Computerworld.com [Hacking News]

Syndikovat obsah
Making technology work for business
Aktualizace: 10 min 3 sek zpět

Where does Apple Intelligence come from?

4 hodiny 29 min zpět

Apple Intelligence isn’t entirely Apple’s intelligence; just like so many other artificial intelligence (AI) tools, it also leans into all the human experience shared on the internet because all that data informs the AI models the company builds.

That said, the company explained where it gets the information it uses when it announced Apple Intelligence last month: “We train our foundation models on licensed data, including data selected to enhance specific features, as well as publicly available data collected by our web-crawler, AppleBot,” Apple explained.

Your internet, their product

Apple isn’t alone in doing this. In using the public internet this way, it is following the same approach as others in the business. The problem: that approach is already generating arguments between copyright holders and AI firms, as both sides grapple with questions around copyright, fair use, and the extent to which data shared online is commodified to pour even more cash into the pockets of Big Tech firms. 

Getty Images last year sued Stability AI for training its AI using 12 million images from its collection without permission. Individual creatives have also taken a stance against these practices. The concern is the extent to which AI firms are unfairly profiting from the work humans do, without consent, credit, or compensation.

In a small attempt to mitigate such accusations, Apple has told web publishers what they have to do to stop their content being used for Apple product development

Can you unmake an AI model?

What isn’t clear is the extent to which information already scraped by Applebot for use in Apple Intelligence (or any generative AI service) can then be winnowed out of the models Apple has already made. Once the model is created using your data, to what extent can your data be subsequently removed from it? The learning — and potential for copyright abuse — has already been baked in.

But where is the compensation for those who’ve made their knowledge available online? 

In most cases, the AI firms argue that what they are doing can be seen as fair use rather than being any violation of copyright laws. But, given that what constitutes fair use differs in different nations, it seems highly probable that the evolving AI industry is heading directly toward regulatory and legal challenges around their use of content.

That certainly seems to be part of the concern coming from regulators in some jurisdictions, and we know the legal framework around these matters is subject to change. This might also be part of what has prompted Apple to say it will not introduce the service in the EU just yet.

Move fast and take things

Right now, AI companies are racing faster than government regulation. Some in the space are attempting to side-step such debates by placing constraints around how data is trained. Adobe, for example, claims to train its imaging models only using legitimately licensed data. 

In this case, that means Adobe Stock images licensed content and older content that is outside of copyright.

Adobe isn’t just being altruistic in this — it knows customers using its generative AI (genAI) tools will be creating commercial content and recognizes the need to ensure its customers don’t end up being sued for illegitimate use of images and other creative works. 

What about privacy?

But when it comes to Apple Intelligence, it looks like the data you’ve published online has now become part of the company product, with one big exception: private data.

“We never use our users’ private personal data or user interactions when training our foundation models, and we apply filters to remove personally identifiable information like social security and credit card numbers that are publicly available on the Internet,” it said. 

Apple deserves credit for its consistent attempts to maintain data privacy and security, but perhaps it should develop a stronger and more public framework toward the protection of the creative endeavors of its customer base.

Please follow me on Mastodon, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.

Kategorie: Hacking & Security

AI chip battleground shifts as software takes center stage

6 hodin 15 min zpět

The AI landscape is undergoing a transformative shift as chipmakers, traditionally focused on hardware innovation, are increasingly recognizing the pivotal role of software.

This strategic shift is redefining the AI race, where software expertise is becoming as crucial as hardware prowess.

AMD’s recent acquisitions: a case study

AMD’s recent acquisition of Silo AI, Europe’s largest private AI lab, exemplifies this trend. Silo AI brings to the table a wealth of experience in developing and deploying AI models, particularly large language models (LLMs), a key area of focus for AMD.

This acquisition not only enhances AMD’s AI software capabilities but also strengthens its presence in the European market, where Silo AI has a strong reputation for developing culturally relevant AI solutions.

“Silo AI plugs important capability gap [for AMD] from software tools (Silo OS) to services (MLOps) to helping tailor sovereign and open source LLMs and at the same time expanding its footprint in the important European market,” said Neil Shah, partner & co-founder at Counterpoint Research.

AMD’s move follows its previous acquisitions of Mipsology and Nod.ai, further solidifying its commitment to building a robust AI software ecosystem. Mipsology’s expertise in AI model optimization and compiler technology, coupled with Nod.ai’s contributions to open-source AI software development, provides AMD with a comprehensive suite of tools and expertise to accelerate its AI strategy.

“These strategic moves strengthen AMD’s ability to offer open-source solutions tailored for enterprises seeking flexibility and interoperability across platforms,” said Prabhu Ram, VP of industry research group at Cybermedia Research. “By integrating Silo AI’s capabilities, AMD aims to provide a comprehensive suite for developing, deploying, and managing AI systems, appealing broadly to diverse customer needs. This aligns with AMD’s evolving market position as a provider of accessible and open AI solutions, capitalizing on industry trends towards openness and interoperability.”

Beyond AMD: A broader industry trend

This strategic shift towards software is not limited to AMD. Other chip giants like Nvidia and Intel are also actively investing in software companies and developing their own software stacks.

“If you look at the success of Nvidia, it is driven not by silicon but by software (CUDA) and services (NGC with MLOps, TAO, etc.) it offers on top of its compute platform,” Shah said. “AMD realizes this and has been investing in building software (ROCm, Ryzen Aim, etc.) and services (Vitis) capabilities to offer an end-to-end solution for its customers to accelerate AI solution development and deployment.”

Nvidia’s recent acquisition of Run:ai and Shoreline.io, both specializing in AI workload management and infrastructure optimization, also underscores the importance of software in maximizing the performance and efficiency of AI systems.

But this doesn’t mean chipmakers follow similar trajectories toward their goals. Manish Rawat, semiconductor analyst at Techinsights pointed out that for a large part, Nvidia’s AI ecosystem has been established through proprietary technologies and a robust developer community, giving it a strong foothold in AI-driven industries.

“AMD’s approach with Silo AI signifies a focused effort to expand its capabilities in AI software, positioning itself competitively against Nvidia in the evolving AI landscape,” Rawat added.

Another relevant example in this regard is Intel’s acquisition of Granulate Cloud Solutions, a provider of real-time continuous optimization software. Granulate assists cloud and data center clients in optimizing compute workload performance while lowering infrastructure and cloud expenses.

Software to drive differentiation

The convergence of chip and software expertise is not just about catching up with competitors. It’s about driving innovation and differentiation in the AI space.

Software plays a crucial role in optimizing AI models for specific hardware architectures, improving performance, and reducing costs. Eventually, software could decide who rules the AI chip market.

“The bigger picture here is that AMD is obviously competing with NVIDIA for supremacy in the AI world,” said Hyoun Park, CEO and chief analyst at Amalgam Insights. “Ultimately, this is not just a question of who makes the better hardware, but who can actually back the deployment of enterprise-grade solutions that are high-performance, well-governed, and easy to support over time. And although Lisa Su and Jensen Huang are both among the absolute brightest executives in tech, only one of them can ultimately win this war as the market leader for AI hardware.” 

The rise of full-stack AI solutions

The integration of software expertise into chip companies’ offerings is leading to the emergence of full-stack AI solutions. These solutions encompass everything from hardware accelerators and software frameworks to development tools and services.

By offering a comprehensive suite of AI capabilities, chipmakers can cater to a wider range of customers and use cases, from cloud-based AI services to edge AI applications.

For instance, Silo AI, first and foremost, brings an experienced talent pool, especially working on optimizing AI models, tailored LLMs, and more, according to Shah. Silo AI’s SIloOS particularly is a very powerful addition to AMD’s offerings allowing its customer to leverage advanced tools and modular software components to customize AI solutions to their needs. This was a big gap for AMD.

“Thirdly, Silo AI also brings in MLOps capabilities which are a critical capability for a platform player to help its enterprise customers deploy, refine and operate AI models in a scalable way,” Shah added. “This will help AMD develop a service layer on top of the software and silicon infrastructure.”

Implications for enterprise tech

The shift of chipmakers from purely hardware to also providing software toolkits and services has significant ramifications for enterprise tech companies.

Shah stressed that these developments are crucial for enabling enterprise and AI developers to fine-tune their AI models for enhanced performance on specific chips, applicable to both training and inference phases.

This advancement not only speeds up product time-to-market but also aids partners, whether they are hyperscalers or manage on-premises infrastructures, in boosting operational efficiencies and reducing total cost of ownership (TCO) by improving energy usage and optimizing code.

“Also, it’s a great way for chipmakers to lock these developers within their platform and ecosystem as well as monetize the software toolkits and services on top of it. This also drives recurring revenue, which chipmakers can reinvest and boost the bottom line, and investors love that model,” Shah said.

The future of AI: a software-driven landscape

As the AI race continues to evolve, the focus on software is set to intensify. Chipmakers will continue to invest in software companies, develop their own software stacks, and collaborate with the broader AI community to create a vibrant and innovative AI ecosystem.

The future of AI is not just about faster chips — it’s about smarter software that can unlock the full potential of AI and transform the way we live and work.

Kategorie: Hacking & Security

OpenAI reportedly stopped staffers from warning about security risks

7 hodin 44 min zpět

A whistleblower letter obtained by The Washington Post accuses OpenAI of illegally restricting employees from communicating with authorities about the risks their technology may pose. The letter was reportedly sent to the US Securities and Exchange Commission (SEC) — the agency that oversees the trading of securities — urging the regulators to review OpenAI.

According to the letter, OpenAI allegedly used illegal non-disclosure agreements to, among other things, force employees to refrain from whistle-blowing incentives and it required them to state whether they had contact with authorities.

OpenAI has come under previous criticism for the restrictive design of its non-disclosure agreements, which it said it would modify. In a statement to The Washington Post, OpenAI spokesperson Hannah Wong said: “Our whistleblower policy protects employees’ rights to make protected disclosures.”

