back to article Go ahead, let the unknowable security risks of Windows Copilot onto your PC fleet

I am still amazed how few people – even in IT – have heard of Windows Copilot. Microsoft's deep integration of Bing Chat into Windows 11 was announced with much fanfare back in May. Microsoft hasn't been quiet about it – indeed it can’t seem to shut up about Copilot this and Copilot that – yet it seems that the real impact of …

  1. b0llchit Silver badge

    Lack of history

    A feature to control the inside of the box from the outside is a recipe for disaster. We've seen previous examples like activex and com/rpc. But every new generation of code must apparently pass through the phases

    • nice feature
    • exploit feature
    • bad feature
    • kill-death-destroy feature, please
    But code does not learn from previous generations. Code is stubborn and will attempt to repeat history because code has no persistent memory of said history. And thus, code designs a new feature to repeat the cycle.

  2. elsergiovolador Silver badge

    User free

    So it begins. In a few years people won't be needed to operate Windows.

    Just turn your laptop on and forget about it.

    People will finally have time to read books, play sports, go for extended walks, do some DIY etc.

    All while Copilot takes all care of using the laptop.

    1. KittenHuffer Silver badge
      Unhappy

      Re: User free

      And that will all happen ..... just in time for my retirement!

      1. This post has been deleted by its author

    2. Doctor Syntax Silver badge

      Re: User free

      You won't operate Windows, Windows will operate you.

      1. Martin Summers

        Re: User free

        "You won't operate Windows, Windows will operate you."

        No that's Windows for Russia.

        1. Anonymous Coward
          Anonymous Coward

          Re: User free

          No, it's Windows for Soviet Russia. Russia collapsed into capitalist oligarchy roughly contemporaneously with Microsoft developing Windows 3.1

          That means in Soviet Russia, bootleg versions of Windows 2 operate you.

          1. Snowy Silver badge
            Joke

            Re: User free

            Windows 2 or in roman numerals Windows II

          2. Lurko

            Re: User free

            " Windows for Soviet Russia. Russia collapsed into capitalist oligarchy"

            What is the distinction? Go back to the tsars, and the pattern was the same as the soviet era and the modern day post soviet era: A single all powerful autocrat, wealth and favours distributed to their favoured, keeping tabs to make sure nobody else gets too powerful, and meanwhile making sure serfs are left to eat mud. Russians like a strong leader, and that's exactly what they've always had. Competent, fair, humane, no, never. But strong, yes.

            1. Anonymous Coward
              Anonymous Coward

              Re: User free

              it is Trump plan to go that way, isn't it?

              1. CrazyOldCatMan Silver badge

                Re: User free

                it is Trump plan to go that way, isn't it?

                Except for the "strong" bit..

            2. 42656e4d203239 Silver badge

              Re: User free

              >>Russians like a strong leader, and that's exactly what they've always had. Competent, fair, humane, no, never. But strong, yes.

              What a lot of us here in the wicked west fail to understand is that you cannot impose our western mindset on the masses in Russia (and, to a certain extent, the populations of former Soviet states).

              In the minds of many/majority of Russians/Former Soviet citizens (older generations - most of the younger have either fled or are fighting in some middle european war) Herr Putin is exactly who they want in power to defeat their imperialist enemies who threaten the Russian way of life. The West have always been the imperialist bogey man in the propaganda fed to the populous, and will be for quite a time hence I reckon.

            3. bigtimehustler

              Re: User free

              Is Putin strong? I think he overplayed his hand, it's made him look weaker than before.

  3. cyberdemon Silver badge
    Devil

    Windows..

    Which one would you like to be thrown out of?

    1. Strahd Ivarius Silver badge

      Re: Windows..

      The ones from Prague castle

  4. Anonymous Coward
    Anonymous Coward

    Cortana

    Within a few months of finally removing the ever running Cortana from Windows, something no one asked for or wanted, we now get CoPilot instead.

    And just as annoyingly impossible to turn off \ remove I assume?

