telemetry data Archives

Winsage

June 8, 2026

Microsoft answers what you must do as Windows 11 Secure Boot deadline hits in days

The expiration date of the original Microsoft Secure Boot KEK certificate is June 24, 2026. Microsoft held a live "Ask Microsoft Anything" session on June 4 to address concerns regarding this deadline. The expiration affects the KEK key, while the DB key remains valid until October. After June 24, Microsoft will not be able to sign new DBX payloads, which are necessary for revoking compromised bootloaders. Devices without the new KEK may miss future revocations, leading to decreased security but will not stop booting immediately. The June Patch Tuesday update is expected to classify most systems as high confidence. IT administrators are advised to use the Intune monitoring report for device status and updates. Devices in a "temporarily paused" status require OEM firmware updates. Administrators should not delay manual rollouts for devices outside the high confidence classification. Secure Boot must be enabled to update certificates, and re-enabling it later can pose risks. Older models may receive high confidence classification faster than newer ones due to statistical requirements. In PXE boot environments, caution is needed when updating bootloaders. The Secure Boot update mechanism is consistent across Windows 10 and 11, and event logs are important diagnostic tools. Key event log entries include 1801, 1802, and 1803, which indicate various device statuses and issues. Microsoft provides resources at aka.ms/GetSecureBoot for further guidance.

AppWizard

May 31, 2026

Haptics make racing games feel so real that I can’t believe I was actually indoors using a PC and not on a racetrack.

The MTC-P Extreme is a haptic seat insert designed for sim-racing enthusiasts, offering haptic feedback based on telemetry data from supported racing games. It is compatible with titles such as Assetto Corsa, iRacing, F1 25, and others, but not Forza Horizon 6. The device features 14 actuators and connects to a PC via USB, with an accompanying app for tuning. It provides a visceral experience that enhances the realism of racing simulations. Sensit Haptics aims to deliver an exceptional sim-racing experience and offers a more accessible option compared to full motion platforms.

Winsage

May 27, 2026

Is it time to move from Windows to Linux?

The evolution of software development has progressed from intricate coding practices in the era of Windows 3.1 to more user-friendly programming environments. Linux applications typically require less RAM, often functioning efficiently with 8 to 16 GB, compared to 32 GB for Windows. Users can explore Linux through platforms like WSL, Hyper-V, or VirtualBox without fully committing. Linux serves as a viable alternative for older PCs that cannot support Windows 11 and acquiring Linux development skills can enhance professional profiles. Linux updates generally do not require reboots, and users can choose when to install them. Windows systems tend to slow down over time due to registry clutter, while Linux maintains performance integrity. Windows runs numerous background processes that could be disabled for better performance, but users may not know which ones are safe to turn off. Developers may find Windows frustrating due to increasing restrictions and limited administrative privileges. In contrast, Linux provides transparency regarding telemetry data. Microsoft's Visual Studio Code is a leading text editor for Linux, highlighting Microsoft's influence on Linux development. The introduction of Python and C# on Linux has showcased its performance advantages. While Windows has an edge in GUI development, tools like Flutter are enabling Linux GUI application creation. Many Linux utilities work seamlessly from the terminal. Transitioning to full-time Linux use is a personal choice, especially for gamers or those with specific project needs. The ability to develop in languages like Rust, Flutter, and C# across both operating systems encourages exploration of various Linux distributions.

Winsage

May 25, 2026

5 things Microsoft isn’t fixing with Windows 11 that I’d love to see happen

Microsoft is enhancing Windows 11 with significant updates, including a revamped Windows Update, performance improvements, and customization options for the Start menu and taskbar. The company is addressing device driver issues and engaging with the Windows 11 community for feedback. Users desire features such as a toggle to eliminate advertisements and recommendations, the option to remove references to OneDrive, Bing, Edge, and Game Pass, and the ability to disable web search results in Windows 11 search. The requirement for a Microsoft account for Windows 11 installation has frustrated users who prefer local accounts, prompting calls for the restoration of this option. Users also seek meaningful control over default app installations and the ability to turn off telemetry easily, as current settings are complex. Additionally, there are long-standing projects in Windows 11 that require completion, such as fully integrating dark mode, incorporating the Light Switch feature from PowerToys, and accelerating the migration of legacy features from the Control Panel to the Settings app.

AppWizard

May 11, 2026

New TrickMo Variant: Device Take Over malware targeting Banking, Fintech, Wallet & Auth apps

Modern Android banking malware is evolving with architectural enhancements for increased stealth, resilience, and operational flexibility. In early 2026, a new variant of the TrickMo Android banking trojan was identified, actively targeting banking and wallet users in France, Italy, and Austria. This variant has replaced its predecessor in ongoing campaigns and has transitioned its command-and-control traffic to The Open Network (TON). Key features of the new TrickMo variant include: - The primary command-and-control channel now operates over TON, utilizing .adnl endpoints through an embedded local TON proxy. - It employs a runtime-loaded APK (dex.module) with enhanced functionalities, including reconnaissance, SSH tunneling, and SOCKS5 proxying, allowing infected devices to act as network pivots. - TrickMo is classified as Device Take Over (DTO) malware, targeting banking, fintech, wallet, and authenticator applications on Android devices. - Operators gain control over infected devices through accessibility-service permissions, enabling capabilities such as credential phishing, keylogging, screen recording, remote control, and SMS interception. The new variant features a modular architecture with a host APK functioning as a launcher and persistence layer, while offensive capabilities are delivered through the dynamically loaded dex.module. Significant enhancements include network reconnaissance commands (curl, dnslookup, ping, telnet, traceroute) and socket-level tunneling via an embedded SSH client. Indicators of compromise include specific SHA-256 hashes and package names associated with TrickMo dropper applications and host applications. The malware retains unused permissions for NFC capabilities, suggesting a strategic approach to device filtering.

