Kategorie

Security threats continue developing rapidly, with attackers finding new vulnerabilities daily. Recent findings from researchers at Uptycs indicate a shift in ransomware attacks targeting Linux servers, possibly due to their increasing prevalence in critical infrastructure and enterprise operations, making them attractive targets for ransomware groups.

Losing your phone is one of the most stressful predicaments of modern-day life. We’ve all been there: You pat your pocket, swiftly scan every surface in sight — then suddenly feel your heart drop at the realization that your Android device and all of its contents (including, potentially, all sorts of sensitive company-connected materials) are no longer in your control.

There’s certainly no scenario in which losing your phone is a good thing. (Understatement of the century, I realize.) But with the advanced and just recently upgraded phone-finding system now built into Android at the operating system level, seeking out and then managing a missing device is more manageable than ever. And despite what some security suite services may try to convince you, you don’t need any third-party software to do it.

Android’s native Find My Device system can precisely pinpoint any Android device — phone, tablet, watch, you name it. It also works with a new series of special AirTag-like trackers that can be attached to keys, briefcases, and other important items. And it’ll show you your device’s exact location on an interactive map and — when relevant — give you tools to remotely ring it, lock it, or wipe it entirely and send all of its data to the digital beyond.

Best of all? You have to do shockingly little to get it up and running. It’s mostly just a matter of confirming that the system is active and then remembering how to tap into it if and when the need ever arises.

So take a few minutes now to learn the ins and outs of how the new Find My Device network on Android works and what it takes for your devices to be discoverable. Then, if you ever have that heart-dropping moment, your phone will be 100% ready — and so will you.

[Get Googley goodness in your inbox every Friday with my free Android Intelligence newsletter. Three new things to know and try each Friday!]

Find My Device on Android, part I: Preparation

Most reasonably recent Android phones should be actively enrolled in Google’s Find My Device Android network by default, but there are a few critical settings that are worth double-checking to confirm everything’s connected.

First, head into the Location section of your Android device’s system settings and make sure the toggle at the top of the screen is turned on. If it isn’t, Android won’t be able to access your phone’s GPS and thus won’t be able to perform any Find My Device-related location functions.

The “Use location” toggle is a critical foundation for Google’s Find My Device Android network to function.

JR Raphael, IDG

Next, pull up the Google section of your phone’s system settings and scroll down to the line labeled “Find My Device.” Tap that, then make sure the “Use Find My Device” toggle on the screen that comes up next is activated. And last but not least, tap “Find your offline devices” and consider which of the available options seems most suitable for you and your future finding purposes.

You’ve got all sorts of options for how your device can connect to Google’s new Find My Device Android network.

JR Raphael, IDG

All set? Good. Now, let’s break down what your options are when that dreaded moment becomes reality.

Find My Device on Android, part II: Action

The best part about Android’s Find My Device system is that, being a Google product, it’s easily accessible from almost anywhere. If you ever can’t find your phone, choose the most convenient option and go, go, go:

1. Use the Find My Device Android app on another phone or tablet

Got an Android tablet — or maybe a secondary phone for some specific purpose? Install the Find My Device Android app on it. In fact, go ahead and do that on all your active Android devices this minute so the app will be there and ready in case you ever need it. As long as you’re signed into the same Google account on the secondary device as you are on your primary phone, finding your phone will be as simple as opening the app, confirming your Google password, and then selecting your phone from the list on the app’s main screen.

The official Find My Device Android app is an incredibly easy way to track down any device associated with your Google account.

JR Raphael, IDG

From there, you’ll see your phone’s last known location on a zoomable map. And you’ll be able to ring it — for a full five minutes at a time, even if it’s set to silent — and optionally lock it or erase it as needed.

No secondary Android device? No problem: If you have a friend or family member with an Android phone or tablet nearby, kindly ask them to install the Find My Device app onto their device. Open it and find the option to sign in as a guest. Type in your Google account credentials, and then take a deep breath: Everything you need to find your phone will be right at your fingertips.

