Jump to content

Windows 8 - Deeper Impressions


JorgeA

Recommended Posts

This is getting ridiculous. Who first devised the tablet form factor, or the concept of a touch screen? Sure wasn't Apple. Maybe whoever did can sink their legal fangs into Apple, just as Apple is doing to most everybody else.

--JorgeA

Link to comment
Share on other sites


Anyone read these articles? Not only Windows 8 mess up your current installation, but seems it is spying the customers.

http://gizmodo.com/5937649/windows-8-tells-microsoft-about-everything-you-install-not-very-securely

http://www.withinwindows.com/2012/08/24/thoughts-on-the-windows-smartscreen-scare/

Edited by Agorima
Link to comment
Share on other sites

See post #790

up to #800 in this same thread... :whistle:

jaclaz

Edited by jaclaz
Link to comment
Share on other sites

As jaclaz pointed out, we've seen something like these articles already. I find the news disturbing, too. I'd thought that SmartScreen either used some kind of heuristic approach and/or relied on a downloaded list to check against. Never occurred to me that it might be getting back to Microsoft with what I'm downloading. And it's even more disturbing to find out that this may have been going on all along, ever since SmartScreen was introduced.

I'm not sure how effective it is at stopping malware, anyway. Every download that I've been warned about, it was Norton Security that warned me, not SmartScreen. The main value I've had for it, is as a second opinion to what Norton reports.

--JorgeA

Link to comment
Share on other sites

As jaclaz pointed out, we've seen something like these articles already.

Actually EXACTLY the SAME ones:

http://gizmodo.com/5937649/windows-8-tells-microsoft-about-everything-you-install-not-very-securely

....

Nadim Kobeissi may be young, but already the hacker and programmer has done more to fight for privacy and internet rights than most of us ever will. Now, he sheds light on the fact that Microsoft knows everything we install on our Windows 8 devices.

....

Republished with permission from Nadim Kobeissi. In addition to developing Cryptocat, hee writes regularly on Twitter and his personal blog.

Originally posted link by Tripredacus:

http://log.nadim.cc/?p=78

Nadim Kobeissi

Windows 8 Tells Microsoft About Everything You Install, Not Very Securely

Now this is some news:

http://www.theverge.com/2012/8/27/3271125/microsoft-comment-smartscreen-windows-8-privacy-concerns

the statements from the "MS spokeperson":

"We can confirm that we are not building a historical database of program and user IP

data," says a Microsoft spokesperson. "Like all online services, IP addresses are necessary to connect to our service, but we periodically delete them from our logs. As our privacy statements indicate, we take steps to protect our users’ privacy on the backend. We don’t use this data to identify, contact or target advertising to our users and we don’t share it with third parties."

Responding to claims over SSL security and the data interception risk posted by the SSLv2 protocol, Microsoft says Windows 8 does not use this protocol with the service by default. "Windows SmartScreen does not use the SSL2.0 protocol," says a spokesperson. Microsoft's clarifications make the privacy concerns seem less than a "serious privacy concern," but if you're not happy with the SmartScreen service sending app data to the company you can disable the option during setup or afterwards in the Windows 8 settings.

Here commented by yours truly:

"We can confirm that we are not building a historical database of program and user IP

data," says a Microsoft spokesperson.

Good.

But this doesn't say that a database of just IP's or of just programs is created.

BTW this could well be used to gather "statistical" data, that - without being in the least a "privacy" related concern - still provokes a few questions.

WHY cannot these data be used (internally, i.e. without giving them to third parties) to check - in a similar way to the "telemetry" results to "orient" a new program to resemble one that has "success"?

I think it is clear by now that a noticeable part of the stupidity of Windows 8 derives from results of telemetry (which is a kind of large scale poll to which only the least technical savvy people take part :ph34r: ) i.e. the perfect way to "dumb down" something if the results are not attentively checked and the inherent foolishness of "popularity" vs. "quality" approach is not mitigated *somehow*.

