IT NEWS

Microsoft AI “Recall” feature records everything, secures far less

Developing an AI-powered threat to security, privacy, and identity is certainly a choice, but it’s one that Microsoft was willing to make this week at its “Build” developer conference.

On Monday, the computing giant unveiled a new line of PCs that integrate Artificial Intelligence (AI) technology to promise faster speeds, enhanced productivity, and a powerful data collection and search tool that screenshots a device’s activity—including password entry—every few seconds.

This is “Recall,” a much-advertised feature within what Microsoft is calling its “Copilot+ PCs,” a reference to the AI assistant and companion which the company released in late 2023. With Recall on the new Copilot+ PCs, users no longer need to manage and remember their own browsing and chat activity. Instead, by regularly taking and storing screenshots of a user’s activity, the Copilot+ PCs can comb through that visual data to deliver answers to natural language questions, such as “Find the site with the white sneakers,” and “blue pantsuit with a sequin lace from abuelita.”

As any regularly updated repository of device activity poses an enormous security threat—imagine hackers getting access to a Recall database and looking for, say, Social Security Numbers, bank account info, and addresses—Microsoft has said that all Recall screenshots are encrypted and stored locally on a device.

But, in terms of security, that’s about all users will get, as Recall will not detect and obscure passwords, shy away from recording pornographic material, or turn a blind eye to sensitive information.

According to Microsoft:

“Note that Recall does not perform content moderation. It will not hide information such as passwords or financial account numbers. That data may be in snapshots that are stored on your device, especially when sites do not follow standard internet protocols like cloaking password entry.”

The consequences of such a system could be enormous.

With Recall, a CEO’s personal laptop could become an even more enticing target for hackers equipped with infostealers, a journalist’s protected sources could be within closer grasp of an oppressive government that isn’t afraid to target dissidents with malware, and entire identities could be abused and impersonated by a separate device user.

In fact, Recall seems to only work best in a one-device-per-person world. Though Microsoft explained that its Copilot+ PCs will only record Recall snapshots to specific device accounts, plenty of people share devices and accounts. For the domestic abuse survivor who is forced to share an account with their abuser, for the victim of theft who—like many people—used a weak device passcode that can easily be cracked, and for the teenager who questions their identity on the family computer, Recall could be more of a burden than a benefit.

For Malwarebytes General Manager of Consumer Business Unit Mark Beare, Recall raises yet another issue:

“I worry that we are heading to a social media 2.0 like world.”

When users first raced to upload massive quantities of sensitive, personal data onto social media platforms more than 10 years ago, they couldn’t predict how that data would be scrutinized in the future, or how it would be scoured and weaponized by cybercriminals, Beare said.

“With AI there will be a strong pull to put your full self into a model (so it knows you),” Beare said. “I don’t think it’s easy to understand all the negative aspects of what can happen from doing that and how bad actors can benefit.”


We don’t just report on threats – we help safeguard your entire digital identity

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.

How to remove a user from a shared Android device

Some of our loyal readers may remember my little mishap when I was able to track my wife by accident after inadvertently adding myself to her phone as a user.

For exactly that reason we want to warn against sharing devices and at least show you how to remove other people’s accounts from your device.

The steps may be slightly different depending on your Android version, device type, and vendor, but most users should be able to follow these steps.

For the primary user:

  • Open Settings
  • Tap System > Multiple users.
Multiple users screen Android

If you can’t find this setting, try searching your Settings app for users.

  • Tap the name of the user you want to remove.
  • Tap Delete user > Delete. If successful, the user will be removed from the list.
  • If you want to stay the only user, you can turn the Multiple users feature off.

If you’re not the primary user (you can’t delete the primary user):

  • Under Multiple Users tap More (three stacked dots).
  • Tap Delete [username] from this device. Important: You can’t undo this.
  • The device will switch to the owner’s profile.

Note: Android devices allow two types of additional users:

  • Secondary user: This is any user added to the device other than the system user. Secondary users can be removed (either by themselves or by an admin user) and cannot impact other users on a device. These users can run in the background and continue to have network connectivity.
  • Guest user: Temporary secondary user. Guest users have an explicit option to quickly delete the guest user when its usefulness is over. There can be only one guest user at a time.

Another privacy issue can be caused by having additional accounts on the device. Accounts are contained within a user but are not linked to a particular user. The tracking issue I discussed was caused by adding one of my Google accounts to my wife’s phone.

To remove unwanted accounts:

  • Under Settings, tap on Accounts and Backups
  • Then tap on Manage Accounts
  • Select the account you want to remove and you will see the option to do that.

