Tiny11 has problems

TLDW: Downloading Custom ISOs will compromise you. It is just a matter of time. Build them yourself! Tiny11 has a builder and the only change I'd make is swaping the oscdimg.exe with the Windows ADK official oscdimg.exe as shown in video. MAKE YOUR OWN ISOs!
Article Link with links to above resources: christitus.com/tiny11-has-problems/

Reporting you: your clickbait thumbnail says Tiny11 INFECTED but your video has general info about what might happen with custom ISO's only. No info about what is infected int Tiny11. The warnings about custom ISO's are valid, but your clickbait about INFECTED with no proof has cost you the respect I HAD deveoped for you over the years.

The official Windows ISO is also spyware though.

IMO that man did not go to prison for what he did. He went to prison for what the prosecutor and MS convinced the court he did. They made the court believe that he was giving away free license keys, when in fact, those license keys were stored on the motherboards of the laptops when they were manufactured.

Always make your own lite versions. There are plenty of instructional videos. You will then know what to do if Microsoft Updates break things. The other problem with a custom iso is MS update will eventually break it or install the stuff you wanted left out.

The problem is Chris, who do you trust? No one. When even using MSMG Toolkit and NTLite, you have no guarantee its not doing something in background when removing stuff and repacking the ISO, because its not an official bit of software from Microsoft. They even get flagged as Malware by some antivirus program, but its probably false positive. I have never shared my own ISO's with anyone, yes I have reviewed some nice custom windows iso from people and some I really like, but I only ever install them on virtual machine. I just done one today which look real nice, but the links he was using are all bad links leading to malware, which I did highlight in the video, debating whether to even leave that video up after thinking about it after I made it. But my advise has always been the same, never use other peoples creations, either create your own or use LTSC from Microsoft if you can get a legit key.

Some people do it, not out of the goodness of their hearts, but rather to show off how much skill they have, which is highly valued.

I used to do a lot of winXP and server 2003 versions and combined iso's, with modified themes, auto installers for software etc. It was both fun and a big time-saver for what I used to do regularly. By the time of 7 there wasn't quite as much need for me, and there were fairly easy installers like Ninite. It was often just having iso's with the updates applied. Haven't really had the need to do too much for 10/11 either, since there was stuff like Rufus, and more recently Ventoy. It now is mostly about de-bloating and cutting telemetry. Most of that I prefer to do manually as Updates have too much of a habit of resetting policies etc.

Bringing some awareness is fine, but there are quite a few conjectures being made with little to no proof to back them up....

Seeing people completely misunderstand what you're saying in the comments saying with self-affirmation how it seemed "scammy" or how their paranoia saved them really doesn't sit well with me. Doing some reading, it sounded like that person who was sentenced to 15 months in prison was selling it not merely redistributing it. The supposed monetary value in the ruling doesn't really make sense, but claiming that custom ISOs are illegal based on this is complete misrepresentation of the problem. Also bringing up a potential correlation to Tiny11 installs and TH-cam hacks with no proof for this statement spreads unnecessary fear and doubt.
Don't get me wrong, it probably isn't a good idea to install a prebuilt custom ISO for Windows. There absolutely could be software preinstalled designed to steal your information. But you don't need to misrepresent the situation to get that point across.

Idk man, honestly the video tittle is a bit too clickbaity. I just installed tinyw11 on a vm simply to backup my phone and to refresh my side loaded apps. Honestly I’ll take a look at the builder but for now I probably will just keep tiny11 up cause honestly the uses is simple and I’m not passing too many sensitive things.

Is there any point of doing tiny 11 like you said, if we use your debloat tool on our win 11. Would it be the same thing?

It's funny how custom Windows ISO trend is coming back. I remember that same trend in the XP era, I was using Windows XP LSD (Light Safe Design). Running a custom used to be being the cool kid XD

Just built my own Tiny11 iso thanks to you. I had the impression that it'd be a huge undertaking getting it to work but it turned out pretty easy after I understood how to install the APK for a proper oscdimg. While I wouldn't ever trust a custom ISO from the internet, I'm really glad it was possible to create my own. Thanks!