So, hypothetically and just for the sake of the example, if the SmartScreen data indicate that (say) a lot of people downloads and installs "foo.exe", it is hard to think that soon a "MSfoo.exe" app cannot come out, at a slightly lower price.

"Like all online services, IP addresses are necessary to connect to our service, but we periodically delete them from our logs.

Please define "periodically" (one second, one minute, one hour, one day, one week, one month, one year)?

As our privacy statements indicate, we take steps to protect our users’ privacy on the backend.

Can you DETAIL the steps?

We don’t use this data to identify, contact or target advertising to our users and we don’t share it with third parties."

Good.

Responding to claims over SSL security and the data interception risk posted by the SSLv2 protocol, Microsoft says Windows 8 does not use this protocol with the service by default. "Windows SmartScreen does not use the SSL2.0 protocol,"

Correct, CURRENTLY it doesn't use SSLv2, as the protocol was switched to SSLv3 AFTER it was initially published by Nadim Kobeissi that SSLv2 was used.

And still at the moment we know that SSLv2 has some security issues AND we don't know if SSLv3 has any.

What will happen tomorrow?

Microsoft's clarifications make the privacy concerns seem less than a "serious privacy concern," but if you're not happy with the SmartScreen service sending app data to the company you can disable the option during setup or afterwards in the Windows 8 settings.

Thank you guys for leaving us some choices.

So, if - after all - you are also good guys, why not reverse the logic?

Ship the stupid thingy with SmartScreen disabled and let the user choose if he wants to use it, this is BASIC optin vs. optout policy, and whenever - even slightly - the "privacy" sphere is connected, the optin approach is always used.

While you are at it we wouldn't mind to have the possibility of opting out from the Metro "nameless crap" interface.... :whistle:

jaclaz

Edited by jaclaz
Link to comment
Share on other sites

Has it been determined if the tracking includes all setups or just for installs of Metro apps from the Windows store?

The reporting has been all over the place (i.e., "Windows reports all programs you install back to Microsoft").

Back upthread in a discussion of the telemetry we saw evidence that they can somehow discern individual application usage of Microsoft vs 3rd party programs.

Link to comment
Share on other sites

Has it been determined if the tracking includes all setups or just for installs of Metro apps from the Windows store?

Seemingly all, what is different may be the result of the check (i.e. a warning or "nothing").

This is logical, *everything* is checked and what passes the check is considered "kosher", whilst everything that *somehow* doesn't pass the check triggers the warning.

See the article, the attempted to be installed program was TOR (which I don't think comes in a Metro "nameless crap interface" version, and it seemingly hosted on it's homepage: https://torproject.org/ and not on any "store").

jaclaz

Link to comment
Share on other sites

Has it been determined if the tracking includes all setups or just for installs of Metro apps from the Windows store?

Seemingly all, what is different may be the result of the check (i.e. a warning or "nothing").

This is logical, *everything* is checked and what passes the check is considered "kosher", whilst everything that *somehow* doesn't pass the check triggers the warning.

See the article, the attempted to be installed program was TOR (which I don't think comes in a Metro "nameless crap interface" version, and it seemingly hosted on it's homepage: https://torproject.org/ and not on any "store").

jaclaz

I like TOR. It's very useful for me to bypass some idiotic blockades added from 2005 in Italy. If someday I'll have a new computer, I'll ask a downgrade to Windows 7.

I don't want to get spied when using this program.

Edited by Agorima
Link to comment
Share on other sites

Yes, I already experienced the SmartScreen Filter's features when it warned me about installing the Skip Metro Suite on the Windows 8 RP.

OTOH, maybe (just maybe) that's one type of application that I'd want MS to know that people are installing...

Speaking of security/privacy issues -- we've touched a couple of times in this thread on the subject of "cloud computing." As we know, Win8 is the most cloud-oriented Microsoft OS yet. Here's a cautionary tale about linking and syncing and putting up too much of our stuff in cyberspace.

