file access Archives

Winsage

June 19, 2026

Windows Platform Security and the Race to Secure AI Agents

Microsoft has introduced the Microsoft Execution Containers (MXC) SDK to establish Windows as a reliable operating system for autonomous agents, focusing on containment, identity, and manageability. The MXC framework serves as a policy-driven execution layer for agents on Windows and Windows Subsystem for Linux (WSL), allowing developers to set access permissions using JSON or TypeScript. It employs process and session isolation for agent containment and identity. Future enhancements will include micro-VM support for high-risk tasks and integration with Windows 365 for cloud PC workloads. IT teams can manage MXC policies through Entra ID and Intune, while Defender and Purview provide protection and observability. The MXC framework is built on Microsoft's security initiatives, including Secure Boot and passwordless sign-in, allowing agents to inherit a secure foundation. However, early commentary expresses caution regarding MXC's perception as a comprehensive security solution, noting issues with overly permissive policies and the lack of outbound network filtering. Other platforms, such as Linux, are also enhancing security for agents with kernel-level isolation and secure environments like NVIDIA's OpenShell runtime. Various projects are focusing on agent sandboxes within Kubernetes, employing technologies like gVisor and Kata Containers for isolation. Overall, no singular dominant platform security model for AI agents has emerged, with Windows' MXC still considered nascent compared to existing solutions in Linux and Kubernetes ecosystems.

Winsage

June 10, 2026

Windows 11’s June update shuts down an intentional BitLocker backdoor with full file access

Microsoft addressed three zero-day vulnerabilities identified by security researcher Nightmare-Eclipse, named YellowKey, GreenPlasma, and MiniPlasma. The YellowKey vulnerability allows access to BitLocker-protected drives on Windows 11 using a USB key, leading to allegations that Microsoft may have left a backdoor in BitLocker. Microsoft implemented a mitigation strategy included in the June 2026 Patch Tuesday updates, which addressed over 200 security flaws. Tensions arose between Microsoft and Nightmare-Eclipse regarding vulnerability reporting protocols and researcher compensation, with Microsoft initially threatening legal action against the researcher. Following backlash, Microsoft retracted the threat but tensions persisted. Nightmare-Eclipse claimed retaliation from Microsoft, including the banning of their GitHub account and deletion of their Microsoft account, which Microsoft denied. The situation highlights the ongoing challenges in cybersecurity and the relationship between tech companies and security researchers.

Tech Optimizer

June 1, 2026

Avast Free Antivirus for Windows: Features, Limits, and US Use

Avast Free Antivirus for Windows is a free malware protection software designed for American home users, operating under Gen Digital, which also includes Norton. It provides essential security features such as real-time scanning, on-demand scans, and regular updates, but has limitations compared to paid versions, including the absence of features like VPN and advanced ransomware protection. The software is intended for home PC use and is available for download on Windows PCs. While it serves as a basic defense against common malware threats, it is not suitable for small businesses needing comprehensive security solutions. Users are advised to maintain safe browsing habits even with the antivirus installed.

Winsage

May 11, 2026

New GhostLock tool abuses Windows API to block file access

A security researcher has developed a proof-of-concept tool called GhostLock, which exploits a vulnerability in the Windows file API, specifically the 'CreateFileW' function. By manipulating the 'dwShareMode' parameter to grant exclusive access to files, GhostLock can prevent other users or applications from opening those files, resulting in a 'STATUSSHARINGVIOLATION' error. The tool automates the process of opening multiple files on SMB shares, causing access disruptions without requiring elevated privileges. This technique is intended as a disruption attack rather than a destructive one, similar to ransomware, and can serve as a diversion during intrusions. Detection of this attack relies on monitoring the open-file count with ShareAccess set to 0 at the file server layer. Dvash has provided resources for IT teams to enhance detection capabilities against this threat.

Tech Optimizer

May 6, 2026

I tested AVG antivirus. It’s proof great AV doesn’t need to be pricey

The cost of AVG Internet Security includes a single-device plan starting at a specified amount for the first year, which then increases to a higher annual fee, and a multi-device plan for up to ten devices that starts at a different amount for the first year and rises to a specified annual fee thereafter. The multi-device option allows sharing among family members. AVG Internet Security adds five features to its free antivirus: password protection, webcam safeguards, monitoring for unauthorized file access, defense against malicious website redirects, and protection against remote desktop protocol attacks. It does not include a VPN, which requires an upgrade or separate purchase. The installation process is straightforward, with a user-friendly dashboard. Users can initiate scans easily and choose from various scan types. AVG excels in real-time protection, scanning files upon access and monitoring applications for unusual behavior, including ransomware protection. As of 2025, users must set their own scheduled scans. AVG offers a secure browser during installation and a data shredder feature, though its effectiveness may vary. Customer support includes online chat, phone assistance, and comprehensive support pages. AVG Internet Security has received high marks for performance, detecting 100% of threats in controlled tests while minimally impacting system resources during regular use.

