Windows Archive
Time for another story from Raymond Chen, about why, in Windows 7, logging in took 30 seconds if you had set a solid colour as your background. Windows 7’s logon system needs to wait for a number of tasks to be completed, like creating the taskbar, populating the desktop with icons, and setting the background. If all of those tasks are completed or 30 seconds have passed, the welcome screen goes away. As you can guess by the initial report mentioning having to wait for 30 seconds, one of the tasks that need to be completed isn’t reporting in, so the welcome screen is displayed for the full 30 seconds. In the case of this bug, that task is obviously setting the background. The code to report that the wallpaper is ready was inside the wallpaper bitmap code, which means that if you don’t have a wallpaper bitmap, the report is never made, and the logon system waits in vain for a report that will never arrive. ↫ Raymond Chen It turns out that people who enabled the setting the hide desktop icons were experiencing the same delay, and that, too, was caused by the lack of a report from, in this case, the desktop icons. Interestingly, it seems especially settings changed through group policies can cause issues like this. Group policies are susceptible to this problem because they tend to be bolted on after the main code is written. When you have to add a group policy, you find the code that does the thing, and you put a giant “if policy allows” around it. Oops, the scope of the “if” block extended past the report call, so if the policy is enabled, the icons are never reported as ready, and the logon system stays on the Welcome screen for the full 30 seconds. ↫ Raymond Chen These issues were fixed very quickly after the release of Windows 7, and they disappear from the radar within a few months after the release of everyone’s favourite Windows version.
Remember the odd inetpub folder that seemingly randomly appeared on people’s root drives after installing a Windows 11 update? Everybody assumed it was something left over from an update script, and that the folder was safe to remove. Well, it turns out that’s not the case, as the empty folder is actually a crucial part of a security fix for a serious vulnerability. Initially undocumented in the official release notes, the empty and seemingly inactive inetpub folder led to user speculation about whether it was a leftover artifact from development or a bug. Microsoft has since clarified that the folder is intentional and part of a critical security improvement. The change addresses CVE-2025-21204, a vulnerability that allowed local attackers to exploit symbolic link (symlink) attacks via Windows Update, potentially granting unauthorized access to protected system files or directories. As part of the fix, the system pre-creates certain directories — including C:\inetpub — to harden the update process and mitigate such attacks. ↫ Cyberdom If you’ve already removed the folder, you can reinstall the April 2025 cumulative update to restore the folder, or you can wait for next month’s update roll-up, which will also restore the folder. This lone, empty folder at your Windows PC’s root is apparently a crucial part of the security of your computer, but since it took Microsoft a while to publish release notes, nobody knew where it was coming from. The idea that a random, empty folder usually associated with IIS could be part of a vulnerability mitigation didn’t cross anybody’s mind at the time, especially since random folders appearing at a Windows PC’s root aren’t exactly uncommon or out of the ordinary. The consensus seems to be that creating this folder is a pretty clever form of mitigation, despite feeling so hacky. I’m assuming Microsoft’s engineers are capable, and that making the folder in question impossible to delete or somehow hidden is simply not an option and would break the vulnerability mitigation, but that doesn’t change the fact that this looks like a really crude hack that should be solved in a more elegant way.
