Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Microsoft Denies Windows 8 App Spying Via SmartScreen

timothy posted more than 2 years ago | from the wall-of-separation dept.

Microsoft 198

An anonymous reader writes "Microsoft has denied Windows 8 SmartScreen is spying after research by Nadim Kobeissi indicated otherwise." Whether it's "spying" or not, Microsoft is collecting certain information with SmartScreen — the key is what's done with it: The article quotes a Microsoft spokesperson: "We don’t use this data to identify, contact or target advertising to our users and we don’t share it with third parties."

cancel ×

198 comments

Sorry! There are no comments related to the filter you selected.

Disable it! (5, Informative)

zenlessyank (748553) | more than 2 years ago | (#41125477)

There is a check box where you can disable this 'feature' before installation. Nothing to see here....

Re:Disable it! (3, Informative)

menegator (539434) | more than 2 years ago | (#41125493)

There is a check box where you can disable this 'feature' before installation. Nothing to see here....

Why is the parent moded -1?

Re:Disable it! (2, Insightful)

fnj (64210) | more than 2 years ago | (#41125515)

Maybe because he completely misses the point.

Re:Disable it! (5, Interesting)

Shining Celebi (853093) | more than 2 years ago | (#41125879)

Just read the Ars Technica article. [arstechnica.com] The Slashdot headline is ridiculously slanted, as was the previous story.

While I disagree with it in principle - I'd rather it be local, like how Firefox uses a local version of the bad-sites list, this is not in any way unusual or awful behavior, and it's mostly a good idea, and Microsoft has been completely open about how and why they're doing this and giving you an easy way to turn it off. It is not some privacy invading nightmare. Microsoft is not keeping track of what programs you download (unless, obviously, you get them through the Microsoft store.)

Slashdot stories are becoming more and more ridiculous. The summaries are never even worth reading anymore.

Re:Disable it! (1)

Anonymous Coward | more than 2 years ago | (#41126019)

So, this desirable activity? :

When SmartScreen is being used (which is most of the time; it is enabled by default), Internet Explorer sends every URL being visited to Microsoft's SmartScreen servers.

- arstechnica

The article plainly admits the possibility of privacy issues. Maybe it is not the security risk it has been made to be, but what are the exact definitions of "third parties" anyway?

Re:Disable it! (3, Informative)

Shining Celebi (853093) | more than 2 years ago | (#41126111)

Nope. I'd rather have a local database, even though I assume that's more difficult to keep up-to-date with what I imagine are rapidly changing blacklists. Firefox, for example does this.

But this behavior is (unfortunately) pretty bog standard, and in the case of IE, it's nothing new, so it seems a little bizarre to get all outraged about it now when all Microsoft has added is a check on file download hashes.

Re:Disable it! (0)

Anonymous Coward | more than 2 years ago | (#41126293)

I doubt this would be as effective local, they need the information from users to determine what is 'bad'.
Being that malware is such a huge problem, I want the most effective solution possible.
If I had to pick someone to trust with this information it would be Microsoft.
They are not primary an advertising or search company, and understand business/corporate needs/logic much better most others, they would not jeopardize this, and have been doing it a very long time.

Re:Disable it! (1)

VortexCortex (1117377) | more than 2 years ago | (#41126651)

The summaries are never even worth reading anymore.

No one reads TFA any more, you're just now coming around to the idea of not reading the summaries, while many of us have been just reading the headlines for quite some time...

Re:Disable it! (5, Informative)

CrazyDuke (529195) | more than 2 years ago | (#41125517)

Look in his history: His Karma is negative. The comment hasn't even been modded.

Re:Disable it! (2, Insightful)

Anonymous Coward | more than 2 years ago | (#41126569)

That happens here when you legitimately defend Microsoft.

Re:Disable it! (2)

swell (195815) | more than 2 years ago | (#41126627)

"Look in his history: His Karma is negative. The comment hasn't even been modded."

Don't believe the history of zenlessyank, or anyone else. At least in my case, every comment score is wrong, on the low side. How's yours? The history function should be fixed or removed- it's been broken far too long.

OTOH, zenlessyank is remarkably fond of exclamations--used in most titles. Those exclamations tend to be rants, many with a religious undercurrent. Zenlessyank is not given to subtlety which may have something to do with his low ranking by a thinking population.

Re:Disable it! (-1)

Anonymous Coward | more than 2 years ago | (#41125631)

This is corporate malfeasance and should be punished. Microsoft has no right to conduct surveillance on most of the world to identify what people are doing and whether they are running 'unapproved' software.

If you are opposed to pervasive government surveillance then you should also be opposed to a profit-motivated Big Brother.

