NoelC

I might add, though not a regular Firefox user myself... "Is there maybe an obscure option you can change to overcome the limitation, at least for now?" -Noel

Heh, no. See Mr GRiM's comments on the likely outcome of running SFC or DISM on a system tweaked in this way to restore the Microsoft-prescribed system configuration. I certainly would not advocate doing something that there are already automatic processes to undo. Gone are the days, my friend. Sooner or later they'll make a feature or function you love impossible to achieve and your bright outlook on what Microsoft's doing may change. -Noel

Fair enough, I did over-generalize that. Yes, I can see how there could be merit to adding the hardware and processes to your system to create an alternately bootable setup. There are also such things as RAID configurations that offer redundancy from failure. Last backup I restored (and it's been quite a while) did take a few hours, and if you have a system config that lends itself to doing so, and minimizing downtime is important then I agree, cloning your running system could be viable and useful. I have little experience with cloning system drives, since for a long time with my setups (system drives being RAID arrays) cloning makes less sense. How do the activation processes in a modern Windows system handle suddenly running the system from a different (cloned) disk drive? Is it considered a small enough change in hardware to not need re-activation? In a case where an entire system was replaced, of course I saw that re-activation was necessary (and a relatively painless process, but again keep in mind my info is dated; that was with Win 7). -Noel

Sure, that makes sense if you need your system to limit what you can do because you make so many mistakes that you're dangerous to your system's health. And the key is that using a non-privileged account is an OPTION, not an imposition on people who know what they're doing and don't need it. Trouble is, that OPTION is no longer available if you want to run the ridiculous Modern/Universal Apps - which (besides the fact that they're all just useless junk) is one reason I won't bother with them. And yes, AV programs often DO "hurt", in a number of ways: 1. They are never perfect, yet... 2. People tend to think of them as end-alls, and get a false sense of security from them. 3. They often use significant system resources which would be better spent doing the computing you need. 4. They create dependencies that draw people into the "cloud" mentality, with unexpected failures and being denied useful functions (think system instability and false positives). Having a false sense of security is far worse than having no security. -Noel

I think it was MrGRiM who posted that if you replace the Aerolite folder and files with those from your favorite theme you can coerce Win 10 into loading it. Don't go by what I'm saying, though - look for the specific info he posted. Clearly Microsoft doesn't want us doing that, but apparently there's still a way. -Noel

The thing about software system environments being stable for a while is that people really do need time to develop for them. Often a LOT of time. If the Windows desktop hadn't been stable and placed compatibility high on the list of priorities for literally decades much of the great software available for that platform would never have been developed. Regarding security, that software would require signed add-on components isn't bad in itself, per se, but you will inevitably run into situations such as what you've seen, Jorge, as we make the transition from "anything goes" to "being signed as a requirement". Your "solution", of course, per the big companies is merely the expenditure of some tens of dollars a month more for an Adobe cloud membership, after which all your trouble will be magically swept away. Yes, that was said with sarcasm. I actually have a Creative Cloud membership, and returning to reality, anecdotally at last count I have disabled some 39 Adobe "background/cloud" programs using Autoruns (including the very feature you're mentioning, Jorge), leaving a mere 7 in place. And that's only after setting up various versions of Photoshop and the latest Acrobat software. And I have to say, the latest Acrobat software, which has adopted Win 10's flat, lifeless look, is a disappointment. It is the way of things - more money for less functionality - and is supposed to start feeling comfortable Real Soon Now. By the way, can you not print to PDF, Jorge? -Noel

From my personal experience... Thinking first then acting, running a well-managed hosts file that blocks near 30K badware servers by name, using OpenDNS, reconfiguring IE to block the running of ActiveX from all but Trusted Sites, running a deny-outgoing-connections-by-default firewall, using Win Defender as a safety net, regular scans with MalwareBytes AntiMalware to see if anything made it through the barbed wire... Basically all the stuff I linked-to up in post #2. I've had no infections. None. Not even close for as long as I've used Windows on the Internet. So yeah, it's effective as a long-term strategy. A system that does everything it can to help you not bring in malware in doesn't need to protect itself as strongly against malware being installed. Of course both strategies could be used together. A reality check: Use IE's F12 Developer tools and enable the Network trace... Display the index page of this forum page. When I did I saw 41 requests, 6 of which were immediately aborted. The whole page is completed in under 1 second. Plus I see a message claiming that an add-on control (ActiveX?) wasn't allowed to run. The first key is that the scripts from those 6 blocked accesses represent trackers and ad servers would likely have brought in even more data. THAT's where much of the dangerous stuff is. You know those "specially crafted web pages" Microsoft talks about in their security bulletins that the malware writers are getting hapless users to view? Plus that add-on - clearly it doesn't need to run... Here I am, interacting on this forum just fine without it. And that's just on THIS site. For what it's worth, my managed blacklist sources are: http://winhelp2002.mvps.org/hosts.txt http://malware-domains.com/files/domains.zip http://mirror1.malwaredomains.com/files/immortal_domains.txt http://www.malwaredomainlist.com/hostslist/hosts.txt plus a number I've compiled on my own I just checked to see how closely managed these are... In just the last 6 days since last time I compiled the list a dozen new entries have appeared. At some point I'll tidy up the tool that compiles the list into a minimal impact hosts file and post it on this forum. -Noel

