News Categories

Microsoft Quells Growing SmartScreen's Privacy Breach Concerns

By Michael Low & Wong Chung Wee - on 27 Aug 2012, 1:46pm

Microsoft Quells Growing SmartScreen's Privacy Breach Concerns

Microsoft has denied it is attempting to spy on Windows 8 users through the SmartScreen feature of its upcoming operating system. This is in response to a prominent hacker who voiced concerns about Windows 8 sending information to Redmond servers each time a user installs an application. The hacker, Nadim Kobeissi, said that Windows's SmartScreen will screen every application a Windows 8 user installs from the Internet, " order to inform you whether it’s safe to proceed with installing it or not.". This feature of Windows 8 is enabled by default.

Source: Nadim Kobeissi

In Kobeissi's experimentation, he managed to capture the communication data. He posted a screenshot of the data packet analyzer of the alleged communication between the SmartScreen feature, on his copy of Windows 8, with the Microsoft servers. His main concern over this function of SmartScreen is that it may lead to a privacy breach as " may be possible to intercept SmartScreen’s communications to Microsoft and thus learn about every single application downloaded and installed by a target. ".

According to The Register, a Microsoft spokesperson has confirmed that the company is not building databases of installed applications from their Windows 8 users.

"Like all online services, IP addresses are necessary to connect to our service, but we periodically delete them from our logs. As our privacy statements indicate, we take steps to protect our users’ privacy on the backend. We don’t use this data to identify, contact or target advertising to our users and we don’t share it with third parties." This is according to the Microsoft spokesperson to whom The Register interviewed.

Furthermore, since the posting of Mr. Kobeissi's findings, the company has upgraded its backend servers to support SSLv3, in order to secure the communication channels of these servers. The Register noted that Microsoft is in the clear for this matter; however, the SmartScreen feature is still collecting and storing installation information on the company's backend servers.

For users of Windows 8 who are concerned about this possible security breach, there is a way to turn off the SmartScreen feature. However, this action may leave the Windows 8 system vulnerable to software that have not been authenticated by Microsoft as the intention of SmartScreen is to provide protection for users from malware. In the future, Windows 8 users will need to weigh carefully the benefits of SmartScreen with their privacy concerns before making the decision to turn off the SmartScreen feature or subscribe to it.

Source: Wikipedia,,, Nadim Kobeissi via The Register