Windows 8 Tells Microsoft About Everything You Install 489
musicon writes "According to Nadim Kobeissi, Windows 8 is configured by default (using a new featured called Windows SmartScreen) to immediately tell Microsoft about every app you download and install. This is a very serious privacy problem, specifically because Microsoft is the central point of authority and data collection/retention here and therefore becomes vulnerable to being served judicial subpoenas or National Security Letters intended to monitor targeted users. This situation is exacerbated when Windows 8 is deployed in countries experiencing political turmoil or repressive political situations."
While SmartScreen is enabled by default, it's possible for users to turn it off. Also, it's worth noting that Microsoft is hardly alone in this regard, given the rise of app stores over the past several year. (Not that it exculpates this behavior.)
Does Windows 8 have an opt-out feature? (Score:5, Funny)
At the rate Microsoft is going, they might as well add a "Windows 8 opt-out feature."
Re:Does Windows 8 have an opt-out feature? (Score:5, Informative)
At the rate Microsoft is going, they might as well add a "Windows 8 opt-out feature."
I know this is a joke, but yes, they do, It's called "downgrade rights"
Re:Does Windows 8 have an opt-out feature? (Score:5, Interesting)
"The Unofficial Windows 8 Developer FAQ
Today, I’m going to attempt to dos something Microsoft staff should have done long ago or didn’t do correctly or simply were held back from doing so. I’m going to release the Unofficial FAQ on “What Just happened” in Microsoft for developer(s) worldwide."
http://www.riagenic.com/archives/960?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+MsMossyblog+(MS+MossyBlog) [riagenic.com]
Re: (Score:3, Funny)
At the rate Microsoft is going, they might as well add a "Windows 8 opt-out feature."
I know this is a joke, but yes, they do, It's called "downgrade rights"
I thought it was called, "Mountain Lion".
Re:Does Windows 8 have an opt-out feature? (Score:4, Insightful)
Re: (Score:3, Insightful)
Yes, because warning before running downloaded apps that aren't signed by trusted developers (trusted means your credit card is on file with Apple) is just like the same as quietly telling Microsoft everything you install, without asking.
Re:Does Windows 8 have an opt-out feature? (Score:5, Funny)
Uncaring Linux user here. I have nothing to add to this but please continue. *munches popcorn*
Re:Does Windows 8 have an opt-out feature? (Score:5, Insightful)
Technically, Ubuntu offers an option to collect download and installation data from the software center. I believe it prompts you though and clearly explains that's it's anonymous.
Re:Does Windows 8 have an opt-out feature? (Score:4, Interesting)
Congratulations on focusing on half the post. The other half is about the "usage and diagnostic data" that Mac OS X sends to Apple - which does contain information about what applications you have installed, and has since whenever they added that feature.
Exactly what data does Apple get? Well, according to Apple themselves, they collect "[u]sage information (for example, data about how you use Apple and third-party software, hardware, and services)." What does that mean? Who knows.
The bottom line is that if you don't want some company to know what third-party software you're using on "their" computer, you don't want to go Apple.
Re: (Score:3, Insightful)
Re:Does Windows 8 have an opt-out feature? (Score:5, Informative)
Congratulations on focusing on half the post. The other half is about the "usage and diagnostic data" that Mac OS X sends to Apple - which does contain information about what applications you have installed, and has since whenever they added that feature.
Exactly what data does Apple get? Well, according to Apple themselves, they collect "[u]sage information (for example, data about how you use Apple and third-party software, hardware, and services)." What does that mean? Who knows.
The bottom line is that if you don't want some company to know what third-party software you're using on "their" computer, you don't want to go Apple.
And congratulations to you for ignoring the summary. Windows 8 has this on BY DEFAULT and you have to turn it off. Mac OS asks you if you want usage data sent before it ever does it.
Re: (Score:3, Insightful)
You mean the OS that, by default, blocks you from running content that isn't blessed by Apple?
Curious - how have they modified GCC to make this possible?
Or are you going to man up and say the same nonsense about Linux? Because, after all, you can't run anything RedHat hasn't blessed on RHEL. You can't run anything Canonical hasn't blessed, on Ubuntu. In precisely the manner that you can't run anything on OS X that isn't 'blessed' by Apple.
Except, of course, you can, for all three. Very easily.
Re:Does Windows 8 have an opt-out feature? (Score:4, Interesting)
You mean the OS that, by default, blocks you from running content that isn't blessed by Apple?
Curious - how have they modified GCC to make this possible?
