Windows Archive

The article’s from 2021, but I think it’s still worth discussing. A hard reality of C and C++ software development on Windows is that there has never been a good, native C or C++ standard library implementation for the platform. A standard library should abstract over the underlying host facilities in order to ease portable software development. On Windows, C and C++ is so poorly hooked up to operating system interfaces that most portable or mostly-portable software — programs which work perfectly elsewhere — are subtly broken on Windows, particularly outside of the English-speaking world. The reasons are almost certainly political, originally motivated by vendor lock-in, than technical, which adds insult to injury. This article is about what’s wrong, how it’s wrong, and some easy techniques to deal with it in portable software. Chris Wellons As someone who doesn’t know how to code or program, articles like these are always difficult to properly parse. I understand the primary problem the article covers, but what I’m curious about is how much of this problem is personal – skill issue – and how much of it is a widely held belief by Windows developers and programmers. I know there’s quite a few of you in our audience, so I’d love to hear from you how you feel about this. The author also authored his on fix, something called libwinsane, which I’m also curious about – is this the only solution, or are there more options out there?

Microsoft Defender is the endpoint security solution preinstalled on every Windows machine since Windows 7. It’s a fairly complex piece of software, addressing both EDR and EPP use cases. As such, Microsoft markets two different products. Microsoft Defender for Endpoint is a cloud based endpoint security solution that combines sensor capabilities with the advantages of a cloud processing. Microsoft Defender Antivirus (MDA), on the other hand, is a modern EPP enabled by default on any fresh Windows installation. MDA is the focus of this analysis. Retooling If you’ve ever wanted to know how Microsoft Defender works, this article contains a wealth of detailed information.

So I learned something new today: there are companies that provide security patches for Windows that aren’t Microsoft. I never even considered this could be a thing, but it turns out that a paid service called 0patch seems to have been around for a long time, and the consensus seems to be that not only can it be trusted, it also sometimes provides patches sooner than Microsoft does. Today, 0patch announced it’ll also be providing this service for Windows 10 after the end of support next year. With October 2025, 0patch will “security-adopt” Windows 10 v22H2, and provide critical security patches for it for at least 5 more years – even longer if there’s demand on the market. We’re the only provider of unofficial security patches for Windows (“virtual patches” are not really patches), and we have done this many times before: after security-adopting Windows 7 and Windows Server 2008 in January 2020, we took care of 6 versions of Windows 10 as their official support ended, security-adopted Windows 11 v21H2 to keep users who got stuck there secure, took care of Windows Server 2012 in October 2023 and adopted two popular Office versions – 2010 and 2013 – when they got abandoned by Microsoft. We’re still providing security patches for all of these. Mitja Kolsek on the 0patch blog This service implements patching through what it calls “micropatches”, which are very small sets of CPU instructions injected into running code in memory without modifying – in this case – Microsoft’s own code. These micropatches are applied by briefly stopping the offending program, injecting the fix, and continuing the program – without having to close the program or reboot. Of course, they can be unapplied in the same, non-disruptive way. The 0patch service will provide patches for 0days that Microsoft hasn’t fixed yet, patches for issues Microsoft won’t fix, and sometimes patches for third party code. As the headline clearly states, this service isn’t free, but honestly, at roughly 25 dollars plus tax per computer per year, it’s not exactly expensive, and definitely cheaper than Microsoft’s own Windows 10 Extended Security Update program it’s going to offer for Windows 10 after the end of support date next year. Diving a bit deeper into who is providing this service, it comes from a company called ACROS Security, a small company out of Slovenia. The company details its micropatches on its 0patch blog if you want more information on how each individual ones works. I still don’t know exactly what to make of this, and I definitely wouldn’t rely on something like this for mission-critical Windows computers or servers, but for something like a home PC that can’t be upgraded to Windows 11 but still works just fine, or perhaps some disposable virtual machines you’re using, this might be a good stopgap solution until you can upgrade to a better operating system, like Linux or one of the BSDs. Are there any people in the OSAlert audience who’ve used 0patch, or perhaps a service similar to it?

Microsoft has made OneDrive slightly more annoying for Windows 11 users. Quietly and without any announcement, the company changed Windows 11’s initial setup so that it could turn on the automatic folder backup without asking for it. Now, those setting up a new Windows computer the way Microsoft wants them to (in other words, connected to the internet and signed into a Microsoft account) will get to their desktops with OneDrive already syncing stuff from folders like Desktop Pictures, Documents, Music, and Videos. Depending on how much is stored there, you might end up with a desktop and other folders filled to the brim with shortcuts to various stuff right after finishing a clean Windows installation. Taras Buria at NeoWin Just further confirmation that Windows 11 is not ready for the desktop.

It should be no secret to anyone reading OSAlert that I’m not exactly a fan of Windows. While I grew up using MS-DOS, Windows 3.x, and Windows 9x, the move to Windows XP was a sour one for me, and ever since I’ve vastly preferred first BeOS, and then Linux. When, thanks to the tireless efforts of the Wine community and Valve gaming on Linux became a boring, it-just-works affair, I said goodbye to my final gaming-only Windows installation about four or so years ago. However, I also strongly believe that in order to be able to fairly criticise or dislike something, you should at least have experience with it. As such, I decided it was time for what I expected was going to be some serious technology BDSM, and I installed Windows 11 on my workstation and force myself to use it for a few weeks to see if Microsoft’s latest operating system truly was as bad as I make it out to be in my head. Installing Windows 11 Technically speaking, my workstation is not supported by Windows 11. Despite packing two Intel Xeon E5 V4 2640 CPUs for a total of 20 cores and 40 threads, 32 GB of ECC RAM, an AMD Radeon Pro w5700, and the usual stuff like an M.2 SSD, this machine apparently did not meet the minimum specifications for Windows 11 since it has no TPM 2.0 security chip, and the processors were deemed too old. Luckily, these limitations are entirely artificial and meaningless, and using Ventoy, which by default disables these silly restrictions, I was able to install Windows 11 just fine. During installation, you run into the first problem if you’re coming from a different operating system – even after all these years, Windows still does not give a single hootin’ toot about any existing operating systems or bootloaders on your machine. This wasn’t an issue for me since I was going to allow Windows to take over the entire machine, but for those of used to have control over what happens when we install our operating systems, be advised that your other operating systems will most likely be rendered unbootable. The tools you have access to during installation for things like disk partitioning are also incredibly limited, and there’s nothing like the live environments you’re used to from the Linux world – all you get is an installer. In addition, since Windows only really supports FAT and NTFS file systems, your existing ext4, btrfs, UFS, or ZFS partitions used by your Linux or BSD installs will not work at all in Windows. Again – be advised that Windows is a very limited operating system compared to Linux or BSD. Once the actual installation part is done, you’re treated to a lengthy – and I truly mean lengthy – out of box experience. This is where you first get a glimpse of just how much data Microsoft wants to collect from its Windows users, and it stands in stark contrast to what I’m used to as a Linux user. On my Linux distribution of choice, Fedora KDE, there’s really only KDE’s opt-in, voluntary User Feedback option, which only collects basic system information in an entirely anonymous way. Windows, meanwhile, seems to want to collect pretty much everything you do on your machine, and while there’s some prompts to reduce the amount of data it collects, even with everything set to minimum it’s still quite a lot. Once you’re past the out of box experience, you can finally start using your new Windows installation – but actually not really. Unlike a Linux distribution, where all your hardware is detected automatically and will use the latest drivers, on Windows, you will most likely have to do some manual driver hunting, searching the web for PCI and vendor IDs to hopefully locate the correct drivers, which isn’t always easy. To make matters worse, even if Windows Update installs the correct drivers for you, those are often outdated, and you’re better off downloading the latest versions straight from the vendors’ websites. This is especially problematic for motherboard drivers – motherboard vendor websites often list horribly outdated drivers. Updating Windows 11 Once you have all the drivers installed and updated, which often requires several reboots, you might notice that your system seems to be awfully busy, even when you’re not actually doing anything with it. Most likely, this means Windows Update is running in the background, sucking up a lot of system resources. If you’re used to Linux or BSD, where updating is a quick and centralised process, updating things on Windows is a complete and utter mess. Instead of just updating everything all at once, Windows Update will often require several different rounds of updates, marked by reboots. You’ll also discover that Windows Update is not only incredibly slow both when it comes to downloading and installing, but that it’s also incredibly buggy. Updates will randomly fail to install for no apparent reason, and there’s a whole cottage industry of useless ML and SEO content on the internet trying to “help” you fix these issues. On my system, without doing anything, Windows Update managed to break itself in less than 24 hours – it listed 79 (!) driver updates related to the two Xeon processors (I assume it listed certain drivers for every single of the 40 threads), but every single one of them, save for one or two, would fail to install with a useless generic error code. Every time I tried to install them, one or two more would install, with everything else failing, until eventually the update process just hung the entire system. A few days later, the listed updated just disappeared entirely from Windows Update. The updates had no KB numbers, so it was impossible to find any information on them, and to this day, I have no idea what was going on here. Even after battling your way through Windows Update, you’re not done actually updating your system. Unlike,

I have a feeling Microsoft is really starting to feel some pressure about its plans to abandon Windows 10 next year. Data shows that 70% of Windows users are still using Windows 10, and this percentage has proven to be remarkably resilient, making it very likely that hundreds of millions of Windows users will be out of regular, mainstream support and security patches next year. It seems Microsoft is, therefore, turning up the PR campaign, this time by publishing a blog post about myths and misconceptions about Windows 11. The kind of supposed myths and misconceptions Microsoft details are exactly the kind of stuff corporations with large deployments worry about at night. For instance, Microsoft repeatedly bangs the drum on application compatibility, stating that despite the change in number – 10 to 11 – Windows 11 is built on the same base as its predecessor, and as such, touts 99.7% application compatibility. Furthermore, Microsoft adds that if businesses to suffer from an incompatibility, they can use something call App Assure – which I will intentionally mispronounce until the day I die because I’m apparently a child – to fix any issues. Apparently, the visual changes to the user interface in Windows 11 are also a cause of concern for businesses, as Microsoft dedicated an entire entry to this, citing a study that the visual changes do not negatively impact productivity. The blog post then goes on to explain how the changes are actually really great and enhance productivity – you know, the usual PR speak. There’s more in the blog post, and I have a feeling we’ll be seeing more and more of this kind of PR offensive as the cut-off date for Windows 10 support nears. Windows 10 users will probably also see more and more Windows 11 ads when using their computers, too, urging them to upgrade even when they very well cannot because of missing TPMs or unsupported processors. I don’t think any of these things will work to bring that 70% number down much over the next 12 months, and that’s a big problem for Microsoft. I’m not going to make any predictions, but I wouldn’t be surprised if Microsoft will simply be forced by, well, reality to extend the official support for Windows 10 well beyond 2025. Especially with all the recent investigations into Microsoft’s shoddy internal security culture, there’s just no way they can cut 70% of their users off from security updates and patches.

Microsoft recently announced some big changes to the Recall feature in Windows, and now it’s pulled the Release Preview version which contained Recall entirely. It’s likely not a coincidence that Microsoft also quietly pulled the build of the Windows 11 24H2 update that it had been testing in its Release Preview channel for Windows Insiders. It’s not unheard of for Microsoft to stop distributing a beta build of Windows after releasing it, but the Release Preview channel is typically the last stop for a Windows update before a wider release. Andrew Cunningham at Ars Technica The company doesn’t actually mention why the release was pulled, but the reason is pretty obvious if you connect the dots. I’m at least glad Microsoft is taking the complaints seriously, and while I don’t personally think Recall is a good idea, if a user gives their consent and uses it knowingly and willingly, I don’t see any problems with it.

It turns out that the storm of criticism Microsoft’s recently unveiled Recall feature has actually pushed Microsoft to change its mind and make some very significant changes to the feature. Today, after over a week of sustained criticism and worries, Redmond announced it’s going to implement Recall very differently. First and foremost, instead of Recall being enabled by default and only configurable after installation and the out-of-box experience, it will not be disabled by default, and the user will be prompted during the OOBE if they want to enable the feature or not. This in and of itself should alleviate quite a few worries, since having this on by default without most users really realising it was a recipe for disaster and privacy issues. Second, Recall will not be taking advantage of Windows Hello, and using Window Hello will be a requirement before you can use Recall. On op of that, Recall will use Windows Hello presence detection, so that it will only show any collected and saved data if you’re the one sitting behind the computer. It’s wild to me that they didn’t think of this one sooner, but alas – I have a feeling a lot of this “AI” stuff has been implemented in a bit of a hurry. Last but definitely not least, the Recall database, where information extracted from the screenshots is stored as well as the search index will now be properly encrypted. They will only be decrypted once the user in question is authenticated. Here, too, one really has to wonder why it wasn’t implemented this way from the very beginning, and the fact that it wasn’t makes me think we’ll be finding more questionable security and implementation details as the feature becomes widely available in a few weeks.

The short version is this: In its current form, Recall takes screenshots and uses OCR to grab the information on your screen; it then writes the contents of windows plus records of different user interactions in a locally stored SQLite database to track your activity. Data is stored on a per-app basis, presumably to make it easier for Microsoft’s app-exclusion feature to work. Beaumont says “several days” of data amounted to a database around 90KB in size. In our usage, screenshots taken by Recall on a PC with a 2560×1440 screen come in at 500KB or 600KB apiece (Recall saves screenshots at your PC’s native resolution, minus the taskbar area). Recall works locally thanks to Azure AI code that runs on your device, and it works without Internet connectivity and without a Microsoft account. Data is encrypted at rest, sort of, at least insofar as your entire drive is generally encrypted when your PC is either signed into a Microsoft account or has Bitlocker turned on. But in its current form, Beaumont says Recall has “gaps you can drive a plane through” that make it trivially easy to grab and scan through a user’s Recall database if you either (1) have local access to the machine and can log into any account (not just the account of the user whose database you’re trying to see), or (2) are using a PC infected with some kind of info-stealer virus that can quickly transfer the SQLite database to another system. Andrew Cunningham at Ars Technica It really does seem Recall is kind of a mess in the security department, and it has a certain rushed quality about it. All the screenshots are saved in an AppData folder, and data pulled from those screenshots is stored in a local SQLite database that happens to be entirely unencrypted. TotalRecall, a tool developed by Alexander Hagenah, will neatly pull the data from Recall for you without any hassle or issues. This truly is a security nightmare. Aside from all the obvious issues this presents, such as making it even easier for law enforcement to gain access to pretty much everything you do online, something especially troubling for minorities or in countries with less-than-stellar police departments, Recall also presents a whole host of other problems. Imagine being in an abusive relationship, and the abusive partner demanding Recall be left on at all times to exert even more control. Imagine an unscrupulous employee abusing Recall to steal sensitive information from a company for a competitor. Imagine living in some backwards part of a country with controlling religious parents, and you happen to be gay. The problems here are endless. The fact you can turn Recall off doesn’t mean much, since in the above examples, turning it off is not an option since there are controlling people involved who will demand you keep it on. Browser history and other forms of history in your computer exist as well, of course, but they’re not always as easy to parse, they’re easier to manipulate, sanitise, and temporarily hide. Recall just combines all of this and puts a neat little bow on it, ready to be abused by anyone with bad intentions. Recall is ill-conceived, badly implemented, and a solution looking for a problem, that in an of itself creates tons of other problems. I hope Microsoft reconsiders, but in a world where “AI” makes investors go nuts, I doubt we’ll see a sudden sense of clarity coming out of Redmond.

Remember when I said the honeymoon with AMD’s consumer-friendly chipset and socket support policy would eventually end? Well, while this is not exactly that, it will make a lot of people very unhappy. While AMD, as does any other company, was boastful about its product touting the 16% IPC boost on Zen 5 and the big AI performance leap delivering up to 50 TOPS on the NPU side, an interesting drawback of the Ryzen AI 300 series that has managed to avoid getting media attention is the lack of support for Windows 10. While this was just an unconfirmed rumour last month even though it was suggested by a supposed Lenovo China manager, we have now got confirmation from AMD itself that the report, that Strix point and newer CPUs and APUs will not support Windows 10 is true. Sayan Sen at NeoWin Official support for Windows 10 is ending next year, so there is some reason to AMD’s madness, but at the same time, almost 70% of Windows users are currently using Windows 10, and leaving those users behind might not be the best idea AMD ever had. There is an argument to be made that at least a reasonable number of these people are still using Windows 10 not out of their own volition, but because of Microsoft’s strict hardware requirements, and as such, anyone buying a new AMD machine will just opt for the latest version of Windows out of habit, but I still think there’s a sizable contingent of people who actively choose Windows 10 over 11 for a whole host of reasons. On a strongly related note, despite 2025 marking the end of regular support for Windows 10, Microsoft yesterday announced it’s expanding the the number of Insider channels for new Windows 10 features from one to two, adding a Beta tier below the existing Release Preview tier. Microsoft, too, will have to come to terms with the fact that with 70% of Windows users using Windows 10, they might not even be able to drop support for the operating system as early as next year. While this 70% number will surely slowly decrease over the next 12 months, with many people simply being unable to upgrade due to hardware limitations, I have a suspicion we might see an extension on that 2025 date.

Aside from that, the company also announced Windows 11 IoT Enterprise LTSC 2024 this week. The company has also published the minimum system requirements as well as supported processor families. They have been categorized as Preferred and Optional. Interestingly, SSD has been added as a minimum system requirement, which has been a rumour about the client OS since mid-2022. Sayan Sen at NeoWin The LTSC release, which is not really supposed to be used by average consumers, is still remarkably popular. It contains a fixed feature set and gets far fewer updates than regular Windows releases, it omits otherwise stock applications like Edge, and gives its users far more control over which updates are and are not installed. LTSC also enjoys 10 years of support from Microsoft. Interestingly enough, the minimum specifications for the IoT version of LTSC do not require a TPM 2.0, unlike the regular version of Windows, which infamously does require one. I would assume that the “preferred” minimum requirements, which does require TPM 2.0, line up very well with the minimum requirements for the regular LTSC version of Windows 11. Both will become available later this year, alongside the regular release of Windows 11 24H2.

About a month ago we talked about the rumours, but now the feature’s officially announced: Microsoft is going to keep track of everything you do on your Windows machine by taking a constant stream of screenshots, and then making said screenshots searchable by using things like text and image recognition. As you might expect, this is a privacy nightmare, and the details and fine print accompanying this new feature do not exactly instill confidence. First, the feature is a lot dumber than you might expect, as it doesn’t perform any “content moderation”, as Microsoft calls it. Note that Recall does not perform content moderation. It will not hide information such as passwords or financial account numbers. That data may be in snapshots that are stored on your device, especially when sites do not follow standard internet protocols like cloaking password entry. Privacy and control over your Recall experience Well, Microsoft says Recall doesn’t do any content moderation, but that’s actually a flat-out lie. Recall will not show any content with DRM that happens to be on your screen, and private browsing sessions in Chromium-based browsers won’t be shown either. You can also exclude specific applications and websites – filtering websites, however, is only available in Edge. In other words, managing this privacy nightmare is entirely left up to the user… Except for DRM content, of course. The mouse must be pleased, after all. It also seems Microsoft is enabling this feature by default for at least some business users, as machines managed with Microsoft Intune will have Recall enabled by default, and administrators will need to use Group Policy to disable it. There is no way in hell any company serious about data security will want Recall enabled, so I guess this can be added to the pile of headaches administrators already have to deal with. My biggest worry is the usual slippery slope this feature represents. How long before governments will legally require a feature like this on all our computers? The more Microsoft and other companies brag about how easy and low-power stuff like this is, the more governments – already on the warpath when it comes to things like encrypted messaging – will want their hands on this. This is such a bad idea.

