How to block Windows 8.1 smart search…

The previous blog described the inner working of Windows 8.1 smart search, its privacy, and security risks. This blog will look at the ways to block Microsoft tracking the end user’s activities.

The Windows 8.1 preview version does not have an “uninstall” option for the smart search and as such, disabling smart search based tracking requires system and firewall policy modifications.

The easiest way to block Microsoft tracking of the end user is simply not using the smart search, or “Search Charm”. Other searches in the preview version, Windows Explorer, browsers, applications, etc., are not integrated with Bing searches. They might as well be in the final, but not in the preview version.

If that’s not an option, here are some of the ways that can help prevent the smart search dishing out advertisements to the unsuspected end user.

  1. As stated in the previous blog, the “Search & Apps” options can be changed not to receive Bing search results within the smart search; in which case the web search results are not displayed, but the tracking data is transferred to Redmond
  2. Turn off “Windows Location Provider” and “Windows Search”, accessible through the “Control Panel\Add/Remove Programs and Features\Turn Windows features on or off”. This also stops the web search results to be displayed, but tracking data is still transferred to Microsoft
  3. Block access to the destination server via the firewall policy, by DNS name and/or IP address, at the Internet gateway.

Turning off Windows features requires local administrator access and rebooting the system for the changes to take effect. The actual changes are simply removing a check-mark as shown below:

Windows featuresThe colors indicate the impact of disabling the feature to the system. For desktops, the “Windows Location Provider” (simply tracking the location of the computer) can be safely removed. Removing “Windows Search” feature will have a performance impact and locating files on the local system will take longer. As such proceed with caution.

When the two Windows features are disabled, the local search still works through the smart search; however, the web search throws an error message:

Windows search feature disabled

Is it me, or the second “your search” is not necessary in this message?

 

The firewall policy can block access to Redmond’s destination server, that does stop Microsoft tracking end users’ activities. The policy is rather simple, such as “source address=any”, “protocol=any”, “destination=Redmond destination DNS/IP”. The local system search results are displayed, tracking data not transferred to Microsoft, and the Web search displaying an error message:Smart search blocked

And that’s quite alright… If I want to be bombarded with advertisements, I’ll use a browser…

Windows 8.1 smart search… Is it really smart?

The Windows 8.1 preview introduced the “Search Charm”, that includes searching the Internet via Bing:

CharmThe default search option is to search everywhere, when the search charm is selected:

Search defaultThe drop down arrow lists the options for limiting the search to the selected area:

Select search option

Any of the options can be selected that causes the search results to be displayed in the chosen area only.

As the search term(s) entered, highlights of the result are displayed:

Search result displayThe priority is given to local search over the Web search results, that are hyper-linked. Clicking on any of the results brings up the application handling the file type. In this example, the “DDR3 memory.docx” file opens in MS Word in the the desktop; the web link of “ddr3 memory” opens up a Wikipedia in IE11, also within the desktop.

Continuing the search displays the results in full screen, with local search results on the left and the web search results on the right:

ddr3 search results display

The web search results are the same as the Bing’s search results in an actual browser, with one difference. The browser lists the “bing.com/shopping” as the first link.
The order of the web links is influenced by advertisement for the smart search, the same way as it influences the browser search results. Integrated paid advertisement into the Operating System (OS) isn’t new either, arguably, Apple and Google are ahead of Microsoft from this perspective. Right or wrong, it is a business decision by Microsoft that prioritized advertisement revenue, as evidenced by the statements in the search settings:

Default Search OptionIntegrating advertisement driven search results in the OS does present a privacy risk to the end user. Making the web search integration the default option, while understandable from business perspective, should not be for the end users. Fortunately, Microsoft allows opting out from Bing searches in the OS:

Opt-out from Bing searchThe end users who opted out of Bing searches will receive local system searches only. Kudos for Microsoft for providing and interface that disables the Bing web search integration into the OS.

The question is, does the opt-out really disable Bing web search? The short answer is seemingly yes. Doing a search with the “Everywhere” option selected results in displaying local system search results only.

The long answer is that while web searches are not displayed, the “smart search” continues tracking the end user’s search activities. Anytime the user opens up the “Search Charm”, the OS will:

  1. Establish a TLS 1.2 encrypted connection to a destination server
  2. Once the search term(s) entered, it is sent to Microsoft
  3. The search result of the local system may, or may not being sent to Microsoft
  4. The web search results are not displayed

Microsoft should state that disabling Bing searches does not stop “smart search” from tracking end user activities.

The “smart search” poses a privacy risk to the end user and in addition, it could become a security risk as well. Especially when hackers “re-engineer” Microsoft’s smart search and use it for their malicious purposes. The smart search is nothing else, but a combination of APIs that can be called by malicious software to collect information about the end users.The Bing search results could also be changed on the fly to redirect the browser to a site that hosts the malicious software, prior to connecting the end user to the legitimate website.

In some ways, Microsoft had made it easier for the hackers to exploit the end users. Smart, real smart Microsoft…