Or are you going to man up and say the same nonsense about Linux? Because, after all, you can't run anything RedHat hasn't blessed on RHEL. You can't run anything Canonical hasn't blessed, on Ubuntu. In precisely the manner that you can't run anything on OS X that isn't 'blessed' by Apple.
Except, of course, you can, for all three. Very easily.
Not that I'm defending the initial post, but your post contains many misconceptions which I'll clear up in case they're widespread:
1. Apple no longer uses GCC. Although it's possible for third parties to still compile things with it, they have to change all the default settings in XCode and are basically on their own. Apple is entirely Clang/LLVM now which uses no GCC code (and is BSD-licensed open source).
2. They are referring to code signing, which has nothing to do with the compiler. By default when a MacOS browser downloads an application it adds a flag that tells the MacOS Finder to warn the user about having downloaded it from the internet. Moreso, in Mountain Lion if the app with this flag is not digitally signed by a certificate which Apple issues to its developers, it will refuse to run it by default. You can change the default, you can use Command-O to run it, you can download it from an alternate browser, or you can clear the flag manually to bypass it, but for the typical user this helps with the "D00dz I gotz warez I'm sure they're not harmful let's run it!!11!" problem of trojans on the internet.
3. During this certificate process, MacOS may phone home to verify the OS-level certificate and check for blacklists, but it does not report back what app is being tested.
4. I don't believe RHEL or Ubuntu turn on code signature checking by default, or even have it as part of their core offering.
Re:Does Windows 8 have an opt-out feature? (Score:4, Insightful)
You mean the OS that, by default, blocks you from running content that isn't blessed by Apple? Yes, you can download apps from sources that aren't the App Store - but they still have to be signed, otherwise, it either will refuse to run or lie to you and say that the app is "damaged" and you should "drag it to the trash."
This is complete bullshit. At no point does this ever, ever happen.
And if you try and disable this "feature" then it yells at you, warning you of dire consequences if you try and allow non-Apple-blessed apps to run.
This, too, is so far from true, and said with such force as to considered a lie. Let's take a look, shall we?
GateKeeper fully enabled [imgur.com], Disabling GateKeeper [imgur.com], GateKeeper disabled [imgur.com]
Wow, that wasn't so hard, now was it? And the "yelling"? The "dire consequences"? Let's quote: "Choosing 'Anywhere' makes your Mac less secure." That's it. The entire message. But... in your world this is yelling about dire consequences.
Unless the joke was that Mac OS X is a downgrade from Windows 8, which is true, but it sounds like you're saying Mountain Lion is a way to opt out of being spied on by a giant corporation, and it isn't.
Really? So if you don't buy anything from the App Store, and turn off GateKeeper, what information about downloaded files is communicated to Apple?
Are you an astroturfer or something? I find it hard to believe anyone can be this dense unless they're getting paid to do so.
Re:Does Windows 8 have an opt-out feature? (Score:4, Insightful)
Try holding down ctrl as you run it the first time, then select to run it. It won't ask you again.
Also, it actually asks you if you will allow data to be sent to Apple. While I don't agree with it, at least it asks and you have a choice. Then again, even Debian has data returning home, by choice.
Thanks for playing.
Re: (Score:3)
You mean the OS that, by default, blocks you from running content that isn't blessed by Apple? Yes, you can download apps from sources that aren't the App Store - but they still have to be signed, otherwise, it either will refuse to run or lie to you and say that the app is "damaged" and you should "drag it to the trash."
Try not to make shit up, it makes your argument look like the rant of a crazy fanboy to anyone who knows better regardless of whether other parts are valid.
First, it's not anything about content blessed by Apple. Any registered Apple developer gets a key with which they can sign all their apps as they desire. Apple approval only matters for their App Store. Gatekeeper can restrict a computer to App Store apps only, but that is not the default setting and must be chosen by the user.
Admittedly the develope
Re:Does Windows 8 have an opt-out feature? (Score:5, Informative)
The 'warnings' and 'lies' you describe have yet to be seen by me..
Here, let me Google that for you [google.com]. Amusingly Google autocompleted that for me from "app is d," so it's not exactly an uncommon error. Generally speaking, the app is not damaged when you get that error - it just isn't Apple-blessed. If you try and run it through the command line, it'll run just fine.
Which kind of disproves the idea that Gatekeeper is about security, if all it takes to bypass it is fork() and exec().
Re: (Score:3)
If you try and run it through the command line, it'll run just fine.
Which kind of disproves the idea that Gatekeeper is about security, if all it takes to bypass it is fork() and exec().