Ars Technica took a look at how the current version of Windows Recall works, including the improvements Microsoft made since the initial security nightmare of a rollout, and concludes: Recall continues to demand an extraordinary level of trust that Microsoft hasn’t earned. However secure and private it is—and, again, the version people will actually get is much better than the version that caused the original controversy—it just feels creepy to open up the app and see confidential work materials and pictures of your kid. You’re already trusting Microsoft with those things any time you use your PC, but there’s something viscerally unsettling about actually seeing evidence that your computer is tracking you, even if you’re not doing anything you’re worried about hiding, even if you’ve excluded certain apps or sites, and even if you “know” that part of the reason why Recall requires a Copilot+ PC is because it’s processing everything locally rather than on a server somewhere. ↫ Andrew Cunningham at Ars Technica Way back in 1996, Mercedes-Benz unveiled the A-Class, a small, practical car that purported to be more premium than cheaper, similarly-sized cars from other brands. The car had a big problem, though – it was unusually narrow and tall, and because of it, it famously failed spectacularly at the “moose test”, in which a car has to suddenly swerve around a “moose” on the road. The car simply toppled over, and after initially denying the problem, Mercedes recalled every single A-Class sold and added a variety of mitigations like electronic stability control and suspension changes. As far as I can recall, it fixed the issue. To this day, however, I cannot look at an A-Class, even the modern ones which look like normal hatchbacks and bear effectively zero resemblance to the original, quirky A-Class from 1996, and not think of the failed moose test and the recall. I know the modern A-Class won’t fail that test, and I know it’s an infinitely safer car than the original one, but my brain still makes that connection every time I see one. A lot of people my age, whether they’re into cars or not, seem to remember this recall, because the original A-Class was such a unique and recognisable vehicle at the time, especially coming from Mercedes. My point is – Recall will face this same issue. No matter how secure Microsoft makes it, no matter how much they claim and prove it only runs locally, no matter how hard they try and hammer on the fact data never leaves your PC, people will always think of that initial botched rollout, and all the accurate reporting that Recall was a nightmare. And it just so happens that the skepticism is warranted, and hopefully keeps people from using this corporate Trojan horse.
Remember Windows Recall, the Windows feature that would take a screenshot of your desktop every three seconds, stored them in a database, and then let you search through them at later dates? The feature has been hobbled by implementation problems, security issues, and privacy troubles, and has been released in preview and pulled since its original unveiling. Well, it’s back in testing now for users of the Release Preview Channel. As you use your Copilot+ PC throughout the day working on documents or presentations, taking video calls, and context switching across activities, Recall will take regular snapshots and help you find things faster and easier. When you need to find or get back to something you’ve done previously, open Recall and authenticate with Windows Hello. ↫ Windows Insider blog The “AI” magic (meaning, OCR and image recognition, but with ✨sparkles✨) runs locally, on device, and supposedly, the collected screenshots and data extracted from them never leave your device – at least, for now. The tech industry has a long history of relegating its promises, so excuse me if I don’t have a ton of faith in this data remaining on a Windows PC for too long into the future. Case in point, a related Windows Copilot feature: Copilot Vision. This is very similar to Windows Recall, but instead of taking automating screenshots every few seconds, you can invoke it manually so that Copilot will “read” the current contents of your desktop, applications, and so on, allowing you to ask questions, get help, and so on. The kicker, however, is that while the screenshots and resulting data from Recall supposedly remains on your machine, whatever Copilot Vision does is done on Microsoft’s servers. In other words, a feature very similar to Windows Recall is already sending your personal, private data to Microsoft. I’m sorry, but I just don’t think Windows Recall will remain “on-device” for very long. The temptation to hoover that data up into the giant advertising machine is too great, and there’s no way in hell Microsoft will be able to resist it.
This month’s security updates for Windows 11 create a new empty folder on drive C. It is called “inetpub,” and it does not contain any extra folders or files. Its properties window shows 0 bytes in size and that it was created by the system itself. Neowin checked a bunch of Windows 11 PCs with the April 2025 security updates installed, and all of them had inetpub on drive C. ↫ Taras Buria at Neowin So this folder, inetpub, is most likely coming from Microsoft’s Internet Information Services, the company’s web server. IIS is part of Windows, but inactive by default, and it seems some buggy update script somewhere forgot to remove the folder or created it by accident. Regardless, it seems you can remove it without any issue, so if you see it on your Windows’ root drive, just delete it any be on your merry way. Still though, something about this seems odd, right? Internet Information Services as a core product hasn’t been updated since 2018 when version 10 came out, which doesn’t necessarily mean specific Windows updates might not have changed it since then, but it doesn’t exactly inspire confidence. The Internet Information Services’ website also hasn’t been updated in ages, and is broken in places, further adding to the feeling IIS seems to be mostly abandoned, only kept going as part of Windows updates because it’s, well, part of Windows. I’m not trying to insinuate there’s anything nefarious or dangerous going on with this silly folder glitch or anything; I was just surprised to see such an outdated, seemingly abandoned web server suite still being a default part of Windows today.
