Hey Sup Forums, a group of us have been working on a build of Windows 10 focusing on privacy and stability. All telemetry and windows update functionality has been entirely deleted from the system (about 2GB removed). We also removed all default apps (Edge, Cortana of course, Windows Media Player etc…) and replaced them with FOSS alternatives.
>Windows 10 Image with ALL spyware deleted from the OS >Updates and hidden repair services deleted and disabled >Cortana, Edge, Apps, Windows Media Player deleted >Replaced with only basic FOSS apps, leaving most of the changes to the user >works with all modern games and productivity software
The next build is almost done, just need to update the documentation before releasing. Some changes from the last build that will be in the next one; ISO installer, securitywithoutborders' hardentools, added Microsoft IP ranges to block list in hosts file, custom theme support, and modified windows explorer to look like the windows 7 version.
Changes from 24-10-2017 build:
We are currently working on hardening security and fixing bugs, so any help is much appreciated.
yeah and you're retarded. no surprise there. this provides literally 0 benefit over LTSB. At least with LTSB you still get security updates.
Dominic Ramirez
From what I can gather, this isn't trying to be like LTSB... It's focusing more on being stable and not getting cucked by windows update
Parker Anderson
This week, and after that I will dedicate the rest of my time figuring out how to make the image small with the latest security rollup.
Jaxson Williams
samefag. but maybe windows users are dumb enough to install random spyware homebrew versions of their OS
Please tell me op, how is this any better than someone just using the LTSB release? also, lmao at no updates great security
Owen White
How about you just install gentoo?
Evan Barnes
You think I'm going to install some modified OS made by people from Sup Forums? Lmao you're dreaming. That's even worse than MS telemetry. None of you can be trusted.
Limited control over the updates you receive is something that comes to mind, all or nothing approach to updates is the same as the consumer versions. Version after next will have security updates for those who want them. It really doesn't matter either way, if you don't use windows as your main OS, the security concern becomes much less of a problem.
Isaiah Hernandez
>focusing more on being stable
>2 year old build >no updates >files deleted at random
Sage this shit and use Linux instead.
Hunter Williams
Holy Shit.
Well. I wish you guys luck untangling that mess and keeping it somewhat updated. Might grab this for my gaming VM and give it a test run.
Joseph Cox
yunno my 2009 win 7 image is getting a bit creaky
im totally going to give this a go... and im a big fan of skipping the installer... i used to just have a disk image of win7 setup the way i liked and would just restore from that.... saved me countless hours of fuckery
if this 10 can drive my hardware ( had problems when i tested it) i very much welcome it
Asher Gutierrez
>i used to just have a disk image of win7 setup the way i liked and would just restore from that How can I restore from an image? what software do you use?
Ethan Gonzalez
Fo the link in the OP:
"[...] It’s important to remark, that due to Windows 10’s update mechanics, combined with Microsoft’s decision of abolishing its testing devision for update distribution, a stock system is extremely unpredictable and subject to an ever-shifting, uncontrollable state of disarray - but nevertheless vulnerable to leaked back-doors, in cooperation with the NSA - seriously undermining and questioning the validity of the official narrative’s claim to security and progress."
John Carter
>the stock system might be vulnerable to zero-days so I'll use the system that has two year's worth of published vulnerabilities
Caleb Diaz
Use clonezilla Fun fact, you can follow the guide we made on making a clonzilla image of AME for any operating system.
Logan Roberts
> hey Sup Forums get this ourdated w10 with security updates disabled and mine BTC for me or the first ruskie that use the billion vulnerabilities that will never be patched on this version k
Seriously this thread should be instantly deleted and banned
You can install the updates if you do the process yourself. Microsoft publishes cumulative rollups every month.
Chase Morgan
>In total, 530 Microsoft vulnerabilities were reported in 2016, with 36% (189) given a critical severity rating. Of these critical vulnerabilities, 94% were found to be mitigated by removing admin rights Let's rephrase that: >In 2016 there were 11 critical vulnerabilities in Windows that could be exploited without admin rights.
