Hawx

It's well-established email API provider used by a lot of developers, nothing more to say really. SendGrid is a direct competitor that's on par in terms of popularity & features.

The point of the feature is to reduce the potential attack surface if a popular app is exploited, not to stop random malicious apps (that's what SAC/Defender are for). You're missing the human factor that a few thousand software developers work on the Windows codebase, and the source code is shared with universities and external researchers (occasionally). Google's Project Zero security team targets windows full-time as well. Between whistleblower risk and the sheer number of eyes on Windows, it's incredibly unlikely there's anything unknown going on.

App isolation is opt-in by the developer. It mostly benefits popular applications that have a large potential exploit surface (ie sandbox escapes within electron apps).

We shouldn't have secure hardware enclaves because it might fail at some point and cause an error? You could apply that logic to literally any hardware component in your system. TPMs already have a number of usages on consumer PCs, such as Windows Hello, as its PIN-based login is only considered secure when running on a system with a TPM.

Take a look at https://support.microsoft.com/en-us/windows/how-to-check-if-your-device-meets-windows-11-system-requirements-after-changing-device-hardware-f3bc0aeb-6884-41a1-ab57-88258df6812b if you want to re-run the check sooner.

Your board appears to have it enabled out of the box as it's marked as Windows 11 ready.

How in the world did you come to this conclusion? Stack protection is designed to protect against memory attacks involving buffer overflows & dangling pointers, it has nothing to do with driver matching. Although this feature does protect against a wide range of attacks, if all you do is gaming and you need to play BE-protected games, then disabling it should be alright from a risk perspective. Hopefully BE will be updated within a few months to support it.

Yes, this tool works fine.

They'll still work, nothing was mentioned regarding old win32 apps no longer running, app isolation will be opt-in for developers for the foreseeable future. The whole point is to separate Pluton firmware so Microsoft can update it without waiting for manufacturers to push a new BIOS, thus it has nothing to do with BIOS updates.

The app itself. I'd recommend watching the relevant section of the video for more information. I don't see a performance hit being an issue with the architecture involved. No, the application has to be updated to be bundled with a security manifest. Packaging tooling will come out later this year to support adding it. Nothing stops the developer adding more permissions; however, users will be able to see what permissions the application needs and question the developer if something is included that doesn't make sense. Yes, future AMD and Intel products will include Pluton support. This doesn't really matter. It's a security chip, so its existence will be completely transparent to the user and there'll be no settings to customize.

The only change is that when applications require admin escalation you will be asked instead of applications being given free rein by default. The goal here is to stop applications having unnecessary privileges and becoming an exploit/escalation risk, not to stop users doing what they like.

Summary A recent presentation by David Weston, Director of OS Security at Microsoft, has managed to fly under the radar, but contains loads of information about the future security state of Windows along with upcoming features to support this state. There's quite a lot of information in the video that I'll attempt to summarize here, although I'd suggest giving it a watch if you're in the Development/Infosec/IT space. Windows 11 has provided a hardware security baseline for Microsoft, with features that require hardware support (HVCI, TPM etc) to be enabled by default going forward, stating that Windows 10 strategy of off-by-default was a failure. Admin accounts are a continued security problem within the Windows ecosystem, so a future version of Windows will be adding a new "Adminless" account model with linux-like just-in-time escalation. This new model intends to provide a secure middle-ground between the frustrations of a standard user account and the security risks of an Admin account. "Adminless" accounts will run as a "less privileged" user by default and prompt users with Windows Hello when an application requires escalation for a given operation, rather than permanently running the account as a standard or admin user. Win32 Applications will be bundled under the new Win32 App Isolation model in an attempt to prevent privilege escalation if an application is compromised/exploited, meaning that: The application registry and file system will be virtualized, resulting in clean uninstalls. The application specifies what permissions it requires when packaged and said permissions will integrate within Windows (similar to UWP apps) Applications will still have full access to the system, but restricted by what permissions were declared with the manifest, ie a notepad app should not have permissions to access your webcam. The MSIX packager will automatically analyze the application behavior and work out a permissions baseline for the developer to make the move as easy as possible. A full demo of Notepad++ running with this sandbox enabled was shown to demonstrate that all existing win32 features are supported. Inspired by what third-party AVs already do, Smart App Control is going to be rolled out, working as a cloud-driven reputation system to only permit signed and/or well-known high-reputation software from running. SAC is intended to prevent zero-day exploits from spreading before Defender has received updated definitions. This will be rolled out by default depending on what software someone uses. For example, if you use IDEs or other technical tools it'll be disabled, whilst someone that only uses Chrome and Spotify will have it enabled. The system can be disabled in a single click if required. (Note: this feature is already available in some markets for fresh Windows 11 installs) TPMs within the ecosystem are not in a healthy state, with telemetry telling Microsoft that many are running vulnerable firmware due to manufactures not pushing out updates, and some being inoperable due to hardware failures or other issues. Microsoft is working on its Pluton security chip to replace/augment the existing TPM ecosystem and have the ability to push out firmware updates via Windows Update. Software/Hardware mitigations are reaching the end of the road in terms of viability. Microsoft is now focused on eliminating classes of security bugs with extensive R&D going into the use of Memory-safe languages (Rust) in areas of the system that exploits often appear in: To prove it out, the font analysis/rendering subsystem was rewritten over 6 months from 96k lines of C++ to 152k lines of Rust. This has also improved performance by 5%-15%. Parts of Win32k GDI have also been rewritten in Rust and will be shipping with an upcoming Insider build of Windows. Quotes Slide dumping a bit here as they're more useful than anything I could quote from the talk. My thoughts I believe the adminless account model will be a massive improvement for ecosystem security without annoying users like with previous attempts. Smart access control also appears fine to enable for the vast majority of users that do nothing more than browse the internet with their computers and should be able to prevent a whole class of zero-day attacks. Sources Presentation slides: https://github.com/dwizzzle/Presentations/blob/master/David Weston - Windows 11 Security by-default - Bluehat IL 2023.pdf

