Tuesday, August 28, 2012

SmartScreen sends to Microsoft information about each application

Windows 8 Microsoft sends information about all installed programs

Hidden feature in Windows 8 called Windows SmartScreen sends to Microsoft information about each application that the user has downloaded from the internet, tried to install or installed in the operating system, according to Boy Genius Report, citing a programmer Nadim Kobeissi, who first discovered the function .

SmartScreen is the purpose of protecting the user from malicious software. Data is sent when the user runs the installer. Once Microsoft receives the data, it checks if the program certification. If not, the message that the launch of this program can damage, then the user is prompted to not install.

However, the information between the server and Microsoft SmartScreen can be caught, and so one can learn about each installed on the computer user-specific application (passed as IP-addresses), warns the programmer. Task easier for hackers own software company - according Kobeysi, she uses old and unreliable protocol encryption of transmitted data - SSLv2.

"The problem lies in the fact that the information is sent immediately. For each application that you download and install. This is a serious issue of confidentiality for users, because Microsoft cooperation with the government and its willingness to transfer the data to state structures ", - said Kobeissi.

Kobeysi hints that the information can be used by law enforcement agencies to identify the owners of personal computers that use pirated prorgamm. Microsoft itself can use these data - the company regularly conducts raids against pirates. As does, for example, Adobe Systems, the developer of Photoshop.

SmartScreen feature is enabled by default. If it is disabled (and this is not so simple - Kobeysi notes), then Windows will periodically persistently remind the user that he has activated it again.

"We stress that there kopim database with information about the programs users and IP-addresses - reported to Microsoft in response to BGR. As is the case with most online services, IP-addresses needed to connect to, but we periodically remove them from our logs. In accordance with our privacy policy, we take steps to protect the privacy of users on their part. We do not use the data to identify, communications or advertising targeting and not pass them on to others."

After about 14 hours after the article Kobeissi in his personal blog, Microsoft refused to use obsolete SSLv2 protocol and switched to a newer standard SSLv3.

Discovery of a new hidden functionality in Windows 8 has created the Internet, perhaps, the most heated debate, says BGR.

No comments:

Post a Comment