[HN Gopher] O&O ShutUp10++ - Free anti-spy tool for Windows 10, 11 ___________________________________________________________________ O&O ShutUp10++ - Free anti-spy tool for Windows 10, 11 Author : gibspaulding Score : 317 points Date : 2021-10-09 12:52 UTC (10 hours ago) (HTM) web link (www.oo-software.com) (TXT) w3m dump (www.oo-software.com) | unstatusthequo wrote: | Is it similar to WPD? https://wpd.app/ | schleck8 wrote: | yes, and to privatezilla. however the latter hasn't been | updated in half a year and i don't know whether WPD is | officially compatible with windows 11 | XzetaU8 wrote: | From their page: | | "WPD 1.5 and DashboardX 1.0 with Windows 11 support coming in | mid-October!" | tomc1985 wrote: | Sounds like this does the same thing as Blackbird | mmgutz wrote: | The UI is confusing (double negatives). Does Red "Disable | Inventory Collector" mean that is enabled? Red, to me, usually | means off on a toggle switch. | | It's explained in the help. | zalebz wrote: | agreed. I've been using this and similar tools for several | years and the cognitive load for every single setting is | infuriating. especially given the very obvious underlying | reason everyone is launching this tool. | gigel82 wrote: | There are a lot of open source scripts and tools on GitHub for | accomplishing the same goal (in various state of being out-of- | date, abandoned, etc.); I started collecting the ones that appear | somewhat active here: https://github.com/TemporalAgent7/awesome- | windows-privacy | | I plan on going through them to weed out duplicates and duds. You | shouldn't trust any of those blindly, but definitely read through | the code; I'm particularly interested in coming up with a list of | services and scheduled tasks that can be safely disabled without | impacting any of the applications and services I'm using (I want | Windows Update, OneDrive, Office, Defender, Store and store apps, | MS Account login and Xbox Gaming for example, which most tools | want to disable). | stevenicr wrote: | I want similar, although I don't want oneDrive - the level of | spying that's used for is unacceptable imho. | cma wrote: | I noticed a media disk drive grinding away the other day, | nothing made sense to be causing it. Turns out Chrome now scans | all your drives and sends executables back to Google by default | or something (software_reporter_tool.exe), even if you are a | software developer in competition with them (practically all | software developers since Google are essentially all- | encompassing at this point). | | Is it intuitive to anyone that a third party web browser would | be doing this by default? | RachelF wrote: | Spybot anti-beacon is also good. It also stops MS Office from | "phoning home" | marcodiego wrote: | Free as in beer. I wouldn't trust such an intrusive proprietary | application on my machine from a vendor who doesn't need to care | about its reputation. | midasuni wrote: | How did you get windows in there in the first place? | PicassoCTs wrote: | You mean windows. Neither do i. Linux and VMs for the | proprietary crap. | nfriedly wrote: | Are you talking about this tool or Windows itself? | marcodiego wrote: | Actually it can be seen as both. | | You're replacing an abusive part with another with the same | potential of abuse and you can't check of modify either of | them. | lvass wrote: | Confirmed abuse isn't the same as potential abuse. | jeroenhd wrote: | I can get behind that mindset, but if you're using Windows | you've already given up your ability to introspect your system. | The same is true for most of macOS/iOS and large parts of the | basic feature set found in Android. Most Windows programs, both | freeware and paid, are closed source, that's just the way that | ecosystem functions. | | These companies can exist the same way Winrar can exist: give | people the tool for free, wait for them to want to use it at | their business and sell the subscriptions there. Businesses are | much more wary if pirated software than consumers so Winrar | manages to survive to this day. To me, the amount of telemetry | collected from modern crapware indicates a lack of trust in the | product from even the developers themselves, which in turn | proves to me that the product isn't very good on some level I | might not be able to see. | | Just because something is free doesn't mean it's not reliable | if there are business subscriptions funding the product itself. | The way programs stalk their customers these days used to be | rare and the O&O team seems to follow the old software shop | practices rather than "modernising" and adding the very thing | they try to block to their own product. | marcodiego wrote: | It is possible to use windows as a mere kernel. Much desktop | software on a modern linux distro is portable. Even your | example, winrar, can be replaced by peazip or 7zip. | | I actually saw some people using mostly FLOSS on windows as a | step before full migration away from it. | MauranKilom wrote: | Had the same thought, but upon investigation I don't see the | incentive for the vendor to do something shady with it. | | They have a clear business model: Develop software for Windows | that companies need. See their About page: https://www.oo- | software.com/en/company | | Hence, it is clear what benefit they draw from releasing this | software for free: Marketing. They are not in the business of | brokering user data or mining bitcoin covertly. This tool isn't | even installed, it's "run once". To me, that's about as | trustworthy as it could be. | judge2020 wrote: | Windows will most likely consider this malware, since it is | effectively piracy (removes activation checks) and it does | mess with Windows Defender by disabling a bunch of phone-home | stuff like malware sample submission. If you're already | getting people to disable Windows Defender and/or make an | exception for the exe, it's suddenly super easy to also embed | some custom C&C into it, either for mass use (eg. using a | Windows service to have machines participate in a ddos | botnet) or for targeted use - when a specific network block | downloads it, the C&C sends a different payload that quietly | looks for git credentials or trade secrets and