Kategorie

Fortinet has released patches to address a critical security flaw impacting FortiClientLinux that could be exploited to achieve arbitrary code execution. Tracked as CVE-2023-45590, the vulnerability carries a CVSS score of 9.4 out of a maximum of 10. "An Improper Control of Generation of Code ('Code Injection') vulnerability [CWE-94] in FortiClientLinux may allow an unauthenticated attacker to

Fortinet has released patches to address a critical security flaw impacting FortiClientLinux that could be exploited to achieve arbitrary code execution. Tracked as CVE-2023-45590, the vulnerability carries a CVSS score of 9.4 out of a maximum of 10. "An Improper Control of Generation of Code ('Code Injection') vulnerability [CWE-94] in FortiClientLinux may allow an unauthenticated attacker to Newsroomhttp://www.blogger.com/profile/[email protected]

In the dynamic landscape of web development , ensuring that applications perform uniformly across various web browsers is a vital aspect of user experience. This becomes increasingly important for Linux systems, where the default browsers and configurations range presents unique challenges. Cross-browser compatibility testing on Linux helps to identify and resolve these discrepancies, thereby enhancing the accessibility and functionality of web applications for all users.

The one thing that seems about as certain as death and taxes is that, over time, your Windows 10 PC seems to slow down. There are a variety of reasons this can happen, from accumulated apps and background processes that run amok to registry problems and outdated drivers.

How to speed up your computer

Want your Windows 10 PC to run faster? We’re here to help. By tweaking some of the operating settings, your machine will be zippier and less prone to performance and system issues.

And if you’re already running Windows 11, we’ve got you covered there. Check out our top ways to keep Windows 11 devices chugging along smoothly.

Here’s our list of tips for Windows 10.

The top ways to speed up Windows 10

• Change your power settings
• Disable programs that run on startup
• Go to a previous restore point
• Use ReadyBoost to speed up disk caching
• Shut off Windows tips and tricks
• Stop OneDrive from syncing
• Use OneDrive files on-Demand
• Turn off search indexing
• Clean out your hard disk
• Clean out your Registry
• Disable shadows, animations and visual effects
• Disable transparency
• Update your device drivers
• Turn on automated Windows maintenance
• Kill bloatware
• Defrag your hard disk
• Disable Game Mode
• Shut down and restart Windows

You may notice that that last tip is the most tried-and-true way of (hopefully) smoothing out any problems in Windows 10. There’s a reason it’s effectively an internet meme.

1. Change your power settings

If you’re using Windows 10’s “Power saver” plan, you’re slowing down your PC. That plan reduces your PC’s performance in order to save energy. (Even desktop PCs typically have a “Power saver” plan.) Changing your power plan from “Power saver” to “High performance” or “Balanced” will give you an instant performance boost.

To do it, launch the Control Panel app, then select Hardware and Sound > Power Options. You’ll typically see two options: Balanced (recommended) and Power saver. (Depending on your make and model, you might see other plans here as well, including some branded by the manufacturer.) To see the High performance setting, click the down arrow by Show additional plans.

Change your power settings in Control Panel to give your PC a performance boost. (Click image to enlarge it.)

To change your power setting, simply choose the one you want, then exit Control Panel. “High performance” gives you the most oomph, but uses the most power; “Balanced” finds a happy medium between power use and better performance; and “Power saver” does everything it can to give you as much battery life as possible. Desktop users have no reason to choose “Power saver,” and even laptop users should consider the “Balanced” option when unplugged — and “High performance” when connected to a power source.

2. Disable programs that run on startup

One reason your Windows 10 PC may feel sluggish is that you’ve got too many programs running in the background — programs that you rarely or never use. Stop them from running, and your PC will run more smoothly.

Start by launching the Task Manager: Press Ctrl-Shift-Esc, right-click the lower-right corner of your screen and select Task Manager, or type task manager into the Windows 10 search box and press Enter. If the Task Manager launches as a compact app with no tabs, click More details at the bottom of your screen. The Task Manager will then appear in its full-tabbed glory. There’s plenty you can do with it, but we’re going to focus only on killing unnecessary programs that run at startup.

Click the Startup tab. You’ll see a list of the programs and services that launch when you start Windows. Included on the list is each program’s name as well as its publisher, whether it’s enabled to run on startup, and its “Startup impact,” which is how much it slows down Windows 10 when the system starts up.

To stop a program or service from launching at startup, right-click it and select Disable. This doesn’t disable the program entirely; it only prevents it from launching at startup — you can always run the application after launch. Also, if you later decide you want it to launch at startup, you can just return to this area of the Task Manager, right-click the application and select Enable.

You can use the Task Manager to help get information about programs that launch at startup and disable any you don’t need. (Click image to enlarge it.)

Many of the programs and services that run on startup may be familiar to you, like OneDrive or Evernote Clipper. But you may not recognize many of them. (Anyone who immediately knows what “bzbui.exe” is, please raise your hand. No fair Googling it first.)

The Task Manager helps you get information about unfamiliar programs. Right-click an item and select Properties for more information about it, including its location on your hard disk, whether it has a digital signature, and other information such as the version number, the file size and the last time it was modified.

You can also right-click the item and select Open file location. That opens File Explorer and takes it to the folder where the file is located, which may give you another clue about the program’s purpose.

Finally, and most helpfully, you can select Search online after you right-click. Bing will then launch with links to sites with information about the program or service.

If you’re really nervous about one of the listed applications, you can go to a site run by Reason Software called Should I Block It? and search for the file name. You’ll usually find very solid information about the program or service.

Now that you’ve selected all the programs that you want to disable at startup, the next time you restart your computer, the system will be a lot less concerned with unnecessary programs.

3. Go to a previous restore point

As you use Windows 10, it automatically creates restore points that are essentially snapshots of your system at specific moments in time, including installed software, drivers, and updates. Restore points are a kind of safety net so if something goes wrong, you can always restore your PC to a previous state.

They can also be used to speed up your PC if you notice — for no reason you can fathom — it’s started to slow down. Recently installed problematic drivers, software, or updates could be to blame, so going back to a previous restore point could speed things up again because the system will be returned to the state it was in before the problems started. Keep in mind, though, that you’ll only be able to restore your system to the state it was in during the last seven to 10 days. (Restore points don’t affect your files, so you won’t lose any files by going to a restore point.)

To go to a previous restore point:

1. Save any open files and close all your programs.
2. In the search box type advanced system and then click View advanced system settings. You’ll be sent to the Advanced tab of System Properties in the Control Panel.
3. Click the System Protection tab.
4. In the System Restore area, click System Restore.
5. On the screen that pops up, the “Recommended restore” option will be chosen for you. Click Next if you want to go that restore point. To see others, click Choose a different restore point. Highlight the one you want to use and click Next.
6. Click Finish from the screen that appears.
7. Your system will restore to the restore point you chose and shut down. Restart your PC.

Going to a restore point can help speed up your PC if you’ve recently installed drivers, software, or updates that have slowed down your system. (Click image to enlarge it.)

Note: there’s a chance System Restore isn’t turned on, meaning you won’t be able to use this tip. If that’s the case, you should turn it on to solve any future problems. To do so:

1. In the search box, type create a restore point, then click Create a restore point.
2. On the System Protection tab, select Configure.
3. Select Turn on system protection. Leave the other settings on the page as they are.
4. Click OK. From now on, your PC will automatically create restore points.

4. Use ReadyBoost to speed up disk caching

Windows 10 regularly stores cached data on your hard disk, and then when it needs the data, fetches it from there. The time it takes to fetch cached data depends on the speed of your hard disk. If you have a traditional hard disk instead of an SSD, there’s a trick that can help speed up your cache: use Windows’ ReadyBoost feature. It tells Windows to cache data to a USB flash drive, which is faster than a hard disk. Fetching data from that speedier cache should speed up Windows.

