how to stop the smartscreen filter from accessing private information on private website

i've noticed that between 5 minutes to 30 minutes after a user visiting a particular file on my private website that the file is then accessed by 208.50.101.151 to 208.50.101.158 and downloaded.

(curiously the filtering system lowers the case of file names and manages to get 404s as a result...poor scripting by the developers but that's not my point).

It would appear that 'robot' rules for the site are completely ignored AND that the smartscreen filter robot identifies itself as ""Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)"" making it difficult to block it (although obviously the IP range could be banned).

Do microsoft have any system in place to stop the filter from accessing this information?  And also is this information cached at all?

 

Thanks

 

Question Info


Last updated May 16, 2018 Views 2,074 Applies to:

* Please try a lower page number.

* Please enter only numbers.

* Please try a lower page number.

* Please enter only numbers.

curiously the filtering system lowers the case of file names

interesting bug, not the only one.

It would appear that 'robot' rules for the site are completely ignored

Of course!

And also is this information cached at all?

Seems so, yes.

Compare:
http://www.experts-exchange.com/Software/Internet_Email/Web_Browsers/Internet
_Explorer/Q_25797261.html

Note: the Smartscreen filter does not scan Intranet sites, so if you want to
stop it then take the appropriate action to make IE identify the site as
Intranet.


IEFAQ: http://iefaq.info Newsgroup: microsoft.public.de.internetexplorer
--
FAQs für IE/Edge: https://answers.microsoft.com/de-de/ie/forum/ie11-iewindows_10/wo-sind-die-faqs-hier/11609262-76d9-4143-b2a0-6d2c8ab35cfc (Dies ist eine Signatur.)

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

It would appear that 'robot' rules for the site are completely ignored

Of course!

And also is this information cached at all?

Seems so, yes.

Compare:
http://www.experts-exchange.com/Software/Internet_Email/Web_Browsers/Internet
_Explorer/Q_25797261.html

Note: the Smartscreen filter does not scan Intranet sites, so if you want to
stop it then take the appropriate action to make IE identify the site as
Intranet.

thanks for the reply.

Why 'of course' when it comes to the robot's rules - if an website has explicitly stated it does not wish for a 'spider' to access it's site or identifies some parts of the site as non-spiderable - then why should microsoft take steps to download (without permission and perhaps without the user's knowledge) information despite this.
I appreciate the purpose of the Filter - but this is different from scanning locally.

Unforuntately i'm now a member of E.E. so cannot access that page.

How would i go about making the site appear as if it's an intranet? 

 

Thanks again

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

Why 'of course' when it comes to the robot's rules

This is not a web crawler, this is a proactive safety scanner. It
completely defeats the purpose if the malware can just say "no" to it.

How would i go about making the site appear as if it's an intranet?

to others? you can't. On your PC? Add it to the security zone "Intranet".


IEFAQ: http://iefaq.info Newsgroup: microsoft.public.de.internetexplorer
--
FAQs für IE/Edge: https://answers.microsoft.com/de-de/ie/forum/ie11-iewindows_10/wo-sind-die-faqs-hier/11609262-76d9-4143-b2a0-6d2c8ab35cfc (Dies ist eine Signatur.)

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

This is not a web crawler, this is a proactive safety scanner. It
completely defeats the purpose if the malware can just say "no" to it.


but that's exactly what any malware producer can do given that the IP ranges are limited and public knowledge

even a basic 'hotlink' script will stop the scanner from achieving its aim (since it directly downloads the target file)

or i could go further (if i had the time or inclination) and develop a script that sends back a different file to the scanner via htaccess and fool it that way.

Microsoft are actually comitting a crime (according to UK law, at least) by "unauthorised access to computer material" - the person who is using the smartscreen software does not necessarily have permission to distribute or copy it, and microsoft can foresee that eventuality.

