[bob1029]

I am legitimately not sure if this is a bug or a feature.

I'll take all the side-channels I can get though. These "exploits" are really useful for regaining control over my own PC.

Just yesterday I learned how to Run-As TrustedInstaller, and that let me remove a lot of unwanted bullshit on my windows 10 install.

[gruez]

>I'll take all the side-channels I can get though. These "exploits" are really useful for regaining control over my own PC.

Not really? What does this exploit let you do that you couldn't already do with a local administrator account? Or are you making the general argument that "EoP exploits are features because they allow you to jailbreak your device"?

>Just yesterday I learned how to Run-As TrustedInstaller, and that let me remove a lot of unwanted bullshit on my windows 10 install.

They're not really comparable. You need admin to do it, which means you already crossed the security boundary[1]. This is in contrast to this exploit which allows you to cross a security boundary.

[1] https://devblogs.microsoft.com/oldnewthing/20121207-00/?p=58...

[majkinetor]

> What does this exploit let you do that you couldn't already do with a local administrator account

There are some things that users in Administrators group still can't do. Hence the need for TrustedInstaller perms.

For example, try running this script:

https://github.com/W4RH4WK/Debloat-Windows-10/blob/master/sc...

You will get access denied since few months back:

https://github.com/W4RH4WK/Debloat-Windows-10/issues/273

[gruez]

> > What does this exploit let you do that you couldn't already do with a local administrator account

>There are some things that users in Administrators group still can't do. Hence the need for TrustedInstaller perms.

By "this exploit" I was referring to the exploit mentioned in the article, not whatever gp did to get trustedinstaller permissions. As far as I know I don't see why you'd need access to the SAM file to give yourself trustedinstaller permissions. You can do that yourself if you're administrator.

Also, from a security point of view there isn't much that administrators can't do. You're right that they can't directly delete certain files, but they can take ownership of any file they want and adjust the ACLs to give them the required permissions. I don't think is some sort of EoP/exploit/hack, but rather protection against accidental deletions (eg. https://news.ycombinator.com/item?id=23054506)

[rawoke083600]

>" for regaining control over my own PC. Just yesterday I learned how to Run-As TrustedInstaller, and that let me remove a lot of unwanted bullshit on my windows 10 install."

I understand Linux, Mac, FreeBSD, Magic-Pony-OS is not everyone's cup of tea or they might not be in a position to choose their OS (Work etc)

But DAMN that quote above is really showing me how bad it is out there ! Sure it can/does happen on other OS as well, but I'm betting Windows is the leader in "my-pc-is-not-my-pc-anymore" :/

[bob1029]

I've been spending the last 48 hours strongly pondering Linux as a daily driver. If it wasn't for my crippling visual studio addiction, I'd probably be able to swap all my PCs over, with the exception of the one bastard stepchild win10 that I will keep in the closet for when BF2042 is released. Virtualization is another option that I am investigating actively now.

I could even see the path for getting our product off the Windows platform and onto Linux (while still using Microsoft's dotnet toolchain). There are only 2 DLLs keeping us locked to Windows and I have a very solid hypothetical answer for both.

All of this is so depressing because it doesn't have to be this way. A few small changes to the OS (that would incur negligible impact to Microsoft's cashflow or margins) could mean life changing improvements in the user experience.

If profit must be obtained, then Microsoft should consider a "hacker" build of windows that starts as a bare-ass powershell prompt that you have to tack on what you want to use. I'd pay a fucking premium. Microsoft, are you out there? Charge me $1000. I swear I'll pay it if you promise to not shove updates, telemetry, defender or cortana down my throat ever again.

[jakogut]

> with the exception of the one bastard stepchild win10 that I will keep in the closet for when BF2042 is released

For what it's worth, all recent Battlefield games run flawlessly through Proton, including multiplayer with anti-cheat, D3D12, and soon (if not already), ray tracing. This includes at least BF:BC2, BF3, BF4, BF1, and BFV. There's no reason to think BF2042 will be any different.

[CrazyPyroLinux]

I've found VSCode and dotnet 5/core be amazingly liberating from the the slow bloated mess that is Visual Studio and the old .NET Framework. This is the way it should have always been, but I'm happy we finally got here.