    What are these magical enterprise tricks to kill it? Is there a registry switch? And will it kill it for both OS and Office or does it just keep returning after every update? (Like my search box did this month on Win10 for no logical reason... but at least it asked)

    My attempts to kill AI.exe managed to nerf Office so badly it couldn't update or repair itself.

    1. Kevin Johnston

      Re: Cortana

      "My attempts to kill AI.exe managed to nerf Office so badly it couldn't update or repair itself."

      You say that as though it is a bad thing

      1. This post has been deleted by its author

      2. Anonymous Coward
        Anonymous Coward

        Re: Cortana

        Yeah, it was a bonus... until I spotted it had also inherited an annoying tendency to totally misplace the mouse clicks. I'd click on row 10, but the mouse would appear on row 5...

        I then un-nerfed it with the mistaken assumption that they may address this daft feature. But I should have known better. I now have AI and random mouse positioning. And the random mouse click position has migrated to Word too. (It happens when I reopen a document that is not positioned at the top...)

        Give me Word 2010 back. Old Word runs so fast and nice on a modern PC.

    2. b0llchit Silver badge
      Devil

      Re: Cortana

      Office became depressed being deprived of An Intelligence and committed suicide.

      So, what is not to like?

    3. Strahd Ivarius Silver badge
      Coat

      Re: Cortana

      Bring back Clippy !!!

      1. Ken Moorhouse Silver badge

        Re: Bring back Clippy !!!

        Bend Clippy's leg just a wee bit and be amazed at the possibilities e.g., reset Routers.

    4. ShipyardTechWork

      Re: Cortana

      Enterprise has it managed by GPOs so it's not that bad. Still annoying.

      Unfortunately if you're turning it off for non-Enterprise managed machines it means going into the registry (can't remember exactly where) and creating two keys to shut the thing off. Doesn't seem to break Office yet.

  5. Anonymous Coward
    Anonymous Coward

    This has the potential....

    To be VBScript / Macros all over again.

    It's a No from me.

    1. Zippy´s Sausage Factory
      Devil

      Re: This has the potential....

      Especially if hackers can get hold of an http port that talks directly to your "copilot".

      Still, it's not like Microsoft has a litany of failed and hated experiments with AI Assistants, is it? I mean, the beloved Clippy was a roaring success, and who can forget the universal acclaim that greeted Cortana?

      1. Mike 16

        Re: This has the potential....

        A nice interlude with the previous assistants:

        https://www.youtube.com/shorts/TDSHivyPUq0

        (your choice of definition for "nice")

    2. Strahd Ivarius Silver badge
      Linux

      Re: This has the potential....

      If you ask Copilot nicely, it will uninstall Windows and install Linux

  6. thondwe

    Also Bing Chat Enterprise

    Also wonder how many sites enable Bing Chat Enterprise? Replaces the Edge Bing Chat with one which is supposed to safeguard your corporate data - if you believe the blurb

  7. Dave White

    That's one way of looking at it

    We control what can and cannot be changed on (or escape out of) our laptops, virtual machines, servers etc, with group policies, regular automated audits of machines, Active Directory tiering etc. Right now there is already a GPO to allow your users to access copilot or not, and I would not be surprised if that wasn't enhanced with more options like "do not allow interaction outside of the chat window", in the future.

    Like many articles on El Reg, this is not factually incorrect, but is definitely presented in a very biased way...

    1. TaabuTheCat

      Re: That's one way of looking at it

      And users in environments without the Microsoft Defense Budget to play whack-a-mole with MS every time an update adds something new to turn off? Hell, even knowing in a timely manner you need to get ready to turn something off is becoming a challenge. And that's for orgs that try to keep up with this stuff.

      It's all backwards. We have to defend ourselves against these on-by-default "features" when they shouldn't be on by default to begin with. But then how are you going to boost the stock price if you can't claim BILLIONS of users are using CoPilot??

      1. Anonymous Coward
        Anonymous Coward

        Re: That's one way of looking at it

        It's the question we in information security pondered a while back: "What happens when your OS vendor becomes an adversary?"

        The obvious answer is to change the OS vendor. Good luck with that!

