Windows Archive
The consequences of the massive CrowdStrike failure for Windows are slowly coming into focus. Microsoft recently held a security summit with some of the large security software vendors, and the company is making several rather vague promises about what it’s going to do to make sure an incident like CrowdStrike never happens again. A key part of these promises is the realisation that security software really shouldn’t be running in the kernel, and to make that possible, MIcrosoft will need to add several security features in userspace. Both our customers and ecosystem partners have called on Microsoft to provide additional security capabilities outside of kernel mode which, along with SDP, can be used to create highly available security solutions. At the summit, Microsoft and partners discussed the requirements and key challenges in creating a new platform which can meet the needs of security vendors. ↫ David Weston at the Windows Blogs This is easier said than done, as moving things from kernel to userspace tends to incur a performance penalty, as well as making it harder to detect software with bad intentions early enough. Microsoft is going to have do some serious reworking of both the kernel and userspace when it comes to security before it’ll be able to completely close up the kernel and make it impossible for security software to mess around in kernelspace. Microsoft doesn’t offer any concrete steps or measures quite yet, so we’ll have to wait and see just how far they’re willing to go. There’s really not much else to say at this point – empty platitudes, vague promises, and tons of marketing speak don’t secure an operating system, after all.
The MAS project, a group of people working on an open source Windows and Office activator featuring HWID, Ohook, KMS38, and Online KMS activation methods, discovered quite a neat and interesting bug in the code responsible for licensing in Windows. In our ongoing work to bypass Windows licensing checks, we occasionally stumble upon bugs that we choose to keep secret. This decision allows us to preserve potential future activation methods by avoiding bug fixes, while also giving us valuable tools for testing or developing new methods. One such discovery, which we’ve named “Keyhole”, turned out to be a highly effective DRM bypass. It gave users the ability to license any Microsoft Store app or any modern Windows edition with ease. ↫ The MAS project There were quite a number of roadblocks to overcome here, such as Microsoft’s code obfuscation tool, called Warbird, which was already done by someone else, after which they could really start digging into the code responsible for handling Microsoft Store and Windows licenses. They then discovered that circumventing the license blocks that hold the actual license information was dead simple – every license block is followed by a signature block covering all the data that comes before it. It turns out that messing with the licensing system was as simple as… Adding data after that signature block. That was it. As it turns out, data after the signature block isnt checked at all… and it can even override data that came before it. Whenever two blocks of the same type are stored together, the last one overrides all the others before it. So, if we want to change any license data, we can just make a block for it and put it after the signature block! This method lets us make licenses for anything sold on the Microsoft Store, including Windows, from any other Microsoft Store license. And since there are so many free apps with licenses, we now had the ability to make as many as we wanted for whatever we wanted. This bug essentially punched a hole straight through CLiP’s DRM, so we decided to name it “Keyhole”. ↫ The MAS project This opened up a massive hole in Microsoft’s licensing tools and DRM, and allowed the MAS project to pretty much do whatever they wanted. They could even do things that used to be impossible, such as “activating Enterprise LTSC with a digital license, or even activating a legitimate KMS server with a generic key”. Sadly, the fun didn’t last long, as right around the same time, Cisco TALOS discovered this same bug, reported it to Microsoft, who then proceeded to fix it. the MAS project also discovered something else incredibly interesting, something which further highlights the seemingly terrible lack of quality assurance and code quality inside Microsoft. They noted that the kernel driver responsible for licensing looked incredibly shoddy, full of what they call “odd choices and compromises”. In fact, they soon realised that they had seen this code before: it was a straight-up copy/paste job from the licensing DRM found on the Xbox One. And there’s the same bug that’s in CLiP, but in Xbox code. In fact, we weren’t too surprised to find this, as we found that almost all of CLiP, from the XML format of the licenses to the TLV-based license blocks, is copy-pasted straight from the Xbox One’s DRM system. ↫ The MAS project Code reuse obviously makes sense in some situations, but the fact Microsoft even copy/pasted entire sections of code from the Xbox One straight into the Windows kernel as a kernel driver seems rather irresponsible. Shouldn’t code added to the Windows kernel and installed on billions of devices be vetted a little better than this?
