Security researcher questions Windows 8’s security, Microsoft fixes error in 14 hours

Home » Blog » Security researcher questions Windows 8’s security, Microsoft fixes error in 14 hours

Aug 26th 2012 - by Fix My PC FREE in: Blog Quick Fix Tip | 0 Comment

Security researcher questions Windows 8’s security, Microsoft fixes error in 14 hours

It’s easy to poke fun at an operating system during its pre-release phase. At this stage of the development cycle, many reviewers and tech industry insiders have already started using Windows 8 on a regular basis, and that means the reviews and criticisms are already pouring in.

Fortunately, Microsoft has been reviewing criticisms of its operating system and, in at least one case, has instantly fixed any problems that reviewers have encountered. After a PC security expert named Nadim Kobeissi pointed out that Windows 8 stored data on the apps that users have installed or downloaded, Microsoft responded immediately.

Specifically, Windows 8 stores user app data through something called the SmartScreen. The point of the SmartScreen feature is to protect users from downloading malicious apps. However, since the SmartScreen tool has to certify each app that users download, user data ends up being stored on SmartScreen servers.

In other words, Microsoft knows which apps you’re downloading thanks to SmartScreen. That data is passed over an SSL 2.0 connection and stored on protected Microsoft servers. However, if Microsoft was to be served with a judicial subpoena or a National Security Letter, Kobeissi argues that it would have to divulge private user information.

In addition, the SSL 2.0 connection isn’t secure enough for Kobeissi’s liking. Kobeissi argues that SSL 2.0 data can be intercepted using today’s technology, which means hackers could potentially see which apps users have downloaded and installed onto their Windows 8 operating systems.

This might seem like a relatively minor criticism in an operating system that is otherwise receiving favorable reviews, but Microsoft took Kobeissi’s criticisms to heart. Within 14 hours of the article’s publication, Microsoft had upgraded its information processing connection from SSL 2.0 to SSL 3.0, making it significantly more protected.

Microsoft also clarified its stance on user data: “Like all online services, IP addresses are necessary to connect to our service, but we periodically delete them from our logs…we take steps to protect our users’ privacy on the backend. We don’t use this data to identify, contact, or target advertising to our users.”

Basically, Microsoft is only monitoring which apps users download because they have to connect to the Windows Store at some point in order to download the apps they’ve paid for. However, this data cannot be linked to any individual users and it is wiped on a regular basis.

It’s rare to find a major tech company respond to minor complaints like this in less than 24 hours, but Microsoft is clearly taking the release of Windows 8 seriously. If this story is an indication of the ‘new’ Microsoft that the company is clearly trying to project, then we like what we see so far.

No Comment

Leave a Reply

Name Required

Website