Daniel Ortiz
You're an idiot
Asher Martinez
>>files deleted at random This is completely normal for windows. Hard shutdowns during stealthy modifications of important files actually drop file indicies and slowly corrupt OS' critical files overtime.
It is never safe to turn off your machine using the hardware button until the blue screen turns black.
How do I know? I fix win machines on the side and a VERY up to date CHKDSK binary sandwiched in a VM between a ramdisk writecache gets them up and running again in 30 minutes if the SMART on the disk reads okay. Shit just deletes itself. They need better transaction logs and CoW.
Isaiah Clark
>out of arguments >call him an idiot
Kayden Green
His argumentative path is a truncated frame of reference.
1. If you care about security, you shouldn't be using Windows for security critical tasks
2. His entire spiel ignores the fact that AME is till more secure than vanilla 17.09
3. Add practicing safe browsing habits and not being a complete idiot, and there is absolutely no security risk what so ever.
Hudson Bailey
You guys are going to get the living shit sued out of you
Ethan Brooks
I prefer to give living creatures names, kaka-kun I call them.
Landon Davis
>AME is still more secure than vanilla 17.09 Even the authors don't claim that to be true. Instead they suggest additional steps to mitigate A PART of known vulnerabilities. Those additional steps would work just as well on a recent build.
You argument is "it's secure if you avoid situations where a vulnerability can be exploited". Just don't use your computer, that's as secure as it gets.
David Watson
Totally not a honeypot. If you guys want to have any credibility, you need to give instructions on how to replicate your build so we can verify ourselves you're not bundling a keylogger with it.
Austin Gonzalez
But that's exactly what we do! see
John Turner
Great, the next step is to stop telling people to use two year old unpatched and unsupported versions of Windows.
Juan Robinson
0/10 read the documentation in the site before posting.
James Flores
>here's our version of windows >guys look we made our of version of windows >Windows 10 AME aims at delivering a stable, non-intrusive yet fully functional build of Windows 10 to anyone, who requires the Windows operating system natively >by the way we are totally not suggesting that you should use it!
Luis Morris
?
Joseph Allen
This
Ian Lopez
This seems like the most pointless thing ever. If you want to use W10 and not update it or use any of it's online "features" then just block every Microsoft process in a firewall. If you think that the spyware is so deep that it will somehow bypass this then you shouldn't feel save with this project either.
Jose Gonzalez
Your response to "stop suggesting people to use unpatched versions of windows" is "read the documentation" Your documentation says that your aim is to deliver a Windows build, with certain qualities that it may or may not have, to "anyone".
That definitely looks like you're suggesting that some people should use it. If that's not correct then I suggest updating your site with a big note saying "WE ABSOLUTELY DO NOT SUGGEST ANYONE TO EVER USE THIS PIECE OF SHIT"
Anthony Ramirez
i used norton ghost 6.0 for ages but its now totally depreciated
i know of clone zilla but never used it. Is there anything clonezilla does that i cant do with my trusty debian live usb ? what format is the image file ?
Jason Young
Ohhhhh I see now, thanks for the tip user. I'll add that to the next build. I'm not sure you know what a firewall's function is. You see a firewall is a network appliance that filters network traffic. >you shouldn't feel safe with this project either Correct, please read the documentation or previous replies in this thread.
Xavier Reyes
Clonezilla uses its own format you can use Clonezillla in Ubuntu if I recall correctly.
Nathan Howard
Correct, you should feel less secure with this project.
Hudson Flores
yeah its insane in an insane world, but i have a computer for hi-res flac just for my hifi and it runs an unupdated 2009 win 7 image no anti virus and its been connected to the internet for 5 years and its fine
microsoft broke updates for me with all their shenanigans. Using this as primary OS might be a risky but if you run *nix and need some modern windows software in a VM this thing is fucking awesome ... might finally get me off my dual booting and into the future
Justin Perez
>Assuming that a windows install full of ads and literal spyware built-in is somehow more secure. I have no response to this.
