Researcher Raises Alarm Over Windows 8's SmartScreen Filter

Windows 8, for those of you who don’t know, relies on something called SmartScreen Application Reputation to identify and warn users of potentially dangerous desktop apps. According to Microsoft, the operating system uses SmartScreen, which was previously restricted to Internet Explorer, to conduct “an application reputation check the first time you launch applications that come from the Internet.” With SmartScreen providing an additional layer of security to Windows 8 users, they will have a lot less to worry about, right? Wrong, according to Canadian security researcher Nadim Kobeissi, who has a serious issue with the way the feature works.

Read more at:
Maximum PC | Researcher Raises Alarm Over Windows 8's SmartScreen Filter


See also:
http://www.eightforums.com/tutorials/2631-windows-smartscreen-turn-off-windows-8-a.html
 
Thanks, Brink.

Very touchy subject indeed.

I don't know about anyone else, but I was never asked to give M$ permission to store what apps I install, unless there was some fine print in the agreement I never read. Sometimes I'll glance over the titles of paragraghs and if I find something that catches my eye I'll read that, but I don't read the whole thing.

Whenever I see the Patriot Act mentioned a big red flag pops up. Here's a link to these so called National Security Letters.

National security letter - Wikipedia, the free encyclopedia

I can understand a judicial subpoenas where authorities have to go in front of a judge, show probable cause, and then do the hunt if the judge ok's it. But the letters, I think, gives someone without proper credentials too much power.

Very touchy subject indeed. I'll be lQQking into it further for sure.

On the other hand, if one is doing nothing wrong, one needn't worry. But, they need my permission -> First and foremost.
 

My Computer

System One

  • OS
    8.1 Pro X64
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Acer T690
    CPU
    Intel Pentium D Dual Core
    Motherboard
    Acer/Intel E946GZ
    Memory
    2GB (max upgrade)
    Graphics Card(s)
    Intel Graphics Media Accelerator 3000 - PCI Express x16
    Sound Card
    Integrated RealTek ALC888 high-definition audio with 7.1 channel audio support
    Monitor(s) Displays
    Acer AL1917W A LCD
    Screen Resolution
    1440 X 900
    Hard Drives
    350 GB Seagate Barracuda 7200.10
    Thumb drives
    PSU
    Standard 250 watt
    Case
    Desktop 7.2" (183mm) W x 17.5" (445mm) L x 14.5"
    Cooling
    Dual case fans + CPU fan
    Keyboard
    Acer Windows PS/2
    Mouse
    Wireless Microsoft Arc
    Internet Speed
    54mbp/s
    Browser
    IE11
    Antivirus
    Defender
    Other Info
    Office Pro 2013 / Nokia Lumia 1520 Windows Phone 8.1DP GDR1
On the other hand, if one is doing nothing wrong, one needn't worry.

I agree.

I don't see that of a big deal with the Smartscreen. It's their right to put it in their OS as long as the privacy laws are respected.
As you've probably seen each new OS release has more security features implemented than a previous release.

As I see in that article, just a few hackers complained for now, Compare Win8 with XP: XP gave complete freedom to the user, it was a "good" OS: viruses were also in full freedom tested! But users fear Smartscreen for some other hidden (spying?) capabilities, you never know.

And then it's obvious... if you don't have anything better to do than crack an app, then you're in trouble because it's monitored.

We'll see where this story is going...
Pretty interesting.
 

My Computer

System One

  • OS
    Windows 10 x64
    Computer type
    Laptop
    System Manufacturer/Model
    HP Envy DV6 7250
    CPU
    Intel i7-3630QM
    Motherboard
    HP, Intel HM77 Express Chipset
    Memory
    16GB
    Graphics Card(s)
    Intel HD4000 + Nvidia Geforce 630M
    Sound Card
    IDT HD Audio
    Monitor(s) Displays
    15.6' built-in + Samsung S22D300 + 17.3' LG Phillips
    Screen Resolution
    multiple resolutions
    Hard Drives
    Samsung SSD 250GB + Hitachi HDD 750GB
    PSU
    120W adapter
    Case
    small
    Cooling
    laptop cooling pad
    Keyboard
    Backlit built-in + big one in USB
    Mouse
    SteelSeries Sensei
    Internet Speed
    slow and steady
    Browser
    Chromium, Pale Moon, Firefox Developer Edition
    Antivirus
    Windows Defender
    Other Info
    That's basically it.
SmartScreen - How Microsoft spies on it's users

I found this interesting article and I'm concerned about this. What do our resident experts have to say?