First, plug a USB flash drive into one of your PC’s USB ports. The flash drive needs to support at least USB 2.0, and preferably USB 3 or faster. The faster your flash drive, the more of a speed boost you should see. Also, look for a flash drive that is at least double the size of your PC’s RAM for maximum performance.

After you plug in in the drive, open File Explorer and click This PC. Look for the flash drive. It may have an odd name, like UDISK 28X, or something even less obvious. Right-click it, choose Properties, and click the ReadyBoost tab.

Turn on ReadyBoost from this screen to speed up your PC. (Click image to enlarge it.)

You’ll come to a screen that asks whether you want to use the flash drive as a cache and recommends a cache size. Leave the cache size as is or change it if you like. Then select Dedicate this device to ReadyBoost and click Apply and then OK.

(Note that if you see the message, “This device cannot be used for ReadyBoost” when you click the ReadyBoost tab, it means your flash drive doesn’t meet ReadyBoost’s minimum performance standards, so you’ll have to insert a new one.)

As you use your computer, ReadyBoost will start filling the cache with files, so you may notice an increase in disk activity. Depending on how much you use your PC, it can take a few days for your cache to fill and offer maximum improved performance. If you don’t see an increase in performance, try a flash disk with more capacity.

Note: If you have an SSD, you won’t get any extra speed from ReadyBoost, and it might even hurt performance. So don’t use this on a system with an SSD.

5. Shut off Windows tips and tricks

As you use your Windows 10 PC, Windows keeps an eye on what you’re doing and offers tips about things you might want to do with the operating system. In my experience, I’ve rarely if ever found these “tips” helpful. I also don’t like the privacy implications of Windows constantly taking a virtual look over my shoulder.

Windows watching what you’re doing and offering advice can also make your PC run more sluggishly. So if you want to speed things up, tell Windows to stop giving you advice. To do so, click the Start button, select the Settings icon and then go to System > Notifications & actions. Scroll down to the Notifications section and uncheck the box marked “Get tips, tricks, and suggestions as you use Windows.”

Turning off Windows’ suggestions for you should help things run more smoothly (and give you back a measure of privacy). (Click image to enlarge it.)

That’ll do the trick.

6. Stop OneDrive from syncing

Microsoft’s cloud-based OneDrive file storage, built into Windows 10, keeps files synced and up to date on all of your PCs. It’s also a useful backup tool so that if your PC or its hard disk dies, you still have all your files intact, waiting for you to restore them.

Here’s how to turn off OneDrive syncing temporarily, to see if that boosts system performance. (Click image to enlarge it.)

It does this by constantly syncing files between your PC and cloud storage — something that can also slow down your PC. That’s why one way to speed up your PC is to stop the syncing. Before you turn it off permanently, though, you’ll want to check whether it is actually slowing down your PC.

To do so, right-click the OneDrive icon (it looks like a cloud) in the notification area on the right side of the taskbar. (Note: In order to see the OneDrive icon, you may need to click an upward facing arrow.) From the pop-up screen that appears, click Pause syncing and select either 2 hours, 8 hours, or 24 hours, depending upon how long you want it paused. During that time, gauge whether you’re seeing a noticeable speed boost.

If so, and you decide you do indeed want to turn off syncing, right-click the OneDrive icon, and from the pop-up, select Settings > Account. Click Unlink this PC, and then from the screen that appears, click Unlink account. When you do that, you’ll still be able to save your files to your local OneDrive folder, but it won’t sync with the cloud.

If you find that OneDrive slows down your PC but prefer to keep using it, you can try to troubleshoot OneDrive problems. For info on how to do that, check out Microsoft’s “Fix OneDrive sync problems” page.

7. Use OneDrive Files On-Demand

Some users may not want to stop OneDrive from syncing; doing so defeats its purpose of making sure you have the latest files on whatever device you use. And it would also mean you won’t be able to use OneDrive as a way to safely back up files.

But there’s a way to get the best of both worlds: You can keep syncing to an absolute minimum and only do it when absolutely necessary. You’ll speed up performance, and still get the best of what OneDrive has to offer.

To do this, you use Windows’ OneDrive Files On-Demand feature. With it, you can choose to keep only certain files on your PC, but still have access to all your other OneDrive files in the cloud. When you want to use one of those online files, you open it directly from the cloud. With fewer files on your PC syncing, you should see a performance boost.

Right-click the OneDrive icon on the right side of the Taskbar and select Settings. Click Advanced settings and scroll down to the Files On-Demand section. Click Free up disk space and select Continue. When you do that, all the files on your PC will be set to online-only, which means they’re only available from OneDrive in the cloud not on your PC. From now on, the first time you want to open one of your files, you’ll have to be online – that is, unless you use the following instructions to make some files available on your PC as well as in the cloud, while you leave others available only in the cloud.

After you click the Continue button, you’ll see OneDrive in a File Explorer window.  For every folder whose files you want kept on your PC, right-click the folder and select Always keep on this device. You can do the same thing for subfolders and individual files.

Later, if you want to have folders, subfolders, or files stored only in OneDrive in the cloud, right-click it in File Explorer, and uncheck the box next to Always keep on this device. You can change the status of folders, subfolders, and files like this whenever you like.

Use this dialog box to turn on OneDrive Files on-Demand

If you change your mind and want all your files stored locally and kept in sync via OneDrive, go back to the “Advanced settings” section of OneDrive settings page, scroll down to the Files On-Demand section and click Download all files.

Note that OneDrive Files On-Demand is available only on Windows 10 version 1709 and higher.

8. Turn off search indexing

Windows 10 indexes your hard disk in the background, allowing you — in theory — to search your PC more quickly than if no indexing were being done. But slower PCs that use indexing can see a performance hit, and you can give them a speed boost by turning off indexing. Even if you have an SSD disk, turning off indexing can improve your speed, because the constant writing to disk that indexing does can eventually slow down SSDs.

To get the maximum benefit in Windows 10, you need to turn indexing off completely. To do so, type services.msc in the Windows search box and press Enter. The Services app appears. Scroll down to either Indexing Service or Windows Search in the list of services. Double-click it, and from the screen that appears, click Stop. Then reboot your machine. Your searches may be slightly slower, although you may not notice the difference. But you should get an overall performance boost.

Here’s how to turn off Windows 10 indexing. (Click image to enlarge it.)

If you’d like, you can turn off indexing only for files in certain locations. To do this, type index in the Windows search box and click the Indexing Options result that appears. The Indexing Options page of the Control Panel appears. Click the Modify button, and you’ll see a list of locations that are being indexed, including Microsoft Outlook, Internet Explorer History, and your hard drive or drives. Uncheck the box next to any location, and it will no longer be indexed. If you’d like to customize what gets indexed and what doesn’t on individual drives, click the down arrow next to any drive and check the box next to what you want indexed and uncheck the box of what you don’t.

9. Clean out your hard disk

If you’ve got a bloated hard disk filled with files you don’t need, you could be slowing down your PC. Cleaning it out can give you a speed boost. Windows 10 has a surprisingly useful built-in tool for doing this called Storage Sense. Go to Settings > System > Storage and at the top of the screen, move the toggle from Off to On. When you do this, Windows constantly monitors your PC and deletes old junk files you no longer need — temporary files, files in the Downloads folder that haven’t been changed in a month, and old Recycle Bin files.

You can customize how Storage Sense works and also use it to free up even more space than it normally would. Underneath Storage Sense, click Configure Storage Sense or run it now. From the screen that appears, you can change how often Storage Sense deletes files (every day, every week, every month or when your storage space gets low).

You can also tell Storage Sense to delete files in your Download folder, depending on how long they’ve been there, and set how long to wait to delete files in the Recycle Bin automatically. You can also have Storage Sense move files from your PC to the cloud in Microsoft’s OneDrive cloud storage if they’re not opened for a certain amount of time (every day, or every 14 days, 30 days, or 60 days).