Bentley Ward
clonezilla exists only to help those too retarded to use the "dd" command correctly.
Jason King
>doesn't know that dd doesn't copy the data inbetween windows partitions that requires it to boot heh
Colton Gray
Depends on what you consider secure. Let's assume that you went through the effort of clicking on the privacy toggles that Windows shoves in your face during setup so you're running basic instead of full telemetry and made no other changes. Is sending Microsoft pic related less secure than having two year old vulnerabilities on your system? Vulnerabilities that can be exploited by simply visiting a website or by someone who connects to the same wireless network.
John Powell
>replaced them with FOSS alternatives. how about you don't fucking add bloat mate? I know how to install stuff for myself.
>no update capability dead in the water, win10 software now mandates certain update versions to work. useless.
just install LTSB and disable telemetry and Cortana in group policy
Carson James
First off thank you for writing out a thoughtful reply. >Pic related This would be less than ideal considering these settings get reset every update and considering you are trusting Microsoft's own word with no proof given by them. >Two year old vulns This really comes down to what specific vulnerabilities they are, can it be mitigated by not giving user full admin right, can it be avoided by browsing with uMatrix/ with browsing habits that ensure security? If yes then these are already covered. If not then do any of the security updates actually fix these vulnerabilities? If yes then hey I'm working on it, I do see the importance of covering this scenario. The wifi example...don't use wifi, whatever you are doing on the go can most likely be done in linux.
Elijah Cruz
Just use Windows 8.1 Industry Pro with Win7+ for tweaks
Nathaniel Davis
>I know how to install stuff Then you know how to uninstall stuff too.
>Windows Update specific versions of windows update are not required to apply patches to the OS. How do I know? dism /online /addpackage /packagepath:
>Group Policy Group Policy has been proven to be broken in all versions of windows 10.
Jacob Williams
>Then you know how to uninstall stuff too. then what is the point of your dumb ass project? I can uninstall the built in apps as well, and I can "debotnet" win10 better and easier than using your piece of shit honeypot.
Lincoln Butler
>working on a build >a build
You have the source code?
Dominic James
>then what is the point of your dumb ass project? I can uninstall the built in apps as well, and I can "debotnet" win10 better and easier than using your piece of shit honeypot.
Prove all of these claims you have just made and then maybe someone besides yourself will believe you.
Jose Thompson
>these settings get reset every update No they don't. You might be referring to pic related. There was also an issue where default applications were reset. It is not true that telemetry settings get reset every update. In fact the first update for Windows 10 made it so that you had to explicitly select your privacy options before updating because they changed how they worked.
>remove full admin rights >use uMatrix >don't use wifi >use linux instead That does not count as "covering" security vulnerabilities. Instead of fixing software you are introducing limitations in terms of how the software should be used.
>Group Policy has been proven to be broken in all versions of windows 10. You'll need to provide some source for that because I have been using group policy to configure Windows for a very long time and I never had issues with it.
Eli Parker
what the fuck are you talking about? I have literally never had an issue with this and I work at a shop doing residential computer repair, i clone at least a dozen drives a month and have never experienced this problem you claim exists.
Wyatt Morris
>Windows >Privacy and stability Unless you have the source code that isn't happening. Anybody who cares about those things is on Linux. Go sell you snake oil elsewhere
Josiah Lee
>windows
Jason Gray
dude, you're the one doing a repack, it's up to you to prove your trustworthiness.
Lucas Hill
The argument for telemetry seems to be that a small amount of telemetry is ok. I would argue no amount is okay especially when dealing with Microsoft.
>you are introducing limitations in terms of how the software should be used How so? These are suggestions, no one has to follow them. You are just as likely to get infected with some new variant without any protection on a fully updated version of windows. This guy would understand since he probably sees this walk in everyday. >You'll need to provide some source I apologize really am ill prepared for this specifically. I know there were issues with handing updates properly and ignoring user settings. It does not invalidate the other aims of this project.
