Information Technology

Elyse Betters Picaro / ZDNETLast summer’s CrowdStrike meltdown was a nightmare for network administrators worldwide, disrupting healthcare systems, cutting off access to banking systems, and grounding aircraft. All in all, the event caused billions of dollars in direct and indirect damages, and it was entirely preventable.Also: How to get Windows 10 extended security updates for free: 2 optionsIn response, Microsoft convened a security summit, bringing together technical experts from CrowdStrike and its competitors in the endpoint security software business. That meeting led to an announcement late last year of a new set of Safe Deployment practices and some changes to the architecture of Windows desktop and server products, with the goal of preventing a similar incident from ever happening again. No more kernel drivers?Today, the company announced that some of those Windows Resiliency Initiative features are about to go live. In July, the company said, it will deliver a private preview of the new Windows endpoint security platform to a set of its partners who have signed on to the Microsoft Virus Initiative 3.0 program. The biggest change is one that the majority of security experts had recommended — moving third-party security drivers out of the Windows kernel, where a flaw could cause a catastrophic crash, and running them in user space instead. The new Windows capabilities will allow them to start building their solutions to run outside the Windows kernel. This means security products like antivirus and endpoint protection solutions can run in user mode just as apps do. This change will help security developers provide a high level of reliability and easier recovery, resulting in less impact on Windows devices in the event of unexpected issues. The announcement includes supportive quotes from some of those partners, including Bitdefender, ESET, SentinelOne, Trellix, Trend Micro, WithSecure, and — naturally — CrowdStrike. Also: Will your old laptop still get security updates after this year? Check this chartNotably, none of the companies on the list committed to moving their drivers out of the kernel and into user space, a process that will require time and testing. And there’s no guarantee that all of the participants are ready to move to the new architecture.Last year, following the security summit, ESET had been blunt about the prospect of changes to the endpoint security platform: “It remains imperative that kernel access remains an option for use by cybersecurity products,” the company wrote in an unsigned statement. This year’s remarks are more collegial but still not quite a ringing endorsement: The collaboration between ESET and Microsoft technology teams on the proposed Windows endpoint security platform changes continue to be productive with open and ongoing dialogue. Delivering a stable and resilient operating system environment is extremely important for our joint customers, and the ESET team continue to provide detailed feedback to help ensure there is no degradation in the security or performance currently enjoyed by our customers. One company that was notably missing from today’s roster of supporters was Sophos, which had been vocally critical of calls to move security software out of the Windows kernel space. At the time, Sophos Chief Research and Scientific Officer Simon Reed made clear that the company considers access to the Windows kernel to be fundamental. “Operating in ‘kernel-space’ — the most privileged layer of an operating system, with direct access to memory, hardware, resource management, and storage — is vitally important for security products,” he said, adding that kernel drivers are “fundamental” not just to Sophos products but to “robust Windows endpoint security, in general.” In a follow-up post after the security summit, Neil Watkiss, VP of engineering for Sophos’ Windows products, reiterated that “the system access provided by kernel drivers is necessary to provide the security functions expected by users of a modern cybersecurity product” and tentatively discussed the need to reduce the need for kernel drivers.  Bye-bye, Blue Screen of Death Today’s announcement also highlights some related improvements in the Windows 11 24H2 release that had been previously announced. The first is an improvement in the process of collecting “crash dump” reports after a failure that causes the system to restart; that change should cut downtime to about two seconds for most users. A new interface also simplified the classic Blue Screen of Death screen to a less jargon-filled “unexpected restart” screen with white text on a black background. Those changes will be available later this summer, the company says. More

zf L/Getty It’s generally not a good idea to keep screenshots of sensitive information on your phone, but you should probably delete them, especially if they’re related to your crypto wallet. A new Trojan spy known as SparkKitty targets information from screenshots stored in your gallery. This spy, likely connected to the infamous SparkCat data […] More

Screenshot by Lance Whitney/ZDNETOnline scammers will use all kinds of tricks to steal anything — from your money to your identity. And not all security products are able to fully defend you against their tactics. Now, Avast has beefed up its free security software with a new feature that aims to thwart scams no matter what the source.Known as Scam Guardian, the protection tries to do more than just detect malicious or suspicious URLs. Trained on scam data, Scam Guardian uses AI to analyze the context and language behind a shady web page or text message. The feature also goes behind the scenes to scan the actual website code. The intent is to look above and below the surface for signs of deceptive and dangerous content.Also: Best data removal services: Delete yourself from the internetThe scam protection included with Avast Free Antivirus consists of two components. Avast Assistant The AI-powered Avast Assistant attempts to guide you when you encounter deceptive websites, SMS messages, emails, links, offers, and other content. Instead of acting solely on its own, the assistant will start a dialogue with you to help you understand the content and offer advice on what to do. More

Jack Wallen / Elyse Betters Picaro / ZDNETGoogle released Android 16 a bit earlier than expected, and although it was missing some crucial features, there are key additions to the platform that go a long way to improve security.This was an important step forward, as the need for improved security grows every year. Without companies like Google, Apple, and others upping the ante on security, the mobile space would wind up the wild west of the technological landscape, with ne’er-do-wells popping up all over the place, stealing data at will. Also: How to turn on Android’s Private DNS mode — and why it’s an absolute must for securityWell, Google has taken a pretty big step forward with Android 16 in the form of two key features, which I’m going to explain here. 1. Identity Check This feature was actually added back in 2024, but it wasn’t until the release of Android 16 that it started receiving much attention. What is Identity Check? Let’s say you’re away from home (which you’ve designated as a trusted location; more on that in a bit). While you’re gone, someone gains access to your phone and either goes to make changes to critical security settings or attempts to access saved passwords or other sensitive information. Because the phone is away from your trusted location, when that person tries to make those changes, biometric authentication will prevent them from accessing those features or data. Also: 7 simple things I always do on Android to protect my privacy – and why you should tooHere’s the thing about Identity Check: it’s not easy to find. The best way to locate the feature is to open the Settings app and search for “identity check.” Once on the Identity Check page, you can enable the feature (it should be enabled by default) and add a trusted location. Once you’ve added a trusted location, biometrics won’t be required for that particular place. More

TP-Link Tapo TP-Link just announced a new lineup of Tapo security cameras that rival the best on the market. The cameras feature high-resolution recording, AI-powered capabilities, and local storage options. The news also includes the launch of the Tapo Smart HomeBase H500, a central hub that offers local storage to bypass subscription fees.  The seven […] More

wdstock/Gertty Images If you’re a current or former AT&T customer, a new class action settlement means you might be in line for a little cash. Earlier this year, the company confirmed two major data breaches — one from 2019 or earlier and one from 2024. The stolen data, which ultimately ended up for sale on […] More

wdstock/Gertty Images If you’re a current or former AT&T customer, a new class action settlement means you might be in line for a little cash. Earlier this year, the company confirmed two major data breaches — one from 2019 or earlier and one from 2024. The stolen data, which ultimately ended up for sale on […] More

hxdbzxy / Getty Images With just a few months remaining until the Windows 10 end-of-support date, Microsoft seems to have belatedly realized that owners of tens of millions of consumer PCs running Windows 10 aren’t ready to replace their old computers, and they’re also not about to fork over $30 for a one-year Extended Security […] More