(Side note: The Find My Device Android app is strictly about finding a missing device — nothing more. It doesn’t actually have to be on your device in order for the device itself to be discoverable.)

2. Pull up Android’s Find My Device website in a browser

If you don’t have another Android device handy, you can still get to Android’s Find My Device function from any web browser — on a laptop or desktop computer or even an iPhone or iPad.

The main Android Find My Device site is at google.com/android/find. It’s basically identical to what you’ll get in the Find My Device Android app:

Google’s Find My Device website puts all your device tracking data at your fingertips in any browser, on any type of device.

JR Raphael, IDG

You can also find an alternate version of the Android Find My Device function within Google’s My Account site. That site provides the same basic info but seems to go back further in your device history — so if you’re looking for a device you haven’t used in a while and that device doesn’t come up on the main Android Find My Device site, you might give it a whirl to see if it shows up there.

And that, my friend, is all there is to it. Consider yourself protected — and you know what? Go get yourself a cookie. You’ve earned it.

Want even more Googley knowledge? Come check out my free Android Intelligence newsletter to get three new things to know and try in your inbox every Friday.

More Android tips:

• 30 out-of-sight Android app shortcuts worth surfacing
• Supercharge your Android lock screen — no Android 15 required
• 6 secret settings for a smarter Chrome Android setup

Microsoft has revealed two security flaws in Rockwell Automation PanelView Plus that could be weaponized by remote, unauthenticated attackers to execute arbitrary code and trigger a denial-of-service (DoS) condition. "The [remote code execution] vulnerability in PanelView Plus involves two custom classes that can be abused to upload and load a malicious DLL into the device," security researcher

Microsoft has revealed two security flaws in Rockwell Automation PanelView Plus that could be weaponized by remote, unauthenticated attackers to execute arbitrary code and trigger a denial-of-service (DoS) condition. "The [remote code execution] vulnerability in PanelView Plus involves two custom classes that can be abused to upload and load a malicious DLL into the device," security researcher Newsroomhttp://www.blogger.com/profile/[email protected]

The Japanese government is finally doing away with 3.5-inch floppy disks, almost two years after it announced its intention to scrap them.

“We have won the war on floppy disks,” Taro Kono, Japan’s digital minister, told Reuters on Wednesday.

Kono leads Japan’s Digital Agency, which was set up in 2021 when the roll-out of nationwide COVID testing and vaccination revealed that the government was over-reliant on paper filing and outdated technology, the Reuters article said.

He promised in August 2022 to do away with floppy disks and CDs in communication with authorities, and in January this year introduced new legislation to promote regulatory reform, as Computerworld’s sister publication Computerwoche reported. Until recently there were about 1,900 regulatory procedures in Japan that required companies to submit additional data in the form of floppy disks or CD-ROMs, Computerwoche said.

By the middle of last month the agency had “scrapped all 1,034 regulations governing their use, except for one environmental structure related to vehicle recycling,” Reuters reported, and now that too is gone.

Dwindling market

And not before time: It’s over 14 years since Sony, one of a handful of companies still selling floppy disks in Japan, said it would halt floppy disk sales in 2011 due to dwindling demand. In 2009, Sony had a 70% share of the Japanese domestic floppy disk market, which amounted to about 12 million disks in total — with a combined capacity of just 17 terabytes.

But there is still a market for these archaic removable storage media, according to  Tom Persky, who proclaims himself as the “last man standing in the floppy disk business.”

Persky is the founder of floppydisk.com, a US company that still sells formatted floppy disks and provides a floppy and zip disk transfer service as well as recycling services.

His customers include hobbyists who want to resurrect old computer games, operators of old manufacturing equipment, and commercial owners of aircraft that are at least 25 years old.