I tried dd first since that is what I normally would use. It did not work. Boot drive was not found every time. If you have a working command, I'd love to see it.
Focusing on if you were to quote the entire piece. You can focus on it but with windows obviously you can never vet it without the source. This is a limitation of the windows ecosystem something that is out of my control. >Anybody who cares about those things is on Linux duh I've said this multiple times, but no one here cares to read anything so I'll just let you say it. >Go sell you snake oil elsewhere It's free user, no one is forcing you to do anything. You can either try the snake pis- *ahem* oil for yourself or continue to use whatever you wish.
Which is why I documented everything, you can compare the one you make against the one I made. Trust is gained by others vetting your work. Not by asking people to trust you.
Luke Morgan
>The argument for telemetry seems to be that a small amount of telemetry is ok No, the argument is that even telemetry is better than your unpatched shit. If you want no telemetry then I suggest installing Enterprise or LTSB and then following the instructions that Microsoft provides. That way you get both no telemetry and proper security updates. If someone doesn't trust Microsoft's documentation then why the fuck would they trust instructions made by some retard on Sup Forums?
>These are suggestions, no one has to follow them. But if they don't follow them they are more likely to get a cryptolocker on their machine than if they used regular Windows 10 and didn't bother with any suggestions.
>You are just as likely to get infected You are much more likely to get infected while using your build. It seems to be that you're trying to argue that a savvy user using your build is less likely to get infected than an average user using regular Windows 10. That's a moot point because of what I already explained in the first paragraph.
Cooper Roberts
not him but dont get so mad, this shit is perfect for a VM, running it inside my debian macbook air raight noaw.
Its modern. its light. and it doesnt have what i dont like.
Justin Morris
>hey Sup Forums please install this two year old build of windows with no updates that i made >why is everyone mad
Hunter Lopez
>install you dont install it, its an disk image >no updates updates have been turned off on alot of machines i know since windows started spiking he punch-bowl. I never trusted windows, if i want security and updates i use *nix and this inside a VM (sick of fucking with wine) >why is everyone mad u mad
Ethan Flores
>you dont install it, its an disk image You are trying to make a pointless distinction that doesn't even exist. To install something doesn't necessarily mean that you installed it using a setup program.
>I never trusted windows It's ridiculous that you trust an image from a literal nobody more than Microsoft.
Alexander Bennett
i didnt say i trust it, but i sure as hell will use it for what it is... whats the worst it can do inside a vm ?
Grayson Rivera
>No, the argument is that even telemetry is better than your unpatched shit You have no proof. "But I don't need proof! I can just prove you wrong with rhetoric instead!" uh huh...
>But if they don't follow them... Not my problem. Why would cryptolocker be a problem for an OS being used for non-critical applications? Wipe the drive and start over if you manage to be this stupid.
>You are much more likely to get infected while using your build You have no proof. "But I don't need proof! I can just prove you wrong with rhetoric instead!" uh huh...
Henry Foster
im a smart person, i use linux when i can but i work as a sysadmin in a windows environment.
i love windows 10 and i hate windows 10 and i love windows 7 and i hate windows 7... for good reasons.
i use all major web browsers but i hate them all... i use edge least.
despite everything i've said and how little i use edge, it has to be one of the best things browsers out there. why the fuck would you remove it?
Jonathan Reyes
First off all, Windows 10 completely ignores your privacy settings in the UI, there are entirely placebo.
"[...] The security researcher,MarkBurnett (@m8urnett), went on toshowthat with teredo IPv6 disabled, the system still checks for IPv6 connectivity. SmartScreen is disabled but it still connects. Telemetry is disabled. Still connects. Error reporting disabled. Still connects. Sync-related services all disabled at a group level. Still connects."
Second of all, the changes you are trying to make in group policy, have likely been blocked in consumer editions of Windows 10 after the anniversary update.
"[...] The big one is the Turn off Microsoft consumer experiences policy. We have talked about the feature previously. It powers among other things the installation of third-party apps and extra links on Windows 10.