More OpenAI news:

Kategorie: Hacking & Security

OpenAI is working on new reasoning AI technology

7 hodin 1 min zpět

ChatGPT developer OpenAI is developing a new kind of reasoning AI models with the project name “Strawberry” that can be used for research, according to a report by Reuters. Strawberry was apparently earlier known by the name “Q” and would be considered a breakthrough within OpenAI.

The plan is for the new Strawberry models to not only be able to generate answers based on instructions, but also to be able to plan ahead by navigating the internet independently and reliably perform what OpenAI calls “deep research.”

How Strawberry works under the hood remains unclear; it is also unknown how long the technology may be from completion. In a comment to Reuters, an OpenAI spokesperson said continued research into new AI opportunities is ongoing within the industry. However, the spokesperson did not say anything specific about Strawberry in particular.

More OpenAI news:

Kategorie: Hacking & Security

OpenAI whistleblowers seek SEC probe into ‘restrictive’ NDAs with staffers

7 hodin 52 min zpět

Some employees of ChatGPT-maker OpenAI have reportedly written to the US Securities and Exchange Commission (SEC) seeking a probe into some employee agreements, which they term restrictive non-disclosure agreements (NDAs).

These staffers-turned-whistleblowers have written to the SEC alleging that the company forced their employees to sign agreements that were not in compliance with SEC’s regulations.

“Given the well-documented potential risks posed by the irresponsible deployment of AI, we urge the commissioners to immediately approve an investigation into OpenAI’s prior NDAs, and to review current efforts apparently being undertaken by the company to ensure full compliance with SEC rules,” read the letter shared with Reuters by the office of Senator Chuck Grassley.

The same letter alleges that OpenAI made employees sign agreements that curb their federal rights to whistleblower compensation and urges the financial watchdog to impose individual penalties for each such agreement signed.

Further, the whistleblowers have alleged that OpenAI’s agreements with employees restricted them from making any disclosure to authorities without checking with the management first and any failure to comply with these agreements would attract penalties for the staffers.

The company, according to the letter, also did not create any separate or specific exemptions in the employee non-disparagement clauses for disclosing securities violations to the SEC.

An email sent to OpenAI about the letter went unanswered.

The Senator’s office also cast doubt about the practices at OpenAI. “OpenAI’s policies and practices appear to cast a chilling effect on whistleblowers’ right to speak up and receive due compensation for their protected disclosures,” the Senator was quoted as saying.

Experts in the field of AI have been warning against the use of the technology without proper guidelines and regulations.

In May, more than 150 leading artificial intelligence (AI) researchers, ethicists, and others signed an open letter calling on generative AI (genAI) companies to submit to independent evaluations of their systems to maintain basic protection against the risks of using large-scale AI.

Last April, the who’s who of the technology industry called for AI labs to stop training the most powerful systems for at least six months, citing “profound risks to society and humanity.”

That open letter, which now has more than 3,100 signatories including Apple co-founder Steve Wozniak, called out San Francisco-based OpenAI Lab’s recently announced GPT-4 algorithm in particular, saying the company should halt further development until oversight standards were in place. OpenAI, on the other hand, in May formed a safety and security committee led by board members as they started researching their next large language models.

More OpenAI news:

Kategorie: Hacking & Security

Analysts expect weak demand for Apple Vision Pro

7 hodin 57 min zpět

On Friday, Apple Vision Pro was launched in Europe. But the analysts do not expect any major sales success.

According to research firm IDC, fewer than 500,000 units of the mixed reality headset will be sold in 2024, which is partly due to the high price. Apple’s headset costs $3,499; that corresponds, for example, to almost 50,000 Swedish kronor with included VAT and other fees.

By comparison, Facebook’s parent company Meta sells its Meta Quest 3 headset for $499, and its predecessor, the Meta Quest 2, retails for $299.

According to rumors, a cheaper variant of the Apple Vision Pro will be launched in 2025, but release dates and details remain unclear.

More on Apple Vision Pro:

Kategorie: Hacking & Security

The promise and peril of ‘agentic AI’

9 hodin 40 min zpět

Amazon last week made an unusual deal with a company called Adept in which Amazon will license the company’s technology and also poach members of its team, including the company’s co-founders.

The e-commerce, cloud computing, online advertising, digital streaming and artificial intelligence (AI) giant is no doubt hoping the deal will propel Amazon, which is lagging behind companies like Microsoft, Google and Meta in the all-important area of AI. (In fact, Adept had previously been in acquisition talks with both Microsoft and Meta.) 

Adept specializes in the hottest area of AI that hardly anyone is talking about, but which some credibly claim is the next leap forward for AI technology. 

But wait, what exactly is agentic AI? The easiest way to understand it is by comparison to LLM-based chatbots. 

How agentic AI differs from LLM chatbots

We know all about LLM-based chatbots like ChatGPT. Agentic AI systems are based on the same kind of large language models, but with important additions. While LLM-based chatbots respond to specific prompts, trying to deliver what’s asked for literally, agentic systems take that further by incorporating autonomous goal-setting, reasoning, and dynamic planning. They’re also designed to integrate with applications, systems, and platforms. 

While LLMs, such as ChatGPT, reference huge quantities of data and hybrid systems, like Perplexity AI, combine that with real-time web searches, agentic systems further incorporate changing circumstances and contexts to pursue goals, causing them to reprioritize tasks and change methods to achieve those goals. 

While LLM chatbots have no ability to make actual decisions, agentic systems are characterized by advanced contextual reasoning and decision-making. Agentic systems can plan, “understand” intent, and more fully integrate with a much wider range of third-party systems and platforms. 

What’s it good for?

One obvious use for agentic AI is as a personal assistant. Such a tool could — based on natural-language requests — schedule meetings and manage a calendar, change times based on others’ and your availability, and remind you of the meetings. And it could be useful in the meetings themselves, gathering data in advance, creating an agenda, taking notes and assigning action items, then sending  follow-up reminders. All this could theoretically begin with a single plain-language, but vague, request.

It could read, categorize and answer emails on your behalf, deciding which to answer and which to leave for you to respond to. 

You could tell your agentic AI assistant to fill out forms for you or subscribe to services, entering the requested information and even processing any payment. It could even theoretically surf the web for you, gathering information and creating a report.

Like today’s LLM chatbots, agentic AI assistants could use multimodal input and could receive verbal instructions along with audio, text, and video inputs harvested by cameras and microphones in your glasses. 

Another obvious application for agentic AI is for customer service. Today’s interactive voice response (IVR) systems seem like a good idea in theory — placing the burden on customers to navigate complex decision trees while struggling with inadequate speech recognition so that a company doesn’t need to pay humans to interface with customers — but fail in practice. 

Agentic AI promises to transform automated customer service. Such technology should be able to function as if it not only understands the words but also the problems and goals of a customer on the phone, then perform multi-step actions to arrive at a solution.

They can do all kinds of things a lower-level employee might do — qualify sales leads, do initial outreach for sales calls, automate fraud detection and loan application processing at a bank, autonomously screen candidates applying for jobs, and even conduct initial interviews and other tasks. 

Agentic AI should be able to achieve very large-scale goals as well — optimize supply chains and distribution networks, manage inventory, optimize delivery routes, reduce operating costs, and more.

The risk of agentic AI

Let’s start with the basics. The idea of AI that can operate “creatively” and autonomously — capable of doing things across sites, platforms and networks, directed by a human-created prompt with limited human oversight — is obviously problematic.

Let’s say a salesperson directs agentic AI to set up a meeting with a hard-to-reach potential client. The AI understands the goal and has vast information about how actual humans do things, but no moral compass and no explicit direction to conduct itself ethically.  

One way to reach that client (based on the behavior of real humans in the real world) could be to send an email, tricking the person into clicking on self-executing malware, which would open a trojan on the target’s system to be used for exfiltrating all personal data and using that data to find out where that person would be at a certain time. The AI could then place a call to that location, and say there’s an emergency. The target would then take the call, and the AI would try to set up a meeting.

This is just one small example of how an agentic AI without coded or prompted ethics could do the wrong thing. The possibilities for problems are endless. 

Agentic AI could be so powerful and capable that there’s no way this ends well without a huge effort on the development and maintenance of AI governance frameworks that include guidelines, safety measures, and constant oversight by well-trained people.

Note: The rise of LLMs, starting with ChatGPT, engendered fears that AI could take jobs away from people; agentic AI is the technology that could really do that at scale.

The worst-case scenario would be for millions of people to be let go and replaced by agentic AI. The best case is that the technology  would be inferior to a human partnering with it. With such a tool, human work could be made far more efficient and less error-prone. 

I’m pessimistic that agentic AI can benefit humanity if the ethical considerations remain completely in the hands of Silicon Valley tech bros, investors, and AI technologists. We’ll need to combine expertise from AI, ethics, law, academia, and specific industry domains and move cautiously into the era of agentic AI.

It’s reasonable to feel both thrilled by the promise of agentic AI and terrified about the potential negative effects. One thing is certain: It’s time to pay attention to this emerging technology. 

With a giant, ambitious, capable, and aggressive company like Amazon making moves to lead in agentic AI, there’s no ignoring it any longer. 

More by Mike Elgan:

Kategorie: Hacking & Security

Renegade business units trying out genAI will destroy the enterprise before they help

9 hodin 40 min zpět

One of the more tired cliches in IT circles refers to “Cowboy IT” or “Wild West IT,” but it’s the most appropriate way to describe enterprise generative AI (genAI) efforts these days. As much as IT is struggling to keep on top of internal genAI efforts, the biggest danger today involves various business units globally creating or purchasing their very own experimental AI efforts.

We’ve talked extensively about Shadow AI (employees/contractors purchasing AI tools outside of proper channels) and Sneaky AI (longtime vendors silently adding AI features into systems without telling anyone). But Cowboy AI is perhaps the worst of the bunch because no one can get intro trouble. Most boards and CEOs are openly encouraging all business units to experiment with genAI and see what enterprise advantages they can unearth.

The nightmare is that almost none of those line of business (LOB) teams understand how much they are putting the enterprise at risk. Uncontrolled and unmanaged, genAI apps are absolutely dangerous.

