7:30 - Just some clarification, UAC can easily be bypassed anyways by default (even on the latest versions of Windows 10), so it's not like this is really a significant thing for malware. However, UAC is a good feature and shouldn't be disabled regardless. The decision to disable UAC was not made collectively at the final second, and we will revert this change in 0.3, so we are sorry for that change.
I just wish nobody gets in a bad situation when using this, I hate to see someone get infected and didn’t follow any basic didn’t follow basic security practices
Undoubtedly atlas is a great piece of software. Useful for those who need it. Preferably for those who know what they are doing. I'm happy to see projects like this being worked on. I'm sure a few extra warnings won't hurt the would be users.
Are you really sorry, though? It's not hard to posit that you are a bad actor "collectively" or have bad actors in your organisation and I would suggest that you cancel this project before people get hurt. You know, the people that you're conning into installing a malicious OS which is nothing but a trap for your ultimate malicious plans.
All software is bypassable if you can find the exploits but even so there is software that in a normal context could be stopped before doing actual damage, I'm happy to see this change being made
Bypassing UAC (or any other security measure) is a cat-and-mouse game, though. Sure, the newest malware probably has the most recent exploits, but it always will anyways. Having UAC and other security features turned on will stop older malware that doesn't have the most recent exploits. Security isn't about absolute perfection - it's about minimizing the attack surface. If I remember correctly, trying to run some older versions of Windows could get you infected in minutes thanks to a bunch of legacy malware and botnets out there.
The ATLAS "OS" deal can be a security nightmare if someone doesn't understand what they're doing. I wonder if using WINGET to install your applications would be safe long-term.
@@LaughingOrange I always wonder what an average user is. No user is the average of all users. This term doesn't make sense. But that is a different story. Generally you are right about targeting more PC enthusiasts, but also newcomers are watching this. And even PC and Gaming "enthusiasts" often don't know some basic stuff. Even..., yes even professionals in their field for whatever they are professional, often don't know some basic knowledge.
He owned up to his mistake and said it was his fault for not properly educating his staff and the mistake was made by someone who works for him, he himself didn't do it.
@@Xaito no its a single layer defense intended to work in conjunction with defender antivirus, defender firewall, real time protection, cloud-delivered protection, automatic sample submission, tamper control, core isolation, memory integrity and cloud backup
A lot of problems could be solved if Microsoft just released an official "Lite" version for older hardware. That'd probably piss off their hardware partners though. I'd probably use Tiny11 over this, as it supposedly doesn't disable basic security features. But any of these third party Windows spins should be looked at with some degree of apprehension.
> But any of these third party Windows spins should be looked at with some degree of apprehension Yeah, especially when they aren't open-source in nature. That's just so sus to run something like that with a pinky promise that it's not doing anything malicious...
Why would MS do that? You think its just to not make hardware partners pissed off? You are saying MS should take a lot of time and money to make and support something better that will do nothing but make MS lose money... MS gets money for those sales, and they want you to buy a new computer, its better for their bottom line.
If nobody has already pointed it out, this is officially old news. AtlasOS does support windows defender and update according to their FAQ and UAC is enabled by default. Considering that Spectre/Meltdown mitigation can also be enabled (in the setup now, not just settings), anyone techy enough to install a custom windows config should be considering this and all other security features anyway. I watched through the whole video and I don't think anything mentioned is an issue anymore. As far as a review of Linus is concerned, I'll let that be...
Is it possible to install Atlas OS on top Ghost Spectre? I reckon in theory it's possible but I hesitate to do it but it should work. Ghost Spectre does have its own ISO so reinstalling and upgrading Ghost Spectre shouldn't be a problem even if you install Atlas OS on top of Ghost Spectre. If it's not possible, is it too much to ask if Atlas can check if Ghost Spectre is installed and will refuse or warn to install on top of it for safety reasons.
I use my laptop for programming and since it's an old laptop I rely heavily on windows updates to get my drivers after a fresh install. I was considering Atlaos for a while now since my laptop is suffering from bad performance so my question is, Do I need to be worried? is it a good idea to switch to Atlas? is it gonna boost my performance more than a vanilla windows 10?
He proves time and time again that he knows a lot about hardware, but not so much about software. Thanks for pointing this out, hope some people see it before they might be affected by one of these exploits.
Yea Linus is okay with hardware, but when it comes to software not knowledgeable at all. This became to me very clear from having listened to some of the WAN shows, basically Linus has the mentality that learning software is a waste of time.
