Windows 11 – Page 5

Now that decent Arm-powered PCs exist, Qualcomm’s CEO wants to make them cheaper

copilot, microsoft, qualcomm, snapdragon x, Tech, Windows 11, windows 11 24h2 / Paul Patrick / August 1, 2024

an arm and a leg —

The first wave of Snapdragon X Plus and Elite systems are mostly $1,000 and up.

Andrew Cunningham – Aug 1, 2024 3: 48 pm UTC

Microsoft's Arm-powered Surface Laptop 7. We're still waiting for Arm chips to make their way into cheaper PCs. — Enlarge / Microsoft’s Arm-powered Surface Laptop 7. We’re still waiting for Arm chips to make their way into cheaper PCs.

Andrew Cunningham

For the first time in the decade-plus that Microsoft has been trying to make Arm-powered Windows PCs happen, we’ve finally got some pretty good ones. The latest Surface Pro and Surface Laptop (and the other Copilot+ PCs) benefit from extensive work done to Windows 11’s x86 translation layer, a wider selection of native apps, and most importantly, Snapdragon X Pro and X Elite chips from Qualcomm that are as good as or better than Intel’s or AMD’s current offerings.

The main problem with these computers is that they’re all on the expensive side. The cheapest Snapdragon X PC right now is probably this $899 developer kit mini-desktop; the cheapest laptops start around the same $1,000 price as the entry-level MacBook Air.

That’s a problem Qualcomm hopes to correct next year. Qualcomm CEO Christiano Amon said on the company’s Q3 earnings call (as recorded by The Verge) that the company was hoping to bring Arm PC prices down to $700 at some point in 2025, noting that these cheaper PCs wouldn’t compromise the performance of the Snapdragon X series’ built-in neural processing unit (NPU).

That Amon singled out the NPU is interesting because it leaves the door open to further reductions in CPU and GPU performance to make cheaper products that can hit those lower prices. The Snapdragon X Plus series keeps the exact same NPU as the X Elite, for example, but comes with fewer CPU and GPU cores that are clocked lower than the Snapdragon X Elite chips.

Qualcomm may want to keep NPU performance the same because Microsoft has a minimum NPU performance requirement of 40 trillion operations per second (TOPS) to qualify for its Copilot+ PC label and associated features in Windows 11. Other requirements include 16GB of memory and 256GB of storage, but Microsoft specifically hasn’t made specific CPU or GPU performance recommendations for the Copilot+ program beyond the basic ones necessary for running Windows 11 in the first place. Copilot+ PCs come with additional AI-powered features that take advantage of local processing power rather than sending requests to the cloud, though as of this writing, there aren’t many of these features, and one of the biggest ones (Recall) has been delayed indefinitely because of privacy and security concerns.

Lofty goals for Arm PCs

Both Arm and Qualcomm have made lofty claims about their goals in the PC market. Arm CEO Rene Haas says Arm chips could account for more than half of all Windows PC shipments in the next five years, and Amon has said that PC OEMs expect as much as 60 percent of their systems to ship with Arm chips in the next three years.

These claims seem overly optimistic; Intel and AMD aren’t going anywhere and aren’t standing still, and despite improvements to Windows-on-Arm, the PC ecosystem still has decades invested in x86 chips. But if either company is ever going to get anywhere close to those numbers, fielding decent systems at more mass-market prices will be key to achieving that kind of volume.

Hopefully, the cheaper Snapdragon systems will be available both as regular laptops and as mini desktops, like Qualcomm’s dev kit desktop. To succeed, the Arm Windows ecosystem will need to mirror what is available in both the x86 PC ecosystem and Apple’s Mac lineup to capture as many buyers as possible.

And the more Arm PCs there are out there, the more incentive developers will have to continue fixing Windows-on-Arm’s last lingering compatibility problems. Third-party drivers for things like printers, mice, audio preamps and mixers, and other accessories are the biggest issue right now since there’s no way to translate the x86 versions. The only way to support this hardware will be with more Arm-native software, and the only way to get more Arm-native software is to make it worth developers’ time to write it.

Now that decent Arm-powered PCs exist, Qualcomm’s CEO wants to make them cheaper Read More »

97% of CrowdStrike systems are back online; Microsoft suggests Windows changes

Biz & IT, BSOD, Crowdstrike, Security, Windows 10, Windows 11 / Mike M. / July 26, 2024

falcon punch —

Kernel access gives security software a lot of power, but not without problems.

Andrew Cunningham – Jul 26, 2024 5: 46 pm UTC

A bad update to CrowdStrike's Falcon security software crashed millions of Windows PCs last week. — Enlarge / A bad update to CrowdStrike’s Falcon security software crashed millions of Windows PCs last week.

CrowdStrike

CrowdStrike CEO George Kurtz said Thursday that 97 percent of all Windows systems running its Falcon sensor software were back online, a week after an update-related outage to the corporate security software delayed flights and took down emergency response systems, among many other disruptions. The update, which caused Windows PCs to throw the dreaded Blue Screen of Death and reboot, affected about 8.5 million systems by Microsoft’s count, leaving roughly 250,000 that still need to be brought back online.

Microsoft VP John Cable said in a blog post that the company has “engaged over 5,000 support engineers working 24×7” to help clean up the mess created by CrowdStrike’s update and hinted at Windows changes that could help—if they don’t run afoul of regulators, anyway.