If you’re having trouble finding any of these settings on your specific Android device, reach out through the comments and when we can, we’ll add as many specific instructions as possible to the post.

How to remove a user from a shared Mac

There will be times when you need to remove a user from a device. In this article we’ll show you how to remove a user from a Mac.

For a better understanding it’s good to understand the difference between an actual user of the device and a “sharing only user.” On a Mac, you can use Sharing Only User settings to create a user that has access to your files and folders over the network. You can also use these settings to limit their access to your shared information and system.

Both have very similar ways of removal:

  • Apple menu > System Settings
  • Click Users & Groups in the sidebar. (You may need to scroll down.)
  • Click the Info button next to the user or group you want to delete, then click Delete User or Delete Group. Note: If a user is logged in to this Mac now, you can’t select them.
Users & Groups menu on a Mac

This will delete sharing users immediately. For other users you’ll have to decide what you want to do with their Home folder first. You can delete it, keep it, or save it in a disk image.

  • To save it in a disk image, select Save the home folder in a disk image, then click Delete User. This archives all the user’s documents and information so the user can be restored later if needed. The disk image is saved in /Users/Deleted Users/.
  • To leave the user’s home folder as is, select Don’t change the home folder, then click Delete User. The user’s documents and information are saved and the user can be restored later if needed. The Home folder remains in /Users/.
  • To remove the user’s home folder from the computer: Select Delete the home folder, then click Delete User. The user’s folder will be deleted.

If you don’t delete a user’s home folder, you can restore the user and the contents of the home folder. (A sharing-only user doesn’t have a home folder.)


Did you know there’s a Malwarebytes for Mac? Give it a try!

How to remove a user from a shared Windows device

There will be times when you need to remove a user from a device. In this article we’ll show you how to remove a user from Windows 10 or 11.

On Windows you can create a local user account (an offline account) for anyone who will frequently use your PC. But the best option in most cases, is for everyone who uses your PC to have a Microsoft account. With a Microsoft account, you can access your apps, files, and Microsoft services across your devices.

Should you want to remove an additional user account from Windows 10 or 11, you can:

  • Select Start Settings Accounts Family & other users. 
  • Under Other users, select the flyout for the account you want to remove.
  • Next to Account and data, select Remove. Note: this will not delete their Microsoft account, it will just remove their sign-in info from your Windows device.
Windows Family & other users menu

Please note that Windows devices can have more than one administrator account. A user with an administrator account can access everything on the system, and any malware they encounter can use the administrator permissions to potentially infect or damage any files on the system. Only grant that level of access when absolutely necessary and to people you trust.


We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

Your vacation, reservations, and online dates, now chosen by AI: Lock and Code S05E11

This week on the Lock and Code podcast…

The irrigation of the internet is coming.

For decades, we’ve accessed the internet much like how we, so long ago, accessed water—by traveling to it. We connected (quite literally), we logged on, and we zipped to addresses and sites to read, learn, shop, and scroll. 

Over the years, the internet was accessible from increasingly more devices, like smartphones, smartwatches, and even smart fridges. But still, it had to be accessed, like a well dug into the ground to pull up the water below.

Moving forward, that could all change.

This year, several companies debuted their vision of a future that incorporates Artificial Intelligence to deliver the internet directly to you, with less searching, less typing, and less decision fatigue. 

For the startup Humane, that vision includes the use of the company’s AI-powered, voice-operated wearable pin that clips to your clothes. By simply speaking to the AI pin, users can text a friend, discover the nutritional facts about food that sits directly in front of them, and even compare the prices of an item found in stores with the price online.

For a separate startup, Rabbit, that vision similarly relies on a small, attractive smart-concierge gadget, the R1. With the bright-orange slab designed in coordination by the company Teenage Engineering, users can hail an Uber to take them to the airport, play an album on Spotify, and put in a delivery order for dinner.

Away from physical devices, The Browser Company of New York is also experimenting with AI in its own web browser, Arc. In February, the company debuted its endeavor to create a “browser that browses for you” with a snazzy video that showed off Arc’s AI capabilities to create unique, individualized web pages in response to questions about recipes, dinner reservations, and more.

But all these small-scale projects, announced in the first month or so of 2024, had to make room a few months later for big-money interest from the first ever internet conglomerate of the world—Google. At the company’s annual Google I/O conference on May 14, VP and Head of Google Search Liz Reid pitched the audience on an AI-powered version of search in which “Google will do the Googling for you.”

Now, Reid said, even complex, multi-part questions can be answered directly within Google, with no need to click a website, evaluate its accuracy, or flip through its many pages to find the relevant information within.

