Enlarge/ If you’ve formatted a disk in Windows in the last 30 years, you may have come across this dialog box.
Andrew Cunningham
As we wait for this fall’s Windows 11 24H2 update to be released to the general public, work continues on other new features that could be part of other future Windows updates. A new Canary channel Windows Insider build released yesterday fixes a decades-old and arbitrary limitation that restricted new FAT32 partitions to 32GB in size, even though the filesystem itself has a maximum supported size of 2TB (and Windows can read and recognize 2TB FAT32 partitions without an issue).
For now, this limit is only being lifted for the command-line formatting tools in Windows. The disk formatting UI, which looks more or less the same now as it did when it was introduced in Windows NT 4.0 almost 30 years ago, still has the arbitrary 32GB capacity restriction.
The 32GB limit can allegedly be pinned on former Microsoft programmer Dave Plummer, who occasionally shares stories about his time working on Windows in the 1990s and early 2000s. Plummer says that he wrote the file format dialog, intending it as a “temporary” solution, and arbitrarily chose 32GB as a size limit for disks, likely because it seemed big enough at the time (Windows NT 4.0 required a whopping 110MB of disk space).
There aren’t a ton of reasons to actually use a FAT32 disk in 2024, and it’s been replaced by other filesystems for just about everything. As a filesystem for your main OS drive, it was replaced by NTFS decades ago; as a widely compatible filesystem for external drives that can be read from and written to by many operating systems, you’d probably want to use exFAT instead. FAT32 still has a 4GB limit on the size of individual files.
But if you’re formatting a disk to use with an old version of Windows, or with some older device that can only work with FAT32 disks, this tweak could make Windows a tiny bit more useful for you.
Enlarge/ Paint 3D, once the future of the Paint app, is getting the axe in November.
Andrew Cunningham
In October of 2017, Microsoft released a version of Windows 10 called the “Fall Creators Update,” back when the company tried to give brand names to these things rather than just sticking to version numbering. One of the new apps included in that update was called Paint 3D, and while it shared a name with the old two-dimensional MS Paint app, it was entirely new software that supported creating 3D shapes and a whole bunch of other editing and transform options that the old Paint app didn’t have.
But the old Paint app’s renaissance is coming at the expense of Paint 3D, which Microsoft says is formally being deprecated and removed from the Microsoft Store on November 4. Windows Central reports that users of the app will be notified via a banner message, just in case they aren’t regularly checking Microsoft’s documentation page for the list of deprecated and removed Windows features.
Microsoft recommends the Paint and Photos apps for viewing and editing 2D images and the 3D Viewer app for viewing 3D models. Creating and editing 3D images will be left to third-party software.
When it was introduced, Paint 3D was also pitched as a way to create and manipulate three-dimensional objects that could then be dropped into real environments using the Windows Mixed Reality platform. It’s probably not a coincidence that Windows Mixed Reality is being removed in this fall’s Windows 11 24H2 release, right around the same time Paint 3D will be removed from Windows and from the Microsoft Store.
Many Windows 8- and 10-era apps have either been axed or renamed in the Windows 11 era as Microsoft has refocused on built-in Windows apps with decadeslong histories. The Mail and Calendar apps are being replaced with a version of Outlook, and though it isn’t calledOutlook Express there are certainly parallels. The Groove app was renamed “Windows Media Player” and picked up a few legacy Media Player capabilities, like the ability to play and rip audio CDs. Voice Recorder became Sound Recorder. Snip & Sketch had its capabilities rolled back into the Snipping Tool.
Enlarge/ Microsoft’s Arm-powered Surface Laptop 7. We’re still waiting for Arm chips to make their way into cheaper PCs.
Andrew Cunningham
For the first time in the decade-plus that Microsoft has been trying to make Arm-powered Windows PCs happen, we’ve finally got some pretty good ones. The latest Surface Pro and Surface Laptop (and the other Copilot+ PCs) benefit from extensive work done to Windows 11’s x86 translation layer, a wider selection of native apps, and most importantly, Snapdragon X Pro and X Elite chips from Qualcomm that are as good as or better than Intel’s or AMD’s current offerings.