“This incident shows clearly that Windows must prioritize change and innovation in the area of end-to-end resilience,” wrote Cable. “These improvements must go hand in hand with ongoing improvements in security and be in close cooperation with our many partners, who also care deeply about the security of the Windows ecosystem.”

Cable pointed to VBS enclaves and Azure Attestation as examples of products that could keep Windows secure without requiring kernel-level access, as most Windows-based security products (including CrowdStrike’s Falcon sensor) do now. But he stopped short of outlining what specific changes might be made to Windows, saying only that Microsoft would continue to “harden our platform, and do even more to improve the resiliency of the Windows ecosystem, working openly and collaboratively with the broad security community.”

When running in kernel mode rather than user mode, security software has full access to a system’s hardware and software, which makes it more powerful and flexible; this also means that a bad update like CrowdStrike’s can cause a lot more problems.

Recent versions of macOS have deprecated third-party kernel extensions for exactly this reason, one explanation for why Macs weren’t taken down by the CrowdStrike update. But past efforts by Microsoft to lock third-party security companies out of the Windows kernel—most recently in the Windows Vista era—have been met with pushback from European Commission regulators. That level of skepticism is warranted, given Microsoft’s past (and continuing) record of using Windows’ market position to push its own products and services. Any present-day attempt to restrict third-party vendors’ access to the Windows kernel would be likely to draw similar scrutiny.

Microsoft has also had plenty of its own security problems to deal with recently, to the point that it has promised to restructure the company to make security more of a focus.

CrowdStrike’s aftermath

CrowdStrike has made its own promises in the wake of the outage, including more thorough testing of updates and a phased-rollout system that could prevent a bad update file from causing quite as much trouble as the one last week did. The company’s initial incident report pointed to a lapse in its testing procedures as the cause of the problem.

Meanwhile, recovery continues. Some systems could be fixed simply by rebooting, though they had to do it as many as 15 times—this could give systems a chance to grab a new update file before they could crash. For the rest, IT admins were left to either restore them from backups or delete the bad update file manually. Microsoft published a bootable tool that could help automate the process of deleting that file, but it still required laying hands on every single affected Windows install, whether on a virtual machine or a physical system.

And not all of CrowdStrike’s remediation solutions have been well-received. The company sent out $10 UberEats promo codes to cover some of its partners’ “next cup of coffee or late night snack,” which occasioned some eye-rolling on social media sites (the code was also briefly unusable because Uber flagged it as fraudulent, according to a CrowdStrike representative). For context, analytics company Parametrix Insurance estimated the cost of the outage to Fortune 500 companies somewhere in the realm of $5.4 billion.

97% of CrowdStrike systems are back online; Microsoft suggests Windows changes Read More »

CrowdStrike blames testing bugs for security update that took down 8.5M Windows PCs

Biz & IT, BSOD, Crowdstrike, Tech, Windows 10, Windows 11 / Kris Guyer / July 24, 2024

oops —

Company says it’s improving testing processes to avoid a repeat.

Andrew Cunningham – Jul 24, 2024 5: 33 pm UTC

CrowdStrike's Falcon security software brought down as many as 8.5 million Windows PCs over the weekend. — Enlarge / CrowdStrike’s Falcon security software brought down as many as 8.5 million Windows PCs over the weekend.

CrowdStrike

Security firm CrowdStrike has posted a preliminary post-incident report about the botched update to its Falcon security software that caused as many as 8.5 million Windows PCs to crash over the weekend, delaying flights, disrupting emergency response systems, and generally wreaking havoc.

The detailed post explains exactly what happened: At just after midnight Eastern time, CrowdStrike deployed “a content configuration update” to allow its software to “gather telemetry on possible novel threat techniques.” CrowdStrike says that these Rapid Response Content updates are tested before being deployed, and one of the steps involves checking updates using something called the Content Validator. In this case, “a bug in the Content Validator” failed to detect “problematic content data” in the update responsible for the crashing systems.

CrowdStrike says it is making changes to its testing and deployment processes to prevent something like this from happening again. The company is specifically including “additional validation checks to the Content Validator” and adding more layers of testing to its process.

The biggest change will probably be “a staggered deployment strategy for Rapid Response Content” going forward. In a staggered deployment system, updates are initially released to a small group of PCs, and then availability is slowly expanded once it becomes clear that the update isn’t causing major problems. Microsoft uses a phased rollout for Windows security and feature updates after a couple of major hiccups during the Windows 10 era. To this end, CrowdStrike will “improve monitoring for both sensor and system performance” to help “guide a phased rollout.”

CrowdStrike says it will also give its customers more control over when Rapid Response Content updates are deployed so that updates that take down millions of systems aren’t deployed at (say) midnight when fewer people are around to notice or fix things. Customers will also be able to subscribe to release notes about these updates.

Recovery of affected systems is ongoing. Rebooting systems multiple times (as many as 15, according to Microsoft) can give them enough time to grab a new, non-broken update file before they crash, resolving the issue. Microsoft has also created tools that can boot systems via USB or a network so that the bad update file can be deleted, allowing systems to restart normally.

In addition to this preliminary incident report, CrowdStrike says it will release “the full Root Cause Analysis” once it has finished investigating the issue.