“If you are an airline and your passengers find out that you are using a floppy disk, that is not good PR,” he said. “But the issue is not whether it is attractive, the issue for me and my customers is, does it work? And does it work better and cheaper than anything else? And for my customers it works better and cheaper than anything else.”

As for the move made by the Japanese government, Persky said “I am not going to tell them that they are wrong. I am not going to tell them that the floppy disk is the future. What I am going to tell them is, it is a very stable, very well known, very robust, very practical way to solve a problem.”

Brazil's data protection authority, Autoridade Nacional de Proteção de Dados (ANPD), has temporarily banned Meta from processing users' personal data to train the company's artificial intelligence (AI) algorithms. The ANPD said it found "evidence of processing of personal data based on inadequate legal hypothesis, lack of transparency, limitation of the rights of data subjects, and risks to

Brazil's data protection authority, Autoridade Nacional de Proteção de Dados (ANPD), has temporarily banned Meta from processing users' personal data to train the company's artificial intelligence (AI) algorithms. The ANPD said it found "evidence of processing of personal data based on inadequate legal hypothesis, lack of transparency, limitation of the rights of data subjects, and risks to Newsroomhttp://www.blogger.com/profile/[email protected]

A coordinated law enforcement operation codenamed MORPHEUS has felled close to 600 servers that were used by cybercriminal groups and were part of an attack infrastructure associated with the Cobalt Strike tool.  The crackdown targeted older, unlicensed versions of the Cobalt Strike red teaming framework between June 24 and 28, according to Europol. Of the 690 IP addresses that were flagged

A coordinated law enforcement operation codenamed MORPHEUS has felled close to 600 servers that were used by cybercriminal groups and were part of an attack infrastructure associated with the Cobalt Strike tool.  The crackdown targeted older, unlicensed versions of the Cobalt Strike red teaming framework between June 24 and 28, according to Europol. Of the 690 IP addresses that were flaggedNewsroomhttp://www.blogger.com/profile/[email protected]

Cloud communications provider Twilio has revealed that unidentified threat actors took advantage of an unauthenticated endpoint in Authy to identify data associated with Authy accounts, including users' cell phone numbers. The company said it took steps to secure the endpoint to no longer accept unauthenticated requests. The development comes days after an online persona named ShinyHunters

Cloud communications provider Twilio has revealed that unidentified threat actors took advantage of an unauthenticated endpoint in Authy to identify data associated with Authy accounts, including users' cell phone numbers. The company said it took steps to secure the endpoint to no longer accept unauthenticated requests. The development comes days after an online persona named ShinyHunters Newsroomhttp://www.blogger.com/profile/[email protected]

On Independence Day, there is a deep recognition of digital autonomy amidst the colorful fireworks displays and patriotic revelry. At LinuxSecurity, we advocate switching from Windows to Linux as a symbolic act with deeper roots in terms of freedom, security, and privacy embodied by Linux.

Independent experts have urged businesses to think carefully before relying on third-party support for security patches once Windows 10 reaches its end of life in October 2025.

Upgrading from Windows 10 may be challenging for some businesses, because many older PCs may not meet the minimum system requirements for Windows 11. Some software or applications may not be compatible with Windows 11, forcing users to stick with Windows 10 or find alternatives.

In addition, point-of-sale (POS) terminals running Windows 10 may be difficult to upgrade, presenting a particular challenge for IT professionals in the retail and hospitality sectors.

As with the retirement of previous versions of Windows, Microsoft is offering enterprises extended support for Windows 10. For commercial customers and small businesses, this comes in at $61 per device in the first year, doubling to $122 per Windows 10 device in year two and $244 per device for the third and final year.

Organizations using cloud-based update management enjoy cost savings, with prices of $45 per user with up to five devices in the first year. There’s a big discount for educational institutions, which can get extended support for a total of $7 over the maximum of three years.

Microsoft’s Extended Security Updates offers monthly critical and important security updates to Windows 10 but without access to any new features and only for up to three years.