Tech Optimizer

May 8, 2026

CrowdStrike Falcon: What US Businesses Need to Know Right Now About the Security Platform

CrowdStrike Falcon is a cloud-native endpoint protection platform (EPP) and extended detection and response (XDR) solution used by many U.S. organizations to combat modern cyber threats such as ransomware and supply chain attacks. It utilizes behavioral analysis, machine learning, and real-time telemetry instead of traditional signature-based detection methods. Falcon features a lightweight agent that operates on various endpoints, collecting telemetry data for analysis. Key modules include Falcon Prevent for blocking malware, Falcon Insight for monitoring endpoint activity, and Falcon OverWatch for managed detection and response services. The platform also offers identity protection and cloud workload security, integrating telemetry from various environments for a comprehensive threat view. Falcon is particularly beneficial for medium to large-sized organizations with dedicated security teams and complex IT infrastructures. However, it may not be suitable for smaller businesses due to its licensing model and operational complexity. Its strengths include rapid deployment, scalability, and advanced detection capabilities, while its limitations involve reliance on proper configuration and cloud connectivity. Competitors include Microsoft Defender for Endpoint and SentinelOne. Organizations considering Falcon should evaluate their security needs, existing infrastructure, and budget, as well as the total cost of ownership.

AppWizard

May 8, 2026

Arc Raiders studio confirms AI anti-cheat is tracking player behavior

Embark Studios has implemented new anti-cheat measures for Arc Raiders, utilizing machine learning and a kernel-level detection system to identify and eliminate cheating behaviors. The studio emphasizes human review of ban appeals, despite automated processes, to ensure fairness. They are also addressing the misuse of accessibility devices by analyzing gameplay patterns to distinguish between legitimate use and cheating. The studio acknowledges the ongoing refinement of these systems and the importance of human oversight in the appeal process. Additionally, while they have reduced reliance on AI for content creation, they see its application in combating cheating as beneficial for maintaining a fair gaming environment.

Tech Optimizer

May 7, 2026

What Is Endpoint Detection and Response?

Traditional endpoint security measures, such as antivirus software and firewalls, are increasingly ineffective against sophisticated cyberattacks, which can bypass these defenses. Endpoint Detection and Response (EDR) is a solution that emphasizes rapid detection and containment of threats, continuously monitoring endpoint activity and identifying suspicious behavior in real time. EDR platforms gather data from all connected endpoints and utilize AI-driven analytics to detect both known and unknown threats. In 2024, over 97 billion exploitation attempts were recorded, underscoring the need for robust endpoint protection. EDR tools operate in four stages: detection, containment, investigation, and elimination of threats. They collect telemetry data from endpoints to establish a baseline of normal activity, enabling the identification of anomalies that may indicate a threat. EDR can automatically isolate affected endpoints, terminate malicious processes, and execute remediation actions. EDR employs two methods for threat detection: comparing endpoint activity against indicators of compromise for known threats and using behavioral detection models for unknown threats. The system can generate reports on threat activity and response effectiveness, aiding compliance and operational decision-making. The telemetry data collected is stored in a centralized repository, supporting threat-hunting initiatives. Organizations that deployed EDR in 2024 experienced an average breach cost that was significantly lower than those that did not. EDR minimizes security blind spots, reduces the attack surface by identifying vulnerabilities, speeds up investigations and responses, blocks new threats through behavioral analysis, and strengthens other security measures when integrated with existing tools. Challenges in EDR implementation include alert fatigue, integration complexity, resource constraints, and limited scope. When choosing an EDR solution, organizations should prioritize features such as real-time threat detection, automated response capabilities, behavioral analysis, offline protection, low performance impact, and integration with existing tools. EDR functions effectively as part of a layered security strategy, complementing other tools like Endpoint Protection Platforms (EPP) and Extended Detection and Response (XDR). EDR focuses on endpoint activity, while EPP serves as a first line of defense against common threats, and XDR broadens the scope to include network traffic and cloud workloads. VPNs encrypt network traffic, providing an additional layer of protection for data in transit.

Winsage

May 5, 2026

Microsoft’s new Windows 11 Run dialog is faster than the Windows 95-era version it’s replacing

Microsoft is developing a modernized version of the Run dialog for Windows 11, featuring a streamlined design created using C# and WinUI 3. The new Run dialog has a median "time-to-show" of 94 milliseconds, which is an improvement over the old dialog's 103 milliseconds. This new version is designed to be more functional and user-friendly, allowing users to quickly access their home directory and supporting dark mode. The modern Run dialog is currently being rolled out as an opt-in feature for Insiders in the Experimental Channel.

Winsage

April 22, 2026

Microsoft Teams 26072.519.4556.7438: Right-click bug on desktop

The Microsoft Teams desktop client has a bug affecting users on macOS and Windows after the update to build 26072.519.4556.7438, specifically with the right-click functionality not working. Users are advised to use keyboard shortcuts (Ctrl+C, Ctrl+X, Ctrl+V) for clipboard operations. The issue was first mentioned on the Patchmanagement.org mailing list, referencing issue TM1279908, which noted service degradation alerts from Microsoft 365. Users have reported problems with copying and pasting URLs, text, and images, with the paste option grayed out in the context menu. Microsoft has identified a potential root cause and is rolling out a fix while monitoring telemetry data, with the next status update expected on April 21, 2026.