The main problem with these computers is that they’re all on the expensive side. The cheapest Snapdragon X PC right now is probably this $899 developer kit mini-desktop; the cheapest laptops start around the same $1,000 price as the entry-level MacBook Air.
That’s a problem Qualcomm hopes to correct next year. Qualcomm CEO Christiano Amon said on the company’s Q3 earnings call (as recorded by The Verge) that the company was hoping to bring Arm PC prices down to $700 at some point in 2025, noting that these cheaper PCs wouldn’t compromise the performance of the Snapdragon X series’ built-in neural processing unit (NPU).
That Amon singled out the NPU is interesting because it leaves the door open to further reductions in CPU and GPU performance to make cheaper products that can hit those lower prices. The Snapdragon X Plus series keeps the exact same NPU as the X Elite, for example, but comes with fewer CPU and GPU cores that are clocked lower than the Snapdragon X Elite chips.
Qualcomm may want to keep NPU performance the same because Microsoft has a minimum NPU performance requirement of 40 trillion operations per second (TOPS) to qualify for its Copilot+ PC label and associated features in Windows 11. Other requirements include 16GB of memory and 256GB of storage, but Microsoft specifically hasn’t made specific CPU or GPU performance recommendations for the Copilot+ program beyond the basic ones necessary for running Windows 11 in the first place. Copilot+ PCs come with additional AI-powered features that take advantage of local processing power rather than sending requests to the cloud, though as of this writing, there aren’t many of these features, and one of the biggest ones (Recall) has been delayed indefinitely because of privacy and security concerns.
Lofty goals for Arm PCs
Both Arm and Qualcomm have made lofty claims about their goals in the PC market. Arm CEO Rene Haas says Arm chips could account for more than half of all Windows PC shipments in the next five years, and Amon has said that PC OEMs expect as much as 60 percent of their systems to ship with Arm chips in the next three years.
These claims seem overly optimistic; Intel and AMD aren’t going anywhere and aren’t standing still, and despite improvements to Windows-on-Arm, the PC ecosystem still has decades invested in x86 chips. But if either company is ever going to get anywhere close to those numbers, fielding decent systems at more mass-market prices will be key to achieving that kind of volume.
Hopefully, the cheaper Snapdragon systems will be available both as regular laptops and as mini desktops, like Qualcomm’s dev kit desktop. To succeed, the Arm Windows ecosystem will need to mirror what is available in both the x86 PC ecosystem and Apple’s Mac lineup to capture as many buyers as possible.
And the more Arm PCs there are out there, the more incentive developers will have to continue fixing Windows-on-Arm’s last lingering compatibility problems. Third-party drivers for things like printers, mice, audio preamps and mixers, and other accessories are the biggest issue right now since there’s no way to translate the x86 versions. The only way to support this hardware will be with more Arm-native software, and the only way to get more Arm-native software is to make it worth developers’ time to write it.
Enlarge/ A bad update to CrowdStrike’s Falcon security software crashed millions of Windows PCs last week.
CrowdStrike
CrowdStrike CEO George Kurtz said Thursday that 97 percent of all Windows systems running its Falcon sensor software were back online, a week after an update-related outage to the corporate security software delayed flights and took down emergency response systems, among many other disruptions. The update, which caused Windows PCs to throw the dreaded Blue Screen of Death and reboot, affected about 8.5 million systems by Microsoft’s count, leaving roughly 250,000 that still need to be brought back online.
Microsoft VP John Cable said in a blog post that the company has “engaged over 5,000 support engineers working 24×7” to help clean up the mess created by CrowdStrike’s update and hinted at Windows changes that could help—if they don’t run afoul of regulators, anyway.
“This incident shows clearly that Windows must prioritize change and innovation in the area of end-to-end resilience,” wrote Cable. “These improvements must go hand in hand with ongoing improvements in security and be in close cooperation with our many partners, who also care deeply about the security of the Windows ecosystem.”
Cable pointed to VBS enclaves and Azure Attestation as examples of products that could keep Windows secure without requiring kernel-level access, as most Windows-based security products (including CrowdStrike’s Falcon sensor) do now. But he stopped short of outlining what specific changes might be made to Windows, saying only that Microsoft would continue to “harden our platform, and do even more to improve the resiliency of the Windows ecosystem, working openly and collaboratively with the broad security community.”
