Microsoft has expanded its suite of ‘Defender' products as it looks to grow its security portfolio available to channel players and customers.

The technology giant is debuting new threat intelligence and attack management software as it claimed the threat landscape "is more sophisticated than ever and damages have soared" in a blog post.

Vasu Jakkal, Microsoft's corporate vice president of security, compliance, identity, and management, highlighted in the post that the Federal Bureau of Investigation's 2021 IC3 report found that the cost of cybercrime now totals more than $6.9bn.

"To counter these threats, Microsoft is continuously aggregating signal and threat intelligence across the digital estate, which is enabling us to track threat actors much more closely and to better understand their behaviour over time," he wrote

Microsoft Defender Intelligence provides direct access to real-time data from Microsoft's security signals and maps the internet to provide security teams with information to understand adversaries and their attack techniques.

Meanwhile, Microsoft Defender External Attack Surface Management helps customers discover unmanaged resources that could be potential entry points for an attacker.

"These new threat intelligence offerings expand our growing security portfolio, offer deeper insights into threat actors and their behaviours, and help security teams accelerate the identification and prioritization of risks," Jakkal said.

"Today, Microsoft tracks 35 ransomware families, and more than 250 unique nation-states, cybercriminals, and other threat actors.

"Our cloud also processes and analyses more than 43 trillion security signals every single day. This massive amount of intelligence derived from our platform and products gives us unique insights to help protect customers from the inside out."

Microsoft detective “WalkingCat” released photographs of a programme called “Designer” on the internet in May of this year. There were a few more clues this week concerning the still-unannounced Designer, including an apparent codename, “Oasis.”

This app seems to be designed to assist people produce polished-looking Instagram, LinkedIn, Facebook, brochures and invites. It’s up to the user whether they choose a blank canvas or one of the pre-made templates. Users with personal or academic Microsoft accounts had access to a preview of the Designer tool at designer.microsoft.com for a short time, but Microsoft has subsequently restricted content at that URL, despite the Designer logo still appearing.)

On the Designer preview page from WalkingCat this week, visitors may pick what style of design they want to build, answer the question “What would you want to express to your audience,” and choose a colour scheme. The top of the website reads, “We combine your content and AI to develop designs for you.”

For additional templates, check out Microsoft Create at the bottom of this page. A link to create.microsoft.com, which seems to be where these templates are housed, was uncovered by The Cat through Twitter yesterday. There was an error message for those of us who attempted to visit that URL, informing us that the site/app was not yet available and that we should return later.

With this new Designer tool, some are wondering whether Microsoft is trying to compete with the Canva platform/service. As a longtime user of Microsoft Sway, I’m hopeful that Designer, which hasn’t been updated since 2017, will be Sway’s heir apparent. Also, there may be synergies between this new Designer tool and PowerPoint Designer, particularly in the area of providing recommended ideas.

What I’m predicting is that when Microsoft launches their Designer tool, they’ll declare that Designer’s ability to generate ideas and comprehend user intent is due to the Context IQ suite of predictive AI capabilities originally revealed publicly in November.

I’m not sure when the Designer and Create previews will be made available to the public by Microsoft. If you’re interested in chiming in, please do so through the customary means of “we have nothing to contribute.”

The codename Oasis, which I discovered when searching for it on the create.microsoft.com URL, isn’t the first time Microsoft has used it as a codename. The holographic shell was codenamed “Oasis” back when the Windows team was still aiming to build many “shells” for Windows 10. According to authorities, the Oasis codename was safe to resuscitate since that notion is no longer being pursued.

As previously reported by Windows Central on August 4th, Microsoft has revised the cost for its Clipchamp web-based video editor. Many premium features have been decreased in price and the paid tiers have been reduced to just one. It used to cost between $9 and $39 to upgrade to Clipchamp’s “Essentials” tier, but now there is only one $11.99 price that includes all of the premium features. In addition, there is a free tier as well.

Copyright © 2022 IDG Communications, Inc.

Microsoft is giving PC gamers another reason to use the Widgets panel in Windows 11: a new Game Pass widget. But that’s not all, as the company is also testing more expansive Game Pass family plan options in select countries.

Windows 11 widgets have been somewhat controversial. Essentially, they’re a small collection of news and information that you can use to keep up on the events of the world, or else they can be wasted space that you’ll want to remove. Microsoft is reportedly opening up widgets to third-party developers, though.

But Microsoft realizes that its superb Game Pass Ultimate subscription (which you can get for “free,” or by working the system) has an inherent problem: you never quite know what’s available, what’s not, what’s arriving, and what’s departing the subscription. That’s where the Game Pass widget comes in. You can add it to your existing list of widgets, and never have to miss a thing.

The catch? It’s only available to Windows Insider preview testers at the moment, specifically as part of Windows 11 Insider Preview Build 25174 in the Dev Channel. If it’s anything like Microsoft’s other additions, however, expect to see it sneak into the Windows 11 Stable Channel soon for mainstream users.

