In this episode of “Insights into Technology,” host Joseph Whalen delves into the escalating world of cybersecurity threats with a focus on the alarming rise in credential theft. The discussion covers the intricate details of sneak thief malware and its implications for enterprise environments, as security teams brace for the top 10 MITRE attack techniques.
The episode also delves into the evolving role of artificial intelligence in particle physics, exploring how AI is transforming research at the Large Hadron Collider and its potential to unlock the universe’s deepest mysteries. Additionally, it touches on the ethical considerations and security challenges posed by AI in espionage activities.
Finally, the episode examines Microsoft’s strategic push towards Windows 11, highlighting the hardware requirements and the broader implications for users and organizations facing a significant tech upgrade.
Transcription
00:00:02:16 – 00:00:07:06
Narrator
Insightful podcast.
00:00:07:08 – 00:00:15:24
Narrator
By informative hosts for. All.
00:00:15:27 – 00:00:23:29
Narrator
Insights into things through a podcast network.
00:00:24:01 – 00:00:52:08
Narrator
Welcome to insights into technology. A podcast exploring the latest in computers, networking, home automation, mobile computing. And all things technology related. Our hosts will take a deeper dive into the latest and greatest in tech trends, and give you the information you need to enable your tech centric world.
00:00:52:10 – 00:01:31:08
Joseph
This is insights into technology. Episode 18 Hackers Higgs and the End of Windows. I’m your host, Joseph Whalen. This is your cybersecurity news of the week. Dark reading tells us that credential heists are on the surge. Recent research from Pickens Security, or Pike, is securing T reveals a significant surge in credential stealing malware. In 2024, 25% of analyzed malware targeted users credentials, a three fold increase from 2023.
00:01:31:10 – 00:02:15:16
Joseph
This escalation has propelled credential theft into the top ten techniques of the miter attack framework, accounting for 93% of all malicious cyber activity last year. The study suggests the emergence of, quote, sneak thief malware characterized by enhanced stealth, persistence and automation. On average, these malware samples can perform 14 malicious actions, aiding in evading defenses and exfiltrating data. Notably, the researchers found no evidence of AI driven malware in these attacks.
00:02:15:18 – 00:03:06:25
Joseph
They emphasize the focus on the top ten miter attack techniques can help enterprise security teams thwart 90% of malware threats. So what is sneak thief malware? Well, it’s a newly identified strain of credential stealing malware designed for stealth, persistence and automation. It represents the next evolution in malware the target’s user logging credentials, especially for enterprise environments. The best way to deal with this type of malware include things we’ve talked about already on the podcast, enabling multifactor authentication on all accounts, especially on cloud and enterprise services, and limiting credential storage in browsers and encourage the use of password managers.
00:03:06:26 – 00:03:37:06
Joseph
We haven’t really talked too much about password managers on here. I think we’ll probably have to do a deep dive on these moving forward. They also suggest monitoring for unusual login activity, such as logins from unfamiliar devices or locations. One of the things that we do with my company is we do geo blocking and yeah, geo blocking is almost like security for obscurity since you can get around geo blocks with VPNs pretty easily these days.
00:03:37:08 – 00:04:12:29
Joseph
But for the most part, it does its job from a mass stop standpoint, which is always helpful. The other thing they suggest is regularly update your software. We talk about this all the time. Patches come out on a regular basis. If you’re not applying these patches, test them first. Obviously. I mean, you don’t want to take a patch and throw it out into your production environment without doing some level of testing to make sure it doesn’t break anything in your environment, or that the patches themselves aren’t broken.
00:04:13:01 – 00:04:50:29
Joseph
There are several factors that result, have resulted in the rapid increase of credential stealing malware. Cybercriminals can now purchase ready made, credential stealing malware, significantly lowering the barrier of entry for attackers. We talked about this a couple of weeks ago with another piece of malware that’s going mainstream as a software, as a service, which is terrifying. They also talk about the fact that many users still rely on weak passwords, and they reuse the same credentials across multiple services.
00:04:51:01 – 00:05:19:28
Joseph
And we’ll do a segment on password management and how to create good passwords on a later date. But the one thing that we should kind of dwell on here is people have a tendency. You know, we’ve talked about security and convenience being mutually exclusive. People don’t like to be inconvenienced, especially when they’re using computers, because computers are supposed to make things more convenient.
00:05:20:01 – 00:05:45:12
Joseph
So a lot of times what happens is somebody creates a password and they really like that password. And it could be to them a super secure password. And they figure, well, if it’s good enough for work, it’s good enough for everything. And they reuse that password everywhere. Will only takes one breach, one database or one organization to be penetrated for that password to get out.
00:05:45:12 – 00:06:13:00
Joseph
And they’ll have access to all your other sites that you’re using that ID, so that’s not a good thing. The rise of, credential stealing in the minor attack rankings is also significant from this story. The fact that credential theft has climbed into the top ten miter attack techniques carries significant implications for cyber security at both the enterprise and industry levels.
00:06:13:02 – 00:06:45:05
Joseph
It signals a fundamental shift in cybercrimes, a shift in tactics, at least. It highlights the increased risk of supply chain attacks, which it seems every week we have another supply chain attack to talk about. It highlights the weakening of traditional security models and the need for zero trust, which we just did a deep dive into. Priorities and budgets for enterprise security are also going to need to adjust to this type of attack now, since it’s becoming more prevalent.