ships them | off. | | They technically don't have an incentive now, but if they | ever get one, it'll be super easy to abuse this position to | embed malware. Don't think of the threat as the current | company, but someone buying them for $millions and quietly | doing this years later. | OrvalWintermute wrote: | Windows won't treat this like malware, because, all the | other similar products out there are not treated as malware | either. | | because it does not run as a service/persist, it will be | undone by the next big windows update anyways. | schleck8 wrote: | It is not considered malware by Smart Screen from what I | can tell. Kaspersky doesn't have any issues with it either, | and I've run both the original and the ++ Version of | ShutUp. | | This is portable by the way, so I don't really see the | point in worrying about rogue company takeovers. | marcodiego wrote: | > I don't see the incentive for the vendor to do something | shady with it. | | Now. | | It is not a matter of having incentives. It is a matter that | they can abuse and you simply have no way to check or control | it. | breakfastduck wrote: | You have no way to check if this app is sending network | requests back 'home'? That doesn't seem correct at all. | marcodiego wrote: | For such an intrusive application there are many ways to | hide it. Not saying they do it, but I see no way to check | it unless looking at the source code. | stinos wrote: | Is it possible to circumvent Wireshark, Procmon and the | likes? Otherwise those 2 combined give pretty good | insight in what an application is doing wrt I/O. | jabits wrote: | Looking at the source code is pretty useless unless you | compile it yourself... | MauranKilom wrote: | Well, two possibilities that come to my mind: | | - Run it in a Windows VM. The program could detect this | and not phone home in this case, of course. | | - Monitoring on network level (wireshark on same network, | Pi-hole, router itself...). This is virtually impossible | for the program to circumvent. | | You could also audit the changes it made to the system | (resorting to stuff like diffing disk images before/after | if you really want zero trust) to verify that nothing | sneaky was left after running the program once. | loldk wrote: | Incentives are literally just reasons for doing things. So | naturally I don't follow your logic at all. | iratewizard wrote: | They're a Microsoft gold partner. Their reputation is on the | line. | marcodiego wrote: | Their with microsoft, you mean. Considering microsoft's | reputation with regard to telemetry and other abuses, I'd say | it doesn't mean much. | iso1210 wrote: | You're happy enough to take Microsoft products, how much | worse can a microsoft gold partner be? | iratewizard wrote: | Partners aren't with Microsoft. They're vendors and service | providers that live off of scraps from the mothership. If | they were to do something malicious, it would potentially | cost them their business. I'm sure Microsoft itself doesn't | care if under 1% of desktops use tools like this to turn | off their telemetry. | Ardren wrote: | Fair enough, though O&O has been around for ages (24 years) and | I don't remember hearing anything bad about them (and have used | their software in the past). | LinuxBender wrote: | I've not done any in-depth analysis of this app, but have used | it on a machine that required windows 10 at the time. My family | and friends have also used it. I can say that after they use | it, the DNS activity to the Microsoft tracking endpoints | appears to stop and other DNS activity is reduced but I am no | windows expert so I can not say for sure if 100% of telemetry | is truly nullfied. The real time dependencies on the activity | DNS/HTTPS endpoints does appear to be removed after usage. From | a network perspective it does stop the "chattyness" of Windows | 10. | marcodiego wrote: | I mean, it doesn't make much sense to replace an abusive | feature with a software that has the same abusive potential. | | If it was open source, then maybe there would be some reason | to trust it. | LinuxBender wrote: | It is sad that things like this are even required in the | first place. I would really like to have more trust and | confidence in Microsoft. To earn that trust they could | provide one page with all PowerShell sub-commands and links | from each command to a man/help page with real world | examples so I don't have to trawl through technet and | google or random github gists. | | They could also give people a true option during | installation to really for-really-real disable telemetry | regardless of what license _home, pro, enterprise, ltsc_ | they are using. | marcodiego wrote: | Fragmentation is not in ms best interest, but they could | actually license just the nt kernel with a bootloader | capable of launching it. Then people could build nt based | distros with carefully chosen packages. Just like it is | done with GNU/Linux. | | Maybe some one could write an application to delete as | many files as possible from a pristine windows copy to | turn it simply into a kernel launched by a bootloader. Is | there any project that does that? | LinuxBender wrote: | That's an appealing idea. From watching the behavior of | XBox One and Windows 10, I would be really surprised if | they created such a thing. It really seems more like they | want people to have dumb terminals with their binaries | pseudo-cached and operate more like a mainframe/cloud | model. | unicornporn wrote: | > I can not say for sure if 100% of telemetry is truly | nullfied. | | I'll leave this here: https://ameliorated.info/ | | No Windows Update for you, so security is debatable. | LinuxBender wrote: | This looks interesting. Is there something like a Vagrant | build image for this so that you can easily automate the | build process to pick up the updates and adjust the | configuration/customization in a json or yaml file? | kosasbest wrote: | I prefer the script[0] instead of the hacked ISO since you | can install the script in later versions of W10 using your | own preferred ISO. | | Only caveat: There's no way of telling what versions of W10 | it's compatible with (I imagine it breaks some versions). I | have an old VM