When running in kernel mode rather than user mode, security software has full access to a system’s hardware and software, which makes it more powerful and flexible; this also means that a bad update like CrowdStrike’s can cause a lot more problems.
Recent versions of macOS have deprecated third-party kernel extensions for exactly this reason, one explanation for why Macs weren’t taken down by the CrowdStrike update. But past efforts by Microsoft to lock third-party security companies out of the Windows kernel—most recently in the Windows Vista era—have been met with pushback from European Commission regulators. That level of skepticism is warranted, given Microsoft’s past (and continuing) record of using Windows’ market position to push its own products and services. Any present-day attempt to restrict third-party vendors’ access to the Windows kernel would be likely to draw similar scrutiny.
Microsoft has also had plenty of its own security problems to deal with recently, to the point that it has promised to restructure the company to make security more of a focus.
CrowdStrike’s aftermath
CrowdStrike has made its own promises in the wake of the outage, including more thorough testing of updates and a phased-rollout system that could prevent a bad update file from causing quite as much trouble as the one last week did. The company’s initial incident report pointed to a lapse in its testing procedures as the cause of the problem.
Meanwhile, recovery continues. Some systems could be fixed simply by rebooting, though they had to do it as many as 15 times—this could give systems a chance to grab a new update file before they could crash. For the rest, IT admins were left to either restore them from backups or delete the bad update file manually. Microsoft published a bootable tool that could help automate the process of deleting that file, but it still required laying hands on every single affected Windows install, whether on a virtual machine or a physical system.
And not all of CrowdStrike’s remediation solutions have been well-received. The company sent out $10 UberEats promo codes to cover some of its partners’ “next cup of coffee or late night snack,” which occasioned some eye-rolling on social media sites (the code was also briefly unusable because Uber flagged it as fraudulent, according to a CrowdStrike representative). For context, analytics company Parametrix Insurance estimated the cost of the outage to Fortune 500 companies somewhere in the realm of $5.4 billion.
The detailed post explains exactly what happened: At just after midnight Eastern time, CrowdStrike deployed “a content configuration update” to allow its software to “gather telemetry on possible novel threat techniques.” CrowdStrike says that these Rapid Response Content updates are tested before being deployed, and one of the steps involves checking updates using something called the Content Validator. In this case, “a bug in the Content Validator” failed to detect “problematic content data” in the update responsible for the crashing systems.
CrowdStrike says it is making changes to its testing and deployment processes to prevent something like this from happening again. The company is specifically including “additional validation checks to the Content Validator” and adding more layers of testing to its process.
The biggest change will probably be “a staggered deployment strategy for Rapid Response Content” going forward. In a staggered deployment system, updates are initially released to a small group of PCs, and then availability is slowly expanded once it becomes clear that the update isn’t causing major problems. Microsoft uses a phased rollout for Windows security and feature updates after a couple of major hiccups during the Windows 10 era. To this end, CrowdStrike will “improve monitoring for both sensor and system performance” to help “guide a phased rollout.”
CrowdStrike says it will also give its customers more control over when Rapid Response Content updates are deployed so that updates that take down millions of systems aren’t deployed at (say) midnight when fewer people are around to notice or fix things. Customers will also be able to subscribe to release notes about these updates.
Recovery of affected systems is ongoing. Rebooting systems multiple times (as many as 15, according to Microsoft) can give them enough time to grab a new, non-broken update file before they crash, resolving the issue. Microsoft has also created tools that can boot systems via USB or a network so that the bad update file can be deleted, allowing systems to restart normally.
In addition to this preliminary incident report, CrowdStrike says it will release “the full Root Cause Analysis” once it has finished investigating the issue.
Testing spellcheck in the latest version of Windows Notepad.
Right-clicking and expanding the Spelling menu also presents more options.
Andrew Cunningham
Like other recent Notepad additions, spellcheck and autocorrect can be tweaked or disabled entirely in the settings.
