By default, new functionality in Windows 8 called "SmartScreen" tracks apps and programs that users install, sending data to Microsoft. While the feature can be turned off, users may feel that the data monitoring is invasive.
When an app is installed on Windows 8, a warning may pop up, telling users to not run the app if a certificate is not signed, although users can click Run Anyway. This is possibly the first encounter with SmartScreen for less-informed Windows 8 users. Casual users may not know that a filename of the app is also sent to Microsoft along with a hash of the app installer and the user's IP address.
Microsoft checks software using a three-step process: users download the app or program and open the installer, and then SmartScreen gathers information on the downloaded software and sends it to Microsoft.
Nadim Kobeissi, a hacker, published a blog post revealing the information. In it, he came to the conclusion that Microsoft is tracking users' information. Kobeissi notes that Microsoft enables the feature by default and SmartScreen itself warns users continually to re-enable the feature if disabled.
Despite the ability to disable SmartScreen, users receive no warning about the functionality when setting up Windows 8. With Windows 8 now released to manufacturing, that is likely to persist for now. Whether Microsoft will clarify the issues and/or makechanges to the software is unknown.
This may be a worrisome feature for users. If downloads are intercepted, app filenames and potentially personal data could be stolen. Combine that risk with the insecurity of most Wi-Fi connections, and serious issues may arise. The privacy violation is exacerbated "when Windows 8 is deployed in countries experiencing political turmoil or repressive political situations".
The servers sending data to Microsoft support SSLv3 connections, meaning that the security concerns of SSLv2 are gone (a post-published update established this fact in the blog post). Fourteen hours after the blog post went live, the insecure SSLv2 connection references to Microsoft's servers were removed.
Windows 8 launches Oct. 26.
© Copyright 2020 Mobile & Apps, All rights reserved. Do not reproduce without permission.most read
related stories
more stories from OS / Software
Microsoft has reportedly started talks with HTC to add its Windows OS to the phone maker's Android smartphones and HTC is apparently considering to make a Windows Phone/Android dual-booting smartphone.
ernest hamiltonA bug in Chrome for iOS 7 has caused Google's mobile browser to leak private searches made in 'Incognito' mode.
ernest hamiltonHTC has announced that Sprint has already started to roll out the Android 4.3 update to the HTC One, AT&T and T-Mobile will follow in mid-October, while Verizon will release it by the end of the month.
ernest hamiltonThe new Windows 8.1 has gone up for pre-order on the Microsoft Store, ahead of the official launch on Oct. 18.
ernest hamiltonApple has acknowledged the iOS 7 iMessage issue and promised to provide a fix in an upcoming software update.
ernest hamiltonSamsung Canada and French carrier SFR have confirmed the Android 4.3 Jelly Bean rollout schedule for the Samsung Galaxy S4, Galaxy S3 and Galaxy Note 2.
ernest hamiltonThe unlocked, international HTC One is getting Android 4.3 Jelly Bean now, but the U.S. and Canadian versions will 'slightly miss' the end-September timeframe.
ernest hamiltonThe Samsung Galaxy S4, Galaxy S3 and Galaxy Note 2 are reportedly slated to get Android 4.3 Jelly Bean in the fourth quarter, by year-end.
ernest hamilton