CrowdStrike blames testing bugs for security update that took down 8.5M Windows PCs Read More »

Notepad’s spellcheck and autocorrect are rolling out to everybody after 41 years

microsoft, notepad, Tech, Windows 11, windows 11 23h2, windows 11 24h2 / Rejus Almole / July 8, 2024

notrpad spelchexk —

It’s still bare-bones by most standards, but Notepad has evolved a lot recently.

Andrew Cunningham – Jul 8, 2024 4: 49 pm UTC

Testing spellcheck in the latest version of Windows Notepad.
Right-clicking and expanding the Spelling menu also presents more options.

Andrew Cunningham
Like other recent Notepad additions, spellcheck and autocorrect can be tweaked or disabled entirely in the settings.

Andrew Cunningham

In March, Microsoft started testing an update to the venerable Notepad app that added spellcheck and autocorrect to the app’s limited but slowly growing set of capabilities. The update that adds these features to Notepad is now rolling out to all Windows 11 users via the Microsoft Store, as reported by The Verge.

The spellcheck feature underlines words in red when they’re misspelled, and users can either left-click the words to see a list of suggestions or right-click words and see suggestions under a separate “spelling” menu item. Autocorrect works automatically to fix minor and obvious misspellings (typing “misspellign” instead of “misspelling,” for example), and changes can be reverted manually or by using the Undo command.

Either feature can be disabled from within Notepad’s settings. The spellchecker can also be switched on and off for a few different individual file extensions in case you want to see spelling suggestions for .txt files but not for .md or .lic files. The Verge also reports that spellchecking is turned off by default for log files or “other file types associated with coding.” Neither feature worked when I opened a batch file in Notepad to edit it, for example.

Microsoft often rolls out new app updates gradually, so you may or may not be seeing the new features yet. I can currently see the spellcheck and autocorrect features in Notepad version 11.2405.13.0 running on a fully updated Windows 11 23H2 PC, but your mileage may vary.

Notepad has received several updates over the course of the Windows 11 era, starting with dark mode support and other theme options. Eventually, it also added a tabbed interface that supported automatically reopening files when relaunching the app. These kinds of additions count as “major” for Notepad, which for years had only received relatively minor under-the-hood updates (when it was being updated at all).

The Notepad improvements come as Microsoft prepares to stop shipping WordPad with Windows 11. WordPad was previously Windows’ preinstalled basic word processor, but it has seen few (if any) significant updates since Windows 7 was released in 2009. WordPad is still available in Windows 11 22H2 and 23H2, but is no longer included in current versions of the upcoming Windows 11 24H2 update. After WordPad is gone, users looking for basic word processing will need to look to the more-capable Notepad, the free-to-use online version of Microsoft Word, or a free alternative like LibreOffice.

Notepad’s spellcheck and autocorrect are rolling out to everybody after 41 years Read More »

Microsoft removes documentation for switching to a local account in Windows 11

microsoft, Tech, Windows 10, Windows 11, windows 11 23h2, windows 11 24h2 / Kris Guyer / June 24, 2024

you’re *sureyou don’t want to use a Microsoft account?? —

But most Microsoft account sign-in workarounds for Windows 11 continue to work.

Andrew Cunningham – Jun 24, 2024 7: 43 pm UTC

A laptop PC running Windows 11 sitting next to a coffee mug. — Enlarge / A PC running Windows 11.

Microsoft

One of Windows 11’s more contentious changes is that, by default, both the Home and Pro editions of the operating system require users to sign in with a Microsoft account during setup. Signing in with an account does get you some benefits, at least if you’re a regular user of other Microsoft products like OneDrive, GamePass, or Microsoft 365 (aka Office). But if you don’t use those services, a lot of what a Microsoft account gets you in Windows 11 is repeated ads and reminders about signing up for those services. Using Windows with a traditional local account is still extremely possible, but it does require a small amount of know-how beyond just clicking the right buttons.

On the know-how front, Microsoft has taken one more minor, but nevertheless irritating, step away from allowing users to sign in with local accounts. This official Microsoft support page walks users with local accounts through the process of signing in to a Microsoft account. As recently as June 12, that page also included instructions for converting a Microsoft account into a local account. But according to Tom’s Hardware and the Internet Wayback Machine, those instructions disappeared on or around June 17 and haven’t been seen since.

Despite the documentation change, most of the workarounds for creating a local account still work in both Windows 11 23H2 (the publicly available version of Windows 11 for most PCs) and 24H2 (available now on Copilot+ PCs, later this fall for everyone else). The easiest way to do it on a PC you just took out of the box is to press Shift+F10 during the setup process to bring up a command prompt window, typing OOBEBYPASSNRO, rebooting, and then clicking the “I don’t have Internet” button when asked to connect to a Wi-Fi network.

Other workarounds include using the Rufus tool to create a USB installer that will automatically bypass the Microsoft account sign-in requirement, or (for Windows 11 Pro users) indicating that you want to join the PC to a corporate domain and then not actually joining it to a domain. Setting the PC up with a Microsoft account and then signing out afterward is also still an option.

There is one workaround that has allegedly stopped working—it used to be that trying to “sign in” with a nonexistent email account would get you a local sign-in option. But as of earlier this month, according to Windows Central editor Zac Bowden, it looks like the Windows 11 setup screen will just ask you to try another email address instead.