This, it appears, could be the next phase of the internet… and our host David Ruiz has a lot to say about it.

Today, on the Lock and Code podcast, we bring back Director of Content Anna Brading and Cybersecurity Evangelist Mark Stockley to discuss AI-powered concierges, the value of human choice when so many small decisions could be taken away by AI, and, as explained by Stockley, whether the appeal of AI is not in finding the “best” vacation, recipe, or dinner reservation, but rather the best of anything for its user.

“It’s not there to tell you what the best chocolate chip cookie in the world is for everyone. It’s there to help you figure out what the best chocolate chip cookie is for you, on a Monday evening, when the weather’s hot, and you’re hungry.”

Tune in today to listen to the full conversation.

Show notes and credits:

Intro Music: “Spellbound” by Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 4.0 License
http://creativecommons.org/licenses/by/4.0/
Outro Music: “Good God” by Wowa (unminus.com)


Listen up—Malwarebytes doesn’t just talk cybersecurity, we provide it.

Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being with our exclusive offer for Malwarebytes Premium for Lock and Code listeners.

What is real-time protection and why do you need it? 

The constant barrage of cyber threats can be overwhelming for all of us. And, as those threats evolve and attackers find new ways to compromise us, we need a way to keep on top of everything nasty that’s thrown our way. 

Malwarebytes’ free version tackles and reactively resolves threats already on your system, but the real-time protection you get with Malwarebytes Premium Security goes one step further and actively monitors your computer’s files, processes, and system memory in real time to block threats before they have a chance to do any damage. You don’t need to worry about what happens after your initial scan, because real-time protection is actively waiting to combat new threats and keep you safe. 

Imagine your computer is like a castle, and you want to protect your people from potential invaders. Having real-time protection is like having guards stationed all around your castle, constantly watching for signs of trouble and stopping them in their path before they can cause harm. 

Here’s how guarding that castle looks like in cybersecurity terms: 

1. Proactive and continuous monitoring

      We monitor your files, processes, and system memory, your incoming and outgoing data, and the behavior of applications on your system. All in real time. 

      2. Dynamic detection

        Unlike traditional approaches that rely heavily on detecting malware that is already known to exist, Malwarebytes employs dynamic detection techniques, such as heuristic analysis, behavior monitoring, and machine learning to detect and block threats based on their behavior and characteristics, even if the threats have never been seen before.  

        3. Multi-layered defense

          Malwarebytes real-time protection offers a multi-layered approach to security, combining various technologies to provide comprehensive protection against a variety of threats. This includes protection against viruses, ransomware, potentially unwanted programs (PUPs), spyware, trojans, exploits, and other forms of malware.  

          4. Rapid response 

            When Malwarebytes detects suspicious activity or potential threats, it responds quickly. Malwarebytes quarantines or removes malicious files, protects you from harmful websites, and blocks unauthorized access to your system.  

            5. Minimal impact 

              Malwarebytes runs quietly in the background and protects you without hogging your device’s resources.  

              6. Regular updates to malware detection database 

                To ensure our program is equipped to detect and block the latest threats, we continuously update our database and algorithms.  

                In short, real-time protection serves as a proactive defense layer against constantly evolving cyber threats. Having this layer improves your cybersecurity and gives you peace of mind in this increasingly digital world.  

                Don’t just take our word for it: Malwarebytes Premium Security was awarded “Product of the Year” in a recent AVLab test

                Keep yourself protected and upgrade to Malwarebytes Premium Security.  

                Financial institutions ordered to notify customers after a breach, have an incident response plan

                The Securities and Exchange Commission (SEC) has announced rules around breaches for certain financial institutions—registered broker-dealers, investment companies, investment advisers, and transfer agents— that require them to have written incident response policies and procedures that can be used in the event of a breach.

                The requirement is an adoption of amendments to Regulation S-P, which was enacted in 2000 to safeguard the financial information of consumers, requiring financial institutions to tell customers about how they use their personal information.

                But things have changed drastically since 2000. Even in the four years between 2018 and 2022, complaints about identity theft more than doubled, per the FBI’s Internet Crime Complaint Center.

                SEC Chair Gary Gensler said:

                “Over the last 24 years, the nature, scale, and impact of data breaches has transformed substantially. These amendments to Regulation S-P will make critical updates to a rule first adopted in 2000 and help protect the privacy of customers’ financial data. “

                Under these amendments, covered firms will be required to notify customers of breaches that might put their personal data at risk. This will give these customers the chance to prepare themselves for the negative consequences of a breach.