Longtime Gartner analyst Avivah Litan (whose official title these days is Distinguished VP Analyst) wrote on LinkedIn recently about the cybersecurity dangers from these kinds of genAI efforts. Although her points were intended for security talent, the problems she describes are absolutely a bigger problem for IT.

“Enterprise AI is under the radar of most Security Operations, where staff don’t have the tools required to protect use of AI,” she wrote. “Traditional Appsec tools are inadequate when it comes to vulnerability scans for AI entities. Importantly, Security staff are often not involved in enterprise AI development and have little contact with data scientists and AI engineers. Meanwhile, attackers are busy uploading malicious models into Hugging Face, creating a new attack vector that most enterprises don’t bother to look at. 

“Noma Security reported they just detected a model a customer had downloaded that mimicked a well-known open-source LLM model. The attacker added a few lines of code that caused a forward function. Still, the model worked perfectly well, so the data scientists didn’t suspect anything. But every input to the model and every output from the model were also sent to the attacker, who was able to extract it all. Noma also discovered thousands of infected data science notebooks. They recently found a keylogging dependency that logged all activities on their customer’s Jupyter notebooks. The keylogger sent the captured activity to an unknown location, evading Security which didn’t have the Jupyter notebooks in its sights.”

IT leaders: How many of the phrases above sound a little too familiar? 

Your team “often not involved in enterprise AI development and have little contact with data scientists and AI engineers?” Bad guys “creating a new attack vector that most enterprises don’t bother to look at?” Or maybe “the model worked perfectly well so the data scientists didn’t suspect anything. But every input to the model and every output from the model were also sent to the attacker, who was able to extract it all” or a manipulated external app which your IT team “didn’t have in its sights?”

Some enterprises have debated creating a new AI executive, but that’s unlikely to help. It will more than likely be an executive with lots of responsibilities, far too little budget and no actual authority to get any business unit to comply with the AI chief’s edicts. It’s sort of like many CISOs today, a toothless manager but with even more headaches. 

The better answer is to use the best power in the world to force LOB executives to take AI efforts seriously: make it an HR-approved criteria for their annual bonus. Put massive financial penalties on any problems that result from AI efforts their unit undertakes. (Paycheck hits get their attention because it is literally money out of their pockets.) Then add a caveat: If IT approves the effort in writing, then you are fully blameless for anything bad that later happens.

Magically, getting IT signoff becomes important to those LOB leaders. Then and only then, the CIO will have the clout to protect the company from errant AI.

Another possible outcome of this carrot-stick approach is that business execs will still want to maintain control and will instead hire AI experts for their units directly. That works, too. 

The cost of trying out many of these genAI efforts — especially for a relatively short time — is often negligible. That can be bad because it makes it easy for LOB workers to underestimate the risks to the business that they are accepting. 

The potential of genAI is unlimited and exciting, but if strict rules aren’t put in place right away, it could well destroy a business before it has a chance to help. 

Yippee-ki-yay, CIO.

Kategorie: Hacking & Security

For July, Microsoft’s Patch Tuesday update fixes four zero-day flaws

12 Červenec, 2024 - 21:00

Microsoft released 132 updates in its July Patch Tuesday update while addressing four zero-days (CVE-2024-35264CVE-2024-37985CVE-2024-38080 and CVE-2024-38112) affecting Windows desktop, Microsoft .NET and Visual Studio. This is a very significant patch cycle for Microsoft SQL Server, but there are no updates for Microsoft browsers and a low profile set of patches for Microsoft Office. No major revisions require attention, with testing focused squarely on SQL dependent applications. 

The team at Readiness has provided a useful infographic detailing the risks with each of the updates this cycle. 

Known issues 

Each month, Microsoft publishes a list of known issues included in its latest release, including two reported minor issues:

  • After you install KB5034203 (dated 01/23/2024) or later updates, some Windows devices that use the DHCP Option 235 to discover Microsoft Connected Cache (MCC) nodes in their network might be unable to use those nodes. Microsoft offered two options to mitigate the issue through setting the Cache Hostname or using group policies. Microsoft is still working on a resolution.
  • Context menus and dialog buttons in some Windows apps, or parts of the Windows OS user interface (UI), might display in English when English is not set as the display language. This might also affect font size.

We fully expect to see more issues relating to how the Windows UI presented over the coming months as Microsoft works through some of the core level issues with new ARM builds. This means that even non-ARM builds will be affected (see CVE-2024-37985). Look out for input method editor, language pack, and dialog box language issues for non-English builds.

Major revisions 

This Patch Tuesday saw Microsoft publishing the following major revisions to past  security and feature updates, including:

  • CVE-2024-30098 : Windows Cryptographic Services Security Feature Bypass. Microsoft has added a FAQ to explain how this vulnerability is being addressed and further actions customers must take to be protected from it. This is an informational change only; no further action is required.
Mitigations and workarounds

Microsoft published the following vulnerability-related mitigations for this month’s release cycle: 

Each month, the Readiness team analyses the latest Patch Tuesday updates and provides detailed, actionable testing guidance based on assessing a large application portfolio and a detailed analysis of the patches and their potential impact on the Windows platforms and app installations.

For this cycle, we have grouped the critical updates and required testing efforts into different functional areas:

Microsoft Office
  • Test out your Teams logins (which shouldn’t take too long).
  • Because SharePoint was updated, third-party extensions or dependencies will require testing.
  • Due to the change in Outlook, Internet Calendars (ICS files) will require testing.
  • With the Visio update, large CAD drawings will require a basic import and load test.
Microsoft .NET and developer tools

Microsoft has updated the Microsoft .NET, MSI Installer and Visual Studio with the following testing guidance:

  • PowerShell updates will require a diagnostics test. Try the command, “import-module Microsoft.powershell.diagnostics – verbose” and validate that you are getting the correct results from your home directory.
  • Due to the change in the Windows core installation technology (MSI), please validate that User Account Control (UAC) still functions as expected.
Microsoft SQL Server

This month is a big update for both Microsoft SQL Server and the local, or workstation supporting elements of OLE. The primary focus for this kind of complex effort should be your line-of-business or core applications. These are the applications that have multiple data connections and rely on complex, multiple object/session requirements. Due to the changes this month, we can’t recommend specific Windows feature testing regimes, as we are most concerned that the business logic (and resulting data) of the application in question might be affected. Only you will know what looks good; we advise a comparative testing regime across unpatched and newly patched systems looking for data disparities.

Windows

Microsoft made another update to the Win32 and GDI subsystems with a recommendation to test out a significant portion of your application portfolio. We also recommend that you test the following functional areas in the Windows platform:

  • File compression has been updated, so file and archive extraction scenarios will need to be exercised.
  • Due to the Microsoft codec updates, perform a system reboot and test that your audio and camera still work together.
  • Security updates will require the testing of the creation of new Windows certificates.
  • Networking changes will require a test of DNS and DHCP, specifically the DHCP R_DhcpAddSubnetElement API. As part of these changes, testing VPN authentication will be required. Try to include your Network Policy Server (NPS) as part of the connection creation and deletion effort.
  • This month’s update to Remote Desktop Services (RDS) will require the creation and revocation of license requests.
  • A significant update to the Network Driver Interface Specification (NDIS) will require testing of network traffic involving repeated bursts of large files. Try using Teams while this networking burst testing is in progress.
  • Backup and printing have been updated, so test your volumes and ensure that when you print out a test page, your OS does not crash (yes, really). Try printing out TIFF files. (Hey, you might like it.)

As part of the ongoing effort to support the new ARM architecture, Microsoft released the first patch for this new platform, CVE-2024-37985. This is an Intel assigned processor-level vulnerability that has been mitigated by a Microsoft OS level patch. The Readiness team has provided guidance on potential ARM-related compatibility and testing issues. 

Specifically, the Readiness team was concerned with Input Method Editors (IMEs). We suggest a full test cycle of Windows input related features such as keyboard, mouse, touch, pen, gesture and dictation. Some internet shortcuts might be affected as well as wallpapers.

Windows lifecycle update 

This section contains important changes to servicing (and most security updates) to Windows desktop and server platforms.

  • Home and Pro editions of Windows 11, version 22H2 will reach end of service on Oct. 8, 2024. Until then, these editions will only receive security updates. They will no longer receive non-security, preview updates.

Each month, we break down the update cycle into product families (as defined by Microsoft) with the following basic groupings: 

  • Browsers (Microsoft IE and Edge);
  • Microsoft Windows (both desktop and server); 
  • Microsoft Office;
  • Microsoft Exchange Server ;
  • Microsoft Development platforms (ASP.NET Core, .NET Core and Chakra Core)
  • Adobe (if you get this far).
Browsers

Microsoft did not release any updates for its non-Chromium browsers. Following the stable channel release of Chrome (applicable until July 25, 2024) we have not seen any changes, deprecations or testing profile updates to this browser. No further action required.
 

Windows

Microsoft released four critical and 83 updates rated as important with two zero-day patches (CVE-2024-38080 and CVE-2024-38112) affecting the Microsoft Hyper-V and MSHTML feature groups, respectively. In addition to these critical updates, Microsoft patches for July affect the following Windows feature groups:

  • Windows NTLM, Kernel, GDI and Graphics;
  • Windows Backup;
  • Windows Codecs;
  • Microsoft Hyper-V;
  • Windows (Line) Print and Fax ;
  • Windows Remote Desktop and Gateway;
  • Windows Secure Boot and Enrolment Manager.

Add these Windows updates to your Patch Now release cycle.

Microsoft Office 

Microsoft returns to form with a critical update for Office this month (CVE-2024-38023) for the SharePoint platform. We have another update for Outlook related to spoofing (CVE-2024-38020), but this vulnerability is not wormable and requires user interaction. There are four more, lower rated updates; please add all of these updates to your standard release schedule.

Microsoft SQL (nee Exchange) Server 

There were no updates for Microsoft Exchange Server this month. However, we have seen the largest release of Microsoft SQL updates in the past few years. These SQL-related updates cover 37 separate reported vulnerabilities (CVEs) and the following main product features

  • SQL Server Native Client OLE DB Provider;
  • Microsoft OLE DB Driver for SQL.