We are proud to announce that version 1.6 of the Windows App SDK is now available! Whether you’re looking for the incredible performance boost and footprint reduction of Native AOT support, enhancements for deploying your package, or quality of life improvements for controls like PipsPager and RatingControl, WinAppSDK 1.6 offers a raft of new features, performance boosts and structural changes that enable you to make your native Windows apps better than ever before. The Windows App SDK provides a rich set of APIs and tools to help you build beautiful and fast Windows desktop apps, including any C++ Win32 or C# .NET app. You can harness the modern controls and polish of WinUI 3, which ships as part of the WinAppSDK, or if you have an existing app that uses Win32 such as WPF, you can take advantage of only the parts of the SDK that you need. The WinAppSDK also stays up to date with frequent and OS-independent releases so your app can always access the latest innovations. ↫ Duncan MacMichael at the Windows Blogs There’s actually quite a few nice and welcome updates in version 1.6, most prominently the aforementioned Native AOT. This stands for native Ahead-Of-Time (AOT) compilation, and, as the name suggests, compiles your application ahead of time for the architecture it’s going to run on. This reduces the size of the application package and greatly improves the startup time. Another welcome improvement is that the embedded Edge WebView2 SDK is no longer hard-coded, but a NuGet reference, so developers can choose to use any version of the webview they want, preferably the newest version. There’s a lot more in here, so if you’re a Windows developer trying to use the latest set of tools from Microsoft – this one’s for you.
Unsurprisingly, this change has not been met with a lot of enthusiasm by the average Windows user, and with Microsoft now officially recommending users migrate over to the Settings app, it seems that before long we may have to say farewell to what used to be an intrinsic part of the Windows operating system since its first iterations. Yet bizarrely, much of the Control Panel functionality doesn’t exist yet in the Settings app, and it remain an open question how much of it can be translated into the Settings app user experience (UX) paradigm at all. Considering how unusual this kind of control panel used to be beyond quaint touch-centric platforms like Android and iOS, what is Microsoft’s goal here? Have discovered a UX secret that has eluded every other OS developer? ↫ Maya Posch I like the Windows Control Panel, and approaches like it. They’re easy to use, they allow you to have multiple settings panels open at the same time, they can be easily extended by third parties – for better or worse – and they make it easy to find things with colourful, recognisable icons. The current Windows Settings application is a massive regression, as is the change from macOS’ iconic and incredibly user-friendly System Preferences to the new System Settings application. KDE also moved to a sidebar design I’m not a fan of, and GNOME has had a similar unpleasant, monochrome sidebar, too. It’s not big enough of an issue to make a huge deal out of, and the KDE sidebar settings application is at least marginally usable, but I really do wish someone would have the guts to undo this general trend, because it’s getting harder and harder to find the settings I want at a glance, and not allowing you to open multiple settings panels at the same time is a huge loss. And a small note: this article uses the Windows 3.x Control Panel as its starting point, but both Windows 1.x and 2.x had a Control Panel as well. It’s an old concept, for sure.
Despite reports to the contrary, Microsoft has stated that Recall will not be uninstallable after all. The feature did show up in the Windows Features dialog, but apparently, that was a bug. “We are aware of an issue where Recall is incorrectly listed as an option under the ‘Turn Windows features on or off’ dialog in Control Panel,” says Windows senior product manager Brandon LeBlanc in a statement to The Verge. “This will be fixed in an upcoming update.” ↫ Tom Warren at The Verge The company is not committing to saying it will not ever be uninstallable, probably because the European Union might have something to say about that. At the very least you’ll be able to turn Recall off, but it seems actually removing it might not be possible for a while.