IDG

Here’s how to customize the way Storage Sense works, and to tell it to delete old versions of Windows. (Click image to enlarge it.)

10. Clean out your Registry

Under the Windows hood, the Registry tracks and controls just about everything about the way Windows works and looks. That includes information about where your programs are stored, which DLLs they use and share, what file types should be opened by which program, and just about everything else.

But the Registry is a very messy thing. When you uninstall a program, for example, that program’s settings don’t always get cleaned up in the Registry. So over time, it can get filled with countless outdated settings of all types. And that can lead to system slowdowns.

Don’t even think of trying to clean any of this out yourself. It’s impossible. To do it, you need a Registry Cleaner. There are plenty available, some free and some paid. But there’s really no need to outright buy one, because the free Auslogics Registry Cleaner does a solid job.

Before using Auslogics or any other Registry cleaner, you should back up your Registry so you can restore it if anything goes wrong. (Auslogics Registry Cleaner does this for you as well, but it can’t hurt to have it backed up twice.) To do your own Registry backup, type regedit.exe in the search box, then press Enter. That runs the Registry editor. From the File menu, select Export. From the screen that appears, make sure to choose the All option in the “Export range” section at the bottom of the screen. Then choose a file location and file name and click Save. To restore the Registry, open the Registry editor, select Import from the File menu, then open the file you saved.

Now download, install, and run Auslogics Registry Cleaner. On the left-hand side of the screen you can select the kinds of Registry issues you want to clean up — for example, File Associations, Internet, or Fonts. I generally select them all.

IDG

Auslogics Registry Cleaner scans for and fixes problems in your Windows Registry. (Click image to enlarge it.)

Next, tell it to scan the Registry for problems. To do that, click Scan Now, and from the drop-down menu that appears, select Scan. That lets you first examine the Registry problems it finds. If you instead choose Scan and Resolve, it makes the fixes without you checking them.

It now scans your Registry for errors, then shows you what it found. Uncheck the boxes next to any you don’t want it to fix.  Click Resolve when you’ve made your decision, and make sure that Back Up Changes is checked, so you can restore the Registry easily if something goes wrong. If you want to see details about what it’s done, click View detailed report at the bottom of the screen.

11. Disable shadows, animations, and visual effects

Windows 10 has some nice eye candy — shadows, animations, and visual effects. On fast, newer PCs, these don’t usually affect system performance. But on slower and older PCs, they can exact a performance hit.

It’s easy to turn them off. In the Windows 10 search box, type sysdm.cpl and press Enter. That launches the System Properties dialog box. Click the Advanced tab and click Settings in the Performance section. That brings you to the Performance Options dialog box. You’ll see a varied list of animations and special effects.

IDG

The Performance Options dialog box lets you turn off effects that might be slowing down Windows 10. (Click image to enlarge it.)

If you have time on your hands and love to tweak, you can turn individual options on and off. These are the animations and special effects you’ll probably want to turn off, because they have the greatest effect on system performance:

• Animate controls and elements inside windows
• Animate windows when minimizing and maximizing
• Animations in the taskbar
• Fade or slide menus into view
• Fade or slide ToolTips into view
• Fade out menu items after clicking
• Show shadows under windows

However, it’s probably a lot easier to just select Adjust for best performance at the top of the screen and then click OK. Windows 10 will then turn off the effects that slow down your system.

12. Disable transparency

In addition to turning off shadows, animations, and visual effects, you should also disable the transparency effects that Windows 10 uses for the Start menu, the Taskbar, and the Action Center. It takes a surprising amount of work for Windows to create these transparency effects, and turning them off can make a difference in system performance.

To do it, from Settings, choose Personalization > Colors, scroll down to “Transparency effects” and move the slider to Off.

IDG

Turning off Windows 10’s transparency effects can help speed up performance. (Click image to enlarge it.)

13. Update your device drivers

Windows 10 can take a big performance hit if it’s using outdated drivers. Installing the latest ones can go a long way towards speeding it up. Particularly problematic are graphics drivers, so those are the ones you should make sure to update. To do it:

1. Type devmgmt.msc into the Search box and click the Device Manager icon that appears in the right pane.
2. Scroll to the Display Adapters entry and click the side-facing arrow to expand it.
3. Right-click the driver that appears.
4. From the context menu that appears, select Update driver.
5. You’ll be asked whether to have Windows search for an updated driver or if you want to find one and install it manually. Your best bet is to let Windows do the work. Follow the on-screen instructions to install the driver.

IDG

Updating your device drivers with the Device Manager can give Windows 10 a speed boost. (Click image to enlarge it.)

You can do this to update all your drivers, not just graphics-related ones. It can take a while to do that one by one using the Device Manager, so you might want to use Windows Update to do it for you instead.

1. Launch the Settings app and select Update & Security > Windows Update.
2. Select Advanced Options > View optional updates > Driver updates. A list of all driver updates that Windows has found but hasn’t installed appears.
3. Select any of the drivers you want to install and click Download & Install.

IDG

Windows Update finds drivers you might want to update. (Click image to enlarge it.)

14. Turn on automated Windows maintenance

Every day, behind the scenes, Windows 10 performs maintenance on your PC. It does things like security scanning and performing system diagnostics to make sure everything is up to snuff — and automatically fixes problems if it finds them. That makes sure your PC runs at peak performance. By default, this automatic maintenance runs every day at 2:00 a.m., as long as your device is plugged into a power source and is asleep.

There’s a chance, though, that the feature has been accidentally turned off or you haven’t had your PC plugged in for a while, so the maintenance hasn’t been done. You can make sure it’s turned on and runs every day, and run it manually if you’d like.

Run the Control Panel app and select System and Security > Security and Maintenance. In the Maintenance section, under Automatic Maintenance, click “Start maintenance” if you want it to run now. To make sure that it runs every day, click “Change maintenance settings,” and from the screen that appears, select the time you’d like maintenance to run, and check the box next to “Allow scheduled maintenance to wake up my computer at the scheduled time.” Then click OK.

IDG

You can designate a time each day for Windows to run its maintenance tasks. (Click image to enlarge it.)

15. Kill bloatware

Sometimes the biggest factor slowing down your PC isn’t Windows 10 itself, but bloatware or adware that takes up CPU and system resources. Adware and bloatware are particularly insidious because they may have been installed by your computer’s manufacturer. You’d be amazed at how much more quickly your Windows 10 PC can run if you get rid of it.

First, run a system scan to find adware and malware. If you’ve already installed a security suite such as Norton Security or McAfee LiveSafe, you can use that. You can also use Windows 10’s built in anti-malware app — just type windows security in the search box, press Enter, and then select Virus & threat protection > Quick Scan. Windows Defender will look for malware and remove any it finds.

It’s a good idea to get a second opinion, though, so consider a free tool like Malwarebytes Anti-Malware. The free version scans for malware and removes what it finds; the paid version offers always-on protection to stop infections in the first place.

IDG

Malwarebytes Anti-Malware is a useful application that will scan for and fix Windows 10 PC problems. (Click image to enlarge it.)

Now you can check for bloatware and get rid of it. A good program to do that is PC Decrapifier. And Should I Remove It? is a website that offers advice on what files may be malware or bloatware.

For more details about removing bloatware, check out Computerworld’s article “Bloatware: What it is and how to get rid of it.”

16. Defrag your hard disk

The more you use your hard disk, the more it can become fragmented, which can slow down your PC. When a disk gets fragmented, it stores files willy-nilly across it, and it takes a while for Windows to put them together before running them.

Windows 10, though, has a built-in defragmenter you can use to defragment your hard disk. You can even tell it to run automatically so it stays constantly defragmented.

To do it, type defrag into the search box and press Enter. From the screen that appears, select the drive you want you want to defragment. Click the Optimize button to defragment it. Select multiple disks by holding down the Ctrl key and clicking each one you want to defragment.

