clarity Archives

Winsage

June 25, 2026

Introduction to COM usage by Windows threats

Component Object Model (COM) is a technology in Windows that enables object activation, inter-process communication, and automation across different programming languages. Malware exploits COM interfaces for activities such as lateral movement, execution, downloading, exfiltration, persistence, evasion, system discovery, and automation of Windows and Office functionalities. Reverse engineering COM-heavy binaries involves navigating GUIDs and indirect vtable calls to understand malware mechanics. Research at the AVAR 2025 conference and CARO 2026 workshop discusses methodologies for analyzing COM binaries and case studies of malware families that utilize COM. COM is an application binary interface (ABI) model that allows software components to be reused and enables interaction between different programming languages through interfaces defined at the binary level. Distributed COM (DCOM) allows clients to activate COM objects on remote systems. COM classes are identified by unique class identifiers (CLSIDs), and interfaces by interface identifiers (IIDs). The Windows registry stores COM registration data, with classes and interfaces located under specific keys. Malware often acts as a COM client, utilizing the COM runtime to instantiate classes and request interfaces. ProgIDs provide human-readable registry entries for COM classes. The CoCreateInstance function helps create class objects by resolving CLSID registrations. All COM interfaces derive from IUnknown, which manages object lifetimes and interface querying. COM has its own security model, and identifying classes and interfaces used by malware is crucial for threat researchers. Tools like ComView and OleView.NET assist in inspecting COM registrations. The analysis workflow includes identifying activation API calls, extracting CLSID and IID values, consulting registry definitions, and mapping vtable calls. Qakbot, a banking trojan, exemplifies the use of COM in malware, with its architecture enabling malicious activities like credential theft. Dynamic analysis tools can log COM-related calls in real-time to trace execution flow. Notable malware families that utilize COM include Gh0stRAT, which uses Task Scheduler COM interfaces, and the Attor platform, which employs BITS for file transfers. WarmCookie demonstrates the use of COM for persistence through Task Scheduler. Understanding COM's role in malware is essential for cybersecurity professionals.

AppWizard

June 25, 2026

Knight of the Old Republic 2 was great because it peeled back Star Wars’ black-and-white morality

Knights of the Old Republic II is a sequel that deconstructs its predecessor by exploring darker themes and the complexities of morality rather than adhering to a simple good versus evil narrative. Designer Chris Avellone challenges traditional Star Wars mythos, presenting players with the Exile, an outcast dealing with the consequences of past decisions. The game features a diverse cast, including Kreia, a mentor whose philosophy complicates the understanding of morality. Despite facing development challenges, such as a rushed timeline leading to technical issues and incomplete content, the game has been enhanced by the Sith Lords Restored Content mod, which restores missing material. Kreia is recognized as one of gaming's most compelling characters, and the game's writing and character development are praised, contributing to its legacy in video game history.

AppWizard

June 22, 2026

Gemini’s new app design makes me worried for the future of Android UI

Google has rolled out the "Neural Expressive" design in its Gemini app, aiming to enhance interaction across mobile apps and browsers while integrating with Android's smart functionalities. Users have expressed concerns about usability, noting that the new thinner typography affects readability and that intuitive features have been altered, leading to confusion. The model selector has been moved to the top of the interface, and attachment options are now combined with creation tools, complicating navigation. The account switcher has been relocated from the top right corner to the bottom of a side panel, making account transitions more cumbersome. Despite these issues, users appreciate the fluid animations, vibrant color schemes, improved haptic feedback, and a more responsive microphone in the app. There is a call for Google to prioritize intuitive design and user-friendly navigation over aesthetic changes that disrupt established workflows.

AppWizard

June 21, 2026

I changed one Android 17 setting and made my Pixel home screen so much cleaner

Google Pixel phones have received an update that enhances home screen customization, allowing users to remove the At a Glance widget and eliminate app names for a cleaner aesthetic. The Android 17 update introduces five app icon styles and shapes, including a Minimal option that aligns icons with a color palette, and a Create option for custom designs with six styles. The Google Pixel 10 is highlighted as the ideal device to experience these features and future updates.

Winsage

June 21, 2026

Microsoft reveals how to verify Windows 11’s Secure Boot update, what to do if your PC missed it

The expiration of Microsoft's Secure Boot 2011 certificates on June 24 will not prevent older Windows PCs from booting, as confirmed by Microsoft. Devices will continue to operate normally, but they will miss future boot-level security updates, including updates to the Windows Boot Manager and mitigations for newly identified vulnerabilities. The ability to receive the Secure Boot 2023 update depends on the device firmware's compatibility, with many manufacturers, including Dell, HP, Lenovo, and ASUS, having cutoffs for BIOS updates based on the device's End of Service Life. Older PCs using Legacy BIOS or Compatibility Support Module (CSM) mode do not utilize UEFI Secure Boot, making the update irrelevant. Users running Windows 11 on unsupported hardware may have Secure Boot disabled or improperly configured. Without the 2023 certificates, devices cannot receive future revocation updates to the Secure Boot DBX, which lists compromised bootloaders. Users on Windows 10 with supported OEMs may receive the update if a compatible BIOS is available, while those on older PCs without updates can continue using their devices but will lack future security updates. The Secure Boot status can be checked through the Windows Security app, with color-coded badges indicating the status of the certificates.

