Microsoft spies in win8 on all your installed apps

Seems win8 likes to phone home cloud stile on the topic of protecting your computer by destroying your privacy.

Every program you install\uninstall is checked\logged with micro soft to see if they wish to allow you to install it or not.
sources

{1} {2} {3}

 

Yes, disable SmartScreen and there goes a ton of a protection. Or keep it enabled and let MS know every last program you'll ever install on your system. I like to keep a balance between security and privacy and this, to me, upsets that balance quite a bit.

 

They better know my installed programs rather than Google knowing all my surfing habits and controlling the Net. Generally people don't have many programs installed on their machines and I don't consider this personal information - they cannot identify me based on this.

 

Why should users feel that they need to make such a choice? Neither is acceptable. AFAIC, it's none of Microsoft's business what I install or use. We aren't accountable to them and don't need their approval. If I can't completely disable such behavior without resorting to a separate hardware device, then I won't use that OS or application.

 

A few things:
1) All that's being sent is a hash of the file and the files name and your IP. Not the file itself or its contents. N
2) Your IP is deleted short after arrival - they couldn't connect to your system without an IP.
3) The information gathered via SmartScreen will not be used for advertising or sold to third parties as per the privacy policy.
4) All information sent via SmartScreen is encrypted securely over SSL3.

They could implement this more 'privately' the way SafeBrowsing does - by checking a local hash first, and if none is found then sending the first bits of a hash to a database, and then if there's a collision send the whole hash. But even without that it would take significant effort to turn a file name and a hash into knowledge of the program behind it for a considerable number of executables.

MS would be able to identify many by name like "Flashplayer" - do you mind MS knowing you install Flashplayer? I guess some might, in which case they should probably go ahead and disable it. But outside of well known applications they'd need a massive database of files names and hashes to know every program you're installed - and every version of a program is a new hash (except for web installers).

 

From http://windows.microsoft.com/en-US/windows-8/windows-8-privacy-statement?T1=supplement, SmartScreen section:

Bold & underlining is mine.

 

Another garbage collector. I wonder what are they doing with all this stuff they collect?

 

The ability to see what individuals, corporations, and other entities are running on their computers (which may include software that was developed in-house, software that came onto the machine via private network or USB drive, etc) has significant potential (and almost surely actual, present) value. The extent to which it is necessary for end-user protection purposes is very debatable but excessiveness doesn't reduce its value there. It would also likely be of value for:

Law enforcement activities
Espionage activities
Marketing/advertising research
Other research relating to how computing devices are used
Other research relating to the behavior of individuals, corporations, etc

We can never be sure of what is stored, for how long, how easily such information is linked to other information (already in Microsoft's possession or easily acquired), what if any profile building is done off of that information, what information will be used for in the future, etc. Here in the US, laws and proper judicial review can't be counted upon to assure that such activities are lawful let alone legitimate from the computer owner's POV. For all we know, Microsoft has allowed $Agencies to tap the data flow and/or is performing databasing services for them... without proper judicial oversight, via a legally binding agreement that provides authorization and compels secrecy... while being compensated quite well for this.

We've also been talking about only one aspect of one "feature". There is other information that can be collected and used for TBD, including more information about "potentially unwanted software", file download URLs, URLs loaded by IE and/or apps, what you do via the Windows Store and other Microsoft services, etc. Generally speaking, this is a gold mine of information. I expect that many computer owners and admins will not be sufficiently aggressive in terms of opposing and blocking all of the related features/services, so it will payoff.

 

yeah, there's a windows there's a door.

 

+1


sadly i bet ya this is were its all going even if they all say {corporations\government} its not.
every so often someone gets nailed red handed doing just that so you know, the amount of times someone gets nailed vs the amount of times no ones the wiser ....depressing

somewhat off topic but i was researching trusted computing just a little wile ago and found this.
its a nice lecture on the hole topic of computer security and why things are the way they are.

decent watch

Trusted Computing: Questioning What You Think You Know
http://www.youtube.com/watch?v=-9aL1vOCEf4&feature=related

ps trusted computing blows the way that topic going, but the video its really about computer security in general.

 

Interesting read here. I had no idea SmartScreenFilter was regularly dialing home to MS.

The question is if it is really needed? Most AV/IS software have antiphishing and other real time protection.

Since I have never seen an alert from SmartScreenFilter in IE9, I guess I will be turning it off.

 

Well said. Gov't/Corporations are well known to say one thing and do another. I don't watch TV, listen to news and by all means I don't believe a second that MS, Apple, Google or anyone else will behave themselves. We should have the same approach towards privacy like App Guard towards malware, default deny

 

IMHO, this is nothing more than the MS cloud. Compare it to Kaspersky's and Norton's cloud protection that also dial home about every particular exe you download from the Internet - the idea is just to check it if it is safe or not.