To be fair to Microsoft, all the big tech companies want you to sign in with an account before you can use all the features of the software, but neither Apple nor Google goes as far as to mandate account sign-in to access basic functionality. Macs, iPhones, and iPads will all let you complete the setup process without signing in, though you do have to know which buttons to click. Google will allow you to use Chromebooks in guest mode, and Android phones and tablets are still usable without signing in (though this does make it more difficult to find and install apps). Microsoft’s pushiness remains unique; there’s definitely a difference between a company that would really prefer that you sign in, and one that forces you to.

Microsoft removes documentation for switching to a local account in Windows 11 Read More »

iFixit says new Arm Surface hardware “puts repair front and center”

copilot+ PC, microsoft, Microsoft Surface, qualcomm, snapdragon x elite, Tech, Windows 11, windows 11 24h2, windows on arm / Kris Guyer / June 24, 2024

how things have changed —

Both devices make it relatively easy to get at the battery and SSD.

Andrew Cunningham – Jun 24, 2024 5: 27 pm UTC

Microsoft's 11th-edition Surface Pro, as exploded by iFixit. Despite adhesive holding in the screen and the fact that you need to remove the heatsink to get at the battery, it's still much more repairable than past Surfaces or competing tablets. — Enlarge / Microsoft’s 11th-edition Surface Pro, as exploded by iFixit. Despite adhesive holding in the screen and the fact that you need to remove the heatsink to get at the battery, it’s still much more repairable than past Surfaces or competing tablets.

For a long time, Microsoft’s Surface hardware was difficult-to-impossible to open and repair, and devices as recent as 2019’s Surface Pro 7 still managed a repairability score of just 1 out of 10 on iFixit’s scale. 2017’s original Surface Laptop needed to be physically sliced apart to access its internals, making it essentially impossible to try to fix the machine without destroying it.

But in recent years, partly due to pressure from shareholders and others, Microsoft has made an earnest effort to improve the repairability of its devices. The company has published detailed repair manuals and videos and has made changes to its hardware designs over the years to make it easier to open them without breaking them and easier to replace parts once you’re inside. Microsoft also sells some first-party parts for repairs, though not every part from every Surface is available, and Microsoft and iFixit have partnered to offer other parts as well.

Now, iFixit has torn apart the most recent Snapdragon X-powered Surface Pro and Surface Laptop devices and has mostly high praise for both devices in its preliminary teardown video. Both devices earn an 8 out of 10 on iFixit’s repairability scale, thanks to Microsoft’s first-party service manuals, the relative ease with which both devices can be opened, and clearly labeled internal components.

Beneath the Surface

To open the Surface Laptop, iFixit says you only need to undo four screws, hidden beneath the laptop’s rubber feet; at that point, the bottom of the machine is only attached by magnets, rather than breakable retention clips. Opening the bottom of the laptop provides easy access to the battery and an M.2 2232 SSD. Labels inside the device indicate which screws need to be removed to replace which parts, and what kind of screwdriver you’ll need to do the job; scannable barcodes also make it easier to find repair manuals and parts on Microsoft’s site. Most other parts are easy to remove and replace once the bottom of the laptop is off.

The Surface Pro’s best repairability feature remains its easily accessible M.2 2232 SSD, present under a pop-off cover on the back of the tablet. From there, things get more difficult—accessing the battery and other components requires removing the screen, which is still held in place with adhesive rather than screws or magnets. This adhesive needs to be removed—iFixit cut it away with a thin plastic tool, and closing the tablet back up securely would likely require new adhesive to be applied. Once inside, the parts and screws are still labeled clearly, but you do need to remove the entire heatsink before you can replace the battery.

iFixit uses slightly different criteria for evaluating the repairability of laptops and tablets since tablets are more tightly integrated devices. So despite the identical repairability scores, the Surface Pro remains slightly more difficult to open and fix than the laptop; iFixit is just comparing it to devices like the iPad Air and Pro rather than other PC laptops, and the Surface Pro still looks better than other tablets by comparison despite the use of adhesive.

The teardown video didn’t detail exactly why iFixit knocked points off of each device’s repairability score, though iFixit took note of the soldered-down non-upgradeable RAM and Wi-Fi/Bluetooth modules. Both devices also use way more screws and clips than something like the Framework Laptop, which could also be a factor.

We’ve been using the new Snapdragon-powered Surface devices for a few days now, and we’ll have more thoughts to share about the hardware and its performance in the coming days.

iFixit says new Arm Surface hardware “puts repair front and center” Read More »

Win+C, Windows’ most cursed keyboard shortcut, is getting retired again

copilot, Google, Tech, Windows 10, windows 10 22h2, Windows 11, windows 11 24h2 / Paul Patrick / June 21, 2024

What job will Win+C lose next? —

Win+C has been assigned to some of Windows’ least successful features.

Andrew Cunningham – Jun 21, 2024 6: 19 pm UTC

Enlarge / A rendering of the Copilot button.

Microsoft

Microsoft is all-in on its Copilot+ PC push right now, but the fact is that they’ll be an extremely small minority among the PC install base for the foreseeable future. The program’s stringent hardware requirements—16GB of RAM, at least 256GB of storage, and a fast neural processing unit (NPU)—disqualify all but new PCs, keeping features like Recall from running on all current Windows 11 PCs.