We covered the testing requirements for this SQL update in our testing guidance section above. This month’s SQL updates will require some preparation and dedicated testing before adding to your standard release schedule.

Microsoft development platforms 

Microsoft released four, low-profile updates to the Microsoft .NET and Visual Studio platforms. We do not expect serious testing requirements for these vulnerabilities. However, CVE-2024-35264 has been reported as publicly disclosed by Microsoft. This makes this an unusually urgent patch for Microsoft Visual Studio attracting a “Patch Now” rating this month.

Adobe Reader (and other third-party updates) 

Very much as our Microsoft Exchange section has been “hijacked” by SQL Server updates this month, we’re using the Adobe section for third-party updates. (There are no updates to Adobe Reader.) 

  • CVE-2024-3596: NPS RADIUS Server. A vulnerability exists in the RADIUS protocol that potentially affects many products and implementations of the RFC 2865 in the UDP version of the RADIUS protocol. 
  • CVE-2024-38517 and CVE-2024-39684: GitHub Active Directory Management Rights. The  vulnerability assigned to this CVE is in the RapidJSON library which is consumed by the Microsoft Active Directory Rights Management Services Client, hence the inclusion of this CVE with this update.
  • CVE-2024-37985: This memory related update from Intel relates to its prefetcher technology. Affected: Core Windows OS memory related components — particularly the new ARM builds, which I find both confusing and ironic.

Read Greg Lambert‘s 2024 Patch Tuesday reports:

Kategorie: Hacking & Security

EU accuses X/Twitter of breaching the Digital Services Act

12 Červenec, 2024 - 20:28

The European Commission has released the preliminary findings from an investigation launched last year into X (formerly Twitter), and said it believes the company is in breach of the Digital Services Act (DSA), which applies to marketplaces, social networks, content-sharing platforms, app stores, and online travel and accommodation platforms.

Non-compliance in three areas

In a statement, the Commission said X was found non-compliant in three areas: 

  • The “verified account” mechanism is designed and implemented in a way that deceives users and does not correspond to industry practice. “Since anyone can subscribe to obtain such a ‘verified’ status, it negatively affects users’ ability to make free and informed decisions about the authenticity of the accounts and the content they interact with,” the Commission said, adding there is “evidence of motivated malicious actors abusing the ‘verified account’ to deceive users.”
  • X does not comply with requirements around transparency in advertising. “In particular, the design does not allow for the required supervision and research into emerging risks brought about by the distribution of advertising online,” the Commission  argued.
  • X does not provide access to its public data to researchers, as specified by conditions in the DSA. Its terms of service prohibit researchers from independently accessing public data, and its process for granting researchers access via its application programming interfaces (APIs) “appears to dissuade researchers from carrying out their research projects or leave them with no other choice than to pay disproportionally high fees.”

X now has the right to examine the commission’s documentation and prepare a defense. 

If the preliminary findings are confirmed, the company faces a non-compliance decision that could result in fines of up to 6% of its global annual revenue, an order to address the issues detailed in the decision, and the potential for a period of enhanced supervision. The commission  can also impose periodic penalty payments.

The move could be seen as a warning shot to other companies.

“While the ruling may not have a direct impact on enterprise CIOs, it emphasizes learning from broader implications and the mistakes of others,” said Phil Brunkard, executive counselor at Info-Tech Research Group, UK. “It sets a precedent for public trust in online marketplaces or social media, highlighting the importance of integrity and transparency in data privacy. Regulation is not just about ticking the compliance box — it’s crucial for customer trust. CIOs must ensure strong governance to protect their brands and maintain customer trust, as trust is the foundation for successful organizations.”

Investigations continue


Investigations continue into X’s risk management around the dissemination of illegal content and the effectiveness of how it combats information manipulation.

To assist in its investigations, the Commission released a whistleblower tool that allows people to contact it anonymously with information contributing to compliance monitoring of X and other entities designated Very Large Online Platforms (VLOP) under the DSA.

X is not the only organization under scrutiny. The Commission has also initiated formal proceedings against TikTok, Meta (in separate proceedings launched in April and May 2024, respectively), and AliExpress.

Kategorie: Hacking & Security

OpenAI has developed a scale to assess how close we are to AGI

12 Červenec, 2024 - 17:22

OpenAI, the company behind the popular AI ​​chatbot Chat GPT, has now developed an evaluation scale to assess how closely AI models can approach human levels of intelligence, according to a Bloomberg report.

The scale has a total of five levels. The higher the level, the closer the AI ​​model is judged to be to human intelligence. Today’s large-scale language models are currently judged to be at level one; that corresponds to basic intelligence, but not a more advanced problem-solving ability.

Level two means that the system has a basic problem-solving ability that should be comparable to a human with a PhD. Level three means the system can act as a representative for the user. Level four means that the system can create new innovations. Finally, level five involves the step to achieve artificial general intelligence (AGI), an AI system can perform the work of entire organizations.

OpenAI has previously defined AGI as a highly automated system that can outperform humans on the majority of economically valuable tasks. OpenAI’s evaluation scale is considered preliminary and could be adjusted in the future.

More OpenAI news:

Kategorie: Hacking & Security

Now Microsoft Copilot can understand your handwriting

12 Červenec, 2024 - 17:15

Microsoft will soon enable the company’s AI assistant Copilot to read and analyze handwritten notes, The Verge reports . The function was expected to begin as a beta test at the end of last month.

Onenote users can use the function to make handwritten notes with a stylus and then let Copilot, for example, sum them up, generate a to-do list, or ask questions about the notes.

The feature can also be used to turn handwritten notes into text that is easier to edit and share. Once live, the feature will only be available to Copilot for Microsoft 365 subscribers and Copilot Pro users.

More on Microsoft Copilot:

Kategorie: Hacking & Security

Zoom adds workflow automation to save time on routine tasks

12 Červenec, 2024 - 17:06

Zoom has added a workflow automation tool to its collaboration app designed to save users time spent on repetitive tasks, the company announced this week

Available in Zoom’s Workplace app, the Workflow Automation feature (currently in beta) lets users set up automations using a drag-and-drop, no-code interface. 

Having made its name selling videoconferencing software, Zoom has expanded its functionality in recent years to cater to a wider range of collaboration scenarios. This includes chat, whiteboardnote taking, and room-booking tools that make up its Workplace product. The workflow automation tool brings Zoom’s app further into line with rival collaboration software vendors, including Slack (Workflow Builder) and Microsoft (Teams/Power Automate). 

The initial focus is on the creation of workflows in Zoom’s text chat tool, though automations across the Workplace app will be enabled later, the company said.

A simple example might be a team leader scheduling a recurring project status check-in in Zoom chat. Here, a team leader can create workflow can be set up to automatically post a pre-written message at a certain time each day to request an update from team members. Automations could also be used to introduce new team members to a channel, or simplify processes around time-off requests, Zoom said.

“We built Workflow Automation to be easy for teams of all sizes and abilities to use,” Wei Li, head of Zoom Team Chat at Zoom, said in a blog post Wednesday. “We’re launching Workflow Automation with Team Chat first because it’s an opportunity to strengthen collaboration with team members and get work done asynchronously. Workflow Automation helps teams by taking the guesswork out of setting up workflows and helps cut down on tedious and repetitive tasks.” 

Users can create their own workflow automations or select from pre-built templates. It’s also possible to connect with third-party apps such as Google Drive, Microsoft Outlook, or Atlassian Jira. 

The workflow automation features are available at no cost to paid Zoom customers during the beta trial. Some limitations will be introduced at general availability launch, with charges for usage outside of allotted “premium” workflow runs. 

Kategorie: Hacking & Security

Download our Android smartphones enterprise buyer’s guide

12 Červenec, 2024 - 17:00

From the editors of Computerworld, this enterprise buyer’s guide helps IT staff understand the various Android smartphone options for business use and how to choose the right solution for where you operate.

Kategorie: Hacking & Security

Will Apple stop at Messages via Satellite?

12 Červenec, 2024 - 16:57

With Messages via Satellite, iOS 18 shows that Apple is going into space — and as more satellites are put in place, it will expand the capabilities of the services it provides.

Introduced at WWDC, Apple Intelligence gorged gargantuan quantities of media attention, but Apple’s plans for outers space are important, too.  Available in the US with iOS 18 on iPhone 14 or later, Messages via satellite allows users to send and receive texts, emoji, and Tap backs over iMessage and SMS when a cellular or Wi-Fi connection is not available.

Satellite and iPhone chips

Apple is basically broadening the feature set it introduced when it launched SOS by Satellite (now available in multiple countries) in 2022 to include any kind of message. The system works in the same way: “Messages via satellite automatically prompts users to connect to their nearest satellite right from the Messages app to send and receive texts, emoji, and Tap backs over iMessage and SMS,” Apple explained. “Because iMessage was built to protect user privacy, iMessages sent via satellite are end-to-end encrypted.”

How Messages via Satellite works

When you aren’t connected to a network, a prompt will appear on your iPhone inviting you to use satellite services. 

  • Tap that to access Messages, Find My, Emergency SOS and Roadside Assistance. If you select Messages, a prompt will appear giving you an option to connect by satellite.
  • Choose this and your iPhone will guide you to get to the best satellite connection.
  • When typing your message, you’ll see an alert appear in the text entry field to show you that you are connecting via satellite.
  • Feedback from the first reviewers to use the feature suggests it can take a little longer to send a message if the satellite connection is weak; at other times, it can feel as swift as normal messaging.
  • All Apple’s satellite services are free for now, but the company has said enough to suggest this might eventually change.
  • You do need an iPhone 14 or later to access these services.
  • See also How to use Emergency SOS via Satellite.

That’s Messages via Satellite. 

What about Apple in space?

The Apple partnership is important to its satellite company partner.  “We are the operator for certain satellite-enabled services offered by Apple,” says Globalstar’s most recent annual report, which informs us that wholesale capacity services (which includes the Apple business) accounted for around 48% of company revenue last year.