AppWizard

June 19, 2026

Guild Wars 3 is ‘significantly more’ of an MMO than the first game, but that doesn’t mean it’s like GW2: ‘All three of our games can coexist as different experiences’

Guild Wars 2 is a significant title in the MMO genre, following the original Guild Wars, which is more accurately described as a mission-based action role-playing game (ARPG) with shared town hubs. ArenaNet's studio head, Colin Johanson, confirmed that the upcoming Guild Wars 3 will be an MMO, with some nuances. He categorized the original Guild Wars as a "cooperative online RPG" and noted that Guild Wars 2 was designed as a true MMO. Johanson's comments reflect on the challenges and emotional experiences associated with MMOs.

AppWizard

June 18, 2026

Stellaris’ Nomads expansion finally lets me live out my Battlestar Galactica fantasies, though its Wayline system could definitely use some work

Players in Stellaris experience an enchanting initial phase of exploration, discovering alien species, mega structures, and black holes. They must balance exploration with territory claiming, as resource management is crucial. Resources can be transported back to the Arkship or harvested directly from planets, though the latter incurs penalties. Nomadic players need to forge alliances and establish Wayline treaties to survive and thrive, while new resources like Operational Reserves add complexity. Upgrading the Arkship is rewarding, and the game features a vibrant post-Nomads era with new music and events enhancing gameplay.

Winsage

June 17, 2026

Windows 11’s best AI feature is the one you might never find

Windows 11 has introduced an AI-driven feature called Voice Focus, designed to filter out background noise for users in noisy environments. Integrated into select Asus laptops, it effectively eliminates most ambient sounds but may render voices slightly nasally. Microsoft's own Voice Focus offers more natural audio quality, though its performance can vary. Tests showed that Voice Focus could filter out background music and white noise while preserving voice clarity without heavily taxing laptop performance. However, the feature's availability is inconsistent across devices, as Microsoft has not clearly communicated which models include it. Voice Focus may not be universally available, requiring users to check if their laptops support it.

Winsage

June 17, 2026

Introducing the next Surface Pro and Surface Laptop, built for performance and flexibility

Surface has evolved over 13 years through contributions from architects, developers, students, and engineers. In 2026, Surface will launch its most extensive Surface for Business lineup, including an integrated privacy screen and the Surface Laptop Ultra, designed for developers and creative professionals. The Surface RTX Spark Dev Box will cater to AI developers needing local compute power. The new Surface Pro and Surface Laptop, powered by Snapdragon X2 processors, will be available starting June 16, with business options launching on July 14. The Surface Pro 13-inch features up to 53% faster graphics performance, 15.5 hours of battery life, and a 1440p Quad HD camera, priced from 9. The Surface Laptop, starting at 9, offers up to 20 hours of battery life and 58% more graphics performance than previous models. Both devices include vibrant LCD screens and are available in multiple colors. Surface devices are designed for AI workloads, featuring dedicated NPU silicon and robust cloud connectivity. The new touchpad and Slim Pen provide haptic feedback for enhanced user experience. Surface devices prioritize sustainability, with enclosures made from 100% recycled aluminum and ENERGY STAR certification. A new Surface Repair Tool assists users with repairs. Exclusive offers are available for U.S. customers from June 16 to June 30, including complimentary accessories and trade-in savings.

Winsage

June 15, 2026

Linux 7.2 To Better Communicate File-System Casefolding For Helping Windows NFS & More

The Linux 7.2 kernel has introduced enhancements for reporting case-folding behavior in local file systems, allowing file servers to accurately convey their case sensitivity capabilities. Linus Torvalds merged Virtual File System (VFS) related pull requests that enable local file systems to report case-folding behavior, benefiting services like NFSD and KSMBD, particularly for Microsoft Windows NFS clients. Filesystems can now report case-insensitive and case-nonpreserving behavior through new filekattr flags in their fileattrget implementations. Supported filesystems include FAT, exFAT, NTFS3, HFS, HFS+, XFS, CIFS, NFS, VBoxSF, and ISOFS, with others defaulting to POSIX behavior. NFSd uses this information to report case folding via NFSv3 PATHCONF and implement NFSv4 attributes for case insensitivity and case preservation. The enhancements aim to improve interoperability, allowing Windows NFS clients to function correctly by reporting case-insensitivity, which streamlines operations and avoids unnecessary requests. The Linux NFS client has previously supported case-insensitive shares, requiring adjustments to caching behavior. Accurate case folding reporting is crucial for servers operating in multi-protocol environments to maintain interoperability.