Re:Disable it! (5, Informative)

bloodhawk (813939) | more than 2 years ago | (#41125695)

FFS, where do these retards come from, read the damn article or better still read a non tin foil hat version from somewhere like Ars Technica. It is purely an anti malware prevention system that checks if the hash is a known malware when you go to install. There is a lot to hate windows 8 about, but this is actually one of the beneficial features that should help everyone, from the dumb users that install malware to the rest of us that get spammed by the botnets created by that malware.

Re:Disable it! (1, Insightful)

ThatsMyNick (2004126) | more than 2 years ago | (#41125789)

How hard would it be to do it locally (like every other anti-malware/antivirus tool does)? If so why choose to do it remotely?

Re:Disable it! (1)

Shining Celebi (853093) | more than 2 years ago | (#41125945)

I'd rather it be done locally as well. I suppose the reason it's done remotely is so the blacklist can be updated and maintained on the server side. That's a perfectly good reason - Chrome sends all your URLs to check against a server-side blacklist as well - and it is probably better from the security standpoint.

Long-term, though, I think the remote check opens up a potential for vector for invading privacy in the future, which I'd rather not have.

Re:Disable it! (3, Informative)

hairyfeet (841228) | more than 2 years ago | (#41126089)

Because then the malware will simply target this just like they do other Windows components? The problem with doing it on the local machine is 1.-The malware guys will know exactly where it is, and 2.- The dancing bunnies problem [codinghorror.com] where the malware writer tricks the user into bypassing the check by offering the right cookie, thus compromising the entire system and allowing the malware writer full control.

By hosting it remotely you've just bypassed both problems as the servers running this at MSFT is gonna be better protected than grandma's Dell is, and there isn't any users to trick with dancing bunnies to bypass the system. I work on Windows PCs 6 days a week and I can tell you that frankly since Vista drivebys and buffer overflows have gone WAAAY down, now its nearly all social engineering like Security Tool, "free porn" codecs, or getting the user to run some "free" program and bypass the checks, why? Because like all criminals malware writers are lazy creatures and will take the path of least resistance and that is PEBKAC in most cases.

Re:Disable it! (2)

ThatsMyNick (2004126) | more than 2 years ago | (#41126289)

Because then the malware will simply target this just like they do other Windows components?

What makes you think service cannot be targeted just because the list of hashes is stored remotely? The service still has create the hash locally and query the remote hash list. This service would be as effective if the hash list is local.

Re:Disable it! (1)

Sir_Sri (199544) | more than 2 years ago | (#41125793)

Well that, and you entered into an arrangement with MS when you chose to install their operating system, whatever you may think of that arrangement, microsoft kinda needs to know what you're doing on the computer to know what's causing problems, because lets face it there are a lot of copies of windows in the world an even rare errors can cause huge chaos.

That doesn't mean you can't (or shouldn't) opt out of anything you're not comfortable with, but if you want stuff to work microsoft needs to know what's breaking.

Re:Disable it! (-1)

Anonymous Coward | more than 2 years ago | (#41125853)

That doesn't mean you can't (or shouldn't) opt out of anything you're not comfortable with, but if you want stuff to work microsoft needs to know what's breaking.

Is all of that REALLY easier than producing quality software designed according to sound principles?

Oh wait, if you did that then it's likely dummies and people who hate reading (another kind of dummy) couldn't use it. That would pretty much destroy the Windows market. Gotcha.

Re:Disable it! (-1)

Anonymous Coward | more than 2 years ago | (#41125765)

Shut the fuck up you FUDing idiot.

Re:Disable it! (4, Insightful)

Anonymous Coward | more than 2 years ago | (#41125637)

There is a check box where you can disable this 'feature' before installation.
Nothing to see here....

Because at least 1% of Windows users are capable of installing the OS themselves.

Re:Disable it! (2)

hairyfeet (841228) | more than 2 years ago | (#41125985)

And if you get it pre-installed there is a checkbox in Action center that kills it, which if you are so clueless that you can't even uncheck a checkbox in a GUI? Really having a hard time feeling sorry for you.

Besides frankly the whole subject is moot anyway, you are talking about an OS that gets articles like Windows 8...yes its THAT bad [infoworld.com] and is the subject of parody before its even released [youtube.com] so I kinda doubt its gonna be seeing much use on anything but tablets. Hell the only reason it'll be seeing ANY use on tablets is because it looks like Ballmer is gonna shit another MSFT billion down the toilet by selling their $500 iPad knockoff for $199 thus taking the Sony way to profitability.../snicker/.