It's even easier than that. Select the app and press Command-O. Or clear the flag manually. Or download it with something that doesn't flag it as dirty in the first place. Or turn off the entire check in the OS Preferences. Anyone who wants to can bypass it easily.
The purpose of this thing is for the 99% of people who don't know or care to not unwittingly spread common trojans. It doesn't increase point security, but it vastly reduces the spread of malware through typical usage.
Re: (Score:3)
>>> It's called "downgrade rights"
Please tell me more. I have a Windows 7 PC but suppose it dies five years from now, and I need a replacement. I goto staples, but a Win8 PC, and then what? How do I downgrade it to Windows 7? It isn't on stores shelves anymore (and frankly I don't want to pay for Windows twice... once for 8 and again for 7).
Please educate me and everybody else.
thx
Re:Does Windows 8 have an opt-out feature? (Score:5, Funny)
Linux will be ready for the desktop in 5 years time.
Re:Does Windows 8 have an opt-out feature? (Score:4, Informative)
I hope so, but it's ready today and has been so for at least two or three years.
Re:Does Windows 8 have an opt-out feature? (Score:4, Insightful)
I know this is meant as a joke, but the reality is that Linux truly is ready for the desktop right this second.
1. Xorg.conf nightmares ended years ago.
2. A fresh Windows install means a lot of your hardware doesn't work and you have to hunt for drivers from third party websites. This is particularly fun if it is your wireless network card that isn't working. For the most part, hardware "just works" in Linux these days.
3. Out of the box on a Linux install, you likely have most of the apps you already need. If you don't, then installing and managing your software is a breeze.
4. Even as people praise Windows 7, it did retain a lot of usability regressions from Vista. It is somewhat a matter of opinion, but I'd contend that KDE is the most usable desktop out there currently. If you disagree, you can run Unity, Gnome 3, or whatever you want in Linux. You're not bound to one UI you don't like (such as the new Metro UI in Windows 8).
5. Linux can pass the Grandma test. People often suggest you have to re-learn a new OS. I'd contend that it is easier to give Grandma a KDE desktop than a Windows 8 PC. I converted my 60 year old mother to openSUSE and KDE. She was reticent at first, but came to really like it.
6. Linux is secure. You don't have to worry about viruses, spyware, etc. You spend your time using your computer as opposed to fixing your computer.
7. Have a Windows app you can't leave behind? There is a decent chance it runs in Wine. And since we have shifted more to web-based apps, desktop apps are less important today than they were 10 years ago.
No OS or desktop is perfect, but if you did an objective comparison today of what is the easiest and best OS to run on your desktop/laptop for most people today, I truly believe Linux would come out on top.
Re: (Score:3)
A fresh Windows install means a lot of your hardware doesn't work and you have to hunt for drivers from third party websites. This is particularly fun if it is your wireless network card that isn't working. For the most part, hardware "just works" in Linux these days.
You seem to be comparing XP to Linux here. For Win7, chances are very good that your hardware will just work out of the box. If it doesn't, it'll use Windows Update to automatically find and download drivers, so the only thing that needs to be working out of the box is networking - and I've yet to see a Win7 install where that wasn't the case.
Re: (Score:3)
I know this is meant as a joke, but the reality is that Linux truly is ready for the desktop right this second.
...
6. Linux is secure. You don't have to worry about viruses, spyware, etc. You spend your time using your computer as opposed to fixing your computer.
Better hope Linux isn't too desktop-ready then, so that it doesn't get a big enough market share to get the same big "pwn me" target on its back that OS X is getting....
(And if you're going to argue that it's inherently secure, and will never get viruses, spyware, etc., better make sure you didn't miss something. Remember, in this context, "Linux" really means "a desktop Linux distribution", and includes not only the kernel but a ton of libraries and applications. Do you trust the desktop environments tha
Linux Desktop is not ready: (Score:3)
A) There is no standard IDE and the SDK is nonexistent -- App developers generally don't feel welcome or like they can easily 'get their legs'.
B) 'Developer' support sites are overwhelmingly oriented to system coders, and these sites pretend that all coders are the same.
C) The GUI environment fluctuates greatly from distro to distro, and within each distro, and every 18-24 months.
C1) The chaotic state of GUIs prevents the user experience from 'gelling', making the systems feel disjointed and even unidentifi
Re:Does Windows 8 have an opt-out feature? (Score:4, Insightful)
Oh, please. I've been using Linux "on the desktop" for years, and I can tell you I wouldn't go back to Windows if it were just as free (as in beer). The subject of this article is only one more in a long series of reasons why.
