Observant software hacker Nadim Kobeissi stumbled upon an interesting observation today while running a network packet analyzer under Windows 8. It appears, by default, Microsoft's latest operating system is sending information to Redmond servers each time a user installs an application. Before the hearts of our readers are aflutter with panic though, allow me to stress this point: this behavior is simple to disable.
Actually, this isn't entirely a surprise. In fact, it served as an instant reminder of this TechSpot news post in April: Windows 8 to get native SmartScreen file checking. However, Kobeissi's experimentation offers us a clearer glimpse into what precisely is going on under the hood though.
Enabled by default, Windows 8's SmartScreen feature aims to protect unwitting users from nasty malware and other unsavory files. Even if this is the first time you've heard of it though, it may still sound strikingly familiar. That's because the technology was originally introduced with Internet Explorer 8 as an extension of IE7's phishing filter. In IE9, SmartScreen gained Application Reputation, a set of algorithms used to analyze the trustworthiness of downloads via digital signatures, heuristics and information collected by Microsoft. This appears to be the foundation of Windows 8's implementation.
In order for SmartScreen to work, the technology relies on Microsoft's proprietary, centralized database of software trustworthiness. That's where security and privacy advocates become a little uneasy – Microsoft collects information about user-driven download activities which in turn, are used to power this database.
Kobeissi believes the data sent by Windows 8 includes the application's hash value, it's obfuscated file name and the computer's IP address. Although the data is encrypted, Kobeissi voices his concern that SSLv2 is relatively insecure, potentially leaving installation data and identities of users open to hackers.
If the thought of Microsoft collecting information about your downloads keeps you awake at night, consider this: Google also runs their own SmartScreen-like technology called Safe Browsing. The Safe Browsing API isn't limited to just Chrome though, its open to many developers. Most notably, it is employed by at least two other major browsers: Firefox and Safari. Of course, Microsoft is taking this a step further now, integrating SmartScreen into Windows and not just your Internet Browser.
Ultimately though, SmartScreen has proven itself to be fairly effective in protecting users from malicious sites and files. A cost-benefit analysis of the technology is unlikely to weigh on the minds of most users, but for the average consumer, SmartScreen may actually prove to be a worthwhile addition to Windows 8. Skeptics and cynics though, will likely want to leave SmartScreen disabled.