By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy

Microsoft announced today that Windows Defender is the first antivirus to gain the ability to run inside a sandbox environment. In software design, a "sandbox" is a security mechanism that works by separating a process inside a tightly controlled area of the operating system that gives that process access to limited disk and memory resources. The idea is to prevent bugs and exploit code from spreading from one process to another, or to the underlying OS. A sandbox escape is one of the most complex pieces of exploitation malware, or a hacker can perform, and running programs inside sandboxed environments are considered an optimal security measure and good software architecture. Microsoft says it started working on porting Windows Defender to a sandbox environment after "security researchers both inside and outside of Microsoft have previously identified ways that an attacker can take advantage of vulnerabilities in Windows Defender Antivirus's content parsers that could enable arbitrary code execution." The most infamous of these researchers is Google's Tavis Ormandy, who identified several of these types of vulnerabilities, including one that he labeled "crazy bad." During many of his bug reports, Ormandy had privately and publicly recommended that Microsoft move Windows Defender to a sandbox and prevent attackers from using it as a way to take over Windows PCs. Learn more by navigating to OUR FORUM.

Shadow of the Tomb Raider is, to hear people (including Kotaku’s Stephen Totilo) tell it, pretty good, despite some questionable narrative decisions. Last week, however, it committed a crime that some Steam users decided couldn’t be forgiven: a 34 percent off sale. Cue the review bombs. Shadow of the Tomb Raider came out on 14 September, a little more than a month ago. While a sale is by most measures a good thing for people who buy games, some Steam users had already bought the game at full price before the sale and are now feeling bitter about how quickly the price dropped. “Not a bad game,” reads a negative review posted today. “Not as good as the first two games, but I was an early adopter and the game dropped down by near half price so quickly. Aren’t I a total mug preordering this? Never again, Square Enix.” According to Steam, this person has played the game for nearly 60 hours, so they must have enjoyed it on some level. Though it’d be hard to argue that they didn’t get their money’s worth, their disappointment is understandable. Who wouldn’t feel down about losing out on an extra £15, after all? At the same time, though, it’s not the end of the world, especially if you’re the kind of person who can afford to buy a blockbuster video game at launch. Get caught up on OUR FORUM.

Qualcomm is working on a new powerful processor to give Windows 10 on ARM project a much-needed boost. Qualcomm is planning to unveil the powerful Snapdragon 8180 at its annual convention in Hawaii this December. Qualcomm Snapdragon 8180 or SDM1000 is the rumored name of the company’s next processor for Always Connected PCs and if the reports are believed to be true, it’s expected to use an octa-core CPU with LPDDR4X RAM support. It’s likely that Snapdragon 8180 will power the high-end devices in 2019 and it could be the first powerful SoC from Qualcomm for traditional laptops. It is an eight-core chip that is expected to feature a 15-watt TDP. According to the reports, the Snapdragon 8180 or SDM1000 will provide a clock speed of up to 3.0GHz. The four Kryo Gold cores could reach 3.0GHz and there will be four Kryo Silver cores as well with the clock of up to 1.8GHz. It seems that the cores are internally designated as Gold and Silver to differentiate between them. It will have the Qualcomm Adreno 680 GPU but nothing is known about the integrated graphics unit. The 8.5 billion transistors used in the chip will provide an impressive amount of firepower and this would dramatically improve the Windows 10 on ARM initiative. It also appears that Snapdragon 8180 will support the faster LPDDR4X RAM standard with a 2133MHz clock speed.  This is a significant upgrade from the frequency of around 1866MHz in Snapdragon 850 or 845. The power would boost the performance of the devices with Qualcomm’s Snapdragon processor. Get further details at OUR FORUM.

By now we are all aware of the fiasco which has been the release of the Windows 10 October 2018 Update, but we probably already forgot that the April 2018 update was also delayed due to late-breaking bugs which caused blue screens on some PCs. Ars Technica has taken a closer look at the development of Windows, and they believe Microsoft’s process of developing their operating system was flawed from the get-go,  all the way back to even Windows 7. They note that Microsoft has a process of actually writing code for new features of only a few weeks, and then spending the rest of the time (of several months) integrating the software and then ironing out bugs before release. This meant poor quality, the unreliable software was introduced to the Windows 10 code base, and if issues are not found, delivered to the end user. Coupled with an ineffective testing regime, in part due to Microsoft firing their SDTs in 2014 and placing more responsibility on developers to test their own code, and a Windows 10 Insider process by amateurs which was not comprehensive and which did not deliver professional bug reports, meant more than a fair share of bugs ended up being shipped. Ars Technica also confirmed that Windows developers were allowed to integrate code without any testing at all, though hopefully, this was the exception. They called for a change in Microsoft’s development process and asked that new software be well tested before integration using modern techniques such as automated testing, meaning that even Insider builds will have high quality, well-tested code with no “known issues”. More can be found on OUR FORUM.

Spectre and Meltdown shook many PC enthusiasts when they came to light. They were essentially the first speculative execution flaws to attract global attention, and because they affected processors from Intel and AMD to varying degrees, the internet was awash with concern for several months. Eventually, researchers discovered more and more speculative execution flaws. But now researchers at MIT's Computer Science and Artificial Intelligence Laboratory (CSAIL) believe they've found a way to prevent these attacks. The researchers call their solution Dynamically Allocated Way Guard (DAWG) and revealed it in a recent paper. This name stands in opposition to Intel's Cache Allocation Technology (CAT) and is said to prevent attackers from accessing ostensibly secure information through exploiting flaws in the speculative execution process. Best of all, DAWG is said to require very few resources that CAT isn't already using and can be enabled with operating system changes instead of requiring the in-silicon fixes many thoughts were needed to address the flaws. The side-channel attacks revealed earlier this year essentially work by compromising data from memory when the CPU is deciding where it should go. This would, in turn, allow them to gather passwords, encryption keys and other data they could then use to gain full access to a targeted system. The attacks varied in the vulnerabilities they leveraged and the way they could be addressed. Meltdown required the operating system and firmware updates. Spectre was thought to require changes to CPU architectures, but CSAIL said DAWG blocks Spectre attacks itself. Leram how DWAG work by visiting OUR FORUM.

After being convicted of abusing their Android monopoly to bolster their search business, Google agreed to comply with the European Union’s requirement that they make changes in their business practices to restore competition to the market. While still appealing their conviction, they agreed in the EU to unbundle the Google Play Store and other service apps from the Chrome browser and Google Search app, and offer the first part for a license fee.  This would allow other companies to create their own Android distribution without delivering handsets which were uncompetitive due to lacking access to the millions of apps in the Google Play Store. It seems, however, Google had no intention to actually comply with the spirit of the order, as they set the price of the Google Play Store and associated apps at an unreasonable $40, according to leaked documentation seen by The Verge. Android OEMs can reduce that price by adding back Google Search and the Chrome browser, meaning in effect Google is extorting companies to maintain the status quo. If they choose to take the Store only they also miss out on ongoing revenue share generated by Google Search on the handsets. While Google’s machinations would likely abide by the wording of the European Commission direction, it is unlikely that the EC will tolerate an arrangement which does not allow real competition to be restored. Microsoft has in the past learn to regret playing games with the EU, and I look forward to Google learning this lesson the hard way for themselves. In-depth reading can be found on OUR FORUM.