Mark Hachman / IDG

To add the Game Pass widget, Dev Channel users can open the Widgets board on the left-hand corner of your screen. Click on the “+” icon next to your user profile, then scroll down to the Game Pass widget and add the “+” icon, too. You should now see the Game Pass icon as part of the Widgets board.

[ Further reading: Best cloud gaming services: GeForce Now vs. Xbox Game Pass vs. Google Stadia and others ]

It might not be just you that should add the Game Pass subscription, either. Microsoft said Thursday that it is testing a new shareable Game Pass Ultimate subscription — the family plan that some have hoped Microsoft would add. Under the new subscription, gamers would be able to share their Game Pass Ultimate subscription with four other people. Unfortunately, Microsoft is limiting the trial to just Colombia and Ireland right now.

Microsoft isn’t saying exactly how much the subscription will cost, either, though “a full month of Ultimate will be converted to 18 days of membership for this plan,” Microsoft said. Those you share the subscription with, however, won’t be able to convert their subscription over to a family plan, however.

In any event, both additions to Microsoft’s Game Pass plan certainly continue Microsoft’s trend to expand Game Pass and its subscription model. Microsoft wants you to think about subscribing to Game Pass alongside Spotify, Netflix, and other services, and this is a handy way to do it.

Copyright © 2022 IDG Communications, Inc.

A few months on from a tracking controversy hitting privacy-centric search veteran, DuckDuckGo, the company has announced it’s been able to amend terms with Microsoft, its search syndication partner, that had previously meant its mobile browsers and browser extensions were prevented from blocking advertising requests made by Microsoft scripts on third party sites.

In a blog post pledging “more privacy and transparency for DuckDuckGo web tracking protections”, founder and CEO, Gabe Weinberg, writes: “Over the next week, we will expand the third-party tracking scripts we block from loading on websites to include scripts from Microsoft in our browsing apps (iOS and Android) and our browser extensions (Chrome, Firefox, Safari, Edge and Opera), with beta apps to follow in the coming month.”

“This expands our 3rd-Party Tracker Loading Protection, which blocks identified tracking scripts from Facebook, Google, and other companies from loading on third-party websites, to now include third-party Microsoft tracking scripts. This web tracking protection is not offered by most other popular browsers by default and sits on top of many other DuckDuckGo protections,” he added.

DDG claims this third-party tracker loading protection is not offered by most other popular browsers by default.

“Most browsers’ default tracking protection focuses on cookie and fingerprinting protections that only restrict third-party tracking scripts after they load in your browser. Unfortunately, that level of protection leaves information like your IP address and other identifiers sent with loading requests vulnerable to profiling. Our 3rd-Party Tracker Loading Protection helps address this vulnerability, by stopping most 3rd-party trackers from loading in the first place, providing significantly more protection,” Weinberg writes in the blog post.

“Previously, we were limited in how we could apply our 3rd-Party Tracker Loading Protection on Microsoft tracking scripts due to a policy requirement related to our use of Bing as a source for our private search results. We’re glad this is no longer the case. We have not had, and do not have, any similar limitation with any other company.”

“Microsoft scripts were never embedded in our search engine or apps, which do not track you,” he adds. “Websites insert these scripts for their own purposes, and so they never sent any information to DuckDuckGo. Since we were already restricting Microsoft tracking through our other web tracking protections, like blocking Microsoft’s third-party cookies in our browsers, this update means we’re now doing much more to block trackers than most other browsers.

Asked if DDG will be publishing its new contract with Microsoft, or whether it’s still bound by an NDA, Weinberg said: “Nothing else has changed and we don’t have other information to share on this.”

The carve-out for DDG’s search provider was picked up in May via an independent audit conducted by privacy researcher, Zach Edwards.

At the time DDG ‘fessed up to anomaly but said it essentially had no choice to accept Microsoft’s terms, although it also said it wasn’t happy about the restriction and hoped to be able to remove it in the future.  

Asked whether the publicity generated by the controversy helped persuade the tech giant to relax the restriction on its ability to block Microsoft ad scripts on non-Microsoft sites, DDG referred us back to Microsoft.

When we put the same question to the tech giant a spokeswoman told us:

Microsoft has policies in place to ensure that we balance the needs of our publishers with the needs of our advertisers to accurately track conversions on our network. We have been partnering with DuckDuckGo to understand the implications of this policy and we are pleased to have arrived at a solution that addresses those concerns.

In a transparency-focused steps being announced today, DDG said it’s publishing its tracker protection list — available here on GitHub — although the company told us the information was available before but suggested it’s easier to find now.

It also sent us the following list of domains where it said it will be blocking Microsoft tracking requests:

Despite this expansion of DDG’s ability to block Microsoft tracking requests, there are still instances where Microsoft ad scripts are not blocked by DDG’s tools by default — related to processes used by advertisers to track conversions (i.e. to determine whether an ad click actually led to a purchase).