Antivirus software is not what I'm advocating. With what I do it's just a backup safety net that's never really needed. When used as a first (or only) line of defense, as you have pointed out it essentially just gives a false sense of security. The security firm above does correctly identify the web browser as involved with many malware infections. I've yet to find something wrong with the idea of setting up a computer to be FULLY functional, yet the browser and other software just avoid loading ads and malware. The number of sources of malware is not infinite. If the system doesn't request the malware in the first place, doesn't allow it to actually run if somehow it does get downloaded, and has a safety net that would block it if it DID try to run, and doesn't have an ignoramus user who's so driven to play that he circumvents all protections for the thrill of the moment, it's actually quite hard to get an infection. :-) Oh, and things are generally a lot faster if the computer isn't spending time trying to load stuff you don't want to see. -Noel

That's interesting, because I most definitely did NOT see a Windows.old on the update to 10586.36. -Noel

It's quite possible that backups are such a staple among the technically educated that they go without saying in a place like this. Backup anecdote: Not terribly long ago I checked backup files on a few year old Western Digital MyBook drive connected to my 2015 Haswell-based system via USB3. Upon doing some fairly long-winded comparisons I found data errors! Only by connecting it to one of the USB2 ports did I avert the occasional errors showing up in multi-gigabyte files. It was not a cabling issue, nor anything wrong with the software. I updated all drivers and firmware to no avail. The problem is apparently inside the MyBook box itself, possibly in the chips themselves, and is averted entirely by using USB2 instead. I can imagine someone thinking, "I'm too lazy to find that bug, and it has only about a 1 in a billion chance of occurring, which is less than the chance of getting hit by lightning". Thinking is so underrated. -Noel

Those charts are interesting, though a bit difficult to compare directly because the colors have been reassigned. They also seem out of sync from the weekly data from statcounter.com, which puts usage of Win 7 at about 47% right now. A 9% difference in numbers is pretty huge in a market this size. Get used to the fact that the one OS Microsoft is pushing is going to increase, and the others are going to decrease. People are being worn down. The world will all be pushed onto Win 10 - or Microsoft will fail utterly, in which case Windows will just stop working worldwide. -Noel

Right. 100% in Internet Explorer. That's why modern Windows systems never get malware through Internet Explorer, because UAC is so effective, right? Sure, and in the extreme just turning off the computer and leaving it off would eliminate 100% of all malware vulnerabilities. This thinking is right up there with Microsoft's "one desktop, with flat and lifeless controls, for all". Someone somewhere may think it's a good idea, but in actual practice it just sucks. I prefer the reality where what the user wants/needs to do is actually most important, and smart users can get much more done with ALL the power their computer has on tap. Do you know of anyone who really wants their computer to prevent them from doing the things they want to do? I'm a human, possibly a bit more educated and experienced than most with regard to computer usage. I use my computer a LOT. Virtually all day every day, and usually well into the night. For ALL that I want to do, a lot of it online. That I have been able to keep UAC disabled and run everything as a full time admin with NO infections - for decades - says that it's possible for someone to do so. I hate to sound critical, and I wish more power to you for trying to help the "unwashed masses" of untrained, inexperienced users use their computers with a lower threat of malware. I just think that education and other measures do a LOT more to bring people to that goal. -Noel

How dare you WANT to customize your desktop!! Hater!!! -Noel

I wouldn't think that running the OS on a virtual machine in a properly licensed fashion ITSELF would be considered against the services agreement, but using a nonstandard firewall setup to block communications one doesn't want could be, or the removal of Cortana, or... Bottom line is this: Microsoft clearly doesn't want us "having it our way", but rather to use the OS just as they've provided it - however much that reduces the functionality for individual users. The "last update" you spoke of... Would that be the Windows 10 build 10586 install? I ask because none of the updates for me SINCE 10586.0 so far have created a Windows.old folder. The 10586.0 "in-place upgrade" is a full operating system installation, which not only installs a whole new build, but also resets many preferences and re-installs many things you might have chosen to remove. I even found and documented, for example, that quite a number of privacy settings I had made were reverted by that 10586 in-place upgrade. Now here's the kicker: Microsoft intends to release one of these in-place upgrades every 4 months. Let that sink in. Some of the piles are thus bigger than others. -Noel

