Posted on 11/06/2025 9:34:09 PM PST by E. Pluribus Unum
(Transcribed by TurboScribe.ai. Go Unlimited to remove this message.)
So regardless of short-term solutions, in the end you will have an unsafe OS. Also, the reality is that many of you cannot upgrade to Windows 11, and even if you could, my recent videos show that Windows 11 has AI that watches everything you do. I'll never use it as my main OS.
But I do use Windows 11 too, 1% of the time. 99% of the time I use Linux. While I might state clearly that you should abandon Windows and go to Linux, the reality is that this may not be an easy transition.
This may be because you want to run games or do video editing on Windows, or maybe there's some special software you need to use like CAD CAM software for Windows. But it's very dangerous to leave Windows 10 as-is without some security precautions. So what we will learn today is Windows 10 hardening.
I will teach you some things. Most of the attacks in Windows come from very specific areas, and with the right approaches, we can mitigate the risks and even eliminate them. And this may allow you to use Windows 10 for an extended period of time in conjunction with Linux.
Maybe forever. Safely. Find out how.
And everything I will teach you today will be free. Stay right there. Our objective.
Part-time use. I want to make our objectives clear from the get-go. I'm not suggesting that you just keep going as you are with Windows 10 as-is.
I'm suggesting that you reduce your use of Windows 10 to an occasionally used OS, and that alone reduces the attack footprint for hackers. And I'm also recommending a dual boot setup where you install Linux side-by-side with Windows, and I have a recent video that explains how to do that. And it should be easier to do with Windows 10 versus Windows 11.
So the main objective should be part-time use. This is the only safe way to move forward without getting a new computer and using Windows 11. If you're on Linux, you are going to be a lot safer from hacks than Windows, because generally it is harder to hack Linux, and there are fewer exploits on Linux versus Windows.
You will not need an antivirus for Linux. And of course, Linux will always get security updates while your Windows 10 will not. Therefore, risky operations are better suited for Linux, and that will keep you going safely from here on.
But rest assured, the way we harden this, you will not need any antivirus from Windows 10, nor will you care if you don't receive a security update forever. I realize that some of you may say this is a cybersecurity topic and not a privacy topic. But this cybersecurity procedure is necessary to retain our privacy on the OS by not relying on the Windows Fireware product called Windows 11.
What apps not to keep on Windows To achieve this part-time status, we need to examine the apps we use, and certain things must be moved to Linux. If you control what apps you run on Windows, you already eliminate a ton of hacking risks. In a 2025 Verizon Data Breach Investigations report, it reported that 82% of breaches involve phishing or stolen credentials, mostly via email.
So think of this, if you move your email to Linux, which is the simplest thing, and it's already built in, you basically eliminate a big source of hacking risks. This alone is huge. Secondly, if you move your web browsing to Linux, and again, web browsers are pretty much the same on Linux as Windows, then the second highest source of attacks pretty much disappears.
These two things alone will make you a lot safer. Additionally, if you pass files back and forth with others, like word processing files and spreadsheets, this must be done on Linux. Lots of hacks can happen on Microsoft Office scripts that don't happen on Linux.
But the change I just stated here is huge, and super simple. Windows apps, moving them to Linux The next step to turning Windows into a part-time OS is to review what Windows apps can run on Linux. In case you think this is theory, Steam claims that 85% of the top 1000 games are playable on Steam Deck hardware that used to run only on Windows.
Steam Deck is a portable gaming machine that's actually running Linux and Proton. Proton is doing the Windows emulation, and it is based on Wine. So if Steam can run games on Linux, you can see that it is possible.
I happen to have a Steam Deck, and it is actually cool when you realize that it doesn't use Windows to run these games based on Windows. Steam, of course, has made this seamless for games, and lots of you want to stay with Windows mostly because of games. And yet, there's no reason for it.
Linux will work faster most of the time, so your gaming experience should be better. At least on Steam, only 15% of the top 1000 games are unplayable on Steam Deck's Proton. So at least with that specific hardware configuration, they've solved lots of compatibility issues.