“Wholesale satellite capacity services include satellite network access and related services using our satellite spectrum and network of satellites and gateways,” the report said. Under the Apple deal (also discussed here, and here), Globalstar must allocate network capacity to support Apple’s services and enable Band 53/53n for cellular services

In return, Apple pays recurring service fees, certain operating expenses and capital expenditures, and bonuses. Apple also supports investments in new satellite capacity. Globalstar hopes to launch another 26 satellites by next year; a German report claimed it might have more than 3,000 of them in flight in the next few years. 

The network space race

“We are excited about the new satellites that we have under construction to enhance our constellation following their launch, which is expected in 2025: more satellites mean more power on orbit that we can use to create additional supply to meet the growing demand for LEO capacity,” Globalstar said in its recent report. 

It is reasonably easy to guess that part of this increase in capacity will be dedicated to making Apple’s existing satellite services global. Following that logic, this implies the company will soon have in place an international system that supports end-to-end encrypted messaging and relies on non-nation-state infrastructure. 

At least one space expert thinks Apple will choose to widen the network to become a full space communications service — broadly in line with predictions from Bloomberg in 2020. Though these are “unlikely” to be the primary network for most people because of limitations on capacity and performance — at least, so far — as space agencies explore the potential to put data centers in space, and as network capability and processor performance improves, at what point will such communications become feasible? There sure seems to be money going in that direction.

Please follow me on Mastodon, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.

Kategorie: Hacking & Security

What to do when Windows won’t boot

12 Červenec, 2024 - 12:00

When Windows won’t boot up, it can be a disturbing experience. But that moment passes quickly, and you must decide how to get past this (hopefully) temporary hiccup.

Fortunately, there are plenty of ways to tackle this. They do vary in the time and effort required to implement, and in the severity of their potential impact on your PC.

Let’s talk about them, then work through the options and activities involved, along with a strategy for approaching such repair. Throughout, there’s special emphasis on Startup Repair and Boot Recovery tools, facilities and commands available in Windows 10 and 11.

What do you see?

When Windows tries but fails to boot, there are several possible displays you might see. These include a “black screen,” which essentially means nothing is on display at all.

The dreaded “Windows black screen with cursor.”

Ed Tittel/IDG

If you see a black screen

Should you see a black screen, check your PC indicator lights to make sure the device is still powered on. Sometimes when Windows shuts down, it can automatically kill the power, too. In such circumstances, the best possible outcome is powering up, followed by a normal boot sequence all the way into the Windows desktop.

For a black screen with the power on, things in Windows get more interesting. Even so, it’s worth cycling the power and trying again before attempting other repairs. Often, things will return to normal on their own. If you wind up with a second black screen, see my companion story “How to fix a Windows 10 black screen” for more tips, which work as well for Windows 11 as they do for Windows 10.

If you see something else: NOT a black screen

As Windows starts up, it uses a special program called a boot loader to start the process of taking over a PC, before it hands over control to the operating system. If enough “smarts” are present when a problem occurs during boot-up, users might see what’s called a “stop error” or a “blue screen.” Though the color can vary in recent versions of Windows, blue was a constant backdrop for such errors from the earliest Windows versions through Windows 7 and became enshrined in Windows folklore as the “Blue Screen of Death,” a.k.a. BSOD, as shown in Figure 1.

Figure 1: BSOD example for INACCESSIBLE_BOOT_DEVICE.

Ed Tittel / IDG

Figure 1 shows a BSOD for what might be called a basic no-boot scenario: it’s associated with Stop Code 7B (a hexadecimal number) otherwise labeled INACCESSIBLE_BOOT_DEVICE. In other words, it shows up when the boot loader recognizes that it cannot access the storage device from which it would normally load the Windows OS. What more basic cause for boot failure could there be? None!

On the other hand, if the Windows boot loader can’t load the OS but it can find a bootable Windows Recovery Environment partition, it should load a warning message like the one shown in Figure 2.

Figure 2: I forced this error, which would normally read “Windows didn’t start correctly.”

Ed Tittel / IDG

Try WinRE Startup Repair

Select See advanced repair options at lower center right in Figure 2. This displays the root-level Windows Recovery Environment (a.k.a. WinRE), as shown in Figure 3.

Figure 3: This is the root-level menu for the Windows Recovery Environment. We’ll move on to the Troubleshoot selection.

Ed Tittel / IDG

Boot repairs may be handled under the Troubleshoot option in Figure 3. (If you’ve prepared a bootable USB drive with repair tools, you could instead elect to boot to that by selecting Use a device.) When you click Troubleshoot, you’ll see the screen shown in Figure 4.

Figure 4: Advanced options appear when you select the Troubleshoot option in Figure 3. Note that the first item reads Startup Repair.

Ed Tittel / IDG

Click the Startup Repair button at upper left. Your PC immediately reboots. Against a black screen, the spinning balls appear over a legend that reads “Diagnosing your PC.” In the background, WinRE is running an automated set of startup checks and (where applicable) making repairs.

You’ll either wind up with a bootable desktop, or the UI will pop up a message that reads “Startup Repair couldn’t repair your PC,” as shown in Figure 5.

Figure 5: When Startup Repair fails (and it often does), it reports accordingly.

Ed Tittel / IDG

Failure happens more often than most of us would like. Indeed, I have occasionally seen WinRE’s automated Startup Repair work, but perhaps in only one out of three or four attempts.

Not to fear: there are several more repair strategies to try when Windows won’t boot. I’ll go over those in a moment — but first, it’s useful to understand Windows boot mechanisms and its boot configuration data (aka BCD).

Windows boot and BCD explained

Windows 11 creates at least two boot structures on any media (usually SSD or hard disk) from which Windows will boot. By convention, the disk where two special programs reside, known as the Windows Boot Manager and the Windows Boot Loader, is called a “boot disk.” If a runnable version of Windows also resides on that same drive, it’s called a “boot/system disk.”

The boot loader resides in a disk partition allocated for the Basic Input-Output System (BIOS) or Unified Extensible Firmware Interface (UEFI), the software that kicks off system start-up, to use when the system is initially booting itself up. After it goes through hardware and security checks, including device enumeration, the BIOS or UEFI hands over control to the boot loader, which starts the process of reading OS boot information from the Boot partition on the disk.

It then hands over control to the Windows Boot Manager, which takes over the process of starting up Windows and making it ready to run for user login and application support. The Windows Boot Manager is also responsible for handling what’s called Boot Configuration Data (BCD), on the system’s behalf.

When Windows 10 or 11 gets installed, it also creates a separate Recovery Partition at the tail end of the disk, where it keeps a bootable version of the Windows Recovery Environment (a.k.a. WinRE) that can take over if the Windows system/boot partition becomes inaccessible. This is depicted in the layout of the C: drive from a test PC in Figure 6, where EFI, system/boot, and recovery partitions follow one another from left to right.

Figure 6: From left to right: EFI, system/boot, and recovery partitions for C: (from DiskMgmt.msc).

class="close-button" data-wp-on--click="actions.core.image.hideLightbox">

Figure 6: From left to right: EFI, system/boot, and recovery partitions for C: (from DiskMgmt.msc).

Ed Tittel / IDG

Figure 6: From left to right: EFI, system/boot, and recovery partitions for C: (from DiskMgmt.msc).

Ed Tittel / IDG

aria-hidden="true">

Ed Tittel / IDG

If you look at the defaults for boot configuration data in Windows 10 or 11, you’ll see information about the Windows Boot Manager and the Windows Boot Loader appear (from the BCDedit command, discussed in the later section “Rebuilding Windows BCD”). Figure 7 shows the results of running the bcdedit command by itself, which displays active boot information currently known to the boot manager.

Figure 7: Run by itself (top left), BCDedit shows all active boot partitions, boot loader, boot manager, and recovery info.

class="close-button" data-wp-on--click="actions.core.image.hideLightbox">

Figure 7: Run by itself (top left), BCDedit shows all active boot partitions, boot loader, boot manager, and recovery info.

Ed Tittel / IDG

Figure 7: Run by itself (top left), BCDedit shows all active boot partitions, boot loader, boot manager, and recovery info.

Ed Tittel / IDG

aria-hidden="true">

Ed Tittel / IDG

For the purposes of our discussion in this story, it’s enough to understand that boot configuration data describes where the system should look to find the programs it needs to boot the system. Hopefully, it’s also obvious that this data is essential to starting up Windows. Thus, corruption, damage, and invalid entries in this data can (and does) result in an unbootable Windows installation. Fixing that is what we’re about here.

Repair strategies when Windows won’t boot

While you can sometimes use WinRE to repair Windows boot problems, that may not be the fastest or easiest way to fix things. In my experience, I’ve had better luck doing any or all of the following when Startup Repair didn’t fix boot issues:

  • Restoring a known, good, working OS image (e.g., using Macrium Reflect or a similar disk image tool restore operation).
  • Using a third-party boot repair tool (e.g., Macrium Rescue Media “Fix Windows boot problems” or similar boot repair tool).
  • Rebuilding the Windows Boot Configuration Data (BCD) from the command line in WinRE.

Please note: I present these options in their recommended order for the techniques covered. That’s because of the time, effort, and complexity they involve or entail. This is almost the reverse of what readers may expect. That’s because it starts from a non-boot-related approach, then goes on to explain third-party boot repair tools, and only then concludes with built-in Microsoft commands.

All this assumes you’ve tried the Startup Repair option from Figure 4 without fixing your Windows 11 boot issue, whatever it may be.

1. Restoring a known, good working image

If you’ve got a recent image backup for the non-booting PC, you can boot to its restore tool. Then you can restore that backup to the target disk. Such a restore replaces the entire disk image, including boot configuration data, disk layout, and all contents. As long as the drive itself is working, this is the fastest, safest, and surest way to resolve boot problems I know. You can read all about how to create and restore a Windows image backup in my story “How to make a Windows 10 or 11 image backup.”

