Microsoft shows why Windows 11 needs TPM – even if some PCs are left out in the cold

Windows 11 security is something of a hot topic, as the revamped OS comes with much tighter defenses than Windows 10, but with the side-effect of creating controversy and confusion on the system requirements front (and indeed for gamers – more on that later).

However, Microsoft recently produced a video to show how Windows 11’s new protective measures – which include TPM (Trusted Platform Module), Secure Boot and VBS (Virtualization-Based Security) – help to make systems safer against hackers. Furthermore, it reminds us these moves are an extension of what was already happening with Windows 10 (but crucially, not on a compulsory level).

The clip stars Microsoft’s security expert Dave Weston who explains more about why this higher level of security, which entails the aforementioned raised hardware requirements – including support for TPM 2.0, which rules out a fair number of not-all-that-old PCs – is required to defend against some potentially nasty security breaches.

Weston shows how this nastiness could play out in real world situations, first of all demonstrating a remote attack leveraging an open RDP (remote desktop protocol) port, brute forcing the password, and then infecting the machine with ransomware. This was on a PC without TPM 2.0 and Secure Boot, and naturally, wouldn’t be possible on a Windows 11 system.

The second attack used for demo purposes is an in-person one using a PCI Leech device to access system memory and bypass fingerprint recognition to login. VBS stops this kind of attack being leveraged against a Windows 11 system, and the former remote attack is prevented by UEFI, Secure Boot and Trusted Boot (in conjunction with TPM).


Analysis: Land of confusion

This is an interesting look at the nuts-and-bolts of how these security countermeasures work against real life attacks. Clearly, in some scenarios there are good reasons for mandating TPM and the other mentioned security technologies to help keep a PC safer against a possible attack, whether that’s a remote or local intrusion.

No one is going to argue against better protection, but the issue with making these pieces of security tech a compulsory part of the system requirements is the confusion around whether or not a PC has these capabilities.

In some cases, newer machines do indeed have TPM on-board, it just isn’t enabled – leading to a frustrating situation where the owner of a modern device could be told it isn’t compatible with Windows 11. And while it might just be a case of switching TPM on, which isn’t difficult for a reasonably tech-savvy person, it could be very intimidating for a novice user (involving a trip to the BIOS, a scary place for the untrained eye).

VBS or Virtualization-Based Security has run into further controversy, as well, given that while this isn’t an issue for upgraders from Windows 10, it will be enabled by default on new PCs that come with Windows 11 – and it causes slowdown with gaming frame rates. By all accounts, VBS can be a pretty serious headwind for frame rates, too; and again, this adds to the confusion around what’s going on with Windows 11 machines in general.

Having a more secure PC is great, without a doubt, but there are costs here which have a potentially negative impact on the experience of some users adopting (or trying to adopt) Windows 11.

Via Neowin

TechRadar – All the latest technology news

Read More

The unlikely CEO beating Teams and Zoom at their own game

Jim Szafranski never really wanted to become a CEO; it was something that seemed to happen to him, rather than something he deliberately made happen. But as it turns out, he has a knack for it.

Szafranski took over at visual communications company Prezi roughly eighteen months ago to preside over a change of direction, replacing founder Peter Arvai. Previously, the firm had specialized in design and presentation software, but has now turned its attention to video presentations.

Prezi had already begun to lay the foundations for this shift before the pandemic, but remote working saw demand skyrocket for a service that could help people create and deliver professional virtual presentations. The company put its foot on the gas and Prezi Video is now its flagship product.

As one of the main architects of the Prezi Video project, and as someone who had worked with the video conferencing titans (such as Microsoft and Google) in a previous life, Szafranski found himself next in line for the throne.

The right person for the job

Although he has now acclimatized to the level and breadth of responsibility that falls on the shoulders of a chief executive, Szafranski told TechRadar Pro he sometimes found himself doubting his suitability for the role.

While he had always been a student of both business and technology, and had racked up many years of experience at an executive level, he was to some extent blindsided by the opportunity when it presented itself.

“I love to learn, so I always tried to put myself in a position where I could learn from my environment and the people around me. And I kind of let the growth take care of itself,” he explained.