with AME installed and manually enabled | updates by hacking the registry. (You could also alter the | .BAT script to enable updates, but you have to know what to | remove). | | This project is cute, but I only ever used it for an | offline sandbox for running low resource games and cracked | versions of Photoshop. I am scared as shit to connect this | thing to the Internet. I only connect to receive updates. | | [0] https://wiki.ameliorated.info/doku.php?id=documentation | _20H2 | unicornporn wrote: | > Since AME is no longer maintained | | What do you mean by that? AME 21H1 was released just the | other day. | | > This project is cute, but I only ever used it for an | offline sandbox for running low resource games and | cracked versions of Photoshop. | | It's perfect for VM use, but I would never use it as my | main OS. | kosasbest wrote: | Wow only learning that now. I thought the project got | abandoned | | Thanks for the update! | vgeek wrote: | The simplest way to test any software you're suspicious of on | Windows is Sandboxie (https://sandboxie-plus.com/downloads/). | Any files or registry changes are persisted to a separate | location in the filesystem, so it is pretty easy to catch | misbehaving software. For software like this, it will negate | the utility of the software due to being in a sandboxed | environment, but it will least give an idea of the registry | keys and files that may be modified. | marcodiego wrote: | This is not convenient to do at every update. On a windows | system were there is no known concept of built-in package | manager it is even more complicated. I've seen windows apps | that automatically update themselves. | | Also, since it is very intrusive, I don't think running it | into a sandbox may give good diagnostics. | vgeek wrote: | If this program has to be run persistently, then it won't | provide much, since a malicious program could wait X days | prior to downloading a payload. It is mostly useful for | looking for one time changes like registry settings and | verifying that the program doesn't place a bunch of random | .bat or .exe's in obscure folders. | | Windows loves to silently update things, even if it ends up | breaking everything, too. Especially drivers where it isn't | super obvious that it was updated and something just stops | working. Windows 10 is _way_ more aggressive with forcing | updates than 7/8 were, automatically re-enabling Windows | Update after 30 days of disabling. The easiest solution | that I've found is just blocking everything at the DNS | level. They can obviously use IP addresses as a workaround | if they really want telemetry, but I haven't had issues | after blocking a bunch of MS domains in the hosts file. | neilv wrote: | Debian and Linux are here to help: | | https://cdimage.debian.org/debian-cd/current/amd64/iso-dvd/ | | (The easiest Debian install experience might be to ignore the | scary official documentation, simply burn that hybrid installer | image raw to a USB stick or DVD+R, boot it on your target PC, and | have an Ethernet cable handy until you boot your installed | pristine Debian and then can enable install of "non-free" | firmware. If you need help, I'd use Web search.) | wellan741 wrote: | For Windows 10 i prefere w10privacy, open source and plenty of | options | glenneroo wrote: | It's definitely not open source. In their FAQ (which is only in | German): | | > Wieso ist die Software nicht Open-Source? "Die Community" | konnte mithelfen, die Software weiterzuentwickeln etc. ... | | "Why is this software not Open-Source?" | wellan741 wrote: | Oh yeah you're right! I must be more tired than i thought | freebuju wrote: | There's privatezilla too. If you consider Microsoft Defender | (real time scanning & sample submissions) to be a spy tool, there | are easy scripts available to permanently disable it, apparently | recent Windows versions decided not to honor instructions | disabling WD via registry or local group policy. | inside65 wrote: | I've been using this since W10 came out. It works, but as others | mention, some parts seem to stop working magically over time. | IG_Semmelweiss wrote: | Its not magic. Its windows update happening in the background | | I went from perfect system health , progressively into blue | screen death, it got so bad that it happened every 2 hours | after spiking my i7 to 100% cpu use. The decline happened | within a month of a win10 update back in Aug/Sept. | | A couple of MS support tickets and a windows reinstall later, I | finally gave up had to do a complete fresh PC install to fix. | | No issues since but i still get the occasional 100% cpu clock. | | Ive also turned on windows10 selective update download. | rkagerer wrote: | _I went from perfect system health, progressively ... it got | so bad ... decline happened ... I finally gave up had to do a | complete fresh PC install to fix_ | | Sounds like every Windows since 3.1. Instead of telemetry I | wish they'd focus on making an OS that stays robust and | performant indefinitely. | Shadonototra wrote: | Beautiful app, lightweight, and great UX, straight to the point | | An example to follow | GordonS wrote: | Microsoft has faced so much criticism for their approach to | telemetry - I don't really understand why they don't at least | provide the _option_ to opt out of all telemetry. | | If they left it enabled by default, but provided an _option_ to | opt-out, realistically only a small segment of users would do so, | and most of them would likely be power users who are already | taking other steps to try to prevent telemetry being collected | and /or sent. So they'd take an insignificant hit to telemetry, | but would gain a _lot_ in goodwill. | | Any reason not to do this? | [deleted] | 0xFreebie wrote: | Because they are pivoting to being an ad company like Google. | dannyw wrote: | Telemetry isn't just a tool for product managers, but it's also | a goldmine for national security agencies (more than just the | NSA; Bing is unblocked in China for a reason). | | Anti-government meme made with GIMP at a specific timestamp? | One search through the telemetry logs to find who exported a | file at that exact moment. | | Any data collection is also government surveillance