filesystem Archives

Winsage

January 30, 2026

I found a Linux user who switched to Windows 11 after 8 years of distros — and he actually prefers it. Here’s why.

Windows 11 is often criticized for being overly restrictive, bloated, and focused on AI features, while Linux is praised for its control and transparency. A former Linux user who switched to Windows 11 after eight years found that Windows 11 improved workflows and offered better compatibility and hardware support, despite acknowledging its shortcomings like data harvesting and mandatory account creation. The user appreciated tools like Scoop and Windows Subsystem for Linux (WSL) for enhancing their experience. The narrative emphasizes that the choice between operating systems is personal, with Windows 11 appealing to users for its convenience and compatibility, while Linux remains valued for its flexibility and control.

Winsage

January 30, 2026

I found a Linux user who switched to Windows 11 after 8 years of distros — and he actually prefers it. Here’s why.

Critics describe Windows 11 as overly restrictive and bloated, with a focus on AI and Copilot features, while Linux is seen as an ideal alternative for developers prioritizing control and transparency. A former Linux user switched to Windows 11 after eight years with various distributions, finding that Windows embraced workflows that suited their needs. They discovered tools like Scoop, which functions as a package manager, and appreciated the Windows Subsystem for Linux (WSL) for its integration without the challenges of desktop Linux. Despite acknowledging criticisms of Windows 11, such as data privacy concerns and unwanted interface changes, the user found Windows 11's compatibility and user-friendliness appealing. The narrative emphasizes that operating system choices are personal and depend on individual workflows and needs.

AppWizard

January 29, 2026

I turned my phone into a Linux desktop with this free app

Smartphones can function as desktop replacements, exemplified by the Steam Deck and the introduction of Local Desktop, which allows users to install a full Arch Linux environment on Android devices. Users can run applications like VS Code and Firefox by connecting a keyboard, with installation taking about ten minutes and not requiring root access. However, the installation process may require multiple attempts for stability due to various errors. Once set up, users can enhance their experience with the yay package manager, although some applications may not perform optimally. Local Desktop operates by installing an Arch Linux ARM64 filesystem within the app's internal storage and using proot to create a chroot-like environment. The display mechanism employs a minimal Wayland compositor for improved responsiveness. While it offers a portable Linux environment, performance can vary, and it is not suited for heavy workloads. The experience may appeal to tech enthusiasts willing to navigate its challenges.

Winsage

January 8, 2026

Windows can never be an immutable OS, and that might be a problem

"Immutable" operating systems are designed with a read-only core that is updated comprehensively, allowing user data and applications to exist independently from the base system, reducing risks of corruption and configuration drift. While macOS is largely immutable, Windows cannot transition to an immutable model due to its design based on mutability, which allows for continuous modification and backward compatibility. Windows 11's flexibility leads to a cumulative change model, making it increasingly difficult to troubleshoot and maintain. Microsoft has made some improvements within the mutable framework, but challenges remain, such as dependency control and application integration. Users expect seamless updates, but Windows is perceived as high-maintenance, leading to performance issues. A truly immutable version of Windows would conflict with user expectations and require significant software rewrites. Consequently, Windows is likely to remain in a hybrid state, adopting some immutable features while still facing issues related to its mutable architecture.

AppWizard

December 17, 2025

Cellik Android malware builds malicious versions from Google Play apps

A new Android malware-as-a-service (MaaS) called Cellik has appeared on underground cybercrime forums, offering capabilities for a subscription fee of 0 per month or a one-time payment of ,000 for lifetime access. This malware can be embedded into any app on the Google Play Store, creating trojanized versions of popular applications while maintaining the original app's interface. Cellik includes features such as real-time screen capture, interception of app notifications, filesystem access, data wiping, and secure communication with a command-and-control server. It also has a hidden browser mode that allows attackers to use the victim's stored cookies and an app injection system for overlaying fake login screens. The malware can inject payloads into installed apps, complicating detection. Cellik is designed to bypass Google Play security features, raising concerns about the effectiveness of automated reviews and device-level scanners.