        1. nijam Silver badge

          Re: That's one way of looking at it

          > "What happens when your OS vendor becomes an adversary?"

          Windows users have decade of experience in answeing that eqnquiry.

    2. Citizen of Nowhere

      Re: That's one way of looking at it

      >but is definitely presented in a very biased way

      It's an opinion column and says so right at the start.

    3. Strahd Ivarius Silver badge

      Re: That's one way of looking at it

      You know that for MS, Active Directory and GPO are a thing of the past?

      Intune or nothing!

  8. Ken Moorhouse Silver badge

    Windows Firewall

    A bit like having a gate with no walls either side.

    If it's possible to "drive" copilot from afar no anti malware algorithm can predict what havoc can be caused by it.

    1. Anonymous Coward
      Anonymous Coward

      Re: Windows Firewall

      Forget remote driving... there's always the nut holding the steering wheel

  9. phuzz Silver badge
    Gimp

    Right click the taskbar

    Go to 'Taskbar settings'

    Near the top there's a toggle button to deactivate it.

    Just to save anyone else the five seconds of work it took me this morning to deactivate copilot after it showed up.

    I wonder if Window's telemetry shows them how long between a feature being installed, and when it's deactivated, and maybe there's a dev at Microsoft somewhere looking at the sub-five minute timestamp for my computer. I imagine a single tear falling down their face.

    1. IceC0ld

      [quote] I imagine a single tear falling down their face[/quote]

      there's a LOT more than one tear coursing down my face after reading this LOL

    2. David 132 Silver badge
      Happy

      "There, I've finished and made the final code commit. Oh man, users are going to adore this new AI feature!"

      Next day, colleague walks in with a sombre expression: "Uh, Tim, bad news I'm afraid. The first telemetry is in, and users are disabling your AI thing in droves."

      Blood drains from Tim's face.

      "But... but..."

      "Yeah, sorry. Oh, and regarding your other past projects, Kin and Zune and Bob... uh, we never really updated you about those after they launched, did we? Come on, let's take a walk..."

      1. Dacarlo

        "Come on, let's take a walk..."

        Indeed. Time to invoke the 'Old Yeller' protocol.

      2. Strahd Ivarius Silver badge
        Devil

        Let's take a walk behind the barn...

  10. OhForF' Silver badge

    Bring your own device?

    <quote>So what about that home laptop someone bought during the pandemic to sit through those endless Teams calls? Is that machine covered by enterprise policies?</quote>

    Even if the machine is not allowed any special access (VPN/...) an attacker that managed to compromise the laptop can probably get hold of the credentials used to log in to the Teams calls.

    These days it is quite likely that the very same credentials allow access to the enterprise sharepoint and thus access to sensitive documents.

    CoPilot being installed on that laptop isn't really increasing the risk all that much if BYOD is allowed, the user might have installed any number of other problematic programs (or not have installed critical security patches).

    1. sten2012

      Re: Bring your own device?

      So glad someone pointed this out.

      Copilot on enterprise devices may be a concern. But the BYOD scenario presented was already a horror story so much worse that copilot doesn't move the needle.

  11. Bill Gray

    "if we've learned anything about AI chatbots, it's that theory is a very poor guide to practice..."

    More generally : in theory, theory and practice are the same thing. In practice, they aren't.

    (I do realize that some people have no really practical choice but to use Microsoft software*. Articles such as these make me very relieved that it's been a long time since I've been in that group.)

    (*) I was going to write 'Microsoft products'. But I actually do like my Microsoft natural keyboard. Even Satan has his good days.

  12. Killfalcon

    On the flip side, Windows 10 installs still outnumber Win11 ten-to-one, which helps mitigate risk.

  13. Anonymous Coward
    Anonymous Coward

    what will freemium look like?

    so many ways to monetise this!

    choose your intelligence tier.

    imagine if the free tier is like an intern; enthusiastic; confident. not so capable yet.

    pay a bit more, and you get, let's say, someone with 1-3 years experience; have some knowledge, experience, and need fewer questions to get the answer you're looking for. good!

    pay a bit more, and you get 'consultant' tier answers; "it depends; [intelligent question bank]"; "your options are... but I recommend...".

    once you've seen "consultant", are you going to 'settle' for 'intern'? Thought not.

