Security researcher Nadim Kobeissi has discovered that the Windows 8 SmartScreen feature, meant to screen downloads for malicious software, actually reports the data about which applications users are installing to Microsoft. He also says that "the Microsoft server is configured to support SSLv2 which is known to be insecure and susceptible to interception."
The two main concerns are the ability of law enforcement to subpoena Microsoft for the information and of hackers to intercept user data, but how much of a risk does the filter really pose?
First, according to VentureBeat, there's a good chance that Microsoft removes identifying information like IP addresses from the information collected by SmartScreen. If this is the case, the data would be completely useless even if it was subpoenaed. Programmer Rafael Rivera says that it's possible, but unlikely, that the company is actually using this as a way to track user activity.
The problem here is that even if it isn't a huge security risk, it's still an issue that Microsoft never mentioned that the filter reports user activity. Even if the information doesn't have personal details attached to it, users deserve to know that it's being collected. There is, however, a very easy way to disable SmartScreen (built in by Microsoft).
In the Control Panel, open System and Security, then click on the Action Center. Under Windows SmartScreen, click Change Settings and you'll be given the option to disable the SmartScreen.
The bottom line is that there probably isn't a high likelihood that you'll be hacked because of this, but you do deserve to know about and choose how your information is used. So if it makes you uneasy, turn off the SmartScreen and be sure to let Microsoft know how you feel.
Will you disable your SmartScreen filter, or do you think this is all being blown out of proportion? Sound off in the comments.
Comments
No Comments Exist
Be the first, drop a comment!