Micro-patching alternative

Acros, a Slovenian company specializing in security updates, announced Wednesday that it will offer enterprise users of Windows 10 extended support under its 0patch brand for up to five years at a lower cost than Microsoft.

For medium and large organizations, 0patch Enterprise includes central management, multiple users and roles, and comes in at €35 (around $38) per device per year, excluding tax. A cut down version pitched at small business and individuals, 0patch Pro, costs €25 plus tax per device per year.

0patch uses a system of “micro-patches” to address critical vulnerabilities, an approach touted as faster and offering a lower potential for system instability. The vendor has previously offered extended support for Windows 7 and Windows 8.

The company said it may offer fixes for vulnerabilities that Microsoft leaves unpatched, while also providing patches for non-Microsoft products (such as Java runtime, Adobe Reader etc.), as explained in a blog post.

Gauging risk to reward

Rich Gibbons, head of market development at IT asset management specialist Synyega, noted that third-party support is an established part of the enterprise software market.

“Businesses regularly bring in third parties to help patch and maintain their legacy Oracle, SAP, and IBM estates, and while it’s not as common with Microsoft, it’s still a legitimate option, and one worth assessing,” Gibbons said.

“Purchasing extended support packages from Microsoft is expensive and will only go up in price each year. It’s therefore little wonder that more cost-effective options like those offered by 0patch are beginning to gain traction,” Gibbons added.

He advised companies to conduct a full risk-reward analysis to understand if the cost savings are worth selecting alternatives like 0patch rather than purchasing extended support from Microsoft or biting the bullet and upgrading their systems.

Leaving Microsoft’s ecosystem

Javvad Malik, lead security awareness advocate at KnowBe4, also urged companies to be careful about opting for third-party support rather than facing the financial and operational burdens of a significant overhaul.

“The viability of turning to a third-party for extended support, as opposed to embarking on the arguably Herculean task of retooling apps and refreshing hardware to embrace Windows 11, is, on the surface, an attractive proposition,” Malik told Computerworld. “However, engaging with a third party for security patches introduces a layer of dependency beyond the control of Microsoft’s established ecosystem.”

Malik warned that relying on extended support for an extended period might make it more difficult to upgrade in the future.

“Upgrading from one version to the next is relatively simple when considering upgrading two or more versions up from the current version of any software. So, the cost of delaying an upgrade needs to be evaluated in totality, and not just as a comparison to an upgrade today,” Malik advised.

In response to this criticism, 0patch co-founder Mitja Kolsek told Computerworld that deferring a costly Windows upgrade can be beneficial, while admitting that enterprises have to move on eventually.

“While an upgrade may eventually be inevitable for functional and compatibility reasons, we’re making sure that you’re not forced to upgrade because of security flaws that the vendor won’t fix anymore,” Kolsek explained. “At the same time, five years is a long time and a lot can happen — maybe you’ll be able to skip a version, or start using some other tool altogether.”

From the editors of Computerworld, this enterprise buyer’s guide helps IT and business staff understand what the various types of business projectors can do for their organizations and how to choose the right solution.

Recently the Office of the Director of National Intelligence (ODNI) unveiled a new strategy for open-source intelligence (OSINT) and referred to OSINT as the “INT of first resort”. Public and private sector organizations are realizing the value that the discipline can provide but are also finding that the exponential growth of digital data in recent years has overwhelmed many traditional OSINT

Recently the Office of the Director of National Intelligence (ODNI) unveiled a new strategy for open-source intelligence (OSINT) and referred to OSINT as the “INT of first resort”. Public and private sector organizations are realizing the value that the discipline can provide but are also finding that the exponential growth of digital data in recent years has overwhelmed many traditional OSINT The Hacker Newshttp://www.blogger.com/profile/[email protected]

“Can you go through all the old pitch decks and replace the word ‘crypto’ with ‘A.I.’?”