00:06:45:08 – 00:07:11:15
Joseph
The one interesting the big thing that they address in the article was the absence of AI driven malware. And we’ve been talking a lot about AI being used for security and for penetration. In this case, it was suggested while there’s potential for AI to be used for malicious intent, the AI isn’t quite the game changer in malware development yet, as a lot of people fear.
00:07:11:17 – 00:07:39:29
Joseph
That doesn’t mean it’s not going to be soon, that it reaches that level. In this case, a lot of attackers are still relying on more traditional, proven methods. And I might add there, the easier methods they’re going after people that don’t have multifactor, they’re going after people that are using or reusing passwords. So it’s basic fundamentals that we have to, again, hammer home about because.
00:07:40:01 – 00:08:09:28
Joseph
These are the types of things that are overlooked frequently by users, by administrators, by systems operators, by developers. It’s the basic stuff. If you can get in a habit of creating secure logins, secure passwords, and using multifactor authentication and secure methods of accessing your systems. Everything else kind of falls into place after that, and it makes it a lot easier to secure everything else.
00:08:10:00 – 00:08:51:07
Joseph
So a lot of work still to do in that area. The Hacker News tells us that cyber vulnerability surge in 2024. The cyber security landscape witnessed a notable escalation in exploited vulnerabilities. A recent report from Von Check highlights that 768 Common Vulnerabilities and Exposures, or CVEs, were actively exploited in the wild last year. Marking a 20% increase from the 639 CVEs reported in 2023.
00:08:51:09 – 00:09:35:19
Joseph
Alarmingly, 23.6% of these exploited vulnerabilities were weaponized on or before their public disclosure date, underscoring the speed at which threat actors are capitalizing on newly identified weaknesses. This figure, however, shows a slight decrease from 26.8% in 2023, indicating that while immediate exploitation remains significant, a significant concern, there’s been a minor improvement. The report also emphasized that 1% of all CVEs published in 2024 were reported as exploited in the wild.
00:09:35:21 – 00:10:24:29
Joseph
This percentage is expected to rise as more instances of exploitation are discovered. The deeper dive into this data set reveals that 31 known threat actors have linked to the access. I have been linked to the exploitation of the log for Jane vulnerability, making it one of the most targeted flaws. Additionally, approximately 400,000 internet accessible systems remained vulnerable to attack, stemming from 15 critical security shortcomings in products from companies such as Apache, Atlassian, Barracuda, Citrix, Cisco, Fortinet, Microsoft Progress, papercut, and Zoho.
00:10:25:01 – 00:10:59:00
Joseph
That’s not even the exhaustive list. Organizations are urged to assess exposure, identify, and evaluate. This is susceptibility to these vulnerable needs to enhance their visibility by improving monitoring to detect potential risks promptly. They should leverage threat intelligence, utilize robust intelligence to stay ahead of the emerging threats. Maintain strong patch management. We beat this one to death all the time.
00:10:59:03 – 00:11:45:16
Joseph
Ensure timely updates and patches are applied to mitigate vulnerabilities and implementing control. Reduce internet facing exposure of vulnerable devices wherever possible. The surge in exploited vulnerability serves as a stark reminder of the evolving threat landscape and the critical importance of proactive cyber security measures. So the report highlights the rapid weaponization of these vulnerabilities, the fact that nearly a quarter of the exported CVEs were weaponized on or before their disclosure date highlights the need for immediate action upon vulnerability announcements.
00:11:45:18 – 00:12:21:06
Joseph
It also suggests that the these vulnerabilities themselves are obviously being detected by malicious actors. Well, before you’re getting the gray hat and white hat hackers finding these and conducting responsible disclosures to these companies. Persistent vulnerabilities remain a problem in unpatched systems. The continued exploitation of older vulnerabilities, such as log for J, underscores the importance of addressing known issues promptly.
00:12:21:09 – 00:12:49:07
Joseph
Now, there’s a lot of exploited flaws out there where there are patches already that just need to be applied. That’s compounded by the fact that new vulnerabilities obviously are coming out on a regular basis. Apple just announced some issues with their M-series processors now, which makes things even more difficult to patch. The report highlights the need for comprehensive defense strategies.
00:12:49:09 – 00:13:21:02
Joseph
Organizations must adopt a multifaceted approach combining threat intelligence, regular patching and exposure management to safeguard against these evolving threats. And the fence is always going to be playing catch up. And if we allow what we are doing defensively to fall behind, that catch up gets even more difficult to maintain and the cost of it starts to skyrocket real fast.
00:13:21:04 – 00:13:31:00
Joseph
So this is one of those adversarial environments where you can’t fall behind on, or it compounds the problem significantly.
00:13:31:02 – 00:14:28:06
Joseph
Bleeping computer tells us the AI talks about AI from innovation to exploitation. In a recent revelation, Google’s Threat Intelligence group has identified its state sponsored hacking groups from over 20 countries are leveraging Google’s AI powered assistant Gemini to enhance their cyber operations. Notably, actors like Iran and China are on the forefront of this trend. These groups are utilizing Gemini to streamline various malicious activity, including developing malicious tools and scripts, researching publicly disclosed vulnerabilities, gathering information on target organizations, exploring methods to evade detection and escalate privileges within compromised networks.