Each of the image backup packages covered in that story can create its own bootable media, able to restore backups from some other drive (and often includes boot repair tools as well, as you’ll see in the next section). Those tools, including links to tutorials on creating them, are:

If you’ve been using the Windows Backup facility in Windows 11 (see my story “A new Windows 11 backup and recovery paradigm?” for info on how to use this), you will be able to access copies of files from key folders (and more) that have changed since your most recent image backup. This provides the best of both worlds when it comes to restoration, because an image backup provides immediate access to all your installed apps and applications, while Windows Backup provides access to key recent files via OneDrive.

2. Using a third-party boot repair tool

Most image backup tools mentioned in the previous section include boot repair facilities (MiniTool relies on its free Partition Wizard for repairing Windows boot errors instead). Other notable tools include those covered in the April 2024 Lifewire story “10 Best Free Disk Partition Software Tools,” many of which include boot repair facilities as part and parcel of their partition management capabilities á la MiniTool Partition Wizard (MTPW).

Personally, I’ve used the “Fix Windows Boot Problems” item from the Macrium Rescue Media on many occasions to tackle Windows boot problems. As long as the underlying drive was still working (it can’t fix failing hardware, alas), it has always been able to restore a working Windows boot environment when asked to do so.

I’ve also used the MTPW tool on multiple occasions, and it, too, has shown itself effective. Online reports and forum threads for the other tools mentioned here and in the preceding section indicate that they also enjoy positive ratings from their users.

If you don’t have a current backup to restore, or can’t restore such a backup for some reason, try one or more of these boot repair tools before you move to the Command Prompt in WinRE, as described in the next section. They will often fix whatever ails your Windows boot environment.

3. Rebuilding Windows BCD in WinRE

In the Windows environment, Boot Configuration Data (BCD) identifies programs used to boot the OS, and related settings (configuration) data. When Windows is running, the command line tool of choice for such information is BCDedit. But when you’re running inside the Windows Recovery Environment, having booted from bootable Windows install media (or some equivalent, such as the Microsoft Diagnostics and Repair Toolkit, a.k.a. DaRT), the tool of choice is bootrec.exe because it works on BCD data for the broken Windows image (that is, the one on your system/boot disk that isn’t currently working).

To run this command, select the Command Prompt option shown in Figure 4, then type the bootrec.exe command at the command line, using one of the options described in the next paragraph.

Interestingly, Microsoft’s Bootrec.exe support files haven’t been updated since the days of Windows 7. Even so, they’re still reasonably accurate for Windows 10 and 11. The following options still work in both:

  • /FixMBR: Writes a new BCD store to the system partition, without overwriting existing partition table data. This option can address boot corruption issues, especially when the boot loader can’t read or interpret available BCD info.
  • /FixBoot: Writes a new boot sector to the system partition using a boot sector compatible with the OS in use. This option helps address improper or invalid BCD changes, boot sector damage or corruption, or changes imposed when installing an older OS after a newer one was installed.
  • /ScanOS: Scans all disks for installations compatible with the current OS. Displays all boot sector entries it finds, including those not currently residing in the BCD store. This option is intended to pick up installations not showing in the Boot Manager menu.
  • /RebuildBcd: Scans all disks for installations compatible with current OS. Allows users to select an installation to add to the BCD store. Also rebuilds the BCD store from scratch.

The most common bootrec invocation is to instruct it to rebuild the BCD store — namely:

Bootrec.exe /RebuildBCD

(Note: the .exe is optional.)

If this technique does not result in a bootable Windows, follow the instructions at the end of the Microsoft support page to export and delete the BCD store, then rebuild that store anew. This usually works.

The makers of Ventoy, a terrific bootable ISO management tool, offer a tutorial called “How to Rebuild BCD in Windows Easily.” It even includes detailed bootrec instructions, especially Section 2, “Using the Command Prompt.” It walks through an illustrated version of the same instructions found at the tail end of the aforementioned support page.

You can learn a lot about the way that bootrec.exe actually works by digging into Microsoft’s detailed (and better documented) BCDedit command reference info (see also BCDedit Command-Line Options). Hopefully, you’ll have an image backup of your problem drive handy so you can always restore same should command-line repairs go off the rails.

Getting past the finish line

Ultimately, you’ll find yourself in one of two places. First and best, you’ll restore Windows to working order, including a proper boot. Second and less favorably, you’ll be stuck going nowhere with no boot in sight.

Should this happen, you’ll have to decide whether or not you want to scrub the existing Windows installation and start over. (In the most dire circumstances, this could mean replacing the boot/system drive that simply won’t boot despite all efforts to fix it.) On the other hand, it may be time to consider taking the PC into the shop to get on a professional bench for repair or replacement as their findings dictate.

In my 30-plus years of working with Windows, drive failure has come up twice. In both cases, the drive that wouldn’t boot wasn’t working and needed replacement. If this is a task you can comfortably handle (it’s something I routinely take care of for my fleet of 12-20 PCs), it’s neither terribly difficult nor time-consuming.

And again: if you have a recent backup, you can usually restore that to a new drive the same way you would work with the existing one. Remember: where there’s a will, there’s a way. Good luck!

Kategorie: Hacking & Security

What is UEM? Unified endpoint management explained

11 Červenec, 2024 - 20:56

Unified endpoint management (UEM) describes a set of technologies used to secure and manage a wide range of employee devices and operating systems — all from a single console.

Seen as the next generation of mobility software, UEM tools incorporate several existing enterprise mobility management (EMM) technologies — including mobile device management (MDM) and mobile application management (MAM) — with some of the tools used to secure desktop PCs and laptops.

[ Download our editors’ PDF unified endpoint management (UEM) enterprise buyer’s guide today! And download our handy PDF UEM vendors comparison chart.]

“UEM in theory ties this all together and gives you that proverbial one pane of glass, so you can see the state of all of your endpoints,” said Phil Hochmuth, program vice president at IDC. “It gives you visibility into what people are doing with corporate data, corporate apps, on any conceivable type of device.”

The ability to manage various device types in one place is increasingly important as businesses face a growing cybersecurity threat, said Tom Cipolla, senior director analyst at Gartner. “We need to patch faster; everybody acknowledges that,” he said. “UEM gives people a consolidated view into their environment and a consolidated patching and configuration management approach.”

The evolution of mobile management: MDM, MAM, and more

At its core, UEM consists of several device management technologies that emerged to help businesses control employee mobile devices. The first iteration of such tools was MDM, which arrived about a decade ago.

Introduced in response to the initial wave of smartphones used in the workplace, MDM was designed to help IT centrally provision, configure, and manage mobile devices that had access to corporate systems and data. Common MDM features included security configuration and policy enforcement, data encryption, remote device wipe and lock, and location tracking.

However, as employee bring-your-own-device (BYOD) schemes became more prevalent in the office — driven first by the iPhone’s popularity, later by the growth of Android — vendors began to offer more targeted management of apps and data. MAM capabilities delivered more granular controls, focusing on software rather than the device itself; features include app wrapping and containerization, and the ability to block copy/paste or restrict which apps can open certain files.

MAM features were soon packaged with MDM and other tools, such as mobile identity management and mobile information management, and sold as comprehensive enterprise mobility management (EMM) product suites. Those suites led to the next stage in the evolution of device management: UEM.

What is UEM?

UEM merges the various facets of EMM suites with functionality typically found in client management tools (CMT) used to manage desktop PCs and laptops on a corporate network. One example is Microsoft’s Intune, which combined its MDM/MAM platform with Configuration Manager (formerly System Center Configuration Manager) in 2019.

UEM platforms tend to have comprehensive operating system support, including mobile (Android, iOS) and desktop OSes (Windows 11, macOS, ChromeOS, and, in some cases, Linux). Some UEM products support more esoteric categories too, including IoT devices, AR/VR headsets, and smartwatches.

Unlike traditional CMT products, UEM tends to be available as a software-as-a-service, cloud-based tool, allowing management and updates of devices such as desktop PCs without connection to a corporate network. 

The emergence of UEM has been partly driven by the inclusion of API-based configuration and management protocols within Windows and macOS, enabling the same level of device management that was already possible with iOS and Android devices.

It speaks to a wider development, too, of the convergence of mobile and traditional computing devices, with high-end tablets often on par with laptops in terms of processing power. “You have a real blurring of the lines between what is mobile computing and what is traditional endpoint computing,” said Hochmuth.

Why invest in UEM tools?

All of these devices — mobile, desktop, Windows, Mac, in the office and remote — require a unified approach to end user device management, an approach that can provide a variety of benefits, say analysts.

Among these is the opportunity for simplified and centralized management. In short, it’s more efficient for one team to provision and manage all devices from a single tool, rather than have separate support teams and tools that were traditionally divided between mobile and Windows or macOS computers. 

“If you have a separate software product or management platform for four different operating systems, that can be cumbersome and expensive,” said IDC’s Hochmuth. “Converging down to one or two is a goal for a lot of organizations.”

UEM products can reduce manual work for IT, with the ability to create a single policy — such as requiring device encryption — that can be deployed to many devices and operating systems. The same goes for patching.  

By ensuring consistent policies across apps, devices and data, UEM tools can reduce risk, with less complexity and fewer opportunities to misconfigure policies. 

There are cost benefits in replacing separate PC and mobile management applications too. “Getting rid of one software platform and all the licensing associated with that is a cost saving. That’s not the primary driver, but it’s definitely a reason to explore UEM,” said Hochmuth. 

The UEM vendor market

The global market for unified endpoint management software is forecast to grow from $5.9 billion in 2023 to $8.9 billion in 2028, according to IDC data. The rate of yearly growth is set to slow, however, from around 16% to 6% during this period. 

There are a variety of vendors, from big-name firms to smaller, more targeted companies. Microsoft (Intune) and VMware/Broadcom (Workspace One) are often considered the UEM market leaders with the broadest offerings and largest market share by revenue. BlackBerry UEM, Citrix Meraki Systems Manager, IBM MaaS360, ManageEngine, Cisco, and Ivanti UEM are also popular products.