Look its simple folks, anything Apple does MSFT does badly or half assed or just plain wrong under Ballmer...who doesn't know this? I mean you should have gotten the memo when Ballmer was squirting his shit brown Zune all over the place trying to ape iPod. Win 8 is so obviously a "Please God buy our tablets!" move it ain't even funny anymore, so why even care? Anyone with half a brain cell functioning is gonna stay with Win 7 anyway or at least make sure they get a "Win 8" system that is just Win 7 with a DVD in the bottom of the box that'll never get used except as a coaster.

Re:Disable it! (3, Informative)

Missing.Matter (1845576) | more than 2 years ago | (#41126023)

The check box appears on first account setup, so any use buying a new PC will see it too.

Re:Disable it! (3, Interesting)

Ol Olsoc (1175323) | more than 2 years ago | (#41126123)

The check box appears on first account setup, so any use buying a new PC will see it too.

The choice should be Opt-in, rather than Opt-out. This is just like their old "everything is enabled" features. It's not hard to have a screen pop up asking you if you want this info reported to Microsoft. Then you say "Yes or no. Then if you are okay, click on that yes, if not, nothing happens.

Re:Disable it! (1)

PNutts (199112) | more than 2 years ago | (#41126597)

I prefer all security settings default to enabled and I turn off what I don't need. Especially considering the wider Windows audience.

Re:Disable it! (5, Funny)

fustakrakich (1673220) | more than 2 years ago | (#41125757)

The elevator has a "close door" button inside. Do you believe it actually functions?

Re:Disable it! (0)

Anonymous Coward | more than 2 years ago | (#41125795)

The close door buttons of the elevators in my apartment works. Quite often I chose to use that when I am in a hurry when there are people that really take their time locking their doors etc.

Re:Disable it! (2)

Zero__Kelvin (151819) | more than 2 years ago | (#41125817)

Horrible point, since in many cases it does function.

Re:Disable it! (2)

ThatsMyNick (2004126) | more than 2 years ago | (#41125863)

It does work in my workplace. I guess it depends on whether you trust your users to use the button properly. My workplace does, my apartment does not.

Re:Disable it! (0)

Anonymous Coward | more than 2 years ago | (#41126149)

Yes. On every elevator I've used recently, it does.

It might not in a large skyscraper, but around here, they're ususally in buildings with 4 or fewer floors. Not pushing it takes a solid 10 seconds before the door starts to close. Pushing it starts it closing instantly. Yes, my job is boring.

Re:Disable it! (0)

Anonymous Coward | more than 2 years ago | (#41125781)

Meaning it's checked by default? Usually the things I see set as opt-out are not in my best interest.

Re:Disable it! (4, Insightful)

king neckbeard (1801738) | more than 2 years ago | (#41125799)

Most users do not install their own OS, and being on by default is problematic.

Re:Disable it! (0)

Zero__Kelvin (151819) | more than 2 years ago | (#41125813)

... and it is clearly marked "Allow Microsoft to Spy on You (Don't Worry, We're Benevolent)" and defaults to Don't Allow right? Because otherwise your point is pointless, since most users don't have the sophistication to understand what they are accepting by default.

Re:Disable it! (2)

Shining Celebi (853093) | more than 2 years ago | (#41125959)

Should Linux repositories, the Apple App Store, the Google Store, and the Microsoft store provide a similar warning, since they actually glean more information from what you download there?

I mean, all Microsoft gets from this is a filename and a hash. Unless Microsoft has a hash of every program in existence, that doesn't do them much good for spying purposes. On the other hand, they know everything about the app you're downloading from their store.

Re:Disable it! (1)

Zero__Kelvin (151819) | more than 2 years ago | (#41126163)

You don't seem to understand, so allow me to elaborate:

"Should Linux repositories ... provide a similar warning, since they actually glean more information from what you download there?"

When I download a binary from another location or build from source Linux distributions don't report that to a corporation. If Microsoft had a repository then that would be different. They don't. You would have to be a moron not to know that, in those other scenarios, they know your IP and what you are installing.

Re:Disable it! (1)

Shining Celebi (853093) | more than 2 years ago | (#41126197)

So much users are too dumb to understand the simple description of SmartScreen, but bright enough to think through the implications of downloading apps through the Microsoft Store?

Re:Disable it! (2)

Zero__Kelvin (151819) | more than 2 years ago | (#41126225)

You just don't want to get it. Installing software that reports what you install outside of the company's install channel is the issue. There is no way to install software inside a given install channel without knowing the IP address and software title. They are two completely different scenarios. Stop comparing them and acting like they are similar.

Re:Disable it! (1)

Shining Celebi (853093) | more than 2 years ago | (#41126263)

What difference does that make from a privacy perspective? How do I legitimately install apps on my (imaginary) iPhone outside of Apple's install channel?

Again, Microsoft is not reporting what you install. It is sending a filename and hash of executables you download via IE to Microsoft to compare against a blacklist.

