Microsoft plans to force-install its new Outlook app on Windows 10 PCs

Microsoft plans to force-install its new Outlook client on Windows 10 computers in conjunction with a new security update being released Feb. 11, according to Bleeping Computer.

The change affects Microsoft 365 users and the new Outlook client will run alongside the classic Outlook app. It will not change a user’s default settings or any configurations.

Microsoft says that while it’s not possible for Windows 10 users to block the installation, it is possible to remove the application afterwards.

Apple execs head to London to fight for the App Store

On the day the UK government confirms an AI future for the country (we’ll see how that goes), Apple’s App Store pricing model has gone on trial in London.

Apple is accused of overcharging consumers for software sold via the App Store in a £1.5 billion class-action lawsuit bought by Rachael Kent-Aitken on behalf of 20 million UK consumers. (That equates to about $1.8 billion in US dollars.)

She’s chasing down Cupertino, claiming it is abusing its market dominance by levying up to a 30% fee on download sales, calling the levy “excessive and unfair.”

The trial began today before the UK Competition Appeal Tribunal. The lawyers at Hausfeld represent Kent-Aitken in the case, the costs of which appear to be underwritten (if that’s the appropriate word) by Vannin Capital.

What is Apple accused of?

The accusation is that Apple abused its dominant position by:

  • Imposing restrictive terms that require app developers to distribute exclusively via the App Store using Apple’s payments system.
  • Charging excessive and unfair prices in the form of commission payments, which are ultimately paid by the device users.

Apple, of course, calls the claims “meritless,” pointing to the fact that the vast majority of developers do not pay a 30% levy on software sales, that those who offer apps at no charge (around 80% of all available apps) pay no levy at all, and that the fee is intended to see the costs of running the store borne by those who generate the most cash from selling software through it. 

In related news, the European Commission has begun fresh scrutiny of the core technology fee Apple charges some developers in Europe in response to the Digital Markets Act.

Senior Apple leaders head to court

Apple appears ready to field an all-star cast of witnesses during the trial with around three days of witness time booked. What is known is that Apple will field some witnesses who will travel from the US, with both Apple Fellow and App Store leader Phil Schiller and Apple Senior Vice President for Software Craig Federighi named in a pre-trial note (pages 24/25). Apple’s newly-appointed Chief Financial Officer Kevan Parekh will also be forced to give evidence.

The company will also be told to share unredacted versions of some documents used during the European Commission trial against it; there are three days in which Apple has secured witness time for the case, according to one document, though it is not known if that is definite at this stage. Apple witness statements should begin Wednesday afternoon, though it is not known if the witnesses Apple plans to bring will remain the same. 

Apple has previously said: “We believe this lawsuit is meritless and welcome the opportunity to discuss with the court our unwavering commitment to consumers and the many benefits the App Store has delivered to the UK’s innovation economy.” 

It’s worth noting that Apple CEO Tim Cook visited the UK in December. While there he met with Prime Minister Keir Starmer and hosted an event at Apple’s Battersea HQ with King Charles.

Apple now supports 550,000 UK jobs through direct employment, its supply chain, and the iOS app economy. 

Is it all about legality — or profitability?

In the end, and as I’ve pointed out before, even some of the company’s critics levy similar fees on sales through their platforms, which means it isn’t a matter of fee/no fee, but a question of how much fee is legitimate for Apple’s storefront, or any storefront, to charge. Even big brick-and-mortar grocery stores charge for shelf placement, after all. 

“The commissions charged by the App Store are very much in the mainstream of those charged by all other digital marketplaces,” Apple said when the case began. “In fact, 85% of apps on the App Store are free and developers pay Apple nothing. And for the vast majority of developers who do pay Apple a commission because they are selling a digital good or service, they are eligible for a commission rate of 15%.”

What happens next?

The litigant at one point claimed Apple made $15 billion in App Store sales on costs of around $100 million, though those costs seem to ignore research and development, OS development, security, payments, and associated investments Apple makes in its ecosystem.

Kent’s lawyer, Hausfeld partner Lesley Hannah, at one point said: “Apple has created a captive market where people who own Apple devices are reliant on it for the provision of both apps and payment processing services for digital purchases.”

Apple will likely argue that the market is larger than just iOS apps (think online services and other mobile platforms) and observe that it is not dominant in the device market. That matters, because it means consumers do have choice and most consumers choose different platforms. (Kent is also involved in similar action against Google.)