If you want to have your disk or disks defragmented automatically, click the Change settings button, then check the box next to Run on a schedule. Now select the frequency at which you want the disk(s) defragmented by clicking the drop-down next to Frequency and selecting Daily, Weekly, or Monthly. (Weekly will be your best bet.) From this screen you can also choose multiple drives to defragment.

Note: If you have an SSD, defragging won’t offer any noticeable performance boost, and it could cause wear on the disk. So it’s not worth your while to defrag SSDs.

IDG

You can set Windows 10’s built-in disk defragmenter to run automatically on a schedule. (Click image to enlarge it.)

17. Disable Game Mode

If you’re a serious gamer, you probably know all about Game Mode, which optimizes your PC for playing games. That’s great for when you’re doing just that, but it can slow down your system when you’re not playing because it keeps some system resources in reserve in case you start playing a game and has occasionally been linked to stability issues. So turning off Game Mode can give your PC a quick boost. (You can always turn it back on again when you want to play a game.)

Game Mode is turned on by default, so even if you’ve never played a game on your PC, it’s probably enabled. To turn it off, go to Settings > Gaming > Game Mode and move the Game Mode slider to Off.

IDG

Turning off Game Mode can give your PC an instant boost. (Click image to enlarge it.)

18. Shut down and restart Windows

Here’s one of IT’s not-quite-secret weapons for troubleshooting and speeding up a PC: Shut it down and restart it. Doing that clears out any excess use of RAM that otherwise can’t be cleared. It also kills processes that you might have set in motion and are no longer needed, but that continue running and slow your system. If your Windows 10 PC has turned sluggish over time for no apparent reason, you may be surprised at how much more quickly it will run when you do this.

Try just some of these tricks, and you’ll find that you’ve got a faster Windows 10 PC — and one that is less likely to have any reliability problems.

This article was originally published in February 2016 and most recently updated in December 2023.

Computers, Microsoft, Small and Medium Business, Windows, Windows 10

Google has rolled out a premium tier for Chrome Enterprise, offering additional security features for the popular web browser.

Google launched Chrome Enterprise in 2017 as a business-focused edition of its Chrome browser with built-in management features for IT admins and security teams. On Tuesday, Google unveiled Chrome Enterprise Premium, promising enhanced security with features not available in the core version. 

This includes malware deep scanning, data loss prevention, the ability to filter URLs based on website category, and “context-aware access controls” that help enforce zero-trust access to cloud applications. There are also additional controls that enable admins to enforce enterprise policies and manage software updates, Google said. 

The growth in remote work has created new challenges around endpoint security, Parisa Tabriz, Google’s vice president for Chrome, said in a blog post, with businesses forced to contend with variety of employee devices outside of an organization’s managed fleet. “As these trends continue to accelerate and converge, it’s clear that the browser is a natural enforcement point for endpoint security in the modern enterprise,” she said. 

Indeed, with many business apps running in the cloud, the browser is becoming the entire endpoint environment for many end users, said Phil Hochmuth, research vice president for endpoint management and enterprise mobility for IDC. The new features will allow IT and security teams to manage browsers “like a PC endpoint,” he said, “allowing for granular access control, data protection and usage polices to be applied to the Enterprise Chrome browser environment separately from the underlying hardware device.”

When managed-device-level security can be enforced at the browser level, he said, it’s possible to extend corporate apps and data access to more types of users, including  remote or contract workers with BYOD endpoints. “It can help workers become more productive with a more flexible, but secure and managed, computing environment,” said Hochmuth.

Chrome Enterprise Premium is generally available now, with prices starting at $6 per user, per month. 

Browser Security, Chrome, Enterprise Applications, Google, Vendors and Providers

As Apple becomes more deeply embedded in increasingly regulated enterprises, IT needs new tools for security compliance to keep their fleets in shape. Jamf introduced a batch of solutions to achieve this at a special event this week. I spoke again with Michael Covington, vice president of portfolio strategy at Jamf, to learn more about what the company has made available.

“We see organizations of all sizes struggle to establish good security hygiene for their Apple devices,” Covington said. “Our research shows 39% of organizations operate at least one device with known vulnerabilities, so improving basic endpoint configuration is low hanging fruit for security teams, and it can significantly improve their overall risk posture.”

What has Jamf introduced?

Jamf announced the following:

• A Compliance Dashboard in Jamf Protect that lets admins monitor their fleet against CIS benchmarks.
• The new Compliance Editor in Jamf Pro that lets admins deploy configuration files to bring mobile device in line with CIS benchmarks. This makes it easy for admins to select a baseline security standard and push it to all users. The idea is that organizations can ensure their fleets are compliant with relevant security standards.
• Jamf Routines, a new Jamf Pro tool that offers new no-code automations and integrations, such as between Jamf and Slack or Teams. This helps keep those devices in compliance with security benchmarks.
• App Version Control within App Installers, which puts admins in charge of app deployments and upgrades. Typically, some admins might want to test new application software updated across small groups before approving installation across the company. This tool helps them do that.

Privilege Elevation

The company also introduced a new Privilege Elevation tool in Jamf Connect for Macs. This lets IT assign admin privileges to users on a temporary basis. Covington explained what this is for: “There are many scenarios where a user could benefit from having ‘admin’ privileges, but granting permanent access presents a real security risk, both because of the damage that could be done accidentally and because of the risk of credential compromise with an active attacker.”

At the same time, a lack of admin access can be challenging. “System updates like adding a printer, installing a third-party app, or changing various settings are all fairly routine and benign, but may be unavailable when the organization enforces the principle of least privilege,” he said. “Privilege Elevation enables end users to receive elevated privileges on-demand, without requiring ad-hoc IT intervention. When scoped with this feature, users will be able to temporarily acquire local admin rights for a configurable amount of time. The feature includes safeguards and audit trails to reduce misuse and monitor for compliance.”

On Apple Watch and Vision Pro in business

From the thousands who took an interest in an earlier plea for device management support in Vision Pro  and Apple’s subsequent introduction of such support, we know that plenty of businesses are now making use of iPhones, iPads, and Macs at work. 

This extends to Apple Watch also, which is why Jamf now supports device management of that device. “We have seen some very clever solutions developed around the Apple Watch, with industries like aviation and medicine truly treating the device like a wearable computer instead of a timepiece,” Covington said. “Businesses that want to deploy the Apple Watch at scale will need management to do so. Jamf’s implementation is built on modern Declarative Device Management workflows and includes the ability for applications to utilize a secure enterprise VPN to access rich datasets.”

Covington confirmed his company is seeing its business clients begin to explore the potential of Vision Pro. He pointed to several industries — medical, education, field service and maintenance — already known to be using the device, saying:

“The key to extracting maximum value from a device like the Vision Pro is to develop a transformational application for the business, which typically requires secure access to critical enterprise data. As new applications are developed and tested, organizations are finding that they must manage and secure these new devices just like every sanctioned device in the business.”

Apple in the enterprise

It’s always good to get a reality check from Jamf concerning Apple’s enterprise markets. On the back of its success in mobile products and growing support for employee choice schemes, the company has done a great job of building a bridgehead into the industry, supported by third parties such as Jamf.

“Apple has made some tremendous strides in the enterprise over the past several years,” said Covington. “Their strength was initially in mobility, with businesses choosing the iPhone to enable a mobile workforce. But that position has expanded to both line of business solutions (often build around iPad) and to primary compute (with the MacBook becoming a de facto device choice for many users).”

The result (as regular readers may already recognize) is that, “Apple’s devices are no longer for niche use cases or hyper-specific user groups. They are now used to empower work in all corners of the business. With the recent introduction of enterprise support on both Apple Watch and the Vision Pro, it will be interesting to see what new enterprise use cases emerge for Apple to tackle in the future.”