These "not ready for the desktop" commentaries pop up on queue with almost every mention of Linux. They remind me of the manufactured doubt that the fossil fuel industry spews to convince the ignorant and gullible that they should cling forever to their traditional energy sources. And why not, there are billions of dollars at stake there, too.
Linux didn't come with your computer and it's not advertised on the tee vee, so I have no doubt that you'd cling to what you're running even if it punched you in the face and pissed on your shirt every time you boot up. Which is pretty much what it's coming to...
um... yeah... (Score:3)
>>> It's called "downgrade rights"
Please tell me more. I have a Windows 7 PC but suppose it dies five years from now, and I need a replacement. I goto staples, but a Win8 PC, and then what? How do I downgrade it to Windows 7? It isn't on stores shelves anymore (and frankly I don't want to pay for Windows twice... once for 8 and again for 7).
Please educate me and everybody else.
thx
You should have a license key for Win7 and install media; use that to reinstall it in 5 years.
At worst, you may have to burn a copy of the install DVD if you don't already have one. I had to do this with my Inspiron laptop, it has a key, but Dell didn't ship media but they include a method to burn it from a "recovery" partition.
Re: (Score:3)
At the rate of releases Windows 9 should be out then. It should fix the annoying things about Windows 8, while improving on the useful features. Just like Windows 7 was to Vista.
Re:Does Windows 8 have an opt-out feature? (Score:4, Insightful)
Does Windows 8 have an opt-out feature?
Yes [ubuntu.com], they [linuxmint.com] do [fedoraproject.org].
Re:Does Windows 8 have an opt-out feature? (Score:5, Insightful)
Does Windows 8 have an opt-out feature?
Yes [ubuntu.com], they [linuxmint.com] do [fedoraproject.org].
But even if you use those opt outs on your new computer you still pay the Microsoft tax.
Re:Does Windows 8 have an opt-out feature? (Score:5, Informative)
I don't see why you don't just get a system built by newegg, or ncix, or whoever. Choose some quality components (or have them choose some for you), and don't buy and OS. It's not like it's hard.
Re:Does Windows 8 have an opt-out feature? (Score:5, Informative)
Re:Does Windows 8 have an opt-out feature? (Score:4, Interesting)
Re: (Score:3)
Does Windows 8 have an opt-out feature?
Yes [ubuntu.com], they [linuxmint.com] do [fedoraproject.org].
But even if you use those opt outs on your new computer you still pay the Microsoft tax.
Not necessarily. I got a euro100 rebate on each of the PCs I bought a couple of years ago, as compensation for getting them without Windows. Actually, they came without any OS, just blank disks on which Ubuntu was promptly installed (later converted to Xubuntu to avoid Unity).
For laptops, it's trickier, but supposedly still possible. I'll cross that bridge also, when my 8-year-old laptop no longer runs adequately with Xubuntu.
Re: (Score:3)
Re:Does Windows 8 have an opt-out feature? (Score:5, Interesting)
Heh
My 77 year old mother has one on her laptop. Its called Ubuntu. She is still trying to say it right.
And to think I was a little nervouse when she got internet access and started sending me puppy emails. Now she just complains about having to do a sudo and type in her password way too often.
Re:Does Windows 8 have an opt-out feature? (Score:5, Interesting)
Well, AC, it all started when she wanted to use a spare USB wireless adapter ( old laptop ) I had. She needed to install the drivers via ndiswrapper but I had neglected to put it there first. I told her I would do the next time I came over. She told me to walk her through it. I'm gonna say no to my mother?
Re:Does Windows 8 have an opt-out feature? (Score:4, Funny)
I'm extremely tempted to write a program called "Fuck you Microsoft, you worthless sacks of shit", which installs itself only long enough to send Microsoft the notification that this program was installed, before formatting the hard drive.
Or maybe I should just make a program that essentially installs with that name, displays some text saying 'notification to Microsoft sent', then uninstalls itself. The user can install this as many times as they want to tell Microsoft they're worthless sacks of shit.
Re:Does Windows 8 have an opt-out feature? (Score:5, Funny)
Even better - write a small app that generates random app names/specs from a huge DB of legitimate applications, and randomly sends notification of installs and uninstalls whenever the user's machine goes idle. Bonus points if it generates random GUIDs and computer profiles.
Time for Linux, finally? (Score:4, Interesting)
Look, I'm just a regular user, albeit more technically capable than the vast majority, but not a developer, sys admin, etc., and it's starting to look more and more like it's time to consider making the move to Linux.
This private company invasiveness seems to be growing in parallel with government invasiveness, and I'm not happy about either, but at least I can choose one, for now.
