An ill-designed authentication feature may leave you vulnerable
Oh, Windows 8, what happened to you? I remember a time when I was genuinely excited about what you had to offer, but after learning more and more about you, I'm starting to wonder where it all went wrong. First it was revealed that Windows 8 won't be able to play DVDs (or of course Blu-ray discs) on its own. Then we found out that our beloved Start Menu — a staple of operating system since its inception — is being entirely removed. And now, to top it all off, Windows 8's new SmartScreen app verification system has a privacy hole so big you could drive a truck filled with fake IDs through it.
SmartScreen is a default application in Windows 8, and when you run the operation system for the first time, it's turned on automatically. The program scans everything you download and install, and reports it back to Microsoft in order to verify that the app has a legitimate certificate. This is a slightly worrisome revelation on its own — especially since the feature is enabled automatically and isn't exactly easy to turn off — but it gets even worse.
It turns out that the protocol Microsoft uses to communicate this information is widely known to be extremely vulnerable to interception. This means that it may not just be Microsoft that will end up scanning your list of installed software. Identity thieves could conceivably use this information to profile their victims, which can lead to myriad headaches for the unfortunate Windows 8 user.
More from Tecca:
- Windows 8 dropping the ability to play DVDs
- 7 things to consider if you're eyeing a Windows 8 upgrade
- Everything you need to know about Windows 8
- Technology & Electronics