--JorgeA

Edited by JorgeA
Link to comment
Share on other sites

Has it been determined if the tracking includes all setups or just for installs of Metro apps from the Windows store?

Seemingly all, what is different may be the result of the check (i.e. a warning or "nothing").

This is logical, *everything* is checked and what passes the check is considered "kosher", whilst everything that *somehow* doesn't pass the check triggers the warning.

Thanks. Well that would be yet another serious misstep by Microsoft ( trying to track all installs and not just Metro ). It's really come full circle now with Windows 8 repeating every Vista mistake and then some (remember the privacy issue with Vista concerned DRM and hardware content protected path). It is frankly incredible.

Further complicating it, many other sites are still describing this as software installed from the internet ( which I cannot make sense out of, is it through a browser? ). Others say it is only about signed files. Others say it is everything you install. Others say it is just Metro. No matter what this turns out to be, both Smartscreen and the Telemetry from CEIP will need to be watched closely because between the available official information and our suspicions, it looks like 'privacy' is expendable. It doesn't help matters that there are those fanboys again swallowing everything without thinking! For another good laugh there was this thread at NeoWin announcing the SmartScreen story ...

Windows 8 tells Microsoft about everything you install ( NeoWin 2012-08-24 )

The first comment was great: "In before someone spins this as a good thing.". And right on cue it is immediately followed by a parade of fanboys proving him correct. :lol:

Anyway I wonder what they could really do about completely local setup files, using unsigned Inno or NSIS installers where the EXE is renamed to something else like NOTEPAD.EXE and only copies files and imports registry settings without ever using the UNINSTALL keys.

BTW, on one of the other sites there was a link to an old article when the DP came out showing a quick step-by-step guide to disabling SmartScreen ...

How to Turn Off or Disable the SmartScreen Filter In Windows 8 ( howtogeek 2011-11-07 )

Link to comment
Share on other sites

Windows 8 does track all the Metro-style apps you "install" since they are tied to your Live account which is used to download apps from the store. I do not know if you can get to the Store with just using a Local Account... haven't gotten that far yet.

Link to comment
Share on other sites

At first sight what is not at all clear from the articles about "disabling" SmartScreen is WHAT is actually disabled.

I.e. if the actual WHOLE SmartScreen is disabled (in the sense that it does NOTHING) or if the SmartScreen notifications/warnings ONLY are disabled, i.e. it continues sending data to MS BUT, even if the result is "non-kosher", it does not prompt the user (notifications disabled). :unsure:

In other words, once SmartScreen is disabled, is any info sent to MS or not?

Personally, if I had issues with the thingy (of course IF, at gun-point, I would be forced to use Windows 8 :ph34r: ) I would try and find the actual files/executable/services/registry entries connected to it and §@ç#ing delete them from the hard disk :whistle: .

jaclaz

Link to comment
Share on other sites

I was wondering when there would be some painful stories about this. Another possible black eye for Windows 8 from problems in their quasi-RAID implementation called Storage Spaces.

Current Storage Spaces method flawed and buggy ( social.technet.microsoft 2012-08-18 )

Windows 8 Storage Spaces: Can you trust it with your delicates? ( UK Register 2012-08-28 )

I wonder if anyone else had doubts about this. I admit I never like this idea, it is too risky and unnecessary. IMHO it's all about kitchen-sink feature padding to find ways to sell this turd. For all practical purposes It's software RAID ( and I thought we got passed that ). I'm not surprised at the reported problems because software RAID is likely to fail eventually in most circumstances because so many other intensive chores are thrown at the CPU already. But being tied to Windows compounds it because what happens if the OS itself gets malware, or deactivates, or just goes FUBAR. I'm not even surprised at the developers of it at Microsoft because they really have little concern for customer's data, they're just getting their project finished on time. But what gets me is that somewhere up the chain of command there isn't an adult to NOT greenlight such a risky idea that will inevitably create angry customers, possibly big name server users, that could possibly lead to a very large support ticket to handle. Storage Spaces, just like Metro itself are perfect candidates for add-in modules or even entirely separate products. Integrating however, means lots of people will be using it, increasing the statistical probability of fail. I know I would try to avoid needless exposure.

