Microsoft's upcoming Windows 8 operating system will feature an expanded version of SmartScreen, a technology that was introduced as an optional feature in Internet Explorer 9 to warn users if they ran an application that wasn't on Microsoft's whitelist.
Security researcher Nadim Kobeissi discovered that SmartScreen has been turned into a system-wide defense technology in Windows 8. It's turned on by default and phones home to Microsoft every time you install a program on your PC. Microsoft's server then compares the hashed value of the program's installation and the code signature against its database, if the application has a high reputation the installation will proceed as normal, otherwise users will receive a security warning that running the program might be risky.
If the system is disconnected from the Internet, users will receive a message that Windows SmartScreen is unreachable and can't help you decide of the program is okay to run.
Security advocates, thinking people, and everyone who isn’t Microsoft naturally find this troubling. For one thing, MS now has a database of what every IP is installing. Even if the company takes steps to make that information anonymous, there’s no way the government will ignore a centrally maintained database of activity once it believes it can link an IP address to particular users. Second, there’s the temptation to use this information for targeted advertising. If Microsoft sees an IP address installing video games or Xbox Live content, it know that’s probably a gamer. If you’re downloading cooking apps, you might like to see some ads for recipe websites.
This strikes at one of the problems with so-called anonymous data — it’s not actually anonymous. If I know your IP, the apps you install, and the websites you visit, I know an awful lot about you. I may not retain that data, but you can bet that governments and corporations will both want to get their hands on it. The earnings from monetizing the information, and the associated temptation, are potentially huge.
Use Disqus to post new comments, the old comments are listed below.
Re: Windows 8 SmartScreen tells Microsoft about every program you install by Anonymous on Saturday, August 25 2012 @ 19:19:13 CEST
It's a TEST operating system. The folks who are afraid of tracking should just wait for retail. MS is not doing anything that Apple or Google wouldn't do. Heck Google searches your email for your habits, that should be MORE frightening but apparently it's not. Bunch of tech news reporters with nothing more useful to add wrote this up. Useless garbage.
Reply by Anonymous on Sunday, August 26 2012 @ 00:50:07 CEST
One more reason to avoid Windows 8.
Microsoft should consider hiring some people with a conscience.