unless | proven otherwise. | matthewfcarlson wrote: | Microsoft provides a tool that allows you to see all | telemetry that's captured | | https://blogs.windows.com/windowsexperience/2018/01/24/micro. | .. | | I don't work for microsoft anymore but I laugh at these sorts | of suggestions. I don't know much about bing but I do know a | decent bit about the telemetry pipeline and the idea of an | anti government meme detection is ludicrous at best. | Dylan16807 wrote: | > the idea of an anti government meme detection | | That's a fun strawman you made, but the actual idea in the | post was that telemetry might note when different programs | do events like save. | [deleted] | jeffbee wrote: | Imagine believing that Windows telemetry contains such data. | jgod wrote: | Imagine not knowing about The Coalition for Content | Provenance and Authenticity https://c2pa.org/ | jmnicolas wrote: | Imagine trusting Microsoft. | PaulKeeble wrote: | GDPR requires the opposite, data collection has to be opt in. I | don't really see why the telemetry they capture doesn't count | as peoples personal data honestly, it should given how much | behavior information is available from it. | matthewfcarlson wrote: | I believe it's only opt in when it contains user identifying | information. Information on did a feature work or not and how | long search indexing took isn't particularly sensitive once | you strip off any device identifiers. | arriu wrote: | But... You've just described how fingerprinting on the web | works. How is this not uniquely identifying information? | keyle wrote: | The simple fact that this even has to exist is hilarious. | OrvalWintermute wrote: | I agree, but in part, it is how the Windows business model has | changed. | | Older versions of Windows were the product, and the customer | was the end user | | With New versions of consumer Windows, user data is the | product, companies and advertisers are the customer, and end | users are the data source. | | Commercial/Server versions of Windows not so much. | kukx wrote: | I wonder how long they will stay a "Gold Microsoft Partner" after | this. | ChoGGi wrote: | Quite awhile; I'd imagine. It's not a new tool. | cricalix wrote: | It's existed for several years now, so apparently at least | several years. | vetinari wrote: | Probably as long as they pay the golden partner fee (some 3800 | eur/year). | k4rli wrote: | This is not a new tool. Has existed for years. | temac wrote: | Iirc this software exist since the release of windows 10, or | maybe shortly after, so I guess they can stay "gold partner" | forever. There is probably nothing in that program attempting | to prevent them to release that kind of software, and MS is not | Apple... | WithinReason wrote: | O&O ShutUp10++ | | "Gold Microsoft Partner" | nix23 wrote: | Gold competency: | | To attain a competency, partner must: Pass | required exams and skill validation. Meet performance | requirements. Pay the annual fee. | | $4,730 | TLLtchvL8KZ wrote: | I prefer https://privacy.sexy/ - it generates a script that I can | read/edit. | chaz72 wrote: | This is great! | https://github.com/undergroundwires/privacy.sexy/tree/master... | looks like the raw data (yaml) for all these commands, | including commands for macOS. With that, it's at least | plausible to audit these commands. | | I probably still won't trust it on a critical system without a | reputable audit though, I think I'd still prefer to either | trust Microsoft or Apple or go run OpenBSD or Linux instead. | TedDoesntTalk wrote: | What O&O stand for? | MauranKilom wrote: | > O&O Software GmbH was established in 1997 in Berlin, Germany | by Oliver Falkenthal and Olaf Kehrer. The idea for the name | "O&O" originated back in 1991 in the form of O&O Systemtechnik | GbR, a company offering software specifically for students | whilst the two founders were still studying. The name "O&O" | came about spontaneously, as both founders first names begin | with the letter "O". In 1998, on the 10th February to be exact, | O&O Defrag V1.0 was released, and the company that you see | today was born. | | https://www.oo-software.com/en/company | uo21tp5hoyg wrote: | > The name "O&O" came about spontaneously, as both founders | first names begin with the letter "O". | Wurstmann wrote: | I'd rather use group policies to disable telemetry etc. | glenneroo wrote: | Congratulations professional Windows administrator. You are | definitely not their target audience. And using group policies | to disable the 100 different things this tool disables would be | a ton of work... and I'm not even sure you can disable | everything this tool does via group policies? | GekkePrutser wrote: | > I'm not even sure you can disable everything this tool does | via group policies? | | Apparently you cannot: | | > On May 2017 a security researcher named Mark Burnett | demonstrated that disabling the default data collection | toggles, found in Windows 10's settings app, are entirely | useless. Furthermore he showed that even through using | intensive group policy modifications, in a process heavily | scrutinized and iterated upon over several days, he was not | able to prevent Windows 10 from sending critical, personally | identifiable information with certainty. | | From: https://wiki.ameliorated.info/doku.php?id=faq | | In my last job I had contact with Microsoft and I approached | them about datamining issues several times. I noticed they | simply don't understand the concerns at all. Microsoft is | becoming a highly 'data driven' company and every time I | approached them about data gathering the response was along | the lines of "Oh but we only use this for improving your | performance / our products / whatever". They think it matters | what the purpose is, they don't understand (or they don't | want to!) that some people are against telemetry whatever the | reason. | | Our own company is thinking along similar lines, with the | exception of the German parts of the business, for whom we | had to make some exceptions. I'm not German but I'm heavily | aligned with their thinking on this. | rhexs wrote: | The O&O team needs to post more pictures of Frida. Great tool, | first download on every Windows install for