So, if you did not want Candy Crush to be pushed to your operating system, you’d disable the policy to block that from happening."
Robert Hughes
> who do trust more ? > hackers ? > microsoft
/thread
Jeremiah Anderson
What about XP black?
That was made by the literal proto-spawn of Sup Forumstards, Maddox.
Xavier Cook
>"[...] The security researcher,MarkBurnett (@m8urnett), went on toshowthat with teredo IPv6 disabled, the system still checks for IPv6 connectivity. SmartScreen is disabled but it still connects. Telemetry is disabled. Still connects. Error reporting disabled. Still connects. Sync-related services all disabled at a group level. Still connects."
Out of all the articles you managed to pick the one made by a """security researcher""" who is too stupid to read simple instructions. He ran all of his tests with full telemetry enabled. See pic related.
Not only did he do that but he also didn't for a moment consider the possibility that he fucked up. Instead he just posted it on twitter and spawned a shitload of news articles based on completely wrong information.
Telemetry in Windows is a problem but it can be disabled in Enterprise versions and it's not nearly as bad as idiots like that """security researcher""" made it look like with their incompetence.
Nicholas Hughes
> xp black >not using gold xp made by muhamed sadeem from computer worm corporation
man who thought he had lost all trust finds a little more trust left and loses it
Jordan Hall
Ltsb doesn't have wsl though
Lucas Murphy
Neither does the two year old Windows 10 build that those retards are using.
Charles Foster
If I don't trust the version of Windows that Microsoft puts out, I'm sure as fuck not trusting a version of it that a random bunch of people on the internet puts out.
Brandon Smith
just add systemd and itll be perfect
Cooper Gray
>chicken invaders 2 everytime
David Miller
I found some guide the other day which lets you create a customized iso so it can be installed with the usual installer but will have all your programs and changes check it out op would be much nicer than using an image
>>Windows 10 Image with ALL spyware deleted from the OS Windows 10 does not contain spyware.
>>Updates and hidden repair services deleted and disabled It doesn't shock me that people who think Windows 10 contains spyware also believe this is a good idea.
>>Cortana, Edge, Apps, Windows Media Player deleted I use all of those and find them useful, so do my family.
>>Replaced with only basic FOSS apps, leaving most of the changes to the user So they removed good hit people like using and replaced it with hobbyist software that is a PITA or just plain shit.
>>works with all modern games and productivity software So does normal Windows 10, only noramal Windows 10 works better and is more secure.
>We are currently working on hardening security and fixing bugs, so any help is much appreciated. No you aren't, you don't have the source code to harden Windows any more than it already is, all these changes are because you have a severe mental illness and have been listening to those GNUmale Lincuck google shills who have no idea what the fuck they are talking about.
Aiden Bailey
>There are many people who like this There are also many people who are homosexuals, trannies, paedophiles.
Eli Brown
t. person that doesn't exist
Gabriel Stewart
Sooooo... you basically re-created LTSB, only without security updates?
Hunter King
ITT: People that fall for the security updates meme
Owen Young
>ITT: People that fall for the security updates meme
Ten bucks says this is the CSO for Equifax.
Jace Brown
You wish, I'm just somebody that uses a custom linux distribution and browse the world wide web exclusively through lynx, occasionally running the tor browser if i need to view imagery.
Joshua Hall
See
Angel Edwards
No, this is not ltsb see
Joshua Murphy
I am honored to see that Microsoft has started shilling their crap in these threads
Kayden Bailey
Concerning your image, both of those methods literally flip the same settings in the registry.
If you monitor a windows install from a VM for network activity, it is quite clear what is going on.
Ethan Taylor
I don't care what they say about the process; I still don't trust it.
Easton Morales
>literally flip the same settings in the registry Of course the flip the same setting, the problem is that "Disabled" and "Not Configured" flip it to the same value. Setting it to "Disabled" is the same as setting it to "Not Configured" the description makes that quite clear. You just need to spend a moment to read it. That is true for almost every group policy.