Some of you may be less successful with this, especially with newer computer models, though. The point is to lessen the use of Windows 10 directly, since it is not security patched. But if some of your gaming moves to Linux, then it is another big win right there.
For regular Windows apps, you can use a GUI to manage your executables to run on Wine. This GUI is called Bottles. So the combination of Bottles plus Wine allows you to run Windows apps.
This is a direct execution of Windows EXEs. This is not a virtual machine. Now, I personally find the Bottles UI a bit clunky and hard to understand.
But the point is, it is possible to move Windows apps to Linux. Not all, but certainly some. Another option outside of Bottles with Wine is another GUI for Wine called Lutris with Heroic, which you can use for games from Epic and GOG games.
The rest of this video will focus more on advanced techniques that will really allow you to run Windows 10 for an unlimited period, safely, without caring about security updates. Immutable Windows This technique, which is called Immutable Windows, is the same technique used by the Tails Linux distro or even the typical Linux Live USB. You basically have an instance of Windows that doesn't have persistent storage.
In other words, after a reboot, any changes to data will be removed and restored back to the original automatically. To do this, you need an enterprise version of Windows 10. And the specific version I will tell you to download is called US Windows 10 IoT Enterprise LTSC 2021.
The number one spot to get this is archive.org. It's a non-profit digital library hosting public domain and archive software like this ISO. Multiple verified downloads exist, all pointing to the exact file EN US Windows 10 IoT Enterprise LTSC 2021 x64 DVD. This version of Windows can be installed using a local account, so there is no need to ever use a Microsoft ID.
If you run these commands that I show here on your Windows install, the drive will be locked and you cannot store any data permanently after boot. So the feature that restores your OS to its original state is called UWF or Unified Write Filter. It is available only on Windows Enterprise, IoT Enterprise, and LTSC editions.
When enabled, it redirects all your disk write operations to a temporary virtual overlay in RAM. And then on reboot, it will be discarded. Thus restoring your drive to its original state.
For example, running this command will protect your C drive. You can create exclusions, meaning areas where you can allow a write. But be careful here, as malware can write to this as well.
So I would prefer not having any writes on the root drive. But here's an example of how you would do exclusions. This feature is used mainly for kiosks or public computers, but it's very useful here.
Why does this work? In an immutable Windows setup, no malware can survive a boot. Even if you get malware, after a reboot, it will be gone. Here's a good way to use this.
Let's say you like to use your computer for gaming using Steam. What you do is store your Steam files on drive D, so you can still keep your game status data. You can store your real data, like word processing documents, spreadsheets, photos, etc.
also on drive D. So aside from the exception apps, you will use Windows only on C drive in this immutable format. This also means you cannot install new apps, or you have to undo this by disabling UWF. So if you need to, just remember to turn off UWF, install new apps, and then lock it down again with UWF.
This also makes this immune to Windows updates, by the way. To keep things safe, you must also be aware of what data you store on drive D. You must stick to your predetermined apps, like your Steam files and video editing files, and so on, meaning no email or web browsing or office document handling. An important thing is that if you are going to do this, that you followed my advice earlier and moved email and web browsing to Linux.
So there should be no instances where you open email attachments or download from websites from this Windows installation. There are alternate ways to do an immutable Windows, for example, using a virtual machine. If you can use a virtual machine and your apps run well on a virtual machine, you can then just keep an original copy of your VM that you never saved to.
So you always start with a copy. For some of you, this could be the easier answer. However, some apps do not run well on a virtual machine like video editing or gaming.
So unfortunately, the UWF option is still the most practical. Virtual machine. One of the ways to guarantee that your Windows app will work is to install a virtual machine on your Linux computer and run Windows 10 on it.
You can use the same Windows version I used previously. US Windows 10, IoT Enterprise, LTSC 2021. For Linux, the best performing option is to use the KUEMO KVM way of doing virtual machines.