Covington also confirmed the introduction of Apple Silicon chips in Macs helped spur interest across the enterprise, saying Jamf has seen the move accelerate employee choice programs. “Apple continues to outpace rivals with the overall compute experience they are offering professionals, with amazing hardware that comes to life through tightly integrated software, applications, and services,” he said.

Please follow me on Mastodon, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.

Apple, Enterprise Applications, Enterprise Mobile Management, iOS, IT Management, IT Operations, Vendors and Providers

An active Android malware campaign dubbed eXotic Visit has been primarily targeting users in South Asia, particularly those in India and Pakistan, with malware distributed via dedicated websites and Google Play Store. Slovak cybersecurity firm said the activity, ongoing since November 2021, is not linked to any known threat actor or group. It's tracking the group behind the operation under the

An active Android malware campaign dubbed eXotic Visit has been primarily targeting users in South Asia, particularly those in India and Pakistan, with malware distributed via dedicated websites and Google Play Store. Slovak cybersecurity firm said the activity, ongoing since November 2021, is not linked to any known threat actor or group. It's tracking the group behind the operation under the Newsroomhttp://www.blogger.com/profile/[email protected]

Cybersecurity researchers have discovered a new Raspberry Robin campaign wave that has been propagating the malware through malicious Windows Script Files (WSFs) since March 2024. "Historically, Raspberry Robin was known to spread through removable media like USB drives, but over time its distributors have experimented with other initial infection vectors," HP Wolf Security researcher Patrick

Cybersecurity researchers have discovered a new Raspberry Robin campaign wave that has been propagating the malware through malicious Windows Script Files (WSFs) since March 2024. "Historically, Raspberry Robin was known to spread through removable media like USB drives, but over time its distributors have experimented with other initial infection vectors," HP Wolf Security researcher Patrick Newsroomhttp://www.blogger.com/profile/[email protected]

Canonical has launched Ubuntu Pro for Devices , a comprehensive offering emphasizing security and compliance for IoT device deployments. This initiative aims to provide 10 years of security maintenance for Ubuntu and thousands of open-source packages, along with device management capabilities through Landscape , a systems management tool by Canonical. Ubuntu Pro also ensures that IoT devices receive reliable security patches from a trusted source.

Threat actors are now taking advantage of GitHub's search functionality to trick unsuspecting users looking for popular repositories into downloading spurious counterparts that serve malware. The latest assault on the open-source software supply chain involves concealing malicious code within Microsoft Visual Code project files that's designed to download next-stage payloads from a remote URL,

Threat actors are now taking advantage of GitHub's search functionality to trick unsuspecting users looking for popular repositories into downloading spurious counterparts that serve malware. The latest assault on the open-source software supply chain involves concealing malicious code within Microsoft Visual Code project files that's designed to download next-stage payloads from a remote URL, Newsroomhttp://www.blogger.com/profile/[email protected]

Google has added a new way for Workspace users to access generative AI (genAI) features for collaboration without requiring a full subscription to its Gemini AI assistant. 

The AI Meetings and Messaging add-on, which costs $10 per user per  month, offers a range of Gemini features via Google’s Meet video conferencing tool, with functionality for Chat  —  the team messaging app in Workspace —  to follow eventually.  

Features for Google Meet include generative backgrounds, AI-powered video quality enhancements, an automated caption translation (available now in preview), and automated note-taking during meetings (available in June). Also in the pipeline is an adaptive audio feature (set for general availability next month) and a screenshare watermark to help prevent data leakage (expected in the third quarter of the year).

Google will include offer automated translation of messages and conversation summaries in Google Chat as part of the add-on once the features are available later this year. 

At $10 a month, the add-on provides a lower-cost route for businesses to access Google’s Gemini AI features.  By comparison, the full Google Gemini for Workspace (formerly Duet AI) costs $30 per user each month for large enterprises, or $20 for smaller businesses. Customers on these plans have access to a wider range of genAI features, helping users write emails in Gmail, draft text in Docs, and generate images in Slides, for instance. 

“I believe that companies who upgrade with the AI and meetings offering —  and foster their use and adoption internally — will see significant time savings benefits that will justify spending for the benefit,” said Wayne Kurtzman, research vice president social, communities and collaboration  at IDC. 

The AI Meetings and Messages option is one of two Workspace add-ons announced during the Google Cloud Next ’24 event this week. Also available is a new AI Security add-on; it also costs $10 per user/month and will “automatically classify and protect sensitive files” stored in Google Drive, Google said.

Other updates to Workspace announced at Cloud Next include voice inputs for Gmail’s “help me write” AI feature, which promises to turn voice notes into a complete email, and a new “building blocks” feature coming to Sheets to help users create spreadsheets from scratch. It offers templates for project management, event planning, and more. Also coming in a few weeks is a tabs feature for Docs, making it easier to organize information instead of linking to multiple documents, Google said. 

Google introduces new Workspace app: Vids

Google has also developed a new Workspace app, Vids, that aims to simplify video creation. Vids provides guidance when producing and editing video content for the workplace such as videos for staff onboarding, learning and development, or sales pitches. The AI assistant can create a storyboard and suggest background images, for instance, and offers pre-set voiceovers to narrate a video. 

“Vids will sit alongside our other productivity tools like Docs, Sheets, and Slides,” Aparna Pappu, general manager and vice president for Google Workspace, said in a blog post.  “Like them, it includes a simple, easy-to-use interface and the ability to collaborate and share projects securely from your browser. 

“It’s an entirely new app that can help anyone become a great storyteller at work,” Pappu said.

“Google Vids underscores the multimodality of Google Gemini,” said Kurtzman. “Vids is an easy to use, enterprise video storytelling platform that leverages Gemini to stay on brand and deliver significant time savings.”

Google Vids will be available to Workspace customers in June. 

Collaboration Software, Enterprise Applications, G Suite, Generative AI, Google, Office Suites, Vendors and Providers, Video Editors

The recently uncovered "Native Branch History Injection (BHI)" exploit against the Linux kernel marks a significant milestone in the ongoing battle against Spectre v2 vulnerabilities. Researchers have revealed that BHI can bypass existing Spectre v2/BHI mitigations to read sensitive data from the memory of Intel systems.

The need for vCISO services is growing. SMBs and SMEs are dealing with more third-party risks, tightening regulatory demands and stringent cyber insurance requirements than ever before. However, they often lack the resources and expertise to hire an in-house security executive team. By outsourcing security and compliance leadership to a vCISO, these organizations can more easily obtain

The need for vCISO services is growing. SMBs and SMEs are dealing with more third-party risks, tightening regulatory demands and stringent cyber insurance requirements than ever before. However, they often lack the resources and expertise to hire an in-house security executive team. By outsourcing security and compliance leadership to a vCISO, these organizations can more easily obtain The Hacker Newshttp://www.blogger.com/profile/[email protected]

Your deep generative AI (genAI) large language model (LLM) knowledge and experience could set you up for a $1 million pay day.

The Wall Street Journal reported recently that software engineers who are experienced in training LLMs and who can rectify troublesome genAI problems, such as “AI hallucinations,” are in extremely high demand. According to the publication, the industry is willing to pay over $1 million in salary, bonus, and accelerated stock options to the most experienced individuals. 

“There is a secular shift in what talents we’re going after,” Naveen Rao, head of generative AI at Databricks, told the Journal. “We have a glut of people on one side and a shortage on the other.” Rao says there might be only a couple of hundred people out there who are qualified.

Meta CEO Mark Zuckerberg has sent emails directly to top people at Google’s DeepMind in an attempt to persuade them to accept Meta’s AI-related job offers. Google’s Sergey Brin personally called a Google employee who was leaving for OpenAI and — by offering a pay increase and other perks — persuaded the employee to remain at Google.

It’s not just Meta and Google that are after the top minds in genAI; start-ups, large corporate entities and even whole countries are after the best AI talent. There are reports of companies trying to hire away whole genAI teams from their competitors. 