Right or wrong, it’s hard to avoid that in general the direction of travel when it comes to App Store encounters in court means the current business model now seems tarnished. Perhaps Apple could introduce a different model in time?

Follow me on social media! Join me on BlueSky,  LinkedInMastodon, or MeWe

Tech giants join forces to better support Chromium-based browsers

The Linux Foundation has unveiled a new collaborative organization called Supporters of Chromium-Based Browsers designed to ensure that open-source projects with connections to Chromium get the necessary resources to be successful.

Members of the group include Google, Microsoft, and Opera, the companies behind Chromium-based browsers such as Chrome, Edge and Opera. Facebook’s parent company Meta has also joined the collaboration, according to Ars Technica.

Currently, there are nearly 30 different browsers based on Chromium, of which the most well-known are Brave, Duckduckgo, and Vivaldi.

Adobe’s Firefly ‘Bulk Create’ lets users edit thousands of images at once

Adobe has unveiled a new Firefly “bulk create” feature that lets content designers make changes to thousands of images once, automating actions such as resizing assets and replacing backgrounds at scale.

Up to 10,000 JPG or PNG images can uploaded to the Firefly Bulk Create tool and accessed via the Firefly browser app. Users can then opt to remove the background for the images, swap in another background image uploaded to the app, or generate a new background using Adobe’s Firefly AI models. Users can also resize assets for social or display ads.

Adobe said it plans to eventually add more options related to recoloring and localization. 

Automating these steps with Bulk Create could save designers days normally spent making small adjustments to large numbers of files, the company said. The feature, for example, could provide consistent backgrounds for product images on an e-commerce site or headshot photos of speakers at a conference.

Currently in beta, Bulk Create will be generally available during the first quarter of the year, Adobe said in a blog post Monday, though a specific launch date wasn’t given. Pricing is consumption based and is available to Firefly Services customers; Adobe declined to provide further pricing details. 

Adobe also announced new Firefly Services APIs. Firefly Services, which launched last year, is a set of more than 20 “APIs, tools and services” that let developers integrate capabilities from Firefly, Lightroom and Photoshop into custom workflows. 

Adobe said its Custom Models feature — which lets customers “fine-tune” Firefly to fit their own brand by training Adobe’s generative AI models on their own assets — will be available as a Firefly Services API later this month. Adobe’s Dubbing and Lip Sync tool, which enables translation of video content into different languages, will also be generally available as a Firefly Services API later this month, and a “digital human avatar” API built on Adobe’s text-to-speech AI model is available in beta this month.

Finally, an InDesign API will be generally available in February. 

Adobe’s Firefly ‘Bulk Create’ lets users edit thousands of images at once

Adobe has unveiled a new Firefly “bulk create” feature that lets content designers make changes to thousands of images once, automating actions such as resizing assets and replacing backgrounds at scale.

Up to 10,000 JPG or PNG images can uploaded to the Firefly Bulk Create tool and accessed via the Firefly browser app. Users can then opt to remove the background for the images, swap in another background image uploaded to the app, or generate a new background using Adobe’s Firefly AI models. Users can also resize assets for social or display ads.

Adobe said it plans to eventually add more options related to recoloring and localization. 

Automating these steps with Bulk Create could save designers days normally spent making small adjustments to large numbers of files, the company said. The feature, for example, could provide consistent backgrounds for product images on an e-commerce site or headshot photos of speakers at a conference.

Currently in beta, Bulk Create will be generally available during the first quarter of the year, Adobe said in a blog post Monday, though a specific launch date wasn’t given. Pricing is consumption based and is available to Firefly Services customers; Adobe declined to provide further pricing details. 

Adobe also announced new Firefly Services APIs. Firefly Services, which launched last year, is a set of more than 20 “APIs, tools and services” that let developers integrate capabilities from Firefly, Lightroom and Photoshop into custom workflows. 

Adobe said its Custom Models feature — which lets customers “fine-tune” Firefly to fit their own brand by training Adobe’s generative AI models on their own assets — will be available as a Firefly Services API later this month. Adobe’s Dubbing and Lip Sync tool, which enables translation of video content into different languages, will also be generally available as a Firefly Services API later this month, and a “digital human avatar” API built on Adobe’s text-to-speech AI model is available in beta this month.