00:14:28:08 – 00:15:06:25
Joseph
While the integration of AI in the cybersecurity is not new. The use of advanced tools like Gemini by threat actors underscores the evolving landscape of cyber threats. It’s crucial for organizations to recognize that the same technologies driving innovation can also be repurposed to facilitate cyber attacks. This development serves as a stark reminder of the importance of staying vigilant and adapting cybersecurity strategies to counteract the innovative methods offered by adversaries.
00:15:06:27 – 00:15:32:15
Joseph
So this is a clear example that AI is a double edged sword, and we’ve talked about this numerous times in the past. The dual use nature of AI technologies like Gemini highlights the fine line between beneficial applications and potential misuse. Just like any tool out there, a hammer can be a very useful tool, but in the hands of the wrong person, it can also be a deadly weapon.
00:15:32:17 – 00:16:05:04
Joseph
And AI is no different in this case when it comes to cybersecurity. This also demonstrates the evolving threat landscape. It was already evolving, but now it’s evolving at a much faster pace with much more sophistication. It’s taking leaps and bounds over the steps that it was taking before. With state sponsored actors adopting AI tools for additional cybersecurity, measures may need to be reevaluated to address these sophisticated attacks.
00:16:05:06 – 00:16:34:24
Joseph
This particular incident also highlights the ethical and security implications of AI usage. This was something, you know, AI ethics has been talked about for quite some time now, but it’s been talked about almost entirely from the perspective of well intentioned people using AI, how it should be used, how it shouldn’t be used. The ethics of it being used by a malicious actor are a little bit more gray, more sketchy.
00:16:34:24 – 00:17:09:22
Joseph
I think the exploitation of AI by malicious entities raises questions about the ethical responsibilities of AI developers, and the need for robust security protocols. Then we have a article in the second segment that’s actually going to address this more directly. Is this a sign of the future of AI and cybersecurity? You might wonder. As AI continues to advance, how can organizations balance innovation with security to prevent misuse by threat actors?
00:17:09:22 – 00:17:33:10
Joseph
And that’s a good question. I think it’s a question that doesn’t quite have an answer yet, and that’s largely due to the fact that AI is evolving at such a rapid rate, and a lot of people don’t know where I fits into the grand scheme of things, of their enterprise applications. They don’t know if it should be used internally.
00:17:33:12 – 00:18:04:13
Joseph
Can it be used securely? People at this point in time still don’t know how to use it effectively to exploit systems that are out there. Aside from some of the obvious examples that we’ve seen. So if people are just starting to figure out how to use it to malicious intent, it’s very difficult to try to come up with a counter to that intent until you know what direction the threats coming from.
00:18:04:15 – 00:18:29:25
Joseph
So, you know, none of this bodes well for AI. It’s definitely something that’s going to take on a much bigger role in enterprise computing in the very near future. Hopefully it’s a positive role and hopefully we can take advantage of the technology itself to at least defend ourselves against the technology. We’re going to take a quick break here.
00:18:29:25 – 00:18:57:26
Joseph
Before we do, I want to take a moment to invite our listening and viewing audience to subscribe to the podcast. You can find audio and video versions of all the networks podcast listed as insights into things. We do now have a separate podcast feed for this podcast. An audio version. You can look for insights in the technology anywhere you get a podcast.
00:18:57:27 – 00:19:31:22
Joseph
And I did audio only so that we could get listed up on Spotify. Actually, I was too large of a segment to not do. And Spotify, while they’re currently testing and playing around with video on there, they will not allow you to list a podcast on their service if it is not audio. If it isn’t audio only. So you can find insights, audio versions of insights in the technology and also find, those links on our website at insights into technology.com.
00:19:31:22 – 00:20:03:02
Joseph
Or you can go to insights into things.com to get audio and video links to all of our podcasts. I would also invite you to writing. Give us your feedback. We’ve got some feedback that we did get that I want to get to, and a shout out segment towards the end of the show. But if you would like to call in and leave a voicemail to have it, played out on the future episode, you can call in to eight, five, 64038788.
00:20:03:04 – 00:20:44:27
Joseph
That’s (856) 403-8788. You can also email us at. Comments and insights into things.com. And we stream five days a week on Twitch at Twitch.tv. Slash insights and the things we are on blue Sky. If you look us up as insights into things dot b, sky dot social and we’re on LinkedIn, you can just look us up as insights into Things Productions LLC, or you can find links to all that and more on our official website at Insights into things.com.
00:20:45:00 – 00:20:55:21
Joseph
We’ll be right back.
00:20:55:24 – 00:21:13:25
Narrator
Insights into entertainment a podcast series taking a deeper look into entertainment and media. Our husband and wife team of pop culture fanatics are exploring all things, from music and movies to television and fandom.
00:21:13:27 – 00:21:44:23
Narrator
We’ll look at the interesting and obscure entertainment news of the week. We’ll talk about theme park and pop culture news. We’ll give you the latest and greatest on pop culture conventions. We’ll give you a deep dive into Disney, Star Wars and much more. Check out our video episodes at youtube.com. Backslash. Insights into things. Our audio episodes at Podcast Insights into entertainment.