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

and it looks like the following in a htaccess file would "defeat the purpose" - so why not allow a proper, legitimate way of people safeguarding their property:

 

order allow,deny
deny from 208.50.101
deny from 64.124.203
allow from all

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

but that's exactly what any malware producer can do given that the IP
ranges are limited and public knowledge

Then they may do it, so what?

Microsoft are actually comitting a crime (according to UK law, at least)
by "unauthorised access to computer material" - the person who is using
the smartscreen software does not necessarily have permission to
distribute or copy it, and microsoft can foresee that eventuality.

Nonsense. "Unauthorized access" requires authorization. If there is no
authorization necessary it's not unauthorized access. If you want to
control access to a ressource you have to protect it on an industry
standards level. If there is no protection or only weak protection it's
your own fault. At least legislature in most Western countries sees it this
way.


IEFAQ: http://iefaq.info Newsgroup: microsoft.public.de.internetexplorer
--
FAQs für IE/Edge: https://answers.microsoft.com/de-de/ie/forum/ie11-iewindows_10/wo-sind-die-faqs-hier/11609262-76d9-4143-b2a0-6d2c8ab35cfc (Dies ist eine Signatur.)

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

Nonsense. "Unauthorized access" requires authorization. If there is no
authorization necessary it's not unauthorized access. If you want to
control access to a ressource you have to protect it on an industry
standards level. If there is no protection or only weak protection it's
your own fault. At least legislature in most Western countries sees it this
way.

No, authority to access is derived from a) entitlement to access and b) consent.  Microsoft has neither.

Authority is not derived from 'protection' - you cannot argue that my access to your property (your house, apartment, condo, whatever) is not "unauthorized" merely because you didn't lock the door - the access is still unauthorized regardless.

I think you'll find that most Western countries view property rights in that manner.  Likewise you cannot argue that you can copy (and infringe) Microsoft's copyright because they haven't taken measures to 'protect' it.  Such an argument is not only flawed but arogant.

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

Think what you think. If you do some research you will soon find out that
jurisdiction in most Western countries requires industry standard level
protection if you want to sue/prosecute because of some "computer access
crime". If you do not protect against access anyone's allowed access. Full
stop. (Property rights are something completely different.)


IEFAQ: http://iefaq.info Newsgroup: microsoft.public.de.internetexplorer
--
FAQs für IE/Edge: https://answers.microsoft.com/de-de/ie/forum/ie11-iewindows_10/wo-sind-die-faqs-hier/11609262-76d9-4143-b2a0-6d2c8ab35cfc (Dies ist eine Signatur.)

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

i'm not thinking what i think - i'm quoting UK laws at you!  A "crime" is not defined by the steps taken by the victim to attempt to avoid a crime being perpetrated in advance but by the actions and thoughts of the 'criminal' at the time. 

And copyright infringement in the course of business (Microsoft is a business is it not?) is also a criminal offence not merely a civil wrong - and so property rights are relevant.

I would be interested to know if when smartscreen users use a url such as http://user:*** Email address is removed for privacy *** whether this gets accessed or not 

Regardless you clearly cannot provide me with an answer (and i refused to be bullied into having to password protect PRIVATE files on a PRIVATE website - so perhaps stop replying and hopefully someone else can actually help.

 

 

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

I would be interested to know if when smartscreen users use a url such as
http://user:*** Email address is removed for privacy *** whether this gets accessed or not

This is not the URL sent to the server and it's not the URL sent to the
smartscreen filter. This is a protected site, thus the smartscreen crawler
will not be able to access it.
Apart from the fact that 99,9% of IE browsers will not be able to navigate
to this URL as it is not officially supported asnymore since long.


IEFAQ: http://iefaq.info Newsgroup: microsoft.public.de.internetexplorer
--
FAQs für IE/Edge: https://answers.microsoft.com/de-de/ie/forum/ie11-iewindows_10/wo-sind-die-faqs-hier/11609262-76d9-4143-b2a0-6d2c8ab35cfc (Dies ist eine Signatur.)

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

* Please try a lower page number.

* Please enter only numbers.

* Please try a lower page number.

* Please enter only numbers.