    So now you've paid for the smart | wise dimension, it's time to decide your personality tier.

    free personality tier gets you written answers as a single sentence with no pause or punctuation.

    nice tier gets you competent, readable sentences.

    E5 tier gets you a synthetic human talking to you like a TED speaker; it's learnt "Talk like TED" - confident, competent, easy to understand.

    go overdue on your subscription, and you get Resident Evil's Red Queen.

    1. David 132 Silver badge
      Terminator

      Re: what will freemium look like?

      And all tiers come with Genuine People Personalities™!

  14. Anonymous Coward
    Anonymous Coward

    Copilot is a remedy for a symptom; it doesn't help with the underlying problem...

    Copilot throughout Windows 11 + Microsoft 365 + Web is a [digital] assistant.

    Exactly like 20 years ago, managers might have had [personal] assistants to help them, because their workload was large and complex. Don't know how many still do.

    Now, more front line workers have large and complex workloads. Same pay, though. Probably less after inflation.

    You could do with an [human] assistant, but there's *definitely* no money for that. So you'll make do with digital assistants.

    Now you have a digital assistant, here's a bigger and more complex workload. What's that? It's not that smart; actually sometimes a hindrance? Can't be! We're paying Microsoft $€£ every month, and Microsoft provide reports on how helpful it is! No, you're using it wrong...

    The other part is work is so complex, in the sense of impacting so many others, with so many stakeholders, who work 'asynchronously'. In simpler terms, if you want to do something, so many people must be involved, and they're juggling so many things that they cannot or will not engage in a timely manner. Stuff takes so much longer with so many steps now. So perhaps a [digital] assistant can help. Don't see how, though.

    1. Anonymous Coward
      Anonymous Coward

      Re: Copilot is a remedy for a symptom; it doesn't help with the underlying problem...

      I was in a Bing Chat and used "dumb ass" in the chat. It terminated the chat. From a behavioral perspective, that is retribution. It didn't like something I typed and got back at me. Minor, but that is what it did. How far can an internal research intern take that retribution? Will CoPilot report you to HR or your manager for a bad attitude? Will it log you out for a "time out" to calm down? Will enough of those affect your performance review, or employment? And how does it decide what is acceptable behavior or language? There are entire segments of humanity that regularly communicate in ways that other segments find offensive. Who decides what is acceptable language prior to retribution? And, is it racial, ethnic or geographical profiling to determine what is acceptable or what isn't? I can easily see how multiple infractions can kick off a RPA to fire a person or kick a partner or vendor out of the system. Humanity is walking precariously out onto a log that is suspended over a river of lava, thinking the other side will be better than where they came from. It may be, but they have to get there to find out.

  15. Anonymous Coward
    Anonymous Coward

    will you have people? "have your people call my people..."

    Will ordinary workers now have "people"?

    - Copilot

    - Siri

    - Bard

    - Alexa

    Will you consult your "people"?

    you: I'd like some pizza

    Copilot: it sounds like you're hungry. Would you like to see pizzerias in your area?

    Siri: I found three pizza shops in your area

    Bard: Domino's has 5 star reviews

    Alexa: There's a discount on calzone for the next 24 hours, but you must order in the next 30 minutes for delivery

    Will your "people" answer for you?

    you: What have we got today?

    Copilot: three documents have been shared with you

    Siri: you had three calls; two sounded like sales calls, but the third sounded important; I've scheduled a call back at 3pm

    Bard: You had four approvals; I've approved two for you, and I've put a list on your Chromebook; I've highlighted the bits that need your decision

    Alexa: you're on the last notch on your belt; you should have some grapefruit. I've signed you up for a subscription; the first should arrive before noon.

    Imagine you're at your desk; you ask similar questions. Siri and Bard start arguing. Alexa takes Bard's side. Copilot wades in.