Finally, an InDesign API will be generally available in February. 

The next AI wave — agents — should come with warning labels

The next wave of artificial intelligence (AI) adoption is already under way, as AI agents — AI applications that can function independently and execute complex workflows with minimal or limited direct human oversight — are being rolled out across the tech industry.

Unlike a large language model (LLM) or generative AI (genAI) tools, which usually focus on creating content such as text, images, and music, agentic AI is designed to emphasize proactive problem-solving and complex task execution, much as a human would. The key word is “agency,” or software that can act on its own.

AI agents can combine multiple capabilities (such as language understanding, reasoning, decision-making, and planning), and execute actions in a broader context, such as controlling robots, managing workflows, or interacting with APIs. They can even be grouped together, allowing a multi-AI agent system working together to solve tasks in a distributed and collaborative way. (OpenAI unveiled “Swarm,” an experimental multi-agentic framework last fall.)

Agents can also use LLMs as part of its decision-making or interaction strategy. For example, while the OpenAI’s LLM-based ChatGPT can generate a poem, or Google’s BERT can classify sentiment in a sentence, an AI agent such as Siri or Alexa can be used to control smart devices and set reminders.

Benjamin Lee, a professor of engineering and computer science at the University of Pennsylvania, said agentic AI is poised to represent a ”paradigm shift.” That’s because the agents could boost productivity by enabling humans to delegate large jobs to an agent instead of individual tasks.

Specialized models could compute answers with fewer calculations and less energy, with agents efficiently choosing the right model for each task — a challenge for humans today, according to Lee.

“Research in artificial intelligence has, until recently, focused on training models that perform well on a single task,” Lee said, “but a job is often comprised of many interdependent tasks. With agentic AI, humans no longer provide the AI an individual task but rather provide the AI a job. An intelligent AI will then strategize and determine the set of tasks needed to complete that job.”

According to Capgemini, 82% of organizations plan to adopt AI agents over the next three years, primarily for tasks such as email generation, coding, and data analysis. Similarly, Deloitte predicts that enterprises using AI agents this year will grow their use of the technology by 50% over the next two years.

“Such systems exhibit characteristics traditionally found exclusively in human operators, including decision-making, planning, collaboration, and adapting execution techniques based on inputs, predefined goals, and environmental considerations,” Capgemini explained.

A warning against unsupervised AI

Capgemini also warned that organizations planning to implement AI agents should establish safeguards to ensure transparency and accountability for any AI-driven decisions. That’s because AI agents that use unclean data can introduce errors, inconsistencies, or missing values that make it difficult for the model to make accurate predictions or decisions. If the dataset has missing values for certain features, for instance, the model might incorrectly assume relationships or fail to generalize well to new data.

An agent could also draw data from individuals without consent or use data that’s not anonymized properly, potentially exposing personally identifiable information. Large datasets with missing or poorly formatted data can also slow model training and cause it to consume more resources, making it difficult to scale the system.

In addition, while AI agents must also comply with the European Union’s AI Act and similar regulations, innovation will quickly outpace those rules. Businesses must not only ensure compliance but also manage various risks, such as misrepresentation, policy overrides, misinterpretation, and unexpected behavior.

“These risks will influence AI adoption, as companies must assess their risk tolerance and invest in proper monitoring and oversight,” according to a Forrester Research report — “The State Of AI Agents” — published in October.

Matt Coatney, CIO of business law firm Thompson Hine, said his organization is already actively experimenting with agents and agentic systems for both legal and administrative tasks. “However, we are not yet satisfied with their performance and accuracy to consider for real-world workflows quite yet,” he said, adding that the firm is focused on agent use in contract review, billing, budgeting, and business development.

Thompson Hine employs more than 400 attorneys, operates in nine US states and promotes its use of advanced technologies, including AI, in providing legal services.

Coatney stressed that research and development around AI agents is still evolving. Most commercially available tools are either fledgling startups or open-source projects like Autogen (Microsoft). Established players such as Salesforce and ServiceNow highlight AI agents as key features, but the term “agent” remains loosely defined and is often overused in marketing, he said.

For example, Salesforce Einstein is designed to enhance customer relationship management using predictive analytics and automation. And Auto-GPT enables users to create an autonomous assistant to complete complex tasks by analyzing a text prompt with GPT-4 and GPT-4o then breaking the goal into manageable subtasks.