Re:Time for Linux, finally? (Score:5, Interesting)
yup.. been that time for me for quite a while. Not only am I running Linux on all my machines, but have moved quite a few neighbors/friends over to Ubuntu from XP. In a few cases, the migration was sorta forced, in that machines were malware'ed up wazoo, and the owners of the systems did not have the recovery disks for a clean install. I showed them Ubuntu via LiveCD on their systems and asked them, could you live with that? Of course, my liveCD was a mashup with Gnome2 configured to look very close to XP. In all cases, the answer was "SURE!!"... Several of these users were always calling with problems when they were still on XP, but since going to Ubuntu, I get much less calls and absolutely NONE regarding malware.. One of the users is/was one of these people who clicked on EVERYTHING.. Told him numerous times, DON'T DO THAT.. but went in one ear/out the other. Because of this, he was always calling and saying "My machine is really slow..".. I'd tell him quit clicking on everything, and make a visit and clean what I could off the machine. After Ubuntu? no calls...
Not unexpected. Cant have it both ways. (Score:5, Insightful)
Don't use IE (Score:3, Informative)
It seems from the MSDN link this can be avoided by simply not using Internet Explorer, as if you needed another reason not to
Re:Don't use IE (Score:4, Informative)
It seems from the MSDN link this can be avoided by simply not using Internet Explorer, as if you needed another reason not to
This was IE only in Windows 7 with IE9, but it's built into Windows 8 now [msdn.com]
and applies to all applications marked as downloads.
So, if you download something from Firefox, then attempt to run it, data about it is sent to Microsoft.
Don't try to be apple (Score:4, Insightful)
Dear Microsoft, don't try to be apple, we already have apple and you'd just be playing catch up and alienating your current customer base to try and get a customer base that already despises you more than your current one.
Re:Don't try to be apple (Score:5, Insightful)
Would it be possible... (Score:5, Interesting)
... to build an app that fakes the install of programs? In other words, overwhelm MS with hundreds of false install notices to them. As certain programs become 'of interest' to certain parties, we add that program to the list. Eventually, the information would become useless and would be abandoned.
Or am I missing something?
Re:Would it be possible... (Score:4, Interesting)
Or am I missing something?
How about the entire point of this feature, which is basically server side malware screening.
Wait... (Score:2, Insightful)
How do you people thing virus scanners work?
Re:Wait... (Score:5, Informative)
How do you people thing virus scanners work?
Erm, by checking against a local signature database of known viruses or running local heuristic checks?
Re: (Score:3)
MSE keeps track of every process, and asks you to submit any it doesnt know.
Re: (Score:3)
Unless you use TrendMicro or any of the vendors who have a "cloud" solution.
Poor comparison (Score:5, Insightful)
Also, it's worth noting that Microsoft is hardly alone in this regard, given the rise of app stores over the past several year. (Not that it exculpates this behavior.)
Can't compare this. If I download something from the Play Store, I know Google knows I install that app. After all I have to log in using my Google account, and use their app to download from their store. Afaik they do not know what I install from third-party sources, like alternative app stores. Nor do they have any right knowing that.
Apparently MS monitors what you install from third-party sources. Without telling you, and without asking explicit permission. That's simply evil. They have no business knowing what I install from third-party sources. The fact that this data is stored in some foreign country (the US is a foreign country to me, and some 95% of the world's overall population) with notoriously poor privacy protection only helps making it a lot worse.
How is it not alone? (Score:5, Insightful)
Also, it's worth noting that Microsoft is hardly alone in this regard, given the rise of app stores over the past several year.
Come on. This is just excuse-making - sure in any given app store the store owner knows what you downloaded - by definition they had to for you to download it!
But here aren't we talking about a more general notion that ANY application installed from anywhere is known by Microsoft? When you use the Amazon app store on Android, does Google know what you have? When I use Cydia on a iPhone, Apple doesn't know what applications I install from there... on the Mac I can use the app store but if I get applications from elsewhere Apple doesn't know about those either.
Just because App Stores exist does not give Microsoft the right to track every app installed.
Slight difference between app stores (Score:5, Insightful)
Re: (Score:2)
There aren't several thousand app stores for windows 8, while there are several thousand retailers. Also, I can just pay cash and there's no record of who made the transaction at a retailer. Finally, freeware doesn't got through a retailer.
Opt-in vs opt-out (Score:4, Interesting)
"While SmartScreen is enabled by default, it's possible for users to turn it off."
