[sp332]

Is it feasible to remove this junk yourself, or will the system freak out about hacked binaries? Would it also complain if I just applied to the PNG files?

[INTPenis]

I'm a Linux specialist and a stranger to Windows but logically any modification of binaries should result in security issues.

And in a perfect world the external PNG content would also be verified.

[21]

All Windows binaries are signed. Changing the embedded PNG will void the signature. Not sure what Windows will do if explorer.exe has a bad signature.

There is also a Windows system integrity checker service which disallows changes to protected Windows files, and repairs them automatically (using a cached copy).

[kuschku]

Well, then you modify that, too.

It’s your computer, you installed the software, you have a license, therefore you own that copy, and can modify it however you wish. (EU Copyright Directive, especially Article 6 and following).

Now, the question is, why does Windows not allow me to add signatures that should be considered acceptable by default, why can I not modify my own OS installation?

[21]

Can you modify Android or iOS system files or add your key? Rooting is not really an answer, because in that case you can also root Windows.

I was under the impression that you can only legally modify files for fair use or compatibility purposes, not just because you want so.

[kuschku]

Yes, and no.

On Android, I can change which keys the bootloader accepts for signing, and add my own.

From then on, the system will allow me to normally push updates, etc.

Apparently, on Windows, even as Root/Admin, I can not do so.

Additionally, that is correct in the US, but in the EU, having a license is equivalent to owning the copy, and having all relevant ownership rights, such as the right to modify, right to rent out, right to resell your copy, etc.

If you can buy a car, add a different FM radio, and resell it, so you can buy a Windows copy, modify the start button to show a penguin eating an apple, and resell it.

[21]

You can do whatever you want on Windows if you know your way. You can disable the system integrity checker if you are admin.

You are wrong regarding the right to modify software. It seems to say pretty clearly that you are only allowed to modify software only to make it work as intended:

Exclusive rights of the rights-holder: the translation, adaptation, arrangement and any other alteration of the program;

Limitations of those exclusive rights: A lawful acquirer of a program may reproduce, translate, adapt, arrange or alter the program, when it is necessary in order to use the program in accordance with its intended purpose.

http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=URISERV%3...

[eridius]

The general answer to "why can't I modify my own OS installation?" is "if you could, so could malware authors".

[kuschku]

No, it is not.

That's why I asked if there was a way to add your own key to the keyring.

On Android, I can add my own keys to the bootloaders allowed keys, and lock the bootloader again. As is the recommended installation type for copperhead OS.

[userbinator]

You can theoretically add/modify your own certificates, but it will take much more than clicking in the GUI --- they're hardcoded in the binaries.

...and then there's "Secure" Boot, which may get in the way of this all; I don't know, I don't use such locked-down hardware myself.

[sp332]

I think it's possible to boot into a different shell program instead of being stuck with Explorer. So even if you leave the original copy where it is, you might be able to run a modified version as your desktop.