AI agents

Forrester Research

“AI agents are still largely experimental, but looking at where enterprises have historically invested in automation is instructive,” Coatney said. “Time-consuming, frequent tasks are ripe for this type of solution: finance, operations, administrative processes, etc. Additionally, AI agents are being explored for tasks where genAI)is specifically strong, such as writing.

“For instance, one could imagine a multi-agent system involving an AI project manager, blog writer, brand manager, editor, and SEO specialist working in concert to automatically create on-brand marketing material,” he said.

“These agents leverage the strengths of multiple paradigms while mitigating risk by using more deterministic techniques when appropriate,” Coatney said. “I am particularly excited about the potential of integrating systems and data both within and beyond the enterprise. I see great potential in unlocking value still largely isolated in departmental and vendor silos.”

AI uses

Forrester Research

Limited capabilities today

Tom Coshow, a senior director analyst at Gartner, said many agents today have limited independence, making few decisions and often requiring human review of their actions. Additionally, one of the bigger challenges with deploying agents is ensuring they’re grounded with quality data that produce consistent results, he said.

“AI agents are tricky to deploy and require extensive testing and monitoring,” Coshow said. “The AI agent market is bubbling with startups, the hyper scalers, former RPA [Robotic Process Automation] companies, former conversational AI companies and data and analytics firms.”

Yet, businesses are optimistic about AI broadly, hoping automation will drive efficiency and better business outcomes. Among tech decision-makers who work in services, according to Forrester Research, 70% of businesses expect their organization will increase spending on third-party RPA and automation services in the next 12 months.

Among digital business strategy decision-makers, 92% say that their firm is investing in chatbots or plans to do so in the next two years; 89% said the same about Autonomy, Will, and Agency technology — the three main facets that allow AI agents to act with varying levels of independence and intentionality.

“Businesses must navigate a convoluted landscape of standalone solutions with piecemeal applications lacking an overarching framework for effective coordination or orchestration,” Forrester explained in a September report, “AI Agents: The Good, The Bad, And The Ugly.”

The challenge is that AI agents must both make decisions and execute processes, which requires integrating automation tools like iPaaS and RPA with AI’s flexible decision-making, Forrester said.

Last year, companies such as Salesforce, ServiceNow, Microsoft, and Workday introduced AI agents to streamline tasks such as recruiting, contacting sales leads, creating marketing content, and managing IT.

At Johnson & Johnson, AI agents now assist in drug discovery by optimizing chemical synthesis, including determining the best timing for solvent switches to crystallize molecules into drugs. While effective, the company remains cautious about potential risks, like biased outputs or errors, according to CIO Jim Swanson.

“Like other cutting-edge AI solutions, agents require significant technical and process expertise to effectively deploy,” Thompson Hine’s Coatney said. “Since they are so new and experimental, the jury is still out as to whether the increased value is worth the complexity of setting them up and thoroughly testing them. ROI, as it always has been, is highly project dependent.”

Matt Mullenweg: WordPress developer hours cutback may or may not slow innovation

Automattic CEO Matt Mullenweg said his decision to reduce his team’s weekly hours working on WordPress by 99% , from 4,000 hours to 45 hours, was designed to pressure WP Engine to drop its lawsuit against Mullenweg and Automattic

“They don’t actually make WordPress. They just resell it,” Mullenweg told Computerworld Friday evening. “If what they are reselling is no longer getting all of the free updates, they have less stuff to sell.” 

“It doesn’t make sense for Automattic to pay people to work on all of these things,” he said. “We are under attack and we are circling the wagons. Our number one goal is for WP Engine to drop their expensive lawsuits against me and Automattic.”

WP Engine was asked for comment, but did not respond.

Asked whether the move would also hurt users of WordPress, which is behind about 60% of the world’s web sites, Mullenweg said that he didn’t think it would. 

“WordPress is great software. It doesn’t change anything that WordPress already does,” Mullenweg said. “How does this affect the timeline? For new stuff, it might slow it down, it might not. It depends on who shows up and commits code. In terms of new functionality, the scope will be smaller.”

He added, “I love WordPress and will continue to put in hours, nights, and weekends to help however possible.”

Mullenweg also stressed that the 45 hours his team will continue to work on WordPress will make sure that security updates/patches are maintained. 