Andrew Cunningham
In March, Microsoft started testing an update to the venerable Notepad app that added spellcheck and autocorrect to the app’s limited but slowly growing set of capabilities. The update that adds these features to Notepad is now rolling out to all Windows 11 users via the Microsoft Store, as reported by The Verge.
The spellcheck feature underlines words in red when they’re misspelled, and users can either left-click the words to see a list of suggestions or right-click words and see suggestions under a separate “spelling” menu item. Autocorrect works automatically to fix minor and obvious misspellings (typing “misspellign” instead of “misspelling,” for example), and changes can be reverted manually or by using the Undo command.
Either feature can be disabled from within Notepad’s settings. The spellchecker can also be switched on and off for a few different individual file extensions in case you want to see spelling suggestions for .txt files but not for .md or .lic files. The Verge also reports that spellchecking is turned off by default for log files or “other file types associated with coding.” Neither feature worked when I opened a batch file in Notepad to edit it, for example.
Microsoft often rolls out new app updates gradually, so you may or may not be seeing the new features yet. I can currently see the spellcheck and autocorrect features in Notepad version 11.2405.13.0 running on a fully updated Windows 11 23H2 PC, but your mileage may vary.
Notepad has received several updates over the course of the Windows 11 era, starting with dark mode support and other theme options. Eventually, it also added a tabbed interface that supported automatically reopening files when relaunching the app. These kinds of additions count as “major” for Notepad, which for years had only received relatively minor under-the-hood updates (when it was being updated at all).
The Notepad improvements come as Microsoft prepares to stop shipping WordPad with Windows 11. WordPad was previously Windows’ preinstalled basic word processor, but it has seen few (if any) significant updates since Windows 7 was released in 2009. WordPad is still available in Windows 11 22H2 and 23H2, but is no longer included in current versions of the upcoming Windows 11 24H2 update. After WordPad is gone, users looking for basic word processing will need to look to the more-capable Notepad, the free-to-use online version of Microsoft Word, or a free alternative like LibreOffice.
One of Windows 11’s more contentious changes is that, by default, both the Home and Pro editions of the operating system require users to sign in with a Microsoft account during setup. Signing in with an account does get you some benefits, at least if you’re a regular user of other Microsoft products like OneDrive, GamePass, or Microsoft 365 (aka Office). But if you don’t use those services, a lot of what a Microsoft account gets you in Windows 11 is repeated ads and reminders about signing up for those services. Using Windows with a traditional local account is still extremely possible, but it does require a small amount of know-how beyond just clicking the right buttons.
On the know-how front, Microsoft has taken one more minor, but nevertheless irritating, step away from allowing users to sign in with local accounts. This official Microsoft support page walks users with local accounts through the process of signing in to a Microsoft account. As recently as June 12, that page also included instructions for converting a Microsoft account into a local account. But according to Tom’s Hardware and the Internet Wayback Machine, those instructions disappeared on or around June 17 and haven’t been seen since.
Despite the documentation change, most of the workarounds for creating a local account still work in both Windows 11 23H2 (the publicly available version of Windows 11 for most PCs) and 24H2 (available now on Copilot+ PCs, later this fall for everyone else). The easiest way to do it on a PC you just took out of the box is to press Shift+F10 during the setup process to bring up a command prompt window, typing OOBEBYPASSNRO, rebooting, and then clicking the “I don’t have Internet” button when asked to connect to a Wi-Fi network.
Other workarounds include using the Rufus tool to create a USB installer that will automatically bypass the Microsoft account sign-in requirement, or (for Windows 11 Pro users) indicating that you want to join the PC to a corporate domain and then not actually joining it to a domain. Setting the PC up with a Microsoft account and then signing out afterward is also still an option.
There is one workaround that has allegedly stopped working—it used to be that trying to “sign in” with a nonexistent email account would get you a local sign-in option. But as of earlier this month, according to Windows Central editor Zac Bowden, it looks like the Windows 11 setup screen will just ask you to try another email address instead.