years. | gizmodo59 wrote: | Off topic: | | Unfortunately I can only use windows 10/11 as AMD has no driver | for RAID on Linux. https://www.amd.com/en/support/chipsets/amd- | socket-strx4/trx... | | Using Asus hyper with 4 nvme drives on RAID. Anyone else in this | situation? | switch007 wrote: | Does it do a kind of raid that Linux software raid doesn't | support? | nix23 wrote: | You don't need a raid-driver for linux: | | https://raid.wiki.kernel.org/index.php/RAID_setup | | That AMD-"raid" is Software too..the same as linux. | | ~pure Hardware raid's never need drivers, because you tell the | hardware (raid controller) to present the hard-disks as one (or | whatever you want) device to the Operating-system. Some | management tools are sometimes used (start raid scrubbing etc). | | BTW: Don't use Raid5 if you don't have a UPS (if you use | software raid), or a battery buffered write-cache (hardware | raid) aka write-hole: | | https://serverfault.com/questions/844791/write-hole-which-ra... | sentai77 wrote: | I...o.o.o..o. | p1peridine wrote: | > Free _antispy_ tool for Windows 10 and 11 | | > Gold Microsoft Partner | | Why would MS partner with a company that makes software to | "bypass" their spyware? | | Why would O&O partner with a company that has spyware in the OS, | then proudly display the Gold MS partner badge on the same page? | | Why is the source code obfuscated? | | Think about it. | ro_bit wrote: | The company makes more than just that tool, and particularly | makes other W10 apps. The company itself is a gold partner, | which, as nix23 posted - | | Gold competency: To attain a competency, partner must: | Pass required exams and skill validation. Meet | performance requirements. Pay the annual fee. | | $4,730 | | It seems less malevolent in that light | tumblewit wrote: | Its funny how Windows and Android, the two most widely used | operating systems, are a privacy nightmare and basically spyware | at this point. Remember you can install tools and ROMs that are | privacy focussed but also realise only a minor percentage of the | users bother or are aware of these. | | I wonder what the sales pitch would be to sell privacy focussed | products to the average Joe. | Fnoord wrote: | I don't think it is funny, nor coincidence. A lot of people are | poor and have to sell themselves out with privacy. They cannot | afford a premium brand like Apple. | yyyk wrote: | Apple isn't any better - Apple gets the hash of every program | you run on a Mac. | tibbetts wrote: | I think Apple has (with varying success) been making that pitch | for several years. | ekianjo wrote: | There's no privacy on Apple with a closed source ecosystem | and all the iCloud connectivity syncing your every move. | reayn wrote: | The "closed source ecosystem" is not nearly as restrictive | as people make it out to be and is something that you | willingly sign up for when buying apple products. | | Not sure where you got the idea of "icloud syncing your | every move" but literally every icloud implementation can | be disabled at your discretion. | | I for one only have my reminders, wallet, calendar and | drive synced. | | Even with that said, none of this implies a lack of privacy | in any way. | spacebear wrote: | Your every move is quite literally transmitted to Apple. | That's how Find My works. | d3nj4l wrote: | Find My data is end to end encrypted. | reayn wrote: | Find my can be disabled... | | And it's sole purpose is to help people find their | devices, it's saved many people i know from a very large | catastrophe. | mavhc wrote: | "the researchers' iPhone transmitted more kinds of data, | including device location, the device's local Internet | Protocol (IP) address and the Wi-Fi network identifiers -- | the MAC addresses -- of other devices on the local network, | including home Wi-Fi routers." | judge2020 wrote: | Both of these are the cheaper option in their respective | market. iOS and macOS are expensive because the hardware is | expensive (as in, the hardware in part pays for the development | of the software), and Linux is expensive in that it's almost | always more time-consuming to set up since it doesn't have | Windows' first-class driver, hardware, and software support. | gizmodo59 wrote: | Not sure why macOS (M1) is expensive here. For the | hardware/performance/software you get it's not really | expensive if you compare the alternatives like surface or any | of the intel based laptops. Sure, you can get a cheap laptop | for under 500$ but that won't last long either. | netr0ute wrote: | > since it doesn't have Windows' first-class driver, | hardware, and software support. | | Ironically, Linux sometimes has better driver and software | support for specialized things like Thunderbolt ethernet | adapters, or software if it was written for MacOS but later | adapted to Linux because of their similarity within the scope | of POSIX. And, because Windows can't run 16-bit software on | 64-bit CPUs at all, Linux has the total advantage here | because WINE works with 16-bit as well. | bravetraveler wrote: | Agreed! Just wanted to pile on, the driver thing is a bit | hit/miss. | | Broadcom/Realtek (sometimes)? Good luck. | Intel/AMD/Aquantia? Probably good to go. | | There are vendors that give Linux first-class support; buy | them. | | edit: Realtek is a little hard to pinpoint, they tend to | have drivers... but fairly buggy. | | I have to replace the r8169 module or something similar | with r8125 for my (onboard) networking to work under | _stress_. If I push too much bandwidth, it 'll just drop. | 2Gkashmiri wrote: | come on. i use an old dell latitude e7440 which i run kde | neon on. takes 15 minutes to get installed and i can get | surfing in 16. No nonsense, no nothing. i assume newer | devices would be better but "time consuming to set up" is | something i have not seen in the last 3-5 years of my using | 100% exclusively linux devices. | squizzel wrote: | Can you throw out some example tools and ROMs? | entropie wrote: | I used that a few years ago and liked it: | https://www.lineageos.org/ | squareof wrote: | One can even take it a step further and use microg.org to | get lineagos with optional google services. Has worked | great for me last year