[robocat]

VSCode has plenty of MS telemetry, and some plugins do too. VSCodium refers to some of the issues removing telemetry here: https://github.com/VSCodium/vscodium/blob/master/DOCS.md#get...

https://adtmag.com/articles/2021/04/21/vscodium-strips-msft-...

[majkinetor]

This.

No more need for VS really or any other proprietary bloatware.

First thing I do on new machine is `choco install vscode` then it synces my extensions and I am ready to roll. As extra benefit `code` is usable ASAP in CLI and I can pipe anything to it.

[rawoke083600]

Yea VSCode is my daily driver as IDE/Code-editor after years of living on GeAny ! Solid product VSCode !

[bob1029]

Do razor components work in vscode? Like w/ breakpoints and such?

[pxeboot]

>Microsoft should consider a "hacker" build of windows that starts as a bare-ass powershell prompt

WinPE? Server Core?

[majkinetor]

WinPE is not designed for that. See limitations. Basically it forgets anything on restart and its even worst then that.

Core has other problems and it doesn't use PowerShell by default, it can't run x32 apps too.

So no, there is nothing available right now.

[throwawayboise]

Is LTSC still offered? That was a pretty minimal (though still GUI) install last time I tried it. Also I think it only gets security updates, and only when you initiate the update process.

[majkinetor]

> Microsoft, are you out there? Charge me $1000. I swear I'll pay it if you promise to not shove updates, telemetry, defender or cortana down my throat ever again.

Count me in too. Give me minimal install then shut up and take my money.

[rawoke083600]

Man i feel your pain ! Was there once myself ! Company-focused Win-products :/ But hte last 10 years I've been lucky no such requirements ! It really is nice :)

[Akronymus]

> visual studio addiction

For me, rider is quickly replacing visual studio as my daily driver for programming.

[majkinetor]

My entire team uses VS and I have no problems loading the same projects in vscode and being equally productive (or better). Had to fix few quirks here and there before solution would load but nothing too complicated.

[aftbit]

IMO if you expand PC to cover mobile computing, the real tragedy is iPhone. No sideloading, very restrictive app store policies, and no custom OSes at all. At least with a Windows desktop or laptop, you can run Linux or one of the other actually free OSes. Modern MacOS is also pretty unfriendly for developers and power users, but at least Apple is somewhat aligned with users on privacy and security, unlike Microsoft.

[Wowfunhappy]

> Modern MacOS is also pretty unfriendly for developers and power users.

It has become somewhat unfriendly, but I really appreciate that you can still do whatever you want.

To run self-signed apps, run `sudo spctl --master-disable`

To turn off System Integrity Protection, run `csrutil --disable` from recovery mode.

To modify the root filesystem, do all of the above and run `csrutil authenticated-root disable` from recovery mode.

To disable library validation, do all of the above and run `sudo defaults write /Library/Preferences/com.apple.security.libraryvalidation.plist DisableLibraryValidation -bool true`

To disable AMFI, do all of the above and add the boot argument amfi_get_out_of_my_way=0x1

(Some steps may be a bit different on Apple Silicon Macs, I don't own any so I'm not as familiar.)

---

You now have the same privileges Apple does. You can grant yourself whatever entitlements you like, inject your own code into any process, load your own kernel extensions, or just replace the whole kernel with your custom build of XNU.

I actually think a decent chunk of macOS's perceived "unfriendliness" comes from Mac users being less willing to hack around than users of other OSs. The common refrain in Mac circles seems to be that System Integrity Protection should never be switched off under any circumstances. I agree, if you're a normal user—but if you're not, and the handcuffs are annoying you, just unlock them already. (But do leave everything else in place until such a time as it presents a roadblock.)

Also, method swizzling in Objective-C is fun, try it!

[joshtynjala]

There’s a safer way to run self-signed software on macOS, for anyone that prefers not to do the master disable. First, try to run the program. When it fails, open Settings.app and go to the security section. You’ll find the most recently blocked program name mentioned and an Allow button that will remove the block. Then, you can run the program. You need to do this only once per program.

[api]

Right click open. Fail. Right click open again, hit okay, and it will succeed. It remembers your decision. This has been the magic incantation since signing was introduced.