These days if you get a decent motherboard you can easily get hardware RAID built-in. If you don't have it built-in, adding a dedicated card is cheap and relatively simple. Either should easily handle proper RAID or JBOD and similar hybrids. Enterprise customers of course already know exactly what hardware they need to buy if they haven't got it already. So you gotta wonder just who were they thinking of marketing it to? I really hope they don't plan to court possible new Enterprise level customers with salesman nonsense like "with Windows 8 you can throw out all that 3rd party RAID hardware and save money!". If that situation occurred it would be difficult to decide who to laugh at more, Microsoft who sold it to them, or the upset client with a data catastrophe on their hands who thought they could manage their data on the cheap.

I suppose that the idea of connecting all these different hardware interfaces (SCSI, IDE, SATA, USB ...) together in a virtual RAID array was their unique selling point, but for the love of God, using such a mixture of massively different bandwidths, lag times and error checking was thought to be a great idea? For real? Well, yes they did actually ...

Virtualizing storage for scale, resiliency, and efficiency ( Official Destroying Windows Blog 2012-01-05 )

~sigh~ I must be too old school to understand.

Microsoft Windows 8 : NAME UNKNOWN ( We're still working on it )

Link to comment
Share on other sites

I wonder if anyone else had doubts about this.

With all due respect for your two sources, I cannot agree, the whole thing doesn't stand :no: .

It seems to me like they started with a nonsensical task, mixing together different sized disks and expecting that the capacity was not that of the smaller one?

Then proceed to fill up the thingy?

Comeon.....

What happens on a "normal" hardware RAID setup?

The capacity of the array is that of the smaller disk! :whistle:

Most probably since UNLIKE common hardware RAID, the Windows 8 thingy is scalable/upgradable by adding more disks, the capacity manager uses the biggest of the hard disk to set the limit of the array and most probably when the array will have been nearing the capacity of the smallest one a popup or balloon or *whatever* would come up saying something like:

The disk array is nearing it's maximum capacity, as the free space is less than x%, you should add another disk to the array.

Of course a properly working OS would have made this clear from the beginning, actually IMHO a good OS would have also slapped the user in the face - hard - for even thinking of doing that.

I see that stuff a lot like Dynamic disks (that came out with 2K), they are a seemingly nice feature, but noone uses them, let alone use them "properly" (mainly because the related documentation is either missing, wrong, sucks big or all of the three together) exception made for a few courageous adventurers that usually end their adventure loosing some data because the configuration wasn't correct or they did some other experiment with inadequate software and what not :( .

As a matter of fact IMHO these kind of features (like dynamic disks, "storage pools" and now "storage spaces" or whatever) should be reserved to the (very few) people that know where their towel is, i.e. the mistake is not as much in the technology in itself, but rather in providing it masquerading it as an "easy-one-or-two-click-away" one.

BTW not an entirely new stance of mine, this is exactly what I think about most Partition Manager tools (Partition Magic >3 and Acronis products in primis), putting seemingly easy (almost unlimited) power in the hands of "n00bs" is one of the possible recipes for disaster, I wish I had a dime for each Gb of data lost through the (incorrect) use of these tools.... :angel

OT, but not much ;), it is very likely that the good MS guys took some existing code:

http://technet.microsoft.com/en-us/library/cc161247

and decided to add something like it to a more "user level" OS.

It doesn't make much sense :no: , on one hand they clearly consider all their users as demented as to *need* SmartScreen and *need not* a desktop/start button, on the other hand they consider them like highly skilled IT specialists :w00t: ( capable of setting up a "mixed mode" increased resiliency, mirror/parity storage pool and manage it )

jaclaz

Edited by jaclaz
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...