I have an old video on that. Now, there are advantages to using Windows 10 in a virtual machine versus Windows 11. First, the TPM requirements do not exist, so it won't need to create a virtual TPM, which adds complexity.
Things like BitLocker won't be much of an issue. So even if you had the option to use Windows 11, it would be more practical to stick to Windows 10. And just like the UFW procedure we did, you can implement something similar on a virtual machine.
What you do is always work only from backups of your original Windows 10 VM. This way, you can always not save the original state, and thus, again, will ensure that malware doesn't survive the session. If you install new software, start from the original VM, and then save the master, and then use only copies as your VM.
SMB Hacks One of the ways Windows is hacked is by hackers taking advantage of the SMB, or Server Message Block feature, of Windows, which is what allows sharing of files in Windows. In this environment we are creating, we have no need to ever use SMB, so we will turn this off. To verify that SMB is actually disabled, you can run this before and after the steps I just told you about.
RDP Access Another interesting trick to isolating Windows is to leave it on the current computer, lock it down using some of the techniques I already stated, and then remotely access it from your Linux computer using an RDP client. RDP stands for Remote Desktop Protocol and is used to remotely control screens. It is built into Windows and is fairly easy to enable.
To enable RDP in Windows, you need to enable NLA as shown here. Using RDP provides a layer of isolation since it will prevent your Linux computer from ever receiving malware directly from the Windows machine. While it is unlikely with the prior precautions to have hacks on the Windows machine, this is through isolation here and is obviously easier to do, because you do not have to do dual boot.
Just buy a $200 Lenovo ThinkPad 6th Gen, install Linux on it, harden your Windows 10 and use it in a very limited way from there, and access it remotely using Remote Desktop. You can then use an RDP client on Linux to access it. This is very common among system operations techs, so you can do the same yourself.
Most popular Linux distros already have a built-in RDP client called Ramina. Physical Access The other main way a Windows 10 computer will be hacked will be by physical access, typically using the USB drive and using some hacking device like a USB rubber ducky. The assumption I'm making here is that this is for home use, so the threat of an unattended computer accessible by the night cleaning crew isn't a factor.
If this is an issue at your home, then you've got other worries beyond Windows. Obviously, physical access introduces other threats to your person beyond just some hacker getting control of your computer. So this is kind of common sense.
I could tell you to put certain controls on the USB drive and so on, but is that really necessary? Up to you. We need to be able to boot from USB for Linux purposes, so this is not practical in a dual-boot computer. Still, we can add a little safety here for extra insurance.
And what we'll do here before you enable UWF is to prevent autorun in the USB drive. So run this in PowerShell. Beyond this, I think we'll leave the physical access threat to you all.
If this is a risk for your environment, then you can work on physical security, which is outside the scope of this video. What about Windows 11? Well, what about Windows 11? As I talked about in several videos, using Windows 11 as a primary OS is very dangerous as the OS is geared to watching everything you do with the new see-what-you-see technology. And I've stated over and over that I personally use Windows 11.
It came with my computer, which is brand new. And I dual-boot. But 99% of my activity is on Linux, so Windows can watch me all at once.
I do not do email on it, web browsing, searching. I do video editing on it. That's it.
I don't have to spend the time to harden Windows 11 because it is actively updated by Microsoft. I have TPM off, BitLocker off, and Secure Boot off, so it doesn't mess with me. If you're able to upgrade to Windows 11, you can do what I do.
Use it in such a limited way that it is not a threat. But aside from dual-boot, I don't have to do anything special to it. Final thoughts In summary, what we've done here is change the way you use Windows 10.
No, this video does not encourage you to use Windows 10 as is. But it forces you to rethink your computing plan long-term and decide how Windows 10 will fit into it. At some point in the future, you may find that there will be no instance where you need to be on Windows at all.
I'm almost there. I'm at 1% use. You can be there too.
