There also are tools in Windows to allow users to further protect their privacy and customize how they use Recall, including filtering out specific apps or websites view in supported browsers, controlling how long Recall contents is kept and how much disk space snapshots are given, deleting content in time ranges, and pausing the saving of snapshots. Weston also noted that Recall is only able to run on Windows Copilot+ systems, which require such security capabilities as BitLocker for Windows 11 Pro and Device Encryption for Windows 11 Home TPM 2.0, virtualization-based security, hypervisor-enforced code integrity, and Kernel DMA Protection to ward off peripheral attacks. Microsoft is ready to make another run with its AI-based Recall feature, which was temporarily shelved just days before it was set to ship following an outcry from users and industry observers over security and privacy concerns. “Using VBS Enclaves with Windows Hello Enhanced Sign-in Security allows data to be briefly decrypted while you use the Recall feature to search. “During the set-up experience for Copilot+ PCs, users are given a clear option whether to opt-in to saving snapshots using Recall,” Weston wrote. In addition, snapshots and any information associated with them stored in the vector database are now always encrypted, with the encryption keys protected with the Trusted Platform Module (TPM), a hardware-based security feature. The TPM is tied to the user’s Windows Hello Enhanced Sign-In Security identity and can only be used within a Virtualization-Based Enclave (VBS Enclave), a secure environment that creates an isolated environment in an application for sensitive data. Recall is designed to track and store users’ activities on their Windows PCs by taking screenshots ever five seconds and storing them on the system, putting them in a database that is searchable via AI. “Recall is designed to help you instantly and securely find what you’ve seen on your PC,” David Weston, vice president of enterprise and operating system security at Microsoft, wrote in a blog post. Even more, those users who really don’t like Recall can remove the feature entirely through optional feature settings in Windows, a capability that made some users happy. The services that run on screenshots and the associated data or run decryption operations all stay inside the VBS Enclave and only information that is requested by the user when actively using Recall and leave it. In addition, the filtering of sensitive information like passwords, national ID numbers, and credit card numbers is on by default, reducing the possibility that they’re stored in Recall. The feature will now begin appearing in upcoming Windows Copilot+ PCs after the tech giant revamped the security capabilities. Users who try to take steps like querying the database, viewing snapshots, or making changes to settings need to be authenticate via biometric credentials like fingerprints or facial recognition before the actions are allowed. Security experts argued otherwise, noting that anyone using the PC would have access to the data, including bad actors who remotely compromise the systems.
This Cyber News was published on securityboulevard.com. Publication date: Tue, 01 Oct 2024 00:43:05 +0000