This is on top of the regular SmartScreen filter, which reports URLs to Microsoft to compare against a blacklist and which has been pretty uncontroversial for years, same as Chrome. (I still disagree with it.)

So you don't like it? Well, there's a big notice explaining what it does giving you the option to disable it. Or you could use Firefox, Chrome, Safari, or whatever and it gets reported to Google instead of Microsoft.

Re:Disable it! (0)

Anonymous Coward | more than 2 years ago | (#41126173)

Should Linux repositories, the Apple App Store, the Google Store, and the Microsoft store provide a similar warning, since they actually glean more information from what you download there?

App stores know which apps you download because... you know... that's their job. They don't scan your computer for other apps.

Linux repos don't scan your computer for apps, and since your computer pulls binaries from mirror sites they have no centralised tracking of what you install. And many of us use local caches so they have no idea of what is installed on an individual machine.

So your post is just the same old completely bogus 'but XYZ do it too!' crap.

Re:Disable it! (2)

Shining Celebi (853093) | more than 2 years ago | (#41126191)

Microsoft doesn't "scan your computers for apps." They compare the filename and hash of executables downloaded with Internet Explorer with a known blacklist.

Re:Disable it! (0)

Anonymous Coward | more than 2 years ago | (#41125897)

doesn't windows come preinstalled on consumer pcs ? wi

Re:Disable it! (4, Informative)

Missing.Matter (1845576) | more than 2 years ago | (#41125935)

Not only do they allow you to turn it off during install, they provide a detailed explanation of what the feature does, what data they collect, how they use the data, and how you can turn the feature off during install and after install. This seems to be just about all the information a user needs to make an informed decision about whether or not to leave smart screen on. if the user opts not to read this information and clicks right through the express settings without caring about the consequences, perhaps that's exactly the kind of user this smart screen filter aims to protect; odds are they have the same lackadaisical attitude when install Ing random software from the internet. Its self selecting really.

Here is a link to my comment from yesterday, which has the exact text relevant to smart screen you encounter on install: http://slashdot.org/comments.pl?sid=3070309&cid=41111521 [slashdot.org]

Re:Disable it! (0)

Anonymous Coward | more than 2 years ago | (#41126381)

Not only do they allow you to turn it off during install, they provide a detailed explanation of what the feature does, what data they collect, how they say use the data today, and how you can turn the feature off during install and after install.

FTFY - you missed a couple of critical words.

History has shown repeatedly that "features" like this, that are initially identified as for benevolent use only, tend to eventually be used malevolently. Far too many laws suffer from the same failing, but that's for a separate tin foil hat discussion.

Tin Horns & Tin Opinions (1)

Penurious Penguin (2687307) | more than 2 years ago | (#41126473)

Only because the term "tin foil hat" when used to express contempt for those who contort reality is actually and properly an "aluminum foil hat" (or aluminium if you insist), I call you a hypocrite. There is enough even in the sacred arstechnica version of this story to warrant liberal paranoia. Why not save the tin-card for a better occasion, like one where someone is denying a tangible and verified reality and not just making a simple mistake?

Sounds lke the same thing as Google (1, Insightful)

Meshach (578918) | more than 2 years ago | (#41125503)

Using all user's "anonymous" information to offer a better experience. Lets of people accept it from Google. Will they accept it from Microsoft?

Re:Sounds lke the same thing as Google (2)

toolo (142169) | more than 2 years ago | (#41125523)

Yep.. when you get a new 'droid, iPhone or iPad, all of your apps automatically reinstall...wonder how that happens. Just because it's Microsoft this is an issue. Actually SmartScreen on Windows 8 is a good way to see what my kid is doing on the Internet without some 3rd party crapware that is definitely using your shit in ways you don't know about. And as other posters have said you can just turn it off.

Re:Sounds lke the same thing as Google (3, Informative)

kwark (512736) | more than 2 years ago | (#41125629)

"Yep.. when you get a new 'droid....automatically reinstall...wonder how that happens."

Not much to wonder about, on Android you have to opt-in to this service.
Settings -> Privacy:
Back up my data [ ]

Re:Sounds lke the same thing as Google (2)

Shining Celebi (853093) | more than 2 years ago | (#41125919)

Do you opt-in to Chrome sending your URLs to Google?

Because that would be the equivalent analogy. SmartScreen sends URLs and file hashes to Microsoft, the exact same way Google's anti-malware sends URLs to Google to compare against a blacklist.

And besides, that, Google "collects" information about what you download through their store, in the same sense - you can't download the app without them knowing your IP, which is the same information Microsoft is getting. If you really cared about this kind of privacy, the app-store model is a much bigger threat than some file hashes being sent to Microsoft.