“All these companies have roles or verticals or use cases that they address specifically,” said Hochmuth. For instance, BlackBerry is often viewed as strong in regulated markets, such as finance or healthcare, due its focus on encryption, while Microsoft has a more of a “horizontal” product with general business use cases.  

Among the vendors that have taken a more specialized approach is Jamf, which is focused purely on Apple devices running everything from macOS to tvOS, and SOTI, whose products are tailored to certain industries, such as warehouse workers with ruggedized mobile devices.

UEM reaches mainstream adoption

Gartner defines UEM as being “a late-stage maturity market,” meaning “widespread adoption has already occurred,” said Cipolla. 

IDC data indicates that around two-thirds of US businesses have now deployed a UEM tool. That doesn’t mean most organizations will use a single UEM platform, however. 

Among those that have deployed UEM, around 70% have two or more  management products in place, said Hochmuth.   For example, an organization might have one tool to manage certain Windows devices, another for both mobile and macOS devices, and then a legacy PC management tool still in use for another set of Windows devices. “The norm is more the mixed type of organizations that have different tools and multiple UEMs,” said Hochmuth, though the trend in recent years has been towards consolidation of these tools.

What’s on the horizon for UEM? AI and autonomous endpoint management 

An ongoing trend related to UEM is the rise of digital employee experience (DEX) software. DEX tools can provide IT with data and insights into how employees interact with devices and applications, with the ability to measure usage and highlight performance problems. “That’s a growth area that all the UEM vendors are pushing into,” said Hochmuth.

Also coming to UEM tools: the integration of artificial intelligence (AI). “This space in particular, is incredibly ripe for help from an AI product,” said Hochmuth. 

AI could help manage a longtime challenge for endpoint management — scale. That’s because the wide range of devices, vulnerabilities, and configurations that have to be managed.

“The pure amount of data given off by thousands of devices running different operating systems, it’s super chaotic,” said Hochmuth. “That’s a perfect use case for an AI tool that could sift through data, help you find information you need, or even more importantly, automate a lot of the manual patching, updating, configuration – the reactionary type things that people in IT ops do. Anticipating when someone might need a fix before something breaks: AI could really help with that.”

Gartner’s Cipolla points to the emergence of autonomous endpoint management (AEM), a term that describes the combination of UEM and DEX, with additional automation and AI-assistance capabilities. “The idea is to take the human out of the middle doing the research and the leg work, and put them in control of the automation,” said Cipolla.

Several UEM vendors have already begun to incorporate AEM-like functionality into their software, said Cipolla. But it’s still early for the technology, meaning it will likely be at least a couple of years before AEM tools become more fully developed and more widely used by organizations. “It’s not a product yet, it’s a future idea, it’s a concept. As the vendors work on their ideas, it becomes a market,” he said. 

Kategorie: Hacking & Security

Apple agrees to open up Apple Pay in Europe

11 Červenec, 2024 - 17:51

As Apple faces continued waves of regulation, Apple Pay is about to open up in Europe, allowing rival payment services to gain access to the NFC chips inside iPhones to enable one-click payments.

The motivation behind forcing Apple to open up is to stimulate competition in the mobile payments space. It should enable rival services to offer mobile payments and settles a long-running dispute between Apple and the European Commission. 

What this means to Apple Pay

Under the arrangements, Apple will allow third-party wallet providers access to the NFC chip inside iOS devices without requiring them to use Apple Pay or Apple Wallet. It means rivals can now compete directly with the Apple service, and in theory means customers can choose a payment system they prefer. This relies on an extensive number of commitments, captured in a 36-page document published today.

What Europe says

“From now on, competitors will be able to effectively compete with Apple Pay for mobile payments with the iPhone in shops,” Margrethe Vestager, executive vice president in charge of competition policy, said in a statement. “So, consumers will have a wider range of safe and innovative mobile wallets to choose from.”

EC authorities have put some steel around the agreements. They will by law remain in force for 10 years and apply throughout the EEA. “Their implementation will be monitored by a monitoring trustee appointed by Apple who will report to the Commission for the same time period,” the European Commission said.

In the event Apple fails to keep its commitments, it faces a fine of up to 10% of its total annual turnover without having to find an infringement of EU antitrust rules, or a “periodic penalty” payment of 5% per day of its daily turnover for every day of non-compliance.

How will it work?

A look at the 36-page agreement suggests how the new system will work. First, developers of payment systems will need to obtain entitlements to access a series of APIs Apple will make available to support rival payment systems, but only those operating in the European Economic Area. 

The company will also work to support evolving standards; developers will be subject to developer fees, but no fees related to the use of the NFC system. That sounds like Apple will not receive a cut of payments made.

For consumers, it will be possible to choose a preferred payment system (including Apple Pay) with a new section in Settings. The iPhone will also maintain a register of installed payment apps that want NFC access, and you’ll be able to select which one to use, rather like rifling through payment cards in your real wallet.

You’ll also be able to use Apple Pay on Apple Watch and choose another system for your phone.

What about disputes?

If a developer/payment provider thinks they aren’t getting fair treatment from Apple, they will be able to submit a written complaint to the monitoring trustee. Appointed and reimbursed by Apple and approved by the European Commission, the trustee will be an independent party who monitors the company’s compliance to the agreement.

The trustee may recruit a support team of up to three advisors, and there are strict controls in place to prevent trustees running off to work for Apple or its competitors within a certain time frame. There will also be an Appeal Board to adjudicate in the event a dispute requires independent oversight. 

What about the DMA?

Apple’s decision to reach a constructive settlement concerning Apple Pay in Europe could yet turn out to be a harbinger of similar future détente regarding Europe’s Digital Markets Act. While recent statements from Vestager suggest she has little empathy for Apple’s arguments, the company has already revised some of the arrangements it proposed to bring its business practises into line with the DMA or similar rules looming in other nations.

There’s no reason to think it won’t continue to reach a constructive, if unenthusiastic, dialogue. It does remain open to question whether the agreements will go far enough for Europe or for some of the company’s loudest critics. 

But for the next decade, at least, you’ll be able to use whatever payment system you like across the European bloc as easily as you may already use Apple Pay.

Please follow me on Mastodon, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.

More by Jonny Evans:

Kategorie: Hacking & Security

With the arrival of AI, Slack adds a new chapter to its story

11 Červenec, 2024 - 12:00

It’s been 10 years since Slack launched its popular chat application and ushered in an era of fast-paced and more casual business communications. While the email inbox hasn’t yet been consigned to the past, the effect Slack has had on office work is clear, making it easier (at times, too easy) to share information and interact with colleagues, regardless of where they are. 

For the company’s new CEO, Denise Dresser, the introduction of AI-based tools is an opportunity for the company to continue to shape the way work gets done. “I could not be more optimistic about what the future of AI is going to bring to the future of how we all work,” Dresser said. “We celebrated our 10th anniversary in February and I feel like Slack was made for this moment of generative AI…, for Slack to again lead the next decade of this AI-powered future of work.”

The launch of Slack AI earlier this year is one of bigger changes to Slack’s application in recent years. A revamped user interface rolled out in 2023 sought to retain ease of use even as new functions were added. The changes ranged from canvas documents to lightweight video and voice calls and a task management tool, with automation continuing as a major focus via Workflow Builder

There have been some major changes in personnel, too. Co-founder and Stewart Butterfield announced his departure in 2022, a year after Slack’s $27.7 billion acquisition by Salesforce, and other senior leaders have since moved on. Butterfield’s successor, Lidiane Jones, was CEO for just a year before taking over at dating app company Bumble. That makes Dresser, who joined in November 2023, the third boss in a little over a year. 

Among her priorities are plans to bring Slack’s new native capabilities — such as the recently launched lists tool — to customers in a “broader way,” while continuing to build AI into the platform after the general availability launch of Slack AI in February

Another focus has been to more deeply integrate Slack into the Salesforce ecosystem in terms of both product and customer sales strategy. Dresser’s background at Salesforce — where she has held several senior executive roles since 2011 — should help align the two businesses, said Will McKeon-White, senior analyst at Forrester. Her appointment will help in “creating better joint go-to-market motions, in all the rationalization and operationalization that needs to happen with any of these motions — I’m quite a fan of that,” he said. 

Slack’s headwinds

Dresser takes over at a time of slowing growth for the business. Quarterly revenue growth during FY2024 and into FY2025 has reached between 16% and 20% year over year, roughly half as high as quarterly growth shown in Slack and Salesforce earnings reports between 2020 and 2023. 

“Slack has been facing more headwinds recently,” said McKeon-White, pointing to internal challenges such as integration efforts after the Salesforce acquisition, a fast-changing competitive environment (with a wider range of rivals such as Zoom competing more directly), and a shift in customer purchasing post-pandemic.

After businesses scrambled to roll out communication software during the COVID-19 outbreak to facilitate remote work at scale, many later sought to reduce the number of applications they use. The global market for collaboration software continued to see double digit growth, according to IDC data for 2022, when the market was valued at $33.9 billion, though the rate of increase slowed as the pandemic eased. 

Slack appears to have felt the change more acutely, said McKeon-White, due to a formidable competitor: Microsoft’s Teams, which launched in 2016 as a response to Slack’s runaway workplace success. 

For customers invested in the Microsoft 365 suite, it made sense to use what they were already paying for. “Our research shows — and I think the market shows — that a fair amount of companies have gone in that direction and said Teams is ‘good enough,’” said Irwin Lazar, president and principal analyst at Metrigy.

Microsoft has now unbundled Teams from M365 for new subscribers (following an antitrust battle with European regulators), but that’s unlikely to benefit Slack in a significant way, analysts have said.  And yet, many organizations support both apps, said McKeon-White, as businesses seek to deploy multiple communication tools to meet employee needs. 

“So, while there has been that gradual attrition and centralization, there’s now an emerging counter movement to that,” he said.

“There is competition between Slack and Teams, but when they’re used together, when they’re integrated, there’s also a synergy,” said Wayne Kurtzman, IDC’s vice president of social, community and collaboration. “So additional growth may actually come from the synergy of having both in the enterprise.”