This caption, part of a New Yorker cartoon by Benjamin Schwartz, perfectly captures Silicon Valley’s new spirit of AI washing.

AI washing sounds like just another spin cycle, but it’s actually a complex and multifaceted phenomenon. And it’s important for everyone reading this column — technology leaders, marketers, product builders, users, and IT professionals of every stripe — to understand the exaggeration, warped emphases, and outright lying that we all encounter in not only marketing and sales, but also the stories we read based on industry claims.

Understanding AI washing

AI washing is a deceptive marketing practice that overemphasizes the role of artificial intelligence in the product or service being promoted. The phrase is based on “greenwashing,” coined by environmentalist Jay Westerveld in 1986, where consumer products are marketed as environmentally friendly regardless of environmental impact.

Products using old-school algorithms are labeled as “AI-powered,” taking advantage of the absence of a universally agreed upon definition for what AI is and what AI is not. Startups build apps that plug into a publicly available generative AI API and market it as an AI app. Big, bold AI projects that are supposed to showcase technology often rely on people working behind the scenes, because humans are the only way to make the ambitious AI solution work.

Let’s talk more about that last one.

AI: It’s made out of people

Retail giant Amazon rolled out 44 high-tech stores called Amazon Go and Amazon Fresh, which (starting in 2016) used the company’s “Just Walk Out” set of technologies. (I first told you about this initiative in 2017.)

Amazon’s vision: Stores where consumers could walk in, choose their items from shelves, then walk out without encountering a human behind a cash register. Sensors, including cameras, would feed into AI, which could figure out who bought what and charge accordingly — all without any checkout process. It felt like shoplifting, but legal.

The system was powered by advanced computer vision, which watched customers and what they picked up. Sensors in the shelves conveyed the weight of items removed, confirming the kind and number of items detected by the cameras. RFID tagged items also added information to the mix. Advanced machine learning algorithms processed the data from cameras and sensors to identify products and associate them with specific shoppers. Electronic entry and exit gates determined who was entering and leaving and when.

The algorithms were trained on millions of AI-generated images and videos to recognize products, human behavior, and human actions.

For seven years, Amazon has been eager to talk about these components of its Just Walk Out technologies. But the tech giant has been hesitant to discuss the 1,000 or so human beings hired to make it all actually more or less function — and admitted the existence of these employees only after press reports exposed them. Even then, Amazon has obscured the specific role these employees played, saying only that they didn’t review video.

Even with 1,000 employees monitoring and enabling 44 stores (checking three-quarters of orders, according to reports), the technology has been beset by problems, including delayed receipts, mismanaged orders, and high operational costs. 

This year, Amazon has been phasing out Just Walk Out technology from its main stores but still offers it as a service to other companies.

Another big example of humans behind the AI curtain is the world of self-driving cars.

Alphabet’s Waymo (the operation formerly known as Google’s self-driving car initiative) has a NASA-style command center where employees monitor cars through cameras and step in remotely when there’s a problem. (Here’s a fast-motion video I took recently of a ride through San Francisco in a Waymo car.)

General Motors’ Cruise subsidiary admits its self-driving taxis need human assistance on average every 4 to 5 miles, with each remote control session lasting an average of 3 seconds.

Other self-driving companies rely on remote human operators even more. In fact, a German company called Vay straight up uses human operators to drive the cars, but remotely. The company recently rolled out a valet parking service in Las Vegas. The car is remotely driven to you, and you drive it wherever you like. Upon reaching your destination, you just get out and a remote operator will park it for you.

Amazon’s stores and self-driving cars are just two available examples of a phenomenon that’s widespread.

Why AI washing happens

The high-level, high-paid technologists building AI systems believe in AI, and believe it can solve extremely complex problems. Which it can — theoretically. They tell their superiors it can be done. Those leaders tell their board it can be done. Company C-suites tell investors it can be done. And as a company, they tell the public it can be done.

There’s just one small problem: It can’t be done.