After spending a few months in complete radio silence about Recall, Microsoft finally emerged with a statement that its controversial feature will make a comeback later this year, in October, to be more precise. In preparation for the release, Microsoft quietly made a big change in Windows 11 version 24H2 on Copilot+ PCs, namely, adding the ability to uninstall Recall (via Deskmodder). ↫ Taras Buria Recall, a half-baked security nightmare of a feature trying to catch the AI hype train, uninstallable using a Windows 95-era Windows Features dialog, is a better summary of the current state of Windows than anything anyone could put into words. Nobody cares about Windows, least of all Microsoft, and I have the sneaking suspicion that could Microsoft get away with it, they would put the source code to large parts of the Windows platform on GitHub to “outsource” its development to the community and fire even more employees. Is anyone excited about new Windows releases? Is anyone looking forward to new features? Because it feels like every new releases, every new feature, just causes more dread, more exasperation, more what is it this time? than genuine excitement and happiness. Everything coming out of Microsoft when it comes to Windows ever since the release of Windows 11 is just… Sadness.
Earlier this year, Microsoft introduced a so-called “Account Manager” for Windows 11 that appears on the screen when you click your profile picture on the Start menu. Instead of just showing you buttons for logging out, locking your device or switching profiles, it displays Microsoft 365 ads. All the actually useful buttons are now hidden behind a three-dot submenu (apparently, my 43-inch display does not have enough space to accommodate them). Now, the “Account Manager” is coming to Windows 10 users. ↫ Taras Buria at Neowin Yes, this is a really small ad int he grand scheme of things, but the mere concept of my operating system showing me all kinds of ads and upsells, as both Windows and macOS have been doing aggressively for years now, is so deeply offensive to me. It shows such utter disrespect to me as a user, and shows that Microsoft and Apple see me not as an end user, but as a ripe plum ready to be bled dry at every turn. It’s revolting. As the latest release, Windows 11 has always been the most ad-ridden of the Windows releases still in use, but it seems Windows users can’t escape the onslaught either. I’m especially expecting ever more aggressive ads and upsells for Windows 11 to appear in Windows 10 now that the 2025 cutoff date for Windows 10 support is nearing, of course appearing at the most inopportune times – because everybody loves a giant fullscreen ad on your operating system when you’re trying to give a presentation or meet that tight deadline you forced yourself yo stress about by playing a bit too much League of Legends. If you want an ad- and upsell-free operating system, your options are legion – there’s countless Linux distributions and the various BSDs to choose from.
Virtually every tech media outlet has been reporting that Microsoft is deprecating the Control Panel in Windows as if that’s some sort of big revelation we should be outraged about. They’re basing this on the following, now changed, paragraph someone found buried deep in a Windows support site somewhere: The Control Panel is a feature that’s been part of Windows for a long time. It provides a centralized location to view and manipulate system settings and controls. Through a series of applets, you can adjust various options ranging from system time and date to hardware settings, network configurations, and more. The Control Panel is in the process of being deprecated in favor of the Settings app, which offers a more modern and streamlined experience. ↫ Windows support website It seems the sudden avalanche of articles about this spooked Microsoft, because when you open the same website now, that last line instead reads: Many of the settings in Control Panel are in the process of being migrated to the Settings app, which offers a more modern and streamlined experience. ↫ Windows support website The idea that the Control Panel is being “deprecated” is not exactly a new one; it’s been an ongoing process since the release of Windows 8, twelve years ago now. With every new Windows release, more Control Panel applets are removed in favour of expanding the Settings application, to a point where few regular users have a need to open it directly. Settings still does rely on old Control Panel applets, though, and it won’t take you many clicks through Settings to end up at a classic applet. So, while directly opening the Control Panel might not be a common thing people do, using classic applets sure is. Microsoft may be changing the verbiage of its support page to remove the word “deprecated”, but that ain’t fooling anyone: the Control Panel has already been gutted beyond recognition, and it’s definitely in the process of being deprecated – in true Microsoft fashion, it’s just taking them a really long time, because nobody inside Microsoft seems to really care about Windows anymore.