And this is what's wrong with this setup. Debian has popcon, which is a survey of what you use and how often you use it, and you can participate by having a cronjob send off the file.
http://popcon.debian.org/README [debian.org]
But it's not a privacy concern because it's opt-in.
If this equivalent of popcon on 8 was opt-in, this thread wouldn't be here.
--
BMO
Re: (Score:3)
opt-in vs opt-out is really a huge difference.
Also, Debian's popcon has a different goal, to improve which packages are included in the installation CDs, etc. They're politely asking you to contribute information in exchange for a free product/service.
Re: (Score:2)
But it's not a privacy concern because it's opt-in.
No, the privacy concern TFA raises is two-fold:
1) Microsoft is centralizing the data collection and Governments could subpoena them for information about an individual.
2) A malicious individual could intercept the data as its transferred and decrypt it.
These are two very big problems for someone concerned about privacy. But that it's an opt-out feature means that it actually has a chance to protect the people who need this kind of protection most. The fact that you can turn if off on install means t
Re: (Score:2)
>1) Microsoft is centralizing the data collection and Governments could subpoena them for information about an individual.
>2) A malicious individual could intercept the data as its transferred and decrypt it.
So how is that any different than Debian's popcon? Hint: it isn't.
You're wrong. The actual problem is that it's opt-out. And most people just don't even know the option to turn it off is even there.
--
BMO
Re:Opt-in vs opt-out (Score:5, Informative)
No, it's that it's opt-out and they don't tell you what they're sending.
I take this back. I just checked the windows install process, and on the page where you choose "Use Express Settings" or "Customize" there are two options to "Learn more about express settings" and "Privacy Statement" where Microsoft details each feature, what data they collect, and how they use that data.
For Smartscreen the text reads:
What this feature does
Windows SmartScreen helps keep your PC safe by checking files and apps with Microsoft to help protect you from potentially unsafe files and apps. Windows will ask you what you want to do if the file or app is unknown or potentially unsafe before it's opened"
Information collected, processed, or transmitted
If you choose to use this feature, information about some of the apps you use and some of hte files you download from the Internet will be sent to Microsoft. This information may include a file name, file ID ("hash"), and digital certificate information along with standard PC information and the Windows SmartScreen filter version number. To help protect your privacy, the information sent to Microsoft is encrypted.
Windows SmartScreen randomly generates a number called a GUID that is sent to Microsoft with your SmartScreen usage data. The GUID lets us determine which data is sent from a particular PC over time. The GUID does not contain any personal information.
Use of Information
Microsoft uses the information described above to provide warnings to you about potentially unsafe files and apps. We also use the information to analyze performance of the feature to improve the quality of our products and services. We use the GUID to determine how widespread the feedback we receive is and how to prioritize it. For example, the GUID allows Microsoft to distinguish between one computer experiencing a problem one hundred times and one hundred customers experiencing the same problem once. Microsoft doesn't use the information to identify, contact, or target advertising to you.
Choice and control
If you choose express settings while setting up Windows, you can turn on Windows SmartScreen. If you choose to customize settings, you can control Windows SmartScreen by selecting Use Windows Smartscreen Filter to Check Files and Apps with Microsoft under Help protect your privacy and your PC. After setting up windows, you can change this setting in Action Center in the Control Panel.
Not new (Score:3)
IE has done something similar for a while now with every program you download. MS is just moving it from IE to Windows so that users of ALL browsers get the same technology. To be fair I don't know if IE sends the same data that Windows does.
Regardless you can turn this off along with the other privacy-imparing features in Windows during the first run setup.
The actual tracking... (Score:5, Informative)
There's no indication that Microsoft themselves keeps track of which individuals downloaded/installed which programs.
The issue this article seems to propose is that somebody could sniff the network traffic between yourself and Microsoft to grab the SmartScreen data and see what you'd installed when Windows contacts MS to see if the file is marked as safe/unsafe/unknown.
If they're in a position to do that, wouldn't they theoretically be in a position to have potentially snooped on the download of the software which is triggering the SmartScreen traffic? (Depending of course, on where in the network their sniffer is at.)
The only valid complaint seems to be that Microsoft is using a known-insecure version of SSL for the website all this data is sent to. If they fix that, I'm not sure what reasonable issue would be there.
I would argue that for the average user, SmartScreen is a useful feature and having it turned on by default (assuming MS is tracking individual user downloads of software for some nefarious purpose) is a good thing.
Re: (Score:2)
That should be "assuming MS is not tracking individual"... Way to use the preview there, self.
Re: (Score:2)
Someone mod parent informative please. The only thing I could add, is we should probably wait and see what this will look like when it's actually released, but yeah, all excellent point.
