NoelC

They don't really install or run continuously, so they won't really interfere with one another. They're more like integrators of the many, many settings available under the covers. No doubt there's some redundancy, but they're not particularly difficult to run. -Noel

Cool! That is definitely a way to start Windows 10 without sihost. Thanks for that info. However... The problem is that you now have no way to run the Action / Notification Center, nor run the Settings App. Not that I *LIKE* these components, but I don't think there's a way to do everything else needed... For example, how would you do initiate a Windows Update? If Microsoft would have retained enough of the Control Panel to be able to do things the old way, that would be a very good tweak indeed. As it is, it appears to cut too deep. You don't know of a way to resurrect all the functionality that can only be done through Settings and the Action / Notification Center, do you? -Noel

I don't believe disabling the Task Scheduler is a good idea at all. Besides using it yourself, there are a lot of tasks that need to run in order to keep a Windows system healthy. -Noel

W10Privacy seems like a good tool, as is O&O ShutUp10, but they aren't end-all solutions. They get you a lot of the way there, and you may find it's better to use them (both) than not to use them at all. I have used them both to achieve a much quieter system, but there are tweaks still needed after, especially if you prefer to run a non-standard configuration without any trace of the store or Cortana. I have found there are still some communications that Win 10 attempts, occasionally. Just in the last 5 minutes (right after bootup) I see that it tried http connections with 23.14.84.17 and 23.14.84.27. I didn't use W10Privacy before the 10586 "upgrade" (because I didn't know about it), and observed that O&O ShutUp10 had many of its settings reverted when the installation dust had settled (I posted screenshots around here somewhere). THEN, after that, I found more settings to change to be "more private" with W10Privacy. I haven't done a rigorous study to see where and how much they overlap, but again, it seems like W10Privacy is a good tool to have around. If nothing else, looking at the settings it provides makes you think. W10Privacy also goes a bit beyond privacy issues and gets into "tweaks" - e.g., what icons to show on the desktop, removing shortcut arrows, scheduled task maintenance, uninstallation of Apps, etc. I don't know how effective the uninstallation of the System-Apps is, as I already had them all out before trying the tool. As I use a 3rd party firewall, I have left alone all the Windows Firewall settings W10Privacy provides (i.e. the Telemetry and Firewall sections). In the W10Privacy version I tested (1.8.0.2), I didn't find evidence of malware or spyware. There doesn't seem any harm in trying it to see what settings it offers, and FYI, if you try it, know that it can take quite a long time (tens of seconds) to start. It's not stuck; be patient. I watched Process Hacker while it was doing so and behind the scenes it apparently runs a lot of system commands (e.g., DISM) to gather information. I don't advocate checking every box. Read each one and understand what it does first. -Noel

It's possible it's an interaction. I don't know the internals. I help test Aero Glass, but the implementation is all from Big Muscle. Did you get any blur in the Start Menu without the Aero Glass for Win 8+ tool being in the system? I know it's possible with the Taskbar. -Noel

I took the experiment further and couldn't reproduce it with a Tortoise SVN window that uses actual Aero Glass translucency. Unfortunately, I really do think that's the Windows 10 "native" blur causing the problems, so I'm thinking Big Muscle won't be able to do anything at all about it. Just another half-working Microsoft implementation. I do wonder any more whether they have anyone at all on staff who actually cares whether things work right. -Noel

I was able to reproduce the problem as well, mixing Modern and desktop applications. It appears that even if a Modern App is BEHIND a desktop window, its almost as though the desktop window entirely disappears. Strangely, I was able to reproduce it with Classic Shell also. This may not have anything to do with Aero Glass - doesn't Windows do Taskbar and Start Menu blurring itself now? I believe Classic Shell uses that method as well. Note these two cases, one with the bright Notepad behind the Settings App, and the other with it in front. In the second case, through the Classic Shell start menu you can still see the lightening caused by the word SETTINGS and all of the brightness of Notepad's white base color missing. -Noel