00:21:45:00 – 00:21:58:18
Narrator
Com or check us out on the web at insights into things.com.
00:21:58:21 – 00:22:38:07
Joseph
Welcome back to insights into Technology. This is episode 18. Google announces massive AI investment for 2025. This one comes to us from CNBC. Alphabet, the parent company of Google, has announced plans to invest approximately $75 billion in capital expenditures for 2025. This is a significant increase from the 32.3 billion spent in 2023. The move underscores the company’s commitment to enhancing its artificial intelligence infrastructure and capabilities.
00:22:38:10 – 00:23:16:24
Joseph
The announcement comes as alphabet reported a 12% year over year revenue growth for the 96.5 billion in Q4 of 2020. For. Google cloud revenues rose 10% to $12 billion, driven by advancements in AI infrastructure and solutions. CEO Sundar Pichai emphasized the company’s leadership in AI, and it plans to accelerate progress through substantial capital investments. So this you know, this is a lot of money.
00:23:16:24 – 00:23:46:03
Joseph
This marks a significant increase in capital expenditures for alphabet. More than doubles their 2023 spending, as we said, and highlights a major push in the AI infrastructure and cloud computing. Now, some of that may be driven by competition in the market. It may be driven by new competitors such as Deep Secret. That’s out of China now. So this is definitely Google doing its best to stay ahead of the curve on this one.
00:23:46:06 – 00:24:15:23
Joseph
This is also a bold statement about their AI infrastructure expansion. The investment will likely go towards advanced data centers, AI chips and cloud services, enabling faster and more efficient AI model training. Now we talked about he mentioned deep sea deep sea training model was done kind of on the cheap, which is kind of scaring everybody. They’re not spending anywhere near as much money as Google is here.
00:24:15:23 – 00:24:51:08
Joseph
So hopefully this investment pays off. And it’s not a technology. Lemon by the time it gets out the door. It does speak to the competitive landscape of AI investments. The move by alphabet to invest, all this money also mirrors Meta’s pledge to invest 65 billion in AI and Microsoft’s ongoing AI expansions, which is showcasing how big tech is betting on AI growth for the future.
00:24:51:10 – 00:25:26:20
Joseph
I think it’s probably a good bet, but when you have someone like Deep Sea coming in to upset the market, that could complicate things significantly. There are challenges and potentially a tumultuous future for the AI market. Challenges include high operational costs, regulatory scrutiny, which we haven’t really seen much of at this point yet. An emerging AI competition like Deep Shik, companies like Deep Sik and smaller AI startups could disrupt the landscape, which Deep Sea kind of is doing already unexpectedly.
00:25:26:22 – 00:25:48:11
Joseph
And it might force alphabet to stay ahead through continuous innovation, which is almost akin to an arms race type thing that we saw during the Cold War, where we’re going to someone’s going to outspend somebody here to win this. I think that’s really what the bottom line is. But I don’t think you’re going to be stopping AI anytime in the near future.
00:25:48:13 – 00:26:09:14
Joseph
Clearly, companies as large as Alphabet and Microsoft and Meta think it’s the future, and they’re investing in it like it’s the future of their company. I think Matt is very keen on not getting burned on the next big thing, like they kind of did with TikTok, where they didn’t take it as seriously as they probably should have.
00:26:09:17 – 00:26:49:29
Joseph
It looks like Google’s following suit on this one. Our next article comes to us from The Guardian. AI’s new frontier for revolutionizing particle physics. Artificial intelligence is poised to revolutionize particle physics, offering profound insights into the fundamental forces that govern our universe and potentially revealing its ultimate fate. Professor Mark Thompson, the incoming director general of CERN, emphasizes that advanced AI techniques are now integral to operations of the Large Hadron Collider.
00:26:50:02 – 00:27:27:22
Joseph
These methods are pivotal in detecting rare events, such as those related to the Higgs boson, which could elucidate. That wasn’t my word that came out of the article how particles acquired mass after the Big Bang and provide clues about the universe’s long term stability. The key focus is measuring the Higgs itself coupling phenomenon that could indicate whether the Higgs field has reached a stable state, or if another drastic transition could occur in the future.
00:27:27:25 – 00:28:10:12
Joseph
A scenario that would have profound implications for the universe’s longevity. The integration of AI into the LHC operations has led to significant improvements in data collection and interpretation. Accelerating the pace of discovery in subatomic physics. Looking ahead, projects like the proposed Future Circular Collider, combined with advancements in AI, promise transformative leaps in our understanding, potentially uncovering the elusive nature of dark matter and other fundamental mysteries.
00:28:10:15 – 00:28:26:03
Joseph
This convergence of AI and particle physics not only accelerates our quest to understand the universe, but also exemplifies the transformative potential of interdisciplinary innovation.
00:28:26:05 – 00:29:00:21
Joseph
So what’s AI’s role in particle physics? Not just accelerating discoveries. It’s enabling breakthroughs in fundamental physics that might have otherwise taken decades to achieve. The combination of AI and cutting edge particle accelerators could help scientists uncover the mysteries of dark matter, new forces, and even the origins of the universe. Understanding Higgs self coupling is more than just a theoretical exercise.