Re: (Score:3)
I have to agree. I don't really like this on principal, but I don't think Microsoft is doing this to intrude on your privacy. I think they are motivated by trying to improve the quality of their own products.
Face it, many of the criticisms that Microsoft and their products receive are really rooted in software (or malware) that comes from sources outside of themselves. It might be overstepping, and should not be opted in by default, but I don't think there are any diabolical intentions here.
I may be critica
Not sure if this is a big deal (Score:2)
Cell phones and the like have been doing this for years. I may be wrong but I'm fairly certain Mac OS tells Apple about anything installed through the app store at a minimum. Frankly Microsoft will aggregate this information and use it to find out what causes thinks like crashes and system instability as well as malware and the like. For those kinds of uses I don't see a problem.
Potential abuses come in terms of using it for marketing purposes and if it can be subponead or requested by law enforcement and u
Not Windows 8, Internet Explorer 9+ (Score:4, Interesting)
Um, check the date on that blog post. March 22nd, 2011.
This was a feature added, by default, to Internet Explorer 9.0. It is a part of the browser. If you are running Windows 7 and have updated to Internet Explorer 9.0 then it is already doing this. All Windows 8 does is have Internet Explorer 10 installed by default.
Olds for nerds?
Re:Not Windows 8, Internet Explorer 9+ (Score:4, Informative)
Um, check the date on that blog post. March 22nd, 2011.
This was a feature added, by default, to Internet Explorer 9.0. It is a part of the browser. If you are running Windows 7 and have updated to Internet Explorer 9.0 then it is already doing this. All Windows 8 does is have Internet Explorer 10 installed by default.
Yes, this article [msdn.com] is the one they should have linked to.
Scroll down to the part labeled "Microsoft SmartScreen for Internet Explorer and now for Windows too."
Thank you from the US. (Score:2)
It started with Win95 (Score:3)
Does anyone remember the controversy (one of many) about Windows 95 when it would do the same thing? When you went to register it, it would supposedly tell Microsoft what programs you had installed. When I got my Win95 machine in December 1995 I watched carefully to see what it did. The phoning home and telling them what you had installed was voluntary, and the only program that Win95 could accurately detect was MS Office 95. It couldn't detect any of the DOS games I had installed, nor did it seem to recognize the 3rd party email apps, etc I had installed.
Total Bullshit Article. (Score:4, Informative)
This is an IE9 feature, which would not be a huge surprise to find is still there in IE10. TFS links to an 18-month-old article talking about it in IE9. Not Windows 8. There is nothing to back up the wording used in TFS or TFA. It's a good feature I have enabled on my parent's machines for their protection, as it's one more layer against malware downloads.
The ONLY things this feature touches is executables which are downloaded from the Internet using IE. Install from a DVD? Download using Chrome/Firefox? USB drive? Copied from another disk? Compiled yourself? None of those things gets "sent to Microsoft".
Just someone (successfully) using a combination of inflammatory wording and gullible/lazy
It's not evil (Score:3)
It's a feature where where you download random programs from the internet and install them, windows checks if it's known malware.
That actually seems a useful feature, one I wish my parents had on their machine!
Re:So? (Score:5, Insightful)
I like your vision of a privacy-invasion free world.
Don't want to be videotaped? Don't go outside.
Don't want to be wiretapped? Don't use a phone.
Don't want medical records in the wild? Don't go to a doctor.
Visionary indeed.
Re: (Score:2, Informative)
The first one is a poor comparison. Outside is not a private space in the same way that your computing hardware should be.
Re: (Score:3)
Every layer is a chance to stop, slow, or at least detect an attack. Throwing out any layer of security simply on the basis that it can be bypassed is a bad idea. On that basis, we shouldn't make use of user accounts, firewalls, IDS/IPS, AV, digital signatures, SEH, DEP, ASLR, or pretty much anything else because everything can be bypassed.
Re:Wow... (Score:5, Insightful)
Re: (Score:2, Interesting)
Honestly, if my Steam library ran on Linux I'd switch today...
Re:Wow... (Score:5, Informative)
Did you check if it doesn't run with wine? You'd be surprised how much it has improved recently.
Re:Wow... (Score:5, Insightful)
What's wrong with sticking with Windows 7 for now?
It's not like Windows 7 is automatically obsolete as soon as 8 hits the market.
Re:Wow... (Score:4, Insightful)
Re: (Score:3, Informative)
The major difference it the "start screen" takes up the whole screen instead of 1/8 of the screen. You can still hit start and then start typing, etc... And you can use Tablet apps on your desktop if you like them. Some of the apps from the App Store are games, etc... SoulCraft actually lets you use the 360 gamepad, etc...