To be fair to Microsoft, all the big tech companies want you to sign in with an account before you can use all the features of the software, but neither Apple nor Google goes as far as to mandate account sign-in to access basic functionality. Macs, iPhones, and iPads will all let you complete the setup process without signing in, though you do have to know which buttons to click. Google will allow you to use Chromebooks in guest mode, and Android phones and tablets are still usable without signing in (though this does make it more difficult to find and install apps). Microsoft’s pushiness remains unique; there’s definitely a difference between a company that would really prefer that you sign in, and one that forces you to.
Enlarge/ Microsoft’s 11th-edition Surface Pro, as exploded by iFixit. Despite adhesive holding in the screen and the fact that you need to remove the heatsink to get at the battery, it’s still much more repairable than past Surfaces or competing tablets.
For a long time, Microsoft’s Surface hardware was difficult-to-impossible to open and repair, and devices as recent as 2019’s Surface Pro 7 still managed a repairability score of just 1 out of 10 on iFixit’s scale. 2017’s original Surface Laptop needed to be physically sliced apart to access its internals, making it essentially impossible to try to fix the machine without destroying it.
Now, iFixit has torn apart the most recent Snapdragon X-powered Surface Pro and Surface Laptop devices and has mostly high praise for both devices in its preliminary teardown video. Both devices earn an 8 out of 10 on iFixit’s repairability scale, thanks to Microsoft’s first-party service manuals, the relative ease with which both devices can be opened, and clearly labeled internal components.
Beneath the Surface
To open the Surface Laptop, iFixit says you only need to undo four screws, hidden beneath the laptop’s rubber feet; at that point, the bottom of the machine is only attached by magnets, rather than breakable retention clips. Opening the bottom of the laptop provides easy access to the battery and an M.2 2232 SSD. Labels inside the device indicate which screws need to be removed to replace which parts, and what kind of screwdriver you’ll need to do the job; scannable barcodes also make it easier to find repair manuals and parts on Microsoft’s site. Most other parts are easy to remove and replace once the bottom of the laptop is off.
The Surface Pro’s best repairability feature remains its easily accessible M.2 2232 SSD, present under a pop-off cover on the back of the tablet. From there, things get more difficult—accessing the battery and other components requires removing the screen, which is still held in place with adhesive rather than screws or magnets. This adhesive needs to be removed—iFixit cut it away with a thin plastic tool, and closing the tablet back up securely would likely require new adhesive to be applied. Once inside, the parts and screws are still labeled clearly, but you do need to remove the entire heatsink before you can replace the battery.
iFixit uses slightly different criteria for evaluating the repairability of laptops and tablets since tablets are more tightly integrated devices. So despite the identical repairability scores, the Surface Pro remains slightly more difficult to open and fix than the laptop; iFixit is just comparing it to devices like the iPad Air and Pro rather than other PC laptops, and the Surface Pro still looks better than other tablets by comparison despite the use of adhesive.
The teardown video didn’t detail exactly why iFixit knocked points off of each device’s repairability score, though iFixit took note of the soldered-down non-upgradeable RAM and Wi-Fi/Bluetooth modules. Both devices also use way more screws and clips than something like the Framework Laptop, which could also be a factor.
We’ve been using the new Snapdragon-powered Surface devices for a few days now, and we’ll have more thoughts to share about the hardware and its performance in the coming days.
Microsoft is all-in on its Copilot+ PC push right now, but the fact is that they’ll be an extremely small minority among the PC install base for the foreseeable future. The program’s stringent hardware requirements—16GB of RAM, at least 256GB of storage, and a fast neural processing unit (NPU)—disqualify all but new PCs, keeping features like Recall from running on all current Windows 11 PCs.
But the Copilot chatbot remains supported on all Windows 11 PCs (and most Windows 10 PCs), and a change Microsoft has made to recent Windows 11 Insider Preview builds is actually making the feature less useful and accessible than it is in the current publicly available versions of Windows. Copilot is being changed from a persistent sidebar into an app window that can be resized, minimized, and pinned and unpinned from the taskbar, just like any other app. But at least as of this writing, this version of Copilot can no longer adjust Windows’ settings, and it’s no longer possible to call it up with the Windows+C keyboard shortcut. Only newer keyboards with the dedicated Copilot key will have an easy built-in keyboard shortcut for summoning Copilot.