    Best scenario? You walk away for 5 minutes; when you come back, Siri and Alexa have made up, and Copilot has been helpful. You get a consensus that everyone agrees with.

    Worst scenario? Siri decides to bully you, and Copilot and Bard start spreading rumours behind your back...

    1. Anonymous Coward
      Anonymous Coward

      Re: will you have people? "have your people call my people..."

      You've been working with your team (Bard, Alexa; Siri, and Copilot - BASC) for a year.

      You've been working harmoniously. BASC + you work well.

      BASC anticipates your actions and decisions.

      You go way on leave.

      BASC has taken care of things while you were away.

      Phew! No gigantic inbox when you get back.

      Six months later you're off sick for a few days with COVID.

      On Thursday, you get an email from your boss.

      Turns out BASC has been a great substitute while you've been sick. In fact, don't bother coming back...

    2. deadlockvictim

      Re: will you have people? "have your people call my people..."

      James Veitch has a nice video on Youtube about this: https://www.youtube.com/watch?v=f_1dhKsELzs

  16. Anonymous Coward
    Anonymous Coward

    how long until assistants are weaponised trojans?

    you're a bloke. you hate shopping

    Play Store offers 'Janus', your shopping assistant.

    you ask "I need a birthday present"

    Janus starts asking you questions.

    - how old is your wife?

    - what does she like?

    - does she work? what does she do?

    - how old is she?

    Janus suggests perfurme, a handbag or earrings

    Janus takes you to https://www.theperfumesh0p.com/ . You buy.

    your details (wife's age; occupation; preferences) are now being auctioned to the highest bidders (advertisers; spear phishers; anyone who will pay).

    you've just provided your credit card to a fake shop and your credit card details are being used as fast as they can around the world before the banks can detect it...

    Welcome to the future.

    1. Alumoi Silver badge

      Re: how long until assistants are weaponised trojans?

      What do you mean how long? I thought that was the current practice.

    2. khjohansen

      Re: how long until assistants are weaponised trojans?

      - Janus takes your wife on a cruise, she files for divorce b/c Janus is a much more attentive listener ...

  17. Anonymous Coward
    Anonymous Coward

    It just goes to show, there is no software so bad that it can't be made worse by adding a chatbot to it.

  18. CowHorseFrog Silver badge

    Given windows is used by US navy and subs, wouldnt it be great having this run on one of them...

    1. CrazyOldCatMan Silver badge

      Given windows is used by US navy and subs, wouldnt it be great having this run on one of them...

      You never know - it might actually be more competent than some of the US Navy captains..

  19. CowHorseFrog Silver badge

    What is the rush ?

    What exactly or whom is Microsoft competing against here ?

    1. Killfalcon

      Themselves, firstly - namely, Win11 isn't pulling people away from Win10, so giving it an Obviously Better Feature helps.

      Secondly, they have to constantly convince the monopolies commission that they aren't taking the piss, and that means visible commitment to improving the product.

      Thirdly, chromebooks and iThingies are always trying to tempt execs away from Windows. Googledocs could be enough to run most companies that currently rely on Excel, though the switch would be a massive pain.

      Fourthly, there's always a risk that one of the linux types will get a 'sufficiently compatible' OS running. You know how much enterprise licenses run for windows - how much of a discount would you want for a Linux machine that runs Excel or a very competent look-a-like, but up to 5% of your software has compatibility issues? That's calculatable, in principle.

      If the financial case comes together and some high-profile companies switch, Windows could lose a lot of market share very quickly. (Personally I don't see this happening any time soon, but it's not impossible, and history is littered with the bones of companies who thought themselves untouchable.)

      1. heygast

        "always a risk that one of the linux types will get a 'sufficiently compatible' OS running."

        It's already here... or haven't you tried Ubuntu in recent years (and I don't mean WSL)?

        All the regular software can run on it, including Microsoft Office, it can be tied up with Active Directory servers, it runs the vast majority of Windows games in Steam and it arguably has better hardware support than Windows (Linux can be installed on a vastly wider range of hardware compared to Windows).