Windows 8 Tells Microsoft About Everything You Install, Not Very Securely


I'll post a few snippets from the article:

Windows 8 has a new featured called Windows SmartScreen, which is turned on by default. Windows SmartScreen's purpose is to "screen" every single application you try to install from the Internet in order to inform you whether it's safe to proceed with installing it or not.

There are a few serious problems here. The big problem is that Windows 8 is configured to immediately tell Microsoft about every app you download and install. This is a very serious privacy problem, specifically because Microsoft is the central point of authority and data collection/retention here and therefore becomes vulnerable to being served judicial subpoenas or National Security Letters intended to monitor targeted users. This situation is exacerbated when Windows 8 is deployed in countries experiencing political turmoil or repressive political situations.
This problem can however get even more serious: It may be possible to intercept SmartScreen's communications to Microsoft and thus learn about every single application downloaded and installed by a target.

Update: According to Microsoft, SmartScreen sends a hash of the app installer and its digital signature, if any. A combination of the hash and the user's IP address is still enough to identify that IP address x attempted to install software y.
Update 2: Another researcher has discovered that a filename of the app you're trying to install is indeed sent to Microsoft. This severely strengthens privacy concerns.
Update 3: Approximately 14 hours after this article was published, another scan of Microsoft's SmartScreen servers reveals that they have been reconfigured to no longer support SSLv2. The servers now only support SSLv3 connections.

Furthermore, SmartScreen is not easy to disable, and Windows will periodically warn users to re-enable it should they attempt to disable it.

See the link above for an analysis of how SmartScreens communications can be intercepted.

This will be one service I will find out how to permanently disable.
 

My Computer

System One

  • OS
    Windows 8 64 bit
    System Manufacturer/Model
    HP Pavillion G7-2251dx
    CPU
    AMD A-8 4500M
    Memory
    8 Gigabytes DDR3 sdram
    Graphics Card(s)
    Discrete ATI Radeon HD 7640G with 2 Gigs
    Sound Card
    IDT Audio
    Monitor(s) Displays
    17.3
    Screen Resolution
    1600x900
    Hard Drives
    500 gig
    Internet Speed
    3.5 mb/sec
This isn't anything to really worry about.

If you REALLY want to worry about something, every time you or Windows checks for updates, the system sends info to Microsoft details about your PC and I believe your location and IP address as well....

But then again, I'm not too concerned about SmartScreen. All it does is send data about every program that is downloaded and installed to check if it doesn't raise any security concerns. I imagine that only happens if SmartScreen comes up and says it is unable to verify the file. If so, data is sent to Microsoft so they can check it out and add it to SmartScreen's whitelist of applications or the blacklist if they find issues with it. Even then, it's not like a serious issue. It's not like Microsoft will either a) break into your house at night and punch you squarely in the face or b) snuff you out in your sleep. And it's not like if someone does figure out in the very few and spare in between opportunities that SmartScreen does send data over the network that they not very likely to a) break into your house at night and punch you squarely in the face or b) snuff you out in your sleep or c) knock you unconscious and surprise adopt you and take you to a totally different place in the world and you wake up in a totally different house, apartment, or village and you wake up and say, "What. The. Flock."

That's just me. :)
 

My Computer

System One

  • OS
    Windows 8.1 Pro
    Computer type
    PC/Desktop
    System Manufacturer/Model
    ASUS
    CPU
    AMD FX 8320
    Motherboard
    Crosshair V Formula-Z
    Memory
    16 gig DDR3
    Graphics Card(s)
    ASUS R9 270
    Screen Resolution
    1440x900
    Hard Drives
    1 TB Seagate Barracuda (starting to hate Seagate)
    x2 3 TB Toshibas
    Windows 8.1 is installed on a SanDisk Ultra Plus 256 GB
    PSU
    OCZ 500 watt
    Case
    A current work in progres as I'll be building the physical case myself. It shall be fantastic.
    Cooling
    Arctic Cooler with 3 heatpipes
    Keyboard
    Logitech K750 wireless solar powered keyboard
    Mouse
    Microsoft Touch Mouse
    Browser
    Internet Explorer 11
    Antivirus
    Windows Defender, but I might go back on KIS 2014