“To evaluate whether an ad on DuckDuckGo is effective, advertisers want to know if their ad clicks turn into purchases (conversions). To see this within Microsoft Advertising, they use Microsoft scripts from the bat.bing.com domain,” explains Weinberg in the blog post. “Currently, if an advertiser wants to detect conversions for their own ads that are shown on DuckDuckGo, 3rd-Party Tracker Loading Protection will not block bat.bing.com requests from loading on the advertiser’s website following DuckDuckGo ad clicks, but these requests are blocked in all other contexts. For anyone who wants to avoid this, it’s possible to disable ads in DuckDuckGo search settings.

DDG says it wants to go further to protect user privacy around ad conversion tracking — but admits this won’t happen any time soon. In the blog post Weinberg writes that “eventually” it wants to be able to replace the current process for ad conversions checks by migrating to a new architecture for assessing ad effectiveness privately.

“To eventually replace the reliance on bat.bing.com for evaluating ad effectiveness, we’ve started working on an architecture for private ad conversions that can be externally validated as non-profiling,” he says.

DDG is by no means alone here. Across the industry, all sorts of moves are afoot to evolve/rethink adtech infrastructure in response to privacy backlash — and to rising regulatory risk attached to individual tracking — efforts such as Google’s multi-year push to replace support for tracking cookies in Chrome with an alternative adtech stack (aka its ‘Privacy Sandbox’ proposal; which remains a [delayed] work in progress).

“DuckDuckGo isn’t alone in trying to solve this issue; Safari is working on Private Click Measurement (PCM) and Firefox is working on Interoperable Private Attribution (IPA). We hope these efforts can help move the entire digital ad industry forward to making privacy the default,” adds Weinberg. “We think this work is important because it means we can Improve the advertising-based business model that countless companies rely on to provide free services, making it more private instead of throwing it out entirely.”

Asked about the timeline for developing such an infrastructure, he says: “We don’t have a timeline to share right now but it’s not an imminent announcement.”

Despite DDG’s assertion that viewing ads via its browsers is “anonymous”, its ad disclosure page confirms that it passes some personal data (IP address and user string) to Microsoft, its ad partner — for “accounting purposes” (aka “to charge the advertiser and pay us for proper clicks, which includes detection of improper clicks”, as Weinberg puts it).

“Per our ad page, Microsoft has committed [that] “when you click on a Microsoft-provided ad that appears on DuckDuckGo, Microsoft Advertising does not associate your ad-click behavior with a user profile. It also does not store or share that information other than for accounting purposes,” he says when pressed on what guarantees he has from Microsoft that user data passed for ad conversions doesn’t end up being repurposed for broader tracking and profiling of individuals.

In back and forth with TechCrunch, DDG also repeatedly emphasizied that its policy states that Microsoft does not link this data to a behavioral profile (or, indeed, share a user’s genuine IP address etc).

However Weinberg concedes there are limits on how much control DDG can have over what happens to data once it’s passed — given, for example, the adtech ecosystem’s penchant for sharing (and synching) pseudonymized identifiers (e.g. hashes of identifiers) in order that digital activity may still be linked back to individual profiles, say after a few hops through a chain of third party data processors/enrichers, and thereby removing an earlier privacy screen… So, tl;dr, trying to shield your users’ privacy from prying third parties whilst operating in an ad ecosystem that’s been designed for pervasive surveillance (and allowed to sprawl all over the place) remains a massive firefight. 

“Staying anonymous ‘through the adtech ecosystem’ is a different story because once someone clicks on a site (whether or not they got there through DuckDuckGo search), they become subject to the website owner’s privacy policy and related practices,” Weinberg admits. “In our browsers, we try to limit that through our web privacy protections but we cannot control what the website owner (the ‘first party’) does, which could be sharing data with third-parties in the ad tech ecosystem.”

“The ad disclosure page makes clear viewing ads is anonymous and further covers ad clicks, which has a commitment from Microsoft to not profile users on ad click, which includes any behavioral profiling by them or others. This commitment includes not passing that data on to anyone,” DDG also claims.

“Our privacy policy states that viewing all search results (including ads) is anonymous, and Microsoft Advertising (or anyone else) does not get anything that can de-anonymize user searches at that time (including full IP address) in terms of being able to tie individual searches to individuals or together into a search history,” it adds.

In further developments being highlighted by the company today, DDG said it’s updated the Privacy Dashboard that’s displayed in its apps and extensions — to show “more information” about third-party requests, per its blog post.

“Using the updated Privacy Dashboard, users can see which third-party requests have been blocked from loading and which other third-party requests have loaded, with reasons for both when available,” Weinberg writes on that.

It has also relaunched its help page — with a promise that the overhauled content offers “a comprehensive explanation of all the web tracking protections we provide across platforms”.

“Users now have one place to look if they want to understand the different kinds of web privacy protections we offer on the platforms they use. This page also explains how different web tracking protections are offered based on what is technically possible on each platform, as well as what’s in development for this part of our product roadmap,” its blog post suggests.