To be fair though he has a team of folks, in this case Emily, that made wrote the video recommending it... Would've though t Emily to be more attentive to risks than this though
that's the most generous thing I've ever seen anyone say online, ever. He's a complete idiot, let's say it how it is. My grandma could guess that "hey, if my computer is telling me to type something verbatim before it will let me do this thing, maybe it's more serious than I realize and I should contact someone who knows more about what it is I'm doing before I do" Linus on the other hand just fucking sent it. I try to avoid being overzealous with accusations, but he's a bloody charlatan plain and simple. This is a guy who rakes in MILLIONS as the head of a multimedia company that focusses specifically on technology, that understands technology so little he doesn't know better than to blindly google things, paste in random commands to a terminal, give them full admin access, bypass your OS's warnings, and press that enter key into the core of the earth. At that point, you become a charlatan. Not everyone needs to be super tech literate, *_but we are talking about a guy who almost certainly pulls in more yearly than you do in a decade based soley on the fact that he is claiming to be tech literate enough to give technical advice_* . And that's not even mentioning how intellectually dishonest he has been about Anthony. "Oh we don't want to give him his own channel because no-one would watch it" Meanwhile literally every comment under every video Anthony is in that even vaguely mentions linux : "Give anthony his own channel already we love watching him work on shit he likes". He's covering his own ass. Best case? They rely on Anthony too much for behind the scenes stuff that they literally can't lose him as an asset becuase no-one else on staff is tech literate enough to handle what they do, which proves my point. Worst case? Linus knows people would watch Anthony's channel, and he knows it would show everyone what an actually tech literate channel is. If you never let someone eat a real burger, you can keep telling them "beef" comes out of a cow, rather than *_IS_* cow. I'm sorry, but it isn't that he knows "not so much about software", it's that he's a hack.
@@TurtleKwitty Anthony has a few niche specialities like classic console emulation and a bit of Linux server administration, but other than that his insight is also very limited. I don't get why they don't occasionally pull a programmer from Floatplane to consult on their videos about software things.
@@anlumo1 You don't necessarily need a programmer to do the consultation (and tbh, not every programmer is tech savvy. Lots of us aren't and I became surprised when I saw some colleagues having issues with simple command line). A system administrator, or OpSec personnel would be a better fit to help with the script and fact-checking.
The ironic thing is that it's not even a distro anymore, it's instead classifiable as being a 'transformation pack'. To be a windows distro would be to make an ISO out of it, whereas a transformation pack just entails being a set of patches, automated or manual, for existing installations - AtlasOS is the latter nowadays. Although, I'm surprised the idea of windows distros even seems new to most people - Winstros, as I like to call them, have existed for many years: Hiren's MiniXP, Windows Clevine, etc.
Exactly, all those windows normies, criticizing linux to be not ready out of the box, seem to ignore windows own need for a better set up and configuration. Anyway i highly doubt, one could really cut out all the problematic parts of windows with certainty. This is rather a waste of time.
@@Mario583a Not particularly. Microsoft Defender is effective at security from every malicious actor expect Microsoft and we don't need to talk about Windows update. Microsoft made themselves unreliable when it comes to updates.
Linus Media Group is not a tech company. They're an ADVERTISING company. They get paid to promote products, and they try to do it with as much good faith as possible. But their revenue is dependent on pushing products made by other companies.
A big part of why Linux has historically been much more secure than Windows is because you never run regular software as root. UAC was Microsoft’s answer to that, so clearly very important. Also, why would you replace Windows Defender with third party antivirus? From a performance perspective, Defender is definitely a lot faster, and it’s effectiveness is about the same as other offerings.
"A big part of why Linux has historically been much more secure than Windows is because you never run regular software as root." If you go around making statements like that then you deserve to have your systems compromised. I do not run Windows since Windows 7 died, I just run Linux - I am no Microsoft fan. But security is NOT about a single OS or a piece of hardware or software, it's about the entire system, where it's located, who has access to it and what access controls are around it. You could put a Linux server in a DMZ exposed directly to the Internet with a Windows server tucked behind a firewall nearby, and the Linux server would be hacked in minutes with nobody ever getting to the Windows server. Please don't make these silly kinds of statement - Linux and Windows are vulnerable to different types of attack vectors and when you understand what those vectors are, then you cut put the proper security wrappers around them. And I don't allow Windows 10 or 11 into my home because of PRIVACY (not SECURITY) concerns - there's a big difference between the two.
UAC wasn't really Microsoft's response to Linux. It's an additional security feature that requires confirmation and/or authentication before running a process with admin privileges. It's kind of like the root account requiring sudo.
Because defender uploads files, also private ones for allegedly security reasons to microsoft servers. Not everybody does feel comfortable, when sensitive data has left his computer to microsoft's cloud. PS: Of course many anti virus programs do uploads too, but they are not Microsoft, a company with bad reputation. But i guess, some fanboys still find excuses, no matter how deep privacy infiltration gets and how far the vendor lock-in gets.
Hey, you can disable CPU mitigations, etc. on Linux as well, and I wouldn't want it to be any other way. If anything, I appreciate that the option is there for when I want to try it and know what I'm doing. Which on Windows is quite often a pain, the options usually just aren't there. So I can appreciate the Altas project as well. That said, I can't agree more that advertising it mostly as "the thing that makes your Windows go vroom" to a broad audience maybe isn't the best idea. They should've clearly said that this most probably isn't something you want to be daily driving. On a separate, gaming-only machine, preferably not connected to the Internet - sure, why not.