My Computer

System One

  • OS
    Windows 10 Home x64
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom
    CPU
    INTEL Core i5-750
    Motherboard
    ASUS P7P55D
    Memory
    KINGSTON HyperX Fury Black Series 8GB (2 x 4GB) 1866Mhz
    Graphics Card(s)
    EVGA GTX750
    Monitor(s) Displays
    LG 27MP33HQ 32" IPS LED
    Screen Resolution
    1920 x 1080
    Hard Drives
    Samsung 840 Evo 120 GB, 2 x SEAGATE 500GB Barracuda® 7200.12, SATA 3 Gb/s, 7200 RPM, 16MB cache
    PSU
    ANTEC TruePower New TP-550, 80 PLUS®, 550W
    Case
    ANTEC Three Hundred Illusion
    Cooling
    COOLER MASTER Hyper 212 Plus, 3 x 120mm 1 x 140mm Case
    Internet Speed
    20 + Mbps
    Browser
    Vivaldi
    Antivirus
    Avast
Thanks for the leads on the articles, Bill. Saves me time scouring the Inet for this info. :)

This isn't anything to really worry about.

If you REALLY want to worry about something, every time you or Windows checks for updates, the system sends info to Microsoft details about your PC and I believe your location and IP address as well....

But then again, I'm not too concerned about SmartScreen. All it does is send data about every program that is downloaded and installed to check if it doesn't raise any security concerns. I imagine that only happens if SmartScreen comes up and says it is unable to verify the file. If so, data is sent to Microsoft so they can check it out and add it to SmartScreen's whitelist of applications or the blacklist if they find issues with it. Even then, it's not like a serious issue. It's not like Microsoft will either a) break into your house at night and punch you squarely in the face or b) snuff you out in your sleep. And it's not like if someone does figure out in the very few and spare in between opportunities that SmartScreen does send data over the network that they not very likely to a) break into your house at night and punch you squarely in the face or b) snuff you out in your sleep or c) knock you unconscious and surprise adopt you and take you to a totally different place in the world and you wake up in a totally different house, apartment, or village and you wake up and say, "What. The. Flock."

That's just me. :)

I agree, Cokie. Bottom line is I really don't care if M$ wants to store whatever apps or programs are installed on my rig for I'm not hiding anything. But we must take caution on this sort of thing. I'm glad this Nadim Kobeissi fellow and followup article authors made us aware of this issue. Quite honestly I'm not that savvy, nor do I think most people are to decpher this sort of thing.

I'm aware that we can't get into politcal discussions here, for it's against forum rules. All I'll say is that I'm not in agreement what's been legislated in this country as of late. I belive rights are being compromised.

So far as the topic is concerned, all I'm saying is that one should always have a choice of what is being downloaded, uploaded, (sideloaded :p), or recorded on anyone's server and for what purpose. Presenly I think M$ has good intent here and according to the articles, it remains that we have a choice whether or not to use SmartScreen. I'm not going to live in the fear as you decribed either. We must needs be aware of such issues, for if we settle for no choice, what's to follow?

I'll be lQQking into your beginning statement for sure.
 

My Computer

System One

  • OS
    8.1 Pro X64
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Acer T690
    CPU
    Intel Pentium D Dual Core
    Motherboard
    Acer/Intel E946GZ
    Memory
    2GB (max upgrade)
    Graphics Card(s)
    Intel Graphics Media Accelerator 3000 - PCI Express x16
    Sound Card
    Integrated RealTek ALC888 high-definition audio with 7.1 channel audio support
    Monitor(s) Displays
    Acer AL1917W A LCD
    Screen Resolution
    1440 X 900
    Hard Drives
    350 GB Seagate Barracuda 7200.10
    Thumb drives
    PSU
    Standard 250 watt
    Case
    Desktop 7.2" (183mm) W x 17.5" (445mm) L x 14.5"
    Cooling
    Dual case fans + CPU fan
    Keyboard
    Acer Windows PS/2
    Mouse
    Wireless Microsoft Arc
    Internet Speed
    54mbp/s
    Browser
    IE11
    Antivirus
    Defender
    Other Info
    Office Pro 2013 / Nokia Lumia 1520 Windows Phone 8.1DP GDR1
I'm glad this Nadim Kobeissi fellow and followup article authors made us aware of this issue.
Yes that's right. Now we now something more about smartscreen.