I noticed the HX850 has been removed from a number of Australian retailers in the last few weeks. Just poor stock levels or a refresh incoming?

FYI, There's a pretty good interview with David Weston, partner director of enterprise and OS security at Microsoft, that goes over the reasoning behind the requirements: Windows 11: Understanding the system requirements and the security benefits - TechRepublic

Please take your strawman elsewhere. I have no problem with privacy concerned people, I have a problem when that energy is misplaced into nonsense like this due to people being unable to read privacy documentation correctly. My post was specifically around windows telemetry and how it ties to Microsoft's goals as a company, you've managed to write a reply to an argument I wasn't making. Just an FYI that Microsoft's privacy statement is a global document that aggregates literally everything Microsoft does across all of its business units, from the Microsoft website, to Azure Cloud to Bing Ads. At its top level, it's designed to be a catch-all, so new Microsoft products and projects don't need to go to legal and ask for a new document to be drawn up. For example, all of Microsoft's open source projects on Github that collect debug and/or usage information are covered under the exact same privacy statement. When exact privacy information about a Microsoft product is provided, that information takes precedence over what's stated in the top level policy. For example, Windows is provided with an extensive section + documentation that covers all data collection & usage at a per-feature level, therefore it's far more relevant than the top level policy. It's for the same reason that businesses using Azure Cloud or Office 365 to hold personal & financial data don't glance at the ultra generic top-level Microsoft Privacy Statement and proceed to freak out, because the information in Microsoft's trust center is specific to their use and therefore supersedes it. Instead of going "WTF???" I would recommend clicking on "Learn More", which provides proper context of the statements provided: Advertising. Microsoft does not use what you say in email, chat, video calls, or voice mail, or your documents, photos, or other personal files to target ads to you. We use data we collect through our interactions with you, through some of our products, and on third-party web properties, for advertising in our products and on third-party properties. We may use automated processes to help make advertising more relevant to you. The "third parties" is explicitly "third-party web properties", which in this context would be, for example, you clicking on an advert on a website that integrates with Bing Ads (https://ads.microsoft.com/) and Microsoft tracking the conversion from that click + using the click for future ad personalization. The dedicated advertising section also expands on this: The ads that you see may also be selected based on other information learned about you over time using demographic data, location data, search queries, interests and favorites, usage data from our products and sites, and the information we collect about you from the sites and apps of our advertisers and partners I'm unsure how you can frame this as some kind of "gotcha". All of the major voice assistants and speech processors have a similar clause in the effort to improve speech recognition. 1) For starters, I never made that claim. My post is around Windows & Windows Telemetry specifically and the grand conspiracy that Microsoft is intentionally siphoning data from your system to show you adverts. Microsoft runs Bing Ads as well as its own adverts, so yes there's a small section of Microsoft that is responsible for traditional contextual advertising. The point I was attempting to make is that it makes up less than 10% of Microsoft's revenue and clearly isn't a company priority. 2) Covered. 3) Yes, if you use speech-recognition services or Cortana and have online speech recognition enabled, there is a chance that some random person will hear the response to validate the processing/reply. If you don't like that simply don't use those services. 4) There's a lot of different privacy dashboards that Microsoft offers across a lot of services, but it simply can't cover absolutely everything Microsoft does across hundreds of products and hundreds of thousands of potential data ingest points. They do offer the ability the contact them if you wish to control any additional data they have.