In October last year, we covered a very simple bypass trick that involved just a single command when running the Windows 11 Setup. While this passthrough got popular in the tech community during this time as a result of the media coverage from Neowin as well as others, it was actually something even older. To use this, all a user had to do was add “/product server” when running the setup, and Windows would just skip the hardware requirements check entirely. As it turns out, Microsoft has blocked this bypass method on the latest Canary build 27686 as discovered by X user and tech enthusiast Bob Pony. When trying to use the Server trick now, the hardware requirements check is not bypassed. ↫ Sayan Sen It’s such an own goal to limit Windows 11 as much as Microsoft is doing. Windows 11 runs pretty much identically, performance-wise, to Windows 10 on the same hardware, so there’s no reason other than to enable the various security features through TPMs and the like. The end result is that people simply aren’t upgrading to Windows 11 – not only because Windows 10 is working just fine for them, but also because even if they want to upgrade, they often can’t. Most people don’t just buy a brand new PC because a new version of Windows happens to be available. There’s been a variety of tricks and methods to circumvent the various minimum specifications checks Microsoft added to the regular consumer versions of Windows, and much like with the activation systems of yore, Microsoft is now engaging in a game of whack-a-mole where as soon as it kills on method, ten more pop up to take its place. There’s a whole cottage industry of methods, tools, registry edits, and much more, spread out across the most untrustworthy-looking content farms you can find on the web, which all could’ve been avoided if Microsoft just offered consumers the choice of disabling these restrictions, accompanied by a disclaimer. So Microsoft is now in the unfortunate situation where most of its Windows users are still using Windows 10, yet the end of Windows 10’s support is coming up next year. Either Microsoft extends this date by at least another five years to catch the wave of ‘natural’ PC upgrades to a point where Windows 10 is a minority, or it’s going to have to loosen some of the restrictions to give more people the ability to upgrade. If they don’t, they’re going to be in a world of hurt with security issues and 0-days affecting the vast majority of Windows users.
Even though FAT32 supports disk sizes of up to 2TB, and even though Windows can read FAT32 file systems of up to 2TB, Windows can’t actually create them. The maximum file system limit Windows can create with FAT32 is 32GB, a limitation that dates back to Windows 95 which has never been changed. It seems Microsoft is finally changing this with the latest Insider Preview build of Windows 11, as the format command can now finally create FAT32 file systems of up to 2TB. When formatting disks from the command line using the format command, we’ve increased the FAT32 size limit from 32GB to 2TB. ↫ Amanda Langowski and Brandon LeBlanc Sadly, this only works through the format command; it’s not yet reflected in the graphical user interface, which is just so typically Microsoft. Of course, most of us will be using exFAT at this point for tasks that require an interoperable file system, but not every device accepts exFAT properly, and even those that do sometimes have issues with exFAT that are not present when using FAT32. A more interesting new addition in this preview build is the Windows Sandbox Client Preview. This build includes the new Windows Sandbox Client Preview that is now updated via the Microsoft Store. As part of this preview, we’re introducing runtime clipboard redirection, audio/video input control, and the ability to share folders with the host at runtime. You can access these via the new “…” icon at the upper right on the app. Additionally, this preview includes a super early version of command line support (commands may change over time). You can use ‘wsb.exe –help’ command for more information. ↫ Amanda Langowski and Brandon LeBlanc Windows Sandbox is a pretty cool feature that provides a lightweight desktop environment in which you can run applications entirely sandboxed, separate from your actual Windows installation. Changes and files made in the sandbox do not persist, unless the sandbox is shut down from within the sandbox itself. There’s a whole variety of uses this could be good for, and having it integrated into Windows is awesome. Windows Sandbox is available in Windows Pro or Enterprise – not Home – and is quite easy to use. Open up its window, copy/paste an executable to the sandbox, and run it inside the sandbox. As said, after closing the sandbox, all your changes will be lost. That process is still a bit clunky, but with a bit more work it should be possible for Microsoft to smooth this out, and, say, add an option in the right-click menu to just launch any executable in the sandbox that way.