If Microsoft keeps these changes intact, they’ll hit Windows 11 PCs when the 24H2 update is released to the general public later this year; the changes are already present on Copilot+ PCs, which are running a version of Window 11 24H2 out of the box.
Changing how Copilot works is all well and good—despite how quickly Microsoft has pushed it out to every Windows PC in existence, it has been labeled a “preview” up until the 24H2 update, and some amount of change is to be expected. But discontinuing the just-introduced Win+C keyboard shortcut to launch Copilot feels pointless, especially since the Win+C shortcut isn’t being reassigned.
The Copilot assistant exists on the taskbar, so it’s not as though it’s difficult to access, but the feature is apparently important enough to merit the first major change to Windows keyboards in three decades. Surely it also justifies retaining a keyboard shortcut for the vast majority of PC keyboards without a dedicated Copilot key.
People who want to continue to use Win+C as a launch key for Copilot can do so with custom keyboard remappers like Microsoft’s own Keyboard Manager PowerToy. Simply set Win+C as a shortcut for the obscure Win+Shift+F23 shortcut that the hardware Copilot key is already mapped to and you’ll be back in business.
Win+C has a complicated history
Enlarge/ Win+C always seems to get associated with transient, unsuccessful Windows features like Charms and Cortana.
Andrew Cunningham
The Win+C keyboard shortcut actually has a bit of a checkered history, having been reassigned over the years to multiple less-than-successful Windows initiatives. In Windows 8, it made its debut as a shortcut for the “Charms” menu, part of the operating system’s tablet-oriented user interface that was designed to partially replace the old Start menu. But Windows 10 retreated from this new tablet UI, and the Charms bar was discontinued.
In Windows 10, Win+C was assigned to the Cortana voice assistant instead, Microsoft’s contribution to the early-2010s voice assistant boom kicked off by Apple’s Siri and refined by competitors like Amazon’s Alexa. But Cortana, like the Charms bar, never really took off, and Microsoft switched the voice assistant off in 2023 after a few years of steadily deprioritizing it in Windows 10 (and mostly hiding it in Windows 11).
Most older versions of Windows didn’t do anything with the Win+C, but if you go all the way back to the Windows 95 era, users of Microsoft Natural Keyboards who installed Microsoft’s IntelliType software could use Win+C to open the Control Panel. This shortcut apparently never made it into Windows itself, even as the Windows key became standard equipment on PCs in the late ’90s and early 2000s.
So pour one out for Win+C, the keyboard shortcut that is always trying to do something new and not quite catching on. We can’t wait to see what it does next.
For the vast majority of compatible PCs, Microsoft’s Windows 11 24H2 update still isn’t officially available as anything other than a preview (a revised version of the update is available to Windows Insiders again after briefly being pulled early last week). But Microsoft and most of the other big PC companies are releasing their first wave of Copilot+ PCs with Snapdragon X-series chips in them today, and those PCs are all shipping with the 24H2 update already installed.
For now, this means a bifurcated Windows 11 install base: one (the vast majority) that’s still mostly on version 23H2 and one (a tiny, Arm-powered minority) that’s running 24H2.
Although Microsoft hasn’t been specific about its release plans for Windows 11 24H2 to the wider user base, most PCs should still start getting the update later this fall. The Copilot+ parts won’t run on those current PCs, but they’ll still get new features and benefit from Microsoft’s work on the operating system’s underpinnings.
The wider 24H2 update rollout will also likely enable the Copilot+ PC features on Intel and AMD PCs that meet the hardware requirements. That hardware will supposedly be available starting in July—at least, if AMD can hit its planned ship date for Ryzen AI chips—but neither Intel nor AMD seems to know exactly when the Copilot+ features will be enabled in software. Right now, the x86 version of Windows doesn’t even have hidden Copilot+ features that can be enabled with the right settings; they only seem to be included at all in the Arm version of the update.
Unfortunately for Microsoft, the Copilot+ PC program (and, to a lesser extent, the 24H2 update) has become mostly synonymous with the Recall screen recording feature. Microsoft revealed this feature to the public without first sending it through its normal Windows Insider testing program. As soon as security researchers and testers were able to dig into it, they immediately found security holes and privacy risks that could expose a user’s entire Recall database plus detailed screenshots of all their activity to anyone with access to the PC.
