Windows security

Winsage
June 29, 2026
Major PC manufacturers, including HP, Dell, ASUS, Lenovo, MSI, Acer, Samsung, LG, and Microsoft’s Surface division, have provided guidance on transitioning to new Secure Boot certificates as the expiration of Microsoft’s 2011 certificates approaches. The expiration will occur in three phases: Microsoft Corporation KEK CA 2011 expired on June 24, 2026; Microsoft UEFI CA 2011 expired on June 27, 2026; and Microsoft Windows Production PCA 2011 is set to expire on October 19, 2026. Microsoft has begun rolling out replacement certificates through Windows Update, contingent on OEMs providing compatible BIOS updates. ASUS offers detailed documentation for both consumer and commercial devices, confirming that most users will receive updates automatically. Lenovo provides direct download links for BIOS updates organized by product family and specifies which products will not receive updates. Dell's support article covers its entire product lineup, noting that devices with an End of Service Life before January 1, 2026, will not receive updates. HP outlines a dual-track approach for updates, with specific timelines for commercial PCs. Microsoft's Surface devices receive updates directly from Microsoft, while MSI categorizes guidance based on processor generation for its laptops. Acer emphasizes backing up the BitLocker recovery key and provides a model table for confirmed BIOS release dates. Samsung confirms that all PCs running Windows 10 or 11 will function normally post-expiration, but security updates will cease. LG has released a guide for checking BIOS updates for its PCs. To verify if a PC has the 2023 certificates, users can check the Secure Boot section in Windows Security. A green checkmark indicates successful application, while yellow or red icons indicate pending updates or incompatibility. Microsoft has pushed the certificates to all eligible devices as of June 2026.
Tech Optimizer
June 26, 2026
In 2026, Bitdefender, Norton 360, and McAfee each achieved a perfect score of 18 out of 18 in AV-TEST’s April evaluation. Bitdefender excels in protection technology and has the lightest footprint among paid tiers. Norton 360 offers an unlimited VPN, substantial cloud backup, and LifeLock identity theft protection, achieving the best real-world protection score in 2025. McAfee is strong in identity protection and unlimited-device pricing but falls short in core malware engine performance. Bitdefender is noted for its advanced threat detection and has a low entry price of .99 for its Antivirus Plus. Norton 360 includes an unlimited VPN and up to 250 GB cloud backup, while McAfee+ Ultimate provides identity theft coverage and three-bureau credit monitoring. All three products received perfect scores in AV-TEST’s April evaluation, but independent lab results from AV-Comparatives showed Norton and Bitdefender as Top-Rated Products, while McAfee did not achieve this status. The specifications comparison reveals that Bitdefender supports up to 25 devices, Norton 360 offers unlimited devices, and McAfee also supports unlimited devices. Bitdefender employs Advanced Threat Defense, Norton uses SONAR and Intrusion Prevention, and McAfee utilizes Real Protect. Norton and McAfee received AV-Comparatives Performance awards in 2025 for their light system impact, while Bitdefender did not receive such recognition. Pricing strategies include significant renewal increases after steep first-year discounts. Customer support varies, with Norton and McAfee providing extensive 24/7 support, while Bitdefender offers limited phone support. The ownership structures differ, with Norton under Gen Digital, McAfee as a private entity, and Bitdefender remaining independent. Real-world scenarios suggest Bitdefender is best for single users, Norton 360 or McAfee+ for families, McAfee+ Ultimate or Norton for identity theft concerns, and Norton 360 for privacy-focused users.
Winsage
June 23, 2026
Microsoft has unveiled build 26300.8697 for Windows 11, which includes a new setting that allows users to disable Bing-powered web results in the Windows Search function. This feature aims to provide a more focused search experience by minimizing distractions from online suggestions. Users in the European Economic Area have had similar controls due to the Digital Markets Act, and Microsoft is now extending this functionality to all markets. The new setting can be found under Settings > Privacy & security > Search and is labeled "Web Searches." Additionally, the "Privacy & security" page has been reorganized for better usability, with new entry points for features like Passkeys and the Custom Dictionary. Currently, the feature is not officially available and can only be activated using ViveTool feature IDs, indicating that it is still in development.
Tech Optimizer
June 22, 2026
The author conducted an experiment by disabling both Bitdefender and Windows Security for a week to rely solely on personal cybersecurity instincts. They took precautions by using a secondary device and backing up important data. Throughout the week, the author experienced heightened awareness while navigating online tasks, encountered a phishing email, and adapted to a more deliberate browsing rhythm. Key takeaways included exercising caution, verifying sources, being aware of URLs, and keeping software updated. The experiment highlighted the importance of both good habits and antivirus software in maintaining cybersecurity. The author concluded that while personal vigilance is crucial, antivirus software is essential for those lacking strong instincts.
Winsage
June 21, 2026
The expiration of Microsoft's Secure Boot 2011 certificates on June 24 will not prevent older Windows PCs from booting, as confirmed by Microsoft. Devices will continue to operate normally, but they will miss future boot-level security updates, including updates to the Windows Boot Manager and mitigations for newly identified vulnerabilities. The ability to receive the Secure Boot 2023 update depends on the device firmware's compatibility, with many manufacturers, including Dell, HP, Lenovo, and ASUS, having cutoffs for BIOS updates based on the device's End of Service Life. Older PCs using Legacy BIOS or Compatibility Support Module (CSM) mode do not utilize UEFI Secure Boot, making the update irrelevant. Users running Windows 11 on unsupported hardware may have Secure Boot disabled or improperly configured. Without the 2023 certificates, devices cannot receive future revocation updates to the Secure Boot DBX, which lists compromised bootloaders. Users on Windows 10 with supported OEMs may receive the update if a compatible BIOS is available, while those on older PCs without updates can continue using their devices but will lack future security updates. The Secure Boot status can be checked through the Windows Security app, with color-coded badges indicating the status of the certificates.
Winsage
June 15, 2026
Microsoft has expanded the rollout of the Secure Boot 2023 certificate update to more Windows 11 and Windows 10 devices with the June 2026 Patch Tuesday update (KB5094126). This update aims to ensure that most supported consumer PCs are classified as high confidence, meaning necessary certificates are either installed or will be applied automatically. Secure Boot is a firmware security feature that verifies the software attempting to load during the startup process, blocking unauthorized software. The certificates supporting Secure Boot, issued in 2011, are expiring in stages starting June 24, 2026, prompting Microsoft to deploy replacement certificates. Most home users do not need to take manual action as the updates will occur automatically via Windows Update. Users can check their Secure Boot certificate status in the Windows Security app. A yellow warning indicates pending compatibility data, while a red alert suggests a firmware incompatibility requiring a BIOS update. Multiple reboots during the update process are normal, and a new SecureBoot folder in Windows is for staging cryptographic files. Older PCs may experience longer update times, and some may not receive updates due to firmware issues. HP users should check for BIOS updates if encountering BitLocker recovery loops. IT administrators should monitor device classifications and manually initiate updates for devices not in the high confidence category. Devices with Secure Boot disabled cannot receive updates, leaving them vulnerable. The expiration of the Microsoft Corporation KEK CA 2011 certificate on June 24 does not immediately affect device functionality, but it limits Microsoft's ability to sign new bootkit blacklist updates.
Search