Way back in the early before time, Microsoft thought it would be a good idea to brand Windows 10 entirely around the label “creators”, and one distinctly odd consequence of that was an application called “Paint 3D”, a replacement for the traditional Paint application that Microsoft had been shipping one way or another since 1985, when it included a simple bitmap editing program called “Doodle” with its mouse drivers for DOS. Doodle would be replaced shortly after by a whitelabel version of ZSoft Corporation’s PC Paintbrush, and once Windows 1.0 rolled around, it was rebranded as Paint, a name that has stuck until today. Paint 3D was supposed to replace the regular Paint, with a focus on creating and manipulating 3D objects, serving as an extension to Microsoft’s failed efforts to bring VR and AR to the masses. Microsoft even went so far as to list the regular Paint as deprecated, but after a lot of outcry, has since reneged and refocused its efforts on improving it. Paint 3D, however, is not officially going to be deprecated, and has been added to Microsoft’s list of deprecated Windows features. Paint 3D is deprecated and will be removed from the Microsoft Store on November 4, 2024. To view and edit 2D images, you can use Paint or Photos. For viewing 3D content, you can use 3D Viewer. ↫ Microsoft’s list of deprecated Windows features I don’t think anyone is going to shed a tear on this, but at the same time, as with everything Microsoft changes or removes from Windows, there’s bound to be at least a few people whose entire workflow heavily depends on Paint 3D, and they’re going to be pissed.
Microsoft has published a post-mortem of the CrowdStrike incident, and goes into great depths to describe where, exactly, the error lies, and how it could lead to such massive problems. I can’t comment anything insightful on the technical details and code they show to illustrate all of this – I’ll leave that discussion up to you – but Microsoft also spends considerable amount of time explaining why security vendors are choosing to use kernel-mode drivers. Microsoft lists three major reasons why security vendors opt for using kernel modules, and none of them will come as a great surprise to OSNews readers: kernel drivers provide more visibility into the system than a userspace tool would, there are performance benefits, and they’re more resistant to tampering. The downsides are legion, too, of course, as any crash or similar issue in kernel mode has far-reaching consequences. The goal, then, according to Microsoft, is to balance the need for greater insight, performance, and tamper resistance with stability. And while the company doesn’t say it directly, this is clearly where CrowdStrike failed – and failed hard. While you would want a security tool like CrowdStrike to perform as little as possible in kernelspace, and conversely as much as possible in userspace, that’s not what CrowdStrike did. They are running a lot of stuff in kernelspace that really shouldn’t be there, such as the update mechanism and related tools. In total, CrowdStrike loads four kernel drivers, and much of their functionality can be run in userspace instead. It is possible today for security tools to balance security and reliability. For example, security vendors can use minimal sensors that run in kernel mode for data collection and enforcement limiting exposure to availability issues. The remainder of the key product functionality includes managing updates, parsing content, and other operations can occur isolated within user mode where recoverability is possible. This demonstrates the best practice of minimizing kernel usage while still maintaining a robust security posture and strong visibility. Windows provides several user mode protection approaches for anti-tampering, like Virtualization-based security (VBS) Enclaves and Protected Processes that vendors can use to protect their key security processes. Windows also provides ETW events and user-mode interfaces like Antimalware Scan Interface for event visibility. These robust mechanisms can be used to reduce the amount of kernel code needed to create a security solution, which balances security and robustness. ↫ David Weston, Vice President, Enterprise and OS Security at Microsoft In what is surely an unprecedented event, I agree with the CrowdStrike criticism bubbling under the surface of this post-mortem by Microsoft. Everything seems to point towards CrowdStrike stuffing way more things in kernelspace than is needed, and as such creating a far larger surface for things to go catastrophically wrong than needed. While Microsoft obviously isn’t going to openly and publicly throw CrowdStrike under the bus, it’s very clear what they’re hinting at here, and this is about as close to a public flogging we’re going to get. Microsoft’s post-portem further details a ton of work Microsoft has recently done, is doing, and will soon be doing to further strenghthen Windows’ security, to lessen the need for kernelspace security drivers even more, including adding support for Rust to the Windows kernel, which should also aid in mitigating some common problems present in other, older programming languages (while not being a silver bullet either, of course).
