Microsoft says it is making its new Recover feature in Windows 11, which captures everything you do on your PC, an optional feature and addresses several security concerns. The software giant first introduced the Recall feature as part of its upcoming Copilot Plus PCs last month, but privacy advocates and security experts have since warned that Recall could be a “disaster” for cybersecurity. without changes.
Fortunately, Microsoft heard the complaints and is making a number of changes ahead of the launch of Copilot Plus PCs on June 18. Microsoft had originally planned to enable Recall by default, but the company now says it will offer the ability to disable the controversial ai-powered feature during the setup process for the new Copilot Plus PCs. “If you don't choose to activate it proactively, it will be disabled by default.” says Windows boss Pavan Davuluri.
Microsoft will also require Windows Hello to enable recovery, so you'll need to authenticate with your face, fingerprint, or using a PIN. “In addition, proof of presence is also required to view your timeline and search Recall,” says Davuluri, so someone won't be able to start searching your timeline without authenticating first.
This authentication will also apply to data protection around the snapshots that Recall creates. “We are adding additional layers of data protection, including 'just-in-time' decryption protected by Windows Hello Enhanced Sign-On Security (ESS), so that recovery snapshots are only decrypted and accessible when the user is authenticated,” explains Davuluri. “In addition, we encrypt the search index database.”
Recall uses local ai models to capture almost everything you see or do on your computer and then gives you the ability to search and retrieve anything in seconds. A browsable timeline lets you scroll through these snapshots with ease to remember what you did on a particular day on your PC. Everything in Recall is designed to stay local and private on the device, so no data is used to train Microsoft's ai models.
Microsoft's changes to the way the database is stored and accessed come after cybersecurity expert Kevin Beaumont discovered that Microsoft's ai-powered feature currently stores data in a database in plain text. Format. That could have made it easier for malware authors to create tools that extract the database and its contents. In recent days, several tools have appeared that promise to extract data from Recall.
Full recovery extracts the Recall database so you can easily see what text is stored and the screenshots that the Microsoft feature has generated. NetExec It looks like you'll soon be getting your own Recall module that can access Recall folders and dump them so you can view screenshots easily. All of these tools are possible because there is no full encryption or protection on the Recall database.
Microsoft developed the Recall feature under its new Secure Future Initiative (SFI) that the company has implemented to review the security of its software after major attacks on the Azure cloud. Microsoft has had a rough few years of cybersecurity incidents and the SFI is supposed to focus on security above all else.
Microsoft CEO Satya Nadella even recently asked employees to make security Microsoft's “top priority,” even if that means prioritizing it over new features. “If faced with the dilemma between security and another priority, his response is clear: make security” Nadella said (emphasis his) in an internal memo obtained by The edge. “In some cases, this will mean prioritizing security above other things we do, such as releasing new features or providing ongoing support for legacy systems.”