[jsjohnst]

> the real tragedy is iPhone. No sideloading

I’m so tired of seeing folks parroting no sideloading on iOS. That’s not been true for a long time. Yes, the conditions of side loading (needs a free developer account, must have app signing refreshed weekly, etc) might not be palatable for your taste (which I’d generally agree), but to say it’s not possible to sideload apps on a stock iOS device is just wrong.

[Wowfunhappy]

IMO, saying "no side-loading" is as good as correct, and getting technical about it just creates confusion and muddies the waters. Unless you're paying $99 per year for a developer account, what little sideloading Apple offers is completely useless for anything but limited testing. Who wants to reinstall an app they actually use every seven days?

The semi-exception is Altstore, which is a fantastic project... but it's a major hack which sometimes breaks, and which Apple is liable to kill at any time. You also need to keep a server running on a PC or Mac on your wifi network, which isn't workable in a lot of situations.

I mean, my iPhone can run unsandboxed sideloaded apps, because it's jailbroken. But I wouldn't say that Apple allows third-party unsandboxed apps.

[36rdydudhdh]

I don't see how you can say with a straight face that getting technical just creates confusion and muddled waters when side-loading is already something that mainly technical users do. It just seems like a lazy way to dismiss valid criticism. The vast majority of users don't side-load on their phones or have any interest in learning to do so. Side-loading is already technical.

[lolinder]

Those are two different definitions of technical. When you accuse someone of "getting technical", it has a very specific meaning: It means that they're overemphasizing the dictionary definition at the cost of more practical considerations. That's exactly what's happening here, by calling what Apple allows on iPhone "sideloading". Yes, technically, you are able to get an app on your phone without going through the app store. But without a paid developer account, the fact that you have to reinstall weekly is intentionally designed to make that impractical for actual use.

[lolinder]

I built myself a custom calculator 5 years ago for my Android phone. I've reinstalled it once in that time frame, and that only after switching phones. Other than that, it's just there when I need it, with 0 maintenance in 5 years.

Were I to switch to an iPhone, I would have to either list my calculator on the app store (and pay the yearly developer fee) or have to remember every single week to "refresh" my app, otherwise it won't work the next time I need it.

Android has side loading. iOS has the bare minimum concession to allow developers to build something at all, and even that has unnecessary friction built in explicitly so that people don't try to use it to sideload.

[jsjohnst]

> > Yes, the conditions of side loading (needs a free developer account, must have app signing refreshed weekly, etc) might not be palatable for your taste

> have to remember every single week to "refresh" my app, otherwise it won't work the next time I need it

Did I not fully state that up front? Just because it doesn’t work for your needs (or mine for that matter) doesn’t change that my point is 100% correct, to say that sideloading isn’t possible on iOS is fundamentally wrong. Fake imaginary points (aka HN votes) be damned, I’m not going to cave to the Android fanboys. Apple/iOS has many faults, so I don’t get why folks need to focus on something that isn’t factually correct.

[lolinder]

First, just to clear this up: I am not an Android fanboy, and not an iOS hater. My wife has an iPhone and an iPad and they are great for her use case, and I have a lot of respect for the consistency of the experience on an iPhone. I reluctantly have an Android phone because it's the only thing out there that meets my needs at the moment, but I'm under no illusions as to its flaws.

On to the question of side loading: technically, Apple does provide a way to load code not from the app store. Some might call that side loading. However, when most people say that they want to be able to side load apps on their phone, they expect that their apps will function as first-class citizens. Apple's version of side loading is more like a very temporary work visa than a grant of citizenship, which makes it structurally different than what is being asked for.

[Sebb767]

> I'm betting Windows is the leader in "my-pc-is-not-my-pc-anymore" :/

There are PCs out there running ChromeOS and Android. Not to mention smartphones and game consoles.

Windows is not good in this regard, but it's by far not the worst (though the UX for administrative actions is really not great, IMO).

[techrat]

(Nearly?) All ChromeOS devices use CoreBoot. You really can't get much more open than that.

Android is open source and if you don't buy a locked down device from a carrier, the bootloader is unlockable and the system easily rootable.

Your two examples of something more 'not my pc anymore' than Windows aren't exactly good ones.

Now, if you were to mention MacOS and iOS... then you definitely would have had a point.

[Sebb767]

> (Nearly?) All ChromeOS devices use CoreBoot. You really can't get much more open than that.