The competition isn’t just about employees. Meta is also apparently seeking to corner the market on Nvidia H100 AI GPUs, which cost $30,000 each. The company placed an order with Nvidia for 350,000 units for 2024 (amid estimates that put Nvidia’s entire 2023 run of H100 AI GPUs at about 550,000.)

GenAI job seekers: Beware

Be wary of career fads built on knee-jerk assumptions about how AI will take over the business world. Companies need top expertise now, and are willing to pay for it; but what happens when companies reach their genAI goals? Are they going to keep paying you a pretty penny in perpetuity? Or will they look for a way out when the urgent need is no longer so urgent?

AI is on a fast track, but hype and immaturity could derail it. It’s human nature to amp up the outlook of emerging technologies and fast-moving tech trends. A lot of things are being predicted right now about where AI will take us. Hint: some of them won’t be true. 

“Historically, academia was at the heart of breakthroughs in machine learning models, with universities and research institutions leading the charge,” Neil C. Hughes writes in Techopedia. In recent years, the tech industry has taken over the AI innovation lead. One reason for that: academic institutions can’t afford the price of admission for hardware. This discrepancy results in a significant skills gap, in which competencies taught through standard educational methodologies fall short of the industry’s current requirements for AI technology, Hughes adds. 

The upshot: many of our teaching institutions can’t deliver the pertinent in-depth training needed by software engineering students and those looking to upskill with genAI.

For now, the nuances of building and managing LLMs are known to only a small fraction of the workforce; ultimately, companies need to rethink and reconsider how to get much better at upskilling and training their employees for the roles that need filling in a genAI world. 

Closing the AI skills gap

To some extent, chasing the small number of experienced genAI experts is a bit like rearranging deck chairs on the Titanic. AI is a huge wave of disruption that will transform many aspects of business globally. According to research by IBM, executives estimate that 40% of their workforces will need to reskill over the next three years as a result of implementing AI. This is the chief challenge businesses need to focus on. 

Although many companies have not yet come to terms with how to address AI upskilling and reskilling, it’s dawning on them that the knowledge that needs to be imparted can only partially be handled in traditional ways. 

According to Boston Consulting Group, the average half-life of skills is under five years, and in some tech fields it’s as short as two and a half years. Skills will overtake degrees as the key signposts on resumés leading to employment. And the focus of upskilling and reskilling should be on genAI skills needed by your company, not generic AI training. Some even foresee a new skills-based economy, where skills become equivalent to currency.

A few forward-thinking companies such as Amazon, Ericsson, and Vodaphone are operating internal AI upskilling programs, but a lot more needs to be done. By and large, companies aren’t yet meeting the needs of workers, who would very much like AI upskilling. Worldwide, almost 80% say their AI training is insufficient, according to an OliverWyman Forum report.

It’s time for companies to invest in genAI and machine learning/deep learning and put their money where their mouths are to build internal training programs for employees. Given where the tech industry is headed with genAI, it’s the smart bet, both for companies and the people who’ll lead them to success.

Generative AI, Industry, IT Skills, IT Training , Technology Industry

Connected, data-intensive and ubiquitous, endpoint devices — ranging from PCs and smartphones to internet of things (IoT) devices — are among the most valuable IT assets an organization can have. For a growing number of enterprises, unified endpoint management (UEM) is the platform of choice for managing endpoints and keeping them from becoming security, privacy, and regulatory compliance risks.

UEM explained

UEM platforms are software suites that provide a single management interface for the oversight of endpoint devices within an organization. These systems evolved from and in many cases are replacing mobile device management (MDM) and enterprise mobility management (EMM) tools.

MDM products control the functionality of mobile devices and include features such as device enrollment, remote control, device lockdown, and location tracking. EMM platforms provide those features in addition to mobile information management, mobile application management, and mobile content management.

UEM takes things a step further, expanding the enterprise mobility management spectrum to include not just mobile devices, but also desktop and laptop computers, printers, wearables, and IoT devices — all through a single management console.

Why enterprises need UEM

There’s no question that organizations need to manage and protect endpoint devices. Users are accessing corporate networks and data from an expanding array of devices — Windows PCs, Macs, Chromebooks; iOS and Android phones and tablets; and even AR/VR headsets such as Meta’s Quest 3 and Apple’s Vision Pro. More people are working remotely or in hybrid work environments, and in many cases using their personal devices. In addition, many companies are launching IoT and edge computing initiatives.

These endpoints are major security risks, especially when employees are using their own devices for work. That’s a key reason why managing the large and growing number of endpoint devices is so important for enterprises. UEM platforms are designed to simplify the management of devices and enhance the security of heterogeneous environments.

“The modern device management principles of UEM address the changing nature of work­, where employees are remote/hybrid and their devices are ‘off network’ for long periods of time,” says Phil Hochmuth, program vice president, enterprise mobility at research firm IDC.

One of the most important benefits of UEM for enterprises is that it’s preferable to using a multitude of disparate mobility management tools, which can end up increasing costs and decreasing efficiency. Using a single endpoint management tool also makes it easier to ensure that security, privacy, and data governance policies are applied consistently across various platforms and working environments.

“UEM promises to consolidate multiple management systems, teams, and polices, making endpoint management more efficient and workers more productive,” Hochmuth says.

Essential reading

• Enterprise mobility 2024: Welcome, genAI
• Download: UEM vendor comparison chart 2024
• How UEM supports the hybrid workplace
• What is UEM? Unified endpoint management explained
• 8 key technologies for the future of work

Major trends in UEM

One of the most notable trends in the UEM space is the emergence of generative artificial intelligence (genAI). This is not surprising, given that genAI has become a focal point for many organizations over the past year.

GenAI will impact multiple areas of UEM, including script creation, knowledge-based article creation, natural language processing-based querying of endpoint data, and help desk chatbots, according to Andrew Hewitt, principal analyst at Forrester Research.

Although there is much potential for genAI to enhance workplace operations, there has been limited adoption within UEM tool vendors thus far, says Tom Cipolla, senior director analyst at research firm Gartner. Gartner expects this to quickly change as vendors realize the added revenue opportunities associated with genAI-augmented tools, he says.

Because the UEM market is highly mature, “we see a new iteration on the horizon, appropriately labeled autonomous endpoint management [AEM],” Cipolla says. AEM combines the most effective features from UEM and digital employee experience (DEX) tools with AI and machine learning to accelerate endpoint patching, configuration, and experience management, he says.

“AEM will eventually replace traditional tools and architectures with lightweight, cloud-based, intelligence-powered capabilities,” Cipolla says. “Though AEM platforms are not yet widely available and product definitions are inconsistent amongst vendors, several are introducing their initial offerings for this new market. Organizations considering UEM tools should evaluate vendor roadmaps to determine if they will provide AEM functionality.”

In the meantime, pricing of UEM platforms is on the rise, Cipolla says. Most vendors have instituted price increases to keep pace with inflation and rising costs, he says. In addition, he says, perpetual licensing continues to be phased out in favor of subscription-based licensing.

How to choose UEM software

UEM platforms from the leading vendors have much in common, but of course no two offerings are exactly alike. IT leaders need to thoroughly evaluate the options in the market.

It’s a good practice to conduct a proof of concept or pilot test before committing to a broad rollout of a platform, because switching platforms later in the process might be difficult and costly. A pilot program is also a good way to determine which features and capabilities the enterprise needs most.

When evaluating UEM options, pay particular attention to these key factors:

1. Operating system support. A UEM platform should support a broad variety of operating systems, including Windows, macOS, ChromeOS, iOS, and Android. Enterprises want to provide employees with choices, especially when it comes to device operating systems, Hewitt says.

Some platforms support various operating systems with different levels of granularity and features, Hochmuth says. Some endpoint management vendors focus specifically on a certain device vendor or operating system, such as Apple or Android, he says.