I just looked in the download from Big Muscle's site - no, it's not been updated since March. -Noel

What's not working for you? I've heard complete re-theming is only possible with additional tweaks, that UxThemeSignatureBypass may not be working. I haven't tried to re-theme myself, just change the theme atlas graphics. My SquareCorners10586.png and SquareCorners10586.png.layout files seem to work okay with 10586 and the released Aero Glass for Win 8.1+ software. -Noel

Use the Testing version of GUI application to modify Aero Glass parameters that is provided on this page: http://www.glass8.eu/download.html With that program you uncheck the [ ] Theme atlas image box. -Noel

I believe MrGRIM, but I notably do NOT use a comma in the definition. -Noel

Understood. From so many years of typing I find typing in my password so second nature at this point that I don't even notice it. -Noel

Well, to be fair, the UxThemeSignatureBypass DLLs are still working to colorize title text on ribbon-enabled windows, which is all I use it for. I've all but given up on loading full themes into Windows 10. There just seems to be too much resistance from the constant Microsoft changes. -Noel

Add its path to your AppInit_DLLs value in the registry using regedit. Re prior comments, on my list of things to do is to try to resurrect rounded corners. I haven't found time for it yet, but I crave them too. -Noel

Aero Glass for Win 8+ for version 10586, found here: http://www.glass8.eu/download.html For me the installer ran perfectly and Aero Glass started right up. It even retained my custom theme atlas setting. Looks like the aerohost.exe, DWMGlass.dll, and ModernFrame.dll have all been updated with the latest build, so if you use ModernFrame to alter the chrome on Modern apps you'll want to run the installer to get the latest modules, since it's not included in the manual file sets. [2015-12-22 12:19:36][0x658:0x65C] Installing DWM hook... [2015-12-22 12:19:36][0x658:0x65C] User: SYSTEM [2015-12-22 12:19:36][0x658:0x65C] Module: C:\AeroGlass\DWMGlass.dll [2015-12-22 12:19:38][0x3EC:0xB88] Machine ID: xxxxxxxxxxxxxxxxxxx [2015-12-22 12:19:38][0x3EC:0xB88] Checking key xxxxxxxxxxxxxxxxxxx for ID xxxxxxxxxxxxxxxxx... [2015-12-22 12:19:38][0x3EC:0xB88] Hook (USER32.dll!DrawTextW from udwm.dll) installed [2015-12-22 12:19:38][0x3EC:0xB88] Hook (GDI32.dll!CreateBitmap from udwm.dll) installed [2015-12-22 12:19:38][0x3EC:0xB88] Hook (GDI32.dll!CreateRoundRectRgn from udwm.dll) installed [2015-12-22 12:19:38][0x3EC:0xB88] Aero Glass for Win8.1+ 1.4.5.520 x64 correctly loaded (C:\AeroGlass\DWMGlass.dll). [2015-12-22 12:19:38][0x3EC:0xB94] DBGHELP: Symbol Search Path: .;SRV*C:\AeroGlass\symbols*http://msdl.microsoft.com/download/symbols [2015-12-22 12:19:38][0x3EC:0xB94] Loading settings (flags = 0x3) from HKEY 0x0000000000000360 for session #1 [2015-12-22 12:19:38][0x3EC:0xB94] dwmcore.dll version 10.0.10586.0 [2015-12-22 12:19:38][0x3EC:0xB94] udwm.dll version 10.0.10586.0 FYI, keep in mind the installer will completely overwrite AppInit_DLLs, so if you were using the UxThemeSignatureBypass DLLs, for example, you'll need to remake your preferred AppInit_DLLs value. -Noel

They enabled telemetry without option on the pre-release builds. After all, pre-release builds are all about THEM, right? While the "regular" builds are so much more oriented to US and OUR needs. -Noel

You didn't answer the question about why you feel it's better, but that's okay if you don't want to. The reason I asked is because I was just going to suggest setting the password to the same number as the PIN. -Noel

Yes, absolutely. My security strategy is already better than what SmartScreen could hope to provide. No malware has gotten even close to my systems for decades. -Noel