Watch: http://w [youtube.com]
Re: (Score:3)
Re:Wow... (Score:4, Insightful)
Re:Wow... (Score:5, Insightful)
Where do we find companies that have respect for user/consumer rights, because I would be happy to use their products and services.
Sticking with Windows 7 (Score:3)
Re: (Score:3)
Re:Wow... (Score:4, Insightful)
Is Windows 7 really that bad? I spent about 10 minutes customizing it and find it to be a much better experience than XP. The only thing that chews my balls is the lack of an included utility to password-protect .zip files, but aside from that, I can't think of anything I really dislike about it.
Re: (Score:3, Funny)
While I am a linux user already, a friend of mine recently said something along these lines. He then qualified it with something like:
"But then, linux probably won't have AAA games until windows 9. Now it seems to me that every other version of windows sucks (2K/XP, Vista/7), and the version after it is just fine. So I'll probably continue using windows if 9 doesn't suck. At least, until windows 10, which will suck. I'll probably switch then."
Re:Wow... (Score:5, Interesting)
You know, I've been resisting Linux all these years, but with the current direction of Windows development and greater Linux game support (Steam, etc.) I may make the switch yet...
You sound like me about 5 years ago, when Vista was supposed to be Microsoft's hot new OS. I figured the way that was going, I might as well go Linux now and get over the hassle of switching. Long story short I spent 3.5 years on Linux as my primary desktop before I gave up the fight and switched to Win7. If you want to try Linux go right ahead, but if you're just think Win8 is a dead end I suggest just buckling down with Win7 and see if Microsoft comes to their senses. There's plenty time and being 64 bit I think it's even more of a stayer than XP, that and SSD support were really the only two "must have" features of Win7 for me. I expect the coming decade to have even less such "must have" features.
Re: (Score:3)
Can you give me some insight as to why you switched from Linux to Windows 7 ? (...) So you reasons for Switching from Linux to Windows 7 might enlighten/teach me.
Well, like I said I managed to use it for 3.5 years so there was no deal breakers that I can point to, it was more the death of a thousand stings. A few off the top of my head:
1. Very often you want one or two new features in one application, but due to the nature of distros and dependencies, the lack of backports and my unwillingness to start compiling and dealing with those dependencies myself you often end up upgrading your distro - in my case every six months with another Kubuntu release. This almost ev
Re: (Score:3, Informative)
Steam is configured to report back to Valve about every app you download+install on it, and every time you launch an app, and there's NO way to opt out. (Well, you can switch it to offline mode, but that will prevent multiplayer and updates).
Re: (Score:3)
Hmmm, Steam is basically an online store. How do you expect it *not* to report to Valve? Like, you do know that Amazon and EBay know about all the stuff you buy through them, do you?
Steam (Score:3)
You know, Steam knows not only every game you install, but also every time you play it. That's an even greater intrusion into your privacy, so why aren't you as worried about it?
Re: (Score:3)
Sorry to disappoint, but Steam also takes the installed applications on your PC and returns it to the mothership.
look up published stats on steampowered if you don't believe me.
Uh, Steam _ASKS_ whether you want to allow it to upload that information when it picks you for the hardware survey.
It also crashes when it tries to find that information on Linux, so you're totally safe if you run it in Wine.
Re: (Score:3)
I assume you don't install punkbuster to play your steam games?
No.
And none of those programs are sending details of all my installed apps to Valve to put up on their web site. The original claim is still completely bogus.
Re:There is a better way... (Score:5, Interesting)
Right, use Chrome as the example of a privacy-conscious application... it's not like it sends not only every URL you type in the location bar, or knows and pre-fetches every possible combination of the URL while you're typing it, or anything. It doesn't take URL's you're typing and try to suggest search results for those words either, no sir! And it definitely, definitely doesn't let Google store and analyze all of that information against your account, should you happen to be logged in to Gmail or anything.
Re: (Score:3)
Re:There is a better way... (Score:5, Insightful)
Isn't that equivalent to the answer of 'If you don't want Windows SmartScreen to tell Microsoft about your installed apps, go into Privacy and turn it off.'?
It would seem to me that the point the parent was making is that Chrome's data reporting habits and this new one in Windows 8 are effectively the same. Both are enabled by default, and both report data back to their 'owners'. That both have an 'opt out' to turn them off really doesn't differentiate or describe either one as awesome with regards to privacy.
Re: (Score:3)