Good news for Windows users, and for once there’s not a hint of sarcasm here: Microsoft has started rolling out Windows Hotpatch to the client versions of Windows. This feature, which comes from the server versions of Windows, allows the operating system to install patches to in-memory processes, removing the need for a number of restarts. Obviously, this is hugely beneficial for users, as they won’t have to deal with constant reboots whenever a new bunch of Windows updates are pushed. There are some limitations and other things you should know. First, the way the system works is that every quarter, installations with Hotpatch enabled will receive a quarterly baseline update that requires a reboot, followed by two months of hotpatches which do not require a reboot. Hotpatches can only be security updates; new features and enhancements are rolled up into the quarterly baseline updates. In other words, while this will not completely eliminate reboots, it will cut the number of reboots per year down from twelve to just four, which is substantial, and very welcome in especially corporate environments. The biggest limitation, however, is that Windows Hotpatch will only make it to one client version of Windows, Enterprise version 24H2, so users of the Home or Professional version are out of luck for now. On top of that, you’re going to need a Microsoft subscription, use Microsoft Intune, and an Intel/AMD-based system (Hotpatch will come to ARM later). I hope it’ll make its way to Windows 11 Home and Professional, too, because I’m fairly sure quite a few of you using Windows would love to set this up on your own machines.
If you’re elbow-deep in ’90s retrocomputing and maintain a fleet of your own personal seemingly identical but definitely completely different Windows 98 machines, Windows 9x QuickInstall is tailor-made just for you. It takes the root file system of an already installed Windows 98 system and packages it, whilst allowing drivers and tools to be slipstreamed at will. For the installer, it uses Linux as a base, paired with some tools to allow hard disk partitioning and formatting, as well as a custom installer with a custom data packing method that is optimized for streaming directly from CD to the hard disk without any seeking. ↫ Windows 9x QuickInstall gitHub page What you end up with is an easily customisable packaged Windows 98 installation that can be installed onto computers (or in virtual machines, I guess) at blazing speeds. It’s a relatively simple concept, but its implementation is genius and definitely not simple at all. This is a great tool for the retrocomputing community.
Right off the bat, there is not that much use for a Pixel Watch with Windows on it. The project, as the maker says, is for “shits and giggles” and more like an April Fool’s joke. However, it shows how capable modern smartwatches are, with the Pixel Watch 3 being powered by a processor with four ARM Cortex A53 cores, 2GB of DDR4X memory, and 32GB of storage. Getting Windows to run on Gustave’s arm, as you can imagine, took some time and effort of inspecting a rooted boot image, modifying the stock UEFI to run custom UEFI, editing the ACPI table, and patching plenty of other files. The result of all that is a Pixel Watch 3 with Windows PE. ↫ Taras Buria at Neowin More of this sort of nonsense, please. This is such a great idea, especially because it’s so utterly useless and pointless. However pointless it may be, though, it does show that Windows on ARM is remarkably flexible, as it’s been ported to a variety of ARM devices it should never be supposed to run on. With Microsoft’s renewed entry into the ARM world with Windows on ARM and Qualcomm, I would’ve hoped for more standardisation in the ARM space to bring it closer to the widely compatible world of x86. That, sadly, has not yet happened, and I doubt it ever will – it seems like ARM is already too big of a fragmented mess to be consolidated for easy portability for operating systems. Instead, individual crazy awesome people have to manually port Windows to other ARM variants, and that, while cool projects, is kind of sad.
Do you want to install Windows 11 without internet access or without an online Microsoft Account? It seems Microsoft really doesn’t want you to, as it has removed a very common and popular way of bypassing this requirement. In the release notes for the latest builds from the Dev and Beta channels, the company notes: We’re removing the bypassnro.cmd script from the build to enhance security and user experience of Windows 11. This change ensures that all users exit setup with internet connectivity and a Microsoft Account. Let me blow your minds and state that I don’t think online accounts for an operating system are inherently a bad idea. I would love it if I could install Fedora KDE on a new machine, optionally log into some online “Fedora Account”, and have my customisations and applications synchronise automatically. It would save me some time and effort, and assuming it’s all properly encrypted and secured, I don’t think the risk factors are particularly high. The keyword here is, of course, optionally. Microsoft wants every Windows 11 user to have a Microsoft Account instead of a local account, and would rather not make it optional at all. Of course, this is still Microsoft, a company wholly incapable of doing anything right when it comes to operating systems, so even making this script available again during installation is stupidly easy. It took a few nerds mere moments to discover you could just make some registry changes during installation, reboot, and have the script return to its rightful place. Oh Microsoft. Never change.