Re:Sounds lke the same thing as Google (2)

kwark (512736) | more than 2 years ago | (#41125987)

-you opt to install/use chrome, it doesn't come standard. I presume people read the EULA if they install software! Same goes for Firefox BTW.
-Google collects info on what you download from the Google store. Flip the checkbox to install from other sources, Google doesn't get that info. So not exactly the same as all downloads are send to OS manufacturer.

Re:Sounds lke the same thing as Google (1)

Shining Celebi (853093) | more than 2 years ago | (#41126071)

Flip the checkbox to turn SmartScreen off then.

It's equally as simple. Probably simpler - never used an Android phone. Both are opt-out from your description, and the SmartScreen functionality seems to be outright presented as an option on installation.

I am also pretty sure that Chrome does, in fact, come standard on Chrome OS and I assume that the default web browser on Androids is Chrome or some variant thereof that sends your URLs to Google same as Chrome does.

Re:Sounds lke the same thing as Google (0)

Anonymous Coward | more than 2 years ago | (#41125861)

"Just because it's Microsoft this is an issue. "

Perhaps you'd prefer "Just because this is a company with a history of saying one thing and doing another this is an issue".

use of information doesn't matter (4, Insightful)

sylvandb (308927) | more than 2 years ago | (#41125521)

Collecting the information IS spying.

How the information is used after being collected does not matter for determining spying, only the motivation for spying.

Re:use of information doesn't matter (0)

Anonymous Coward | more than 2 years ago | (#41125535)

Spying is done when it's surreptitious. When it's done pretty openly (assuming you pay attention), it's surveillance.

Which can be just as creepy, but let's not pretend spying is an accurate word.

Re:use of information doesn't matter (1)

Anonymous Coward | more than 2 years ago | (#41125609)

It is surveillance when the FBI is observing a known murderer (though this is surely NOT surreptitious). That's because it is legitimate.

It is spying when one company digs through another's garbage. Or through your garbage. Or through your install logs. That's not legitimate. It's spying.

Re:use of information doesn't matter (1)

poity (465672) | more than 2 years ago | (#41125831)

I thought SmartScreen just sends the name and hash of the download file. You didn't list that as spying, and while you did list "digging through your install logs" that's not the same thing.

Re:use of information doesn't matter (0)

Anonymous Coward | more than 2 years ago | (#41125867)

So should we avoid Debian as well?
After all, you're asked if you want to participate in Debian's popularity-contest, which collects information about which programs you use and sends that to Debian, when you install Debian.

Computers are designed to collect information (1)

aNonnyMouseCowered (2693969) | more than 2 years ago | (#41126247)

I wouldn't go that far. Or do we call news reporters "spies" as well?

More to the point, whenever we connect to another computer or information storage device, information is collected. Our own smart phones do that when it connects to a WIFI hotspot and retains that information for at least the duration of the connection. Web servers continuously collect information from clients. That's one of the ways you prevent a DDOS attack by dropping clients known to make too many requests within a short period.

As far back as when the first punch cards were manufactured, computers have been designed to collect and possibly retain information. Hell, even a flesh-and-blood human standing in a corner collects information. That's how we form memories of that hot chick or hunk standing across the street. Now, it would be a different matter if I started following the object of my casual observation. In real life, that would be stalking, and would definitely fall in the category "spying".

Re:Computers are designed to collect information (1)

10101001 10101001 (732688) | more than 2 years ago | (#41126619)

I wouldn't go that far. Or do we call news reporters "spies" as well?

News reporters have neither the inclination nor the means to look over our shoulder every minute of the day while using any particular device or do any particular activity, as a point--with the exception of specific people of interest. If they did, yes, we'd call them spies.

More to the point, whenever we connect to another computer or information storage device, information is collected. Our own smart phones do that when it connects to a WIFI hotspot and retains that information for at least the duration of the connection. Web servers continuously collect information from clients. That's one of the ways you prevent a DDOS attack by dropping clients known to make too many requests within a short period.

Well, what do you know, the point that web sites do collect such information is an actual point of contention for precisely the reason that the gathered information can be used to form a picture of a person's browsing habits. This is one reason why there's been such broad discussion about Google and Facebook and the privacy concerns of their users. In fact, it goes to the point that journalists do speak of Google and Facebook "spying" on its users precisely because of the degree of data collection. But, then, I'd presume you recognize that the "collection" being spoke of is more than the transient and necessary stateful information needed for common transaction which is quickly forgotten as a matter of course.

As far back as when the first punch cards were manufactured, computers have been designed to collect and possibly retain information. Hell, even a flesh-and-blood human standing in a corner collects information. That's how we form memories of that hot chick or hunk standing across the street. Now, it would be a different matter if I started following the object of my casual observation. In real life, that would be stalking, and would definitely fall in the category "spying".