2. Integration with other IT products. How well does the UEM platform work with other IT components such as ticketing systems and security tools? Integration with other products is important, and whether a vendor has partnerships with other platforms used to support IT is a key consideration, Hochmuth says. Many vendors offer UEM along with other products and have strong integration among them, he says.

3. Device security policies. Organizations must have the ability to set policies regarding jailbreaking, root detection, password setting, mobile threat detection, malware detection, anti-phishing, and so on, Hewitt says. Given that much corporate data is outside the firewall boundaries of an enterprise, ensuring mobile device security is vital, he says.

In addition, platforms need built-in policy templates to enforce common security framework baselines, Cipolla says. This can simplify security decisions and provide auditable compliance with well-established standards.

“Many UEM tools now include the ability to apply the security framework baseline directly to a device or a group of devices,” he says. “This ensures that the organization’s devices will be protected, even as the baseline changes.”

4. Management automation. Organizations continue to look for ways to reduce costs when it comes to deploying devices, and automation provides an opportunity to do that. These capabilities enable a fully automated deployment to occur quickly, Hewitt says. That means employees get devices faster and administrators spend less time on deployment.

5. Real-time telemetry collection. UEM should be able to do things like understand the end-user experience, automate issues, and improve root cause analysis, Hewitt says.

“The collection of real-time data, particularly DEX data, is a new trend that is hitting the UEM market,” Hewitt says. “With the rise of AI, these tools need as much data as possible to drive automation across the stack.”

6. Pricing. The cost of technology investments is always top of mind with IT and business leaders, and UEM platforms should be no exception. Some UEM platforms are relatively low cost if bundled with other products sold by the vendor, Hochmuth says. He recommends looking for a per-user pricing model rather than per-device pricing model. That’s because most users need to access multiple devices for work.

7. Regulatory compliance certification. Many organizations, particularly those in the federal government or in regulated industries, need to be compliant with multiple regulations governing functions such as data privacy and security. UEM platforms that are certified under the Federal Risk and Authorization Management Program (FedRAMP) or other certification initiatives can help ensure that all devices in an organization are up to date and compliant with relevant regulations.

Organizations in government and financial services typically look for these types of certifications because they verify that a UEM platform has been tested and secured, Hewitt says.

8. Conditional access. Another factor to consider is whether the UEM platform can enforce conditional access policies across all devices, apps, networks, etc. Conditional access — which enables organizations to look across a multitude of conditions to decide whether individual employees can access certain resources — is the foundation of an enterprise mobility strategy, according to Hewitt. If any of the conditions are noncompliant, access is blocked.

9. Support for remote environments. With hybrid work environments the norm, a lot of employees will continue to work remotely at least part of the time. Thus, it’s important for IT administrators to be able to troubleshoot endpoint devices in both on-premises and remote locations, which can improve user experience and limit downtime, Hewitt says.

10. Current or upcoming AEM features. Evaluate a vendor’s road map to determine if it includes emerging autonomous endpoint management features, Cipolla says. These include:

• Automated patch availability detection via AI
• The ability to predict the likelihood of deployment success and the level of performance impact based on demonstrated external and internal success metrics
• The ability to monitor device performance and employee sentiment post patching to detect impacts
• Customizable automation controls to adapt to an organization’s desired level of control

13 leading UEM vendors

The key players in the UEM market are for the most part the same companies that held leadership positions in the MDM/EMM segment. To get you started in your research, here are brief descriptions of the major UEM platforms available. (This list does not include management platforms that specialize in a single OS or vendor ecosystem, such as Apple MDM products.)

You can also download a detailed comparison chart that shows the features and functions offered by eight of the largest UEM vendors.

42Gears: 42Gears UEM supports Android, iOS, macOS, Windows, and Linux, and is designed to make it easier for enterprises to migrate from legacy platforms such as Windows 7 to an EMM-compliant version such as Windows 10. It offers a single platform to manage all endpoints, including desktops/laptops, employee-owned devices, IoT devices, sensors and gateways, ruggedized devices, wearables, and printers.

BlackBerry: BlackBerry UEM is a multiplatform system that provides device, app, and content management with integrated security and connectivity, and helps organizations manage iOS, macOS, Android, Windows, and ChromeOS devices. Key features include a single user interface, secure IP connectivity, user self-service, role-based administration, and company directory integration.

Cisco Meraki: Systems Manager, Meraki’s cloud-based UEM platform, provides central provisioning, monitoring, and securing of all endpoint devices within an organization, while keeping the enterprise network aware of constantly changing devices. The platform supports management of iOS, Android, Windows, macOS, and ChromeOS environments. The Meraki cloud dashboard enables configuration and monitoring from a single console.

Google: Endpoint Management (part of the Workspace Suite) works on Android, iOS, ChromeOS, macOS, and Windows devices. Administrators can enforce policies across both Android and iOS, and distribute apps from the Admin console on Google Play or Apple’s App Store. Access from any Windows, macOS, Chrome OS, and Linux device is logged and can be blocked if needed. Certain advanced features are available only with Business and Enterprise licenses.

HCL Technologies: HCL BigFix Endpoint Management enables organizations to fully automate discovery, management, and remediation of endpoint issues, regardless of location or connectivity. Features include BigFix Insights, which lets organizations quickly visualize risks as well as costs, and multicloud management, which gives administrators 360-degree visibility, control, and compliance enforcement of both cloud and on-premises endpoints.

IBM: IBM Security MaaS360 is a cloud-based UEM platform that enables organizations to secure smartphones, tablets, laptops, desktops, wearables, and IoT devices. AI and predictive analytics provide alerts to potential endpoint threats and remediation to avoid security breaches and disruptions. MaaS360 protects apps, content, and data. The platform supports Windows, macOS, ChromeOS, Linux, Android, iOS, and other operating systems.

Ivanti: Ivanti Unified Endpoint Manager is designed to simplify enterprise mobility, applying policies and personalization across all devices. Companies can use the system’s artificial intelligence to determine which users and devices get what type of access. The platform supports Windows, macOS, ChromeOS, Linux, iOS, Android and several other operating systems. Administrators can gather detailed device data, automate software and operating system deployments, personalize workspace environments, and address user issues.

ManageEngine: ManageEngine Desktop Central, a UEM platform from the IT management division of Zoho Corp., helps organizations manage servers, laptops, desktops, smartphones, and tablets from a central location. Enterprises can automate endpoint management routines such as installing patches, deploying software, and imaging and deploying operating systems. The platform also provides management of IT assets and software licenses, remote desktop control, and software usage monitoring. It supports Windows, macOS, Linux, ChromeOS, Android, and iOS, among other operating systems.

Matrix42: Matrix42 Unified Endpoint Management supports Windows, macOS, ChromeOS, Android, iOS, and iPadOS and can be accessed from the cloud, on-premises, or in a hybrid environment. The platform provides automatic deployment of devices and applications, real-time reports and analysis on usage, and access control for applications and sensitive data. Data is encrypted on mobile devices, and personal and business data are separated on BYOD devices.

Microsoft: Microsoft Intune, a cloud-native management tool for Windows, macOS, Linux, iOS, and Android devices, also includes Microsoft Configuration Manager for on-premises endpoints. Enterprises can configure specific policies to control applications, such as preventing emails from being sent to people outside the organization. On personal devices, Intune helps make sure an organization’s data stays protected and can isolate organization data from personal data.

Sophos: Sophos Mobile supports the management of Windows, macOS, iOS, and Android devices, providing configuration and policies, inventory and asset management, and detailed reporting on device usage. Organizations can install, remove, and view apps; use containers to manage content; provide compliance rules and remediation; and protect against threats such as malware and phishing.