“But when I joined Prezi, the plan wasn’t that I would someday take over from Peter [Arvai] – that wasn’t even a discussion. The focus was on scaling the business and building out functions like sales and marketing.”

After some consideration, Szafranski agreed to take on the post, giving himself and Arvai three months to put the necessary measures in place. The best piece of advice Szafranski received during this time, he says, was simply to be himself, and not to emulate the archetypal CEO of the movies.

“Obviously, the board of directors and previous CEO thought about this carefully and chose to elect me for the role. This advice was an important reminder to approach situations in the same way I have always done; to do what felt natural.”

Mercifully, stepping into the CEO role at Prezi has not required Szafranski to tear it all up and start again, because he had inherited the foundations of a healthy business. His task is only to steer in a slightly different direction.

Virtual presentations, but different

Szafranski is often quizzed about what makes Prezi Video different from regular virtual presentation services. With words alone, this question can be a little difficult to answer, but the difference becomes immediately apparent when you see the product in action.

Prezi Video sits like a veneer on top of video conferencing services (Zoom, Teams, Meet etc.), adding a layer of gloss and interactivity that makes presentations much more attractive to the eye.

Unlike with traditional screen-sharing, which conceals the presenter’s video feed, users can bring content onto the screen alongside them in the style of a news anchor. In turn, the presenter is able to see more of the other attendees, which is supposed to help them read the room in the same way they might in-person.

Prezi Video also allows users to interact with on-screen content in real-time, which makes presentations feel slick and polished. There’s no more “next slide, please”; the presenter becomes more like a conductor.

According to Szafranksi, these attributes go a long way to solving the various issues employees have encountered since the transition to remote working, from video conferencing fatigue to a feeling of disconnect with coworkers.

“Ultimately, Prezi Video is about creating a greater level of engagement,” he told us. “People are talking a lot about Zoom fatigue at the moment, but will still log off in the evening to watch a couple of hours of Netflix. Prezi brings TV-like engagement into your business.”

Prezi

Prezi video in action. (Image credit: Prezi)

Szafranski also sees products like Prezi Video playing a fundamental role as businesses emerge from the pandemic, by creating a stronger feeling of connection between meeting attendees spread across multiple locations. 

“The office was the great productivity hack, because it forced everyone into the same space at the same time. But we’re not going back to that,” he said.

“What has permanently changed is that there will be somebody outside the room at all times, and we’re all going to have to figure out how to hold effective meetings under these conditions.”

Further down the line, Szafranksi envisions Prezi moving into areas like virtual reality, which could open up a new realm of opportunity for interactivity, as well as bringing everyone into the same arena once again.

Looking to the future

As the world climbs out from underneath the pandemic, which brought about a period of extreme and unexpected growth for Prezi, Szafranski is thinking closely about how he can carry momentum forward.

His first step, he explained, has been to surround himself with an executive team capable of putting his vision into action. For example, his new CTO is an expert in content ingestion, having cut his teeth at image library Shutterstock, and Szafranski recently brought onboard a new SVP for Product Management to explore opportunities in immersive video and 3D.

These appointments were designed to prepare the company for a shift in gear. In addition to targeting SMBs and design departments, Szafranski says the goal is now to take Prezi organization-wide at some of the largest companies on the planet.

However, an important question hangs over these ambitions: why don’t the video conferencing giants, with all their money and resources, go out and develop identical functionality? The early warning signs are there; Microsoft recently rolled out a new reporter mode for Teams that allows users to appear in front of shared content.

But Szafranksi says copying Prezi is far more difficult than it might seem. He describes the company’s intellectual property as much more like a game engine (such as Unity) than a piece of software.

“What Prezi does that’s special is serve up content in very spacial ways, which creates much more interactive and layered experiences. And these qualities are certainly not trivial to recreate.”

The alternative for the video conferencing giants, of course, would be an acquisition. Asked whether he thought Microsoft or Zoom might swoop in for Prezi, Szafranski played it cool. It would be his responsibility to field all such offers, he told us, but for now his efforts are focused wholly on taking Prezi in the right direction.

TechRadar – All the latest technology news

Read More

How do malware removal tools work?

Malware removal software is an important part of the armory of tools that can be used to defend your PC from being compromised by a malicious payload of one kind or another.

