By continuing to use the site or Forum, you agree to the use of cookies, find out more by reading our GDPR policy.

Spectre and Meltdown shook many PC enthusiasts when they came to light. They were essentially the first speculative execution flaws to attract global attention, and because they affected processors from Intel and AMD to varying degrees, the internet was awash with concern for several months. Eventually, researchers discovered more and more speculative execution flaws. But now researchers at MIT's Computer Science and Artificial Intelligence Laboratory (CSAIL) believe they've found a way to prevent these attacks. The researchers call their solution Dynamically Allocated Way Guard (DAWG) and revealed it in a recent paper. This name stands in opposition to Intel's Cache Allocation Technology (CAT) and is said to prevent attackers from accessing ostensibly secure information through exploiting flaws in the speculative execution process. Best of all, DAWG is said to require very few resources that CAT isn't already using and can be enabled with operating system changes instead of requiring the in-silicon fixes many thoughts were needed to address the flaws. The side-channel attacks revealed earlier this year essentially work by compromising data from memory when the CPU is deciding where it should go. This would, in turn, allow them to gather passwords, encryption keys and other data they could then use to gain full access to a targeted system. The attacks varied in the vulnerabilities they leveraged and the way they could be addressed. Meltdown required the operating system and firmware updates. Spectre was thought to require changes to CPU architectures, but CSAIL said DAWG blocks Spectre attacks itself. Leram how DWAG work by visiting OUR FORUM.

After being convicted of abusing their Android monopoly to bolster their search business, Google agreed to comply with the European Union’s requirement that they make changes in their business practices to restore competition to the market. While still appealing their conviction, they agreed in the EU to unbundle the Google Play Store and other service apps from the Chrome browser and Google Search app, and offer the first part for a license fee.  This would allow other companies to create their own Android distribution without delivering handsets which were uncompetitive due to lacking access to the millions of apps in the Google Play Store. It seems, however, Google had no intention to actually comply with the spirit of the order, as they set the price of the Google Play Store and associated apps at an unreasonable $40, according to leaked documentation seen by The Verge. Android OEMs can reduce that price by adding back Google Search and the Chrome browser, meaning in effect Google is extorting companies to maintain the status quo. If they choose to take the Store only they also miss out on ongoing revenue share generated by Google Search on the handsets. While Google’s machinations would likely abide by the wording of the European Commission direction, it is unlikely that the EC will tolerate an arrangement which does not allow real competition to be restored. Microsoft has in the past learn to regret playing games with the EU, and I look forward to Google learning this lesson the hard way for themselves. In-depth reading can be found on OUR FORUM.

 

Earlier this year two major vulnerabilities were discovered which affected the core processes of the computer. Named as Spectre and Meltdown, these “speculative execution” vulnerabilities meant hackers could steal data by simply visiting a website. Though there were no known incidents of these vulnerabilities being exploited in the wild, the processor microcode patches could have up to a 30% impact on the performance of PCs that have been patched. Various tech companies have been working on mitigation for this, and in Microsoft’s latest move, they are working to implement  Retpoline in the next major version of Windows 10, 19H1 due early next year. For the rest of us it means that Spectre will no longer make our processors feel 5-10 years older than they are, and in general cause Spectre mitigation to only have an impact of 1-2%, or as Mehmet Iyigun from the Windows Kernel team notes, bring it down to “noise level” for most use cases, which is certainly good news. Some are however complaining that Microsoft does not appear to be planning to backport the fix, meaning Windows 10 users will need to update to the latest version of the OS to get their performance back, which is somewhat controversial, especially for business users who prefer a well-tested and stable OS. For more turn your attention to OUR FORUM.

With the arrival of the Magic Leap competition is heating up in the Mixed Reality arena, but Microsoft’s successor to the HoloLens appears to be slipping further and further into the distance. Petri.com reports that Microsoft was planning to show off the HoloLens 2 sometime this year, but due to development issues, they are now targeting late Q2 2019. Petri does not identify the cause of the delays, but we have earlier speculated that, like many of Microsoft’s other projects, the headset was waiting for Windows Core OS to become available. The report states that the HoloLens 2 will address much of the issues that held back HoloLens 1, including a larger field of view and longer battery life. We already know the next HoloLens will have an improved Holographic Processing Unit with more AI capabilities, and an improved Kinect-like depth camera. HoloLens 2 will reportedly be powered by the recently announced Qualcomm Snapdragon XR1 processor, which has been designed with the express purpose of delivering a “high quality” VR and AR experience. With the Surface Phone, Surface Hub 2x and HoloLens 2 all apparently waiting for Windows Core OS, did Microsoft put too many eggs in one basket? There's more to read on OUR FORUM.

Microsoft at its October 2nd event announced the new Surface Pro 6 and Surface Laptop 2 in black. The devices are now available for purchase in select markets starting today. Both the devices come with an 8th gen quad-core Intel processors to boost the performance of the devices. However, as was expected both the devices don’t come with the USB-C port. The Surface Pro 6 supports up to 13.5 hours of battery life and comes with an Intel Core i5 processor, 8GB of RAM and 128GB of storage. Microsoft has priced the device at $899.00. If you are looking to buy the black variant then you would need to choose the model with 256 GB SSD and has been priced at $1,199. Microsoft has made minor changes to the keyboard and thermal system of the Surface Pro 6 and Surface Laptop 2. Microsoft is selling the Black version of the Surface Pro 6 and Surface Laptop 2 along with the existing Platinum, Burgundy, and Cobalt Blue. The Surface Laptop 2 comes with the new Intel Core 8th Gen processors with i5 and i7. The devices are paired with Intel UHD Graphics 620 card. The Surface Laptop 2 comes in two variants of 8GB and 16GB of RAM and you can expand the storage up to 1TB. However the Surface Laptop 2 doesn’t come with the USB-C but Microsoft has left the connectivity options similar to the 1st generation which means that users will be getting one USB 3.0 port, a Mini DisplayPort and a Surface Connect Port. We have all the necessary links posted on OUR FORUM.

A malicious app called "Album by Google Photos" was found in the Microsoft Store today that pretends to be from Google. This app pretends to be part of Google Photos but is actually an ad clicker that repeatedly opens hidden advertisements in Windows 10. This free Album by Google Photos app claims to be created by Google LLC and has a description of "Finally, a photos app that's as smart as you.".  You can see an image of its Microsoft Store page below. As this is an ad clicker, the reviews for the app are not very good. One review calls it a "Fake App" and another is titled "Fake, do not install". The Album by Google Photos app is a PWA app (progressive web app) that acts as a front end to Google Photos, but with a bundled ad clicker. While the app is running, this ad clicker will repeatedly connect to remote hosts and display advertisements in the background in order to generate revenue for the developers. The ad clicker component consists of three files located in the app's folder called Block Craft 3D.dll, Block Craft 3D.exe, and Block Craft 3D.xr. You can see these files in the image of the folder below. When a user starts the Album by Google Photos app they will be greeted by a screen asking them to log in to Google Photos. This is a legitimate login screen from Google and though I did not see any indications that your logins are being stolen, I would still not advise logging into Google Photos with this app. After the app reads the configuration file, it will connect to the various "AdBanner" URLs and display them in the background. You can see in the Fiddler traffic below the app connecting to each of the ad URLs. Navigate to OUR FORUM to learn more.