But if you don't rely or third party software like McAfee, Norton, Kaspersky, then what is going to guard you against these attacks ? Smart Screen for IE is antimalware, antiphishing protection in Microsoft programs

This is probably because you have never visited a malicious site, you never downloaded virus, you have third party antimalware program that filters traffic before it reaches the HDD. But if you do not fill in the above and you attempt to download malicious file or start it, you will be prompted with these: https://www.wilderssecurity.com/showthread.php?p=2147425#post2147425

 

ya more or less hu ? its a nice excuse like all the rest of the data mining vampires out their to invade our privacy but just for a moment lets just see if its possible to do what their doing with out the privacy invasion.......

anti-phishing protection "dirt bag internet sites and dns hacking"

every hear of peerguardian ? it wasn't really made at first for this topic originally but it can protect vs dirt bag internet sites if that's what you want it to do.
2meg's of download per day blocks everything nasty internet site wise if you want it too and it doesn't need to know {spy} were you serf the net.

as for malware i don't think SmartScreenFilter can protect vs it unless it can understand how to read legal agreements.
if it did it would quarantine it self along with flash player,Ea games origin,3\4 of all the anti-virus programs,punk buster,windows media player,face book,Google,ActiveX,java script,anything with the word cloud or sync in it,msn live,internet explorer,the 35+ default apps in windows7 that phone home,etc

that be kind of funny in a way though to have a real anti-spyware app that did that

so what that really means is only you "the humans" can really know what is safe and what isn't depending on your personal preference.

oo right their is one for windows xp its called xp-antispy WooT!

remember this from winxp ?


whats the risk = who gives a @#$%
SmartScreenFilter for windows xp.

never ending popUP harassment on the topic of ~ are you shore you know what your doing and want to install this program ?
we don't think you should,access denied.
no duh really wtf "WHO CARES LUNCH"
WHAT ARE YOU THINKING windows seeing as i just clicked 2x on the thing ffs

freaking useless marathon-popup harassment.
hemm getting vista flash backs here.......................
ah yes and it stalls\lags the computer for all most 2 min at times and for what ?
probably trying to phone home and cant,let me check firewall logs.

yip explorer.exe {windows explorer not internet explorer} tried to do a DNS check to phone home to micro $oft


*

guess the spyware topic is 100% the same in xp as it is in win8 "good one"
bet ya didn't know that about xp.

better add windows explorer to the quarantine folder in xp, seems it spyware..........

 

Hey If you really that much have problems with MS, Linux is the way to go - make your own distro - it is open source, no privacy problems. Cheers!

 

trust me i know what you mean and that's were most of the computer science intellectuals {hackers} end up given time it seems.

sadly Linux and other opensorce OS are a different bag of problems and i use both for the record.

Definition of: Trojan

A program that appears legitimate, but performs some illicit activity when it is run. It may be used to locate password information or make the system more vulnerable to future entry or simply destroy programs or data on the hard disk. A Trojan is similar to a virus, except that it does not replicate itself. It stays in the computer doing its damage or allowing somebody from a remote site to take control of the computer. Trojans often sneak in attached to a free game or other utility.

Definition of: spyware

Any software that covertly gathers user information through the user's Internet connection without his or her knowledge, usually for advertising purposes. Spyware applications are typically bundled as a hidden component of freeware or shareware programs that can be downloaded from the Internet; however, it should be noted that the majority of shareware and freeware applications do not come with spyware. Once installed, the spyware monitors user activity on the Internet and transmits that information in the background to someone else. Spyware can also gather information about e-mail addresses and even passwords and credit card numbers.

windows xp and internet explorer 8 legal agreement links, look close and you can see were Micro $oft spells out 100% that they are allowed to spy on you and know everything you install in Windows xp

internet explorer 8 legal
winxp pro legal
windows xp pro SP2 legal

Edit: legal links updated as per er34 request

 

Can you point me to the text that says they are allowed to spy -link2 ? I scanned it but I am missing it. Thank you

 

the part about its in the legal agreements was meant as a bad joke{Satire},
some how i doubt it's in their and if it is its vague to the max as to saying what phones home and why.
and i didn't even bother looking it up for windows xp or windows 8.

as for winxp i should have added in the legal agreements for the following as well.
service pack 2 & security center if any

and yes it douse insinuate that some things do "phone home" xp2 legal agreement,i checked..... kind of ....

the phone home trash with windows xp ~ exploror.exe starts with SP2 security center, and might i add it has like a 99.9% false positive track record regardless of it you allow it to phone home or not,so really all it douse it data mines.
as well like most of the popups in windows vista and win7 that have like x10 the popups of winxp, the OS will use philological scare tactics vs the end user in order to scar & psychologically manipulate them in to not luring how to use a computer or do anything on one because the min you try to your greeted with never ending stream of menacing popups telling you that its in your best interest that you shouldn't.

ill update the legal agreement links in post 26,your welcome..............
btw the legal agreements were found online at random sites. i have offline versions of SP2 legal agreements if needed to check to see if their the same