Not that I would ever use these custom ISO's, but couldn't the same be said for all these custom Linux distros?

Thank you Chris for bringing this up. I never try any Iso from any company. I still use windows due to their ms office on separate machine and I do not do anything else. I using arch Linux which I had compiled from scratch , keeping things which I need and discarding rest. It’s a steep learning and not for average home user.

Hey Chris just did a new Windows 10 OS install and had to do 22H2, after the latest Sophia and your latest script, and Windows 10 debloat script, I ended up still having 74 processes. Wondering if there's more to be done? Do you think gaming will be as fast as it was with 21H2? I appreciate your thoughts on the current supposedly fixed 22H2 situation, thanks! 👍

Guess my paranoia saved me this time

It's not just the maker of a modified OS, when there's no official site any one can mod the ISO and host it.

I've also worked in IT for a long time and we've made sysprepped custom ISO to speed up local installs and include $OEM patches so that the server might actually boot on first run rather than require an expensive field tech visit to bring up the network

Don't get me wrong, I understand the paranoia. But what is the actual proof of malware?
I agree, building your own installer is generally safer, but without actual evidence of malware and malicious bins/exes this is nothing more than shilly paranoia.

Thank you for covering this Chris, I had been on linux for 2 years but had to switch over to windows 2 weeks ago because of general frustrations with little things not working, I saw recommendations for Tiny11 and I thought I would give it a go. I know better than to use custom ISOs but I figured that this would save me some time on debloating manually.
Security concerns aside there are already plenty of issues with this ISO. Some critical windows services have been outright removed, most Microsoft related things entirely broken and the resource usage still unforgiving because of using Win11 as a base. After this abrupt reminder on why i stopped with windows in the first place i ran back to linux in a week 😂

Nice video, Do you approve of the concept? is there a better way of doing it ourselves? other than the ntdev tools

I have an LTSC deployed in a VM and its footprint in terms of disk usage is similar to those custom ISOs. Memory wise it can be tamed by disabling services at will.

Great video! Would love to see a video made on the browser extensions(and which services are good for particular extensions such as VPN'S anti-viruses etc.)

What about ghost spectre? I've been using him for a good while now. Are custom isos in general just bad?

I'm delighted you're reminding people Chris, 25 years ago this was commonplace. Remember Vortex Vista, or TinyXP? People eventually got sense (usually buy trial and error) but now we have different generation(s) with a lot more to lose. So props Chris, well done! 👍

Would you be able to review Atlas OS? I don't feel safe at all with Windows at this point, I'll be probably moving back to Linux Debian...

Thanks Man. I've tested reviOs for some days, but I always return official ISO.

A good Followup would be how to get a legit ISO and trim it yourself for performance and features you want (gaming focus?)

I'd say there's always a risk, just trust what you like to trust, and live with it. I trust Ghost Spectre and Garuda Linux, daily driving them time to time everyday.

Do you have recommendations for doing it yourself? Getting the performance tweaks on your own?

Could the different size and broken signature result from UPX or similar compression?

Can you show me where in the code these threats are

Great advice here. For those who like to experiment with this stuff, I would only do it in a VM on a LAN isolated from your real network.
I'd be curious to see what traffic some of these generate during/after install via WireShark. Not curious enough to spend hours installing Tiny11 and combing through its traffic, though. 🤣

I apologize if this was asked before, but whats the best video to follow to debloat windows 11? for gaming, I'm gonna try your tool for sure

Could you please tell us exactly what's wrong with Ghost Spectre? Since you mentioned it then you must know something.

Does Chris have a video about how he makes his articles?

I've been using Ghost Spectre, but your right. I think tomorrow I'll spend some time going back to original ISO and just run the ps de-bloat tool instead. Kernel level keylogger sounds terrifying!