Most companies feel some sense of accountability for lofty claims, and so they hide the degree to which the product or service depends on humans behind the curtain making decisions, working through problems, and enabling the “magic” to take place.

The more shameless companies remain undeterred by proof that their AI isn’t quite as capable as they claimed or believed, so they just re-up their claims again and again. Tesla CEO Elon Musk comes to mind.

In October 2016, Musk said Tesla would demonstrate a fully autonomous drive from Los Angeles to New York by the end of 2017.

By April 2017, he predicted that in about two years, drivers would be able to sleep in their vehicle while it drove itself.

In 2018, Musk moved his promise of full Tesla self-driving to be by the end of 2019.

In February 2019, Musk promised full self-driving “this year.”

In 2020, Musk claimed that Tesla would have over 1 million self-driving robotaxis on the road by the end of the year.

Even this year, Musk claimed full self-driving Teslas might happen “later this year.”

It’s not going to happen. Musk is deluding himself and his customers. Musk is the Mr. Clean of AI washing.

The real problem with AI washing

The cumulative effect of AI washing is that it leads both the public and the technology industry astray. It fuels the delusion that AI can do things it cannot do. It makes people think AI is some kind of all-purpose solution to every problem — or a slippery slope into dystopia, depending on one’s worldview.

AI washing incentivizes inferior solutions, focusing on “magic” rather than quality. Claims that your dog-washing hose is “powered by AI” doesn’t mean you end up with a cleaner dog. It just means you have an overpriced hose.

AI washing warps funding. Silicon Valley investment nowadays is totally captured by both actual AI and AI-washing solutions. Even savvy investors may overlook AI-washing exaggeration and lies knowing that the AI story will sell in the marketplace thanks to buyer naiveté.

The biggest problem, however, is not delusional selling by the industry, but self-delusion. Purveyors of AI solutions believe that human help is a badge of shame, when in fact I think human involvement would be received with relief.

People actually want humans involved in their shopping and driving experience.

What we need is more human and less machine. As we speak, AI-generated garbage is flooding the zone with cringy prose and falsehoods, along with weird, sometimes horrifying, images. Google is so eager to replace its search engine with an answer engine that we end up with glue on our pizza.

What the public really wants is a search engine that will point us to human-created content or, at least, a PageRank system that favors the human and labels the AI-generated.

The AI-washing phenomenon is built on delusion. It’s built on the delusion that people want machines creating and controlling everything, which they don’t. It’s based on the delusion that adding AI to something automatically improves it, which it doesn’t. And it’s based on the delusion that employing people represents a failure of technology, which it doesn’t.

Enough delusional AI washing already! Sellers need to tell the truth about AI. And buyers need to demand proof that any AI in the products and services we pay for actually does something useful.

I think I speak for all of us in the technology industry, the technology customer community, and the tech press when I say to Silicon Valley: Stop gaslighting everybody about AI.

Proton has unveiled an end-to-end encrypted document editor that it said will provide an alternative to Microsoft Word and Google Docs for privacy-conscious users.

Docs in Proton Drive, announced on Wednesday by the Swiss software vendor that’s best known for its encrypted email app, contains many of the document creation features that office workers might expect.

Users can create and edit documents, share with colleagues for real-time collaborative work, leave comments and replies, and import and export common file types such as .docx and .txt. The app is available in Proton Drive, an encrypted cloud storage service launched by the vendor in 2022.

But it’s the end-to-end encryption rather than the document editing features that makes Proton’s editor stand out from well-established alternatives on the market.

Only customers are given access to the end-to-end encryption keys, which means that any data entered into a document in Proton Docs is inaccessible by Proton, the company said. That includes keystrokes and cursor movements.

Privacy measures in Proton’s Docs app contrast with the likes of Google Docs, which can “see everything you write and keep a record of all changes that you have ever made,” said Anant Vijay, senior product manager for Proton Mail and Proton Drive, in a blog post.