Blue screens of death are not exactly in short supply on Windows machines lately, but what if you really want to cause your own kernel panic or complete system crash, just because you love that shade of crashy blue? Well, there’s a tool for that called NotMyFault, developed by Mark Russinovich as part of Sysinternals. NotMyFault is a tool that you can use to crash, hang, and cause kernel memory leaks on your Windows system. It’s useful for learning how to identify and diagnose device driver and hardware problems, and you can also use it to generate blue screen dump files on misbehaving systems. The download file includes 32-bit and 64-bit versions, as well as a command-line version that works on Nano Server. Chapter 7 in Windows Internals uses NotMyFault to demonstrate pool leak troubleshooting and Chapter 14 uses it for crash analysis examples. ↫ Mark Russinovich Using this tool, you can select exactly what kind of crash you want to cause, and after clicking the Crash button, your Windows computer will do exactly as it’s told and crash with a lovely blue screen of death. It comes in both a GUI and CLI version, and the latter also works on minimal Windows installations that don’t have the Windows shell installed. A tool like this may seem odd, but it can be particularly useful in situations where you’re trying to troubleshoot an issue, and to learn how to properly diagnose crashes. Or, you know, you can use it to create a panic at your workplace.
A story that’s been persistently making the rounds since the CrowdStrike event is that while several airline companies were affected in one way or another, Southwest Airlines escaped the mayhem because they were still using windows 3.1. It’s a great story that fits the current zeitgeist about technology and its role in society, underlining that what is claimed to be technological progress is nothing but trouble, and that it’s better to stick with the old. At the same time, anybody who dislikes Southwest Airlines can point and laugh at the bumbling idiots working there for still using Windows 3.1. It’s like a perfect storm of technology news click and ragebait. Too bad the whole story is nonsense. But how could that be? It’s widely reported by reputable news websites all over the world, shared on social media like a strain of the common cold, and nobody seems to question it or doubt the veracity of the story. It seems that Southwest Airlines running on an operating system from 1992 is a perfectly believable story to just about everyone, so nobody is questioning it or wondering if it’s actually true. Well, I did, and no, it’s not true. Let’s start with the actual source of the claim that Southwest Airlines was unaffected by CrowdStrike because they’re still using Windows 3.11 for large parts of their primary systems. This claim is easily traced back to its origin – a tweet by someone called Artem Russakovskii, stating that “the reason Southwest is not affected is because they still run on Windows 3.1”. This tweet formed the basis for virtually all of the stories, but it contains no sources, no links, no background information, nothing. It was literally just this one line. It turned out be a troll tweet. A reply to the tweet by Russakovskii a day later made that very lear: “To be clear, I was trolling last night, but it turned out to be true. Some Southwest systems apparently do run Windows 3.1. lol.” However, that linked article doesn’t cite any sources either, so we’re right back where we started. After quite a bit of digging – that is, clicking a few links and like 3 minutes of searching online – following the various reference and links back to their sources, I managed to find where all these stories actually come from to arrive at the root claim that spawned all these other claims. It’s from an article by The Dallas Morning News, titled “What’s the problem with Southwest Airlines scheduling system?” At the end of last year, Southwest Airlines’ scheduling system had a major meltdown, leading to a lot of cancelled flights and stranded travelers just around the Christmas holidays. Of course, the media wanted to know what caused it, and that’s where this The Dallas Morning News article comes from. In it, we find the paragraphs that started the story that Southwest Airlines is still using Windows 3.1 (and Windows 95!): Southwest uses internally built and maintained systems called SkySolver and Crew Web Access for pilots and flight attendants. They can sign on to those systems to pick flights and then make changes when flights are canceled or delayed or when there is an illness. “Southwest has generated systems internally themselves instead of using more standard programs that others have used,” Montgomery said. “Some systems even look historic like they were designed on Windows 95.” SkySolver and Crew Web Access are both available as mobile apps, but those systems often break down during even mild weather events, and employees end up making phone calls to Southwest’s crew scheduling help desk to find better routes. During periods of heavy operational trouble, the system gets bogged down with too much demand. ↫ Kyle Arnold at The Dallas Morning News That’s it. That’s where all these stories can trace their origin to. These few paragraphs do not say that Southwest is still using ancient Windows versions; it just states that the systems they developed internally, SkySolver and Crew Web Access, look “historic like they were designed on Windows 95”. The fact that they are also available as mobile applications should further make it clear that no, these applications are not running on Windows 3.1 or Windows 95. Southwest pilots and cabin crews are definitely not carrying around pocket laptops from the ’90s. These paragraphs were then misread, misunderstood, and mangled in a game of social media and bad reporting telephone, and here we are. The fact that nobody seems to have taken the time to click through a few links to find the supposed source of these claims, instead focusing on cashing in on the clicks and rage these stories would illicit, is a rather damning indictment of the state of online (tech) media. Many of the websites reporting on these stories are part of giant media conglomerates, have a massive number of paid staff, and they’re being outdone by a dude in the Arctic with a small Patreon, minimal journalism training, and some common sense. This story wasn’t hard to debunk – a few clicks and a few minutes of online searching is all it took. Ask yourself – why do these massive news websites not even perform the bare minimum?