“Security is never going to be an issue. We will always maintain security,” he said. “No one would ever stop a security update.”

Automattic controls WordPress.com, while the project site, WordPress.org, is controlled solely by Mullenweg.

The cutback in hours had been considered last month when Automattic announced a holiday shutdown of some WordPress services and Mullenweg later said that the shutdown might last all of 2025. Instead, Automattic management opted to implement this severe development hours cutback.

On Thursday, Automattic announced, “we’ve observed an imbalance in how contributions to WordPress are distributed across the ecosystem, and it’s time to address this. Additionally, we’re having to spend significant time and money to defend ourselves against the legal attacks started by WP Engine and funded by Silver Lake, a large private equity firm.”

“Automatticians who contributed to core will instead focus on for-profit projects within Automattic, such as WordPress.com, Pressable, WPVIP, Jetpack, and WooCommerce,” the statement said. “As part of this reset, Automattic will match its volunteering pledge to those made by WP Engine and other players in the ecosystem, or about 45 hours a week that qualify under the Five For the Future program as benefitting the entire community and not just a single company. These hours will likely go towards security and critical updates.”

The implication is that the labor reallocations would be reversed were WP Engine to drop its lawsuit. Mullenweg said recent changes that WP Engine has made has altered his demands. He is no longer asking for money, for example.

His original demand had been for payment; in late October, Mullenweg said WP Engine “could have avoided all of this for $32 million. This should have been very easy,” and he then accused WP Engine of having engaged in “18 months of gaslighting” and said, “that’s why I got so crazy.” 

But on Friday, Mullenweg said he is no longer seeking money because WP Engine made extensive changes to its web site and is no longer violating Automattic trademarks, which was apparently what the payment was for.

“They have stopped violating the trademark. They have cleaned up,” Mullenweg said. “To use someone else’s trademark, you typically license it. For more than 18 months, we were trying to do a deal there. They obviously never did one. I realized that they were just stringing me along.”

Analysts and members of the WordPress user community, who made their comments to Computerworld prior to Mullenweg’s interview, were mixed. Some said they were worried that these latest WordPress changes might exacerbate enterprise IT worries about sticking with WordPress.

“This is a massive number of hours that they are planning on cutting back. The community is not likely to make up those hours. They are going to direct their resources to a legal battle and the platform will not be stable,” said Melody Brue, VP/principal analyst at Moor Insights & Strategy. “Users have to plan for the likelihood that they cannot take up the slack. WordPress users are already panicking. They can’t trust him now. They will turn off automatic [WordPress] updates.”

Brue said that Mullenweg’s tactics have yet to work. 

“This has become a spiteful game that he is playing. Part of his whole game is that he makes these big tantrums and threats to get attention,” Brue said. “So far, that hasn’t worked.”

Michelle Rosen, an IDC research manager, said that she was not sure whether this move would ultimately hurt WordPress.

“Automattic has been the largest contributor to WordPress by far, so this decision has to hurt the project’s ability to evolve and improve,” Rosen said. “That said, WordPress has been around for a long time and many users rely on it only as the core of their CMS solution, with other components built on top. In this context, the impact may be lower, especially if Automattic continues to handle security issues.”

Users’ reactions were also mixed.

Jack Prenter, the CEO at WordPress site Dollarwise, said he was somewhat concerned. 

“There is a general loss of confidence. I don’t know if there’s a lot you can do. That’s why the situation is so painful,” Prenter said. “There is such a large ecosystem built around it that people are not going to let it fall apart. It can technically continue to function, but you can cancel all of the future roadmap. Nothing new is going to happen.”

Another WordPress user, Ben May, managing director of The Code Co in Australia, is less concerned. “I suspect this latest statement is ratcheting up the WPE campaign, I guess in an effort to change the hearts and minds of people sympathetic to WPE. I don’t see it as an existential threat to WordPress and am not losing any sleep over it for the time being,” May said. “From what I’ve seen online already, the community is big enough and willing enough to step in and fill in the gaps that would be left with the reduced contributions.”

Tech unemployment in the US drops to lowest level in more than two years

Tech hiring rose in December, dropping the IT unemployment rate to 2% — its lowest since November 2023, according to an analysis of the latest jobs data published today by the US Bureau of Labor statistics (BLS). The overall national unemployment rate held steady at 4.1%, according to the BLS.