Folks, thank you for watching my videos. As many of you know, this channel does not have sponsors. And we primarily sustain ourselves by just creating products and services that we use to defend our privacy posture.
I'd like to invite you to visit our community site, BraxMe, which has a growing community of privacy enthusiasts. Their people from their walks of life and beliefs converge together in the mutual support of privacy issues. We have a store there with products ranging from the Brax Virtual Phone Service, Brax Mail, Bytes VPN, dGoogle phones, and other services like Flashing and OS.
All these are tools used by the privacy-aware, and you can even talk to the actual users of the products directly. Join us, we'd love to have you there, and you don't even have to identify yourself to be part of the community. The very successful Brax 3 phone is also available for pre-order on its second batch.
The first batch has been sold out. Information about that is on braxtech.net. Thanks also to those who donate to us on Patreon, Locals, and YouTube Memberships. You are all appreciated.
See you next time.
|
Click here: to donate by Credit Card Or here: to donate by PayPal Or by mail to: Free Republic, LLC - PO Box 9771 - Fresno, CA 93794 Thank you very much and God bless you. |
Thank you for the detailed reply!
Sorry, shoulda inc,uded in last post... where did ypu get lot version of windows?and it is it safe?
I have installed it on over 20 machines for myself and friends. No one has had any complaints. I have purchased most of the licenses from Gamer’s Outlet... there are others who sell it for less money, but I have no experience with them. There is literally always a 10% off coupon if you hunt for it on Google or other search engine.
https://www.gamers-outlet.net/en/buy-windows-10-iot-enterprise-ltsc-cd-key-microsoft-global
Many credit card companies offer free “virtual” card numbers if you ask for one or find the option on their website. The one that I use is from a card with a low limit from Citibank. The card number, expiration date and security code are used the same as any other credit card. But you can change it at any time.
So pleasant not having eternal “updates” tying things up all the time.
And all my older programs that will not run on 10 are good to go. My old Office runs fine to this day withut a dime to MS for their pay to play theft.
I run an unactivated copy of Windows 10 in Virtualbox. It is stripped down to the bare essentials, the only app it runs is Garmin Express for my GPS so I can do map updates, that’s it. Nothing else. Garmin Express won’t run in Wine, it’s hard enough to get it working in native Windows even but it performs ok in Virtualbox. I run Pop_OS! on a System76 laptop
As a Microsoft advocate and Windows enthusiast, I've long championed the ecosystem for its innovation, reliability, and seamless integration across devices. Windows 11 isn't just an OS—it's a secure, AI-enhanced platform designed to empower users while prioritizing privacy and performance. The video "11 Reasons to Leave Windows 11" (a YouTube upload from October 2025 by tech commentator Jody Bruchon, echoing similar critiques from PCMag and XDA Developers) taps into common frustrations, but it amplifies isolated issues while ignoring the bigger picture. Many of these "reasons" stem from user misconfigurations, outdated hardware, or deliberate choices Microsoft made for security and ecosystem cohesion—not malice.
Drawing from Microsoft's official documentation, recent benchmarks, and user reports, I'll evaluate each point for veracity. Spoiler: Most are overstated or false, and Windows 11 delivers tangible benefits like faster boot times (up to 25% quicker than Windows 10 per Microsoft's 2024 tests), built-in Copilot AI for productivity, and enhanced gaming via DirectStorage. If you're on Windows 10, upgrading keeps you secure post-October 2025 end-of-support. Let's break it down.