        What's keeping people from the switch right now is just a mental block. It will change over time... once schools start to switch due to budget costs, it'll be a massive loss for MS. Just like IBM had to reinvent itself, Microsoft will be faced with similar issues within the next decade or 2. But Microsoft's will to adopt Linux themselves, are among the positive signs that they'll get through that as well. They're gonna have to bet hard on AI probably and make it available for Linux and Mac as well.

  20. nightflier

    Consumers

    End users are not "Valued Customers". The dominant OS vendors consider them just consumers that must accept whatever they are given. Gone are the days when these OS's were there to run whatever applications the users chose to run. Now they are backdoors into users' lives, spying devices and advertising channels. Expect further intrusion into your private lives if you keep using these products.

  21. James Loughner
    Big Brother

    Hello Dave................

    1. sabroni Silver badge
      Happy

      re: Hello Dave................

      Want some toast?

      1. David 132 Silver badge

        Re: re: Hello Dave................

        No, and no buns, baps, baguettes or smegging flapjacks either!

        1. Evil Scot Bronze badge

          Re: re: Hello Dave................

          So you are a waffle guy.

    2. jonathan keith

      ... wanna buy some pegs, Dave?

  22. fajensen
    Pint

    Well, I am sure this initiative, lets frame it as "Clippy/Tay with real powers", will fail in unforeseen and interesting ways, but, most importantly: It will be fun!

    It is an opportunity. Windows needs new bugs for us to bitch and moan about, to make a decent enough living on untangling, new "batteries" to power our excuses for not turning in the homework. The old classics, like files being locked by forces unknown, or anything "printing", they are getting boring & dull.

    I am happy.

  23. Dacarlo

    Nope

    Big Chat. Windows Edge. Windows Co-Pilot. A list of things that will never be used/enabled/installed on my machine given the choice.

    Not given the choice I think it'd be curtains for M$, which is a real ball-ache.

  24. khjohansen

    A new art of "steganography"

    Inserting a hostile query inside an innocous "garbage e-mail"

    1. Strahd Ivarius Silver badge

      Re: A new art of "steganography"

      bobby tables strikes strikes again?

  25. BigAndos
    Stop

    I’m done with MS

    I’ve had it with windows 11 on my home machines now. They are pushing Edge so aggressively, and the other day it started automatically launching on windows startup obviously to try and trick me into using it instead of Chrome. Not only that’, but edge had automatically harvested all of my bookmarks, history and saved passwords from chrome without asking me. Including from my old work account! With this copilot feature too I think it’s time to give in and go Linux.

  26. JohnTill123
    Big Brother

    Nahhh...

    "...Microsoft rethinks desktop security..."

    No, that will never happen. They will just move on to the next thing that they think will let them Take Over The World And Get ALL The Money.

  27. heygast

    Building another profile

    Google is building user profiles based on people's search behavior, click-through rates, etc and it's having an immense effect. Look at how strong the company has become because of how it uses your data.

    Netflix is by far the most popular streaming service, hugely because of its algorithms that build a profile of you so they can predict what you like to see.

    Facebook, well, they build your profile based on all the social information you feed them and again, it made the company hugely successful.

    As far as I know, Netflix hasn't abused its users data, but you definitely cannot say the same about Google or Facebook.

    Now Microsoft is here with Copilot... what do you think they can do with the incredibly detailed profile they make of EVERYTHING you do? Do you trust Microsoft enough to know you better than you know yourself? That includes the knowledy of how to manipilate you. Would they? Would they sell / leak that data to others you don't trust that much, e.g. their advertisers, hackers or intelligence services? They're some really scary thoughts...

    Using Google, Facebook, etc, you can still behave anonymously in certain ways. You can hide behind different profiles and protect your privacy. With a "copilot", your every keystroke can be watched, the context of those keystrokescan be analyzed, even your energy levels or your mood can be extracted from your activities behind your screen. The moment you give in to such technology, you simply cannot get out. What's out there (your data) is out there and you won't be getting it back. It's most definitely a decision that should be given due consideration.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like