Tech Optimizer

November 2, 2025

New EDR-Redir V2 Blinds Windows Defender on Windows 11 With Fake Program Files

An upgraded release of the EDR-Redir V2 tool has been developed to circumvent Endpoint Detection and Response (EDR) systems by using Windows bind link technology. This version targets the parent directories of EDR installations, such as Program Files, and creates redirection loops that blind security software while keeping legitimate applications intact. Unlike its predecessor, EDR-Redir V2 uses a more complex mechanism that loops subfolders back to themselves, isolating the EDR's path for manipulation without triggering alarms. The tool utilizes the bind link feature from Windows 11 24H2, allowing filesystem namespace redirection without needing kernel privileges. EDR solutions typically secure their subfolders but cannot entirely restrict writes to parent directories. EDR-Redir V2 queries all subfolders in a targeted parent directory and mirrors them in a controlled directory, establishing bidirectional bind links that create loops for normal access by non-EDR software. In a demonstration against Windows Defender, EDR-Redir V2 successfully redirected access to its operational files, making Defender blind to its actual files. This technique highlights vulnerabilities in EDR systems regarding filesystem manipulations at the parent directory level, suggesting that folder-specific safeguards are inadequate. Although there are no widespread reports of exploits using this method, it poses significant concerns for enterprise environments, prompting security teams to monitor bind link usage in critical directories and implement integrity checks on EDR paths.

Winsage

October 14, 2025

Microsoft October Patch Tuesday for Windows 11 Fixes 175 Flaws

Microsoft's October 2025 Patch Tuesday addressed 175 vulnerabilities, including two zero-day elevation-of-privilege flaws: CVE-2025-24990, related to the legacy ltmdm64.sys Agere Modem driver, and CVE-2025-59230, affecting the Remote Access Connection Manager. Five vulnerabilities were classified as critical, including CVE-2025-59246 (remote code execution in Azure Entra ID), CVE-2025-55315 (ASP.NET Core vulnerability), CVE-2025-49708 (Microsoft Graphics Component bug), CVE-2025-59287 (Windows Server Update Service flaw), and CVE-2025-59228 (SharePoint vulnerability). The update (KB5066835) also resolved usability issues, such as print preview hangs and input detection failures. Microsoft notified administrators about the expiration of Secure Boot certificates in June 2026. Windows 11 users can install the update via Settings > Windows Update, requiring a system restart and data backup before installation.

Winsage

June 25, 2025

Building a Windows Storage Dashboard, Part 2: Collecting Historical Data

The process of gathering historical data for a Windows storage dashboard involves two steps: creating a PowerShell script to collect and save the data, and configuring the Windows Task Scheduler to run this script at set intervals. The script collects data on file system drives using the Get-PSDrive cmdlet, creating a custom PowerShell object with columns for Timestamp, Drive, UsedGB, FreeGB, and TotalGB, which is then exported to a CSV file. The script specifies the CSV file path, appends new data without overwriting existing data, and excludes type information from the header. The generated CSV file includes a header row and records for each drive with their respective usage statistics.

AppWizard

June 19, 2025

Godfather Android malware now uses virtualization to hijack banking apps

A new iteration of the Android malware "Godfather" has emerged, utilizing advanced techniques to create isolated virtual environments on mobile devices for stealthy account data theft and transaction manipulation from legitimate banking applications. It targets over 500 banking, cryptocurrency, and e-commerce applications globally, employing a comprehensive virtual filesystem, virtual Process ID, intent spoofing, and a component called StubActivity. Godfather is delivered as an APK app with an embedded virtualization framework, scanning for installed target applications and launching them within its virtual environment. It intercepts user interactions with genuine banking apps, capturing sensitive data like credentials and PINs while presenting a legitimate interface. The malware can execute commands to unlock devices and initiate transactions while avoiding detection. Godfather first appeared in March 2021 and has evolved significantly since then, with the latest version representing a notable advancement over previous iterations. Users are advised to download apps only from trusted sources and remain cautious about app permissions to protect against this malware.

Winsage

May 19, 2025

Microsoft takes Windows Subsystem for Linux open source after nearly a decade

Microsoft's Windows Subsystem for Linux (WSL) was introduced in the Windows 10 Anniversary Update of 2016, allowing users to run Linux applications within Windows. The company has improved WSL over the years, adding features like GPU and audio support. At the recent Build developer conference, Microsoft announced that nearly all of WSL will transition to open source, marking the resolution of the first issue raised on GitHub in 2016. Senior Software Engineer Pierre Boulay highlighted the importance of community contributions to WSL's development. However, two components will remain closed-source: the lxcore.sys kernel driver and the p9rdr.sys and p9np.dll files, with no timeline provided for their potential open-sourcing.