This is a real yikes of a thread. We've got an editorized /r/pcgaming repost further editorized by the OP of this thread. It's not even a "Security Hole", it's just a normal REST endpoint that the platform uses for loading users. After NightNord posted the original thread, a number of accounts were identified that definitely exist but didn't appear on that endpoint. It was theorized that the endpoint was just a cache for active accounts that have been interacted with recently (ie a redis cache for performance), but even after poking two missing accounts within Spectrum, neither showed up: It's looking pretty likely that the endpoint is either broken or simply doesn't list users that have never interacted with Spectrum in any way.

This shouldn't really surprise anyone. Microsoft wanted access to the recommendation engine, and would've made sweeping changes to the platform so it aligns with its internal security & privacy standards (which are extremely high, regardless of what you think of Microsoft). Oracle will be almost completely hands-off and just let the app sit there as some kind of weird advertisement for its archaic cloud platform. Maybe you'll see a "Installed on x billion devices" line when you first open it.

Your research clearly sucks then. Otherwise you would've quickly discovered that the triangle of "Microsoft's main revenue source", "Microsoft's product strategy", and "Microsoft's privacy policies" certainly doesn't equal some melodramatic grand conspiracy where Microsoft went out of their way to harvest your personal information. Microsoft is now a cloud services company, and Windows is nowhere near its main focus. Microsoft actually goes to great lengths to scrub, anonymise and aggregate inbound data into non-identifiable sample points, and has internal teams dedicated to maintaining the privacy of its users. Again, it's not a magical black box where there's some bad actor at Microsoft going "yes please the data from Radium_Angel yum yum" Legally you agreed when you installed the operating system. Yeah sure mate, do you mind emailing me this data point: https://docs.microsoft.com/en-us/windows/privacy/required-windows-diagnostic-data-events-and-fields-2004#microsoftwindowsinventorycoreinventorydevicepnpadd It ensures that the windows update you're about to install doesn't brick your system due to an incompatible driver. Oh yeah, just email me this for every single update. When the next feature update is available, be sure to email me the these checksums: https://docs.microsoft.com/en-us/windows/privacy/required-windows-diagnostic-data-events-and-fields-2004#microsoftwindowsappraisergeneralchecksumtotalpicturecount They make sure the update you're about to install isn't corrupted or malicious. What? You lied in the last telemetry email you sent us because you were lazy??? Now all of our data is useless! If only there were some way to make sure you weren't trying to send us garbage data: https://docs.microsoft.com/en-us/windows/privacy/required-windows-diagnostic-data-events-and-fields-2004#telclientsyntheticheartbeat_5 Whilst that firing sucked, QA/QC staff have their limits, especially with the billions of different hardware and software combinations out in the wild. You might remember there was a feature update (1809) a few years ago that resulted in data loss for a tiny percent of people. Microsoft used its migration telemetry that's designed to track data loss scenarios: https://docs.microsoft.com/en-us/windows/privacy/required-windows-diagnostic-data-events-and-fields-2004#microsoftwindowsmigrationcoremigobjectcountdlusr and combined it with the other telemetry points to figure out it was a problem with the Known Folder Redirection feature being enabled and old versions of OneDrive. It's unlikely this scenario would've been covered by manual internal testing, and diagnosing the problem would've been incredibly difficult without the ability to correlate system data.