00:29:00:24 – 00:29:33:14
Joseph
It could tell us whether the universe is eternally stable or on a countdown to an unpredictable transformation. While the likelihood of a sudden vacuum decay remains incredibly low on human timescales, these studies push the boundaries of physics and may even hint at new physics beyond the Standard Model. So how will future colliders leverage AI to push these boundaries as not just enhancing the way we study particle physics?
00:29:33:15 – 00:30:07:27
Joseph
It’s redefining from detecting unknown particles to optimizing massive colliders. I will play a central role in the next era of discovery, potentially leading to breakthroughs in dark matter, quantum gravity, the very fabric of the universe. So just a side note. So we we’ve kind of switched over with our three segment format we have here. We switched over our focus on these segments.
00:30:08:00 – 00:30:35:07
Joseph
I try to focus the first segment on cybersecurity. This second segment here we’re trying to focus on science and technology in general. And I’m fascinated by what they do at CERN and the Large Hadron Collider. I think what they’re doing is the cutting edge of of future physics right now. The fact that they’re able to benefit from, I think is a great thing.
00:30:35:07 – 00:31:11:12
Joseph
I think there’s a lot that we still don’t know about the universe that the folks at CERN and other such research laboratories are really opening our eyes to. So kudos to them for moving it forward. The Register gives us our next article, Real Facial Recognition under the Microscope. The Department of Homeland Security’s Inspector general has initiated an audit of the Transportation Security Administration deployment of facial recognition technology at U.S. airports.
00:31:11:14 – 00:31:47:06
Joseph
This action responds to concerns raised by a bipartisan group of US senators and privacy advocates regarding passenger privacy and the effectiveness of these systems. The audit aims to assess security enhancements by evaluating how effectively facial recognition improves security screening processes. They’re going to take a look at identification accuracy, trying to determine the technology’s precision in identifying individuals of interest.
00:31:47:09 – 00:32:19:12
Joseph
And we’re also going to look at privacy protections, ensuring that passenger privacy rights are upheld during the use of this technology. Senator Jeff Merkley, who co-led the request for this audit, emphasized, quote, Americans don’t want a national surveillance state. But right now, more Americans than ever before are having their faces scanned at the airport without being able to exercise their right to opt out.
00:32:19:15 – 00:32:55:24
Joseph
The TSA has been piloting facial recognition systems since 2023, with plans to expand to up to 430 airports in the coming decade. This expansion has sparked debates over the balance between enhanced security measures and the protection of individual privacy rights. This audit represents a critical examination of the NSA’s use of advanced technology and security protocols, highlighting the ongoing dialog between innovation and civil liberties.
00:32:55:26 – 00:33:32:03
Joseph
So, you know, we talk about privacy and convenience being mutually exclusive. Privacy. I’m sorry. We talk about security and convenience being mutually exclusive. Security and privacy, however, kind of go hand in hand because you can’t have security without privacy and you can’t have privacy without security. So getting these to work in conjunction with each other is the difficult part.
00:33:32:05 – 00:34:03:09
Joseph
This you know, how can agencies balance the need for security with the protection of individual privacy rights? This is kind of murky water here because you figure an airport is a public venue, and anytime you’re in the public, you don’t really have a reasonable right to privacy. You have it in private homes or private, institutions. But when you’re in the airport or any other public, facility, you’re there, you’re out to be seen.
00:34:03:09 – 00:34:28:11
Joseph
And I don’t think they’re going to have, much luck in getting facial recognition stopped in these places. There is a clear demand for opt out options, but I don’t know how you can make that work in a public venue like that. You know, we went through Covid. Everybody was opting out by wearing masks. You didn’t have facial recognition working at that point, but I don’t think that’s the way to go either.
00:34:28:14 – 00:34:52:12
Joseph
Are passengers even adequately informed about their ability to opt out of facial recognition screenings? Not only do they need to be informed of their ability, they need to be informed how to exercise that. I, for one in the article doesn’t talk about it either. Don’t know how to do that. I walk into an airport and there is no way for me to opt out of anything at that point.
00:34:52:15 – 00:35:24:02
Joseph
We also have to worry about detectable accuracy. Early forms of facial recognition had a built in bias from the sample sets they were trained on that they had a high failure rate with anybody of dark skin. Whether you were Middle Eastern, African American, Native American, anyone who wasn’t, I guess Caucasian. They were not getting good reads off them.
00:35:24:06 – 00:36:02:20
Joseph
So the technology still needs some advancements to get to where it needs to be. So what’s the future impact? Future impact is still questionable. Is there a future for personal privacy when it comes to air travel? Security experts would seem to suggest there isn’t. Me and, you know, we obviously chalk this up to 911, but security in our airports has become far more a priority than privacy or convenience has.
00:36:02:20 – 00:36:25:02
Joseph
No one has a convenient or pleasant time. I think going through an airport at this point in time, how far can they take this? Can they make the hardware actually work the way they want it to? These are all good questions that I don’t think we have answers to right now. And a lot of this is going to come down to policy.
00:36:25:05 – 00:36:50:08
Joseph
And the policy right now with the current administration is questionable. And I don’t mean that from a an intent standpoint. I just mean no one knows what the policies are at this point in time when it comes to this type of thing. But I would I would think they would respect privacy rights as well. We’ll see. TSA is going to go through some changes, I think, in the next couple of years.