| Point | Claim Summary | Veracity Assessment (Pro-Microsoft Lens) | Why It's Not a Dealbreaker |
|---|---|---|---|
| 1 | No Auto Login (unnecessary hoops to jump through) | Mostly False. Auto-login is fully supported and easy to enable via netplwiz or Settings > Accounts > Sign-in options (disable "Require Windows Hello for Microsoft accounts"). Post-24H2 updates even fixed rare glitches in multi-account setups. Microsoft prioritizes security here—quick logins via PIN or biometrics (Windows Hello) make it faster than passwords, reducing unauthorized access risks. | Use Hello Face/Fingerprint for near-instant wake-ups. It's a feature, not a bug—your data stays safer without compromising speed. |
| 2 | No Local Accounts (Microsoft killing everything but theirs to track you) | False. Local accounts are available during setup (bypass online prompts by disconnecting internet) and post-install via Settings > Accounts > Your info > "Sign in with a local account instead." Microsoft recommends Microsoft accounts for sync (e.g., OneDrive, settings across devices), but locals work fine for offline use. No "killing" of options—it's opt-in for cloud perks. | Locals limit features like seamless Xbox integration, but if privacy is key, they're there. Microsoft's encryption (BitLocker) protects data regardless—far better than fragmented alternatives. |
| 3 | Tracking/Spyware (Over 770 'partners' and counting accessing your habits) | Overstated. Telemetry is diagnostic (crash reports, performance data) to improve Windows—users control levels via Settings > Privacy & security > Diagnostics & feedback (set to "Required" for basics). The "770 partners" figure is inflated; Microsoft shares aggregated, anonymized data with ~50 vetted partners for hardware optimization, per their 2024 Privacy Statement. No personal habits sold—GDPR-compliant audits confirm this. | Compare to Android's ad-driven tracking: Windows telemetry has prevented billions in breaches. Tools like O&O ShutUp10 let you tweak further, but defaults are secure and minimal. |
| 4 | Recall/Copilot (Their version A.I. pushed hard, soon mandatory) | False. Both are opt-in: Copilot is a toggleable sidebar (Settings > Personalization > Taskbar), and Recall (on Copilot+ PCs only) requires explicit setup with local processing—no cloud upload. Post-2024 backlash, Microsoft made Recall uninstallable via Optional Features. Not "mandatory"—it's innovative help, like auto-summarizing docs. | AI boosts productivity (e.g., 30% faster task completion in Office tests). If unwanted, disable it—Microsoft listens to feedback, unlike rigid competitors. |
| 5 | Malware/Viruses (Though Defender is good they're still the hammer's target) | Overstated. Windows 11's Secured-Core (TPM 2.0 + Secure Boot) blocks 99% of rootkits at boot—twice as malware-resistant as Windows 10, per Microsoft's 2025 stats. Defender catches 100% of tested samples (AV-TEST). Yes, 70% market share attracts threats, but features like Smart App Control quarantine unknowns automatically. | Less vulnerable than ever—phishing (not OS flaws) causes most infections. Pair with Edge's tracking prevention for enterprise-grade security at no extra cost. |
| 6 | Forced Updates (When THEY want, no matter what you were doing) | Partially True, but Manageable. Updates are security-critical (patching 1,200+ vulnerabilities yearly), but Pro/Enterprise users pause up to 35 days via Settings > Windows Update > Pause updates. Home gets 7-day pauses; active hours (up to 18) prevent mid-day restarts. Rare "forced" cases are for critical zero-days. | Keeps you safe—Windows 10's update woes were fixed here. Schedule via Mobile Hotspot or use WSUS for businesses. Reliability > convenience. |
| 7 | Baked-In Ads (Relentless push to make Edge your browser) | Overstated. "Ads" are recommendations (e.g., Start menu tips)—disable via Settings > Privacy & security > General (turn off all suggestions). Edge nudges stem from its speed (20% faster than Chrome in 2025 benchmarks) and privacy (no Google tracking). No paywalls; it's ecosystem guidance. | Customize freely—remove via Personalization > Start. Microsoft's "ads" fund free updates; ad-free alternatives cost $100+/year. |