But the Copilot chatbot remains supported on all Windows 11 PCs (and most Windows 10 PCs), and a change Microsoft has made to recent Windows 11 Insider Preview builds is actually making the feature less useful and accessible than it is in the current publicly available versions of Windows. Copilot is being changed from a persistent sidebar into an app window that can be resized, minimized, and pinned and unpinned from the taskbar, just like any other app. But at least as of this writing, this version of Copilot can no longer adjust Windows’ settings, and it’s no longer possible to call it up with the Windows+C keyboard shortcut. Only newer keyboards with the dedicated Copilot key will have an easy built-in keyboard shortcut for summoning Copilot.

If Microsoft keeps these changes intact, they’ll hit Windows 11 PCs when the 24H2 update is released to the general public later this year; the changes are already present on Copilot+ PCs, which are running a version of Window 11 24H2 out of the box.

Changing how Copilot works is all well and good—despite how quickly Microsoft has pushed it out to every Windows PC in existence, it has been labeled a “preview” up until the 24H2 update, and some amount of change is to be expected. But discontinuing the just-introduced Win+C keyboard shortcut to launch Copilot feels pointless, especially since the Win+C shortcut isn’t being reassigned.

The Copilot assistant exists on the taskbar, so it’s not as though it’s difficult to access, but the feature is apparently important enough to merit the first major change to Windows keyboards in three decades. Surely it also justifies retaining a keyboard shortcut for the vast majority of PC keyboards without a dedicated Copilot key.

People who want to continue to use Win+C as a launch key for Copilot can do so with custom keyboard remappers like Microsoft’s own Keyboard Manager PowerToy. Simply set Win+C as a shortcut for the obscure Win+Shift+F23 shortcut that the hardware Copilot key is already mapped to and you’ll be back in business.

Win+C has a complicated history

Enlarge / Win+C always seems to get associated with transient, unsuccessful Windows features like Charms and Cortana.

Andrew Cunningham

The Win+C keyboard shortcut actually has a bit of a checkered history, having been reassigned over the years to multiple less-than-successful Windows initiatives. In Windows 8, it made its debut as a shortcut for the “Charms” menu, part of the operating system’s tablet-oriented user interface that was designed to partially replace the old Start menu. But Windows 10 retreated from this new tablet UI, and the Charms bar was discontinued.

In Windows 10, Win+C was assigned to the Cortana voice assistant instead, Microsoft’s contribution to the early-2010s voice assistant boom kicked off by Apple’s Siri and refined by competitors like Amazon’s Alexa. But Cortana, like the Charms bar, never really took off, and Microsoft switched the voice assistant off in 2023 after a few years of steadily deprioritizing it in Windows 10 (and mostly hiding it in Windows 11).

Most older versions of Windows didn’t do anything with the Win+C, but if you go all the way back to the Windows 95 era, users of Microsoft Natural Keyboards who installed Microsoft’s IntelliType software could use Win+C to open the Control Panel. This shortcut apparently never made it into Windows itself, even as the Windows key became standard equipment on PCs in the late ’90s and early 2000s.

So pour one out for Win+C, the keyboard shortcut that is always trying to do something new and not quite catching on. We can’t wait to see what it does next.

Win+C, Windows’ most cursed keyboard shortcut, is getting retired again Read More »

Windows 11 24H2 is released to the public but only on Copilot+ PCs (for now)

AI, copilot+ PC, Tech, Windows 11, windows 11 24h2 / Kris Guyer / June 18, 2024

24h2 for some —

The rest of the Windows 11 ecosystem will get the new update this fall.

Andrew Cunningham – Jun 18, 2024 6: 00 pm UTC

For the vast majority of compatible PCs, Microsoft’s Windows 11 24H2 update still isn’t officially available as anything other than a preview (a revised version of the update is available to Windows Insiders again after briefly being pulled early last week). But Microsoft and most of the other big PC companies are releasing their first wave of Copilot+ PCs with Snapdragon X-series chips in them today, and those PCs are all shipping with the 24H2 update already installed.

For now, this means a bifurcated Windows 11 install base: one (the vast majority) that’s still mostly on version 23H2 and one (a tiny, Arm-powered minority) that’s running 24H2.

Although Microsoft hasn’t been specific about its release plans for Windows 11 24H2 to the wider user base, most PCs should still start getting the update later this fall. The Copilot+ parts won’t run on those current PCs, but they’ll still get new features and benefit from Microsoft’s work on the operating system’s underpinnings.

The wider 24H2 update rollout will also likely enable the Copilot+ PC features on Intel and AMD PCs that meet the hardware requirements. That hardware will supposedly be available starting in July—at least, if AMD can hit its planned ship date for Ryzen AI chips—but neither Intel nor AMD seems to know exactly when the Copilot+ features will be enabled in software. Right now, the x86 version of Windows doesn’t even have hidden Copilot+ features that can be enabled with the right settings; they only seem to be included at all in the Arm version of the update.

Unfortunately for Microsoft, the Copilot+ PC program (and, to a lesser extent, the 24H2 update) has become mostly synonymous with the Recall screen recording feature. Microsoft revealed this feature to the public without first sending it through its normal Windows Insider testing program. As soon as security researchers and testers were able to dig into it, they immediately found security holes and privacy risks that could expose a user’s entire Recall database plus detailed screenshots of all their activity to anyone with access to the PC.