“Once you provide your data to these companies, you no longer have control over how it is used,” he said, citing growing concerns around the ability of software vendors to train their AI algorithms on customer data.

There’s also the risk that data contained in documents could be accessed should a vendor’s server be compromised.

Another advantage of Proton Docs, the company claims, is that user data is stored on Proton’s cloud servers in Switzerland. Strict Swiss data privacy laws ensure that information stored on Proton’s servers is not subject to access by government authorities in the EU or US, for instance.

The rollout of Docs to Proton Drive customers starts today, with the feature available to all users in the “next couple of days,” Proton said. Proton Drive is available to consumers under a freemium model, with individual subscriptions costing up to €10 a month (currently about US$10.80) billed annually. Proton for Business subscriptions start at €7 per user per month.

More collaboration software news:

• Microsoft’s Team Copilot aims to help manage meetings, group chats
• Slack updates AI ‘privacy principles’ after user backlash
• Meta signals the end of the road for Workplace

Microsoft’s first wave of Copilot+ PCs is here. They’re powered by Qualcomm Snapdragon X Elite hardware, which is a big deal for Windows. This is Microsoft’s version of Apple’s transition to the Arm architecture with its M-series Macs. And existing Windows applications aren’t guaranteed to run on an Arm-powered Windows PC.

The good news is that most applications will run — and Microsoft’s Prism translation layer does a good job of running them with decent speed, even. But not everything will work.

Here’s what you need to know.

Want more insights on the future of Windows? Sign up for my free Windows Intelligence newsletter — I’ll send you three things to try every Friday. Plus, get free Windows Field Guides (a $10 value) as a special welcome bonus!

Qualcomm Snapdragon Arm Copilot+ rule #1: There are no guarantees

The move to an Arm architecture is a big shift. If Microsoft hadn’t created the Prism translation layer, no existing Windows apps would “just work” on a Qualcomm Snapdragon PC. It’s just like Apple’s transition on the Mac, where the Rosetta software enabled existing Mac apps to run on an Arm-based M-series chip.

But the Mac is different. With the Mac transition, Apple put developers on notice: All future Macs would be Arm-based. For Windows, things are different: Only some new PCs use Arm processors. Intel and AMD aren’t being left behind — most Windows PCs will likely be using the traditional x86 architecture for years to come.

To ease the transition, many existing Windows applications will just work on an Arm-based PC. And by “just work,” I mean it  — you can double-click their installers and run them like normal. Unless you dig into the process details in the Task Manager, you might not even know you’re using an x86 application.

But that support only goes so far. Certain types of apps won’t work in the Prism translation layer and aren’t functional. Some hardware devices might not work with these PCs either. Plus, some heavy-duty professional applications could be slowed so much by that translation layer as to be unusable.

Google Drive flat-out refuses to install on a Qualcomm Snapdragon Arm Copilot+ computer.

Chris Hoffman, IDG

Qualcomm Snapdragon Arm Copilot+ rule #2: Some apps will have problems

There are a few types of applications that are guaranteed not to function properly through Prism. They will work if developers port them to Arm — but there’s no guarantee developers will bother, especially for existing business apps.

Specifically, keep an eye out for:

• File sync tools that integrate with File Explorer: These must be ported to Arm to function properly. For example, as shown above, you can’t install Google Drive on a Windows on Arm PC at launch. If this tool is important to you, you will have to access Google Drive in a web browser or use a third-party syncing app.
• Hardware devices that need manufacturer-provided drivers: The Prism translation layer won’t help Windows on Arm use hardware drivers for x86 PCs. In practice, this means many existing hardware devices — especially printers — won’t work. This is one reason why Microsoft is moving away from manufacturer-provided printer drivers.
• Any application that needs a driver: Some applications use drivers to integrate at a low-level with the Windows kernel. For example, many PC games use this for anti-cheat features. This is why Fortnite won’t run on Windows on Arm. But the problem extends beyond games and could affect business-specific productivity tools, too, as any type of application that uses such low-level Windows system integration won’t work. Many third-party antivirus tools don’t support Windows on Arm, either.
• High-end, demanding applications: At launch, the Adobe Premiere Pro video editor does not yet natively run on Arm. While it’s possible to run the x86 version through Prism, many users are reporting severe performance problems. Microsoft says a native Arm version is coming later in 2024. This is just one example, and you might encounter a demanding business application that won’t be ported. (And a demanding application that requires a lot of hardware resources might not deliver the performance you’d expect on an Arm PC.)