And with computers (or license plate cameras), that "flesh-and-blood human standing in a corner collect[ing] information" becomes an impersonal, vast data bank of information. Couple that with fantastic computing power and data mining algorithms, and you have the recipe for the potential for inherent stalking on a massive scale. So, every time it's possible that information is being warehoused, people want to know *before* it gets to the point that the warehouse is full and the data mining begins. But, you know, that's just crazy conspiracy theory stuff. I mean, it's not like some mostly faceless corporation has ever been caught doing such things before... And golly, it's not like the government would buy or coerce a company for that information at a later date to effectively blackmail whoever of the population they need/want to.

Could use it in the future (1)

Chirs (87576) | more than 2 years ago | (#41125543)

Note that they only say they don't do these things *now*. They don't say they won't in the future.

Re:Could use it in the future (4, Insightful)

Ultracrepidarian (576183) | more than 2 years ago | (#41125705)

and if they collect it, our government will demand access to it.

Re:Could use it in the future (0)

Anonymous Coward | more than 2 years ago | (#41126441)

:s/government/BSA

Sensationalism (5, Insightful)

Altanar (56809) | more than 2 years ago | (#41125577)

I see /. is in for another round of anti-Windows 8 sensationalism. Please read the Ars Technica article [arstechnica.com] talking about this before commentating.

Re:Sensationalism (0)

Anonymous Coward | more than 2 years ago | (#41125703)

I see /. is in for another round of anti-Windows 8 sensationalism. Please read the Ars Technica article [arstechnica.com] talking about this before commentating.

Ars Technica nowadays is only good for its science coverage.
For computer related stuff no way, it is plenty of apple shills and microsoft shills.

Re:Sensationalism (0)

Anonymous Coward | more than 2 years ago | (#41125723)

As opposed to slashdot's Linux and Apple shills..

Re:Sensationalism (0)

Anonymous Coward | more than 2 years ago | (#41125797)

As opposed to slashdot's Linux and Apple shills..

/. trumps Ars Technica.
Feel free to disagree.

Re:Sensationalism (4, Insightful)

LateArthurDent (1403947) | more than 2 years ago | (#41125743)

I see /. is in for another round of anti-Windows 8 sensationalism. Please read the Ars Technica article [arstechnica.com] talking about this before commentating.

Ah, sweet irony. Your Ars Technica article links to a wired article that argues cryptocat is no more secure than using no crypto at all, because it relies on host security, and then proceeds to defend Smart Screen using a host-security argument.

If you don't care Microsoft gets access to which programs you run / trust that they will keep the data anonymized and periodically delete the logs as you claim, by all means, don't turn off Smart Screen. That said, they have all the data they need to keep a record if every program you run, and I'd rather not take them at their word that they won't do anything bad with it.

Re:Sensationalism (1)

Eirenarch (1099517) | more than 2 years ago | (#41125803)

In other news Apple collects information for every app users install on their iPhones. So will MS on WinRT tablets and Win 8 Metro environment. In a world like this only an idiot can point a finger in a security service that uses hashes and can be turned off.

Re:Sensationalism (0)

Anonymous Coward | more than 2 years ago | (#41125847)

"Billy, don't hit people!"
"But moooom, Dennis hit people too!"

Hmmm...nope. Didn't work then, won't work now.

Re:Sensationalism (1)

Eirenarch (1099517) | more than 2 years ago | (#41125857)

More like "Billy, don't hit people with a stick. I don't mind if you hit them with baseball bat"

Re:Sensationalism (1)

cbhacking (979169) | more than 2 years ago | (#41126301)

I was wondering how long it would take before somebody brought up Cryptocat, and whether the person doing so would have a clue or not. Looks like the answers are "not long" and "no".

The goal of SmartScreen is to warn the user against running malicious software. The goal of Cryptocat is to make a user's chat session completely untappable. Not only are these two goals quite different, but most of the weaknesses of Cryptocat are based on an environment that SmartScreen simply doesn't have. Also, it's not "no more secure than using no crypto at all"; it's "no more secure than using a web-based chat client over https without any additional crypto".

Note that of course I'm talking about the web-app version here, not the local client (browser plugin, etc).