I’ve complained about the utter inscrutability of the Windows release process for a long time, with Microsoft seemingly using channels, build numbers, code names, date-based version numbers, and so on interchangeably, making it incredibly hard to keep track of what is being released when. It turns out even Microsoft itself started losing track, because it’s now released a roadmap for Windows 11 development. In the roadmap tool – of course it’s a tool – you can select a platform, which isn’t x86 or ARM, but Windows PC or Copilot+ PC, a version (23H2 or 24H2 for now), a status (In preview, Gradually rolling out, or Generally available), and a channel (Canary, Dev, Beta, or Retail), after which the roadmap tool will list whatever features match those criteria. Do you now see why people might want such a tool to keep track of what the hell is going on with Windows? Anyway, as the date-based version numbers – 23H2 and 24H2 – may already make clear, this seems more like a roadmap about where development’s been than where development’s going. The problem for Microsoft, of course, is that it maintains several different Windows variants with different feature sets and update schedules, and users, too, can of course opt to stick to certain versions before moving on. The end result is this spaghetti, which makes it hard to untangle when you’re getting which feature. Anyway, if you’re elbow-deep in the Windows spaghetti, this tool may be of use to you.
It’s rare in this day and age that proprietary operating system vendors like Microsoft and Apple release updates you’re more than happy to install, but considering even a broken clock is right twice a day, we’ve got one for you today. Microsoft released KB5053598 (OS Build 26100.3476) which “addresses security issues for your Windows operating system”. One of the “security issues” this update addresses, is Microsoft’s “AI” text generator, Copilot. To address this glaring security issue, this update removes Copilot from your Windows installation altogether. Sadly, it’s only by mistake, and not by design. We’re aware of an issue with the Microsoft Copilot app affecting some devices. The app is unintentionally uninstalled and unpinned from the taskbar. Microsoft is working on a resolution to address this issue. In the meantime, affected users can reinstall the app from the Microsoft Store and manually pin it to the taskbar. ↫ Microsoft Support Well, at least until Microsoft “fixes” this “issue” with KB5053598, consider this update a simple way to get rid of Copilot. Microsoft accidentally cared about its users for once, so cherish this moment – it won’t happen again.
When I checked where Windows Defender had actually detected the threat, it was in the Fan Control app I use to intelligently cool my PC. Windows Defender had broken it, and that’s why my fans were running amok. For others, the threat was detected in Razer Synapse, SteelSeries Engine, OpenRGB, Libre Hardware Monitor, CapFrameX, MSI Afterburner, OmenMon, FanCtrl, ZenTimings, and Panorama9, among many others. “As of now, all third-party/open-source hardware monitoring softwares are screwed,” Fan Control developer Rémi Mercier tells me. ↫ Sean Hollister at The Verge Anyone reading OSNews can probably solve this puzzle. Many fan control and hardware monitoring applications for Windows make use of the same open source driver: WinRing0. Uniquely, this kernel-level driver is signed, since it’s from back in the days when developers could self-sign these sorts of drivers, but the signed version has a known vulnerability that’s quite dangerous considering it’s a kernel-level driver. The vulnerability has been fixed, but signing this new version – and keeping it signed – is a big ordeal and quite expensive, since these days, drivers have to be signed by Microsoft. And it just so happens that Windows Defender has started marking this driver, and thus any tool that uses it, as dangerous, sending it to quarantine. The result is failing hardware monitoring and fan control applications for quite a few Windows users. Some companies have invested in developing their own closed-source alternatives, but they’re not sharing them. Luckily, Windows OEM iBuyPower says it’s trying to get the patched version of WinRing0 signed, and if that happens, they will share it back with the community. Classy. For now, though, hardware monitoring and fan control on Windows might be a bit of an ordeal.