Last time I looked, it was really hard to install anything other than ChromeOS on Chromebook hardware. You can install a chrooted Linux on them, yes, but on the device itself you can't even execute unsigned binaries.

Impossible? No. Harder than executing an installer with elevated rights? Yes. Plus, they also come with pre-installed software like Google Docs.

> Android is open source and if you don't buy a locked down device from a carrier,

That's quite a big if. Android itself is open source, yes, but >90% of the ecosystem rely on Google Play services, which are anything but. And, when talking about pre-installed apps that the user can't remove without a lot of effort, Android basically invented that.

> the bootloader is unlockable and the system easily rootable.

If you wipe your device and void your warranty. And then install a third-party binary to actually use those rights, while similarly loosing the ability to use quite a few apps (like banking). That is, if the manufacturer makes it that easy (Xiaomi, for example, needs you to sign up and wait for that - it's possible, but anything but frictionless).

> Now, if you were to mention MacOS and iOS... then you definitely would have had a point

I can't talk about MacOS, to be honest. Though, as far as I know, getting a root shell is not hard and running own software is not a problem.

We agree on iOS, but the grandparent talked about PCs - iOS really does not fall into that category (that's why I explicitly mentioned smartphones).

> Your two examples of something more 'not my pc anymore' than Windows aren't exactly good ones.

Windows is not a good example of that. Don't get me wrong, I don't like windows. But it's by far not the worst example of a locked-down, vendor-owned system and it would be even less bad if the administration UX would be simpler.

[techrat]

> Last time I looked, it was really hard to install anything other than ChromeOS on Chromebook hardware.

Look again.

Switching to Developer Mode and hitting Ctrl-L at the boot up screen allows you to boot from USB or SD Card.

>And, when talking about pre-installed apps that the user can't remove without a lot of effort, Android basically invented that.

This statement is so disingenuous that I'm just going to stop quoting here.

Hello? iOS? Couldn't even remove icons/apps like Newsstand off your homescreen for 7 OS versions.

You need to familiarize yourself a bit more with what you're criticizing lest you sound like a head-in-the-sand zealot.

[Sebb767]

Maybe you should have read my comment (or the previous one):

> We agree on iOS, but the grandparent talked about PCs - iOS really does not fall into that category (that's why I explicitly mentioned smartphones).

[jmnicolas]

> Android is open source and if you don't buy a locked down device from a carrier, the bootloader is unlockable and the system easily rootable.

Yes but it's a subpar experience compared to the closed Android.

I use GrapheneOS since about a year, and I can't do much with my phone anymore. I stay on it for the same reason I have Kubuntu on my PC: it's a relief to know it's not Microsoft's / Google's all seeing eye.

[shawnz]

If there was never an "old way" of doing things that didn't involve the new TrustedInstaller system, then would we even be thinking twice about these new restrictions? Or would we just see the restrictions as part of the design of the APIs?

Just because they took a part of the system that used to be externally facing and made it internally facing, I don't think that is the same as making "your PC not your PC anymore". If they were blocking administrators from executing arbitrary code or having arbitrary access to I/Os, that would be a different story.

[bob1029]

> If they were blocking administrators from executing arbitrary code or having arbitrary access to I/Os, that would be a different story.

I think this is the exact story being discussed here.

[majkinetor]

> But DAMN that quote above is really showing me how bad it is out there !

Actually Windows is quite awesome nowdays. I was using mentioned OSes for years during periods of Windows downs, and since Satya Nadella took the leadership I was very happy with Windows (I primarily spend my time in PowerShell, browser, vscode and using dev tools but have different dedicated installations for games, media etc.)

Now with this can't-turn-off-helicopter attitude I am really considering switching to some Linux variant again. Mac is totally out of question due to similar concerns.

[jmnicolas]

> Magic-Pony-OS

and there I was thinking you were joking, but there's actually a PonyOS!

https://www.ponyos.org/

[rawoke083600]

Haha i really was joking :D, Was looking for the one crazy-one-person, that "simply-must-know" if there is a such a OS :D

[jmnicolas]

You got me :)

[rawoke083600]

Damn it looks "pretty" in a "Hello-Kitty" sort of way :D

[Wowfunhappy]

I’m not proud of it, but when the reporting on Pegasus came out last week I was thinking “I wonder if this could lead to a Jailbreak on iOS 15.”