In a crowded field, still room to grow

Despite the challenges, Slack remains in a strong position to grow, say analysts. Efforts to add functionality to the platform have paid off, making the application even more useful to customers. “The enhancements to the platform are leaning into their strengths, which is as a center of collaboration and automation in an organization…,” said McKeon-White.  

Dresser argued that the value of Slack is clear and cited the company’s own customer survey data; it indicatea a 47% productivity increase, a 36% increase in win rate for sales users, 32% faster case resolution time in customer service, and a 37% acceleration for decision making in marketing.

Said Dresser: “I find it’s not hard to make the case [to customers]; it’s focusing on the business outcome of the platform itself. Slack is where work gets done and our results and outcomes really speak to that.”

The clearest opportunity for growth lies in selling Slack to Salesforce customer organizations, said McKeon-White, though this remains a work in progress. “That is a ready-made pipeline for them, effectively, but will require some joint go-to-market efforts and additional contract value…. That might be something like platform discounts and other similar motions,” he said.

Slack hasn’t moved as aggressively to integrate with Salesforce as it might have, though the launch last year of Sales Elevate, which makes Salesforce data more easily accessible in the collaboration app, is a sign of an improvement. “I think that’s where there’s a huge opportunity to make Slack the front-end of Salesforce,” said Lazar.  If I’m a salesperson or sales manager, or if I’m using Salesforce marketing campaigns, then I can manage all the different Salesforce features within Slack, and I have the ability to collaborate,” he said.

McKeon-White also sees potential for Slack to further tailor its app to specific job roles and industries. Features like lists and Workflow Builder enable Slack to be tailored to internal use cases, such as procurement, for example, or IT, and there are  opportunities to cater to specific verticals such as a healthcare or retail organization more intently.

Slack can also increase revenues from existing customers, said Lazar, as it continues to evolve. “Most of their growth is going to happen within their existing customer base by adding new feature functionality and adding higher-level licenses, or converting people over to the Enterprise Grid product,” he said. 

Slack’s AI future

A major focus for the company, as with all vendors in the collaboration and productivity software space, is the addition of generative AI (genAI) tools. 

Slack AI launched earlier this year, with three features:

  • AI powered search. This provides personalized answers to questions based on an organization’s knowledge base. Slack AI helps users locate subject matter experts, or find information on anything from work projects to understanding unfamiliar acronyms.
  • Channel recaps. This highlights key discussion points for a Slack user after a period away from the app, or for those who have recently joined a channel.
  • Thread summaries. This feature recaps faster-moving discussions, provides thread summaries, and offers an overview of long conversations, with links to sources in each summary that enable users to check information where necessary.

Slack AI’s advantage lies in its ease of use, with little or no training required, Dresser said.

Slack AI search allows users to more quickly find information that could be buried in channels and chats.

Slack

“One of our product principles is ‘don’t make me think’ and that’s a key part of how we’re thinking about AI,” she said. That means ensuring Slack is embedded in “the most logical places that drive immediate productivity, and maybe a little bit of joy and delight in the process.” She points to the AI recap feature. “I love starting my day out with ‘recap,’ so that when there are channels that I don’t necessarily read all day long, I get a quick recap of what happened and I’m on with my day.”

Slack, like all tech companies, is still working to overcome some of genAI’s limitations. Hallucinations are an inherent problem for large language models(LLMs), particularly in a workplace context where accuracy is vital. Dresser said Slack attempts to mitigate the impact of hallucinations with citations that link back to the original source of information. “It allows people to feel that it is less of a black box,” she said. “They can actually see the specific conversation that led to the summarization of that result. It’s little things like that that provide the transparency that helps you build trust.”

Slack CEO: Trust matters

Trust around the use of customer data is a hot topic, too. Slack users recently vented frustrations at terms of service that some interpreted as the company seeking to use customer data to train its AI models. While Slack explained that the terms related to the use of “traditional” machine learning algorithms for relatively benign purposes (channel and emoji recommendations, for instance) rather than using messages to train LLMs as some had feared, the situation underlined the tensions around access to customer data. 

“We did hear from customers that we needed to be more clear, so we immediately updated our language on the website, so customers know exactly where we stand,” Dresser said. “Trust is our top priority. When we built generative AI natively into Slack, it was a huge area of our focus. 

“We do not develop LLMs or other generative AI models using customer data, full stop.”

Slack is not alone in tackling genAI’s various difficulties. “This is like the pre-game show for AI,” said Kurtzman. “It is the very beginning. Things are not where we imagine they should be. Slack is doing well with AI that’s tuned to identify content within a conversation and identify value within the conversation. But everyone’s AI is continually improving.”

Despite widespread interest in the technology, there’s still a long way to go in terms of broad adoption. A recent Slack survey showed that only 32% of respondents have accessed AI in their jobs, with half doing so on a weekly basis. 

Part of that is because of cost, part of it is uncertainty about whether generative AI can deliver value, given the additional cost to users. Slack AI costs an additional $10 per user each month — that’s less expensive than others, but still a significant outlay as AI assistants become widely available.

“For organizations who have used it [Slack AI], they seem to be very happy with it,” said McKeon-White. “But getting the budget together in order to justify another internal AI experiment is fairly difficult today: It turns out AI is expensive, especially if you try to do it for all of your organization.” 

“On the whole, we believe that pricing will eventually be baked into everything as AI becomes ubiquitous,” said Kurtzman. “But for today, the [additional] pricing generally returns value fairly quickly.” 

The initial Slack AI feature such as conversation summarization are useful, but can make it hard to justify the cost. “I think initially it’s a tough sell,” said Lazar, at least until Slack AI can integrate a wider range of data sources from third-party apps, which could significantly increase its capabilities.

Still, early Slack AI customers have already noted its utility, said Dresser; an internal analysis of pilot customers indicated it saves users an average 97 minutes a week, for instance. “We’re still in the very early days…, but the results are really positive. Starting in the right places, in a trusted manner, right in the flow of work, will be the way that I think the world begins to adopt…AI,” she said.

Kategorie: Hacking & Security

SAI Group buys Get Well; aims to use AI for better patient engagement

10 Červenec, 2024 - 22:27

Investment firm SAI Group this week announced it has acquired Get Well, a 24-year-old company that provides digital patient engagement technology to 1,000 healthcare organizations.

The financial terms of the deal were not disclosed.

SAI said the purchase of Get Well adds to its portfolio of AI healthcare companies. SAI plans to integrate its own generative AI (genAI) platform – GPT 4.0-powered RhythmX AI — “into the patient experience inside and outside the hospital.”

(RhythmX is also the name of SAIGroup’s subsidiary company.)

GetWell’s own digital patient engagement platform — Get Well 360 — already interacts with more than 10 million patients annually, offering them online point-of-care engagement and “guided care,” among other modules. The RhythmX platform offers patients prescriptive actions and recommendations doctors can drill into using a generative AI-enabled natural language interface and AI-native copilots.

“As part of SAIGroup, Get Well’s mission to enable the best patient experience will undergo a rapid transformation with AI to a full precision care platform for hospitals and ambulatory centers,” SAIGroup CEO Romesh Wadhwani said in a statement. “This strategic investment underscores SAIGroup’s commitment to innovative AI-driven solutions in healthcare and highlights our confidence in Get Well as a leader in the digital patient engagement space.” 

GetWell’s competitors in the Healthcare Management System arena include EPIC, Cerner, and eClinicalWorks.

Through mergers and acquisitions, SAIGroup has grown into a company with a massive trove of healthcare data from 300 million patients, 4.4 billion annual claims, and information on more than 1.8 million healthcare professionals, according to its own reports.

“Experience, which is often where engagement falls, continues to be the top outcome sought from digital investments,” but many organizations are still falling short of goals set by their executive leadership, according to Faith Adams, a Gartner senior director analyst.

As in most other industries, healthcare providers face a massive shortage of AI-skilled employees and IT pros needed to integrate new automation tools. Healthcare also faces a shortage of clinicians, which automated patient interactions could help address, according to Adams.

A 2024 survey by online education company Pluralsight showed more than 80% of IT pros think they can use AI, but just 12% have the skills and expertise to do so. That same survey showed 97% of firms that have deployed AI have benefited from it, citing increased productivity and efficiency, improved customer service, and reduced human error.

““The biggest part of the story is the shortage of AI tech experience, and patient engagement experience,” Adams said. “One of the bigger opportunities we see here is bringing together SAI’s AI expertise with GetWell’s patient engagement expertise.”

AI platforms can serve as digital tools to bolster patient access to personalized medicine and health literacy — the ability to obtain, read, understand, and use healthcare information to make appropriate health decisions and follow treatment instructions. AI tech can also help patients with their “digital literacy,” allowing them to better find, evaluate, and communicate information through digital media platforms.

In other words, instead of struggling to contact clinicians, online query and answer engines powered by AI can give patients answers based on their own health record information and clinical recommendations.

Gartner coined the phrase “Intelligent Health” last year to describe what it sees at the future of digital transformation in healthcare and the life science industries. Intelligent Health refers to the harnessing of the ever-growing volume and variety of patient and clinical data to offer providers and patients a better and more precise healthcare experience.

Gartner Inc.

“Given the complexity of healthcare patient journeys, there is really no one-size-fits-all, and this is where technology can help better support personalization [and] precision using data and insights,” Adams said. “Intelligent health is interoperable by default, relying on continuous data to deliver experience through the unification of digital and in-person care delivery that is precise, equitable and ethical.”

Every patient needs to be approached differently to drive behavioral changes, according to Adams. For example, if a patient needs to lose weight or eat healthier to lower their cholesterol and/or blood pressure levels, AI-based technology can assess their history and make recommendations.

“Patients continue to demand more from their experiences, and they have more choice now than ever. Each patient type needs to be approached differently to drive behavioral change.  This [AI tool] simplifies it,” Adams said.

“There are other factors that can influence it, too, but this is always a good starting point to show the no-one-size-fits-all approach will drive behavior change and engagement.”

More by Lucas Mearian:

Kategorie: Hacking & Security