Microsoft initially announced that it would release a preview of Recall as scheduled on June 18 with additional security and privacy measures in place. Microsoft would also make the feature off-by-default instead of on-by-default. Shortly after that, the company delayed Recall altogether and committed to testing it publicly in Windows Insider builds like any other Windows feature. Microsoft says that Recall will return, at least to Copilot+ PCs, at some point “in the coming weeks.”
Aside from the Copilot+ generative AI features, which require extra RAM and storage and a PC with a sufficiently fast neural processing unit (NPU), the main Windows 11 system requirements aren’t changing for the 24H2 update. However, there are older unsupported PCs that could run previous Windows 11 versions that will no longer be able to boot 24H2 since it requires a slightly newer CPU to boot.
Enlarge/ Recall is part of Microsoft’s Copilot+ PC program.
Microsoft
Microsoft will be delaying its controversial Recall feature again, according to an updated blog post by Windows and Devices VP Pavan Davuluri. And when the feature does return “in the coming weeks,” Davuluri writes, it will be as a preview available to PCs in the Windows Insider Program, the same public testing and validation pipeline that all other Windows features usually go through before being released to the general populace.
Recall is a new Windows 11 AI feature that will be available on PCs that meet the company’s requirements for its “Copilot+ PC” program. Copilot+ PCs need at least 16GB of RAM, 256GB of storage, and a neural processing unit (NPU) capable of at least 40 trillion operations per second (TOPS). The first (and for a few months, only) PCs that will meet this requirement are all using Qualcomm’s Snapdragon X Plus and X Elite Arm chips, with compatible Intel and AMD processors following later this year. Copilot+ PCs ship with other generative AI features, too, but Recall’s widely publicized security problems have sucked most of the oxygen out of the room so far.
The Windows Insider preview of Recall will still require a PC that meets the Copilot+ requirements, though third-party scripts may be able to turn on Recall for PCs without the necessary hardware. We’ll know more when Recall makes its reappearance.
Why Recall was recalled
Recall works by periodically capturing screenshots of your PC and saving them to disk, and scanning those screenshots with OCR to make a big searchable text database that can help you find anything you had previously viewed on your PC.
The main problem, as we confirmed with our own testing, was that all of this was saved to disk with no additional encryption or other protection and was easily viewable and copyable by pretty much any user (or attacker) with access to the PC. Recall was also going to be enabled by default on Copilot+ PCs despite being a “preview,” meaning that users who didn’t touch the default settings were going to have all of this data recorded by default.
This was the version of Recall that was initially meant to ship out to reviewers this week on the first wave of Copilot+ PCs from Microsoft and other PC companies. After security researcher Kevin Beaumont publicized these security holes in that version of Recall, the company promised to add additional encryption and authentication protections and to disable Recall by default. These tweaks would have gone out as an update to the first shipments of Copilot+ PCs on June 18 (reviewers also wouldn’t get systems before June 18, a sign of how much Microsoft was rushing behind the scenes to implement these changes). Now Recall is being pushed back again.
A report from Windows Central claims that Recall was developed “in secret” and that it wasn’t even distributed widely within Microsoft before it was announced, which could explain why these security issues weren’t flagged and fixed before the feature showed up in a publicly available version of Windows.
Microsoft’s Recall delay follows Microsoft President Brad Smith’s testimony to Congress during a House Committee on Homeland Security hearing about the company’s “cascade of security failures” in recent months. Among other things, Smith said that Microsoft would commit to prioritizing security issues over new AI-powered features as part of the company’s recently announced Secure Future Initiative (SFI). Microsoft has also hired additional security personnel and tied executive pay to meeting security goals.
“If you’re faced with the tradeoff between security and another priority, your answer is clear: Do security,” wrote Microsoft CEO Satya Nadella in an internal memo about the SFI announcement. “In some cases, this will mean prioritizing security above other things we do, such as releasing new features or providing ongoing support for legacy systems.”