That smartscreen is a bit annoying for me because even Chromium as a browser is a suspect. That popup appeared on my pc on version 23.0.1237.0 (151858).
Well I always used custom Chromium Developper Build because it's a few versions higher than the Google Chrome built for John Doe and everyone else. I do some web developpment for school and the newest browsers come in handy.

Of course, that Chromium doesn't have a signature, for a nightly build, and it's a bit risky to use they say, but I like to manage this one by myself.

But keep in mind that ,by spying or not, some apps blocked by smartscreen can really be dangerous. It's up to you to decide if you want smartscreen in or out.
 

My Computer

System One

  • OS
    Windows 10 x64
    Computer type
    Laptop
    System Manufacturer/Model
    HP Envy DV6 7250
    CPU
    Intel i7-3630QM
    Motherboard
    HP, Intel HM77 Express Chipset
    Memory
    16GB
    Graphics Card(s)
    Intel HD4000 + Nvidia Geforce 630M
    Sound Card
    IDT HD Audio
    Monitor(s) Displays
    15.6' built-in + Samsung S22D300 + 17.3' LG Phillips
    Screen Resolution
    multiple resolutions
    Hard Drives
    Samsung SSD 250GB + Hitachi HDD 750GB
    PSU
    120W adapter
    Case
    small
    Cooling
    laptop cooling pad
    Keyboard
    Backlit built-in + big one in USB
    Mouse
    SteelSeries Sensei
    Internet Speed
    slow and steady
    Browser
    Chromium, Pale Moon, Firefox Developer Edition
    Antivirus
    Windows Defender
    Other Info
    That's basically it.
But keep in mind that ,by spying or not, some apps blocked by smartscreen can really be dangerous. It's up to you to decide if you want smartscreen in or out.

Thanks, Hopachi.

I've decided to stick with SmartScreen for now. We'll keep an eye on this and see what happens...........
 

My Computer

System One

  • OS
    8.1 Pro X64
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Acer T690
    CPU
    Intel Pentium D Dual Core
    Motherboard
    Acer/Intel E946GZ
    Memory
    2GB (max upgrade)
    Graphics Card(s)
    Intel Graphics Media Accelerator 3000 - PCI Express x16
    Sound Card
    Integrated RealTek ALC888 high-definition audio with 7.1 channel audio support
    Monitor(s) Displays
    Acer AL1917W A LCD
    Screen Resolution
    1440 X 900
    Hard Drives
    350 GB Seagate Barracuda 7200.10
    Thumb drives
    PSU
    Standard 250 watt
    Case
    Desktop 7.2" (183mm) W x 17.5" (445mm) L x 14.5"
    Cooling
    Dual case fans + CPU fan
    Keyboard
    Acer Windows PS/2
    Mouse
    Wireless Microsoft Arc
    Internet Speed
    54mbp/s
    Browser
    IE11
    Antivirus
    Defender
    Other Info
    Office Pro 2013 / Nokia Lumia 1520 Windows Phone 8.1DP GDR1
But keep in mind that ,by spying or not, some apps blocked by smartscreen can really be dangerous. It's up to you to decide if you want smartscreen in or out.

Thanks, Hopachi.

I've decided to stick with SmartScreen for now. We'll keep an eye on this and see what happens...........

Good idea, thanks.

We'll keep an eye on it and also see what other online articles will say about it.
 