The tech sector added a net 7,000 jobs, bringing the total core tech workforce to nearly 6.5 million, according to CompTIA, a nonprofit association for the IT industry and workforce. The group found that the unemployment rate last month among tech professionals fell a full half a percent from November.

IT jobs

CompTIA

And as 2025 gets under wa, IT employment and hiring appears to be on a positive track, according to staffing agencies. According to ManpowerGroup, the net employment outlook for Q1 2025 is 2% higher than it was for the same period last year — 37% this year compared to 35% in early 2024.

ManpowerGroup recently published its Q1 2025 report on hiring, which claimed hiring in IT fields will beat all other professions in the US. Still, the firm also predicted employers will pull back on hiring in the months ahead because of “economic uncertainty.”

IT employment

ManpowerGroup

“As we move into 2025, we’re seeing stable year-over-year hiring trends, with employers holding onto the talent they have and planning muted hiring for the quarter ahead,” said Jonas Prising, ManpowerGroup chair and CEO.

Overall, studies by ManpowerGroup, online hiring platform Indeed, and Deloitte Consulting showed that IT hiring will increasingly be based on finding workers with flexible skills that can meet changing demands.

In fact, employment within the tech sector encompassing all types of workers declined by 6,117 jobs in December, according to CompTIA’s data. Positions in PC, semiconductor and components manufacturing accounted for the bulk of those cuts.

The tech sector employs nearly 5.6 million people, which translates to a percentage decline of 1%.

Quarterly IT employment rates

ManpowerGroup

“Employers know a skilled and adaptable workforce is key to navigating transformation, and many are prioritizing hiring and retaining people with in-demand flexible skills that can flex to where demand sits,” Prising said.

Ger Doyle, ManpowerGroup’s US country manager, said the December BLS jobs report delivered “a strong finish to 2024 and is a promising sign of what’s to come in the new year. However, the labor market may still face challenges until inflation is under more control, which is necessary to prevent slower hiring, layoffs, and reduced job growth. Our real-time data shows that open positions have decreased by 8% month-over-month, but increased by 3% year-over-year.”

Overall, job postings have remained steady since November, up 13% year-over-year, reflecting growing demand in digital services, healthcare, and convenience retail, according to ManpowerGroup’s data.

The temp job market was also a bright spot, with open job postings reaching their highest levels since September 2023 and new job postings at their peak since March 2022, according to Doyle. “This surge is driven by an increased demand for IT roles as organizations turn to project work to develop artificial intelligence and machine learning,” Doyle said.

Kye Mitchell, head of Experis North America — a ManpowerGroup tech recruiting business — said demand increased among tech employers in December, particularly related to the “gig economy.” Uber led the surge in such jobs with a remarkable 4,150% increase in job postings, while Outlier Inc., a platform that connects experts to advance generative AI, saw a 342% rise in demand.

“This trend was also evident in the temp job market, where the demand for computer and information research scientists skyrocketed by 2,000% as organizations focused on developing artificial intelligence and machine learning, increasingly relying on temp workers,” Mitchell said.

In December, there were 434,415 active tech job postings, including 165,189 newly added (both down from November). Roles in software development, IT project management, cybersecurity, data science, and tech support saw the most activity, according to CompTIA.

Top hiring companies included Amazon, Accenture, Deloitte, PwC, GovCIO, Robert Half, Lumen Technologies, and Insight Global. Job postings spanned all career levels: 22% required 0-3 years of experience, 28% wanted 4-7 years, and 16% sought 8+ years, CompTIA’s data showed.

Notably, 45% of postings across tech roles didn’t require a four-year degree, according to CompTIA. Network support specialists (85%), tech support specialists (72%), and computer programmers (54%) had the highest percentages of degree-optional roles.

For more historical data, here’s a rundown of tech unemployment data dating back to mid-2020.

4 in 10 companies plan to replace employees with AI, WEF says

Forty-one percent of companies intend to cut their workforce in the next five years as many tasks are automated with AI, according to the World Economic Forum (WEF) Future of Jobs Report 2025.

At the same time, 70% of companies say they expect to hire people with knowledge of the new AI tools, reports CNN Business.

The WEF sees advances in AI and renewable energy as reshaping the labor market, driving demand for a variety of technical or specialist roles while leading to a decline for others. The shifts will also likely push companies to upskill their own employees.

