dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
4329
share rss forum feed


Cartel
Premium
join:2006-09-13
Chilliwack, BC
kudos:2
reply to newview

Re: Window 8 tattles to MS about EVERY app you install

Don't forget the kill switch

»Microsoft Includes Kill Switch In Windows 8


Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7

1 edit
reply to newview
Microsoft denies Windows 8 app spying via SmartScreen

The thought of Microsoft getting a log of every application stored on a client system predictably got some in the IT community's hackles up. Stories like this elicit fears in some quarters that all the data is fed back to a secret room in Redmond, where it is examined by the FBI, RIAA, or the Rand Corporation, in conjunction with the saucer people, under the supervision of the reverse vampires.

"We can confirm that we are not building a historical database of program and user IP data," a spokesperson told El Reg. "Like all online services, IP addresses are necessary to connect to our service, but we periodically delete them from our logs. As our privacy statements indicate, we take steps to protect our users’ privacy on the backend. We don’t use this data to identify, contact or target advertising to our users and we don’t share it with third parties."

As for concerns over the leakage of material via SSLv2.0, Microsoft said that it will not use this protocol with Windows 8 and that SmartScreen does not support that version. Kobeissi notes that 14 hours after he posted about the issue a new scan of the servers showed no SSlv2 support, although he stands by his original findings.

Lest you think that Kobeissi is some tinfoil-hat type, he is a respected security researcher in his field. Kobeissi, a Canadian of Lebanese extraction, invented the Cryptocat encrypted chat application and is a strong anti-censorship campaigner.

But while in this case it appears that Microsoft is in the clear, there's still room for improvement. Currently the SmartScreen system does use application information stored at Redmond to validate local apps, hence the information is collected. But Kobeissi points out that the need for this could be eliminated if such data was stored locally on the client end and updated regularly. ®

»www.theregister.co.uk/2012/08/25···_spying/


FF4m3

@bhn.net
reply to Cartel
said by Cartel:

Don't forget the kill switch

»Microsoft Includes Kill Switch In Windows 8

Thanks for the reminder.

More info here:

The Windows 8 Kill Switch: A Hacker's Dream Come True

iknow
Premium
join:2012-03-25
reply to goalieskates
said by goalieskates:

This is getting tiresome.

I'm not sure what's so wonderful about Win8 that would justify all this, but anything being sent home needs to be opt-in. And Microsoft of all people should know that.

When did they decide to become evil?

Yipes!. probably well before they became co-conspirators to international hackers!. »Microsoft Funds Startup Designed to Disrupt BitTorrent


FF4m3

@bhn.net
reply to goalieskates
said by goalieskates:

This is getting tiresome.

When did they decide to become evil?

Decades ago...

United States v. Microsoft

Microsoft litigation

Microsoft: The Evil Empire re-Surfaces


Dude111
An Awesome Dude
Premium
join:2003-08-04
USA
kudos:13

 

Yup.....Win2000 SP4 was the start of it!


Agent Smith

join:2008-07-07
New York

2 recommendations

reply to newview

Re: Window 8 tattles to MS about EVERY app you install

I think you should get the catch here.

Windows 2000 is what windows ME should have been.

Windows 7 is what Windows Vista should have been.

Windows 9 is what Windows 8 Should have been.
--
Currently Go to Lehman high School As a Junior Now =]



Link Logger
Premium,MVM
join:2001-03-29
Calgary, AB
kudos:3
reply to Cartel
said by Cartel:

Don't forget the kill switch

»Microsoft Includes Kill Switch In Windows 8

And what makes this kill switch different then any other vendor's kill switch? Really guys your religion is showing here, try to keep it technical and not religious OK.

Blake
--
Vendor: Author of Link Logger which is a traffic analysis and firewall logging tool


FF4m3

@bhn.net
said by Link Logger:

said by Cartel:

Don't forget the kill switch

»Microsoft Includes Kill Switch In Windows 8

And what makes this kill switch different then any other vendor's kill switch?

What makes it different is that most other OSes (except OS X maybe?), including all open source OSes, do NOT have a kill switch.
said by Link Logger:

Really guys your religion is showing here, try to keep it technical and not religious OK.