Cryptocat has two major weaknesses against its current implementation, and a few potential weaknesses. Let's compare them against SmartScreen
1. Cryptocat is served over https, but by default most browsers will try http first. Cryptocat will redirect you to https, but if somebody is running SSLStrip (or any of the other proxying tools built using it) on your network, you'll never see the redirect. Instead, the site and all of its javascript will be sent to the proxy over https, and to your browser (potentially after modification, such as injection of a script that just steals the chat data) over http.
1.1 Smartscreen will only ever attempt to connect over SSL. SSLStrip is no threat to it

2. Cryptocat relies on the server being trusted, because it gets its code from the server. If you want to make sure somebody (some government?) doesn't intercept your chat session... don't use Cryptocat, or you're screwed. This is a promise that the web-based Cryptocat can't make, even though it really wants to.
2.1 Smartscreen relies on the server being trusted, because that's where the authoritative version of the blacklist is. This is true whether the blacklist is local or remote, so from the perspective of SmartScreen's functionality, it makes no difference. As for privacy, if somebody (government, etc.) wants to spy on you... don't use Windows. Microsoft doesn't need SmartScreen to be able to tell a lot more info about your PC than "anonymous user #1403947 executed the following downloaded programs". If you don't trust them, why the fuck are you running their OS in the first place?

3. Cryptocat, being browser-based, is vulnerable to a family of attacks against the browser and its session. For example, things like clickjacking, XSS, CSRF, and so on. Security is only as strong as the weakest link, and Cryptocat has a lot of weak links. However, even if your browsing session is compromised, your secret chat conversation isn't leaked until you hold it overa browser-based chat system.
3.1 SmartScreen runs before before the downloaded program could have a chance to take over your computer. However, if your computer is already compromised, the attacker has no need of SmartScreen, and if your computer isn't compromised, SmartScreen doesn't offer any new way for a (non-MS) attacker to compromise your privacy.

Re:Sensationalism (0)

Anonymous Coward | more than 2 years ago | (#41126653)

Stoopid peeple like get fuck by MS cock.

hahahahahaha (1, Funny)

Anonymous Coward | more than 2 years ago | (#41125601)

Trust us, we promise, cross our heart and pinky swear, that just because we have built this feature into Windows 8 doesn't mean we will actually use it. It's there because of out incredible commitment to customer service and making the windows experience as user friendly as possible because we... uhhh excuse me, are you downloading firefox? Uh huh.. stop it. We said STOP IT!! Aright, you leave us no choice but for your safety and browsing ease your copy of Windows 8 has just been declared non genuine and will be locked.

So what is it? (0)

jimmydevice (699057) | more than 2 years ago | (#41125619)

"We donâ(TM)t use this data to identify, contact or target advertising to our users and we donâ(TM)t share it with third parties."
Used internally for non-advertising purposes?

trust us (0)

frovingslosh (582462) | more than 2 years ago | (#41125657)

Might as well say "We put a lot of work into collecting that information, and exposed ourselves to the risk that people concerned with privacy (or even someone in the government that we don't own) might accuse us of something, but we are not going to use the information for anything". They have no credibility no matter what lie they come up with.

Um.. They didn't exactly deny it. (2)

Ransak (548582) | more than 2 years ago | (#41125681)

TFA just says they aren't doing anything with the information... for now. That doesn't mean the FBI or whatever 3 letter agency can't put a shunt between the Internet and their SmartScreen servers. It's a sniffing vector.

Re:Um.. They didn't exactly deny it. (1)

Penurious Penguin (2687307) | more than 2 years ago | (#41126235)

A fair point, no doubt; but the word "deny" in Microsoft-context carries pretty strong connotations of incredulity. I think the title simply serves as a sort of aperitif, which worked well enough for me. In other words, Microsoft can deny whatever it wants and (knock on wood) people will still proceed to think.

Re:Um.. They didn't exactly deny it. (1)

cbhacking (979169) | more than 2 years ago | (#41126315)

So what? If the feds want to know what you're downloading and such, it's a hell of a lot easier to go through your ISP. Smartscreen as a sniffing vector is technically true but completely irrelevant to the difficulty of the attack you propose.

Re:Um.. They didn't exactly deny it. (1)

Penurious Penguin (2687307) | more than 2 years ago | (#41126377)

That confuses me slightly. I have vague recollections of using my computer while away from home. And if laptops are actually becoming more popular than desktops, I fear I may become more confused. Naive as I am though, I'd probably even say that laptops are already more popular than desktops, and 'mobility' seems to be one their most marketable features. Now if I changed my MAC address before connecting to another random ISP, how would they identify me? Maybe you are like me in assuming ISPs like Verizon have been logging MACs? Unlikely, I know. So please explain.
PS: My sarcasm is immediately null upon any sincere reply. It's just that your comment seemed to warrant a teaspoon or so of it. I have indeed been threatened with 'multiple assholes' here on slashdot, and one is enough for me, and presumably for anyone else too. You may consider me benign.