00:36:50:08 – 00:37:15:21
Joseph
So we’ll keep our eye on this and see where we wind up. We’re going to take our second break now, and when we come back, we’re not sure we don’t have a, a deep dive. Today we’re going to do a focus article. The caught my attention here that I think speaks to, bigger implications for enterprise and commercial computing that we probably need to have a talk about.
00:37:15:23 – 00:37:28:01
Joseph
Hopefully we’ll have, the start of our next deep dive next week, but we’ll be right back.
00:37:28:04 – 00:37:48:13
Narrator
Are you tired of your favorite gaming podcast finishing with a play? No. Well, check out no credits rolled where we play the games, but rarely finish them. How’s it going, folks? I’m Sam Whalen, your friendly host at no. Credits ruled the ultimate gaming podcast where we dish out the latest scoops and reviews on all your beloved video games.
00:37:48:17 – 00:38:24:14
Narrator
Hey, listen. Not only that, but we spice things up with some guest interviews and even give you, yes, you a chance to have your say. Tune in every other week for a fresh dose of no credits roll. Available on all major podcast platforms and hit us up on social media at no credits. Rolled. So why wait? Let’s dive into the gaming world together, where finishing games is optional, but the fun is guaranteed.
00:38:24:17 – 00:38:54:23
Joseph
Welcome back to insights into Technology. So we’re using a new source this for this particular article XDA developers. We’ve not coded them in the past. An article about Microsoft tightening the reins on Windows 11. As of the end of support for Windows 10 approaches in October of this year, Microsoft is intensifying efforts to ensure users transition to Windows 11 on compliant hardware.
00:38:54:26 – 00:39:33:13
Joseph
Recently, the company has taken significant steps to discourage installations on unsupported devices. Previously, Microsoft’s official documentation provided registry tweaks to bypass the Trusted Platform Module 2.0 requirement, allowing installations on older hardware. However, this guidance has been removed, signaling a shift in policy. Additionally, third party tools like fly by 11 designed to circumvent these hardware checks are now being flagged as potential threats by Microsoft.
00:39:33:13 – 00:39:45:27
Joseph
Defender, further discouraging their use. These actions underscore Microsoft’s commitment to maintaining.
00:39:45:29 – 00:39:56:00
Joseph
And I have to laugh at this one. Microsoft’s commitment to maintaining the security.
00:39:56:03 – 00:40:30:23
Joseph
The security and integrity of Windows 11 by enforcing its hardware requirements. Users will, with incompatible systems, are advised to consider upgrading their hardware or consider using Windows 10 until support concludes. Now, as with any any Microsoft retirement of an OS, Microsoft will provide businesses with extended support for a nominal fee. And I think, they had announced what that fee was going to be after I had written up the show notes.
00:40:30:23 – 00:41:05:12
Joseph
So I have to put that in notes. If the show. But, you know, this highlights the security challenge or the challenge of security versus accessibility. Balancing stringent security measures with user accessibility, especially for those with older hardware, is going to be difficult here. Microsoft is trying to do what Apple traditionally does, and that is basically force hardware upgrades to support newer operating systems.
00:41:05:14 – 00:41:49:26
Joseph
The difference here is, in Apple’s case, one, they control the entire ecosystem. So you can’t buy an Apple product from anyone but Apple. No reselling anything that runs Apple OS. Well, not officially at least, but you can get them. But not officially. And you look at it from a smartphone standpoint, real Apple devices are generally much easier to support than Android devices because an iPhone is a known quantity, regardless of which version of iPhone it is.
00:41:49:28 – 00:42:18:16
Joseph
You know what hardware it is. Apple knows exactly what hardware it is, what its capabilities are, what its limits are, what its flaws are. There’s no variables that they really have to take into account. When you look at supporting Android, you have different versions of Android, you have different flavors of Android, you have different app stores. For Android, you have different carrier requirements for Android.
00:42:18:18 – 00:43:05:19
Joseph
So and Microsoft are I’m sorry. Apple pushes out all their updates. Whereas with Android, a lot of times those updates come from the carrier and the carrier doesn’t necessarily release them timely. And users who go out and get those themselves could potentially break things on the phone at the carrier. Doesn’t support some of the features yet. So that’s a that’s a kind of a contrast that we’re seeing here between PCs and Apple devices, where Microsoft is basically saying you need to have these components in here, and the one that they’re hung up on here is the trusted, the TPM, the Trusted Platform module for security.
00:43:05:21 – 00:43:33:20
Joseph
The other problem that you run into is Apple can get away with it because they they handle such a small segment of the market and they’re really not embedded in the enterprise. Yes, businesses use them marketing and graphic enterprises and video and so forth. They’re used professionally, but you’re not looking at the same scale of rollout and install base that you’re seeing with windows devices.
00:43:33:22 – 00:44:04:18
Joseph
The other problem that you run into for Microsoft is, you know, I’ve got three systems right in front of me here, two of which can’t support Windows 11 but are running Windows 11 that I had to use side channel, you know, bypasses to get them working. But the one machine I do have, my left, my one laptop that’s here can support Windows 11.