What I like most is the ability to configure dozens and dozens of settings based on zone (e.g., Internet zone, Trusted Sites zone, etc.) means that you can shut off the basic ability of the browser to run dangerous things in the Internet zone (i.e., any web site you happen to visit that's not in your Trusted Sites list), while still maintaining the automatic ability to run ActiveX (should you need to do so) in the Trusted Sites zone. So if your bank, for example, were to require an ActiveX be run in order to be able to complete a transaction, you could simply add their server (or domain using *.thebanksdomain.com) to your Trusted Sites list. You can also limit what scripts can do by zone. In practice, because only IE runs ActiveX, very few sites actually require it, so the Trusted Sites list can be virtually empty. Like I said, there are dozens and dozens of settings. The TL;DR of it is that you can set things up to be just capable enough (e.g., allow active scripting, but limited) so that you can do most everything online in the Internet Zone, but still be quite well protected from basic things, like programs running in iFrames. I also choose to run IE with just which add-ons I choose - which is a very small list. The list is directly manageable, as is the list of search providers, translation services providers, etc. Quite probably Microsoft finds it difficult to support all this configurable functionality, which is why they're trying to foist Edge on hapless users. What I *DON'T* care to use is Microsoft's "SmartScreen Filter", which isn't really necessary if one has taken other measures to blacklist badware sites. That's okay, that's de-configurable. I also don't choose to use UAC, which is much less a problem if ActiveX is simply blocked by settings. I guess what I'm saying is that I've been all through the IE settings, and they fit nicely in my overall strategy. And it must work - I get a very responsive browsing experience and have never gotten a malware infection. -Noel

I pondered how to word it and in the end I figured it's the most factual and least "do it my way!" if I just describe what I do. If you want to follow my lead, great, if not, great. Maybe it gives people some good ideas without getting too pushy. I don't propose it as the best approach in the world, just he best approach that I've been able to come up with to suit MY needs. You (rightly) point out that using a hosts file is not as good as having the name resolution server manage the blacklist. If I had the ability to reconfigure my router to load that large name resolution blacklist I would do so. I have been thinking of upgrading my router so as to be able to achieve that capability... Such activity would then protect every system in my LAN. In my case I run a script that compiles blacklists obtained from several sources (and I'm always looking for more well-managed sources), including: http://winhelp2002.mvps.org/hosts.txthttp://malware-domains.com/files/domains.ziphttp://mirror1.malwaredomains.com/files/immortal_domains.txthttp://www.malwaredomainlist.com/hostslist/hosts.txt What specific hardware are you using to accomplish blacklisting, if I may ask? Whether a router is willing to accept blacklist entries isn't usually a feature listed on the outside of consumer packaging. -Noel

I think a discussion about what services can be safely disabled is quite appropriate. I have personally disabled quite a number of services in Win 10 that I don't need, and the system is more private, secure, and efficient because of it. As mentioned, the only real way to approach this issue is by determining what the services are good for and whether you need them in your application of the OS. I personally prefer a lean, functional desktop and ZERO Metro/Modern/Universal support. Compare your system to this list of services and their settings that I have in my up-to-date Win 10 setup that accomplishes this goal: This list of scheduled tasks might also be interesting to you: -Noel

With every vulnerability discussed, I evaluate whether it could happen to me. In this case, it's not going to happen on my systems, for a number of reasons... I use Internet Explorer. Why? Because it's mature and actually has one of the best security models (though in a twist of irony it is not configured for highest security by default). DLLs do not download without the knowledge of the user. I can't imagine why anyone would bother with Edge, and Chrome is software made by Google - quite likely the LEAST trustworthy software company on the planet, even considering Microsoft's latest stance. That ads most often run in iFrames is a good reason for reconfiguring your browser (assuming you can) not to allow things to run in iFrames (and indeed, not to allow ActiveX to run at all except for trusted sites). It's a good idea to use a hosts file to blacklist badware sites, and to keep your hosts file up to date so that sites known to deliver malicious software - such as that DLL - are never contacted at all. There are several good online sources for such information. Don't get in the habit of downloading things to your default folder. If you organize your system so that you have a specific area that you download things into, e.g., subdivided by product. This would reduce the likelihood that a DLL would have been downloaded there ahead of time. And, you'll always have a copy even if you can no longer find the software online or have a problem where you need to access it when there's no Internet connection. Doing things a non-standard way, especially in a more organized, thoughtful way, is an excellent way to avoid traps crafted for the masses. I schedule regular scans in the wee hours of the morning not only by Windows Defender but also by MalwareBytes AntiMalware. I assume it would pick up such a malicious DLL having been downloaded somewhere. That's 4 or 5 solid reasons why I'm not vulnerable to this attack, and note that I never even mentioned an active AV package - just scans. Now, ponder how many things YOU'RE doing that would prevent the exploit on your system. -Noel