Recall has managed to tie together all the big Windows and Microsoft stories from the last year or two: the company’s all-consuming push to quickly release generative AI features, its security failures and subsequent promises to do better, and the general degradation of the Windows 11 user interface with unwanted apps, ads, reminders, account sign-in requirements, and other cruft.
Enlarge/ Microsoft’s Recall feature is switching to be opt-in by default, and is adding new encryption protections in an effort to safeguard user data.
Microsoft
Microsoft’s upcoming Recall feature in Windows 11 has generated a wave of controversy this week following early testing that revealed huge security holes. The initial version of Recall saves screenshots and a large plaintext database tracking everything that users do on their PCs, and in the current version of the feature, it’s trivially easy to steal and view that database and all of those screenshots for any user on a given PC, even if you don’t have administrator access. Recall also does little to nothing to redact sensitive information from its screenshots or that database.
Microsoft has announced that it’s making some substantial changes to Recall ahead of its release on the first wave of Copilot+ PCs later this month.
“Even before making Recall available to customers, we have heard a clear signal that we can make it easier for people to choose to enable Recall on their Copilot+ PC and improve privacy and security safeguards,” wrote Microsoft Windows and Devices Corporate Vice President Pavan Davuluri in a blog post. “With that in mind we are announcing updates that will go into effect before Recall (preview) ships to customers on June 18.”
First and most significantly, the company says that Recall will be opt-in by default, so users will need to decide to turn it on. It may seem like a small change, but many users never touch the defaults on their PCs, and for Recall to be grabbing all of that data by default definitely puts more users at risk of having their data stolen unawares.
The company also says it’s adding additional protections to Recall to make the data harder to access. You’ll need to enable Windows Hello to use Recall, and you’ll need to authenticate via Windows Hello (whether it’s a face-scanning camera, fingerprint sensor, or PIN) each time you want to open the Recall app to view your data.
Both the screenshots and the SQLite database used for Recall searches are being encrypted and will require Windows Hello authentication to be decrypted. Microsoft described Recall data as “encrypted” before, but there was no specific encryption used for any of the screenshots or the database beyond the Bitlocker full-disk encryption that is turned on by default for most PCs when they sign into a Microsoft account.
That last change should address the biggest problem with Recall: that any user signed in to a PC (or any malware that was able to gain access to the filesystem) could easily view and copy another user’s Recall screenshots and database on the same PC. The text database’s size is measured in kilobytes rather than megabytes or gigabytes, so it wouldn’t take much time to swipe if someone managed to access your system.
Microsoft also reiterated some of its assurances about the privacy and security of Recall writ large, saying that all data is processed locally, that it’s never sent to Microsoft, that you’ll know when Recall has been enabled thanks to taskbar and system tray icons, and that you can disable the feature or exclude specific apps or sites from being snapshotted at your discretion.
All of the new additions to Recall are still being actively developed—current testing builds of Windows 11 still use the unsecured version of Recall, and our review units of the new Surface hardware are being delayed by a week or so, presumably so Microsoft can update them.
Microsoft reiterated that Recall is being released as a preview, a label the company also applies to the Copilot chatbot to deflect criticism of some of its early and ongoing missteps. We’ll need to use the updated version of Recall to see whether the new protections work like they’re supposed to, but it’s at least mildly encouraging to see Microsoft take a beat to rework Recall’s security and default settings before releasing it to the public, even though these are protections should have been present in the first place.
Recall is normally only available on Copilot+ PCs, a new branding banner from Microsoft that applies to PCs with sufficiently fast neural processing units (NPUs), at least 16GB of RAM, and at least 256GB of storage. Existing Windows 11 PCs won’t get Recall, though it can currently be enabled forcibly by the third-party AmperageKit script on Arm PCs that are running version 26100.712 of Windows 11 24H2. It’s possible that tools will exist to enable it on other unsupported PCs later on.
The first wave of Copilot+ PCs will use Qualcomm’s Snapdragon X Elite and X Plus processors exclusively. Intel and AMD systems that meet the Copilot+ requirements won’t be available until later this year, and Microsoft hasn’t said when the Copilot+ features will actually be available for these non-Arm PCs.