00:44:04:21 – 00:44:47:15
Joseph
Well, when you look at that from a consumer standpoint, you’re looking at replacing one, maybe two computers. And Microsoft might not care too much about that. But what you’re talking about businesses, commercial and and enterprise businesses, you’re talking a huge install base that needs to be upgraded. I have two facilities that I am responsible for, or one facility is pretty well situated right now because we’ve been working on it for quite some time, but we’re kind of the early stages of my facility, and we’re looking at a cost for us of probably I think we budgeted $68,000.
00:44:47:18 – 00:45:15:02
Joseph
That’s a large chunk of change to update, just to run the latest version of the OS. And we have to run the latest version of iOS when they deprecate Windows 10 because of security concerns, you’re not going to get the security updates that you need to get to keep the systems running safely, and security. So what this really amounts to is a heavy handed approach by Microsoft to force people to buy new hardware.
00:45:15:04 – 00:45:35:09
Joseph
And I got a real problem with that. Like it’s not a Microsoft business. What kind of hardware I run. If you’re not going to support new hardware with your new OS, then you need to have a separate support channel, and they will from a business standpoint, they’re going to have the ability to have the extended support. But I’m not sure.
00:45:35:12 – 00:46:01:02
Joseph
I don’t think they even make that available to individuals. They haven’t in the past. They did and they didn’t then they didn’t again. And they didn’t again. So their support has been very inconsistent, which is very frustrating from a user standpoint. From a business standpoint, we need to replace a whole boatload of systems, and it’s a costly endeavor.
00:46:01:05 – 00:46:25:25
Joseph
And we’re not buying Microsoft systems. And it’s not I’m not boycotting Microsoft because of this shenanigans that they’re playing here with hardware. We just aren’t a Microsoft shop. We ran Surface Pros for a while, but they were terrible devices. I absolutely can’t stand Surface pros, and most of my users could neither. So Microsoft’s not getting anything out of this deal, you know?
00:46:25:25 – 00:46:35:17
Joseph
I mean, they’re obviously getting some kind of kickback from the HP’s of the Dell’s out there. They’re filling a lot of these gaps.
00:46:35:20 – 00:47:09:06
Joseph
This is really an unjustifiable expense that they’re imposing on their. Client, their customer base. And I say that because they’re doing this in the name of security. And I’m sorry, but when you’re Microsoft, you can’t claim security as a priority under any circumstance. On average, Microsoft puts out almost 100 patches a month on their Patch Tuesdays, which for an operating system that’s that old and that mature is ridiculous.
00:47:09:09 – 00:47:37:08
Joseph
They should be putting out a fraction of those. Microsoft, almost deliberately, it seems. And that’s speculation, obviously, but it almost seems like they deliberately inject zero days and flaws into their code just so that they can keep pushing out new versions and new updates. You know, in reality, that’s probably not the case. Obviously, I’m not really being entirely fair.
00:47:37:08 – 00:48:09:04
Joseph
There, but what’s happening is feature creep in all their products. And as a result of this feature creep, you’re injecting more and more needless code into the applications and the operating systems. And that code is flawed. And that code has bug because you’re trying to make the software do things that you shouldn’t be making it do. There’s no way that I should be able to open up a word document and write actual code in there for scripting, right?
00:48:09:05 – 00:48:38:10
Joseph
That you should never be allowed to happen any more than I should be allowed to embed images and videos into an Excel spreadsheet. The the feature creep in these Microsoft products has been the bane of administrators existence for years now, and for Microsoft to now forced this extremely expensive path forward on all of its users in the name of security.
00:48:38:12 – 00:48:57:02
Joseph
It’s almost laughable because their focus has never been on security. They didn’t. They have no interest in putting out secure products. They basically turn out whatever they think they can make a few bucks on and throw it out the door, regardless of what kind of condition it’s in, with the mindset of we’ll fix it once it’s out there.
00:48:57:04 – 00:49:25:22
Joseph
And that’s a bigger threat to the computing world than me running Windows 11 on a machine that doesn’t have the TPM on. That’s insignificant. That’s me assuming the risk of running the operating system on my hardware. To me, that’s the same as seatbelts or wearing a helmet. Yeah, it’s probably the safest thing is probably the smartest thing to do to wear those and to take that precaution.
00:49:25:24 – 00:49:47:19
Joseph
But if I don’t, I’m not compromising anybody else’s security. I’m compromising my own. Like, you can make an argument that a machine is not running with TPM that becomes compromised, can then be used to compromise other machines. Then we can go down that rabbit hole. If you want to. But on principle, I think any company that that’s not a hardware company.
00:49:47:19 – 00:50:20:21
Joseph
Then Microsoft you make an argument that they are a hardware company. Now, but their control of the market is insignificant in the grand scheme of things. So I can’t I can’t call them a hardware company because of that. For them to be forcing this on people is probably a little too heavy handed, and they probably are looking at it from a standpoint of, well, you know, you’re a consumer, you need to buy a new laptop.
00:50:20:21 – 00:50:50:10
Joseph
It’s been five years, six years, whatever you need to buy a new computer. And that’s kind of high and mighty of them to take that stance. But the damage is minimal from a user at that user standpoint. At that point, what they fail to realize is the massive installed base that they have in the enterprise sector and the extreme cost and hardship that this is going to place on these companies is something that needs to they need some serious consideration.