Like the other Chrome skins, Microsoft Edge is also moving to disable Manifest v2 extensions, restricting the effectiveness of ad blockers like uBlock Origin. As an advertising company, Microsoft was obviously never going to do the work to keep Manifest v2 support around in Chrome, so this was inevitable. Blocking ads might be a necessary security practice, but why cry over spilled user data, am I right? Anyway, today: In early December 2024, Microsoft Threat Intelligence detected a large-scale malvertising campaign that impacted nearly one million devices globally in an opportunistic attack to steal information. The attack originated from illegal streaming websites embedded with malvertising redirectors, leading to an intermediary website where the user was then redirected to GitHub and two other platforms. The campaign impacted a wide range of organizations and industries, including both consumer and enterprise devices, highlighting the indiscriminate nature of the attack. ↫ Microsoft Threat Intelligence If only there was a type of browser extension that prevents such malvertising attacks from being possible in the first place, and if only support for such browser extensions wasn’t being gutted as we speak. If only.
About two weeks ago, there was a bit of confusion about the system requirements for Windows 11 24H2, because Intel’s 8th Gen, 9th Gen, and 10th Gen processors had disappeared from the list of supported hardware. This seemed rather drastic, even by Windows 11 standards. I skipped posting about it on OSNews because I kind of assumed it must’ve been an error instead of actual policy, and it turns out that’s indeed the case. A page update made on February 13, 2025 did not reflect accurate offerings. It has since been updated, including the addition of Intel processor models 8th, 9th, and 10th generation Intel CPUs, and the reclassification for select Intel processor models to support Windows 11. ↫ Windows 11 version 24H2 supported Intel processors Good news for people still stuck on the Windows 11 train.
For the past several years my desktop has also had a disk dedicated to maintaining a Windows install. I’d prefer to use the space in my PC case for disks for Linux. Since I already run a home NAS, and my Windows usage is infrequent, I wondered if I could offload the Windows install to my NAS instead. This lead me down the course of netbooting Windows 11 and writing up these notes on how to do a simplified “modern” version. ↫ Terin Stock The setup Terin Stock ended up with is rather ingenious, to be honest. They had to create not just an environment in which netbooting through iXPE using iSCSI, but also a customised Windows PE ISO that included the necessary drivers to make installing Windows onto a iSCSI-connected remote drive possible in the first place, because they’re not included in the Windows installation ISO. This isn’t exactly a standard setup, of course, so there were a few roadblocks to clear before getting there. They now have Windows 11 booting from a drive in their NAS, and it seems it doesn’t affect gaming – the reason why they did this in the first place is an online game that hard-requires Windows – at all. Installing the game through Steam took a bit longer, sure, but regular gameplay seems unaffected, and there’s no saturation on the network or disk. You’d think this would be wholly too slow to be suitable for gaming, but I guess at least some games handle this just fine. My uneducated guess is that more demanding games that rely on a ton of disk activity to load textures and so on will have a much more difficult time running. In any event, this intrigues me, and I’m kind of curious to try and set this up myself, if only for the memes. It looks like fun.
Windows was an early adopter of Unicode, and its file APIs use UTF‑16 internally since Windows 2000-used to be UCS-2 in Windows 95 era, when Unicode standard was only a draft on paper, but that’s another topic. Using UTF-16 means that filenames, text strings, and other data are stored as sequences of 16‑bit units. For Windows, a properly formed surrogate pair is perfectly acceptable. However, issues arise when string manipulation produces isolated or malformed surrogates. Such errors can lead to unreadable filenames and display glitches—even though the operating system itself can execute files correctly. But we can create them deliberately as well, which we can see below. ↫ Zafer Balkan What a wild ride and an odd corner case. I wonder what kind of odd and fun shenanigans this could be used for.