There’s good news as well. According to the WEF forecast, while 92 million existing jobs will disappear by 2030, 170 million new jobs will be created. In other words, there will be a net addition of 78 million jobs if the forecast is accurate.

New malware justifies Apple’s locked-down security strategy

Apple has told us Macs aren’t secure enough and it continues working to improve their security, as it does across all of its platforms. But a newly identified malware attack confirms that third-party developers can sometimes be a weak link in the perimeter.

In this case, Checkpoint security has identified a malware-as-a-service attack it calls Banshee macOS Stealer. 

This insidious attack, which has apparently now been closed down, was spread via seemingly legitimate browser downloads distributed outside of Apple’s Mac App Store. When installed, it was capable of exfiltrating all kinds of information, including account, banking and crypto logins, and more, and was resistant to Apple’s own antivirus protection system, Gatekeeper. (The malware is also available on Windows, but I’m less sure of the degree of risk users on that platform face.

If it’s too good to be true, it’s too good to be true

Here’s what we know:

  • The software was distributed in infected versions of popular software (such as Chrome or Telegram) via phishing websites and fake GitHub repositories.
  • When in the field, it targets third-party browsers such as Chrome, browser extensions, and makes use of a 2FA extension to capture sensitive information.
  • It also tricks users into sharing their passwords with legitimate seeming system prompts, sending stolen data back via command and control servers. 

An attack-as-a-service malware of this kind usually relies on a command server within the exfiltration process, with legitimate-seeming but infiltrated software a method of attack ever since people used to share applications via FTP, and probably before.

None of this is new. Nor is the main attack’s reliance on tricking users. Everyone by now knows that computer users are now and will forever be the weakest link in platform security. Convincing people to download software that is infected is common, and recent attacks from NSO and other reprehensible companies showed that it is still possible to craft attacks that don’t even require user intervention. (Though those are very, very expensive.)

What is new is that those behind the attack used some of Apple’s own anti-virus tools, stealing, “a string encryption algorithm from Apple’s own XProtect antivirus engine, which replaced the plain text strings used in the original version,” according to Checkpoint.

This is what helped the attack evade detection for two months, though it was eventually identified, mitigated, and the operation shut down. Crisis over.

Prevention beats cure

Except the crisis is never really over. 

What this attack exposed is that platforms can be undermined, and while Macs (and Apple’s other products) are — unlike others — secure by design, that doesn’t mean they are infallible.

The introduction of Lockdown Mode demonstrates that Apple knows attacks happen. Within that context, it becomes super-important to ensure every user understands that if software they usually pay for is available free somewhere, they should absolutely avoid installing it. And they should always ensure that legitimate software (such as Chrome) is installed from the original source.

That’s not a problem if you stay within trusted app distribution ecosystems, of course — particularly Apple’s own heavily-policed app stores. But as the company is forced to open up to third-party distribution, that security will be eroded as, at least in some cases, some app developers insist on independent distribution of their software. 

That represents a golden opportunity for malware distributors to try to build legitimate-seeming download sites for these apps. Though it’s possible that Apple’s Notarization system (as it expands) might become an essential tool to protect against this.

While some developers continue to complain about the cost of distribution on Apple’s platforms, it must be stressed that the cost of cybercrime is expected to surpass $10 trillion this year. That means it is in the public interest for app developers — if they really want to play their part to combat cybercrime — to ensure they create and protect secure software distribution systems that do not confuse consumers. 

We all play a part

It’s actually in the national (international) interest. “I think some of the top people predict that the next big war is fought on cybersecurity,” Apple CEO Tim Cook told Time in 2016

Software consumers need to play their part. “As cyber criminals continue to innovate, security solutions must evolve in tandem to provide comprehensive protection,” Check Point Research explains. “Businesses and users alike must take proactive steps to defend against threats, leveraging advanced tools and fostering a culture of caution and awareness.”

Despite this attack, the Mac remains the world’s most secure PC platform. One of the easiest ways for anyone to improve their own security posture is to move to Apple’s platforms. And one of the easiest ways to undermine that security is to install dodgy software, no matter how genuine it appears to be. If it seems too good to be true, it’s too good to be true.

So, don’t download it.

You can follow me on social media! You’ll find me on BlueSky,  LinkedInMastodon, and MeWe