Microsoft initially announced that it would release a preview of Recall as scheduled on June 18 with additional security and privacy measures in place. Microsoft would also make the feature off-by-default instead of on-by-default. Shortly after that, the company delayed Recall altogether and committed to testing it publicly in Windows Insider builds like any other Windows feature. Microsoft says that Recall will return, at least to Copilot+ PCs, at some point “in the coming weeks.”

Aside from the Copilot+ generative AI features, which require extra RAM and storage and a PC with a sufficiently fast neural processing unit (NPU), the main Windows 11 system requirements aren’t changing for the 24H2 update. However, there are older unsupported PCs that could run previous Windows 11 versions that will no longer be able to boot 24H2 since it requires a slightly newer CPU to boot.

Windows 11 24H2 is released to the public but only on Copilot+ PCs (for now) Read More »

Microsoft delays Recall again, won’t debut it with new Copilot+ PCs after all

AI, copilot, copilot+ PC, microsoft, microsoft recall, recall, Tech, Windows 11, windows 11 24h2, windows recall / Rejus Almole / June 15, 2024

another setback —

Recall will go through Windows Insider pipeline like any other Windows feature.

Andrew Cunningham – Jun 14, 2024 2: 40 am UTC

Recall is part of Microsoft's Copilot+ PC program. — Enlarge / Recall is part of Microsoft’s Copilot+ PC program.

Microsoft

Microsoft will be delaying its controversial Recall feature again, according to an updated blog post by Windows and Devices VP Pavan Davuluri. And when the feature does return “in the coming weeks,” Davuluri writes, it will be as a preview available to PCs in the Windows Insider Program, the same public testing and validation pipeline that all other Windows features usually go through before being released to the general populace.

Recall is a new Windows 11 AI feature that will be available on PCs that meet the company’s requirements for its “Copilot+ PC” program. Copilot+ PCs need at least 16GB of RAM, 256GB of storage, and a neural processing unit (NPU) capable of at least 40 trillion operations per second (TOPS). The first (and for a few months, only) PCs that will meet this requirement are all using Qualcomm’s Snapdragon X Plus and X Elite Arm chips, with compatible Intel and AMD processors following later this year. Copilot+ PCs ship with other generative AI features, too, but Recall’s widely publicized security problems have sucked most of the oxygen out of the room so far.

The Windows Insider preview of Recall will still require a PC that meets the Copilot+ requirements, though third-party scripts may be able to turn on Recall for PCs without the necessary hardware. We’ll know more when Recall makes its reappearance.

Why Recall was recalled

Recall works by periodically capturing screenshots of your PC and saving them to disk, and scanning those screenshots with OCR to make a big searchable text database that can help you find anything you had previously viewed on your PC.

The main problem, as we confirmed with our own testing, was that all of this was saved to disk with no additional encryption or other protection and was easily viewable and copyable by pretty much any user (or attacker) with access to the PC. Recall was also going to be enabled by default on Copilot+ PCs despite being a “preview,” meaning that users who didn’t touch the default settings were going to have all of this data recorded by default.

This was the version of Recall that was initially meant to ship out to reviewers this week on the first wave of Copilot+ PCs from Microsoft and other PC companies. After security researcher Kevin Beaumont publicized these security holes in that version of Recall, the company promised to add additional encryption and authentication protections and to disable Recall by default. These tweaks would have gone out as an update to the first shipments of Copilot+ PCs on June 18 (reviewers also wouldn’t get systems before June 18, a sign of how much Microsoft was rushing behind the scenes to implement these changes). Now Recall is being pushed back again.

A report from Windows Central claims that Recall was developed “in secret” and that it wasn’t even distributed widely within Microsoft before it was announced, which could explain why these security issues weren’t flagged and fixed before the feature showed up in a publicly available version of Windows.

Microsoft’s Recall delay follows Microsoft President Brad Smith’s testimony to Congress during a House Committee on Homeland Security hearing about the company’s “cascade of security failures” in recent months. Among other things, Smith said that Microsoft would commit to prioritizing security issues over new AI-powered features as part of the company’s recently announced Secure Future Initiative (SFI). Microsoft has also hired additional security personnel and tied executive pay to meeting security goals.

“If you’re faced with the tradeoff between security and another priority, your answer is clear: Do security,” wrote Microsoft CEO Satya Nadella in an internal memo about the SFI announcement. “In some cases, this will mean prioritizing security above other things we do, such as releasing new features or providing ongoing support for legacy systems.”

Recall has managed to tie together all the big Windows and Microsoft stories from the last year or two: the company’s all-consuming push to quickly release generative AI features, its security failures and subsequent promises to do better, and the general degradation of the Windows 11 user interface with unwanted apps, ads, reminders, account sign-in requirements, and other cruft.

Microsoft delays Recall again, won’t debut it with new Copilot+ PCs after all Read More »

Microsoft is reworking Recall after researchers point out its security problems

microsoft, Tech, Windows 11 / Paul Patrick / June 7, 2024

recalling recall? —

Windows Hello authentication, additional encryption being added to protect data.

Andrew Cunningham – Jun 7, 2024 4: 59 pm UTC

Microsoft’s upcoming Recall feature in Windows 11 has generated a wave of controversy this week following early testing that revealed huge security holes. The initial version of Recall saves screenshots and a large plaintext database tracking everything that users do on their PCs, and in the current version of the feature, it’s trivially easy to steal and view that database and all of those screenshots for any user on a given PC, even if you don’t have administrator access. Recall also does little to nothing to redact sensitive information from its screenshots or that database.

