Microsoft has updated the Recall feature, increasing its security

Microsoft announced on the Windows blog that it has made a number of changes to how the Recall function works, which will appear on Copilot+ PCs running Windows 11. The company has paid attention to security issues.

Image source: blogs.windows.com

When Microsoft announced the Recall feature, it was about creating and storing snapshots (screenshots) of user actions on the computer, as well as indexing them using AI. For example, if a person saw a funny picture a week ago and cannot find it, but can describe it, the Recall function will be useful. You can scroll through the gallery of pictures yourself, whatever you need. The idea of ​​such a feature caused a negative reaction among many Windows users, so Microsoft pledged to significantly rework it, focusing on security, even before testing the preview version began. Now the company has reported on specific changes in the work of Recall.

Recall has a wide list of system requirements. The feature only works on a Copilot+ PC running Windows 11 that uses device encryption with BitLocker, TPM 2.0, virtualization-based code integrity protection, Measured Boot, System Guard, and kernel DMA protection. By default, Recall is disabled and requires user interaction to start it. During the initial setup of Windows, a request to launch the function and two buttons appear on the screen: to confirm its launch or reject it. In the latter case, Recall is disabled, but not deleted from the computer; if the user somehow misses this request, the feature will remain disabled by default.

The user is given the opportunity to remove Recall from the PC at any time. The feature is shown in the Advanced Features menu and should not appear again when installing updates. Recall is tied to Windows Hello secure sign-in; All images and associated information are stored encrypted in a vector database. Encryption keys are protected using TPM, and access to them is opened only through VBS Enclave (Virtualization-based Security Enclave) – if several users work on the same machine, one will not be able to monitor the other, even if he logs into his account, because the data Recalls are protected by biometrics. Feature-related services are isolated and protected from malware. Microsoft will also take measures to limit authentication speed and prevent hacking.

Security settings along with encryption keys are stored in VBS Enclave, and authorization via Windows Hello is again required to make any changes. When tampering is detected, settings return to secure defaults. After setting up Recall, you can set a PIN as a backup login method in case the sensors required for Windows Hello become damaged. By default, the feature does not take pictures when you launch private browsing mode in the browser; You can also specify sites protected from snapshots in the settings. Microsoft Purview’s privacy tools do not allow the feature to take pictures of documents or bank card numbers. The user can also choose how long Recall stores snapshots and how much disk space is available to the function. It is possible to delete pictures in a given date range, temporarily disable it, or, conversely, specify when pictures can be saved.

After spending six months extensively reworking the feature, Microsoft expects to introduce Recall to Windows Preview Program participants in October before deciding whether to release it to the general public.