I like the idea of 2011 but I absolutely agree if you can recreate the whole thing with just keystrokes on your own computer best way to go, if you have to start downloading stuff you start introducing compromises

I used to use AtlasOS and I did like it without question but there were serious problems with it. Especially the gaming aspect of it when it came down to DirectX12 and issues with the settings causing the whole system to crash. So very vulnerable to that and there is no defender on it as far as I know

Would be good to see a video where you show how to find those possibly dangerous tools hidden in some of the customs ISO's.

Thanks for putting out this PSA Chris. More people need to wake the hell up!

i have always used custom isos to experiment on older pc and virtual machines, never kept or used them for a long time, i don't think anyone can use them for a long time since they will break unless they are used 100% offline

Is MSMG Toolkit you recommend in the past, still good?

Thank you for taking this stand. When the Tiny11 craze first started just a little while back, I was trying to comment on videos like ETA Prime’s about being weary of custom Windows ISOs. At the very least, individuals should be aware of the risks involved in using custom Windows ISOs. If you don’t know where your OS is coming from, you can’t trust your OS.

I have my own Windows post-install powershell script that takes bits from your debloat tool and other sources, plus some other modifications that aren't debloating but make it the way I want it, things like adding the network drives.

i installed windows 11 on my surface 3 tablet can you recommend a debloater i can run on it?

Any notes on how i can verify that the modified os image is clean? IE installing in a VM and checking default firewall settings, checking network traffic with netlimiter or some other way? Not gonna lie, want to Start using as a daily a certain build of reviOS that had some extra optimizations.

I installed T11 on a laptop for testing, but then started using it regularly. I've been in IT for over 20 years as well and should have known better. I definitely needed to hear what you had to say Chris. Time to make my own personal version before something bad happens.

I have never tried any custom isos on my main hardware but thanks for the reminder. I would enjoy using windows 7 on my laptop until its death, it got slower with time. Currently, I'm using windows 8.1 and it's great

I appreciate the info I gained from this video.
I built a tiny11 iso myself, and I cant thank you enough!

Great Video Chris!!
How do you feel about all the Docker Template lists?? I have similar concerns that these Docker Templates are similarly fraught with malware.

THANK YOU. I really appreciate that you ask viewers to question the MOTIVES of people releasing stuff for free. This doesn't mean that everyone's motives are bad, but they obviously have them and it's simply a good starting point to ask yourself or others what they are. My first two questions with every project and binary blob is, "who did this?" and, "why?"
Some people just do things because it's a challenge or because they want the attention, but it's all too easy to lure people in with things that are too good to be trustworthy. A related video to watch after this is Linus Tech's video about "Android TV boxes". I was not even slightly surprised by the software discoveries as I've suspected these products since they appeared on the market, but I was surprised by the hardware trickery as I simply hadn't thought of it ;). The irony there is that people *are* paying up front for the products.

same can be said with bat files and exe files prepared by ppl like you. i think you should do a video explaining the bat files that you prepared, going line by line to teach us what each line does? or show us a way to do all the debloating manually without using your file.

so is it safe to create my own installer? I'd really want to test this on a light laptop but i need it to be secure

Great video. I have just created my own tiny11 iso and it works!

this is an important topic and I think it should be covered better,
let's start why people even consider those stripped-down Windows images - this has clearly become Microsoft fault their vanilla operating system is so mediocre people seek for more "usable" options,
then there's trickery when trying to legally obtain official Windows ISO - simply impossible, again Microsoft fault, they are so obsessed with pushing people into latest versions one needs a Mac/Linux system to actually bypass Microsoft website check and get full genuine ISO instead of some .exe install download/builder,
then, there's problem of installing Windows - again Microsoft fault because it's no longer possible to simply install genuine Windows you download, there's all sorts of trickery like Microsoft online account and other garbage which should not be mandatory, yet they appear they are,
then there's lack of core functionality in Windows - again Microsoft fault, they pretend to deliver fully functional product, yet it doesn't include basic dependencies like MSVC, DirectX, can't open Microsoft file formats, print PDFs etc...
to sum it up, Microsoft should address the fact their official products is so shitty that majority of those custom ISOs are that much better people are actually opting for them, compromising security and integrity of their work devices - will they? who knows, meanwhile they focus on throwing more useless garbage into Windows instead...