or so. | nazgulsenpai wrote: | Seconding this. LineageOS with microG has been great, | combined with Aurora Store's anonymous Play Store for the | singular app I require that doesn't have an FOSS | alternative. | dominojab wrote: | the main problem nowadays is Google Services SafetyNet, | you cant get banking , and other apps working. they want | security in exchange for freedom. | tyrfing wrote: | Simplewall for Windows: | https://www.henrypp.org/product/simplewall | spicybright wrote: | How does this compare to TronScript? | | https://www.reddit.com/r/TronScript/ | | https://github.com/bmrf/tron/blob/master/README.md#use | xeromal wrote: | The people who normally get spyware can't operate it. | LeoPanthera wrote: | TronScript is hugely overkill. It makes changes that the vast | majority of Windows users, even privacy conscious ones, would | not want. | | I dread to think how many well-meaning sons and daughters have | run it on their parents and relatives PCs and then left, | leaving behind a system that is now a nightmare to use. | | Also, it takes _literally hours_ to run. I mean, what the hell? | ShutUp10 is done in seconds. | zwaps wrote: | Lovely how on mobile, the reddit page is blocked: you need the | app to access it. | shmde wrote: | https://i.reddit.com/r/TronScript/ | | Or | | https://old.reddit.com/r/TronScript/ | | If you have trouble opening any reddit website on mobile | change "www" with just the letter 'i' or 'old'. | | Once they don't allow these workarounds I am leaving reddit | for good. | spicybright wrote: | Seriously though. I have old reddit UI always on by default | and forget to keep adding the "old" prefix when posting | links, so apologies. | | I will leave reddit too if they remove the old version. | lvass wrote: | Or | | https://libredd.it/r/TronScript/ | makeworld wrote: | Or more lightweight: https://teddit.net/r/TronScript | benbristow wrote: | It has a GUI | schleck8 wrote: | Can someone explain these two decisions for me? | | >DO NOT DOWNLOAD TRON FROM GITHUB, IT WILL NOT WORK!! YOU NEED | THE ENTIRE PACKAGE FROM r/TronScript | | > Download Tron. The download links are in the top post in | /r/TronScript. If you download the self-extracting .exe file, | run it and it will extract tron.bat and the \resources folder | to the current directory. Copy both of them to the Desktop of | the target | | Why package a BAT file with an EXE? Even if it has to be | distributed in a container, why not a simple ZIP? | | And the subreddit literally has a thread with a table that | contains download links and a torrent, why would you not | include that in the readme? | christophilus wrote: | Fedora is my preferred solution to this problem. | npteljes wrote: | I agree. The winning move is not to play. To fiddle with | Windows' privacy settings, and expecting them to respect the | users privacy, is like asking an abusive partner nicely to not | be abusive. Promises will always be broken, and in new and | unexpected situations, the partner will act on their character, | not on their promises. And Microsoft has a documented history | of this behavior. | marderfarker2 wrote: | https://ameliorated.info/ works too | concinds wrote: | This reminds me of the old "Windows XP Service Pack 4", or | Windows 7 Minimalist ISOs that were going around. Generally, | even the _idea_ of using an OS downloaded from a random site | (big Linux distributions excepted) is a security nightmare: | you 're trusting random, anonymous people not to put malware | deep enough into the OS image where it won't easily be found. | See XcodeGhost that got caught way after the fact. | | Same exact reason people should strongly consider staying | away from LineageOS builds and other such things, where the | dev team of half a dozen non-vetted anonymous forum users is | responsible for everything running on your phone. The "open- | source means security because code gets vetted" argument only | applies to big projects like Chromium, where hundreds of | major corporations with world-class software engineers | review, and contribute to the source code. Not to Lineage, | where every phone model has its own build and dev team, and | each build gets used by maybe a few hundred or thousand | people, and reviewed by practically nobody. If there was one | single Lineage build for all phones, I'd feel much more | comfortable with it. | | Though I have zero reason to distrust the Ameliorated folks, | you generally never want to mess with software (especially | OSes) downloaded from anyone other than the official vendor. | The risk of using this is much higher than running | proprietary ShutUp10, which is already non-zero since it's | proprietary. | sodality2 wrote: | With Windows Update removed, and no way to patch the system | without a full reinstall, I would not use ameliorated.info in | any important capacity. The complete unability to patch zero- | days makes it very unattractive. They recommend to just take | admin privs from the default user. If you're this serious | about privacy, use Linux. If you NEED Windows for a program, | use a VM and nothing else. If you NEED Windows as your daily- | driver... then you shouldn't be risking your daily driver | with this. The ONLY update you can apply is simply to just | reinstall the operating system. I do appreciate this kind of | stripped-down build procedure, but fail to see a good-enough | use case. | | > Furthermore, as touched upon on the main page, 94% of | critical Windows 10 vulnerabilities can be mitigated by | revoking administrator privileges from the default user. | judge2020 wrote: | I'd just like to touch upon that 94% figure. It's from this | source[0], which actually says: | | > Of these critical vulnerabilities, 94% were found to be | mitigated by removing admin rights, up from 85% reported | last year. | | It's a very fine line, but they're mitigated by _not | running stuff as admin_ , not just removing admin rights | from the main user's account. With Ameliorated, people will | still want to set up software as admin and install to | Program Files, so if they take the advice from the FAQ, | they might think they're fine just having a separate Admin | account they use for UAC pop-ups to install the