Microsoft has announced that it’s making some substantial changes to Recall ahead of its release on the first wave of Copilot+ PCs later this month.

“Even before making Recall available to customers, we have heard a clear signal that we can make it easier for people to choose to enable Recall on their Copilot+ PC and improve privacy and security safeguards,” wrote Microsoft Windows and Devices Corporate Vice President Pavan Davuluri in a blog post. “With that in mind we are announcing updates that will go into effect before Recall (preview) ships to customers on June 18.”

First and most significantly, the company says that Recall will be opt-in by default, so users will need to decide to turn it on. It may seem like a small change, but many users never touch the defaults on their PCs, and for Recall to be grabbing all of that data by default definitely puts more users at risk of having their data stolen unawares.

The company also says it’s adding additional protections to Recall to make the data harder to access. You’ll need to enable Windows Hello to use Recall, and you’ll need to authenticate via Windows Hello (whether it’s a face-scanning camera, fingerprint sensor, or PIN) each time you want to open the Recall app to view your data.

Both the screenshots and the SQLite database used for Recall searches are being encrypted and will require Windows Hello authentication to be decrypted. Microsoft described Recall data as “encrypted” before, but there was no specific encryption used for any of the screenshots or the database beyond the Bitlocker full-disk encryption that is turned on by default for most PCs when they sign into a Microsoft account.

That last change should address the biggest problem with Recall: that any user signed in to a PC (or any malware that was able to gain access to the filesystem) could easily view and copy another user’s Recall screenshots and database on the same PC. The text database’s size is measured in kilobytes rather than megabytes or gigabytes, so it wouldn’t take much time to swipe if someone managed to access your system.

Microsoft also reiterated some of its assurances about the privacy and security of Recall writ large, saying that all data is processed locally, that it’s never sent to Microsoft, that you’ll know when Recall has been enabled thanks to taskbar and system tray icons, and that you can disable the feature or exclude specific apps or sites from being snapshotted at your discretion.

All of the new additions to Recall are still being actively developed—current testing builds of Windows 11 still use the unsecured version of Recall, and our review units of the new Surface hardware are being delayed by a week or so, presumably so Microsoft can update them.

Microsoft reiterated that Recall is being released as a preview, a label the company also applies to the Copilot chatbot to deflect criticism of some of its early and ongoing missteps. We’ll need to use the updated version of Recall to see whether the new protections work like they’re supposed to, but it’s at least mildly encouraging to see Microsoft take a beat to rework Recall’s security and default settings before releasing it to the public, even though these are protections should have been present in the first place.

Recall is normally only available on Copilot+ PCs, a new branding banner from Microsoft that applies to PCs with sufficiently fast neural processing units (NPUs), at least 16GB of RAM, and at least 256GB of storage. Existing Windows 11 PCs won’t get Recall, though it can currently be enabled forcibly by the third-party AmperageKit script on Arm PCs that are running version 26100.712 of Windows 11 24H2. It’s possible that tools will exist to enable it on other unsupported PCs later on.

The first wave of Copilot+ PCs will use Qualcomm’s Snapdragon X Elite and X Plus processors exclusively. Intel and AMD systems that meet the Copilot+ requirements won’t be available until later this year, and Microsoft hasn’t said when the Copilot+ features will actually be available for these non-Arm PCs.

Microsoft is reworking Recall after researchers point out its security problems Read More »

Microsoft to test “new features and more” for aging, stubbornly popular Windows 10

microsoft, Tech, Windows 10, windows 10 22h2, Windows 11, windows insider / Mike M. / June 5, 2024

but the clock is still ticking —

Support ends next year, but Windows 10 remains the most-used version of the OS.

Andrew Cunningham – Jun 5, 2024 12: 50 pm UTC

In October 2025, Microsoft will stop supporting Windows 10 for most PC users, which means no more technical support and (crucially) no more security updates unless you decide to pay for them. To encourage adoption, the vast majority of new Windows development is happening in Windows 11, which will get one of its biggest updates since release sometime this fall.

But Windows 10 is casting a long shadow. It remains the most-used version of Windows by all publicly available metrics, including Statcounter (where Windows 11’s growth has been largely stagnant all year) and the Steam Hardware Survey. And last November, Microsoft decided to release a fairly major batch of Windows 10 updates that introduced the Copilot chatbot and other changes to the aging operating system.

That may not be the end of the road. Microsoft has announced that it is reopening a Windows Insider Beta Channel for PCs still running Windows 10, which will be used to test “new features and more improvements to Windows 10 as needed.” Users can opt into the Windows 10 Beta Channel regardless of whether their PC meets the requirements for Windows 11; if your PC is compatible, signing up for the less-stable Dev or Canary channels will still upgrade your PC to Windows 11.

Any new Windows 10 features that are released will be added to Windows 10 22H2, the operating system’s last major yearly update. Per usual for Windows Insider builds, Microsoft may choose not to release all new features that it tests, and new features will be released for the public version of Windows 10 “when they’re ready.”

