Microsoft is pushing ahead with its plan to add agentic capabilities to Windows 11 but has issued an important security warning for anyone who is interested in trying it out.
  • Caveman@lemmy.world
    5·
    1 hour ago

    “Copilot, download the latest drivers and make it easy for me to update them” and it gives you some Driver Helper malware

  • MadMadBunny@lemmy.ca
    14·
    7 hours ago

    Will be installed by default, unremovable, runs in the background, with full access to all personal files.

  • freedickpics@lemmy.ml
    12·
    13 hours ago

    At this rate we might finally see the year of the Linux desktop. I don’t know anyone who likes Windows 11 it’s been bad enough to convert even die-hard Windows fans to Linux

  • DFX4509BEnglish
    38·
    16 hours ago

    If agentic AI is a security risk, why the hell is MS trying to force it in as an integral part of Windows, then? I mean, unless they want people to get malware…

    • Truscape@lemmy.blahaj.zone
      7·
      16 hours ago

      I mean, how much money did Meta make from giving scammers publicity on their platforms? I’m sure MS wants some of that pie.

      • HiddenLayer555@lemmy.mlEnglish
        5·
        6 hours ago

        Same with Google allowing literal malware to advertise themselves posing as legitimate apps that show above the actual app’s website.

        They even let ads spoof the display domain name to match the official website (and do no checks for whether they actually own the display domain despite literally having the infrastructure to do that in their SEO tools) while redirecting to a different domain when you click the ad.

        John Hammond video: https://www.youtube.com/watch?v=Nlnuk8W2A0Y (also a good video to send to anyone who still thinks Macs “can’t” get malware)

        Even if this is genuine incompetence and not malice, they’re so disgustingly incompetent that they don’t deserve to exist just the same as if it was malice.

    • village604@adultswim.fanEnglish
      1·
      16 hours ago

      I definitely agree with you, but any operating system is going to have settings that carry security risks if enabled/disabled.

      • DFX4509BEnglish
        1·
        16 hours ago

        At least in, say, Linux, generally whatever distro you use doesn’t try to force stuff on you whether you want it or not though, MS meanwhile is trying to force agentic AI and other BS on Windows whether its users want it or not. The Home SKU gets the brunt of that and Pro isn’t that much better. The Enterprise/Education/IoT and LTSC/IoT LTSC SKUs still let the users have control for the most part, but there’s no legal way for a normal person to get those SKUs.

        The fact that security-risk settings exist isn’t necessarily a problem as long as they’re fully optional and the user is allowed to enable/disable them at their leisure, it’s when such risks get forced on people like MS is trying to do with Windows, that they become a problem.

  • Hirom@beehaw.org
    21·
    15 hours ago

    If you understand the security implications, you probably won’t enable it.

    • 87Six@lemmy.zip
      1·
      4 hours ago

      If you understand that you won’t be installing anything from Microsoft any time soon

  • hperrin@lemmy.caEnglish
    30·
    17 hours ago

    Well at least they make malware installation automatic now. I’m sick of having to download and install it myself.

  • AbouBenAdhem@lemmy.worldEnglish
    98·
    21 hours ago

    Only enable this feature if you understand the security implications.

    They should put that disclaimer on their entire operating system.

    • artyom@piefed.socialEnglish
      28·
      20 hours ago

      More like “Do not enable this feature” because if you understood it, you simply wouldn’t. Or “uninstall this operating system”. That’d be more accurate.

  • TomMasz@lemmy.worldEnglish
    34·
    19 hours ago

    I assure you that your grandma does not “understand the security implications”. This is like handing out loaded guns to preschoolers and telling them not to shoot each other.

  • AceFuzzLord@lemmy.zip
    16·
    17 hours ago

    I was just thinking the other day how agentic AI is akin to letting an elderly person using a computer. You can tell it what to do, but you’ll end up with it clicking the very first link in g••gle and downloading 3 viruses and ending up with 40 new unwanted and potentially malicious browser extensions.

  • comrade_twisty@feddit.org
    44·
    21 hours ago

    Waiting for my bank to warm me that their new and mandatory AI advisor might send my savings to a nigerian prince without my or the banks knowledge. Such transactions are not insured and all risk lies with the customer of course.

  • ryper@lemmy.caEnglish
    31·
    20 hours ago

    Now they say only enable it if you understand the security implications, but eventually they’ll downplay the security implications and enable it by default.

  • TipRing@lemmy.worldEnglish
    12·
    20 hours ago

    “AI applications introduce novel security risks, such as cross-prompt injection (XPIA), where malicious content embedded in UI elements or documents can override agent instructions, leading to unintended actions like data exfiltration or malware installation.”

    Exfiltrating data and installing malware are the tasks it was designed to do, the warning is that it might be done by someone other than Microsoft I guess.