.png)
.jpg)
In response to security concerns, Microsoft details how it's redesigned its controversial, AI-powered Reminders feature, which takes screenshots of nearly everything you see and do on your computer. Recall was originally scheduled to debut PC Copilot Plus in June, but Microsoft has spent the past few months overhauling its security, making it an optional experience that can be removed entirely from Windows if desired.
One of the first big changes of Microsoft is that the company does not force people to use the recall if they do not wish. "There is no defect at all, you have to choose this," says Weston. "This, of course, is very important for people who just don't want that, and we understand that perfectly."
The inspection option which originally appeared on Copilot more at the beginning of this month, and at that time, Microsoft said it was a mistake. You can see that the exam can be completely deleted. "If we decide to delete this, we have deleted bat from your car," Weston says. This includes the AI models that Microsoft uses to power Recall.
Security researchers initially discovered that the Recall database, which stores snapshots taken every few seconds on your computer, was not encrypted, allowing malware to access the Recall feature. Everything sensitive in Recall, including its screenshot database, is now fully encrypted. Microsoft is also relying on Windows Hello to protect against malware tampering. Encryption in Recall is now tied to the Trusted Platform Module (TPM) required by Microsoft for Windows 11, so the keys are stored in the TPM and the only way to access them is via Windows Hello authentication.
The only time the Recall data is passed to the UI is when the user wants to use a feature and authenticates with a face, fingerprint, or PIN. "You have to be there as a user to actually activate it," Weston says, which means that to use the PIN support, you'll need to set up a reminder using your fingerprint or face beforehand. This is all designed to prevent malware from accessing Recall data in the background, since Microsoft requires proof of presence via Windows Hello.
"We've moved all of our screenshot processing and all of our sensitive processes into a virtualization-based security realm, so we've actually put everything in a virtual machine," Weston explains. This means there is a UI application layer that doesn't have access to the raw screenshots or the Recall database, but when a Windows user wants to interact with Recall and perform a search, a Windows Hello prompt is generated, the virtual machine is queried, and the data is returned in application memory. When the user closes the Recall app, anything in memory is discarded.
“The virtualization-based application outside the enclave runs in a malware-protected process that essentially requires access to a malicious kernel driver,” Weston explains. In a blog post published today, Microsoft details its Recall security model and exactly how its VBS enclave works. This all seems a lot more secure than Microsoft had planned to release, and even hints at how the company might protect Windows apps in the future.
So why did Microsoft nearly release Recall in June without a high level of security in the first place? We don't know much about this yet, and Microsoft hasn't said anything more about it. Weston acknowledges that Recall was reviewed as part of the company's Secure Future initiative, which launched last year, but as an early product it apparently had different limitations. “The plan has always been to follow Microsoft's bases, such as encryption. But we also heard people who were like "we are really concerned about this", so the company decided to win part of the additional security work that he provided for a recall so that security problems were not a Factor to find out if someone wanted to use the functionality.
“It’s not just about Recall, in my opinion, we now have one of the most powerful platforms for handling sensitive data at the edge, and you can imagine there’s a lot more that can be done with it,” Weston hints. “I think it made sense to take away some of the investment that we were going to make and then make Recall the primary platform for that.” Recall will also now only work on Copilot Plus PCs, preventing users from downloading it on Windows machines, as we saw ahead of its planned launch in June. The recall verifies that Copilot Plus PCs have BitLocker enabled, virtualization-based security, System Guard Secure Boot and boot measures, and kernel DMA protection.
Microsoft also conducted numerous reviews of the updated recall security. Microsoft's MORSE (Offensive Research Security Engineering) team "conducted months of design review and penetration testing on the recall," and a third-party security vendor "performed independent design review security" and testing.
As Microsoft had more time to work on the recall, additional changes were made to the settings to give users more control over how the AI-powered tool works. You can now filter specific Recall applications and block custom lists of websites from appearing in the database. Sensitive content filtering, which allows Recall to filter passwords, credit cards, etc., also blocks the storage of health and financial data. Microsoft is also adding the ability to delete all content for timeslots, apps and websites in addition to what's stored in the Recall database.
Microsoft says it plans to preview Recall with Windows Insiders on Copilot Plus PCs in October, which means Recall won't ship to these new laptops and PCs without further testing by the Windows community.
.png)
.png)
.jpg)
.png)
.png)
.png)