OK, I still had the files laying around, so here's a fresh build for both 32 and 64 bit editions, compiled with Visual Studio 2015 Update 1 against the Win 10 SDK... http://Noel.ProDigitalSoftware.com/ForumPosts/VersInfoEx32And64Bit.zip To use this software, please follow the installation instructions on the web site from which I got the sources: http://www.codeproject.com/Articles/118909/Windows-File-properties-Version-Tab-Shell-Extens What you should see, if it's installed and running properly, is a new tab in the File Explorer Properties menu entitled Version: Note: As of this writing I have only been able to test the 64 bit build (in Win 8.1 and 10), and it does work. Someone please let me know if the 32 bit build does not work. -Noel

When you say "this window", are you viewing the web page in Edge? I'm just wondering that perhaps a non-desktop application window doesn't register the same as a desktop window to the Aero Glass algorithms. -Noel

Yes, it is no longer the time of "things that actually work" taking precedence over "dude, that's so cool!" Thing is, they're not done yet. There's enough "actually work" still in 10 to convince many/most Win 7 users. Just wait. -Noel

As we have seen, discussing it does nothing. Those of us who want general purpose computing are doomed. We could make the whole world aware that they're heading straight for failure, and they would just wave us off with "Seriously? Who am I supposed to follow, you or a big, successful company?" No one thinks any more. We're seriously doomed. Even those of us who feel we have already taken measures to protect our choices. -Noel

Too much rush, too little... Everything else. -Noel

Project Redstone, right? The Mercury Redstone 1 launch did exactly that. OK, so it didn't fly very far (4 inches). When it cut off, prematurely, it settled back on the pad and remained upright. -Noel

What do the "!" symbols mean, vs. just "X"? "You can't do it with normal settings" vs. "If you do find a way the system changes it back without your knowledge or approval"? Folks in general are frogs in a pot, and that water's starting to steam! Wasn't everything supposed to return to normal after the little boy exclaimed, "The Emperor has no clothes!" -Noel

The question comes to mind: Why EVER plan to remove such an option? And if so, why would a plan like that be measured in weeks or months? People actually need years - sometimes decades - to adapt. What's the rush? The unwashed masses would just leave it alone at whatever default setting. Smart people, who WANT to be able to run an old plug-in, ON PURPOSE, and who might actually be capable of keeping in mind that they have changed the setting, might just be able to continue to use it quite effectively. It's all one and the same "new world" mindset: We just CAN'T let everyone continue to do whatever they want! Imagine a world where everyone's just free to do that! The horror! Perish the thought! Who's coming up with this ridiculousness? Young people today don't like being limited by other people's arbitrary rules. -Noel

I never figured I'd live long enough that a Unix derivative would inevitably be in my future. I thought surely Windows would continue to evolve into something better and better. But even that is better than bending over and letting Microsoft have their way. Just goes to show that evil and greed can screw up anything. -Noel

No, just the opposite. You can't run them with UAC disabled AT ALL. That's just stupid. If I want to be a full-time administrator, and I am willing to assume all the "risk" for that, I should be allowed to do so. The ridiculous UAC subsystem never quite gets out of the way, so I'll just continue to avoid running anything that requires it rather than get used to it. If Windows 10 becomes non-viable without UAC, then I won't run Windows 10. As it is I only run it as a curiosity. If more people would realize they're being herded and just refused, they wouldn't be able to herd us. As it is, with most everyone just having accepted UAC at the time of Vista, we're now screwed. Microsoft isn't going to make a **** dime off me in their App Store. And that actually means something - all my life I've paid good money for good software. -Noel

Thanks. I figured that must be the case up through Win 7 at least. My understanding is that you can change components - as long as you don't change too many. I wonder about 10. Now the activation seems to be all the more tied to the hardware. -Noel

It's good that you have found a happy place! -Noel

Sigh. Confirmed - even without a 3rd party theme there's no translucency in the context menus. Not sure whether Big Muscle will be able to do anything about those, though. It might be a request that would make more sense to the author of Classic Shell. Microsoft, despite the huge "Bring Aero Glass Back" feedback, has chosen to turn away from translucency. I guess it's because computers are getting slower and have less storage, making them less capable of delivering pleasant user experiences. -Noel

I wonder if anyone besides us sees that as scary. An OS that on the surface is labeled 'the same version' but which is composed of who knows what different components (and yes, I know it's always been thus, but this is just, well, more). Basically it's the worst parts envisioned for the new, opaque Windows Update strategy already realized. Thing is, I don't think even Microsoft can keep that kind of complexity afloat forever. Did you notice any settings being reverted when that update (which created Windows.old) was installed? -Noel