Remember about half a year ago, when the PowerPC versions of Windows NT were made to run on certain models of PowerPC Macs? The same developer responsible for that work, Rairii, took all of this to the next level, and it’s now possible to run the PowerPC version of Windows NT on the GameCube, Wii, Wii U, and a few related development boards. NT 3.51 RTM and higher. NT 3.51 betas (build 944 and below) will need kernel patches to run due to processor detection bugs. NT 3.5 will never be compatible, as it only supports PowerPC 601. (The additional suspend/hibernation features in NT 3.51 PMZ could be made compatible in theory but in practise would require all of the additional drivers for that to be reimplemented.) ↫ Windows NT for GameCube/Wii GitHub page As you may have expected, there are some issues, such as instability and random reboots, USB hotplugging doesn’t work, and some other, smaller issues, but none of that takes away from just how awesome and impressive this really is. There’s framebuffer support for the Flipper GPU, full support for the controllers ports and a ton of compatible controllers and related input devices, including support for the N64 mouse and keyboard, although said support is untested. The GameCube and Wii (U) are PowerPC computers, after all, running IBM processors, so it shouldn’t be surprising that running Windows NT on them is possible. Still, it’s an impressive feat of engineering to get this to work at all, let alone in as complete a state as it appears to be.
Microsoft seems to be addressing some of the oddities with the Windows 11 Start menu, finally adding basic views that should’ve been in Windows 11 since the very start. We’re introducing two new views to the “All” page in the Start menu: grid and category view. Grid and list view shows your apps in alphabetical order and category view groups all your apps into categories, ordered by usage. This change is gradually rolling out so you may not see it right away. We plan to begin rolling this out to Windows Insiders who are receiving updates based on Windows 11, version 24H2 in the Dev and Beta Channels soon. ↫ Amanda Langowski and Brandon LeBlanc These new views are very welcome, but sadly, you still can’t set them as the default view in the Start menu. You’re still forced to use whatever that default view is, and click on “All” to get to these new views, instead of being available right as you open the Start menu. I messed around with Windows 11 on my XPS 13 9370 for a few weeks as I waited for a review laptop to arrive, and I couldn’t last for a few hours without buying a replacement for the Start menu that allowed me to have a working, non-terrible menu that I could configure to my own needs. It’s wild to me that such an iconic element of the Windows user interface is in such a dire, unliked state. We all know Windows seems to be a in a bit of a rut, with Microsoft investing more in nonsense like “AI” and ads in the operating system than in actually listening to users and improving their experience. It’s been roughly thirty years since the introduction of the Start menu, and the original one from Windows 95 is still superior to whatever’s in Windows now. Wild.
There’s some bad news for Windows users who want to use all of the built-in features of the operating system and its integrated apps. Going forward, Microsoft is restricting features in two iconic apps, which you’ll need to unlock with a paid subscription. The two apps in question? Notepad and Paint. Windows Insiders were previously able to use these app features free of charge. However, Microsoft is now making it necessary to have a Microsoft 365 subscription for full use of these apps. You’ll see a new overlay that informs you of this before use. In our case, however, the respective features were simply grayed out. ↫ Laura Pippig at PCWorld It’s only the “AI” features that are being paywalled here, so I doubt many people will care. What does feel unpleasent, though, is that the features are visible but greyed out, instead of being absent entirely until you log into Windows with an account that has a Microsogt 365 subscription with the “AI” stuff enabled. Now it just feels like the operating system you paid good money for – and yes, you do actually pay for Windows – is incomplete and badgering you for in-app purchases. The gameification of Windows continues. There’s also a y in the day, so we have another Ars Technica article detailing the long list of steps you need to take to make Windows suck just a little less. The article is long, and seems to grow longer every time Ars, or any other site for that matter, posts an updated version. I installed Windows 11 on my XPS 13 9370 a few weeks ago to see just how bad things had gotten, and the amount of work I had to do to make Windows 11 even remotely usable was insane. Even the installation alone – including all the updates – took several hours, compared to a full installation of, say, Fedora KDE, which, including updated, takes like 10 minutes to install on the same machine. I personally used WinScript to make the process of unfucking Windows 11 less cumbersome, and I can heartedly recommend it to anyone else forced to use Windows 11. Luckily for me, a brand new laptop is being delivered today, without an operating system preinstalled. Can’t wait to install Fedora KDE and be good to go in like 20 minutes after unboxing the thing.
AIDA64, the popular benchmarking tool for Windows, released a new version today. I don’t particularly care about benchmarking – even less so benchmarking on Windows – but this new release comes with an interesting line in the release notes. Discontinued support for Windows 95, 98, Me ↫ AIDA64 v7.60 release notes Seeing a widely-used, popular piece of software drop support for Windows 95, 98, and ME only in this, the year of our lord, 2025, is kind of amazing.