One thing this new beta program doesn’t change is the end-of-support date for Windows 10, which Microsoft says is still October 14, 2025. Microsoft says that joining the beta program doesn’t extend support. The only way to continue getting Windows 10 security updates past 2025 is to pay for the Extended Security Updates (ESU) program; Microsoft plans to offer these updates to individual users but still hasn’t announced pricing for individuals. Businesses will pay as much as $61 per PC for the first year of updates, while schools will pay as little as $1 per PC.

Beta program or no, we still wouldn’t expect Windows 10 to change dramatically between now and its end-of-support date. We’d guess that most changes will relate to the Copilot assistant, given how aggressively Microsoft has moved to add generative AI to all of its products. For example, the Windows 11 version of Copilot is shedding its “preview” tag and becoming an app that runs in a regular window rather than a persistent sidebar, changes Microsoft could also choose to implement in Windows 10.

Microsoft to test “new features and more” for aging, stubbornly popular Windows 10 Read More »

Windows Recall demands an extraordinary level of trust that Microsoft hasn’t earned

AI, copilot, copilot+ PC, Features, microsoft, NPU, Tech, Windows, Windows 11, windows 11 24h2 / Mike M. / June 4, 2024

Enlarge / The Recall feature as it currently exists in Windows 11 24H2 preview builds.

Andrew Cunningham

Microsoft’s Windows 11 Copilot+ PCs come with quite a few new AI and machine learning-driven features, but the tentpole is Recall. Described by Microsoft as a comprehensive record of everything you do on your PC, the feature is pitched as a way to help users remember where they’ve been and to provide Windows extra contextual information that can help it better understand requests from and meet the needs of individual users.

This, as many users in infosec communities on social media immediately pointed out, sounds like a potential security nightmare. That’s doubly true because Microsoft says that by default, Recall’s screenshots take no pains to redact sensitive information, from usernames and passwords to health care information to NSFW site visits. By default, on a PC with 256GB of storage, Recall can store a couple dozen gigabytes of data across three months of PC usage, a huge amount of personal data.

The line between “potential security nightmare” and “actual security nightmare” is at least partly about the implementation, and Microsoft has been saying things that are at least superficially reassuring. Copilot+ PCs are required to have a fast neural processing unit (NPU) so that processing can be performed locally rather than sending data to the cloud; local snapshots are protected at rest by Windows’ disk encryption technologies, which are generally on by default if you’ve signed into a Microsoft account; neither Microsoft nor other users on the PC are supposed to be able to access any particular user’s Recall snapshots; and users can choose to exclude apps or (in most browsers) individual websites to exclude from Recall’s snapshots.

This all sounds good in theory, but some users are beginning to use Recall now that the Windows 11 24H2 update is available in preview form, and the actual implementation has serious problems.

“Fundamentally breaks the promise of security in Windows”

Enlarge / This is Recall, as seen on a PC running a preview build of Windows 11 24H2. It takes and saves periodic screenshots, which can then be searched for and viewed in various ways.

Andrew Cunningham

Security researcher Kevin Beaumont, first in a thread on Mastodon and later in a more detailed blog post, has written about some of the potential implementation issues after enabling Recall on an unsupported system (which is currently the only way to try Recall since Copilot+ PCs that officially support the feature won’t ship until later this month). We’ve also given this early version of Recall a try on a Windows Dev Kit 2023, which we’ve used for all our recent Windows-on-Arm testing, and we’ve independently verified Beaumont’s claims about how easy it is to find and view raw Recall data once you have access to a user’s PC.

To test Recall yourself, developer and Windows enthusiast Albacore has published a tool called AmperageKit that will enable it on Arm-based Windows PCs running Windows 11 24H2 build 26100.712 (the build currently available in the Windows Insider Release Preview channel). Other Windows 11 24H2 versions are missing the underlying code necessary to enable Recall.

Windows uses OCR on all the text in all the screenshots it takes. That text is also saved to an SQLite database to facilitate faster searches.

Andrew Cunningham
Searching for “iCloud,” for example, brings up every single screenshot with the word “iCloud” in it, including the app itself and its entry in the Microsoft Store. If I had visited websites that mentioned it, they would show up here, too.

Andrew Cunningham

The short version is this: In its current form, Recall takes screenshots and uses OCR to grab the information on your screen; it then writes the contents of windows plus records of different user interactions in a locally stored SQLite database to track your activity. Data is stored on a per-app basis, presumably to make it easier for Microsoft’s app-exclusion feature to work. Beaumont says “several days” of data amounted to a database around 90KB in size. In our usage, screenshots taken by Recall on a PC with a 2560×1440 screen come in at 500KB or 600KB apiece (Recall saves screenshots at your PC’s native resolution, minus the taskbar area).

Recall works locally thanks to Azure AI code that runs on your device, and it works without Internet connectivity and without a Microsoft account. Data is encrypted at rest, sort of, at least insofar as your entire drive is generally encrypted when your PC is either signed into a Microsoft account or has Bitlocker turned on. But in its current form, Beaumont says Recall has “gaps you can drive a plane through” that make it trivially easy to grab and scan through a user’s Recall database if you either (1) have local access to the machine and can log into any account (not just the account of the user whose database you’re trying to see), or (2) are using a PC infected with some kind of info-stealer virus that can quickly transfer the SQLite database to another system.

Windows Recall demands an extraordinary level of trust that Microsoft hasn’t earned Read More »