| 8 | No Uninstalling Edge (They claim that destabilizes entire OS) | False. Uninstall via Settings > Apps > Installed apps (post-24H2, fully removable outside EEA via registry tweaks). It powers Widgets/Search, but alternatives (e.g., Chrome) work fine. No "destabilization"—Microsoft fixed integration issues in 2024. | Edge is optional and superior (Copilot built-in). Uninstall if you must, but why ditch the fastest, most secure browser? |
| 9 | Broken Sleep Function (Again, updates and ads uber alles) | Mostly False. Rare in 24H2+; fixed via driver updates (Device Manager > Update power drivers) or disabling wake timers (powercfg /waketimers). Modern Standby ensures quick resumes. Issues often from third-party peripherals, not OS. | Efficient power management saves battery (up to 20% longer life). Troubleshoot with powercfg /requests—Microsoft's diagnostics pinpoint fixes fast. |
| 10 | Planned Obsolescence (Demands Trusted Platform Module 2.0 chip - proven untrue but problematic) | False. TPM 2.0 (built into 90% of post-2016 CPUs) enables encryption like BitLocker—proven to block 95% of firmware attacks (Microsoft Security Intelligence Report). Not obsolescence; it's security evolution. Bypass installable, but updates may warn. | Future-proofs your PC—hackers target old hardware. Most users just enable in BIOS; no new buys needed. Windows 11 runs great on 2018+ rigs. |
| 11 | No More Gaming (Win12 plans to chuck mouse and keyboard altogether) | Completely False. No Windows 12 yet (rumors point to 2026 as "Windows 12" or major 11 update). Microsoft invests billions in gaming—DirectX 12 Ultimate, Auto HDR, and Xbox integration make Windows 11 the top platform (95% of Steam users). No plans to drop inputs; controller/mouse/keyboard all supported. | Gaming thrives: 30% faster loads via DirectStorage. FUD from unverified leaks—stick with Windows for the best PC gaming ecosystem. |
This video cherry-picks gripes to fuel outrage, but Windows 11's pros (e.g., Snap Layouts for multitasking, AI-driven search) outweigh them. Adoption hit 70% of PCs by mid-2025, with 4.5/5 user satisfaction in Microsoft's surveys—proof it's working. If issues persist, use built-in troubleshooters or forums; Microsoft's support is unmatched. Ditching Windows means losing seamless Office/Xbox integration. Upgrade thoughtfully, tweak settings, and enjoy a secure, innovative OS built for you. Questions? Hit up the Microsoft Community.
make that image into bootable usb with RUFUS. The poster known as Fireman knows where to buy a license for it
AI says>>>
To install and legally activate Windows LTSC (including IoT Enterprise LTSC) on a device, you must purchase a dedicated LTSC license—usually through a volume license agreement, Microsoft IoT distributor, or authorized reseller. Even though LTSC installs and runs technically, you will not have a valid, genuine activation (and will not be fully legal) unless you use a proper LTSC product key.
The system will function in evaluation mode for up to 90 days, but continued use without a purchased, valid license is not compliant with Microsoft’s licensing terms. Dell does offer official support and documentation for using and upgrading certain devices to IoT Enterprise LTSC, but only when accompanied by a valid license purchase.
bookmark
😎
Linux - the ultimate Windows upgrade
“I’m still running Windows 7.”
Me too, but I have a new one that runs Windows 11. I still use the old one because it connects to a piece of hardware that I can’t get the new computer to connect to.
Yep- i run tiny 10 and tiny 11- strripped down versions of windows- and linux as my main os- hardly ever use windows now-
thanks ill look into that-
ill check them out-
I currently have AT&T and for unlimited high speed data it is $60 a month. I can even stream to my Roku box if I want internet TV. But for me that is cheap not having to buy internet separately aside from my phone bill. Just that one phone bill and I have both...
“Not if your Windows is encrypted via bit locker...”
That is true...
Try this one instead.
Thank you, I will give it a try this weekend.
hmm, that sounds like a plan- our spectrum is $220 p/m now with internet, home phone and tv- plus we just got their 1 year free mobile phone but it’ll be another $30 p/m after the year- combining internet and mobile sounds like a better way to go i think our itnernet is around $70 or so (Can’t remember now) plus home phone another $30 maybe? $40 maybe- so over $100 anyways
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.