                Covered organizations have to provide notice to victims as soon as possible and no later than 30 days after becoming aware of an incident involving the leak of customer information. Organizations must include details about the incident, the data leaked and what victims can do to protect themselves. As Gensler puts it:

                “The basic idea for covered firms is if you’ve got a breach, then you’ve got to notify.”

                The amendments will become effective 60 days after publication in the Federal Register. Larger entities will have 18 months after the date of publication in the Federal Register to comply with the amendments, and smaller entities will have 24 months after the date of publication in the Federal Register to comply.

                Has your data been exposed?

                If you want to find out how much of your data has been exposed online, you can try our free Digital Footprint scan. Fill in the email address you’re curious about (it’s best to submit the one you most frequently use) and we’ll send you a free report.


                We don’t just report on threats – we help safeguard your entire digital identity

                Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.

                A week in security (May 13 – May 19)

                Last week on Malwarebytes Labs:

                Last week on ThreatDown:

                Stay safe!


                Our business solutions remove all remnants of ransomware and prevent you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

                Deleted iPhone photos show up again after iOS update

                iPhone owners are reporting that photos they’d deleted are now back on their phones, after updating to iOS 17.5.

                With so many users reporting similar oddities, it would seem something went wrong, or at least different than to be expected. Here are some examples from Reddit:

                “When in conversation with my partner, I went to send a picture and saw that the latest pictures were nsfw material we’d made years ago”

                “I have four pics from 2010 that keep reappearing as the latest pics uploaded to iCloud. I have deleted them repeatedly.”

                “Same thing happened to me. Six photos from different times, all I have deleted. Some I had deleted in 2023.”

                When you delete a photo from an iPhone or iPad, it goes into a “Recently deleted” album for up to 30 days to make it easy to recover if the photo is accidentally deleted. However, the above examples vastly exceed this timeframe, and it’s unclear exactly what’s happened here.

                When you delete a file, actually all that happens is you remove the pointer that tells you where exactly the file is located. This makes it hard to find, but not impossible. Until the system uses the location of the deleted file and replaces it with other data, the file can be retrieved.

                Apple’s last update for iOS 17.5 and iPadOS 17.5 came out on Monday with a warning to update your iPhone as soon as possible. That’s because iOS 17.5 fixes 15 security vulnerabilities, some of which are serious. Please don’t let this article stop you from installing the update, but it’s good to be prepared for some unexpected behavior.

                At the time of writing, Apple hasn’t commented on the issue.


                We don’t just report on phone security—we provide it

                Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

                Scammers can easily phish your multi-factor authentication codes. Here’s how to avoid it

                More and more websites and services are making multi-factor-authentication (MFA) mandatory, which makes it much harder for cybercriminals to access your accounts. That’s a great thing. But as security evolves, so do cybercriminals who are always looking for new ways to scam us.

                A type of phishing we’re calling authentication-in-the-middle is showing up in online media. While these techniques, named after man-in-the-middle (MitM) attacks, have existed for a while, they appear to be gaining traction now.

                It works like this: A user gets lured to a phishing site masquerading as a site they normally use, such as a bank, email or social media account. Once the user enters their login into the fake site, that information gets redirected by the cybercriminals to the actual site, without the user knowing.

                The user is then prompted for their MFA step. They complete this, usually by entering a code or accepting a push notification, and this information is then relayed to the criminals, allowing them to login to the site.

                Once the criminals are into an account, they can start changing settings like the account’s email address, phone number, and password, so the user can no longer log in, or they can simply clean out a bank account. This may help you understand why many platforms ask for your PIN or other authentication again when you try to change one of these important settings.

                Victims are lured to phishing sites like these via links from social media or emails where it can be hard to identify the real link.  Phishing sites can even show up in sponsored search results, in the same way as we reported about tech support scams.

                How to protect yourself from authentication-in-the-middle attacks

                • Keep your wits about you. Being aware of how scammers work is the first step to avoiding them. Don’t assume sponsored search results are legit, and trust that if something seems suspicious then it probably is.
                • Use security software. Many security programs block known phishing sites, although domains are often short-lived and get rotated quickly. Malwarebytes Browser Guard can help protect you.
                • Use a password manager. Password managers will not auto-fill a password to a fake site, even if it looks like the real deal to you.
                • Consider passkeys. Multi-factor authentication is still super-important to enable, and will protect you from many types of attacks, so please continue to use it. However, authentication-in-the-middle attacks only work with certain types of MFA, and passkeys won’t allow the cybercriminals to login to your account in this way. Many services have already begun using passkeys and they’re no doubt here to stay.

                We don’t just report on threats—we remove them

                Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.