00:50:50:12 – 00:51:02:26
Joseph
You know, TPM is not foolproof by any stretch, especially when you’re running a windows operating system on it. It’s prone to the bugs and.
00:51:02:29 – 00:51:28:15
Joseph
Malicious attacks. So for them to claim the end all, be all is these hardware requirements of theirs is really just a fictitious excuse to to make people spend money on hardware. And given the economic times that we’re in right now, given the potential for tariffs that are going to shoot up prices for computing components, it’s really bad timing.
00:51:28:17 – 00:52:07:05
Joseph
And it’s it’s probably a really bad business decision. And Microsoft’s going to take some heat for it. It may question people’s loyalty to Microsoft. And that’s the other thing that Microsoft has to worry about. You know, if you’re an Apple user, you’re going to stick with Apple because there’s no alternative to Apple. That’s Apple. But if you’re running windows, Linux or run on a windows machine or, you know, same machine just as well as windows does, and you know, a lot of the same capabilities and same functions, especially with so many functions moving to the cloud in a web format.
00:52:07:05 – 00:52:29:22
Joseph
Now your computer’s just turning itself into a and a into a dumb terminal. At that point, you’re using all other people’s computing hardware. So Microsoft’s adherence to these strict hardware standards, I think, is a mistake. I think it’s going to cost a lot of people, a lot of money, and I don’t think it’s going to bias a whole lot in the end.
00:52:29:24 – 00:52:54:25
Joseph
So I wanted to spend some time talking about this because this is going to be significant. We’re gearing up to have all of our systems updated to support official versions of Windows 11. By the drop dead date of Windows 10, but it’s going to cost. It’s going to cost a lot of people. So what are your thoughts? Give me give me your feedback.
00:52:54:25 – 00:53:17:02
Joseph
Let me know what you think. And, I’d love to get your opinion on this. And if you think this is as egregious and, act as as I do, before we do go, I did want to say I wanted to do some shout outs. So before we wrap up the episode, I want to say thanks to a couple of our audience members.
00:53:17:04 – 00:53:44:05
Joseph
The first one is, from YouTube user Ty Scott for 208. Actually dropped a comment on one of our, more recent episodes. He said, please continue doing this show. You’re doing great. I’m in school for cyber and watch every episode. You and this show is so resourceful in the long run, I believe the show will go for thank you for that.
00:53:44:05 – 00:54:08:07
Joseph
I’m so glad that we were helpful to you. That is why we do this podcast. We this is not a for profit podcast. My pod pod being built just went up significantly with, some changes we made. So, there’s more money out of pocket, but that’s okay. This is my way of trying to give back to the community at this point in time.
00:54:08:10 – 00:54:28:06
Joseph
That’s been so good to me for years. So kudos to you. Stick with it. I think you picked a great career choice, and I wish you well. I’d love to hear from you more. On Twitch. We did get a new subscriber this week. Iron Man, he was a Twitch Prime subscription. Just a reminder to everybody.
00:54:28:06 – 00:54:59:19
Joseph
If you do have an Amazon Prime subscription, you get a free monthly Twitch Prime subscription. Through that, our way puts a couple of bucks in the coffers. It helps us pay to pay the bills, but that’s always appreciated. From our website. Bernard, I’m gonna say this mispronounce this terribly, and I apologize in advance. I bout or about, I believe, subscribe to us, from Canada.
00:54:59:19 – 00:55:30:27
Joseph
So it’s nice to see that, our friends from the North are enjoying the show as well. So thank you for that. And finally, just a wrap up, the shout outs here. Couple of folks with follows on Twitch this week. The solitary cyclists cream of the crop one and Miss Psycho Kitty love that name. Thank you for following us on Twitch I appreciate that, and, all of our I encourage all of our viewers and listeners to subscribe to the podcast.
00:55:30:27 – 00:56:03:00
Joseph
Follow us where you can click that like button, pound the whatever you know. You know, there’s the pitch here. Read before we do go, I do want to once again mention that we are, available anywhere you get a podcast these days. Apple, Spotify, Google I heart radio. Tune in for audio and video versions of the podcast. You can find us listed as insights into things that will get you all the networks, podcasts.
00:56:03:02 – 00:56:28:18
Joseph
And if you were looking just for this podcast, audio versions for this can be found listed as insights in the Technology. I would also invite you to write in or follow him. Give us your feedback. Tell us what you think. I’d love to hear more opinions about the articles that we cover here. You can call in to leave a voicemail at eight, 564038788.
00:56:28:20 – 00:56:50:23
Joseph
That’s (856) 403-8788. We can get you on a future podcast if that’s what you’d like. We’d love to get the comments out there. You can also email us at comments and insights into things that come, and we can get you on the shout outs here. I’d like to do these more often. If we get more, active listeners participating.
00:56:50:25 – 00:57:15:25
Joseph
You can also find high res videos of our episodes on YouTube at youtube.com. Slash insights and the things. As I mentioned already, we stream five days a week on Twitch at Twitch.tv, slash insights into things, and you can find links to all that and more on our official website at Dot insights anythings.com. That’s it. Another one in the box.