The slowdowns aren’t exclusive to high-end applications. All applications will run best on these PCs if the developer ports them to run natively on Arm hardware. But many lightweight applications that don’t need low-level integration with Windows will run just fine, with no perceptible slowdown.

The Details pane in the Task Manager shows which applications are translated 64-bit x86 (x64) software and which apps are native 64-bit Arm code (Arm64). 

Chris Hoffman, IDG

3 ways to see whether your Windows apps run on an Arm Copilot+ PC

I wish there were a big database that would list apps and how they run on these PCs. At launch, there doesn’t appear to be such a website — perhaps someone will launch a resource in the future.

For now, Microsoft has endorsed the ​Windows on ARM Ready Software​ website. However, despite the promising name, that site is just about PC games — which doesn’t do much for users focused on serious workplace productivity.

So here are three practical ways to determine if an application is compatible:

1. Contact the vendor or developer: The best way to find out whether an application will work is to contact the vendor or developer and simply ask whether they support their application on Arm-based versions of Windows like PCs using Qualcomm Snapdragon X Elite hardware.
2. Do research yourself: You might just have to search the web for the name of the application and “Arm” or “Snapdragon” to see if other people are reporting their experiences. You might find some good discussions on Reddit. Your mileage may vary depending on how many people use the application in question.
3. Test it yourself: Many businesses will want to test the applications they depend on before buying Arm-based PCs for their employees. There’s really no way to determine whether a workflow works other than to try it yourself. If you’re an individual, I recommend thinking about return policies: For example, the Microsoft Store has a 60-day return policy. If you buy a Copilot+ PC with an Arm processor from Microsoft and find it doesn’t work with your apps or hardware, you can return it.

With the release of these new laptops in July 2024, it’s still early days. While Windows on Arm has existed for many years now, it’s finally starting to look competitive. The demand for compatible software will likely motivate application developers to start taking it more seriously.

But we all know how Windows works: Some business applications were written many years ago and will never get a major update that ports them to a new architecture. The good news is that many should run fine on these new PCs with no extra development effort. The bad news is that applications that don’t will be left behind.

Still, maybe that’s not so bad. Intel is promising that its upcoming Lunar Lake hardware will be competitive with these Arm-based PCs when it comes to snappy performance with long battery life. Intel’s big pitch is that you’ll get these advantages without the headaches of an architectural shift and with compatibility for all your existing x86 software — no Prism translation layer necessary.

We’ll see whether Intel can deliver on its promises when its next-generation Core Ultra hardware starts arriving later in 2024.

I’ll have lots more to say as I spend more time with these new PCs! Sign up for my free Windows Intelligence newsletter to get all my latest musings along with three new things to try every Friday and free Windows Field Guides as a special welcome bonus.

More on Copilot+ PCs:

• Microsoft Copilot+ PCs: Finally, a reason to buy a new computer
• 5 Copilot+ PC AI features you can use at launch
• Microsoft launches AI-powered Copilot+ PCs

Unknown threat actors have been observed exploiting a now-patched security flaw in Microsoft MSHTML to deliver a surveillance tool called MerkSpy as part of a campaign primarily targeting users in Canada, India, Poland, and the U.S. "MerkSpy is designed to clandestinely monitor user activities, capture sensitive information, and establish persistence on compromised systems," Fortinet FortiGuard