support Archives

Winsage

June 25, 2026

Introduction to COM usage by Windows threats

Component Object Model (COM) is a technology in Windows that enables object activation, inter-process communication, and automation across different programming languages. Malware exploits COM interfaces for activities such as lateral movement, execution, downloading, exfiltration, persistence, evasion, system discovery, and automation of Windows and Office functionalities. Reverse engineering COM-heavy binaries involves navigating GUIDs and indirect vtable calls to understand malware mechanics. Research at the AVAR 2025 conference and CARO 2026 workshop discusses methodologies for analyzing COM binaries and case studies of malware families that utilize COM. COM is an application binary interface (ABI) model that allows software components to be reused and enables interaction between different programming languages through interfaces defined at the binary level. Distributed COM (DCOM) allows clients to activate COM objects on remote systems. COM classes are identified by unique class identifiers (CLSIDs), and interfaces by interface identifiers (IIDs). The Windows registry stores COM registration data, with classes and interfaces located under specific keys. Malware often acts as a COM client, utilizing the COM runtime to instantiate classes and request interfaces. ProgIDs provide human-readable registry entries for COM classes. The CoCreateInstance function helps create class objects by resolving CLSID registrations. All COM interfaces derive from IUnknown, which manages object lifetimes and interface querying. COM has its own security model, and identifying classes and interfaces used by malware is crucial for threat researchers. Tools like ComView and OleView.NET assist in inspecting COM registrations. The analysis workflow includes identifying activation API calls, extracting CLSID and IID values, consulting registry definitions, and mapping vtable calls. Qakbot, a banking trojan, exemplifies the use of COM in malware, with its architecture enabling malicious activities like credential theft. Dynamic analysis tools can log COM-related calls in real-time to trace execution flow. Notable malware families that utilize COM include Gh0stRAT, which uses Task Scheduler COM interfaces, and the Attor platform, which employs BITS for file transfers. WarmCookie demonstrates the use of COM for persistence through Task Scheduler. Understanding COM's role in malware is essential for cybersecurity professionals.

Tech Optimizer

June 25, 2026

Are Antivirus Subscriptions Essential Protection Or Clever Marketing?

Many individuals question the value of their antivirus subscriptions, especially as free protection options have improved and the features of paid services may not be necessary for everyone. Modern antivirus solutions now include features like VPNs, password managers, parental controls, identity theft protection, and dark web monitoring, which may go unused by some users. Those with modern devices may already have built-in security measures, such as Microsoft Defender for Windows users and similar protections for Mac users, making paid subscriptions potentially unnecessary for those practicing safe online behaviors. Paid antivirus may be worthwhile for individuals managing multiple devices or users, or if the bundled features are more economical than purchasing them separately. Auto-renewal can lead to unexpected charges and upselling tactics, emphasizing the importance of reviewing subscriptions regularly. Ultimately, the decision to pay for antivirus depends on individual circumstances and comfort with technology. Disabling auto-renewal is recommended to allow for annual evaluations of needs and competitive offers.

AppWizard

June 25, 2026

Hasbro Games Junior Collection announced for PS5, Xbox Series, Switch 2, PS4, Switch, and PC

Outright Games, in collaboration with Casual Brothers, will launch the Hasbro Games Junior Collection on November 6. This collection includes Monopoly Jr., Clue Jr., and The Game of Life Jr., and will be available on PlayStation 5, Xbox Series, Switch 2, PlayStation 4, Switch, and PC via Steam. The games support solo play or local multiplayer for up to four players on a single console, allowing players to create and customize avatars. The collection features kid-friendly rules for easy learning and fast-paced gameplay.

Winsage

June 25, 2026

Making Windows a developer platform, again

Setting up a PC with the base Dev Config has been streamlined for developers, utilizing the Winget configuration service to install applications, execute updates, and apply developer settings on Windows. Users can access setup scripts by cloning a GitHub repository or downloading a zip archive, with clear instructions provided by Microsoft. The installation may require a reboot during the Windows Subsystem for Linux (WSL) installation, but the script resumes automatically afterward. The process installs applications such as PowerShell, Git, GitHub command-line interfaces, Windows App SDK, Visual Studio Code, and language support for Node.js, Python, and .NET. It also includes developer-friendly fonts and a theme engine for Windows Terminal, along with options for customizing File Explorer and the Windows Task Bar. After WSL installation, developers can use WSL Comfort scripts to install additional tools and personalize their Windows Terminal experience. This utility has two phases: the Windows component configures WSL and Ubuntu, while the Linux component fine-tunes the WSL environment, allowing for zsh and starship terminal display tools. It also integrates popular command-line interfaces and supports the Homebrew package installer, targeting existing Ubuntu instances without needing a new Linux distribution installation.