This is honestly one of LTT's worst videos, as it really demonstrates the limits of Anthony's technical understanding of the underlying system he's trying to explain. The most egregious part is when he states that Explorer is more responsive because it usually has to "update some log in the background that's gotta go off to microsoft". Not only is this false, you basically just called Microsoft's engineers a bunch of morons who don't know how to implement a non-blocking, asynchronous background queue (hint: event logging is a non-blocking operation). As usual, there's no actual explanation of Windows 10's telemetry subsystem and instead Linus just waves his hands around about the "phoning home" boogeyman. You could, I don't know, actually inform your watchers that that just setting your telemetry settings to Basic or Required (v2004), will restrict all reporting to just the reliability & crash metrics explicitly outlined in: https://docs.microsoft.com/en-us/windows/privacy/required-windows-diagnostic-data-events-and-fields-2004 You could even tell users to take a look at the Diagnostic Data Viewer to see what's being sent so they can discover for themselves that it's a bunch of uninteresting anonymous metrics and error reports. Linus and Anthony continue the tech youtuber trend of fear mongering that Windows telemetry is some mysterious black box of unknown stuff that's trying to secretly harvest your PI, when in reality Microsoft has outlined everything they collect and why they collect it within the Windows 10 privacy documentation above. Maybe you could break the mold and actually read the Microsoft documentation for once? This is just copypasta at this point, I've definitely seen it more than once. It's written as if there's no possible reason Microsoft might want to know how your system is operating. Microsoft is made up of thousands of engineers across hundreds of different teams. Each team wants to see diagnostic metrics over the piece of the pie they happen to own. The metrics are aggregated, anonymised and most of the original data deleted after 90 days. Unlike the Linux community, the average windows 10 user does not have the technical skillset or motivation to report to microsoft that an audio driver is throwing some errors somewhere in the kernel.

Probably the biggest thing is the introduction of Henry Cavill (Superman) as a pilot. Oh, and it was announced today that SQ42 is tech-complete, with a release roadmap to be published in december. Object Container Streaming was the last piece in the technology puzzle as it's required for good performance within a large play area. Said technology was released for testing today with Alpha 3.3, massively improving general performance. In other news, with Alpha 3.3 they're releasing a public portal that'll allow you to see performance data CIG is receiving from client telemetry, showing an FPS spread based on CPU/GPU specifications.

As usual your blanket negativity results in you ignoring the number of benefits that UWP provides, and the future of Windows as a whole. UWP allows for clean installs and uninstalls. Application files are kept in a single location and not scattered around the place. A single click removes all trace of the application from the system. UWP also enforces behaviour consistency, with all UWP games running in a native borderless window that can be exited or minimized at any time. Additionally, UWP allows for simple permission management, with permissions required to be granted explicitly as required, and not just implicitly granted like with Win32. UWP is not bound to the Microsoft store. Adobe already installs UWP apps from its own installer. Performance within UWP is on par or faster than Win32. Microsoft's current major internal project is Windows Core OS/Polaris, essentially stripping legacy support from Windows and moving Win32 to be an optional, isolated component. File Explorer is also set to be replaced by a UWP version in the near future. It might not be within the next 5 years, but Win32 is set to die at some point.

I've been playing 3.0 since the first PTU release. It's a nice patch and all, but CIG was unable to get network bind culling working properly before release (a test run basically resulted in doors deciding not to be apart of the ship they were attached to and floating away), meaning client performance still goes out the window as more people join the universe server. I know a lot of improvements were made, with a 60 player 3.0 server about equalling performance to a 24 player 2.6.3 server, but I'm disappointed they decided to rush out a christmas release with a vital performance feature missing. At least from the schedule report, they're well aware of it: IMO the best part of this patch was the reworked Aurora, so new players have something nice to fly in.

It is. If anything, CIG could argue that both games share the same codebase (SQ42 levels are stripped from the SC build at release, but otherwise are identical in terms of engine/assets), and therefore are separate in name only.

It's a pretty interesting case. Crytek's complaint of course is designed to bolster their position as much as possible. CIG's response to the claims will be important but has yet to happen. Wouldn't really take months, CIG would just do the same thing they did for the Lumberyard move, as in rebase their years of changes on to CE 3.7. The only item to be cut would be the proprietary fog tech they took from lumberyard. The game isn't out so therefore it's a money laundering scheme? lmao. CIG is paying for the operations of 5 studios and over 400 personnel. They also get extensively audited by both the UK and US governments for their tax credits each year, and the co-founder is a well respected entertainment lawyer. What a ridiculous statement. Amazon did a full buyout of CryEngine at the time, to the tune of $75 million. Amazon has full rights to the engine and isn't bound by anything to do with Crytek, nor has to pay Crytek any continuous fees.

I can't reproduce this right now. It's possible that it's already been fixed.