hypervisor Archives

Tech Optimizer

November 24, 2025

Ditching Antivirus: Why One Tech Writer’s PC Got Safer Without It

A writer from MakeUseOf uninstalled all third-party antivirus programs from his Windows PC and found that the system performed better and appeared more secure with Microsoft’s built-in Windows Defender. The experiment highlighted Defender's effectiveness, showing fewer false positives, improved performance, and no noticeable decline in protection. Independent tests ranked Defender highly in real-world protection, and it achieved perfect scores in recent AV-TEST evaluations. The removal of third-party antivirus software led to a significant decrease in CPU and RAM usage, with idle consumption dropping from 15-20% to under 5%. Despite 121 million Americans still using third-party tools, there is growing consideration for Defender due to its free and efficient nature. While Defender excels in many areas, experts caution that it may not fully protect against zero-day vulnerabilities, and layered defenses are still recommended. The antivirus market may face disruption as integrated protection becomes more common, and user feedback indicates a preference for free alternatives that match or exceed the performance of paid solutions.

AppWizard

November 10, 2025

Windows 11 ends Android app support: practical workarounds

Microsoft has discontinued the Windows Subsystem for Android and its integration with the Amazon Appstore on Windows 11 due to low demand. Users can no longer use an official Microsoft method to install general Android apps. The primary alternatives are Google Play Games on PC, which focuses on gaming, and third-party emulators like BlueStacks, LDPlayer, and GameLoop for a broader range of applications. To use Google Play Games, users need a PC with at least 8 GB RAM, a modern quad-core processor, hardware-accelerated graphics, SSD storage with 10 GB free, and hardware virtualization enabled. Users must enable virtualization in their UEFI or BIOS settings and activate the Virtual Machine Platform and Windows Hypervisor Platform in Windows. Emulators allow users to run full Android apps on Windows. They can download apps from the Google Play Store within the emulator or sideload APK files. Users should be cautious about security risks when sideloading apps and stick to reputable sources. Performance tuning for emulators involves allocating sufficient resources, resolving virtualization conflicts, and optimizing settings like resolution and frame rate. Users are advised to install on SSDs and minimize background tasks for better performance.

Winsage

November 4, 2025

Russian spies pack custom malware into hidden VMs on Windows

Bitdefender's senior security researcher, Victor Vrabie, reported that the Russian cyber group Curly COMrades is using Microsoft's Hyper-V hypervisor to conduct sophisticated attacks on compromised Windows machines. They create a concealed Alpine Linux-based virtual machine (VM) that bypasses traditional endpoint security, allowing prolonged access for espionage and malware deployment. This VM is lightweight, requiring only 120MB of disk space and 256MB of memory, and hosts a reverse shell called CurlyShell and a reverse proxy named CurlCat. The group's operations have targeted judicial and governmental institutions in Georgia and an energy company in Moldova. Their current campaign, starting in July, involved activating Hyper-V and downloading the VM with custom malware. The VM uses the Default Switch network adaptor, making malicious traffic appear to originate from the legitimate host's IP address. CurlyShell maintains root-level persistence and communicates with a command-and-control server over HTTPS, while CurlCat manages an SSH reverse proxy tunnel disguised as standard HTTP traffic. Additionally, two PowerShell scripts linked to the group enable remote authentication and establish persistent access across domain-joined machines. Vrabie highlighted the evolving tactics of cybercriminals to bypass endpoint detection and response (EDR) systems, emphasizing the need for a multi-layered security strategy.

Winsage

October 15, 2025

Microsoft frightful Patch Tuesday: 175+ CVEs, 3 under attack

Microsoft's October Patch Tuesday addressed 175 vulnerabilities, including 21 non-Microsoft CVEs. Among these, three vulnerabilities are under active attack: 1. CVE-2025-24990: An elevation of privilege bug in the Agere Modem driver (rated 7.8) that allows attackers to gain administrator privileges on supported Windows versions. The driver has been removed in the update. 2. CVE-2025-59230: An elevation of privilege vulnerability in the Windows Remote Access Connection Manager (rated 7.8) that could grant SYSTEM privileges to attackers. 3. CVE-2025-47827: A Secure Boot bypass flaw (rated 4.6) in the IGEL OS that allows attackers to bypass Secure Boot. Three publicly known vulnerabilities include: 1. CVE-2025-0033: A critical vulnerability affecting AMD EPYC processors with SEV-SNP, requiring a patch that is still in development. 2. CVE-2025-24052: An elevation of privilege vulnerability in the Agere Modem driver (rated 7.8) that is publicly known but not yet exploited. 3. CVE-2025-2884: An out-of-bounds read vulnerability in the TCG TPM2.0 reference implementation's CryptHmacSign function. Additionally, 16 other critical-severity flaws were highlighted, including CVE-2025-59287, a 9.8-rated vulnerability in Windows Server Update Services that allows unauthenticated remote attackers to trigger unsafe object deserialization, leading to remote code execution. Adobe released 12 updates for 36 vulnerabilities, including critical CVEs in Substance 3D Stager, Dimension, Illustrator, and FrameMaker. SAP issued 13 new security notes, with four rated critical, including a fix for an OS command execution flaw in Netweaver. Ivanti provided advisories for vulnerabilities in Endpoint Manager Mobile and Neurons for MDM, which have not yet been exploited.