SOTI: The SOTI ONE Platform allows companies to securely manage any device or endpoint, including IoT devices, with any form factor throughout its entire lifecycle. Supported OSes include Windows, macOS, Linux, Android, iOS, iPadOS, Zebra, and more. The platform features SOTI XSight, a diagnostic help desk tool that lets technicians analyze, troubleshoot, and resolve mobile device and app issues from anywhere at any time.

VMware: VMware Workspace ONE is a cloud-based platform for managing desktop, mobile, rugged, wearable, and IoT devices. It supports operating environments including Android, iOS, Windows, macOS, ChromeOS, and Linux. The platform offers data protection against security threats with conditional access and compliance policies, with a Privacy Guard feature designed to manage privacy policies. Among the first UEM vendors to offer genAI-powered scripting capabilities, VMware was purchased by Broadcom in 2023, with a sale now pending to investment firm KKR.

This article was initially published in October 2021 and updated in April 2024.

Related: Download our UEM vendor comparison chart

Endpoint Protection, Enterprise Buyer’s Guides, Enterprise Mobile Management, IT Management, IT Operations, Mobile Management, Security, Universal Endpoint Management, Vendors and Providers

If you’ve spent much time wading around this warbly ol’ web of ours lately, you might be feeling a teensy sense of unease over your internet browsing history.

The reason, in case you’ve been living under a metaphorical boulder for the past several days, is the revelation of a new legal settlement related to Google’s Chrome browser and its incognito browsing mode.

Or, to more accurately reflect the most common drive-by misinterpretation of the news: “Google is, like, totally spying on you, bro! Everything you do in incognito mode is being logged to your account and sneakily used for advertising, and all your deepest, darkest web browsing secrets have probably been sold to other privacy-prying companies already.”

It may sound outlandish to the level-headed among us, but the existence of this distortion is no exaggeration. I’ve lost count of the number of news articles, blogs, and social media mentions that convey these exact conclusions — sometimes even whilst including the very facts that contradict them and suggest (gasp!) a far more nuanced and less shocking reality. (Imagine that!)

So before you sever all connections, blow your browser to smithereens, and take shelter in the nearest metaphorical bunker, allow me to provide a teensy bit of desperately needed perspective.

[Get level-headed knowledge in your inbox every Friday with my free Android Intelligence newsletter. Tips, insights, and other tasty treats await!]

The Google Chrome incognito lowdown

First things first, let’s take a sec to catch up on the Chrome incognito quandary and what exactly has transpired.

Last week, a legal filing let us in on the fact that Google had settled a lawsuit claiming the company had been misleading users about the nature of Chrome’s incognito mode and causing them to believe their incognito browsing was entirely “private” and invisible to everyone.

As part of that settlement, Google agreed to delete “billions” of data records related to incognito browsing and to bring a beefier disclosure into Chrome’s incognito splash screen that explains how incognito browsing actually works. It also agreed to block third-party cookies by default for Chrome users when incognito mode is activated — a change it’ll maintain for the next five years, at a minimum. And it agreed to stop using internal systems that were able to detect when a user was browsing incognito and make note of that selection.

That’s the gist. Now, from that, people — even prominent news websites! — are concluding that Google was collecting all sorts of details around incognito web activity, associating it with users’ broader Google advertising profiles, and then somehow even selling it or otherwise sharing it directly with other companies.

Sensational of a story as that may make, none of it appears to be accurate. And, based on all the available info out there, most of the panic around this saga seems to be a case of premature conclusion-jumping along with a healthy pinch of misunderstanding around how the web actually works.

Incognito, unraveled

In reality, y’see, a browser’s incognito mode is all about making sure your activity isn’t logged into the browser itself or any associated profiles. That means when you go incognito, any sites you visit aren’t stored in your local browser history or the history associated with your Google account. And that, in fact, is how incognito mode on Chrome (as well as most other browsers) has always been positioned.

An official statement from a Google spokesperson explicitly confirms this. The broadly cited statement — one I’ve seen mentioned right alongside contradictory conclusions in more than a few respected media outlets — notes that the “technical data” collected from Chrome incognito browsing “was never associated with an individual and was never used for any form of personalization.” That somehow widely glossed over fact is critically important to the actuality of this scenario.

As for the “selling your secrets to the highest bidder” bit, that’s a common misconception around Google and privacy that stretches back decades. And as has always been the case, there’s precisely zero truth to it.

For a quick refresher —  to quote a certain reality-obsessed writer I know:

Google’s always been very clear about the fact that it doesn’t go down that road. It uses customer data only internally, as part of an automated system, to programmatically pick ads it thinks are likely to be relevant and interesting to you based on the sorts of stuff you’ve looked at over time. It does that instead of just serving up random ads that have nothing to do with what you care about, as such non-targeted ads would likely be (a) far less interesting and potentially useful for you and (b) far less effective in terms of their performance.

That, of course, gets at the heart of how Google makes most of its money. And that is how the company’s able to offer us exceptional services like Gmail, Docs, and Photos — not to mention Google Search itself — without charging us to use all of those entities (at least in their core, non-enterprise-oriented forms).

And if that doesn’t assure you enough about the hype vs. reality of this situation, there’s plenty more data-driven info to chew over. (Mmm….data.)

Google’s Chrome incognito settlement, up close and personal

I dug in deeper to the thickly worded legal documents around this settlement to make sure I wasn’t missing anything, and while the heavy legalese is about as fun to digest as a mayonnaise-slathered Linux manual, the actual messaging within it is as clear as can be.

And here’s exactly what it tells us: 

• Data collected while users were in Chrome’s incognito mode did have some manner of “unique identifier” along with a designation that indicated it was seen in incognito mode.
• And Google employees agreed that the incognito mode disclosure could be confusing to users and should be improved (which, notably, it already has).
• But nothing in the settlement document so much as suggests any data was ever associated with any specific user profiles or Google accounts in any way — or that it was ever used for any manner of ad targeting.
• And absolutely nothing suggests any manner of user data at Google’s disposal was ever shared with anyone externally or sold on any level.

Now, the data associated with Chrome incognito activity could be associated with a user — in theory — if someone were to gain access to every shred of information about you and then meticulously line up all the variables to piece a puzzle together. But there’s no indication that anyone ever did that or that Google itself ever so much as attempted to use any of this data as part of ad targeting. And, again, there’s nothing to suggest that any of this data was ever shared outside of Google or used in any nefarious way.

More than anything, it seems like the practical concerns around this mostly come down to a misunderstanding of how the web works.

When you’re browsing the web in Chrome’s incognito mode, that doesn’t mean the various tracking mechanisms on sites around the web are magically eliminated based on your browser setting. So, yes, it is technically possible that your activity could be tracked on some level while you’re in that mode, as any activity could ultimately still be traced back to your IP address — even if you aren’t actively logged into or associated with your standard Google profile at that moment.

The same is true in any browser. That’s why people who really want to protect their privacy and keep activity from being traced back to them rely on a virtual private network, or VPN, to mask their actual IP address as well as more advanced script-blocking mechanisms in addition to simply signing out of their browser’s own local-collection state. And even then, of course, law enforcement or other motivated parties can conceivably still piece things together and trace activity back to its source, if they’re really so inspired.

None of this is a closely kept secret. You can always view your entire Google ad profile anytime to see exactly what the company (thinks it) knows about you — what its algorithms have determined you’re interested in, in other words, based on all the online activity it’s associated with your user profile — and then take control of that to remove inaccurate or unwanted info and customize exactly what types of ads you’re shown.

But, as you’ll see, whatever material you might’ve been viewing incognito won’t be in that list. (And not to worry. I won’t ask for specifics.)

Online privacy is a complicated, nuanced, and very relative subject in our modern-tech era. As usual, though, a little logic, perspective, and level-headed assessment can go a really long way.

Want even more Googley knowledge? Check out my free Android Intelligence newsletter to get next-level tips and insight delivered directly to your inbox.

Browsers, Chrome, Data Privacy, Google, Privacy, Vendors and Providers