Really guys LL your religion is showing here, try to keep it technical and not religious OK.


NormanS
I gave her time to steal my mind away
Premium,MVM
join:2001-02-14
San Jose, CA
kudos:12
Reviews:
·SONIC.NET
·Pacific Bell - SBC
reply to goalieskates
said by goalieskates:

When did they decide to become evil?

When they sold the first copy of PC-DOS to IBM.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum


sivran
Seamonkey's back
Premium
join:2003-09-15
Irving, TX
kudos:1
reply to newview
Yawn, I'll only worry about this if it's shown to happen even with SmartScreen turned off.

ctggzg
Premium
join:2005-02-11
USA
kudos:2
reply to AnonFTW
said by AnonFTW :

It's a HASH of the app and it's designed to help filter malicious apps.

How dare you try to counter paranoia and ignorance with logic?


FF4m3

@bhn.net
reply to newview
From Ars Technica -

Windows 8 privacy complaint misses the forest for the trees:

...fretting about SmartScreen is missing a rather larger point. Windows 8 includes within it a store. So does Windows RT, the ARM version of Windows 8. All third-party applications that use the Metro environment must be installed via the store, and for Windows RT, every third-party application must use the Metro environment. Microsoft will be collecting information about these downloads and purchases, and no doubt creating top ten lists from it.

Every time an application is downloaded or purchased from the Windows Store, Microsoft is explicitly, overtly, and necessarily informed of the download. These downloads are automatically associated with Microsoft Accounts, too, meaning that they can be paired not merely with an IP address, but with an e-mail address and, in many cases, a name and billing information.

To decry SmartScreen as a privacy risk is missing the far greater privacy risk; a privacy risk shared by every platform that has this kind of integrated store system.


iknow
Premium
join:2012-03-25
reply to NormanS
said by NormanS:

said by goalieskates:

When did they decide to become evil?

When they sold the first copy of PC-DOS to IBM.

that depends on your definition of evil, that was not right, but if you define evil as being a criminal, funding international hackers to disrupt the internet surely is!. »Microsoft Funds Startup Designed to Disrupt BitTorrent

OZO
Premium
join:2003-01-17
kudos:2
While some working on projects to help people to communicate with each other, others are funding hackers to disrupt it... It's certainly evil .
--
Keep it simple, it'll become complex by itself...


FF4m3

@bhn.net
reply to iknow

vil
said by iknow:

said by NormanS:

said by goalieskates:

When did they decide to become evil?

When they sold the first copy of PC-DOS to IBM.

that depends on your definition of evil, that was not right, but if you define evil as being a criminal, funding international hackers to disrupt the internet surely is!. »Microsoft Funds Startup Designed to Disrupt BitTorrent

More nuanced definitions of evil here.


Heh213

join:2012-06-16
Reviews:
·HughesNet Satell..
reply to newview
Smart screen stuff can be turned off during the initial setup ("Express" install enables it by default), I do understand why people are so worried however.

As for metro apps, the Store model MS will know everything you have installed to your account (metro wise), just like Apple or Google does with their platforms.


goalieskates
Premium
join:2004-09-12
land of big
said by Heh213:

As for metro apps, the Store model MS will know everything you have installed to your account (metro wise), just like Apple or Google does with their platforms.

Or some of us won't buy the new Windows Metro stuff just as we don't buy Apple or Google stuff. If I haven't needed it till now, I'm not likely to die without it a year from now. And silliness like this only makes it even less attractive.


Link Logger
Premium,MVM
join:2001-03-29
Calgary, AB
kudos:3
reply to FF4m3
said by FF4m3 :

said by Link Logger:

said by Cartel:

Don't forget the kill switch

»Microsoft Includes Kill Switch In Windows 8

And what makes this kill switch different then any other vendor's kill switch?

What makes it different is that most other OSes (except OS X maybe?), including all open source OSes, do NOT have a kill switch.

Does the iPad/iPhone have a kill switch? Does Android have a kill switch? And for bonus points, have those switches ever been used?

What about Apple's GateKeeper?