Microsoft has again quietly updated its Validation OS ISOs. In case you are not familiar with it, Validation OS is an official lightweight variant of Windows and it is designed for hardware vendors to test, validate and repair hardware defects. ↫ Sayan Sen at Neowin I had no idea this variant of Windows existed, but it kind of makes sense when you think about it. OEMs or other companies making devices that run or work with Windows may need to test, reboot, test, reboot, and so on, endlessly, and having a lightweight and fast version of Windows that doesn’t load any junk you don’t need – or just loads straight into your company’s hardware testing application – is incredibly valuable. According to Microsoft, the Windows Validation OS boots to a command line that allows you to run Win32 applications. This has made me wonder if I can use it for the one thing I am forced to use Windows for: playing League of Legends (I cobbled together a spare parts machine solely for this purpose). My guess is that either the Validation OS will lack certain components or frameworks League of Legends requires, or is so different from regular Windows that it will trip Riot Games’ rootkit, or both. Still, I’m curious. I might load this up on a spare hard drive and what’s possible.
The most fascinating time for Windows NT were its first few years on the market, when the brand new operating system supported a wide variety of architectures, from default x86, all the way down to stuff like Alpha, MIPS, and exotic things like Intel i860, and even weirder stuff like Clipper (even a SPARC port was planned, but never released). One of the more conventional architectures that saw a Windows NT port – one that was actually released to the public, no less – was PowerPC. The last version of Windows NT to support exotic architectures was 4.0, with Windows 2000 only supporting x86, dropping everything else, including PowerPC (although Windows 2000 for Alpha reached RC1 status). The PowerPC version of Windows NT only supported IBM and Motorola systems using the PowerPC Reference Platform, and never the vastly more popular PowerPC systems from Apple. Well, it’s 2024, and that just changed: Windows NT 4.0 can now be installed and run on certain Apple New World Power Macintosh systems. This repository currently contains the source code for the ARC firmware and its loader, targeting New World Power Macintosh systems using the Gossamer architecture (that is, MPC106 “Grackle” memory controller and PCI host, and “Heathrow” or “Paddington” super-I/O chip on the PCI bus). NT4 only, currently. NT 3.51 may become compatible if HAL and drivers get ported to it. NT 3.5 will never be compatible, as it only supports PowerPC 601. (The additional suspend/hibernation features in NT 3.51 PMZ could be made compatible in theory but in practise would require all of the additional drivers for that to be reimplemented.) ↫ maciNTosh GitHub page This is absolutely wild, and one of the most interesting projects I’ve seen in a long, long time. The deeply experimental nature of this effort does mean that NT 4.0 is definitely not stable on any of the currently supported machines, and the number of drivers implemented is the absolute bare minimum to run NT 4.0 on these systems. It does, however, support dual-booting both NT 4.0 and Mac OS8, 9, and X, which would be quite something to set up. I’m not definitely going to keep an eye on eBay for a supported machine, because running NT on anything other than x86 has always been a bit of a weird fascination for me. Sadly, period-correct PowerPC machines that support NT are extremely rare and thus insanely expensive, and will often require board-level repairs that I can’t perform. Getting a more recent Yikes PowerMac G4 should be easy, since those just materialise out of thin air randomly in the world. I’m incredibly excited about this.
