Earlier
this week, Nadim Kobeissi posted
a
report that claimed the SmartScreen feature in Windows 8 allows
Microsoft to see every application that is installed by a
user and that Microsoft could be collecting that information into one
large database. Furthermore, Kobsissi said that SmartScreen uses an
"outdated and insecure" security system that could allow a hacker to
intercept that data. Microsoft has now
responded to Kobeissi's
allegations and, as you might expect, claims that his findings are
inaccurate. As far as the security issue, Kobeissi said that
the SmartScreen communications to Microsoft are using a server based on
SSLv2.0, which he said is "known to be insecure and susceptible to
interception." Microsoft told The Register that it does not in fact use
SSLv2.0 and Kobeissi's blog has now been updated to state that
Microsoft's servers have now been changed to support the SSLv3
protocol. Even with this change, Kobeissi still seems to be concerned
about Windows 8 and its SmartScreen security features. In a post on his
Twitter page, he states, "Dear
Microsoft: If you don't want someone to seriously, seriously exploit
your SmartScreen security, please contact me right now."