A more reasonable story (3, Informative)

MSTCrow5429 (642744) | more than 2 years ago | (#41125693)

Re:A more reasonable story (1)

Ol Olsoc (1175323) | more than 2 years ago | (#41126223)

It's a matter of credibility.

That screen is telling you that Microsoft is protecting your privacy. Perhaps sending the IP of every site you visit and every file you download is protecting your privacy? Doubleplusgood!

Oh, wait. You send the "Do not Track" button. With all due respect, I suspect that once you hit the do not track button, your IP addresses, history and downloads will be considered much more interesting to people who might find them interesting because you asked them not to track you.

However (3, Informative)

Anonymous Coward | more than 2 years ago | (#41125715)

Apple knows not only what applications you have, when you use them, how many times you use them, but where you are down to a resolution of 10m anywhere on the planet you are, at anytime.
doesnt matter if you are a politician, gangster or regular joe

and you are worried about Microsoft ? lol

bottom line is:
do you trust an "American" multi national company with your personal data ?

Re:However (0)

Anonymous Coward | more than 2 years ago | (#41126467)

I doubt that people concerned with privacy intrusion by MS are iPhone users

MS needs effective leadership (0)

Karmashock (2415832) | more than 2 years ago | (#41125739)

This software empire is self destructing due to systematic mismanagement.

we don’t share it with third parties (1)

fustakrakich (1673220) | more than 2 years ago | (#41125745)

Unless they have a warrant, right? Sorry MS, we don't want you to collect anything that can be used against us. But since there's no way of knowing, we just have to assume that you are going to anyway, despite whatever statement you make to the contrary.

Is it possible to downmod an entire submission? (2, Interesting)

93 Escort Wagon (326346) | more than 2 years ago | (#41125751)

Because this particular story needs to be marked "-1, Flamebait".

Re:Is it possible to downmod an entire submission? (1)

fustakrakich (1673220) | more than 2 years ago | (#41125801)

More like 'Redundant'. How times must we be told what we already know? Microsoft, and Apple, and the whole internet are spying. Nobody cares. They still suck it up, and buy their shit as fast as they can.

Its My IP Microsoft, I'll send ya a bill! (0, Interesting)

Anonymous Coward | more than 2 years ago | (#41125773)

I charge $10,000 USD for a 1 year subscription to my metrics. Where shall I send the bill?

sucks to be u (-1)

Anonymous Coward | more than 2 years ago | (#41125787)

i use os x and freebsd so haaw haaw

Re:sucks to be u (0)

Anonymous Coward | more than 2 years ago | (#41125877)

double hipster

Question? (1)

cyberzephyr (705742) | more than 2 years ago | (#41125899)

Is there a way to turn it off after installation? I will also mention the fact that a bunch of bundled software can be gotten rid of after you turn on your brand new laptop/PC.

Re:Question? (2)

cbhacking (979169) | more than 2 years ago | (#41126325)

Yes. It can be turned off at install, at first boot (for pre-loaded images), or at any time while logged in. There are even instructions from Microsoft for doing so!

Re:Question? (1)

cyberzephyr (705742) | more than 2 years ago | (#41126407)

Well then why is there an argument about a question? (i know it's not you).

"we don’t share it with third parties" (0)

Anonymous Coward | more than 2 years ago | (#41125905)

Oh, no, of course not. They just share it with the first party; the National Fascist Party.

Microsoft - same as it ever was (repeat) (0)

Anonymous Coward | more than 2 years ago | (#41126135)

It remains a proprietary OS. XP & 7 continue to have remote exploits patched, some, like with XP, were open for years without patches.

I would consider my privacy and security to be null and void in such an environment, whether or not there is an 'opt-out' of this particular feature.

Users should really opt-out by choosing a more open platform and storage space for their precious data.

Sure, sure. (0)

Anonymous Coward | more than 2 years ago | (#41126475)

Yeah right and the government didnt create aids as a way to kill homos.

and now that third parties know its there.... (0)

Anonymous Coward | more than 2 years ago | (#41126535)

you know they gonna want it you know it and lawsuits and laws and all that gonna cause it to happen by bribed us politicians

buuuulllshiiittt (0)

Anonymous Coward | more than 2 years ago | (#41126605)

if you're going to do nothing with it, don't fucking collect it.. and don't give me bs about "to improve our operating system and services"

OBVIOUS... (0)

Anonymous Coward | more than 2 years ago | (#41126635)

IT'S A TRAP

Micosoft deny everything (0)

Anonymous Coward | more than 2 years ago | (#41126639)

They all stupid cunt. They try fuck us. Stupid sheeple bend over let ballmer shove dick in ass. You don't be stopid. You try apple. Apple dick not so big. Some day you learn computer don't let any dick.

It sound ok but most people still let fuck by bill gates gigacock in ass and mouth.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?