If you’re wondering how anti-malware tools differ from antivirus, we cover that in-depth elsewhere, but suffice it to say that malware removal apps offer a much more focused kind of protection against malware, and the facilities to rid your system of an infection.

But how do these applications work exactly? Read on for our full examination of how malware removal tools protect your device and what to expect if you install one of these utilities on your system.


Malwarebytes Premium is today’s best anti-malware tool
Save 25% on your security
Sometimes free software just isn’t enough. Malwarebytes Premium is reasonably priced and uses heuristic analysis to identify new strains of malware, cleans up existing infections, helps protect you from phishing scams, and helps stop you downloading further malicious software.

Save 25% | $ 39.99 $ 29.99

On-demand scanning

As with an antivirus app, when installed on your machine, a piece of anti-malware software will give you the ability to scan the system to check if any malware is present.

There’ll be a ‘Scan’ button on the main menu of the app (most likely, or a submenu perhaps), and simply clicking on that will scan your drive(s) and memory. Just the same as with an antivirus, the malware removal tool will have (regularly updated) definitions of common malware. It’ll look for matches based on the content of this library of definitions, and if anything is found on your PC, that will (obviously) be flagged as malicious.

That will happen in a post-scan report, where any suspect discoveries are highlighted, and you’ll get the option to quarantine these offenders (or indeed malware might be automatically quarantined). Quarantining, as you might expect, is the banishment of a file to a cordoned-off area of the system, where it can no longer reach or harm your device or data.

Malwarebytes Threat Scan Result

(Image credit: Malwarebytes)

As well as malware, Potentially Unwanted Programs (known as PUPs for short) may be reported in scan results, which are, as the name suggests, apps that you might not want on your system (a good anti-malware app will explain why they’re possibly undesirable). These don’t have to be quarantined, as they’re not actively doing any harm, so it’s up to you whether to take action on those. (You’re better safe than sorry in these cases, more than likely, but occasionally legitimate apps can be flagged, and you may want to ignore warnings in these cases).

This on-demand scanning is present with all anti-malware software, and one approach that some folks take is to install a freebie malware removal app just to sit on their system as a backup to a primary antivirus.

In other words, the tactic here is to rely on the antivirus in the main, but to run a manual scan with a second line of defense – the anti-malware – every now and then, just to see if it picks up on anything that the antivirus could have missed. That might only be a PUP, and not outright malware, but still, it could be something that you don’t want on your system, and would otherwise have sat there if you hadn’t plumped for a second opinion.

Real-time defenses

Malware removal software can give you more than just on-demand scanning, though, and some apps offer real-time defenses in the same vein as an antivirus. Real-time protection simply means that the anti-malware tool has a constant shield up, scrutinizing every file being introduced onto your system (and the processes currently running) for anything suspicious.

That gives you more watertight protection, and means you can run an anti-malware app as your frontline protection against malware, with no need for an antivirus (at least in theory).

Obviously it helps if you choose one of the best tools of this purpose, such as our current top-ranked pick Malwarebytes. Its premium version sports real-time protection, backed up by heuristics (monitoring for malware-like behavior, to catch threats which are brand new and not yet included in the program’s library of malware definitions).

Malwarebytes Premium Main Menu

(Image credit: Malwarebytes)

Remember that anti-malware is built to major in such behavioral detection, and finding fresh threats that an antivirus might miss. You also get web defenses (against phishing and other online scams) for safer browsing, plus anti-ransomware tech – a broader level of protection, in other words, from the paid Malwarebytes app (as you might expect).

All that said, it’s still true that the best antivirus apps may offer a more accurate malware detection engine – at the time of writing, that is indeed the case according to the independent test labs, although Malwarebytes is rated solidly enough for overall protection – so you may prefer to run one of our best antivirus picks backed up by the free version of Malwarebytes (or your preferred anti-malware choice) for on-demand duties.

How do malware removal tools work?

Whatever the case, anti-malware apps offer a laser-focused protection against malware (and the likes of PUPs), and as we’ve seen, the good ones can work on multiple levels just like antivirus – with on-demand, plus real-time protection backed with heuristic tech – running the gamut of defensive countermeasures against all the nastiness out there, including ransomware, phishing and more.

TechRadar – All the latest technology news

Read More