By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy

As the infosec community talked about potential cyber attacks leveraging vulnerabilities in antivirus products, Microsoft took notes and started to work on a solution. The company announced that its Windows Defender can run in a sandbox. Antivirus software runs with the highest privileges on the operating system, a level of access coveted by any threat actor, so any exploitable vulnerabilities in these products add to the possibilities of taking over the system. By making Windows Defender run in a sandbox, Microsoft makes sure that the security holes its product may have stay contained within the isolated environment; unless the attacker finds a way to escape the sandbox, which is among the toughest things to do, the system remains safe. Windows Defender has seen its share of vulnerability reports. Last year, Google's experts Natalie Silvanovich and Tavis Ormandy announced a remote code execution (RCE) bug severe enough to make Microsoft release an out-of-band update to fix the problem. In April this year, Microsoft patched another RCE in Windows Defender, which could be abused via a specially crafted RAR file. When the antivirus got to scanning it, as part of its protection routine, the would trigger, giving the attacker control over the system in the context of the local user. Microsoft is not aware of any attacks in-the-wild actively targeting or exploiting its antivirus solution but acknowledges the potential risk hence its effort to sandbox Windows Defender. The rest of this story can be found on OUR FORUM.

With Microsoft looking to bring "console quality" streaming to phones and tablets with Project xCloud, how will the company achieve that when touch controls are still pretty bad? It seems the company is looking to bring physical controllers to mobile devices to offset this problem, according to these Microsoft Research papers. The research paper documents some of the popular solutions to gaming via a touch screen while hailing the Nintendo Switch and PlayStation Portable (PSP) for circumventing touch-based control limitations with full joysticks and buttons. Microsoft built the prototypes out of foam and then had them 3D printed, based on conceptual renders. The work was carried out quite a while ago, back in 2014, but it seems Microsoft Research has resurfaced their efforts recently, noting the recent success of the Nintendo Switch. While this research may be far away from turning into an actual product, it's pretty imperative that Microsoft takes a serious role in exploring how it can improve the way Xbox games will handle on a mobile device to help take Project xCloud mainstream. Touch-based inputs have always felt like a half-way solution and will feel even more like one when they come up against games designed from the ground-up for responsive, tactile inputs. Learn more by visiting OUR FORUM.

The FDA cleared the Microsoft HoloLens for 510(k) clearance to the OpenSight Augmented Reality System. OpenSight is the first AR (augmented reality) application for use in “pre-operative surgical planning.” As outlined in a press release by Novarad, OpenSight uses 2D, 3D, and 4D images overlayed onto patients’ bodies to provide a visual guide on what doctors may encounter internally during surgery. OpenSight uses HoloLens because the headset allows a better experience, allowing to simultaneously visualize 3D patient images in AR and the actual patient. OpenSight aims to improve surgical planning and decrease the amount of time spent in the operating room. Here’s a look at what a doctor would see when using HoloLens with OpenSight. Dr. Wendell Gibby, MD, Novarad CEO, and co-creator of OpenSight, believes that FDA approval will help doctors be better prepared for surgery and be more successful in surgical procedures, reducing the risk of serious complications for the patient. Additionally, OpenSight allows for a multi-user experience using multiple HoloLens headsets that can help create a better environment for teaching and training new doctors. A teaching version of the software is also available for medical students to perform virtual dissections of cadavers. Learn more at OUR FORUM.

Microsoft announced today that Windows Defender is the first antivirus to gain the ability to run inside a sandbox environment. In software design, a "sandbox" is a security mechanism that works by separating a process inside a tightly controlled area of the operating system that gives that process access to limited disk and memory resources. The idea is to prevent bugs and exploit code from spreading from one process to another, or to the underlying OS. A sandbox escape is one of the most complex pieces of exploitation malware, or a hacker can perform, and running programs inside sandboxed environments are considered an optimal security measure and good software architecture. Microsoft says it started working on porting Windows Defender to a sandbox environment after "security researchers both inside and outside of Microsoft have previously identified ways that an attacker can take advantage of vulnerabilities in Windows Defender Antivirus's content parsers that could enable arbitrary code execution." The most infamous of these researchers is Google's Tavis Ormandy, who identified several of these types of vulnerabilities, including one that he labeled "crazy bad." During many of his bug reports, Ormandy had privately and publicly recommended that Microsoft move Windows Defender to a sandbox and prevent attackers from using it as a way to take over Windows PCs. Learn more by navigating to OUR FORUM.

Shadow of the Tomb Raider is, to hear people (including Kotaku’s Stephen Totilo) tell it, pretty good, despite some questionable narrative decisions. Last week, however, it committed a crime that some Steam users decided couldn’t be forgiven: a 34 percent off sale. Cue the review bombs. Shadow of the Tomb Raider came out on 14 September, a little more than a month ago. While a sale is by most measures a good thing for people who buy games, some Steam users had already bought the game at full price before the sale and are now feeling bitter about how quickly the price dropped. “Not a bad game,” reads a negative review posted today. “Not as good as the first two games, but I was an early adopter and the game dropped down by near half price so quickly. Aren’t I a total mug preordering this? Never again, Square Enix.” According to Steam, this person has played the game for nearly 60 hours, so they must have enjoyed it on some level. Though it’d be hard to argue that they didn’t get their money’s worth, their disappointment is understandable. Who wouldn’t feel down about losing out on an extra £15, after all? At the same time, though, it’s not the end of the world, especially if you’re the kind of person who can afford to buy a blockbuster video game at launch. Get caught up on OUR FORUM.

Qualcomm is working on a new powerful processor to give Windows 10 on ARM project a much-needed boost. Qualcomm is planning to unveil the powerful Snapdragon 8180 at its annual convention in Hawaii this December. Qualcomm Snapdragon 8180 or SDM1000 is the rumored name of the company’s next processor for Always Connected PCs and if the reports are believed to be true, it’s expected to use an octa-core CPU with LPDDR4X RAM support. It’s likely that Snapdragon 8180 will power the high-end devices in 2019 and it could be the first powerful SoC from Qualcomm for traditional laptops. It is an eight-core chip that is expected to feature a 15-watt TDP. According to the reports, the Snapdragon 8180 or SDM1000 will provide a clock speed of up to 3.0GHz. The four Kryo Gold cores could reach 3.0GHz and there will be four Kryo Silver cores as well with the clock of up to 1.8GHz. It seems that the cores are internally designated as Gold and Silver to differentiate between them. It will have the Qualcomm Adreno 680 GPU but nothing is known about the integrated graphics unit. The 8.5 billion transistors used in the chip will provide an impressive amount of firepower and this would dramatically improve the Windows 10 on ARM initiative. It also appears that Snapdragon 8180 will support the faster LPDDR4X RAM standard with a 2133MHz clock speed.  This is a significant upgrade from the frequency of around 1866MHz in Snapdragon 850 or 845. The power would boost the performance of the devices with Qualcomm’s Snapdragon processor. Get further details at OUR FORUM.

 

GTranslate