Microsoft’s new SmartScreen, which checks programs that the user has downloaded from the internet against a safe/unsafe database, appears to have some major security concerns. Judging from the initial looks at what is happening, it doesn’t look good. I’m looking forward to Microsoft’s response to this one.
This problem can however get even more serious: It may be possible to intercept SmartScreen’s communications to Microsoft and thus learn about every single application downloaded and installed by a target. Here is my analysis: