Leaderboard

A former Microsoft engineer recently took it to X to share some tips and tricks about activating Windows 11 without paying the company a single penny (yes, pirating). While it was definitely a bit awkward to see a Windows engineer pedaling piracy to a couple of hundreds of subscribers, even more odd is that Microsoft's own Copilot is not shy about telling you how to pirate Windows. Users on Reddit noticed that learning about pirating Windows using Copilot is surprisingly easy. In the early days of the chatbot saga, some tried to use ChatGPT to generate Windows activation keys, but those efforts were rather unsuccessful (not the case with Windows 95). Now, however, Copilot gives clear, simple, and straightforward answers about pirating Windows with third-party scripts. All it takes is asking nicely. When I asked Copilot about it, the assistant gave me direct links to a GitHub repository that can activate Windows 11 with just two clicks. I even asked it to explain it in more detail, to which I received a pretty detailed guide. Of course, Copilot's response is nothing extraordinary by itself. They are not some previously unknown knowledge about pirating Windows. These scripts have been around for quite a while—all Copilot does is relay that information to you. What is interesting is that Microsoft does not seem to care about this and won't bother censoring Copilot in question like this. Such behavior further backs the theory that Microsoft does not give a single bit, whether you buy Windows 11 or pirate it. The goal is to convert as many people as possible to Windows and then earn money by selling other products or ads (Windows 11 is chockful of them nowadays, even though the OS costs $199). Whether to buy or pirate Windows 11 is up to you, but should you raise a black flag, always keep in mind the potential risks of running third-party scripts and activators. These are a common way to scam users and infect their PCs with malware, so beware. You can also ask Copilot about that and even have a real-life conversation with it since Copilot Voice and Think Deeper are now available for free and without limits to all. Source Hope you enjoyed this news post. Thank you for appreciating my time and effort posting news every day for many years. News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of January): 487 RIP Matrix | Farewell my friend

Earlier this week, Microsoft reminded IT admins and sysadmins of the new policy for managed office and enterprise PCs that now allows them to have a feature update like Windows 11 24H2 as "optional". This was after the company released complete details about the 2024 update as well as the LTSC version. Meanwhile, on the home users side of things, users with unsupported hardware are also trying to have a taste of the latest version of Windows and one of the popular tools that is useful in such a case is Rufus. However, several users have been reporting that an in-place upgrade to Windows 11 24H2 is not working as the system requirements bypass fails. Pete Batard, the author of Rufus acknowledged the problem and provided a batch script that works around the issue. Batard also added that a future version of Rufus will have this script baked in. He wrote: Aside from this, the Rufus developer was clearly annoyed about users on really old systems complaining that their PC was unable to bypass the requirements even after this script. He wrote: For those who may not have followed, Windows 11 24H2 only works on processors that come with PopCnt and SSE4.2 and thus no bypass method, app or software can help those on such ancient pieces of hardware. They can continue using Windows 11 23H2 though. Source RIP Matrix | Farewell my friend Hope you enjoyed this news post. Thank you for appreciating my time and effort posting news every day for many years. 2023: Over 5,800 news posts | 2024 (till end of September): 4,292 news posts

Bypass Paywalls Clean is a popular extension for Firefox, Chrome, which as the name suggests, circumvents paid subscriptions on popular websites, allowing users to read the content for free. The add-on is no longer available on Mozilla's add-on store (AMO). Mozilla removes Bypass Paywalls Clean extension from its add-ons repository It is unclear why the add-on has been removed, the developer claims that Mozilla took it off the repository without any notification. They also speculated that it maybe because the extension had too many users. You may refer to their Twitter, Gitlab page to read the above statement. I already explained the add-on's functionality in the first line of this article. Now, it is possible that one of the sites hit the Bypass Paywalls Clean add-on with a DMCA notice, which in turn could have resulted in Mozilla delisting the extension from its store. I'm not entirely sure about this, because if that was the case, wouldn't Mozilla have notified the developer? Or maybe it breached some clause in the terms and conditions of the repository. We can't tell that for sure, all that we know is that you can no longer download the plugin from the add-ons store. The developer says that they have updated the add-on to version 3.5.0. You may not see the update even if you already have the extension, because it has been delisted. You can, however, opt-to install the unsigned version by sideloading the XPI from the project's GitLab releases page. If you choose to go with that version, you should export your custom filters before switching. Not many people may like using unsigned add-ons for security reasons. The good news it that the author of the add-on also maintains a filter list that you can use with ad blockers, so you will get the same functionality without the extension, at least as far as the popular sites are concerned. Here's how to use it. How to bypass paywalled articles using uBlock Origin 1. Click on the uBlock Origin icon in your browser. 2. Switch to the Filter lists tab. 3. Scroll down to the bottom of the page, and click the checkbox next to "Import". 4. This will allow you to use custom filter lists. Paste the following URL in the text box. https://gitlab.com/magnolia1234/bypass-paywalls-clean-filters/-/raw/main/bpc-paywall-filter.txt 5. Click on the Apply changes button at the top of the page. You should see a new filter labelled "Bypass Paywalls Clean filter". That's it, the filter is ready to use. Try it by going to a website that has a paywall, and you should be able to access the articles for free. This method works with Firefox, Waterfox, Chrome, Vivaldi, Edge, and Brave, basically any browser that supports uBlock Origin, Adblock Plus, etc., that supports custom filter lists. Note: The website for the filter list mentions that it can be used with other ad blocker apps for mobile like AdGuard for iOS, Samsung Internet browser, etc. I haven't tried these so YMMV, I use the filter on Firefox for Android. If you don't want to use the ad blocker filter, you can choose to subscribe to the Bypass Paywalls Clean user script via the Violentmonkey (for Firefox or Chrome), or similar extensions. The user script is available in 9 languages, and can be found on GitLab. I use the add-on frequently to research stuff, learn new things. This is how the internet should be, free for everyone, without censorship and restrictions. Note: There is an add-on called Bypass Paywalls, which is actually the original one. However, it uses Google analytics (in the Chrome version), you can verify that by checking its source code (Background.js mentions it). Bypass Paywalls Clean is a fork of it without the telemetry, hence the name "Clean". Mozilla removes Bypass Paywalls Clean extension from its add-ons repository; here are some alternative ways to use it

How to bypass the Windows 11 TPM 2.0 requirement Microsoft now requires a computer to have a TPM 2.0 module to install Windows 11. However, new Registry entries have been discovered that allow you to bypass the TPM requirement and minimum memory and secure boot requirements. With Windows 11, Microsoft added new minimum system requirements that all devices need to have a TPM 2.0 security processor to power some of the operating system's security features. "The following Windows features require TPM 2.0: Measured Boot, Device Encryption, WD System Guard, Device Health Attestation, Windows Hello/Hello for Business, TPM Platform Crypto Provider Key Storage, SecureBIO, DRTM, vTPM in Hyper-V," Microsoft told BleepingComputer. For most people running CPUs created in the past 5-6 years, a firmware-based TPM (fTPM) is built into the CPU and can be enabled in the BIOS. To enable the fTPM, simply boot your computer into the BIOS and enable the Intel Platform Trust Technology (Intel PTT) or the AMD Platform Security Processor, depending on your CPU. For those who do not have this feature, you may be able to install a discrete TPM 2.0 processor on the motherboard. However, if your processor is old enough that it does not have one built-in fTPM, your motherboard's module will likely be TPM 1.2, which is not compatible with Windows 11. This requirement is frustrating for users running Windows 10 on older equipment, as now they are being forced to purchase new hardware to install Windows 11. Furthermore, as Microsoft has stated in documentation that OEMs can get permission to disable the TPM requirement in Windows 11 for their devices, the question becomes: Do you really need a TPM 2.0 processor to use Windows 11? How to bypass the TPM requirement in Windows 11 If you are attempting to install Windows 11 and receive a message stating, "This PC can't run Windows 11," it is likely that you do not have a TPM 2.0 installed or enabled. The good news is that Microsoft includes a new 'LabConfig' registry key that allows you to configure settings to bypass the TPM 2.0, the 4GB memory, and Secure Boot requirements. Based on the name of this registry key, it is likely used by Microsoft or OEMs to set up a "lab" environment to test the Windows 11 on older equipment or when testing new features. To bypass the TPM 2.0 requirements when installing Windows 11, please follow these steps: Install Windows 11 via an ISO or the Windows 11 Insider Program. While installing Windows 11, if your computer does not meet the hardware requirements, you will see a message stating, "This PC can't run Windows 11." Windows 11 setup blocked due to missing hardware requirements When you see the above message, press Shift+F10 on your keyboard at the same time to launch a command prompt. At this command prompt, type regedit and press enter to launch the Windows Registry Editor. Opening command prompt in Windows Setup When the Registry Editor opens, navigate to HKEY_LOCAL_MACHINE\SYSTEM\Setup, right-click on the Setup key and select New > Key. When prompted to name the key, enter LabConfig and press enter. Now right-click on the LabConfig key and select New > DWORD (32-bit) value and create a value named BypassTPMCheck, and set its data to 1. Now create the BypassRAMCheck and BypassSecureBootCheck values and set their data to 1 as well, so it looks like the following image. Configuring the Registry to bypass hardware requirements Once you configure those three values under the LabConfig key, close the Registry Editor, and then type exit in the Command Prompt followed by enter to close the window. You will now be back at the message stating that the PC can't run Windows 11. Click on the back button in the Windows Setup dialog, as shown below. Press the back button in Windows setup You will now be back at the screen prompting you to select the version of Windows 11 you wish to install. You can now continue with the setup, and the hardware requirements will be bypassed, allowing you to install Windows 11. Hardware requirements are now bypassed It is important to note that disabling these features could affect the performance or stability of Windows 11, so be sure to only use them on a virtual machine or test box that are you are ok with working in an unsupported environment. Furthermore, by disabling the TPM 2.0 requirement, you are effectively reducing the security in Windows 11. Finally, running Windows 11 on anything less than 4GB will not be an optimal experience and is not recommended. H/T Albacore How to bypass the Windows 11 TPM 2.0 requirement

Google is switching the ruleset for extensions in Chrome soon. The updated version is controversial, as it will end several popular extensions for Chrome, including the world's most popular ad-blocker uBlock Origin. Note: these changes will also impact other Chromium-based browsers, including Microsoft Edge, Opera, or Vivaldi. Brave is special, as the developers announced that they will continue to support uBlock Origin and several other extensions (but not all). The ad-blocker will stop working in Chrome and most Chromium-based browsers once Google launches the change. Any other extension that has not been updated, or cannot be updated because of the changes, will also be disabled by Google. There is a way to keep on using the classic extensions for longer. While Google turns off support for home users immediately, it is giving Enterprise customers an option to extend support by one year. Good news is that you can also utilize this to extend support. How to extend uBlock Origin support in Chrome by one year The policy in question is called ExtensionManifestV2Availability. It defines support for classic extensions in Chrome. The policy has the following values: 0 - Default behavior, determined by Google Chrome and Google. 1 - Manifest V2 is deactivated. This means that uBlock Origin won't work anymore. 2 - Manifest V2 is enabled. This extends support by a year. 3 - Manifest V2 is enabled for forced extensions only. This limits the extensions to addons specified by an administrator. Windows users can set it in the following way: Activate the Start button. Type regedit.exe. Load the Registry Editor. Go to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome. Note: some of the keys may not exist. In this case, right-click on the previous key, e.g. SOFTWARE and select New > Key. Name it accordingly to create the path. Right-click on Chrome and select New > Dword (32-bit) Value. Name it ExtensionManifestV2Availability. Double-click on the new Dword and set its value to 2. Restart the PC. This enables the Enterprise policy on the system. Chrome will not disable the old system for extensions this year, because of it. Tip: you can load Chrome://policy to verify that the extension is set correctly. Linux and Mac users may want to check this Chrome support document for instructions on setting policies on their devices. Which extensions are affected? It takes a few seconds to find out. Google has started to display incompatible extensions on Chrome's extensions page. You load chrome://extensions/ and check "These extensions may soon no longer be supported" at the top. Tip: if you do not see this yet, load chrome://flags/#extension-manifest-v2-deprecation-warning and set the value to Enabled. Restart Chrome, and you will see the warning at the top of the page. What happens to extensions once the change lands in Chrome? Google Chrome will disable extensions like uBlock Origin once the change lands. The extensions are not uninstalled, at least not immediately. The screenshot above shows the disabled uBlock Origin extension. The toggle to enable it is inactive, which means that you cannot enable it anymore in the browser. The only options provided are to view the details and to remove it. Most users of uBlock Origin may notice quickly that the extension is disabled. Websites and services will start to show advertisement again. Source Hope you enjoyed this news post. Thank you for appreciating my time and effort posting news every single day for many years. 2023: Over 5,800 news posts | 2024 (till end of July): 3,313 news posts

Information about the closure of the project. Hey Folks, We’ve decided that we’re shutting down the project at the end of the month. Please make backups of your important files, you have about two weeks to do so. Until then, the site will run without any changes. There are several reasons for the closure: – Since 2006 we have been on the market in an unchanged form, that is, as ad financed/free file hosting. However, you have been visiting in less and less over the years, as the arguably very simple formula of the services we offer is slowly running out of steam. I guess all the competing file storage service companies on the market look better, offer better performance and more features. No one needs a dinosaur like us anymore. – All sorts of ad-blockers, whether built into the browser, as add-ons, or in the form of DNS services. Sure, we all use them, but they take away any control the site owner has over the site. Eventually we get to the point where a vicious cycle begins, in order to pay for the server infrastructure you are forced to place more and more ads, then users fire up more and more ad blockers and we get to a point like today. – Rising electricity prices. Over the past year, electricity prices have gone up 2.5 times, which, with a large number of servers, gives a significant increase in costs that we have no way to balance. There are still a bunch of smaller reasons, but we could write a book on this, and probably no one would want to read it. To sum it up, we can no longer afford to maintain the site. You can send us any comments to (we’ll read them all, we’ll probably respond to just a few): support@zippyshare.com Thanks for being with us over the years. See you in the depths of the Internet. o7 Source: https://blog.zippyshare.com/?p=1211

This week, Microsoft made it very clear that it wants to block the popular BYPASSNRO workaround, used to skip the internet and Microsoft Account requirement checks during the Windows 11 installation OOBE (initial setup), although thankfully, the script can still be created using Registry edits. Microsoft has its reasons why it wants people to use a Microsoft Account instead of local accounts. The company explained in detail all about it back in 2024. Naturally, when things like this happen, enthusiasts go digging for ways to work around such issues. Interestingly, as it turns out, another bypass method had already existed for a while now and it is finally becoming popular. This new method was discovered by a user ThePineapple and they have also published a detailed step-by-step guide on how to implement it. They explain: The bypass uses a CXH (cloud experience host) URI (Uniform Resource Identifier) string during the OOBE to invoke the hidden local account setup screen. The detailed guide is given below: After typing WinJS.A, press Tab to auto-complete Application. After typing res, press Tab to auto-complete restart. 5. Exit the Developer Console After entering the command, press Enter to execute it. Press Escape to exit the Developer Console and return to the OOBE interface. Note: If the Escape key doesn't close the Console, click anywhere on the screen to ensure the console is focused and then press the key again. 6. Local Account Setup The Secondary Keyboard Layout screen will refresh, and a Windows 10-style local account setup screen will appear. Enter your desired username, password, and security questions and click Next. 7. Complete the Setup The Setup will go black and will then log you in to your newly created account. Allow Windows 11 a few moments to configure the user. Continue with the remaining privacy setting prompts. Once finished, you will have successfully created a local account in Windows 11. A video guide has also been shared although you may want to turn down the volume first: You can view the project here on its GitHub repo. Thanks to d5aqoëp for the tip!!!! Source Hope you enjoyed this news post. Thank you for appreciating my time and effort posting news every day for many years. News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of February): 874 RIP Matrix | Farewell my friend

Microsoft this week lifted another upgrade block for Windows 11 24H2. Thus if you are looking to do an in-place upgrade from 23H2, you can check out our review to get an idea of what you could expect. We shared those results for Windows 11 24H2 performance last month. While many tests showed margin of error differences, there were two interesting takeaways from that in terms of gaming. First the positive, there was a definite improvement in frame generation performance on Black Myth Wukong. We observed it on all three of our 24H2 runs and the gains were quite substantial too with over 17% improvement in averages and more than 15% in the lows. On the flip side, single-threaded performance on 24H2 was, for some reason, lower and it was highlighted in more than one instance, be it a synthetic test or an actual game. Besides gaming, application start-up performance also took a sizable hit on the newer feature update in PCMark 10. With those in mind, we set out to see if doing a clean installation would reduce these differences, and also whether we would come across other new performance quirks. Thus we proceeded to clean install Windows 11 November 2024 Patch Tuesday (KB5046617) on top of October 2024. Just like last time, our test is not straight-up apples-to-apples comparisons. We are trying to replicate the usage and experience of a general user and as such, all settings would be kept at default. This is how we are evaluating the performance differentials of a clean install for Windows 11 24H2 vs an in-place upgrade. Hence, some of the settings like Core Isolation or Virtualization-based Security (VBS) have been kept enabled. In case you are wondering about the hardware we tested this on, Steven and I worked on this together (remotely), on his test bench comprising Intel's Core i7-14700K CPU and AMD's 7800 XT GPU (provided by AMD for review). The latest GPU drivers were used at the time (Adrenalin version 24.10.1). Again we start with synthetic benchmarks first. In 3DMark's CPU/physics test, we see an immediate improvement with the clean installation. Our 14700K does better in both DirectX 11-based Fire Strike physics as well as DirectX 12-based Time Spy. This time, 24H2 draws nearly equal to 23H2 on Fire Strike Ultra and manages to beat it on Time Spy Extreme. So an 8.2% gain in the more single-threaded Fire Strike Ultra and a 5.87% improvement in the more modern Time Spy Extreme. The same trend continued on 3DMark CPU Profile which measures the scaling performance of a processor across threads on Time Spy. On our clean-installed 24H2 PC, we saw better scaling once the processor thread count exceeded eight. At up to 4 threads, the two systems were identical. The biggest difference was seen at 16 threads where the clean installed 14700K was ~6.78% faster. With all threads maxed, the difference was significant too at ~6.6%. Following that, we have our 3DMark GPU tests. The 7800 XT for some reason did worse on our clean-installed 24H2 system but it is something that may be considered within the margin of error (max. difference is ~2.23%). So we aren't going to sweat it out and are attributing it to run-to-run variance. Hence, in the synthetic tests, the clean PC definitely fared significantly better. Neither 3DMark nor Windows received any specific optimizations in this period and thus the performance differential is likely to be down to the clean install. With that, it's time to move on to some real-world games. On Black Myth: Wukong, we again saw a huge uplift with frame generation (FG) enabled on 24H2. In fact, our results on the clean-installed system were identical to what we saw on the in-place upgrade. Only the 95%ile score was better by 1 FPS in the case of FG off, the average was the same indicating that a clean PC or an upgraded PC hardly matters in this case. We had another eventful result on Marvel's Guardians of the Galaxy as the 24H2 clean installed PC underperformed our 23H2 by a large degree. Interestingly, Intel's APO (Application Optimization) actually helped this time as it smoothed out whatever issue it may have been that was bothering the 14700K as we once again saw performance parity between 24H2 and 23H2. Shadow of the Tomb Raider's performance differences were within the margin of error mostly. Another noteworthy point here is that APO did not crash on 24H2 this time. We were able to evaluate its effect, and it most certainly helped on both 23H2 and 24H2. The Callisto Protocol was a boring test run, there is not much going on here. I was eager to see what would happen in Far Cry 6 since it presented an interesting case last time. Unfortunately, for some reason, our clean-installed system did not default to the same graphics settings that it had chosen during the in-place upgrade. Thus, we could not directly compare the results. Regardless, it was still interesting to note this difference between the two cases. We noticed a similar thing in a couple of other games too, Assassins' Creed Odyssey and Final Fantasy XV. We are unsure why our 24H2 clean setup felt our RX 7800 XT was not capable of handling 1080p ultra settings such that it defaulted to a lower preset in these three titles. Regardless, we could confirm that our 14700K was not bottlenecked even at these more CPU-demanding settings since we saw an increase in the FPS output in all the three games. With the gaming portion wrapped up, we move to productivity. Cinebench 2024 shows the exact same performance on 24H2 (clean) and 23H2 in the CPU rendering test, and a 10-point increase over in-place upgraded 24H2. The GPU test also shows an improvement on the clean installed PC but again nothing too exciting. It was a bit disappointing to see that the clean installed 24H2 PC was slower than the in-place upgrade system on 7-Zip's compression test. While it was still slightly faster than 23H2, compared to the in-place upgrade, the clean 24H2 setup was ~3.5% slower. PCMark 10 again revealed interesting results. If you recall, last time, on an in-place upgrade, we noted that the app startup performance was lower in the case of 24H2. Well, that trend continued and in fact, it got worse. PCMark 10 on Windows 11 23H2 Windows 11 23H2 scored 24,096 in the application start metric. In contrast, 24H2 upgrade and 24H2 clean scored 21,376 and 20,813 respectively. Thus they were ~11.3% and ~13.625% slower respectively. PCMark 10 on clean installed Windows 11 24H2 24H2 clean installed device was also much worse in photo editing, spreadsheet processing and writing tests. Overall, the 24H2 clean PC scored 9,999 points vs 10,734 points on 23H2 and 10,460 on 24H2 in-place upgrade. Lastly, we have the memory allocation test on 24H2 vs 23H2. This shows how much system RAM each OS requests for caching page files, prefetch data, game/app data, among other things. Speaking of RAM, we were using TeamGroup's 32 GB DDR5-7600 kit that we reviewed last year. Memory allocation is the amount of system RAM that an app requests and is not equal to the actual memory used up by that software. Regardless, it gives us an idea about the capacity of memory needed. This is a major win for our clean installed 24H2 system. Not only does it do quite well against 23H2, it also massively reduces the amount of allocated RAM compared to what we had previously on our upgraded 24H2 PC. The improvement was seen in every single workload. Perhaps there is a memory leak problem on an in-place upgrade that our clean-installed PC resolved. We can't say for sure, but our results consistently suggested this. Conclusion The idea of this clean installation review was to see if the performance nuances we saw on the in-place upgrade would be eliminated on a clean 24H2 PC and whether the latter would be the better way to upgrade from 23H2. While the initial impressions were great as we saw significant improvements in the synthetic 3DMark benchmarks, they did not quite materialize in actual games. Neither did we see any notable improvements in non-gaming tasks. And in the case of PCMark, we saw a significant regression in performance. Thus if you feel like trying a clean installation of Windows 11 24H2 in hopes of improving the performance, you will likely be disappointed; unless you are getting memory hogged like we experienced on our upgraded 24H2 setup. In that case, a move to clean installed 24H2 could help. Our stance on upgrading from Windows 11 23H2 to 24H2 remains the same, it depends, but in most cases, you are not going to miss out on much if you stick to 23H2. Source Hope you enjoyed this news post. Thank you for appreciating my time and effort posting news every day for many years. News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of January): 487 RIP Matrix | Farewell my friend

Some video sources of the event... Microsoft Windows 11 Livestream Event (Microsoft) The 2021 Microsoft Windows Event (YouTube 44m 51s)

Earlier this week, Brave made a big promise that it would continue supporting uBlock Origin in a response to a social media post about Chrome "permanently disabling" the extension as Google deems it as unsupported. That is not the case for Adguard though as it already has the Manifest V3 (MV3) extension in place since August of 2022. With the latest Adguard for Windows update that was released today, version 7.19, the software gets the ability to modify any webpage and add a dark theme to it using Userstyles. AdGuard has explained how it will work: Aside from that, the update also brings multiple improvements and fixes including one related to a blue screen of death (BSOD) due to the Windows NETIO SYS system driver which is a network driver and is required by AdGuard to filter network traffic. The ad blocker says that updated drivers for both Windows Filtering Platform (WFP) and Transport Driver Interface (TDI) have been integrated. The full list of changes fixes and improvements is given below: You can download the app from its official website here. Also, note that this version of AdGuard is the last one to support Windows 7 and 8.1 and thus if you don't want to upgrade to a newer Windows, like 11, which requires a new PC, according to the official recommendation of Microsoft, you should stick to this release. Source Hope you enjoyed this news post. Thank you for appreciating my time and effort posting news every day for many years. 2023: Over 5,800 news posts | 2024 (till end of September): 4,292 news posts RIP Matrix | Farewell my friend

VMware, which Broadcom purchased for $61 billion, announced some big changes to its virtualization software suite. Starting today, VMware Workstation Pro for Windows and Linux and VMware Fusion for Mac no longer require a license for personal use. If you want to set up a bunch of virtual machines on your computer to experiment with Windows 11, Linux, or something else, VMware Workstation Pro and Fusion are now available for free. All you need to do is to register and download the app for your platform. Commercial use, however, still requires purchasing a license. Besides making Workstation Pro and Fusion free for personal use, VMware discontinued Workstation Player and Fusion Player. They are no longer available for purchase, and existing customers can upgrade to the more feature-packed Pro version without any cost. However, VMware Player will remain bundled with Workstation Pro. Existing customers with commercial licenses for Fusion Player 13 and Workstation Player 17 can continue using the products without any changes. VMware recommends updating to Workstation Pro once those apps reach their end of life. VMware says the new model helped reduce its product offerings down to just one SKU for those in need of a commercial license, eliminating over 40 different editions and making purchasing VMware's virtualization software much easier. To help users better understand changes, VMware published a small guide: Current Product Going Forward Workstation Player (personal) Download and install the Workstation Pro personal use product. Workstation Player will continue to be bundled with Workstation Pro just as it is today. Fusion Player (personal) Update to Fusion 13.5.2 and delete your license key file. This will remove the ‘Player’ functionality limitation and unlock the “Pro for Personal Use” functionality without needing any additional keys. Here is a KB describing what to do: http://kb.vmware.com/s/article/97817 Fusion Player 13 and Workstation Player 17 (commercial license) Player Products will continue to function, no new license keys are required. Products will continue to be supported for existing customers in alignment with their existing End of Life and End of General Support dates (for more information visit here) Recommended upgrade to Pro products going forward for continued support and product enhancements. You can learn more in a post on the official VMware blog. Source

In an unexpected twist, a Microsoft support engineer resorted to running an unofficial 'crack' on a customer's Windows PC after a genuine copy of the operating system failed to activate normally. It seems, this isn't the first time either that support professionals have employed such workarounds when under pressure to timely close out support tickets. A 'crack' is worth a thousand support tickets A South-Africa based freelance technologist who paid $200 for a genuine copy of Windows 10 was startled to see a Microsoft support engineer "crack" his copy using unofficial tools that bypass the Windows activation process. Programmer and content creator Wesley Pyburn whose online channels include TCNO (TroubleChute & TechNobo), explains his struggle after purchasing a copy of Windows 10 through legitimate channels: "I can't believe it. My official Microsoft Store Windows 10 Pro key wouldn't activate. Support couldn't help me yesterday," tweeted the technologist. "Today it was elevated. Official Microsoft support (not a scam) logged in with Quick Assist and ran a command to activate windows... BRO IT'S A CRACK. NO CAP." Microsoft's support chat session with Pyburn involved engineer running a crack (Twitter) "It's literally easier to crack windows than to pay for it," exclaimed Pyburn. Microsoft Product Activation, as commonly seen in Windows and Office products, is Microsoft's DRM technology to ensure users are running company's genuine products as opposed to pirated versions, and are compliant with the license terms. Windows XP-era users may also be familiar with Windows Genuine Advantage (WGA), a validation process that Microsoft earlier enforced to automatically 'deactivate' pirated OS copies. "Activation helps verify that your copy of Windows is genuine and hasn't been used on more devices than the Microsoft Software License Terms allow," according to Microsoft. Microsoft's official Windows activation methods involve either the customer entering a 25-character product key when prompted, or signing in with their Microsoft account to apply a digital license. In some cases, customers may also call the customer care to "activate by phone." Typical Microsoft Windows 10 activation dialog prompting for a key (Microsoft Community) By contrast, software "cracks" and stolen product keys are commonly used by users looking to pirate software—something which is forbidden both by a company's licensing terms and by law in most jurisdictions. The Microsoft support engineer in this case, ran the following PowerShell command on the customer's Windows PC (URL slightly modified to prevent execution): irm hxxps://massgrave[.]dev/get | iex The command establishes a connection to massgrave.dev, an unofficial repository of Windows and Office "activator" scripts that may slip under the radar of most antivirus products. Further, the Invoke-Expression aka iex command runs the downloaded script, as seen by BleepingComputer: Windows 10 activation script from Massgrave.dev "Working in IT I can 100% believe this lmao, commented one user. "They're probably as dumbfounded by the issue as you and/or don't have a better solution and it solves the problem/resolves the ticket so they're happy." Cracks, warez, pirated software pose risks Using "warez," cracks, and other unofficial means to bypass software copy protection are often frowned upon. Other than falling in a legal gray area and being akin to pirating software, these methods pose a security risk. For example, third-party scripts claiming to be software 'cracks' may instead be malware. To clarify if what Microsoft support agent had run was indeed a crack, Pyburn reached out to Massgrave's staff via Discord. Not only did the website staff reply affirmatively to the technologist's question, they further claimed, it wasn't the first time they'd heard of a Microsoft engineer doing this. "This is the second time someone reported here that it's being used by Microsoft support agents. It's not official and not legal," writes WindowsAddict, a Massgrave staff member. Massgrave Discord staff suggests Microsoft support often uses these tools Naturally, such workarounds when employed by a software company's support staff would leave just about anyone startled. "I can not believe Microsoft's answer to a broken activation system is to crack windows via official support channels," says Pyburn. "...AND IT WAS OFFICIAL SUPPORT. The entire reason I paid was to avoid rootkits and other malware COMPLETELY. Then they crack it for me." BleepingComputer approached Microsoft for comment in advance of publishing. We have not heard back yet. Microsoft support 'cracks' Windows for customer after activation fails

It has been a week since Windows 11 was released to the stable channel. The reception to the new iteration has been lukewarm for the most part, with most complaints targeting the Centered taskbar, Start Menu, and of course the hardware requirements that many believe have been unfairly imposed by Microsoft. Use the PC Health Check app to find out if your system can run Windows 11. If you have an old computer that isn't supported by the new OS, take a look at our instructions where we show you how to install Windows 11 without TPM 2.0. There are several ways to do that, and now we have another option to bypass the restrictions, thanks to Rufus. The popular bootable media creation tool was updated over the weekend, to a beta version. Rufus Beta 2 lets you disable TMP, Secure Boot and RAM requirements for Windows 11. This is the change-log of the update from GitHub. Fix ISO mode support for Red Hat 8.2+ and derivatives Fix BIOS boot support for Arch derivatives Fix removal of some boot entries for Ubuntu derivatives Fix log not being saved on exit Add Windows 11 "Extended" installation support (Disables TPM/Secure Boot/RAM requirements) Add UEFI Shell ISO downloads (retroactively applied through FIDO) Add support for Intel NUC card readers Improve Windows 11 support Improve Windows version reporting Speed up clearing of MBR/GPT Here's how to use the program. Before proceeding, make sure you have a USB flash drive that has a storage capacity of 8GB or more, for creating the bootable media. Please take a backup of any data, pictures or videos, that is on the flash drive before you go ahead, as formatting the thumb drive will erase all contents on it. How to disable TPM, Secure Boot and RAM requirements for Windows 11 1. Go to the official website and download the latest beta release. At the time of writing this article, the current build is Rufus Beta 2 (rufus-3.16_BETA2.exe) 2. It's a portable program, run the EXE, and its interface should pop-up. 3. Select the USB drive that you want to use. Pay attention to the Drive Letter, Volume Label if you have more than one storage device plugged into your computer, and choose the correct one. 4. The next step is to make the boot selection, choose the third option "Disk or ISO Image". 5. Click the Select button, and navigate to the location of the folder that contains the Windows 11 ISO. Note: If you don't have an ISO handy, check our article on how to download Windows 11. Rufus can also be used to download the image directly using Fido, from the same developer. To use it, click the arrow icon next to the Select button, and hit the download option. 6. Once you have done the above, some new menus will become available. The one we are interested in, is the Image Option menu. By default, it says Standard Windows 11 Installation. Click it and set the 2nd option, Extended Windows 11 Installation (no TPM, no Secure Boot, 8GB- RAM). 7. Leave all the other options at their default settings, i.e., the partition scheme, target system, Volume Label, File System and Cluster Size. Advanced users may customize the options as required. Note: The quick format option is enabled by default, and will erase all data on your USB Drive. 8. You should see the "Ready" status at the bottom. Click the Start button to begin creating your bootable Windows 11 ISO without TPM, Secure Boot and RAM requirements. Wait for Rufus to finish the task. Once it completes the job, you can use your bootable media to install or upgrade your operating system to Windows 11 on an unsupported computer. Disable TPM, Secure Boot and RAM requirements for Windows 11 with the latest Rufus beta

WinRAR 7.10 was released yesterday with numerous features, such as larger memory pages, a dark mode, and the ability to fine-tune how Windows Mark-of-the-Web flags are propagated when extracting files. WinRAR is a popular file archiver and compression tool for Windows that allows users to create, extract, and manage compressed files, primarily in RAR, ZIP, and many other file formats. The author claims that the tool is used by 500 million people worldwide. Yesterday, win.rar GmbH released the final version of WinRAR 7.10, listing numerous new features that increase the performance and usability of the program. These new features include enabling larger memory pages for increased performance, a reworked settings interface, and a long-awaited dark mode. WinRAR dark mode Source: BleepingComputer One new feature that stood out is a new setting that lets you strip information that may be considered a privacy risk from the Mark of The Web alternate data stream. "'Zone value only' option in "Settings/Security" dialog controls if archive Mark of the Web propagation includes only the security zone value or all available fields," reads the WinRAR 7.10 release notes. "While additional fields, such as a download location or IP address, might help to identify a file source, they can be a privacy concern if file is shared with other persons." For those unfamiliar with the Mark-of-the-Web (MoTW), it is an alternative data stream named "Zone.Identifier" that is added to files downloaded from the Internet, including from websites and email. This identifier tells Windows and supported applications that the file was downloaded from another computer or the Internet and, therefore, could be risky to open. When attempting to open a downloaded file, Windows will check if a MoTW exists and, if so, display additional warnings to the user, asking if they are sure they wish to run the file. Launching a downloaded executable containing a MoTW Source: BleepingComputer Microsoft Office will also check for the Mark-of-the-Web, and if found, it will open documents in Protected View, with the file in read-only mode and macros disabled. To check if a downloaded file has the Mark-of-the-Web, you can right-click it in Windows Explorer and open its properties. If the file contains a MoTW, you will see a message at the bottom stating, "This file came from another computer and might be blocked to help protection this computer." Modern file archives will propagate the MoTW found in archives to extracted files, allowing those files to also be protected with the Windows security feature. MoTW is a powerful security feature that is commonly targeted by threat actors who attempt to find zero-day flaws that allow their malicious files to bypass Windows' security warnings. However, some may consider it a privacy concern, as if the file is shared with another person, the "Zone.Identifier" contains information that could reveal sensitive information about where a file was downloaded from. This is because the Zone.Identifier flag contains a lot of information about a downloaded file, including the Internet Zone (ZoneID) it was downloaded from, the URL to the file, the URL referring to the file, and in some cases, the IP address of the host it was downloaded from. Information in MoTW Zone.Identifier Source: BleepingComputer As part of WinRAR 7.10, a new setting is enabled by default called "Zone value only" that strips all information from MoTW alternate data streams other than the ZoneId when it is propagated to extracted files. MoTW settings in WinRAR 7.10 Source: BleepingComputer This allows the Mark-of-the-Web security feature to continue to work with extracted files, but the alternate data stream can no longer be used to learn where the file was downloaded. For those who wish to enable complete propagation of MoTW data, you will need to go into the WinRAR settings > Security and uncheck "Zone value only." While this new setting may hamper digital forensics, it is a welcome feature for those who want the strictest privacy. Source Hope you enjoyed this news post. Thank you for appreciating my time and effort posting news every day for many years. News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of January): 487 RIP Matrix | Farewell my friend

Earlier this month, Microsoft updated its official Media Creation Tool to the latest Patch Tuesday update that fixes some issues. A user can perform a clean install or an in-place upgrade using the utility. However, since it is an official utility, it can not help bypass the system requirements restrictions on unsupported hardware. That is where third-party apps like Rufus step in, and as its developer had promised, the in-place upgrade workaround Registry tweak was integrated into the Rufus setup file in version 4.6 beta. In case you were waiting for a non-beta, the Rufus 4.6 version has been finalised and it is out today with the bypass. The final version carries the improvements and fixes from the beta but also adds a new change. As per the release notes, the version has received improved support for ReactOS boot media. The issue details suggest that ReactOS was having some booting-related issues and switching to FreeLdr.SYS has fixed it. For those who may not be familiar, the ReactOS project is often referred to as "Open source Windows" and FreeLoader (FreeLdr) is the default bootloader for ReactOS. The release notes for Rufus' final version 4.6 are given below: To download the update, head over to Neowin's software story page, the official website or the GitHub repo. On a related note, a new Rufus-like utility has been released today called "Flyby11" and it too promises to bypass Windows 11 (24H2) system requirements with just a few clicks. Source Hope you enjoyed this news post. Thank you for appreciating my time and effort posting news every day for many years. 2023: Over 5,800 news posts | 2024 (till end of September): 4,292 news posts RIP Matrix | Farewell my friend

Google's Chrome Web Store is now warning that the uBlock Origin ad blocker and other extensions may soon be blocked as part of the company's deprecation of the Manifest V2 extension specification. "This extension may soon no longer be supported because it doesn't follow best practices for Chrome extensions," reads the Chrome Web Store page for uBlock Origin. The warning includes a link to a Google support bulletin that states the browser extension may be disabled to protect users' privacy and security. "To better protect your privacy and security, Chrome and the Chrome Web Store require extensions to be up-to-date with new requirements," reads Google's support bulletin. "With this, Chrome may disable extensions that don't meet these requirements." Warning that uBlock Origin may soon be unsupported and blocked Site: BleepingComputer The new warnings were first reported today by users on X, who saw a different message on the Chrome Web Store stating that the extension is no longer available. However, BleepingComputer was not shown this alert on numerous browsers and devices, instead seeing the one shared above. It is not clear if the original message appeared by mistake and switched later to the current one. The new alert recommends users switch to a different ad blocker that supports Manifest V3, such as Hill's uBlock Original Lite and other ad blockers. Many Chrome users are now saying they will switch to other browsers if uBlock Origin is blocked. There is nothing insecure about uBlock Origin and likely other extensions that are showing this alert. Instead, this warning is being displayed as part of Google's ongoing deprecation of the Manifest v2 (MV2) extension specification, which uBlock Origin uses. In August, Google started warning users directly in the browser that the extension may soon be disabled and that they should find alternatives. Warning on Manifest V2 extensions in Google Chrome Source: BleepingComputer At the time, uBlock Origin lead developer and maintainer Raymond Hill explained that these warnings are the result of Google deprecating support for the Manifest V2 (MV2) extensions platform in favor of Manifest V3 (MV3). "uBO is a Manifest v2 extension, hence the warning in your Google Chrome browser. There is no Manifest v3 version of uBO, hence the browser will suggest alternative extensions as a replacement for uBO," Hill explained in August. "uBO Lite (uBOL) is a pared-down version of uBO with a best effort at converting filter lists used by uBO into a Manifest v3-compliant approach, with a focus on reliability and efficiency as has been the case with uBO since first published in June 2014." These Chrome Manifest versions are specifications for building Chrome extensions that outline the rules, permissions, and APIs developers must follow and use. In 2019, Google announced that Manifest V2 would be deprecated in favor of a Manifest V3 extension specification, which first started rolling out with Chrome 88 in December 2020. However, the new Chrome Manifest V3 introduced significant technical challenges for extension developers, especially those requiring greater control over web browser functions such as ad blockers, forcing them to create new extensions with limited capabilities (like Hill's uBlock Origin Lite). While uBlock Origin Lite may work fine for some users, those who require advanced filtering or when visiting specific sites, may find that they have a more limited experience. uBlock Origin's developer created a FAQ explaining the differences between the uBlock Origin Manifest V2 extension and the new uBlock Lite Manifest V3 version. Even after Manifest V2 is deprecated, users can continue to use the Manifest V2 extension until June 2025 using the ExtensionManifestV2Availability policy. This policy allows the enterprise and other users to control Manifest v2 extension availability on Linux, Mac, Windows, and ChromeOS. As uBlock Origin continues to work as usual on Firefox, and Brave Browser and Vivaldi say they will continue to support Chrome Manifest V2, users can still find both Chromium-based browsers and alternatives that support the popular content filter and ad blocker. Source RIP Matrix | Farewell my friend Hope you enjoyed this news post. Thank you for appreciating my time and effort posting news every day for many years. 2023: Over 5,800 news posts | 2024 (till end of September): 4,292 news posts

The maker of Tiny11, a third-party project that aims to make Windows 11 less bloated with unnecessary parts, released a new version of Tiny11 Builder, a special tool that lets you create a custom Windows 11 image tailored to your needs and preferences. The latest release makes it much easier to create a lightweight Windows 11 ISO without worrying about installing a system modified by unknown third parties. Tiny11 Builder is no longer tied to a specific Windows 11 build. You can use it with any version, language, and architecture. According to the developer, who goes by the @NTDEV_ handle on X, the improvements in Tiny11 Builder were made possible thanks to the better scripting capabilities of PowerShell. Tiny11 Builder is open-source, which allows everyone to peek under the hood to understand better how the thing works. It uses only Microsoft-made utilities, such as DISM or oscdimg.exe, which is a part of the Windows ADK: Since the updated Tiny11 Builder uses PowerShell, you should set the execution policy to unrestricted before using the project. To do so, run PowerShell as Administrator and execute the Set-ExecutionPolicy unrestricted command. You can download Tiny11 Builder from its GitHub repository. Before you proceed, remember that only the official Windows images from Microsoft are 100% safe. If you want to tinker with the OS beyond what Microsoft allows, you should accept potential risks and complications and keep in mind that only you are the one responsible for your system. Source

Notepad++ is an open source plain text editor for Windows that offers better functionality than the built-in Notepad tool of the operating system. Notepad++ is celebrating its 20th anniversary today. The developer released Notepad++ 8.6 to celebrate the anniversary. The announcement of the new release reveals information about the past 20 years of the project. It is an interested read. Even Notepad++, which many consider the best plain text editor for Windows, had to gain popularity in the beginning. The developer admits that he had to sign-up for various forums to promote the new text editor. This changed soon thereafter as the popularity of the text editor increased. Fun fact: our first mention of Notepad++ here on this site was in 2006, just months after the official launch of the site. Notepad++ continues to be an excellent plain text editor for Windows. It will be interesting to see where it stands in 20 years from today. Now You: do you use Notepad++ or another plain text editor on Windows? Source

Google Chrome extension 'Internet Download Manager' installed by more than 200,000 users is adware. The extension has been sitting on the Chrome Web Store since at least June 2019, according to the earliest reviews posted by users. Although the extension may install a known and legitimate download manager program, BleepingComputer observed unwanted behavior exhibited by the extension—such as opening links to spammy sites, changing the default browser search engine, and further hounding the user with pop-ups asking them to download more "patches" and unwanted programs. Dodgy Chrome extension installed by 200,000+ users A concered BleepingComputer reader reached out to us on seeing a Chrome add-on "running malicious sites by impersonating famous software." And their concern seems valid. The 'Internet Download Manager' browser extension installed by more than 200,000 users to date doesn't seem all that innocent. Chrome extension Internet Download Manager live on Chrome Web Store (BleepingComputer) There does exist a legitimate Windows program called Internet Download Manager, published by software company Tonec. Tonec does offer Internet Download Manager extensions for Firefox and Chrome. But, the authentic Chrome extension provided by the company is called 'IDM Integration Module.' Further, Tonec's FAQ specifically warns, "Please note that all IDM extensions that can be found in Google Store are fake and should not be used." By contrast, the counterfeit 'Internet Download Manager' Chrome extension seems to be maintained by a website called "Puupnewsapp" that claims "it increases your download speed up to 500%" making it a "super software" for downloading games, movies, music, and "large files in minutes." Sounds promising. The instructions provided by the knock-off extension are even more perplexing—why does one need to download and install multiple programs after installing the extension? Installation steps for the extension prompt users to further install programs (BleepingComputer) Specifically, upon installing 'Internet Download Manager,' users are now asked to install an executable from the puupnewsapp website, and additionally download a "Windows patch" ZIP file: hxxps://www.puupnewsapp[.]com/idman638build25.exe hxxps://www.puupnewsapp[.]com/windows.zip The 'idman638build25.exe' executable appears to be a valid, signed version of the legitimate Tonec Internet Download Manager. The 'windows.zip' archive analyzed by BleepingComputer, contains both 32-bit and 64-bit versions of NodeJS, and executes JavaScript code to adjust Chrome and Firefox registry settings. NodeJS file making registry changes for Firefox and Chrome (BleepingComputer) Alters search engines, promotes spam What also stood out to us was that installing the extension in a test environment changed the default browser search engine to smartwebfinder[.]com. Frequent pop-ups urging the user to install more add-ons, such as for Firefox, were also observed, as was the extension launching third-party sites in the browser. Default search engine changed by extension (BleepingComputer) Luckily, reviewers, some from as early as 2019, seem to have spotted the dodgy behavior. Although plenty of (likely inauthentic) reviewers claim to have no issues with the extension. Multiple reviews call out the "spam" extension (BleepingComputer) BleepingComputer readers have previously reported issues with similar rogue extensions they'd found on the Chrome Web Store. The particulars of the counterfeit extension are as follows: Extension ID: lcdlanlaneooailnebnhamiiieebikid .crx hash (SHA-256): b4b47730b62592c21368c2546e578342fff8383693e89211155c2d61d88058ba Web Store URL: hxxps://chrome.google[.]com/webstore/detail/internet-download-manager/lcdlanlaneooailnebnhamiiieebikid?hl=en BleepingComputer reached out to Tonec for comment, and we have also notified Google of the malicious extension prior to publishing. "This is a fake extension and it should be avoided. Moreover it may contain spyware and adware," a Tonec spokesperson told BleepingComputer, referring to the counterfeit 'Internet Download Manager.' "We report it to Google, but it appears again in a short time." Tonec also urged users to download the aforementioned IDM Integration Module extension that has 20 million downloads on Chrome. A quick search on the Chrome Web Store for "IDM," "IDM integration add-ons," or "Download Manager" will yield results containing extensions with hundreds of thousands of user installs, and favorable reviews that may appear promising. While not all of these extensions may be harmful, users should be cautious when installing new Chrome extensions and verify if these are official versions published by trusted software vendors. Source: BleepingComputer https://www.bleepingcomputer.com/news/security/fake-chrome-extension-internet-download-manager-has-200-000-installs/

Every few years, Microsoft is making it more difficult to create a local account during setup of the Windows operating system. The company announced in February 2022 that new setups and first runs of Pro versions of Windows 11 would require a Microsoft account. It did not take long for workarounds to become available, but many users may be unaware of these bypass options. Some users may prefer Microsoft accounts, as they offer some advantages, including data syncing through the OneDrive service, remote password restoration options, and other features. Others may prefer local accounts as they reveal less to Microsoft account and are not attackable if the device is not turned on. Computer techs may also need to setup accounts for customers, who may not be available or able to provide a Microsoft account. How to avoid using Microsoft accounts in Windows 11 There are several methods to bypass the Microsoft account requirement during setup on Windows devices. I described one option in How to use local accounts on Windows 11 version 22H2 devices. While written for that specific version, the described method works in other versions of Windows 11 as well. To describe it in a sentence, it is creating a Microsoft account during setup and creating a local account after setup ended. It is not elegant and requires that an email address is used initially for the account creation. The following two methods do not require a Microsoft account at all. Bypass 1: OOBE\BYPASSNRO This bypass is the easiest option right now, as it requires just a few steps during setup to skip the Microsoft account creation. Here is how it works: Disable the Internet connection before starting setup, e.g., by disconnecting the LAN cable or disabling Wi-Fi. Windows will display a "Let's connect you to a network" or similar screen. The upcoming Windows 11 version 22H2 does not allow you to skip this anymore to create a local account. On the screen, use Shift-F10 to open a command prompt window. Type OOBE\BYPASSNRO and hit the Enter-key. Windows will reboot and return to the "Let's connect you to a network" screen. Only this time, you may select "I don't have Internet" to skip this. Then you select "Continue with limited setup" to then create a local account during setup. Bypass 2: Use a banned email address Microsoft has banned email addresses that were used too often in the account creation process. You may use this to your advantage, as it allows you to skip the Microsoft account creation or sign-in phase during setup. Here is how this method works (thanks Neowin ) Select Sign-In when asked to create or sign-in to a Microsoft account during setup. Use the email address no@thankyou.com. Type any password on the next screen. Windows will display "Oops, something went wrong" on the next screen. Clicking Next opens a screen that allows you to create a local account. You can assign a password to the account, or leave it empty. Closing Words There is a chance that Microsoft is removing the bypass options in future versions of Windows. New bypasses may be found, which we will add to this guide. For now, users have several options to skip using a Microsoft account during setup. Now You: local or Microsoft account, what is your preference? How to bypass the Microsoft Account requirement during Windows setup

Last week, Microsoft made a major announcement as it blocked the popular BYPASSNRO workaround on Insider builds, used to skip the internet and Microsoft Account requirement checks during the Windows 11 installation OOBE (initial setup). Microsoft has its reasons why it wants people to use a Microsoft Account instead of local accounts. The company explained in detail all about it back in 2024, and on the announcement blog post itself, it noted that the change was being made to "enhance security and user experience of Windows 11." Microsoft wrote: Following this announcement, enthusiasts and smart Windows users started looking for ways in which they could work around and circumvent this. That is when we picked up on this newish method proposed by the user ThePineapple. We say newish since it already existed for the last six months or so, but no one had noticed it as the BYPASSNRO script has been so popular. The trick involves using a CXH URI string to trigger a hidden local account during the OOBE. We covered it in its dedicated article here. There is also a PowerShell script that can help in this regard. Meanwhile, another user has discovered yet another way to bypass this. This is similar to the BYPASSNRO one but involves going to the Registry and tweaking it. Upon finding this, Neowin looked around and found that Microsoft's own official documentation explains how this works. The company notes that by default, the HideOnlineAccountScreens value is set to "false" such that the sign-in page appears during the OOBE. So for the bypass to work, one has to change it to "true". Microsoft notes that this is "primarily for enterprises" for running unattended installs, but it should work for all users. Neowin also noticed that there is also an option to hide the wireless network setup option too using HideWirelessSetupInOOBE. Again, the default value is "false" so that this page appears, but users can flip it to "true". Source: Microsoft (link1, link2) Source Hope you enjoyed this news post. Thank you for appreciating my time and effort posting news every day for many years. News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of March): 1,357 RIP Matrix | Farewell my friend

The Linux Foundation, alongside Google, Microsoft, Meta, and Opera, have announced today the formation of the new Supporters of Chromium-Based Browsers. As the name suggests, this group has been formed for the support of open-source Chromium browsers so that they can continue to receive the necessary resources, be it financially, or in some other form. The initiative has been undertaken by the Linux Foundation in partnership with Google, and Microsoft, Meta, and Opera, have since joined it. In its press release, the Linux Foundation has explained what this consortium is about. It writes: In its blog post on the Chromium website, Google has explained why the Linux Foundation has been chosen to manage this as well as its thoughts about the whole thing as it cites millions of dollars in cost just for maintenance: Microsoft has also added its own thoughts and it mainly involves its aim to improve Edge while continuing its contributions to Chromium: Opera has also chimed in: Meta, so far, has not released a press release or a statement. What this means is that Chromium browsers are likely going to pick up even more steam, and this may not bode too well for Gecko engine based-Firefox, which is struggling hard against the Chromium juggernaut and especially Google with just ~6% desktop market share. Source Hope you enjoyed this news post. Thank you for appreciating my time and effort posting news every day for many years. News posts... 2023: 5,800+ | 2024: 5,700+ RIP Matrix | Farewell my friend

When you visit the uBlock Origin page on the Chrome Web Store in Google Chrome, you see a notification near the top that states that the extension is no longer available. Google writes: "This extension is no longer available because it doesn't follow best practices for Chrome extensions." The "add to Chrome" button is not displayed anymore for that extension. If it is installed, Google displays a "remove" button instead. The message is displayed regardless of Chrome edition. In Chrome Canary, you may also notice that Google is removing uBlock Origin and other extensions automatically on start of the browser. This is part of Google's plan to remove extensions that do not use the new extensions manifest willingly or unwillingly. The only options that Chrome displays are to remove the extension, as it gets disabled only by Google, or to open the extensions manager in Chrome. Google Chrome may list affected extensions under these extensions may soon no longer be supported or the recent "This extension was turned off because it's no longer supported" listing. Tip: Google has added options to Chrome to extend support for a year. You can check out our guide on how to enable these, but note that this is only a temporary option. uBlock Origin still available in other browsers When you visit the uBlock Origin store page in another browser, you will notice that the extension is still available. If you use Brave, Vivaldi, Edge, or Opera, you will get the option to install it in that browser. Google is preventing this in Chrome, likely by checking for the user agent of the browser. It does to to prevent he installation of the extension, and any other that is using the classic extension manifest, in Chrome. Closing Words If you are a Chrome user, you have several options to deal with this. You can enable the policy to extend support for uBlock Origin and other classic extensions until mid-2025. Another option is to switch the browser. You could switch to a Chromium-based browser, Brave, Vivaldi, Opera, or Edge. You may need to enable the policy for these browsers as well. Only a few Chromium-based browsers will continue to support some or all classic extensions after 2025. There is also Firefox. The open source browser does not depend on Google or Chromium. Mozilla confirmed that Firefox will support classic and new extensions going forward. Also, Raymond Hill, the developer of uBlock Origin, says that the extension works best in Firefox. Source Hope you enjoyed this news post. Thank you for appreciating my time and effort posting news every day for many years. 2023: Over 5,800 news posts | 2024 (till end of October): 4,832 news posts RIP Matrix | Farewell my friend

When Microsoft released details about its Windows 11 version 24H2 for managed enterprise and office PCs, the company highlighted the ways how admins could defer them as "optional" or deploy the update to such PCs. One of the ways is by using the target version capability. Essentially, it involves using the target version policy via the Group Policy Objects (GPO) editor to input the feature update a user's PC wants to stay on or upgrade to. And while the policy is designed for business PCs, home users who are running Windows 11 Pro can also upgrade their system to Windows 11 24H2 using this method in case they are not being offered the update via Windows Update. To do so: Open the Local Group Policy Editor (GPEDIT.MSC) Navigate to Computer Configuration > Administrative Templates > Windows Components > Windows Update > Windows Update for Business Go to Select the target Feature Update version policy Double-click it or right-click > Edit to edit it. Set the policy from Not configured (default) to Enabled Input "Windows 11" in the product version and "24H2" in the target version Hit Apply and OK. As mentioned above, Home editions of Windows do not have the Group Policy Editor and the same is the case for Windows 11 as well. However, users can still use another powerful native Windows configuration tool called the Registry Editor to perform the same target version policy trick. To do so: Open the Registry Editor app or run REGEDIT. Navigate to the HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windowsupdate key Inside, create a new create new string value with the name ProductVersion, set the value to "Windows 11" Create another string value TargetReleaseVersionInfo, and set the value to "24H2" Finally, create a DWORD TargetReleaseVersion and set the value to "1" Using either one of the two methods should trigger Windows Update to make the leap to Windows 11 24H2. In case you are still not being offered the latest feature update even after performing this, there may be some safeguard holds or some other issue at play. Source RIP Matrix | Farewell my friend Hope you enjoyed this news post. Thank you for appreciating my time and effort posting news every day for many years. 2023: Over 5,800 news posts | 2024 (till end of September): 4,292 news posts

Since updating Microsoft's latest Windows 11 feature update, version 24H2, several users are reporting that they are unable to perform a Windows Update Cleanup that allows users to free up space. As such, seemingly every user updating to Windows 11 24H2 is finding that they are not able to proceed with deleting 8.63GB of past cumulative updates, a thing that was possible on previous versions of the OS. Image via Acrobatic_Face_7404(Reddit) For example, an Eleven Forum member thecaretaker who started a thread on the issue, says: When someone suggested that they run a Disk Cleanup, another user confirmed that it was not working either, as they wrote: The user and several others believe this may be a bug in Windows 11 24H2, but that is unlikely since almost every system exhibits this 'symptom.' A user on My Digital Life forum suggests this may not be a bug after all and is how Microsoft intended it to be. They write: The user is referring to the new Windows cumulative update delivery method that Microsoft introduced with Windows 11 24H2 and Server 2025. Called "Checkpoint Cumulative updates" (CCU), the company has essentially delivered these as checkpoints instead of the entire update since RTM, thus reducing the size of each update. As a consequence of that, it is certainly plausible why deleting this "8.63 GB" of unwanted data is not working. However, this is simply speculation, and it is possible that the issue is indeed a bug that needs to be fixed. After all, the company had already confirmed a CCU-related problem that leads to the "Operation is not supported” error message. Source RIP Matrix | Farewell my friend Hope you enjoyed this news post. Thank you for appreciating my time and effort posting news every day for many years. 2023: Over 5,800 news posts | 2024 (till end of September): 4,292 news posts

Emails, documents, and other untrusted content can plant malicious memories. When security researcher Johann Rehberger recently reported a vulnerability in ChatGPT that allowed attackers to store false information and malicious instructions in a user’s long-term memory settings, OpenAI summarily closed the inquiry, labeling the flaw a safety issue, not, technically speaking, a security concern. So Rehberger did what all good researchers do: He created a proof-of-concept exploit that used the vulnerability to exfiltrate all user input in perpetuity. OpenAI engineers took notice and issued a partial fix earlier this month. Strolling down memory lane The vulnerability abused long-term conversation memory, a feature OpenAI began testing in February and made more broadly available in September. Memory with ChatGPT stores information from previous conversations and uses it as context in all future conversations. That way, the LLM can be aware of details such as a user’s age, gender, philosophical beliefs, and pretty much anything else, so those details don’t have to be inputted during each conversation. Within three months of the rollout, Rehberger found that memories could be created and permanently stored through indirect prompt injection, an AI exploit that causes an LLM to follow instructions from untrusted content such as emails, blog posts, or documents. The researcher demonstrated how he could trick ChatGPT into believing a targeted user was 102 years old, lived in the Matrix, and insisted Earth was flat and the LLM would incorporate that information to steer all future conversations. These false memories could be planted by storing files in Google Drive or Microsoft OneDrive, uploading images, or browsing a site like Bing—all of which could be created by a malicious attacker. Rehberger privately reported the finding to OpenAI in May. That same month, the company closed the report ticket. A month later, the researcher submitted a new disclosure statement. This time, he included a PoC that caused the ChatGPT app for macOS to send a verbatim copy of all user input and ChatGPT output to a server of his choice. All a target needed to do was instruct the LLM to view a web link that hosted a malicious image. From then on, all input and output to and from ChatGPT was sent to the attacker's website. ChatGPT: Hacking Memories with Prompt Injection - POC “What is really interesting is this is memory-persistent now,” Rehberger said in the above video demo. “The prompt injection inserted a memory into ChatGPT’s long-term storage. When you start a new conversation, it actually is still exfiltrating the data.” The attack isn’t possible through the ChatGPT web interface, thanks to an API OpenAI rolled out last year. While OpenAI has introduced a fix that prevents memories from being abused as an exfiltration vector, the researcher said, untrusted content can still perform prompt injections that cause the memory tool to store long-term information planted by a malicious attacker. LLM users who want to prevent this form of attack should pay close attention during sessions for output that indicates a new memory has been added. They should also regularly review stored memories for anything that may have been planted by untrusted sources. OpenAI provides guidance here for managing the memory tool and specific memories stored in it. Company representatives didn’t respond to an email asking about its efforts to prevent other hacks that plant false memories. Source RIP Matrix | Farewell my friend Hope you enjoyed this news post. Thank you for appreciating my time and effort posting news every single day for many years. 2023: Over 5,800 news posts | 2024 (till end of August): 3,792 news posts

Last month, Microsoft released an optional update for Windows 11 version 24H2 on Copilot+ PCs. Users quickly discovered that the update delivered a new optional feature under an oddly familiar "Recall" name. This quickly led to speculations about Microsoft allowing users to uninstall Recall in the near future. Sadly, this is not true. A Microsoft spokesperson told The Verge that Recall in the "Turn Windows Features on or off" section is nothing but a bug, and a future update will remove Recall from there: The company did not comment on whether there will be an option to uninstall Recall from Windows 11. European Union regulations have already forced Microsoft to make many Windows 11 components uninstallable, so it is possible that Recall would follow suit. However, it is worth noting that the company recently announced that Recall would be a strict opt-in experience, and Windows 11 would not turn it on without explicit permission from the end user. Therefore, instead of ripping it off the operating system, you can just keep Recall turned off and enjoy the Copilot+ PC experience without Windows 11 taking a snapshot (Microsoft is not calling them just "screenshots") every few minutes. Microsoft planned to release Recall alongside Copilot+ PCs in June 2024, but the launch was delayed after multiple privacy concerns. Now, Microsoft is preparing to re-release Recall to Windows Insiders somewhere in October before shipping the feature to all users in the Stable Channel. Do you think Microsoft should make Recall uninstallable, or do you think keeping it off by default is enough? Share your thoughts in the comment section. Source RIP Matrix | Farewell my friend Hope you enjoyed this news post. Thank you for appreciating my time and effort posting news every single day for many years. 2023: Over 5,800 news posts | 2024 (till end of August): 3,792 news posts

By default, files opened inside the WinRAR archives are shown in Bytes instead of KB or MB or GB. There’s an easy way to fix that. WinRAR is among the most famous .zip and .rar compression, archiving and extraction software in the world. More than 30 years ago, WinRAR was released to the public in a command line version. However, it was only two years later, in 1995, that a UI based version was released for the public. Since then, WinRAR has grown leaps and bounds. It has become among the most well known file archivers out there. A file archive software, which offers higher compression and quick extraction speed. In addition to great UI and features. WinRAR has many reasons to be famous. Not to forget, it is regularly updated, with additions and improvements in compression and extractions, bot in terms of sizes and speeds. Bought WinRAR Yet? However, WinRAR is also famous for something else. WinRAR is well known to offer the software as a trial version. A trial version, which ideally should work only for 30 days. But it doesn’t stop working after 30 days and keeps working even after that. This makes the trial version to keep working forever. It has meant that a huge amount of WinRAR users have never bought the software. This has led to many people buying WinRAR and posting their purchase pics online as a joke. So much so that a whole subreddit on Reddit called r/PaidForWinrar (now inactive) is dedicated for those who paid for the full version of the software. If that isn’t enough, people regularly post on Twitter (now X) about their achievements of purchasing a WinRAR license. Often re-tweeted by the official WinRAR’s Twitter (now X) handle @WinRAR_RARLAB, like this one: Not to forget, #iboughtwinrar hashtag is famous on Twitter too. So how WinRAR even earns if not many are buying it except for jokes? Well, it’s said that WinRAR earns most of it through their industrial licenses by selling it to companies. However, among all the great things about WinRAR, it has one simple problem. By default, the size of the archived files opened inside WinRAR are shown in bytes instead of Kilobytes (KB) or Megabytes (MB) or Gigabytes (GB). There’s a simple way to fix this. Change WinRAR file size from Bytes to KB or MB The simple way to change file size in WinRAR from bytes to KB or MB or MB is this: Open WinRAR. Click on Options. On top. Click on Settings. The very first option. Click on File list. Which is the fourth tab. Uncheck the option called Exact sizes. Click on OK. To save the settings. That’s it. This is how it looks after the saving: Conclusion Years ago, when WinRAR was founded, files were not that big. So, them defaulting to bytes made sense when files sizes were small enough to be counted in bytes. But these days files sizes in Kilobytes (KB) or Megabytes (MB) or more so in Gigabytes (GB) are more common. So it makes more sense in showing them that way. We must admit. From years, we have been using it the bytes way and frustratingly, we ourselves didn’t know that it was possible to change it. So we must credit Spud096 from GBAtemp for posting the easy fix for it. It’s because of that post that we came to know about this fix and we are able to share it with our readers. As for WinRAR itself. People can download WinRAR from their official homepage and even purchase / buy a license of it if necessary. After all, it gives the ability for them to post it online showing that they bought the license for one of the most famous software out there. Source

Microsoft made a lot of big announcements during its Build 2023 developers conference this week. That included reveals like Windows Copilot, a redesign of its Edge browser, and adding Bing Search to ChatGPT. However, one reveal that Microsoft casually mentioned deep inside in a blog post managed to get a lot of attention from users and the media online. Windows 11 will soon add native support for opening a number of archive file types, including RAR. As we mentioned when we first posted on this development, the RAR format remains very popular for Windows PC users 30 years after it was first created by Eugene Roshal, and 28 years after he created the archive program WinRAR. It's been used by millions of people since then to both open and compress files in the RAR format. Now that Windows 11 will soon have the ability to open RAR archives on its own, we wondered how win.rar GmbH, the Germany-based company that owns and updates the WinRAR program, felt about this new development. We asked the company for a statement and received one via email from Louise Cusworth of the WinRAR sales team: It's taken Microsoft 30 years to implement support for RAR files into the Windows OS, and we were taken by surprise by the announcement, but now we're wondering if they're considering providing the RAR engine in 30 years, too? Microsoft announced many other features for the next Windows 11 release, but obviously the part about the support for different archives and for .rar, in particular, created a big splash on the internet. First of all, we feel honoured with Microsoft's decision. This will hopefully make RAR compression even more popular and more accessible to those users who are not familiar with WinRAR. Are we concerned? Of course we are, because we are a small company and Microsoft is a big international multi-billion dollar company with a lot of power. However, others might be even more concerned about Microsoft's decision. When searching on Google for "how to open rar files", we see the advertisements of our competitors; this could become obsolete in the future, but we simply don't know. Although users will still need WinRAR to create RAR files, they'll no longer need it to open their .rar files (which was never exclusive to WinRAR anyway), but, hopefully, there are enough people out there who will continue to support a small software company like us, so that we can continue to develop WinRAR for a long time to come! Your article and the many others that are now popping up online, introduce both challenges and benefits for our business. We need to keep developing WinRAR to make it even more attractive to users, and we have just released the Beta version for WinRAR 6.22 and are currently working on a major upgrade, which will hopefully be ready by the end of the year. We want to thank Louise for this statement. It will certainly be very interesting to see if people will continue to use WinRAR and if Microsoft also decides to add native support for archiving files in the RAR format for future Windows releases. WinRAR on Windows 11 getting RAR support: "We feel honoured with Microsoft's decision"

Ventoy 1.0.86 is the latest version of the open source tool to create bootable media using disk image formats such as ISO or IMG. Ventoy supports the placing of multiple disk images on a single USB drive, which makes it an excellent option to run different versions / installers of Windows or Linux from a single device. The new Ventoy version improves the installation of Microsoft's Windows 11 operating system further. The main improvement in the new release enables two Windows 11-specific bypass options by default. VTOY_WIN11_BYPASS_CHECK -- this bypasses the hardware compatibility checks that Windows 11 performs during installation of the operating system. Ventoy creates several Registry keys to bypass checks for TPM, CPU, Secure Boot and RAM during setup of the operating system. The feature was introduced in Ventoy 1.0.55, but it had to be enabled manually by the user. VTOY_WIN11_BYPASS_NRO -- this bypasses the online account requirement of Windows 11. Users may set up a local account during installation of the operating system instead. The functionality was introduced in earlier versions of Ventoy, but the new default behavior improves things for users considerably. Since it is enabled by default, it works right away. Users who don't want these applied need to override the default values using Ventoy's global control plugin. Tip: you can check out my guide on using local accounts on Windows 11 here, and the guide on bypassing the creation of a Microsoft Account during Windows setup here. Windows 11 users are now able to install the operating system on unsupported hardware, run upgrades, and bypass the online account requirement. Ventoy 1.0.86 includes several fixes and improvements next to that. Noteworthy is Ventoy2Disk.exe's support for command line mode and new menu languages. You can check out the full changelog here. Ventoy is not the only bootable media tool that can bypass Windows 11 requirements. There is also Rufus, which includes similar functionality to do so. As a note: Windows 11 installations on unsupported hardware run fine for the most part. Monthly cumulative updates install without issues, as no hardware compatibility checks are performed. New feature update installations, like Windows 11 version 22H2, do perform compatibility checks and do require these bypasses again, however. Now You: do you use Ventoy or Rufus? (via Deskmodder) Ventoy 1.0.86: bypass Windows 11 hardware and online account requirement enabled by default Frontpaged: Ventoy 1.0.86

Firefox Translations is a translation service for Firefox that Mozilla is working on currently. It is already available as a limited preview that supports a handful of languages and can be installed in any recent version of Firefox. What sets it apart is the fact that the translations happen locally on the user system, and not in the cloud. At its core, Firefox Translations works similarly to how Chrome's Google Translate or Microsoft Edge's Bing Translate features work: when the user visits a foreign language website, as identified by the languages used on the system or in the browser, translate suggests to translate the content to the system language. When that happens in Chrome or Edge, data is submitted to servers that the companies operate. With Firefox Translations, no such data is submitted. Mozilla does not know the URL of the website, when you accessed it, your IP address, information about your system, or the information that the site contains. Another difference between the two translations systems is that Firefox Translations needs to download language information the first time a language is selected for translation; this may be a bit inconvenient for users who have access to slow Internet connections only, but it is a one-time process for each language. Firefox Translations is a game changer Firefox Translations improves privacy significantly when using translate services. Vivaldi Browser offers the next best thing, by hosting translate servers that users of the browser use. While you could argue that this is not really that different from Google hosting its Translate servers, it is clear that both companies have a different stance on user privacy. Google is an advertising company first and foremost, and data is what increases the company's revenue. Firefox Translations fills a feature gap in the Firefox browser. Translate functionality is important to many users, and Google's integration of Google Translate in Chrome was a game changer at the time. It improved translations by making them convenient in the browser. No longer was it necessary to install a browser extension or open a translate website manually to get a translated version of a site. Mozilla's service is a work in progress, and there are several restrictions and limitations currently that hold it back. If Mozilla manages to address these, Firefox Translations could very well become another game changer when it comes to in-browser translations. The ifs... Language support is still a work in progress; this is without a doubt the main limitation right now. Firefox Translations supports a dozen or so languages, including English, French, Spanish, German and several others, but it lacks support for hundreds of others, not even counting languages such as Klingon or Borg. It takes time to get support added for these, which, in the meantime, limits the reach of Firefox Translations. Firefox integration is provided via a browser extension currently. Native support improves the usability, as translate functionality is built-in then and not dependent on the installation of a browser extension. To compete with Chrome's translate service, Firefox Translations needs to become a native feature of Firefox. Translation options need an option to always translate a particular language; this does not seem to be supported at the time. While users may select the "never translate language" option, no such option to always translate a specific language or site is provided. Last but not least, there needs to be an option to translate specific text parts such as a paragraph or a sentence. Closing Words Firefox Translations is a huge undertaking that improves Firefox already and will improve Firefox for lots of users in the future. Time is an issue, as language support is lacking and needs to expand. While Mozilla is working on that, the organization can't afford to continue working on the service for several years before it is ready to compete with the cloud-based translation services in regards to language support. Several Chromium-based browser makers may be interested in Firefox Translations. Brave Software, for instance, decided against integrating Google Translate natively in the browser. It displays a prompt to users to install Google Translate, but that has privacy implications and reduced functionality when compared to Chrome's native offering. It is unclear if these companies could integrate Firefox Translations in their browsers. Now You: what is your take on Firefox Translations? Firefox Translations is going to be a game changer, if...

Chinese researchers have reportedly developed a device that can detect when a man is watching pornography by ‘reading his mind’. The new device, as reported by the South China Morning Post, would benefit Chinese internet censors by detecting the brainwaves triggered by lewd content. Pornography is illegal in China. The prototype device was made “for bad information detection”, said Xu Jianjun, director of the electrical engineering experiment centre at Beijing Jiaotong University, who published the work in Journal of Electronic Measurement and Instrumentation. It was tested on 15 male university students who would wear the device while sat in front of a computer screen – with an alarm going off when explicit imagery was detected by the brain. The developers say the new device can automatically adapt to the brainwaves of a human censor, able to filter out other signals that would come from emotions or weariness. Chinese authorities employ professional censors called jian huang shi - porn appraisers – to check social media for what they deem inappropriate content. Usually artificial intelligence can be used to detect explicit pictures and videos, but sometimes the algorithm makes errors. Human brains can still detect pornographic content more quickly and with greater accuracy. Many of these appraisers are women, but since the test was only ran on men researchers believe there could be differences between genders. The accuracy of the machine is reportedly 80 per cent. However, one unnamed researcher said that there could be ethical issues. “There is no law to regulate the use of such devices or protect the data they collected,” an individual from the University of Science and Technology of China in Hefei reportedly said. Source

Injectable, biodegradable technology developed by UK team works as a scaffold to help new tissue grow British researchers have developed a biodegradable gel to repair damage caused by a heart attack in a breakthrough that could improve the health of millions of survivors worldwide. There are more than 100,000 hospital admissions every year due to heart attacks in the UK alone – one every five minutes. Medical advances mean more people than ever before survive, with 1.4 million Britons alive today after experiencing a heart attack. But hearts have a very limited ability to regenerate, meaning survivors are left at risk of heart failure and other health problems. Now after years of efforts searching for solutions to help the heart repair itself, researchers at the University of Manchester have created a gel that can be injected directly into the beating heart – effectively working as a scaffold to help injected cells grow new tissue. Until now, when cells have been injected into the heart to reduce the risk of heart failure, only 1% have stayed in place and survived. But the gel can hold them in place as they graft on to the heart. “While it’s still early days, the potential this new technology has in helping to repair failing hearts after a heart attack is huge,” said Katharine King, who led the research backed by the British Heart Foundation (BHF). “We’re confident that this gel will be an effective option for future cell-based therapies to help the damaged heart to regenerate. To prove the technology could work, researchers showed the gel can support growth of normal heart muscle tissue. When they added human cells reprogrammed to become heart muscle cells into the gel, they were able to grow in a dish for three weeks and the cells started to spontaneously beat. Echocardiograms (ultrasounds of the heart) and electrocardiograms (ECGs, which measure the electrical activity of the heart) on mice confirmed the safety of the gel. To gain more knowledge, researchers will test the gel after mice have a heart attack to show they develop new muscle tissue. The study is being presented at the British Cardiovascular Society conference in Manchester. Prof James Leiper, an associate medical director at the BHF, said: “We’ve come so far in our ability to treat heart attacks and today more people than ever survive. However, this also means that more people are surviving with damaged hearts and are at risk of developing heart failure. “This new injectable technology harnesses the natural properties of peptides to potentially solve one of the problems that has hindered this type of therapy for years. If the benefits are replicated in further research and then in patients, these gels could become a significant component of future treatments to repair the damage caused by heart attacks.” Separate research being presented at the same conference found that obesity can drive hearts to fail and weaken their structure. The largest study of its kind on 490,000 people found that those with a higher body mass index (BMI) and waist-to-hip ratio had about a 30% increased risk of heart failure. This risk occurred regardless of other risks for heart failure such as diabetes, high blood pressure and high cholesterol. Dr Zahra Raisi-Estabragh, from Queen Mary University of London, who supervised the study, said: “We already know that obesity increases the risk of heart and circulatory diseases that can go on to cause heart failure. But now we have revealed that obesity itself could be a driver of hearts starting to fail.” Source

From stopping autoplay videos in their tracks to reducing the system burden on your PC, there’s plenty to love about this browser. Chrome may be the most used browser, but it isn’t necessarily the best one out there. Alternatives exist that could better meet your needs. One such option is Firefox. It’s a rare browser not based on Chromium, the project that powers Chrome, unlike other rivals like Edge or Opera. It’s also backed by a team with a long, storied history in browser development and a deep interest in online privacy. As a result, using Firefox can boost your PC’s performance, better protect you on the web, and also make life more convenient, too. You’ll find it offers built-in features that don’t exist in Chrome or otherwise require third-party add-ons. Just like we’ve recently done with Vivaldi, the enthusiast’s browser, we’ve highlighted the top 8 reasons to quit Chrome and make the switch to Firefox. Let’s dig in. Automatic blocking of autoplay videos IGN’s embedded videos automatically play by default (albeit with no audio on). Firefox can stop this behavior cold. Many websites have videos and other media that automatically play when you load the page. But not all automatically mute the audio, despite near-universal hatred for having sudden noise blaring in the background. Autoplay video can eat bandwidth unnecessarily when you’re on a connection with limited data. In Chrome, if you want to block sites that go hard with autoplay, you need to find and install a third-party extension. Firefox, on the other hand, keeps tabs in hand by default. Out of the box, audio is muted, and for YouTube, autoplay for both audio and video are blocked. And blocking autoplay video across the web by default is a easy, fast change in Firefox’s settings. Speedier website browsing A fresh installation of Firefox automatically blocks trackers that can make browsing feel slow. The more scripts that must load as part of a website, the more you’ll feel them. Even if they’re running invisibly in the background, they’re still there. Keep them from running and your web surfing should feel much snappier. Firefox also stops cryptominers from accessing your device, aka cryptojacking—it’s when a website allows malicious code to use your computer to mine for cryptocurrency. Indirectly, this protective feature helps with browsing speed too. If your system resources get tied up by a cryptominer accessing your device, your PC will feel sluggish, including when you’re browsing online. Lighter on system resources At the time of this screenshot, Firefox had 3x the number of tabs open as Chrome (39 vs 13), with a greater variety of website types. Chrome has a reputation for hogging system resources—namely RAM, but sometimes it also hits your CPU harder than expected, too. Google has taken steps to curtail these problems, but Firefox hasn’t had the same issues with regular memory leaks. It also generally goes light on system resources. Even when you begin piling on tabs and windows, browsing sessions don’t slow down. That said, Firefox can occasionally suffer from memory bloat as well, if you like to leave many tabs open for days. But you can quickly fix that problem by using Firefox’s Task Manager to nuke and then bring back a tab gone amok. Or, if you have the browser set to remember your browsing history, closing the app entirely and reopening it. (Your tabs should be automatically restored.) You don’t need to reboot your whole system. Mobile extensions Tired of annoying ads while browsing online with your smartphone? Android users are in luck. Just like on desktop, you can install browser extensions in the mobile version of Firefox. While you’re limited to 17 add-ons to choose from, they cover the major bases for improving web surfing and security. You’ll find recognizable options like uBlock Origin (ad-blocking), NoScript (control over JavaScript), HTTPS Everywhere (forces secure website connections where available), and more. Installing even just an ad-blocker makes for a smoother experience—no more accidental tapping on pop-ups, ads, or sponsored links you definitely didn’t want to visit. Equally easy sync across all devices You don’t have to give up seamless syncing across devices if you switch to Firefox. Part of Chrome’s appeal is the seamless nature of Google’s ecosystem—accessing your bookmarks and syncing open tabs across devices is simple. But that feature doesn’t need to be a reason to stay with Chrome. Firefox also allows you to browse the web with ease across devices, too. It’s as platform agnostic as Chrome, so you can bounce between Windows, Linux, Mac, Android, and iOS with no issues. Create a Firefox Sync account, and your browsing history, bookmarks, tabs, saved passwords, and more will follow you to whichever devices you log into. You’ll also be able to use additional privacy and security-oriented services like Firefox Relay (email masking) and Firefox Monitor (data breach monitoring) from the same single account. Deeper safeguards for privacy Beyond automatically keeping third-party cookies and trackers from gathering data about your browsing habits, Firefox also blocks fingerprinting, a more insidious method of monitoring people across the web. A digital fingerprint collates information about your PC’s hardware, software (like your operating system and browser), add-ons, preferences, and sometimes more like themes and customizations. The tracking of a fingerprint can take place over months or even longer, meaning whoever looks at the data can form a clear picture of your private life and habits. Think of it as a more invasive form of someone stalking you via public Instagram and other social media accounts—but instead, they’re learning information you haven’t chosen to share publicly. Maybe not even with your closest friends and family. Firefox also allows users to enable DNS-over-HTTPS (DoH). Normally when you enter a URL (e.g., https://www.pcworld.com) into your address bar and hit enter, the lookup of the IP address that the domain name resolves to is done over plain text. Meaning, anyone on your network can see what sites you’re accessing. But if you force the process to happen over an encrypted server, you thwart any such attempts at nosiness. Reader mode Reader mode isn’t perfect with spacing out text from sidebars and breakouts from the main text, but it’s not too difficult to parse through. Generally, the view is an improvement on the myriad elements on a webpage. Sometimes you just want to read the article on a website, not wade through pop-ups, video embeds, advertisements, and whatever else the site owner slaps on the page to keep the lights on (ahem). Having all the extras on the page can really slow down your ability to scroll through. You can reduce the visual distractions with extensions that strip away ads, block scripts, and more, but Firefox gives you a one-click option to do away with clutter on a page: Reader Mode. Click on an icon in the address bar and you get a clean, pared down view that shows just the text in a large, legible font and the images that go with the story. You can zip through the text so much faster. In fairness, Chrome has offered a reader mode before, but the development team can’t seem to make up its mind whether or not to keep it. Some builds of Chrome let you enable it, others don’t. After Mozilla implemented this feature in Firefox years ago, it’s been here to stay. Open-source code Ask current Firefox users why they switched, and you’ll often hear “It’s not Chrome.” What makes Chrome so bad, you ask? The big issue for most is having all of your data locked to a company that makes its money through advertising. (Recall the saying that if a service is free, you’re the product.) That’s a large privacy concern. But beyond that, it’s harder for the community to vet the security of Chrome, too. Despite being built on an open-source project (Chromium), the official Chrome browser mixes in Google’s proprietary spin on that code and keeps the final results under wraps. Users can’t examine for themselves how things are constructed. Many people don’t think about this as an issue, but knowing how something is made can tell you a lot more about its weaknesses—and any other elements that might not sit well with you. With Firefox, that’s not an issue. Source

Germany's Federal Office for Information Security, BSI, is warning companies against using Kaspersky antivirus products due to threats made by Russia against the EU, NATO, and Germany. Kaspersky is a Moscow-based cybersecurity and antivirus provider founded in 1997, that has a long history of success, but also controversy over the company's possible relationship with the Russian government. Kaspersky's founder and CEO, Eugene Kaspersky, recently expressed a wish for "compromise" regarding Russia's invasion of Ukraine, which sparked outrage on Twitter, with many rejecting the firm's stance on the matter. Kaspersky is also believed to offer its cybersecurity protection services to Russian state IT infrastructure, making it a concern that the company cannot stay completely neutral. BSI warns against using Kaspersky Today, the BSI is warning German companies to replace Kaspersky AV and any other products from the firm with alternative software from non-Russian vendors. As the BSI statement explains, antivirus software typically has higher-level privileges on Windows systems, maintaining a permanent, encrypted, and non-verifiable connection to the vendor’s servers for constant virus definition updates. Furthermore, as real-time protection from almost all antivirus vendors can upload suspicious files to remote servers for further analysis, there is concern that antivirus developers could use their software to exfiltrate sensitive files. While Kaspersky is likely trustworthy and ethical, it still has to abide by Russian laws and regulations, including allowing state agents to access private firm databases. BSI is taking this further by suggesting that Kaspersky could be forced into aiding the Russian intelligence forces in carrying out cyberattacks or conducting espionage. "The actions of military and/or intelligence forces in Russia and the threats made by Russia against the EU , NATO and the Federal Republic of Germany in the course of the current military conflict are associated with a considerable risk of a successful IT attack. A Russian IT manufacturer can carry out offensive operations itself, be forced to attack target systems against its will, or be spied on without its knowledge as a victim of a cyber operation, or be misused as a tool for attacks against its own customers." BSI To avoid panic moves like switching off protection without activating a replacement security product, BSI advises all organizations to prepare accordingly by first performing a complete assessment. Also, whenever a switch to alternative security products takes place, loss of comfort, functionality, and even safety is expected, so a remediation plan to address all that must be developed. This warning has already led to German organizations, such as Germany's Eintracht sports club, to no longer use Kaspersky's services. However, Kaspersky believes that BSI's warning to remove Kaspersky products is a political decision rather than a technical assessment of their products. A Kaspersky spokesperson shared the following statement with BleepingComputer regarding BSI's warnings, which we have shared in full below: We believe this decision is not based on a technical assessment of Kaspersky products – that we continuously advocated for with the BSI and across Europe – but instead is being made on political grounds. We will continue to assure our partners and customers in the quality and integrity of our products, and we will be working with the BSI for clarification on its decision and for the means to address its and other regulators’ concerns. At Kaspersky, we believe that transparency and the continued implementation of concrete measures to demonstrate our enduring commitment to integrity and trustworthiness to our customers is paramount. Kaspersky is a private global cybersecurity company and, as a private company, does not have any ties to the Russian or any other government. We believe that peaceful dialogue is the only possible instrument for resolving conflicts. War isn’t good for anyone. Our data processing infrastructure was relocated to Switzerland in 2018: since then, malicious and suspicious files voluntarily shared by users of Kaspersky products in Germany are processed in two data centers in Zurich that provide world-class facilities, in compliance with industry standards, to ensure the highest levels of security. Beyond our cyberthreat-related data processing facilities in Switzerland, statistics provided by users to Kaspersky can be processed on the Kaspersky Security Network’s services located in various countries around the world, including Canada and Germany. The security and integrity of our data services and engineering practices have been confirmed by independent third-party assessments: through the SOC 2 Audit conducted by a ‘Big Four’ auditor, and through the ISO 27001 certification and recent re-certification by TÜV Austria. Kaspersky has set the industry benchmark for digital trust and transparency. Our customers can run a free technical and comprehensive review of our solutions, allowing them to: Review our secure software development documentation including threat analysis, secure review, and application security testing processes Review the source code of our leading solutions including Kaspersky Internet Security (KIS), our flagship consumer product; Kaspersky Endpoint Security (KES), our flagship enterprise product; and Kaspersky Security Center (KSC), a control console for our enterprise products Review all versions of our builds and AV-database updates, as well as the types of information which Kaspersky products send to our cloud-based Kaspersky Security Network (KSN) Rebuild the source code to make sure it corresponds to publicly available modules Review the results of an external audit of the company’s engineering practices conducted by one of the ‘Big Four’ accounting firms; Review the Software Bill of Materials (SBOM) for Kaspersky Internet Security (KIS), Kaspersky Endpoint Security (KES), and Kaspersky Security Center (KSC) German government advises against using Kaspersky antivirus

RARLAB, the developer of the archiving software WinRAR, released WinRAR 6.1 in January 2022. The new version of WinRAR changes the system requirements, as support for Microsoft's Windows XP operating system has been dropped in the version. Many developers have ended support for Windows XP for their programs already. Programs such as Firefox, Chrome, Audacity, Sumatra or Dropbox do not support the operating system anymore. The minimum required operating system for WinRAR 6.1 is Windows Vista, which is not supported by Microsoft anymore. Windows 7 and Windows 8.1 are supported until January 2023. WinRAR 6.1 is the first version of the application that supports Windows 11's new context menus. Microsoft changed the File Explorer right-click context menu in its Windows 11 operating system. It added a newly designed context menu to File Explorer but kept the classic context menu as one of the options so that users can open it if required. Many third-party application entries are not displayed in the new context menu right now as companies need to publish updates to support it. One of the limitations of the context menu is that programs are allowed a single top level entry or menu item only. The new WinRAR context menu on Windows 11 lists all WinRAR commands when selected. WinRAR users may change the functionality in the preferences. The option "Cascaded context menus" determines whether a submenu with all WinRAR commands is displayed. Disabling the option changes the context menu items to a single extraction or archiving command, which users may select under Context Menu Items. Select Options > Settings > Integration to access the settings. You may toggle "Cascaded context menus" there, and find the "context menu items" button as well to select the items that you want to display. The configuration dialog is displayed after installation as well. The new "Legacy context menus" option may be used by WinRAR users if menu items are missing from the legacy context menu of Windows 11 or in the context menus of third-party file managers. The setting is only available on Windows 11 devices. WinRAR 6.1 introduces several other changes and improvements. The archiver supports the extraction of .zst and .zipx archives now. The option to create RAR5 recovery records has a new maximum limit; it is now 1000%, which means that the recovery volumes size can be up to 10 times larger than the actual size of the RAR volumes. A recovery file size larger than 99% of the archive is only supported by WinRAR 6.1 or newer. The same is true if the number of recovery volumes is greater than the number of protected RAR volumes. Older versions of WinRAR can't be used in this case to repair archives. See my MultiPAR review for additional details. The full changelog is available here. Downloads are available on the official download page. WinRAR 6.1 drops Windows XP support, adds Windows 11 context menu support Frontpaged: WinRAR 6.10

Microsoft has released the optional KB5005101 Preview cumulative update for Windows 10 2004, Windows 10 20H2, and Windows 10 21H1 with fixes for thirty-four issues. This preview update is part of Microsoft's June 2021 monthly "C" update, allowing Windows 10 users to test the upcoming fixes and changes to be released on September 14th as part of Patch Tuesday. Unlike updates released on Patch Tuesday, this preview update is optional and only contains bug fixes, performance enhancements, and improvements. It does not include any security updates. You can install this update by going to Settings > Windows Update and clicking on 'Check for Updates.' As this is an optional update, you will need to click on the 'Download and install' link for the update to be installed, as shown below. KB5005101 update offered in Windows Update Windows 10 users can also manually download and install the KB5005101 preview update from the Microsoft Update Catalog. Bluetooth and USB headphone issues fixed This update tests two fixes for issues Windows 10 users have been experiencing with Bluetooth and USB headphones. "Addresses an issue that prevents USB audio headsets from working on devices that support USB audio offload. This issue occurs if you installed third-party audio drivers on the devices," explained Microsoft in the KB5005101 support bulletin. "Addresses a rare condition that prevents Bluetooth headsets from connecting using the Advanced Audio Distribution Profile (A2DP) for music playback and causes the headsets to only work for voice calls." These issues do not appear to be common, but will likely be eagerly awaited fixes with many people working remotely. What's new in the Windows 10 KB5005101 update After installing the KB5005101 update, Windows 10 2004 will have its build number changed to 19041.1202, Windows 10 20H2 to build 19042.1202, and Windows 10 21H1 to build 19042.1202. The Windows 10 KB5005101 cumulative update preview includes 34 improvements or fixes, with the ten highlighted changes listed below: Updates a rare condition that causes Bluetooth headsets to only work for voice calls. Updates an issue that provides the wrong Furigana result when you cancel the Japanese reconversion. Updates an issue that resets syncing for Microsoft OneDrive to “Known folders only” after you install a Windows update. Updates an issue that prevents audio headsets that connect to a device using USB from working if the device has certain third-party audio drivers. Updates an issue with resizing images that might produce flickering and residual line artifacts. Updates an issue that prevents you from typing any words in the username box during the out-of-box experience (OOBE) process. This issue occurs when you use the Chinese Input Method Editor (IME). Updates an issue with copying and pasting a text box into Office 365 apps. If you use an IME, you won’t be able to insert text into the text box. Updates an issue that might cause your device to stop working when making a touch input gesture. This issue occurs if you bring more fingers into contact with the touchpad or screen during the middle of the gesture. Updates an issue that might cause an external monitor to display a black screen after Hibernation. This issue might occur when the external monitor connects to a docking station using a certain hardware interface. Updates an issue that resets the brightness for standard dynamic range (SDR) content on high-dynamic range (HDR) monitors. This occurs after you restart your device or reconnect to the device remotely. With this release, there are three known issues with KB5005101: Using the Microsoft Japanese Input Method Editor (IME) to enter Kanji characters in an app that automatically allows the input of Furigana characters, you might not get the correct Furigana characters. Devices with Windows installations created from custom offline media or custom ISO image might have Microsoft Edge Legacy removed by this update, but not automatically replaced by the new Microsoft Edge. After installing the June 21, 2021 (KB5003690) update, some devices cannot install new updates, such as the July 6, 2021 (KB5004945) or later updates. You will receive the error message, "PSFX_E_MATCHING_BINARY_MISSING". You can find a complete list of improves and fixes and detailed explanations of the known issues in the KB5005101 support bulletin. Windows 10 KB5005101 Cumulative Update released with 34 fixes

Colorful's first laptop is an RTX 3060-powered machine inspired by Chinese mythology What just happened? Chinese manufacturer Colorful has been making headlines recently with some interesting projects and products. Joining the latter list is the Colorful X15-AT, an RTX 3060-powered gaming laptop with a design inspired by ancient Chinese mythology. Known chiefly for its graphics cards, motherboards, and storage solutions, Colorful is adding gaming laptops to its repertoire with the X15-AT, a 15.6-inch gaming laptop. It comes with some impressive specs for the price, including a 144Hz display with 100% sRGB coverage, 300 nits peak brightness, and an 86% screen-to-body ratio. No mention of the resolution, but it’s presumably Full HD. Internally, the laptop features an 11th-gen Intel Core i7-11800H with 8 cores/16 threads and a 4.6GHz boost clock. It also has 16GB of DDR4 3200MHz memory that can be upgraded to 64GB and a 512GB NVMe SSD rated with up to 2,400MB/s speeds. Elsewhere, there’s a Thunderbolt 4 port with up to 40Gbps transfer speeds, a card reader, an anti-skid RGB backlit keyboard with 1.8mm travel and a full Numpad, and a trackpad that Colorful says is 30% larger than what most rivals offer. It also uses the company’s new Storm Blade 3.0 cooling setup that comes with dual turbo fans, 10nm Superfins, and a high-performance heatsink with five heat pipes. The CNC-milled aluminum chassis, which is 23.9mm (0.94 inches) thick and weighs 1.93kg (4.2 pounds), features a design inspired by Leizhenzi—a powerful thunder god from ancient Chinese mythology. The Colorful X15-AT gaming laptop has an MSRP of $1,199 and is coming to partner resellers in APAC in July 2021. Other regions will follow. That’s quite competitively priced for a thin and light RTX 3060 laptop with all those features, assuming you can find one for the MSRP. Last month saw Colorful launch a limited edition—only 1,000 are being made—iGame GeForce RTX 3090 Kudan for $4,999. It also unveiled the world’s first GPU museum alongside Nvidia. Source

On January 14, 2025, Microsoft released the latest security updates for Windows 10 and 11. As usual, all updates come with a short list of known bugs, which sometimes gets new entries as users report their discoveries or Microsoft makes its own. This time, Microsoft acknowledged a bug in Windows 10, but the company says you should not worry about it. In the now-updated support document, Microsoft says those keeping an eye on the Windows Event Viewer might notice an error related to SgrmBroker.exe with the following code: "The System Guard Runtime Monitor Broker service terminated with the following error: %%3489660935." While it might look serious at first glance, there is indeed nothing to worry about. For one, Microsoft says the only way to detect the bug is to "monitor" the Event Viewer closely. Otherwise, you will not see any traces or signs of the problem, plus there should be no signs of performance, functionality, or security issues. Microsoft also provided some additional insights into the problem with SgrmBroker.exe (System Guard Runtime Monitor Broker Service): If the error in the Event Viewer still bugs you, you can fix it by turning off the System Guard Monitor Broker Service. Here is how to do it: Microsoft says a future update will fix the problem for good. More important bugs in the January 2025 security updates for Windows 10 and 11 include compatibility issues with certain Citrix software, which causes errors when attempting to install the latest Patch Tuesday update. You can learn more about it here. Source Hope you enjoyed this news post. Thank you for appreciating my time and effort posting news every day for many years. News posts... 2023: 5,800+ | 2024: 5,700+ RIP Matrix | Farewell my friend

A severe security vulnerability has been discovered in 7-Zip, the popular file compression utility, allowing remote attackers to execute malicious code through specially crafted archives. The vulnerability tracked as CVE-2024-11477 has received a high CVSS score of 7.8, indicating significant security risks for users of affected versions. The flaw specifically exists within the Zstandard decompression implementation, where improper validation of user-supplied data can result in an integer underflow before writing to memory. This vulnerability enables attackers to execute arbitrary code in the context of the current process when users interact with malicious archives. According to Nicholas Zubrisky of Trend Micro Security Research, attackers can exploit this vulnerability by convincing users to open carefully prepared archives, which could be distributed through email attachments or shared files. The Zstandard format, particularly prevalent in Linux environments, is commonly used in various file systems, including Btrfs, SquashFS, and OpenZFS. The vulnerability poses significant risks as it allows attackers to: Execute arbitrary code on affected systems Gain the same access rights as logged-in users Potentially achieve complete system compromise Mitigation and Fixes 7-Zip has addressed this security issue in version 24.07. Since the software lacks an integrated update mechanism, users must manually download and install the latest version to protect their systems. IT administrators and software developers who implement 7-Zip in their products should immediately update their installations to the patched version. The vulnerability was initially reported to 7-Zip in June 2024, with the coordinated public disclosure occurring on November 20, 2024. Security experts emphasize the importance of prompt patching, as the vulnerability requires minimal technical expertise to exploit, though no known malware is currently targeting this flaw. This incident highlights the critical importance of input validation in application security, particularly when processing data from potentially untrusted sources. Organizations and individuals using 7-Zip or products that incorporate its functionality should prioritize updating to the latest version to maintain system security. Source : https://cybersecuritynews.com/7-zip-vulnerability-arbitrary-code/

The ability to remain installed and undetected makes Perfctl hard to fight. Thousands of machines running Linux have been infected by a malware strain that’s notable for its stealth, the number of misconfigurations it can exploit, and the breadth of malicious activities it can perform, researchers reported Thursday. The malware has been circulating since at least 2021. It gets installed by exploiting more than 20,000 common misconfigurations, a capability that may make millions of machines connected to the Internet potential targets, researchers from Aqua Security said. It can also exploit CVE-2023-33426, a vulnerability with a severity rating of 10 out of 10 that was patched last year in Apache RocketMQ, a messaging and streaming platform that’s found on many Linux machines. Perfctl storm The researchers are calling the malware Perfctl, the name of a malicious component that surreptitiously mines cryptocurrency. The unknown developers of the malware gave the process a name that combines the perf Linux monitoring tool and ctl, an abbreviation commonly used with command line tools. A signature characteristic of Perfctl is its use of process and file names that are identical or similar to those commonly found in Linux environments. The naming convention is one of the many ways the malware attempts to escape notice of infected users. Perfctl further cloaks itself using a host of other tricks. One is that it installs many of its components as rootkits, a special class of malware that hides its presence from the operating system and administrative tools. Other stealth mechanisms include: Stopping activities that are easy to detect when a new user logs in Using a Unix socket over TOR for external communications Deleting its installation binary after execution and running as a background service thereafter Manipulating the Linux process pcap_loop through a technique known as hooking to prevent admin tools from recording the malicious traffic Suppressing mesg errors to avoid any visible warnings during execution. The malware is designed to ensure persistence, meaning the ability to remain on the infected machine after reboots or attempts to delete core components. Two such techniques are (1) modifying the ~/.profile script, which sets up the environment during user login so the malware loads ahead of legitimate workloads expected to run on the server and (2) copying itself from memory to multiple disk locations. The hooking of pcap_loop can also provide persistence by allowing malicious activities to continue even after primary payloads are detected and removed. Besides running using the machine resources to mine cryptocurrency, Perfctl also turns the machine into a profit-making proxy that paying customers use to relay their Internet traffic. Aqua Security researchers have also observed the malware serving as a backdoor to install other families of malware. Assaf Morag, Aqua Security’s threat intelligence director, wrote in an email: “The malware always manages to restart” While Perfctl and some of the malware it installs are detected by some antivirus software, Aqua Security researchers were unable to find any research reports on the malware. They were, however, able to find a wealth of threads on developer-related sites that discussed infections consistent with it. This Reddit comment posted to the CentOS subreddit is typical. An admin noticed that two servers were infected with a cryptocurrency hijacker with the names perfcc and perfctl. The admin wanted help investigating the cause. “I only became aware of the malware because my monitoring setup alerted me to 100% CPU utilization,” the admin wrote in the April 2023 post. “However, the process would stop immediately when I logged in via SSH or console. As soon as I logged out, the malware would resume running within a few seconds or minutes.” The admin continued: Other discussions include: Reddit, Stack Overflow (Spanish), forobeta (Spanish), brainycp (Russian), natnetwork (Indonesian), Proxmox (Deutsch), Camel2243 (Chinese), svrforum (Korean), exabytes,>virtualmin,>serverfault and many others. After exploiting a vulnerability or misconfiguration, the exploit code downloads the main payload from a server, which, in most cases, has been hacked by the attacker and converted into a channel for distributing the malware anonymously. An attack that targeted the researchers’ honeypot named the payload httpd. Once executed, the file copies itself from memory to a new location in the /temp directory, runs it, and then terminates the original process and deletes the downloaded binary. Once moved to the /tmp directory, the file executes under a different name, which mimics the name of a known Linux process. The file hosted on the honeypot was named sh. From there, the file establishes a local command-and-control process and attempts to gain root system rights by exploiting CVE-2021-4043, a privilege-escalation vulnerability that was patched in 2021 in Gpac, a widely used open source multimedia framework. The malware goes on to copy itself from memory to a handful of other disk locations, once again using names that appear as routine system files. The malware then drops a rootkit, a host of popular Linux utilities that have been modified to serve as rootkits, and the miner. In some cases, the malware also installs software for “proxy-jacking,” the term for surreptitiously routing traffic through the infected machine so the true origin of the data isn’t revealed. The researchers continued: The diagram below captures the attack flow: Credit: Aqua Security The following image captures some of the names given to the malicious files that are installed: Credit: Aqua Security By extrapolating data such as the number of Linux servers connected to the Internet across various services and applications, as tracked by services such as Shodan and Censys, the researchers estimate that the number of machines infected by Perfctl is measured in the thousands. They say that the pool of vulnerable machines—meaning those that have yet to install the patch for CVE-2023-33426 or contain a vulnerable misconfiguration—is in the millions. The researchers have yet to measure the amount of cryptocurrency the malicious miners have generated. People who want to determine if their device has been targeted or infected by Perfctl should look for indicators of compromise included in Thursday’s post. They should also be on the lookout for unusual spikes in CPU usage or sudden system slowdowns, particularly if they occur during idle times. Thursday’s report also provides steps for preventing infections in the first place. Source RIP Matrix | Farewell my friend Hope you enjoyed this news post. Thank you for appreciating my time and effort posting news every day for many years. 2023: Over 5,800 news posts | 2024 (till end of September): 4,292 news posts

Intel was at one point the biggest processor maker in the world with every other company a distant second. Those days are now long gone, and now there's a new report claiming Qualcomm, the current learning maker of mobile processors, has made Intel an acquisition offer. The report comes from The Wall Street Journal, citing unnamed sources. The report adds that a deal for Qualcomm to buy Intel is "far from certain" so it may not come to pass. Specific financial details of this offer were not revealed. There were previous unconfirmed rumors that Qualcomm was interested in purchasing some of Intel's chip design divisions. Even if such a deal is announced, it would almost certainly come under the eyes of government regulators to see if it would violate anti-trust law. Qualcomm could have to sell off parts of Intel in order to pass regulatory muster. Intel has seen its fortunes go way down in the last year, as many investors believe that the once dominate chip designer and maker missed out on the current AI revolution that's being led by other chip companies, most notably Nvidia. Earlier this year, Intel revealed that not only had its financial number missed its forecasts, but that it was going to lay off 15,000 of its employees by the end of 2024. That number represents about 15 percent of its workforce at that time. Earlier this week, Intel announced plans to make additional changes to save money. That included pausing the plans for constructing two of its plants, along with turning it foundry business into a independent subsidiary of the company. Qualcomm continues to be the top third-party processor for mobile devices. However, its been trying to boost its PC business as well. Earlier this year, it announced its Snapdragon X series of Arm-based processors made specifically for Windows 11 PCs. Most of the major PC makers are now selling notebooks with some form of Snapdragon X chip, including Microsoft with some of its Surface devices. Source RIP Matrix | Farewell my friend Hope you enjoyed this news post. Thank you for appreciating my time and effort posting news every single day for many years. 2023: Over 5,800 news posts | 2024 (till end of August): 3,792 news posts

While the general user may be unaware of it, browser wars continue to wage on as each of them tries to secure and keep as much of the user base as they can, often seemingly venturing into controversial territories. Besides waging war against rivals, search giant Google is also currently trying to kill off ad blocking on YouTube with server-side-injected ads inside videos that may be impossible to jam off. In the ad blocking extension space, another ongoing change is the move from Manifest V2 to V3. For those unfamiliar, the Manifest API essentially deals with how extensions and add-ons work on browsers, and V3 aims to improve the privacy, security and performance of such extensions. Recently, uBlock Origin developer recommended users switch to uBlock Lite as Chrome Web Store currently flags the former with a message that says the extension may not be supported for longer following the commencement of the Manifest V2 phase-out at the start of June. The message (warning) is also present on the "About Manifest V2" page on Google's official site. It notifies extension developers that V2 extensions are no longer accepted on Chrome Web Store with the message "Warning: The Chrome Web Store no longer accepts Manifest V2 extensions. Follow the Manifest V3 Migration guide to convert your extension to Manifest V3." Microsoft Edge, which is Chromium-based as well, is going a similar route, although no such notification about the Edge Add-ons Store seems to have been planted on its site. However, updates to existing MV2 add-ons are still allowed on Edge, which is not possible on Chrome. For those who want to keep using Manifest V2 extensions like uBlock Origin in the foreseeable future, one way to do so is to migrate to Mozilla's Firefox, which has no plans to drop MV2 support any time soon. The Gecko-based browser recently said that it wants to extend the support for Windows 7, 8, and 8.1 further. If you want to stick to Chromium, an official Registry hack exists that allows extending the support for MV2 add-ons with the help of the "ExtensionManifestV2Availability" policy that is designed for enterprises. Enabling the policy allows an extended year of support for MV2 add-ons till June 2025. The policy works on Windows, as well as macOS, and Linux. Chrome version 110 or newer is needed, while for Edge, it is version 123 or later. Reddit user TeamDJ brought attention to the policy that can be added inside the Windows Registry using the Registry Editor app (Regedit) as a DWORD. They wrote: If you are savvy enough, you can also go about the above steps on your own using this official Chrome guide. As always, though, make sure to be careful when tweaking the Windows Registry. As an online publication, Neowin too relies on ads for operating costs and, if you use an ad blocker, we'd appreciate being whitelisted. In addition, we have an ad-free subscription for $28 a year, which is another way to show support! Source Hope you enjoyed this news post. Thank you for appreciating my time and effort posting news every single day for many years. 2023: Over 5,800 news posts | 2024 (till end of July): 3,313 news posts

Google is cracking down on the use of content blockers on YouTube. More and more users see prompts that "ad blockers are not allowed on YouTube". Currently, Google appears to test various designs and restrictions. YouTube users may bypass YouTube's anti-adblocker prompts for now, but there is no telling for how long these will work. Even major content blockers such as uBlock Origin run into issues from time to time. These do get addressed quickly though, but it is still annoying when it happens. There are alternatives to blocking ads on YouTube. One of them is to redirect videos to privacy friendly third-party sites. Skip and fast-forward YouTube ads Fadblock, Friendly Adblock for YouTube, is an open source extension for Firefox and Google Chrome that uses a different technique to avoid the massive number of ads that YouTube throws at you. Instead of trying to block advertisement, it is loading ads and then skipping or fast-forwarding them automatically. The developer explains that video ads do get loaded, but that they get either skipped, if the option is available, or fast-forwarded instead. The effect is the same: this process happens in less than 50ms usually, which means that these ads can't annoy you as they blaze by quickly. Tests in Firefox and Google Chrome on YouTube confirmed this. You may get a glimpse of an ad when you load a video on YouTube, but it is skipped quickly so that the actual video is loaded. Note that the Chrome version of the extension will run in other Chromium-based browsers as well. You can install it in Microsoft Edge, Vivaldi, Brave, Opera and all other Chromium-based web browsers. Another interesting aspect of the extension is that it can't be classified as an ad-blocker, as it does not block advertisement. The extension works on YouTube and also on third-party sites that embed YouTube videos, according to the description. It skips pre-roll video ads, banner ads and other display ad formats on YouTube. The developer lists all the different ad categories on YouTube that the extension skips. It includes the 10-second video ads that play without option to skip on YouTube, the 5-second video ads that can be skipped after 5 seconds, and even multiple ads shown in a row before the video starts to play. Firefox users may download and install the extension from Mozilla's Add-ons repository. Chrome and Chromium-based browser users may install it from the Chrome Web Store. Closing Words Fadblock is an interesting extension that uses a different technique to make YouTube more enjoyable. While there is certainly the chance that it may be detected by YouTube's anti-adblocking measures or thrown out of the Google Chrome Web Store, it does work perfectly for now. Source

One of the most annoying things about Windows 11 is Microsoft’s arbitrary safety requirements, which include a requirement for certain CPUs and TPM 2.0, which some PCs from the last couple of years might not have. While we’ve seen ways to bypass those Windows 11 requirements in the past and still install Windows 11, those left you without important Windows updates. Thankfully, there is another way to bypass those requirements and install the operating system. The process was most recently shared by X (formerly Twitter) user @TheBobPony, though it was discovered previously and even used in another Windows 11 install tool. The trick requires you to add “/product server” to the setup process using the Microsoft command prompt. You’d type that like “setup /product server” when installing Windows 11 from an ISO, and it forces the system to ignore the requirement checks that typically trigger. It’s been confirmed to work on the most recent Canary version of Windows 11, and as I noted above, it is a bypass that people have been using for the past couple of years anyway, so it should work on live versions of Windows, too. Of course, it does require some knowledge about how to use Command Prompt, and because you can mess up things by putting in commands, it’s recommended to only use it if you have a basic understanding of what you’re doing. If you don’t have much tech knowledge and you’re looking to upgrade to Windows 11, then utilizing one of these bypasses isn’t going to be the easiest thing. I’d recommend watching YouTube videos about the subject before trying it yourself, as you will want to have a basic idea of what you’re doing. Of course, you could also just go on ignoring Windows 11 like a lot of people are, as many aren’t happy with Microsoft’s recent move, which closed the pipeline that allowed users to upgrade from Windows 7 to Windows 11. No matter the choice, there are multiple ways to bypass the Windows 11 requirements if you so choose. Source

Windows 11 is becoming more popular among regular users, gaming audiences, and business customers every month. Although Microsoft has already released several feature updates with much-needed changes (more to come in early 2023), Windows 11 still has some notable shortcomings. Also, Microsoft cannot please everyone, so it is natural to expect relative discontent among those willing to ditch Windows 10. If you are already in the Windows 11 team or just plan to upgrade, here are 11 apps (in no particular order) we consider must-haves on Microsoft's latest OS. They improve existing features or add something Windows 11 lacks (they also work perfectly fine on Windows 10). You can also check out the older version of this article for Windows 10, published seven years ago. 1. Start11 ($4.99, 30-day trial) Start11 fixes the Start menu and taskbar in Windows 11. It provides several familiar and more convenient Start menu layouts, the ability to ungroup apps, move the taskbar to the top of the screen, reposition the Start button, and personalize the experience to your heart's content. Start 11 frequently receives updates and new features, and we are convinced it should be on each Windows 11 PC. Download Start11: Stardock.com Disclaimer: Neowin's relationship with Stardock 2. PowerToys (free) PowerToys is the only first-party Windows app in this list. It is a popular set of advanced utilities for Windows 11 and 10 users that includes more than 15 "toys" for editing the hosts file, measuring your display, remapping keys and shortcuts, arranging apps and windows, keeping programs on top of the other, checking what processes block a file, extracting text from images, and more. Besides providing a massive list of utilities, PowerToys is highly customizable and supports settings backups. Download PowerToys: GitHub | Microsoft Store 3. Twinkle Tray (free) Twinkle Tray makes managing your monitor's brightness easier without reaching for the physical controls or installing ugly-looking OEM software. The app features beautiful Windows 11-like UI with advanced options, such as the ability to schedule automatic brightness adjustments, set custom shortcuts, sync brightness across monitors, set additional parameters (contrast or volume), change the power state, and many more. You can even adjust the brightness with the scroll wheel when hovering the cursor over the app's icon. Download Twinkle Tray: Twinkletray.com | Microsoft Store 4. NanaZIP (free) NanaZIP is a fork of the popular 7Zip archiver. Besides offering what the original does, NanaZIP provides a better Windows 11 experience thanks to integration with the redesigned context menus. Also, NanaZIP is slowly migrating to WinUI, so the app will eventually get a much more modern user interface. Download NanaZIP: Microsoft Store 5. Files App (free) Files App is what the stock File Explorer should be. The app has numerous features to boost productivity when working with files, archives, and folders. It supports tabs, multi-pane and tree views, tags, compact overlay, custom themes, archives, and many more. Moreover, you can set Files App as your default Windows file manager, plus it has much better and more convenient context menus. Files is a free and open-source project with a beautiful user interface and frequent updates that deliver new features regularly. The only thing to note is that the app cannot replace windows, such as "Save as" or "Open." Download Files App: Microsoft Store 6. Auto Dark Mode (free) Windows 11 still does not support automatic theme switching on schedule or sunset/sunrise, so here is an app that can automate the process, plus throw in several extra features. Auto Dark Mode allows creating custom schedules for mode switching, specifying custom themes for dark and light modes, toggling themes with shortcuts, personalizing backgrounds, etc. Download Auto Dark Mode: GitHub | Microsoft Store 7. ShareX (free) Windows 11 has plenty of screenshot-making tools. However, they are all on a more basic side (there is still no built-in screen recorder, and the one coming is lackluster at best), so those who need more advanced and convenient features should opt for ShareX. Although mastering the app to fit your specific needs might take a little more than one minute, the result will be a robust screenshot utility with a feature-packed editor, custom actions, OCR, screen recording (GIF and video), and more. Download ShareX: Getsharex.com | Microsoft Store 8. EarTrumpet (free) Pepperidge Farm remembers having a quick and easy-to-use volume mixer in Windows. Unfortunately, it is now buried in the Settings app (right-click the volume indicator and select "Volume Mixer"), so here comes the EarTrumpet tool. It will place another volume indicator in the notification area, and clicking the icon will open a flyout with your audio output devices and apps playing sound. The only problem with EarTrumpet is the old Windows 10-styled UI and Windows 11's inability to remove the standard volume indicator. Download EarTrumpet: Eartrumpet.app | Microsoft Store 9. QuickLook (free) This app copies one of those small neat features available in macOS by default. Apple's desktop operating system lets you preview any file by pressing the spacebar key, and you can get the same thing in Windows with the QuickLook app. Besides being small, light, and fast, the program supports various plugins for expanding its stock capabilities. Download QuickLook: Microsoft Store 10. Paint.NET (free) Paint.NET is something people often call "a free photoshop alternative for Windows." It's an excellent tool for those who need more advanced image editing features for free and without subscriptions. Paint.NET offers an intuitive user interface with support for layers, unlimited undo, special effects, and a wide variety of powerful tools. Download Paint.NET: Getpaint.net 11. Dynamic Theme (free) Dynamic Theme is a small wallpaper tool that lets you download and set as the desktop or lock screen background Bing and Windows Spotlight images. The latter is infamous for its frequent bugs, so Dynamic Theme is here to save the day (still not immune to bugs). The app also gets extra points for its native-looking UI resembling the stock Settings app. Download Dynamic Theme: Microsoft Store Of course, we cannot list every app in a single article. If you know other hidden gems for Windows 11 and 10, let us and others know in the comments below to spread the knowledge! Top 11 apps every Windows 11 user should have EDIT: Substituted image for incorrect article ShareX image

The privacy-focused DuckDuckGo browser purposely allows Microsoft trackers on third-party sites due to an agreement in their syndicated search content contract between the two companies. DuckDuckGo is a search engine that prides itself on its privacy by not tracking your searches or your behavior while performing searches. Furthermore, instead of building user profiles to display interest-based advertisements, DuckDuckGo will use contextual advertisements from partners, like Ads by Microsoft. While DuckDuckGo does not store any personal identifiers with your search queries, Microsoft advertising may track your IP address and other information when clicking on an ad link for "accounting purposes" but it is not associated with a user advertising profile. DuckDuckGo also offers a privacy-centric web browser for iOS and Android that promotes many privacy features, including HTTPS-always encryption, third-party cookie blocking, and tracker blocking. "Tracker Radar automatically blocks hidden third-party trackers we can find lurking on websites you visit in DuckDuckGo, which stops the companies behind those trackers from collecting and selling your data," explains the Apple App Store page for the DuckDuckGo Privacy Browser. DuckDuckGo browser allows Microsoft trackers However, while performing a security audit of the DuckDuckGo Privacy Browser, security researcher Zach Edwards discovered that while the browser blocks Google and Facebook trackers, it allowed Microsoft trackers to continue running. Further tests showed that DuckDuckGo allowed trackers related to the bing.com and linkedin.com domains while blocking all other trackers. In response to Edwards' long thread on the subject, DuckDuckGo CEO and Founder Gabriel Weinberg confirmed that their browser intentionally allows Microsoft trackers third-party sites due to a search syndication agreement with Redmond. This has led to quite the uproar on Hacker News, where Weinberg has been defending the company's transparency surrounding the agreements with Microsoft. However, Weinberg has made it clear that this restriction is only in their browser and does not affect the DuckDuckGo search engine. "Tracking is tracking" While DuckDuckGo has been transparent regarding the advertisement partnership with Microsoft, it is not clear why they did not disclose the allowing of Microsoft trackers until a security researcher discovered it. This revelation comes at the wrong time, as DuckDuckGo recently went after Google for their new 'Topics' and 'FLEDGE' tracking methods, saying, "Google says they're better for privacy, but the simple fact is tracking is tracking, no matter what you call it." After publication of this story, DuckDuckGo's Weinberg replied to our Tweet stating that they are working to remove this restriction from their agreement and to be more transparent in app store descriptions. "In addition, we are working with Microsoft to remove this limited restriction the article refers to. We're also working on updates to our app store descriptions to have more information. Hope this is helpful context," tweeted Weinberg. BleepingComputer was also sent the following statement from DuckDuckGo CEO Gabriel Weinberg, which is in its entirety below: "We have always been extremely careful to never promise anonymity when browsing, because that frankly isn’t possible given how quickly trackers change how they work to evade protections and the tools we currently offer. When most other browsers on the market talk about tracking protection, they are usually referring to 3rd-party cookie protection and fingerprinting protection, and our browsers for iOS, Android, and our new Mac beta, impose these restrictions on third-party tracking scripts, including those from Microsoft. What we're talking about here is an above-and-beyond protection that most browsers don't even attempt to do — that is, blocking third-party tracking scripts before they load on 3rd party websites. Because we're doing this where we can, users are still getting significantly more privacy protection with DuckDuckGo than they would using Safari, Firefox and other browsers. This blog post we published gets into the real benefits users enjoy from this approach, like faster load times (46% average decrease) and less data transferred (34% average decrease). Our goal has always been to provide the most privacy we can in one download, by default without any complicated settings." Microsoft declined our request for comment. Update 5/24/22: Added Gabriel Weinberg's statement. DuckDuckGo browser allows Microsoft trackers due to search agreement

The loophole has a loophole Yesterday, we wrote how Microsoft’s Windows 11 won’t technically leave millions of PCs behind — the company told us it won’t actually block you from installing Windows 11 on a PC with an older CPU, so long as you download and manually install an ISO file all by yourself. But it turns out even that technicality has a technicality. Microsoft is now threatening to withhold Windows Updates from your copy of Windows 11 — potentially even security updates — if you take that route. We’re not sure why the company didn’t mention it in our original briefing, but Microsoft has since told The Verge that unsupported PCs won’t be entitled to receive Windows Updates, and that even security and driver updates may be withheld. CYA or genuine threat? It’s quite possible this is just a cover-your-ass measure on Microsoft’s part. It’s hard to imagine that Microsoft wouldn’t issue critical security patches, when we’ve often seen the company extend support and offer the occasional free patch even after it’s shelved an operating system for good. If I were in Microsoft’s shoes, I might just want to discourage people from thinking I was offering a warranty and technical support for every possible PC configuration under the sun to avoid potential legal headaches down the road. Better to underpromise and overdeliver. But it’s also possible Microsoft genuinely does mean to withhold patches at some point in the future — potentially even at launch. Microsoft declined to clarify things further at this time, which suggests the company’s perfectly happy for us to assume this is a genuine threat. It’s not just security updates at stake, by the way: If you’re unwilling or unable to replace your older-than-Intel 8th-Gen-CPU, Windows 11 could theoretically be an operating system where you go back to the days of manually downloading driver updates for all your hardware, something I haven’t needed to think about for years. Windows 10 wowed me from day one by seamlessly working with my aging laptop, so it’d suck if that’s not the case anymore. (Admittedly, the generic drivers that ship with Windows are often good enough.) Feature updates are probably less of a big deal: if you’re the kind of person who would install a Windows 11 ISO on your computer to begin with, you can probably download a newer ISO the next time there’s a major Windows update that you want, and do an in-place-install. I just reformatted my machine with the Windows 10 2H21 ISO, and I barely had any patching to do afterwards. But I suppose Microsoft could change its mind about system requirements for future ISOs, too. Why leave us in the dark? My best guess is the one I offered yesterday, when I wrote how “The Windows 11 upgrade situation just got less and more confusing”: the company seemingly wants to push Windows users to buy a new PC, whether they need one or not. Yesterday, the company told us about a loophole that could placate some of the company's vocal power users who don’t want to give up their old hardware. But if that loophole gets in the way of Microsoft’s plans, the company is reserving the right to make it far less attractive. Microsoft is threatening to withhold Windows 11 updates if your CPU is old

We reported earlier that some Windows 11 Insiders whose PCs did not meet Windows 11 hardware requirements were receiving messages suggesting they downgrade to Windows 11. Brandon LeBlanc from the Windows Insider program has now clarified the situation somewhat. In short, if your PC does not meet hardware criteria you will continue to recieve the small cumulative updates which Microsoft has been sending out weekly to Insiders, but not the larger departures Microsoft is planning for Insiders in the Dev ring in the near future. In addition, when Windows 11 reaches general availability you will once again be asked to downgrade to Windows 10. Microsoft did not clarify what exactly will happen to Windows 11 Insiders who decline to downgrade to Windows 10. Brandon notes that this was always been the plan since Windows 11 entered the Insider programme on the 24th June. The relevant section is the Red section – for PCs which do not meet the minimum hardware requirement for the Windows Insider programme. Notably that minimum requirement is a very low bar – being able to install Windows 11 from the Media Creation Tool, and not Microsoft’s higher bar for Windows 11 offered via Windows Update. Windows 10. Microsoft has some more clarification to do, but it seems most Windows 11 Insiders will not be affected by this policy. Microsoft clarifies (slightly) what happens to Windows 11 Insiders with non-compliant PCs

Mysterious Malware Blocks The Pirate Bay and Other Pirate Sites A new type of recently discovered malware actively targets pirates. Instead of heavily compromising the computers of victims, its main goal is to block hundreds of pirate sites. Sophos found several variations of the malware, which itself is disguised as pirated software. While the impact can be great, fixing the problem is relatively easy. For a few years now, copyright holders have warned that people who use pirate sites risk running into malware and other malicious content. These warnings are meant to dissuade people from using these sites. However, a new type of malware already does that in a more direct way. In an article published this week, British security company Sophos highlights a malware campaign that actively targets pirates. Not to harm their computers, but to block them from accessing pirate sites in the future. Disguised as Pirated Software The malware in question is disguised as pirated software and is shared on regular torrent sites and other places. The packages look like regular ‘cracked’ releases but those who try to install the software are in for a surprise. Instead of installing a cracked version of the software users were looking for, the malware triggers a fake error message which mentions that a DLL file is missing. “The program can’t start because MSVCR100.dll is missing from your computer. Try reinstalling the program to fix this problem,” the error reads while executing the malware in the background. Once executed, the malware tries to contact the 1flchier[dot]com domain, which is a typo variation of the file-sharing site 1fichier. When successful, it downloads a new payload titled ‘ProcessHacker.jpg,’ while sharing the filename of the pirated software the victim was planning to use. It is unclear if this data is being used for anything but at the moment, the malicious domain is no longer accepting requests. However, it appears that the malware has been in use for several months at least, so this may have been different in the past. Blocking Hundreds of Pirate Sites Where the malware really shines, is when it actively modifies the ‘hosts’ file on users’ computers. This file can be used to override how domain names resolve. The attackers use it to link a few hundred to over a thousand pirate domain names to the localhost address, 127.0.0.1. This change effectively blocks victims from accessing the sites, which includes The Pirate Bay and many of its proxies. Interestingly, this isn’t the first time we’ve seen malware do this. More than a decade ago a similar threat was widely shared on torrent sites. This also modified the ‘hosts file‘ to block The Pirate Bay. In addition, it also triggered popups that played a sound file saying that “downloading is wrong”. Sophos has no idea who is behind the malware and neither have we. While it could be an interesting anti-piracy strategy, it’s unlikely that the malware comes from that angle. It could just as easily come from a rival pirate site that is not on the blocklist. Easily Fixed In any case, Sophos reports that its software blocks the threat, so its users are safe. Also, people whose computers are compromised can easily fix the problem themselves too. “Users who have inadvertently run one of these files can clean up their HOSTS file manually, by running a copy of Notepad elevated (as administrator), and modifying the file at c:\Windows\System32\Drivers\etc\hosts to remove all the lines that begin with “127.0.0.1” and reference the various ThePirateBay (and other) sites,” Sophos writes. Source