leave of absence)
Apr 17, 2011
2,503
MRF71 said:
MrXidus said:
Umbra Corp. said:
MrXidus said:
I have UAC on and that's already overkill for my superior knowledge. /s

lol, MrXidus , you dont need UAC, because you do a fresh reinstallation every day :p

Actually, I'm taking a big risk and have stepped it up to weekly now. :) /s

Are you serious?
You re-install windows that frequently?

As far as this topic, you need to use IE i'm assuming for MS to spy on you?

JgUUd.png


HA! Of course not! Someone doesn't know what /s means. :p

/s means sarcasm.

I have alot of it. Thanks.
 

WinAndLinuxTutorials

Level 4
Verified
Honorary Member
Aug 23, 2011
2,291
MrXidus said:
HA! Of course not! Someone doesn't know what /s means. :p

/s means sarcasm.

I have alot of it. Thanks.

I have seen that /s (and sometimes /sarc)in many of your comments... Thats why I knew it. :p
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top