programs, | while leaving their main as a standard user, which is | indeed not going to solve any zero-days compared to users | just being able to click 'yes' at UAC. | | 0: https://web.archive.org/web/20170310043706/https://www.a | vect... | m0guz wrote: | I don't trust these tools as any Windows Update can override the | setting, or Microsoft can add a new "feature" and continue | collecting telemetry data from that. For example; Disk Space | Cleanup (cleanmgr.exe) tool has been trying to connect to | internet since last year's Windows 20H2 updates. I use Binisoft's | Windows Firewall Control (wfc)[0], set level to Moderate and | check logs regularly. There is also simplewall tool [1] which has | predefined Windows list to block. | | [0] binisoft.org/wfc | | [1] https://github.com/henrypp/simplewall | squarefoot wrote: | Agreed. I would use them to avoid ads and annoyances, but | Windows, as a closed system, to me remains untrustworthy. I'd | never ever use it for banking, communications or store personal | data. But if I'm using music software or games, those utilities | would make the experience less annoying. | dartharva wrote: | A lot of recommendations here, but it's surprising no one has | suggested Sophia Script yet: | | https://github.com/farag2/Sophia-Script-for-Windows | | IMO the best and most holistic solution for debloating and de- | botnetting Windows. | npteljes wrote: | Very nice that I turn off everything I want one time, but what | about the next update that will randomly toggle some settings | back? How about new settings for new features that are added? | | I think it's foolish to go use software like this, and expect | some privacy to happen. Windows and its user are just not on the | same page. | | What refreshed my hope in IT is the FOSS ecosystem. Where | software is passively uncaring about me, the user, instead of | working actively against me, which is the case in most of | proprietary stuff nowadays. | mcbishop wrote: | For some of us (me), tools like this are the difference between | no privacy oversight and some oversight. I aspire to be a | privacy-aware person rocking Linux, but in the meantime... | npteljes wrote: | I appreciate this aspect of the ShutUp10. By its existence | and popularity, it spreads the message that there is such a | thing as privacy, and that it's important. | stinos wrote: | _what about the next update that will randomly toggle some | settings back?_ | | Well, you run the tool again. It even tells you to do that | after making changes. | npteljes wrote: | I acted like this for a long time, and my trust remained | broken. | nvr219 wrote: | Then perhaps this tool and this operating system are not | for you... Windows is good for some things, privacy ain't | one of them, and you need to either live with it, work hard | to protect your privacy within it, or leave it. | estaseuropano wrote: | Great, this is the most constructive answer. Eternal | useless pessimism instead of at least trying simple steps | to solve the issue. | | Great credit to the authors of the tool. I used it many | times when I was stuck with windows - and I'm grateful that | they did all the work to make it. | npteljes wrote: | I'm quite a pessimist otherwise, but I don't think my | comment really reflects that. I just reported that as a | human being, I'm tired of, and fed up with fighting a | system that disrespects me, belittles me, overrides my | decisions. | | For the longest time I felt that I have the upper hand. | That I could install a software for my every need, limit | this, change that, bend the whole system to my will. But | the realization grew on me, that me and the system are | wanting two very different things. And whatever I do, I | won't win. At most, we can be engaged in a cat-and-mouse | game, as long as I'm up for fighting for it. If I'm not, | then my cause is lost. | | With this realization, I felt betrayed by the entity I | otherwise liked very much. And this is the feeling I | wanted to convey with my previous comment. | spockz wrote: | I read it like GP lost faith because the settings were | turned on so frequently. Not because the tools don't | work. | KronisLV wrote: | I think it's a pretty good idea to automate this sort of | software and schedule it to run whenever the OS restarts, | or at the same time every day (or multiple times, | depending on usage patterns). | | I don't think it's possible to (easily) figure out when | to run something right after the updates change any | settings, but it's a good idea to automate away manual | work as much as possible! | | The person that you're replying to certainly has a point | about having to run the tool manually being a hassle. | Sadly, at the moment there are also no ways to automate | running the tool (that i know of), since it's GUI only, | as opposed to offering CLI functionality or silent launch | options. | mejutoco wrote: | I did not take the comment in the same light. I think it | is great that people are creating such software. Seems | useful for many users. | | But looking at the broader context npteljes has a point. | | Why fight an insecure tool (let's say Windows is insecure | for the sake of the argument, I do not have a strong | opinion about it) then patch the security on top. Surely | the obvious choice is to stop using the insecure tool. | | Sometimes people want a technical answer, when the answer | is to do the obvious. I don't think that is pessimism. | Forbo wrote: | The most constructive answer is to stop | using/supporting/supplying demand for software that | doesn't respect the user. Rather than people trying to | remove the same warts over and over, progress could be | made on a more permanent solution; namely, identifying | gaps in the open source ecosystem where the only current | solutions are proprietary. | andrepd wrote: | But I have already solved the issue: I stopped using | Windows. | [deleted] | stinos wrote: | Assuming you mean trust in MS in general and not in what | the OS does: broken trust isn't easy to fix, and this tool | indeed doesn't do much in that regard, but it does fix some | of the things which lead to the broken trust i.e. what the | OS is doing. | devwastaken wrote: | Historically tools