Tech Optimizer

April 16, 2026

MiningDropper Android Malware Exploits Lumolight App

Researchers at Cyble Research and Intelligence Labs (CRIL) have discovered an Android malware framework called MiningDropper, which is being used in various campaigns to distribute malicious payloads such as cryptocurrency miners, infostealers, Remote Access Trojans (RATs), and banking malware. Over 1,500 MiningDropper samples were detected in one month, with many showing minimal antivirus detection. MiningDropper operates as a multi-stage delivery framework that employs techniques like XOR-based obfuscation and AES encryption to evade detection. A recent variant uses a trojanized version of the Lumolight application as the initial infection vector, often spread through phishing links and fraudulent websites. The malware executes a series of stages, starting with decrypting an embedded asset and loading additional payloads, including a counterfeit Google Play update interface to deceive users. Two main campaign clusters have been identified: an infostealer campaign targeting Indian users by impersonating trusted entities, and a global campaign distributing the BTMOB RAT, which enables credential theft and device takeover. The final payload capabilities include extracting sensitive data, enabling full device compromise, facilitating financial fraud, and unauthorized cryptocurrency mining. MiningDropper's modularity allows it to adapt and scale across various campaigns while maintaining low detection rates.

Winsage

April 16, 2026

CISA flags Windows Task Host vulnerability as exploited in attacks

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about a vulnerability in the Windows Task Host, identified as CVE-2025-60710, which poses a risk of privilege escalation, potentially allowing attackers to gain SYSTEM privileges. This flaw affects devices running Windows 11 and Windows Server 2025 and arises from a weakness in link following. Microsoft released a patch for this issue in November 2025. CISA has added CVE-2025-60710 to its list of actively exploited vulnerabilities and mandated that Federal Civilian Executive Branch agencies secure their systems within two weeks. CISA encourages all organizations, including those in the private sector, to implement necessary patches and improve network security. CISA also advised organizations to follow vendor instructions for mitigations or discontinue use of the affected product if mitigations are unavailable.

Winsage

April 5, 2026

Claude Cowork and Claude Code Can Now Control Your Windows Desktop

On April 3, 2026, Anthropic expanded Claude’s desktop control feature to Windows for Pro and Max subscribers, allowing users to operate applications, navigate web pages, and manage files on their PCs without prior configuration. The feature is in research preview and includes a Dispatch companion for task assignment from mobile devices. Claude uses a structured tool hierarchy for task execution, prioritizing connectors like Slack and Google Calendar, and engages in direct desktop control only when necessary. Users must opt in to activate the feature, which integrates with existing software without requiring API keys. The technology is partly derived from Anthropic’s acquisition of Vercept AI, which specializes in AI-driven computer control. Security concerns have arisen due to vulnerabilities demonstrated shortly after the launch, prompting Anthropic to implement safeguards while acknowledging the feature's potential errors. Users can stop Claude's operations, but the company admits it cannot disable the technology remotely once tasks have started. Competitors like Microsoft and Google are also exploring similar desktop-level AI automation capabilities.

Winsage

March 31, 2026

Microsoft to upgrade Windows Subsystem for Linux (WSL) with faster file access, better networking and easier setup

Microsoft plans to enhance the Windows Subsystem for Linux (WSL) in 2026, focusing on several key improvements for developers. These enhancements include: - Faster file performance between Linux and Windows to address current latency issues. - Improved network compatibility and throughput for better communication between environments. - A streamlined setup and onboarding experience to simplify installation for newcomers. - Enhanced enterprise management and security features to improve control and safety in corporate settings.

Tech Optimizer

February 25, 2026

Effective ways to prevent the download of malicious code

Malware is malicious software designed to disrupt normal system operations, often infiltrating devices through activities like web browsing or opening documents. In 2023, SonicWall Capture Labs reported over 6 billion malware attacks, an 11% increase from the previous year. Common types of malware include viruses, worms, Trojans, spyware, adware, ransomware, fileless malware, and bots. Malware spreads through email attachments, phishing links, compromised websites, fake apps, and removable media. Its effects can include performance issues, data theft, and financial damage. Signs of malware presence include sluggish performance, unexpected crashes, and unauthorized changes. Recommended actions if malware is suspected include disconnecting the device, running a malware scan, and changing passwords. Preventative measures include using security software, practicing safe browsing, keeping software updated, and building security awareness.