Microsoft’s developer conference Build is taking place this week, so there’s been some major Windows news and announcements, and for once – we’re not talking about more ads in your operating system, or even “AI” shoehorned into, I don’t know, Phone Dialer or Windows Fax and Scan. First and foremost, Windows is going to get a new compiler, kernel, and scheduler, but despite such massive low-level changes, the marketing version number won’t jump from 11 to 12. Of course, we all know the marketing version number has nothing to do with the actual Windows NT version number, which currently sits at 10. The Windows NT version number, meanwhile, is actually also meaningless, since it magically jumps around left and right too, going from 6.2 to 10 between Windows 8.1 and Windows 10, where it has stayed ever since. “We really focused on modernizing this update of Windows 11,” said Microsoft Corporate Vice President of Windows and Devices Pavan Davuluri at a technical briefing on Microsoft’s campus in mid-April. “We engineered this update of Windows 11 with a real focus on AI inference and taking advantage of the Arm64 instruction set at every layer of the operating system stack. For us, what this meant really was building a new compiler in Windows. We built a new kernel in Windows on top of that compiler. We now have new schedulers in the operating system that take advantage of these new SoC architecture.” Andrew Cunningham at Ars Technica The focus is clearly on ARM here, which coincides with the launch of Qualcomm’s Snapdragon X Elite, a new SoC that finally seems to truly make ARM laptops that aren’t from Apple a real, competitive thing – so much so that Qualcomm is even breaking with tradition and taking Linux support very seriously for this new chip. Microsoft also unveiled the name for its new x86 translation layer for Windows on ARM: Prism. Microsoft told Ars Technica that Prism is as fast as Apple’s Rosetta 2, which is interesting because Apple’s M series chips contain special silicon to speed up the translation process, making me wonder if Qualcomm has done the same, or is just brute-forcing it. Performance like this means the apps customers love work great. Microsoft has partnered closely with developers across the globe to optimize their applications for this processor. In addition, the powerful new Prism emulation engine delivers a 2x performance boost compared to Surface Pro 9 with 5G. On the new Surface Pro and Surface Laptop, powered by Snapdragon X Elite and Snapdragon X Plus processors, experiences like Adobe Creative Cloud, Microsoft 365 and Chrome will feel snappy, quick and responsive. Pete Kyriacou on the Windows blog The new Windows on ARM machines using the Snapdragon X Elite will be marketed under the new Copilot+ brand name, which brings with it some requirements, the biggest of which is the neural processing unit: it must be capable of at least 40 trillion operations per second. At the time of writing, the only Windows-capable processor that can boast such numbers is, of course, the new Snapdragon X Elite. AMD and Intel need not apply. They simply cannot match this. Microsoft tied a bow on all this stuff by unveiling the new Surface Pro and new Surface Laptop, both powered by the new Snapdragon SoCs. You can preorder them today, but they won’t be available until 18 June.

Windows Server 2025 comes equipped with dtrace as a native tool. DTrace is a command-line utility that enables users to monitor and troubleshoot their system’s performance in real-time. DTrace allows users to dynamically instrument both the kernel and user-space code without any need to modify the code itself. This versatile tool supports a range of data collection and analysis techniques, such as aggregations, histograms, and tracing of user-level events. To learn more, see DTrace for command line help and DTrace on Windows for additional capabilities. What’s new in Windows Server 2025 DTrace was originally developed by Sun as part of Solaris, but eventually made its way to other operating systems as Sun collapsed in on itself and Oracle gave it the final push. DTrace is available for the various surviving Solars-based operating systems, Linux, FreeBSD, NetBSD, macOS, and QNX, and Microsoft ported DTrace from FreeBSD to Windows back in 2018. With Windows Server 2025, DTrace will be shipped out of the box.