like these were broken by windows updates | and could not keep up with Microsoft's violent efforts in | breaking them. You can't even turn off windows defender in the | registry anymore, which is the sole reason windows performs | terribly on low end devices. It sends the CPU and 5400rpm disk | to 100% use all the time. | | Windows is a threat to national security and Microsoft must be | sanctioned. Business if they wish to avoid crypto lockers and | actually care about "cyber security" will drop windows in favor | of Mac/Linux. | neogodless wrote: | Interesting. | | My friend just put Windows 11 on his (original) Surface Go | (Pentium Gold 4415Y, 8GB RAM, 128GB), and he cannot stop | raving about how fast it is. He said he was considering | putting Linux on it, but he isn't feeling the need to now. To | be sure, that's not a 5400rpm desk, though, yeah, I haven't | had to suffer through one of those in over a decade! | devwastaken wrote: | It will be slow in the coming months. Windows has very fast | UI response on fresh installs and degrades over time. It's | really not an achievement to have responsive UI in 2021, | Microsoft just hires the bottom of the barrel and bases | everything on group studies, which yields the worst | outcomes. | npteljes wrote: | I agree. Windows is malware. Its good or bad bits are | irrelevant, it's perfectly usable as an OS, but in the | meantime it's loaded with malicious intent and its business | advantage is ruthlessly exploited at every turn. So I don't | think that the tool itself is that much useful either. It's | good popularity for their creators, that's for sure, who very | successfully jumped on the Win10 telemetry paranoia | bandwagon. | | And who I think should change to Linux or BSD is not just | business, it's governments especially. How they enable an | auto-updating system of another superpower is beyond me. | teawrecks wrote: | Installed manjaro Linux as a dual boot. Loving it. | jakobdabo wrote: | I have to use Windows once in a while (circumstances). | | Best way to forget about the existence of spyware (aka | telemetry) that I found is to not connect a Windows box | directly to internet. I configured my router to give it a | gateway and DNS IPs which don't exist in the network. Eat that, | Microsoft. And I can still connect to internet by manually | setting a SOCKSv5a proxy to the router in Firefox and other | software that I trust (make sure there is no automatic proxy | discovery mechanism in the router). | qwertox wrote: | Wow! Thank you for that tip. Block the machine's internet | access with a firewall but connect the browsers over a SOCKS | proxy. | | I mean, I do have a couple of containers up and running on a | Raspberry Pi offering nothing but intranet SSH services while | the containers are connected via OpenVPN to differnt VPN | servers, so that I can use different browsers which connect | via SOCKS each to one container in order to have one browser | per country on one machine. | | It never occurred to me that I can use this same technique | (but without OpenVPN) in order to disallow that machine to | connect to the internet but still have a working browser... | Jenk wrote: | Since the 21H1 update you might start noticing connection | drops since a new wlan autoconfig feature has been added: if | windows can't ping home reliably, it will restart your nic. | | Yep. | mdiesel wrote: | Link please? I run Windows for work, which includes | connecting to industrial networks with no Internet | connectivity. If this happens, it's going to be a | nightmare. | keewee7 wrote: | I don't think the reason for this is malicious. Back in | 2012-2018 many Windows laptops belonging to friends and | relatives had frequent WiFi issues. The only reliable way | to fix the issue was to restart the NIC. | dataflow wrote: | Damn, that's hostility on another level. Do you have a link | to more reading on this? | sydney6 wrote: | RedHat's NetworkManager already does something pretty | similar [1]. | | [1] https://wiki.archlinux.org/title/NetworkManager#Checkin | g_con... | nazgulsenpai wrote: | > `Disable advertisements via Bluetooth` | | A screenshot of the application on the website shows this option. | I don't understand; are advertisements via Bluetooth some kind of | Windows functionality and how does it work? | schleck8 wrote: | Windows has a P2P update distribution feature so I would not be | surprised | lini wrote: | Perhaps they mean BT Beacon advertising? A small BT device can | broadcast a notification to other BT devices nearby. It is used | in some places for marketing. | ThatCaio wrote: | Advertising as in broadcasting, not as in marketing. | | Some Bluetooth LE devices use advertising as a way to | constantly send out payloads without a direct receiver. | Saris wrote: | BLE Beacons, they send your device ID a couple times a second | as a broadcast. | dmos62 wrote: | It still amazes me how prevalent closed-source is on Windows. | Even hacker-oriented, non-commercial things are closed-source. | larodi wrote: | everything is closed source, apart from the building blocks | that comprise it. all clouds are closed source, most of the | finance is closed source, MacOS is closed source, iOS - too. | games - closed source, critical infrastructure - closed. | | okay...let's think. lets take for example postgresql. all right | is opensource, we all love it. but how some company uses it - | well this is not open source. only few businesses dare to be | open source and typically open the non-critical parts. | | why so much pressure on MS? | | the idea that the world is embracing opensource is absolutely | disconnected with the reality ever since the idea of open | source came to existence. | | once again - even when the building are open source, the way | they are tied together is usually not. and their usage in | business systems - also not open source. period. | | there is fair chance, that whoever is reading this comment | works is paid by a company that is using open source, but is | not open sourcing. | marcodiego wrote: | Me too. I think the "windows way" get into the mindset of its | users. ___________________________________________________________________ (page generated 2021-10-09 23:00 UTC)