My Computer

System One

  • OS
    Windows 10 x64
    Computer type
    Laptop
    System Manufacturer/Model
    HP Envy DV6 7250
    CPU
    Intel i7-3630QM
    Motherboard
    HP, Intel HM77 Express Chipset
    Memory
    16GB
    Graphics Card(s)
    Intel HD4000 + Nvidia Geforce 630M
    Sound Card
    IDT HD Audio
    Monitor(s) Displays
    15.6' built-in + Samsung S22D300 + 17.3' LG Phillips
    Screen Resolution
    multiple resolutions
    Hard Drives
    Samsung SSD 250GB + Hitachi HDD 750GB
    PSU
    120W adapter
    Case
    small
    Cooling
    laptop cooling pad
    Keyboard
    Backlit built-in + big one in USB
    Mouse
    SteelSeries Sensei
    Internet Speed
    slow and steady
    Browser
    Chromium, Pale Moon, Firefox Developer Edition
    Antivirus
    Windows Defender
    Other Info
    That's basically it.
I've read A Guy's links above and they do nothing to quell the uneasiness I feel about this spy app.

I don't care what I choose to download, only if I want Microsoft to babysit me, should it look over my shoulder. This borders on criminal for this app not to be disabled by default and only activated as part of a security scheme if the user really needs such a service.

This should be documented in big bold words as soon as you start the PC and before you use Internet Explorer and then you should be given the choice to use this service or not.

This is the problem with privacy issues.. it's just like the Patriot Act. They assume you need the protections so they force them on you, thus taking away your freedoms. Microsoft is doing the same things here that our corrupt Anti American Anti Republic Anti Constitution leaders in Congress and the White House are doing and have been for the last 16 years.

Microsoft has no right to know what I download. Period. I don't care if it's porn, or malware - I should be given the choice and should be notified up front. People, the more you stupidly allow these things to be accepted, unchecked, the more bold and intrusive they will become.
 

My Computer

System One

  • OS
    Windows 8 64 bit
    System Manufacturer/Model
    HP Pavillion G7-2251dx
    CPU
    AMD A-8 4500M
    Memory
    8 Gigabytes DDR3 sdram
    Graphics Card(s)
    Discrete ATI Radeon HD 7640G with 2 Gigs
    Sound Card
    IDT Audio
    Monitor(s) Displays
    17.3
    Screen Resolution
    1600x900
    Hard Drives
    500 gig
    Internet Speed
    3.5 mb/sec
@ Dark Rider

I hear you and agree with you on some of the issues you raised, but I think M$ takes privacy seriously. They spend a lot of time and money on it. They designate a lot of employees on the issue also. I don't think M$ is the big bad wolf people claim them to be. They remain to give us a choice.

On the other hand, do I agree that some of these settings are configured in an OS or IE as default, such as SmartScreen or others? No. I agree with you. I think it should be the other way around. They should be set "off", then given a choice to be turned on if one desires. I think it should also be included in "Let's Get Started", "What's New?", or other OS presentations.

I've been doing some research and reading. Here's what I found. M$'s site dedicated to privacy.

Data Protection | Internet and Online Privacy | Microsoft Privacy

Here’s one on advertising.

Microsoft Advertising: Advertising Info

I will personally be contacting M$ on this issue and suggesting they be more "up front" with privacy.

BTW, I think "ignorantly" would have been a better word to use than "stupidly".
 

My Computer

System One

  • OS
    8.1 Pro X64
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Acer T690
    CPU
    Intel Pentium D Dual Core
    Motherboard
    Acer/Intel E946GZ
    Memory
    2GB (max upgrade)
    Graphics Card(s)
    Intel Graphics Media Accelerator 3000 - PCI Express x16
    Sound Card
    Integrated RealTek ALC888 high-definition audio with 7.1 channel audio support
    Monitor(s) Displays
    Acer AL1917W A LCD
    Screen Resolution
    1440 X 900
    Hard Drives
    350 GB Seagate Barracuda 7200.10
    Thumb drives
    PSU
    Standard 250 watt
    Case
    Desktop 7.2" (183mm) W x 17.5" (445mm) L x 14.5"
    Cooling
    Dual case fans + CPU fan
    Keyboard
    Acer Windows PS/2
    Mouse
    Wireless Microsoft Arc
    Internet Speed
    54mbp/s
    Browser
    IE11
    Antivirus
    Defender
    Other Info
    Office Pro 2013 / Nokia Lumia 1520 Windows Phone 8.1DP GDR1
Back
Top