[Godel_unicode]

Except this is in no way an exploit. Running processes as TrustedInstaller is no different than a user using sudo to run vim as root.

[majkinetor]

Yeah, it was the only way to remove defender. Then I used debloaters and shutup10 to remove all other "features". Windows didn't like it and returned ALL of them on update. Now I disabled update, and are totally motivated to go back to linux.

Luckily all the tools I use on Windows are x-platform and with PowerShell, vscode, sql server etc. on linux and games working nothing holds me any more. I will probably miss Autohotkey and Foobar2k (maybe total commander but Dobulecmd is decent alternative and much better in some domains).

[techrat]

>...and are totally motivated to go back to linux.

Windows 10 was what broke me and got me to using Linux full time. Before that, I barely knew how to even just get my way through debian to resume a disconnected screen session. Now I prefer to be in Linux. Even if the software that I can run using Wine/PlayOnLinux/Proton/Lutris isn't 100%... it's sufficient to where I don't miss being on Windows at all.

I recently upgraded my main system and used the extra parts to rebuild my Win 10 standby box. I grew up on Windows. Started with Win3.0/DOS and used every iteration except WinME and Vista... and the rebuild only reminded me how much of a pain in the ass Windows is to install. 10 still has a lot of the usability bugs I've encountered from way back in the Win98 days but all the extra crap we have to deal with now (most inconsistent and overencumbered UI ever) just makes it even more of a chore to use than it ever has been.

For what it's worth, Foobar2K runs great in Wine.

[gruez]

>Yeah, it was the only way to remove defender

Why not just disable it using group policy?

[Karunamon]

For one thing, setting that policy merits a malware detection in defender itself!

https://twitter.com/Karunamon/status/1413280394439397376

[bob1029]

Totally removing defender as TI is the only option if you dont want it turning itself back on arbitrarily. I went through this hell yesterday for about 3 hours.

[gruez]

>Totally removing defender as TI is the only option if you dont want it turning itself back on arbitrarily

I disabled it via group policy 2 years ago and just checked, still disabled.

[majkinetor]

It was working like that before, but on latest updates it automatically turns on every restart (or so).

I don't really need to remove it, only disable it because it visibly slows down machine x2-x10 depending on what you do.

[gruez]

> It was working like that before, but on latest updates it automatically turns on every restart (or so).

that's if you disable through the normal settings interface. the group policy settings stick, although you might have to turn off "tamper protection" first before applying the group policy.

[bob1029]

What version/edition of Win10 are you on?

[gruez]

LTSC

[majkinetor]

Hell is the right word for it.

[malwarebytess]

Because he wants to removed unwanted software from his machine, not disable it. It's not dissimilar to being unable to remove bundled software on android.

[gruez]

What's the difference, that you save 200MB of disk space?

>It's not dissimilar to being unable to remove bundled software on android.

It actually makes less sense on android since bundled apps are typically installed on the /system partition, which means they don't really take up any disk space (the space allocated to the /system partition is the same regardless of whether the app is there or not).

[chungy]

Feature, I'd say. Volume Shadow Copies are used to make consistent online backups of an NTFS file system. I don't think non-admin users are normally able to make them in the first place, and if admin is required, it's hard to see the fuss.

[gruez]

>I don't think non-admin users are normally able to make them in the first place, and if admin is required, it's hard to see the fuss.

shadow copies are automatically created as part of system protection (enabled by default).

[sveiss]

Definitely a bug. The Unix equivalent would be a package update silently making /etc/shadow world readable, exposing the hashed passwords of local users.

Not a big deal for a single user machine — there’s nothing you can do with this that you can’t do some other way as a local admin/root — but not good if you have untrusted, non-admin user accounts.

[rootsudo]

Huge oversight, it renders and breaks previous GPO, meaning that the tech debt in Windows NT itself is huge.

Which makes you wonder really how comfy OSX POSIX is, but they had their own fun bugs lately too, sudo for example and other ones. Plus they're doing an CPU Arch jump.

Kinda feels like the 90's again, in a sense.

[Datagenerator]

Due this feature or was this possible normally too? Any links?