Your point is legit however there's a big difference between suggesting and having a proof. So do you have any proofs that tiny 11 has any malicious software in it?

So Chris, what do you do if every time you try to use Microsoft's tools and they don't work. I get the same error every time I try to create the media, it says we're unable to run this tool on your PC. So where can I actually go that is safe to get these Iso's? I have the same problem with Windows 11. I found a place to get them but I'm not sure I actually want to use them. You would think Windows would just make the damn files available to download.

UUP Dump has been acting up, producing broken ISO's and general weirdness.
I just want to remove Windows Home from the official ISO with DISM, leaving only Windows Pro inside the ISO, so that on laptops Windows Home edition doesn't get automatically installed. Is there a way to do that with DISM?

So I plan on building my own, but, with the debloating I'm curious if anything like drivers for gaming will be heavily affected?

You have the best timing ever. Built my pc LITERALLY right now and saw this in my notifications, I actually had planned to install and use Tiny11 but never mind that

Chris, do you have FPS limiter for Steam on Linux? I mean for all games. Something like solution for nvidia cards.

How about Atlas OS the debloating software? What are your thoughts ? It doesnt redistribute anymore, it is mroe of a debloatware OS.

Never had any issues for years with custom Win isos

The link to your article is broken.

Yoo dude i remember the live we went through these nice to see it make into a video to raise some extra awerness of downloading random isos from the internet.

FINALLY, i has been searching for this video, thank you for "saving my pc", i didn't wanted to download it until i see at least one of these videos, thanks man :D

Well i don't like deep mods because any update will break your system, but here is a thing, there are lots of hidden options that are officially supported (so won't be broken by updates) and you can use them to tweak your iso to make the instalation size about 5GB and block all the bloat - very useful for cheap eeprom devices

Thank you so much for this. It's very important to caution people, because sometimes trusted sources give poor recommendations.

What exactly is the problem with these windows distributions, I suposse that because they are not maintained they never get updates so they are vulnerable, am I right?

Wow, this makes me wonder about all the rando minor Linux distros that people are booting into. Probably not as likely to be infected as a custom Windows installer.
But yeah I never really thought about how much easier it is for malware to run within ANY bootable software.
Most people probably don't have anti-malware running before the boot program runs.
And the boot program (be it OS bootloader, disk repair tool, password reset tool, etc) runs at a VERY high privilege level enabling malware to install itself wherever it wants on the system, eg. an outside-of-OS bundle of fun that gets loaded on boot somehow before the OS loads.
Secure boot makes their life harder but it's probably kind of a pain for power users, so turned off. Or they can try supplying a legitimate- sounding reason to turn the already bothersome thing off.
Is Tiny10 / Tiny 11 signed and working with secure boot?

Thank you Chris !
would appreciate some new videos about deploating windows 10 and windows 11 for 2023, Thank you!
God bless and keep up the good work !

That image creation executable does look suss to me. If you build your custom OS with an infected tool there's no advantage over downloading it obvz.
Would be interesting if that file was analyzed further to see what, if anything, is changed vs the MS versions!
Also the certificate chain should be checked further.

I can't download the windows versions for tiny 11 from uup dump. It says windows version is deleted from Microsoft server

How do I install Windows 11 on many pc at once, using the official ISO from MS?

If they covered the instructions on how to generate this magic ISO so everything can be verified. Like open-source.