Blake
--
Vendor: Author of Link Logger which is a traffic analysis and firewall logging tool


FF4m3

@bhn.net
said by Link Logger:

Does the iPad/iPhone have a kill switch? Does Android have a kill switch? And for bonus points, have those switches ever been used?

What about Apple's GateKeeper?

Blake

Good questions. Guess that you probably know. Please tell us.


AVD
Respice, Adspice, Prospice
Premium
join:2003-02-06
Onion, NJ
kudos:1
reply to Link Logger
said by Link Logger:

Does the iPad/iPhone have a kill switch? Does Android have a kill switch? And for bonus points, have those switches ever been used?

Comparing mobile OS with (primarily) a desktop os.
--
--Standard disclaimers apply.--


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:3
reply to goalieskates
said by goalieskates:

Or some of us won't buy the new Windows Metro stuff just as we don't buy Apple or Google stuff.

+1
--
Don't feed trolls--it only makes them grow!


therube

join:2004-11-11
Randallstown, MD
Reviews:
·Comcast
·Verizon Online DSL
reply to newview
When this was first reported, before understanding what was going on, my initial thought was, "well append a byte to the end of the installer & the hash changes ...".

So today I see, Byte Manipulator. (Haven't tried it, but from its description wouldn't think it to be effective?)


AVD
Respice, Adspice, Prospice
Premium
join:2003-02-06
Onion, NJ
kudos:1
malware changing itself to get around signature detection is nothing new.
--
--Standard disclaimers apply.--


Ctrl Alt Del
Premium
join:2002-02-18
kudos:1
reply to Link Logger
said by Link Logger:

Does the iPad/iPhone have a kill switch? Does Android have a kill switch? And for bonus points, have those switches ever been used?

What about Apple's GateKeeper?

Blake

Apple's Gatekeeper is not a remote kill switch. OS X only checks for the existence of a security certificate on first run (which can also be easily bypassed). It does not phone home in any way, nor is there any way for Apple to remotely disable an app.

Only iOS and Android have a remote kill switch. And Google has used their kill switch for legitimate purposes. Apple has not used theirs yet. You can see the black listed apps here: »iphone-services.apple.com/clbl/u···izedApps
--
less talk, more music


Link Logger
Premium,MVM
join:2001-03-29
Calgary, AB
kudos:3
reply to AVD
said by AVD:

said by Link Logger:

Does the iPad/iPhone have a kill switch? Does Android have a kill switch? And for bonus points, have those switches ever been used?

Comparing mobile OS with (primarily) a desktop os.

I'm not sure that Windows 8 is primarily a desktop OS as it is available as both a tablet and phone so I think of Windows 8 as more a mobile OS then a desktop.

Blake
--
Vendor: Author of Link Logger which is a traffic analysis and firewall logging tool


AVD
Respice, Adspice, Prospice
Premium
join:2003-02-06
Onion, NJ
kudos:1
the fake windows tablets with the alpha chip, I'll give you that.
windows8 does not run on a smartphone, only the UI is similar.
--
--Standard disclaimers apply.--


Link Logger
Premium,MVM
join:2001-03-29
Calgary, AB
kudos:3
said by AVD:

the fake windows tablets with the alpha chip, I'll give you that.
windows8 does not run on a smartphone, only the UI is similar.

from »en.wikipedia.org/wiki/Windows_phone

quote:
Windows Phone 8

On June 20, 2012, Microsoft unveiled Windows Phone 8, a new generation of the operating system for release later in 2012. Windows Phone 8 will replace its previously Windows CE-based architecture with one based off the Windows NT kernel with many components shared with Windows 8, allowing applications to be easily ported between the two platforms.
Blake
--
Vendor: Author of Link Logger which is a traffic analysis and firewall logging tool


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:3

1 edit
Never mind. Link Logger See Profile already knows.
--
Don't feed trolls--it only makes them grow!


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:3
reply to Link Logger
quote:
Windows Phone 8 will replace its previously Windows CE-based architecture with one based off the Windows NT kernel with many components shared with Windows 8, allowing applications to be easily ported between the two platforms.
Interesting. I worked on a project using WinCE some years ago but I'm sure embedded processors have more horsepower now making this possible.
--
Don't feed trolls--it only makes them grow!