AppWizard

October 1, 2025

How to enable TPM, Secure Boot, HVCI, and VBS for Battlefield 6 and Black Ops 7

Battlefield 6 requires gamers to meet advanced security requirements to access the game, including TPM 2.0, Secure Boot, HVCI, and VBS. TPM 2.0 is a hardware-based security feature found on most modern motherboards, and if absent, users may need to research their motherboard for upgrade options. Secure Boot and TPM 2.0 can be checked using the Steam beta client or through the Device Manager and System Information panel. If disabled, they can typically be enabled via the BIOS/EFI system. Windows must operate in UEFI mode with the GUID partition table for these features to function correctly, and if installed in legacy mode, reinstallation may be necessary. HVCI protects against malicious code and can be checked via the memory integrity settings. VBS can be verified through the System Information panel, indicating if it is running.

Winsage

September 23, 2025

KAL offering Windows 11 upgrades via Kalignite

Microsoft will end support for non-LTSC versions of Windows 10 on October 14, 2025, necessitating an upgrade to Windows 11 for ATMs. KAL ATM Software has announced that its Kalignite software suite will be compatible with Windows 11 and over 40 ATM hardware manufacturers. KAL has also introduced the Kalignite Hypervisor solution, enabling Windows 11 to run on older ATM models lacking vendor support. KAL aims to future-proof banking technology and alleviate the need for extensive hardware upgrades for banks. KAL is a leading provider of multivendor ATM platform, application, and management software.

Winsage

September 10, 2025

5 ways to run Windows apps on MacOS – and 2 are free

VirtualBox is a free virtual machine manager that allows users to run Windows as a guest OS on MacOS. Kegworks is a free implementation of Wine for MacOS, optimized for versions 10.15.4 and later, supporting Windows applications and games. CrossOver is a paid solution that simplifies running Windows applications on MacOS, offering a free trial and user-friendly documentation. Parallels is a hypervisor that enables seamless virtualization of Windows and Linux on MacOS, available for a subscription with a free trial. Windows 365 Cloud PC is a cloud-based service that provides virtual Windows PCs, requiring a stable internet connection, with plans starting at a monthly fee.

Winsage

August 22, 2025

IGEL benefits from seismic VMware and Windows 10 shifts

IGEL Technology, founded in 2001, initially specialized in thin clients but has shifted towards software solutions that protect endpoints with a read-only operating system, reducing the attack surface by up to 95 percent. Each endpoint operates statelessly, retaining no memory of past interactions, and is managed through a unified portal that integrates with various vendors like Zscaler and CrowdStrike. IGEL's solutions allow for the integration of endpoints in operational technology environments without introducing additional security vulnerabilities, effectively replacing EDR systems with over 120 integrations. The company aims to extend the lifespan of endpoints from 3-5 years to 6-8 years, providing significant cost savings and addressing the challenges posed by the transition from Windows 10 to Windows 11. IGEL's approach enhances security while offering flexibility in application delivery options, although it does not eliminate all cyber threats.

Winsage

August 19, 2025

Microsoft Windows Warning—Stop Playing These Free PC Games

Windows users are at risk when downloading large files, particularly free games from sites like Dodi Repacks, which have been linked to malware distribution. An investigation revealed that downloading these games involves multiple redirects leading to a ZIP file containing a malicious .dll file. This file triggers the installation of HijackLoader malware, designed to bypass antivirus protections and install additional malicious software. HijackLoader employs advanced techniques to evade detection, including checks for virtual machines and monitoring system resources. It manipulates environment variables and executes payloads to maintain persistence on infected PCs. The malware has been associated with various families, including Danabot and RedLine Stealer, and is capable of delivering secondary payloads, with LummaC2 being a recent example. Users are advised to exercise caution when engaging with pirated downloads.

Winsage

August 8, 2025

German researchers show ‘Windows Hell No’ flaw at Black Hat

Microsoft is working to move Windows users away from traditional passwords to its Hello biometrics system. Researchers from ERNW Research, supported by the German government, discovered a critical vulnerability in Hello that allows individuals with local admin access or malware credentials to inject biometric data, bypassing security measures. Hello facilitates authentication for business users by connecting corporate PCs to platforms like Entra ID or Active Directory, storing a cryptographic key in a database linked to Microsoft's Windows Biometric Service. While Enhanced Sign-in Security (ESS) is designed to mitigate such vulnerabilities, not all PCs are compatible with it. During a presentation, researchers demonstrated the flaw by logging in with a facial scan and then injecting a captured facial scan to unlock the device. They suggested that users without ESS disable biometric authentication and revert to using a PIN. Microsoft has not yet responded to these findings, which are part of a research program called Windows Dissect.