It gets the compromisation over and done with nice and early - out of the box

unrelated to the content in the video but have you heard of a project called Komorebi made by Jezzy on TH-cam which puts a tiling window manager in windows?

good advice especially if you do any kind of financial work or transactions on your PC. stick to official windows iso or something like ChromeOS, Linix Mint ect

It is great to see someone warning about how risky these things are.
Also, what is your opinion about the new Ameliorated wizard? It allows you to get different "windows versions" like AtlasOS. Instead of installing a custom ISO, it modifies the windows installation according to a file called the "Playbook".
Is this considerably safe?

What's the difference between a Linux OS and Tiny 10 or 11 in terms of safety?

Shore there are also signing software or even powershell Skript but the time stamp missing from a certificate is a red flag that bundle a rootkit within the image that you modify and this is to alter windows file protection and the kernel signature verification, or 3lse when you boot up Pop ups that windows has missing important system files will appear

the biggest reason why i never tried tiny 11 is that every video i saw on it,in the task manager they have way way toomany tasks runnning to be called a debloated os.

I'll just stick with Linux. Not going through this crap and I ain't trying to fight the oh so "user friendly" Microsoft.

Thank you for this video, I was considering getting tiny 11 on a new system I'm building. It didn't even occur to me (computer science student w/ a couple of years of experience) to strip out the bloatware myself

I actually tried to put the arm version of it on esxi arm and I couldn't get it to work well but that is my whole experience and interaction with tiny11.

Thanks for the advice. I'll stay away from the custom iso's but can we trust Microsoft? "The U.S. Department of Justice said Microsoft Hungary will pay the $8.75 million criminal fine, as part of a three-year non-prosecution agreement in which it “admits, accepts and acknowledges” responsibility for employees’ misconduct. Microsoft also agreed to pay nearly $16.6 million to settle related civil charges by the U.S. Securities and Exchange Commission over its activities in Hungary, Saudi Arabia, Thailand and Turkey, without admitting wrongdoing." (reuters)

Good timing! I saw a youtube recommendation for tiny11 (and tiny10) and had been planning on installing the 10 version on my wife's slow laptop -just haven't found the time to just yet.
Making my own windows install iso seems like it could be more work, but it would be better than installing malware unawares.

Can you do a tutorial on making a custom windows 10 iso with no bloatware and unwanted things with using these files?

If you don't buy or using your windows update...tiny 11 might not let you update..which a lot of time fixes problems and patches up security issues. You're completely right. Like hard drive..when it comes to security just buy it or do it the legal way.

I use Ghost Spectre 11, with my own security and performance modifications on top. If they drop a keylogger me, or do anything to otherwise bug me, I've got systemwide whitelist firewalls set up on both the local computer and the entire network. Only applications I approve of, including system applications, are allowed past the firewall. ReviOS and Tiny10/11 already both did me dirty, and I caught that via the firewall logs. GS has yet to do wrong to me, but I will know when it does.

I always thought that modded windows ISOs are most likely malicious, especially for ghost spectre’s ISO. The only iso that i felt like could be ok is atlas since its open source. ( and popular too ) Opensource is only way to know if ur fully safe

Hey what You do You lile Windows server 2019 or Windows server 2008 r2

OK so I have a valid ISO from Microsoft and a Key from an old laptop, is there a "trusted" app to remove all the bloat?

article link is 404 not found

Thank you for this video. Because of it I ended up building my own install of Tiny11 rather than just trusting the internet.

agreed 💯 take the time to learn; and create your own iso. too many people want an instant quick fix with not effort!

This was a piss poor video. Had you just stuck to "custom ISOs can't be trusted, they may contain malware" it would've been fine. But the other points you mentioned were just crap. For example, if you're not going to trust NTDev's custom ISOs why the hell would you trust their custom tools to build the ISOs? It goes against everything you rambled on about. As for the "why isn't it on official sites?", that's purposely being deceptive because you already know the answer. You know Microsoft isn't putting these custom ISOs on any of their platforms, so why are you suggesting that they can be? For a random TH-camr that claims to have worked IT, you should know better.