AppWizard

June 25, 2026

18-year-old strategy game King’s Bounty: The Legend just got a quality-of-life update, as well as achievements and a Steam Workshop for mods

King's Bounty: The Legend has been updated for modern PCs, featuring full widescreen support, doubled maximum zoom-out distance, and improved user interface readability. Katauri plans to extend these updates to King's Bounty: Armored Princess. Currently, King's Bounty: The Legend and King's Bounty: Crossworlds are available for 85% off on Steam.

AppWizard

June 25, 2026

You can finally turn Riot’s Vanguard anti-cheat off when you’re not playing a game

Riot Games is updating its Vanguard anti-cheat system to an "on-demand" model, which will only activate during gameplay and stop once the game ends. This change addresses concerns over Vanguard's previous persistent background operation and kernel mode access. Players must meet specific security criteria to use the new feature, including enabling pre-boot security mechanisms and Windows' native protection features. Approximately 35% of players already meet these conditions, while 3% using older hardware will not have access to the on-demand option until they upgrade. Vanguard will continue its current operation for those unable to meet the requirements. The update is influenced by advancements in Windows and PC hardware security and aims to enhance anti-cheat measures while keeping the process optional for most players.

Winsage

June 25, 2026

Windows 11 Secure Boot update released to all, hours ahead of expiry

Microsoft has begun rolling out the Secure Boot 2023 certificate update to eligible Windows 11 and Windows 10 PCs ahead of the expiration of the Microsoft Corporation KEK CA 2011 on June 24, 2026. This update enhances device targeting data for automatic Secure Boot certificate updates. Secure Boot is a firmware-level security feature that verifies digital signatures of boot components to prevent rootkits and bootkits. The certificates for Secure Boot were first issued in 2011, with subsequent expirations for related certificates occurring in June and October 2026. Users can check their Secure Boot certificate status through the Windows Security app or System Information. If a PC does not receive the update, it will still boot normally but will lose the ability to receive future boot-level security updates. Multiple restarts after updates are expected due to the Secure Boot certificate process. A new folder, C:WindowsSecureBoot, is not malware but is used for staging cryptographic certificate files. Windows 10 users enrolled in the Extended Security Updates program will also receive the Secure Boot update, while those not enrolled will not. The expiration of the KEK CA 2011 means Microsoft will not be able to sign new Secure Boot revocation payloads using the old key, but existing signed payloads will remain functional.

AppWizard

June 24, 2026

Steam Machine: Hardly any cheaper gaming PCs, 8 GiByte is enough

PCGH and PC Games discussed the new Steam Machine with Valve's Lawrence Yang and Yazan Aldehayyat. The final cost of the Steam Machine exceeded initial expectations due to unforeseen supply chain challenges related to memory and storage. Aldehayyat expressed pride in the product's quality and performance, despite its higher price point potentially excluding some buyers. Yang mentioned that future price adjustments could be considered if market conditions allow. The SteamOS does not currently support dual booting, but users can set up dual boot systems using external media. Valve is collaborating with anti-cheat providers like Easy Anti-Cheat and BattlEye to implement solutions for Linux. The Steam Machine is equipped with 8 GB of VRAM, which Aldehayyat believes is sufficient for most games at 1080p resolution. A verification program for the Steam Machine will be implemented, similar to that of the Steam Deck, ensuring better performance for verified games.

Winsage

June 24, 2026

Windows 11 is now five years old

Windows 11 was unveiled by Microsoft on June 24, 2021, marking its fifth anniversary. The operating system features a modern interface, improvements to virtual desktops, support for Android apps, integration of Microsoft Teams into the taskbar, a refreshed Microsoft Store, and enhanced security measures. However, it faced criticism for removing certain taskbar functionalities and imposing strict hardware requirements, leading to increased sales of TPM chips. Microsoft has begun to address user feedback by redesigning the Start menu, reinstating missing taskbar features, and enhancing Windows Update. Recent updates suggest a commitment to improving Windows 11, which is expected to remain relevant in the operating system market.

Winsage

June 24, 2026

AMD releases hotfix for driver install issues on Windows 10 PCs

AMD released a graphics driver update, version 26.6.2, which added support for AMD FSR 4.1 to the Radeon RX 7000 series. Users reported installation issues on Windows 10, prompting AMD to release a hotfix, version 26.6.3, to address these problems. The hotfix is available for download and is compatible with all supported graphics cards on 64-bit Windows 10 and 11. AMD plans to release a WHQL driver update with necessary fixes the following week.