The article’s from 2021, but I think it’s still worth discussing. A hard reality of C and C++ software development on Windows is that there has never been a good, native C or C++ standard library implementation for the platform. A standard library should abstract over the underlying host facilities in order to ease portable software development. On Windows, C and C++ is so poorly hooked up to operating system interfaces that most portable or mostly-portable software — programs which work perfectly elsewhere — are subtly broken on Windows, particularly outside of the English-speaking world. The reasons are almost certainly political, originally motivated by vendor lock-in, than technical, which adds insult to injury. This article is about what’s wrong, how it’s wrong, and some easy techniques to deal with it in portable software. ↫ Chris Wellons As someone who doesn’t know how to code or program, articles like these are always difficult to properly parse. I understand the primary problem the article covers, but what I’m curious about is how much of this problem is personal – skill issue – and how much of it is a widely held belief by Windows developers and programmers. I know there’s quite a few of you in our audience, so I’d love to hear from you how you feel about this. The author also authored his on fix, something called libwinsane, which I’m also curious about – is this the only solution, or are there more options out there?
Microsoft Defender is the endpoint security solution preinstalled on every Windows machine since Windows 7. It’s a fairly complex piece of software, addressing both EDR and EPP use cases. As such, Microsoft markets two different products. Microsoft Defender for Endpoint is a cloud based endpoint security solution that combines sensor capabilities with the advantages of a cloud processing. Microsoft Defender Antivirus (MDA), on the other hand, is a modern EPP enabled by default on any fresh Windows installation. MDA is the focus of this analysis. ↫ Retooling If you’ve ever wanted to know how Microsoft Defender works, this article contains a wealth of detailed information.
Once upon a time, the IBM PC was released. In the IBM PC BIOS, you could enter characters that weren’t present on the keyboard by holding the Alt key and typing the decimal value on the numeric keypad. For example, you could enter ñ by holding Alt and typing Numpad1 Numpad6 Numpad4, then releasing the Alt key. ↫ Raymond Chen Another Raymond Chen story, and this one involves hearts, snowmen, different editing controls, codepages, and more. In other words, just another Tuesday for Chen.
So I learned something new today: there are companies that provide security patches for Windows that aren’t Microsoft. I never even considered this could be a thing, but it turns out that a paid service called 0patch seems to have been around for a long time, and the consensus seems to be that not only can it be trusted, it also sometimes provides patches sooner than Microsoft does. Today, 0patch announced it’ll also be providing this service for Windows 10 after the end of support next year. With October 2025, 0patch will “security-adopt” Windows 10 v22H2, and provide critical security patches for it for at least 5 more years – even longer if there’s demand on the market. We’re the only provider of unofficial security patches for Windows (“virtual patches” are not really patches), and we have done this many times before: after security-adopting Windows 7 and Windows Server 2008 in January 2020, we took care of 6 versions of Windows 10 as their official support ended, security-adopted Windows 11 v21H2 to keep users who got stuck there secure, took care of Windows Server 2012 in October 2023 and adopted two popular Office versions – 2010 and 2013 – when they got abandoned by Microsoft. We’re still providing security patches for all of these. ↫ Mitja Kolsek on the 0patch blog This service implements patching through what it calls “micropatches”, which are very small sets of CPU instructions injected into running code in memory without modifying – in this case – Microsoft’s own code. These micropatches are applied by briefly stopping the offending program, injecting the fix, and continuing the program – without having to close the program or reboot. Of course, they can be unapplied in the same, non-disruptive way. The 0patch service will provide patches for 0days that Microsoft hasn’t fixed yet, patches for issues Microsoft won’t fix, and sometimes patches for third party code. As the headline clearly states, this service isn’t free, but honestly, at roughly 25 dollars plus tax per computer per year, it’s not exactly expensive, and definitely cheaper than Microsoft’s own Windows 10 Extended Security Update program it’s going to offer for Windows 10 after the end of support date next year. Diving a bit deeper into who is providing this service, it comes from a company called ACROS Security, a small company out of Slovenia. The company details its micropatches on its 0patch blog if you want more information on how each individual ones works. I still don’t know exactly what to make of this, and I definitely wouldn’t rely on something like this for mission-critical Windows computers or servers, but for something like a home PC that can’t be upgraded to Windows 11 but still works just fine, or perhaps some disposable virtual machines you’re using, this might be a good stopgap solution until you can upgrade to a better operating system, like Linux or one of the BSDs. Are there any people in the OSNews audience who’ve used 0patch, or perhaps a service similar to it?