The important part is "I want to try it and know what I'm doing" I agree doing conventionally "dangerous" stuff to your system here and there is fun and helpful with learning to troubleshoot. But having the option to disable security features is Very different then having those features disabled by default. Especially for ppl who, lets be honest, probably never messed with their os much. In addition, any windows OS is a much bigger target for pc malware, so disabling mitigations on linux is technically safer then on windows. At least statistically. Personally I don't think any os should up performance by sacrificing security. Especially when windows have a lot of other places to trim the bloat on. Tbh I just find it really alarming as a project that shows the company priority list
For most of the (legal) games you need internet connection to run or update them, or look up for walkthroughs etc you always need internet. Most of the users does not using 2-3PCs for multiple reasons
Certain Linux kernel mitigations can be adjusted to a limited extent at boot-time or run-time. Other kernel mitigations are addressed at compile-time, some within the kernel and also by code paths generated by newer compilers. Some are select-able through kernel and/or compiler options and others not. Mitigations also exist throughout user-space. They too sometimes partly involve the compilation process and aren't normally selected for by the user. Windows is very different. Mitigations applied by Microsoft have greater potential to interact, and more likely in undocumented ways, as compared to those that tend to be confined to individual components under typical Linux system architecture. There is an additional constraint in that users and system integrators generally have little autonomy over compile-time aspects of large amounts of user-space code.
@Zaydan Alfariz that's the point!! A lot of use use a server that controls the flow of internet so atlas connected to the network isn't a issue as only apps whitelisted get access the rest is denied access. But it's plain common sense for any system running windows without being on a protected network no defender no banking and financial services just gaming and streaming apps online only
I recently switched to atlas and all I can say is that before installing: 1.) be an advanced power user so you know what everything does and 2.) understand what your doing
If anybody sees this while scrolling through the comments, looking for the low-down on 'what atlas actually is,' and 'is it good/bad,' here you go. Since a lot of info seems to revolve around having surface level knowledge of the systems revolving around this issue... It's not an OS, and it's misleading to call it opensource in the context of opensource being 'safer.' It's effectively the same thing as if you would install a large feature update on Windows. It's still the same OS. Most if not all of what we would consider the GUI in a stock windows distribution can be modified, and Atlas leverages the components of Windows 'running under the hood' to modify variables, add/delete variables, add extensions to Windows components, and otherwise change the manner in which the Microsoft components interact with each other. Anything that Atlas modifies is done in situ, on the Windows system itself. People in the tuning community modify many of the same things, but in varying degrees, as needed. The reason Atlas boasts a performance increase can easily be summed up in how it disables a large portion of the telemetry and security infrastructure of Windows. The constant analysis, measurement, processing, capturing, filtering, auditing, etc, of a stock Windows system generally adds up to - - - this is without exaggeration - - - about a 50% decrease in overall system latency. Most specs listed by manufacturers are fluff, and while the numbers are usually true, they're only relevant to a small percentage of the time spent using the system. For instance, having the highest sequential read/write speed SSD only sees a benefit with the processing of large files. The vast, vast majority of the operations that happen while we're actually using these machines are very quick and random operations. This is why the disabled features of Atlas have such an impact, because all of the telemetry and processing the stock Windows system uses causes a - - - persistent cascade of interruptions to disk, memory, and processing. Whether one or the other is more secure, is entirely subjective and depends on the user. I could make the argument that the belief in a system being secure leads to more severe security breaches. My personal view is that nothing is really secure, and my system template is the answer to the question, 'what is more valuable to me, system performance that I can use right now, or data protection?' Lastly, I don't use Atlas. I don't think I would either, but that's because I choose to modify the system myself in a controllable way that I can analyze and compare to the stock system.
The least he could do is say something like "don't try this at home, I haven't researched it myself" instead of presenting it as "the" solution for old PC. He could also boot up Linux for performance comparison, and present it as the more secure option. I can imagine some kid's PC ruined by malware from trying this out.
I'm surprised that you didn't mention what was one of my personal biggest worries, the Atlas OS team themselves. I'm sure they're trustworthy, but it would be really easy for them to embed malware in the system, especially with how much they edit Windows it would be hard to find.
Even if they don't, a hacker could replace the software on their server with malware. They don't have the same resources as microsoft to guard against that.
>it would be really easy for them to embed malware in the system, especially with how much they edit Windows it would be hard to find Do you use a Linux distro? If so, spoiler alert: the distro devs/maintainers "edit" just as much (if not more) of your system, and could just as easily "embed" malware into it. They obviously wouldn't, but if you're going to make that point for this project, I don't see why it wouldn't apply to any other.
@@denoww9261 for any big distro I’d say there’s about as much chance for malware being embedded in the system as Microsoft embedding malware into Windows. And even for smaller distros most are built with trusted and public facing members of the community, whereas I couldn’t even find the names of the Atlas OS team.
@@joemann7971 I disagree. He and a plethora of others brought up the same thing, not as a warning, but as a criticism and/or a problem. I am using Atlas, I have installed it on several machines, and this guy is being kind of dishonest by withholding the below fact: When installing Atlas, it literally pauses installation and tells you what the risks are if you pick the wrong option and which option is likely best for you. The install process takes the guesswork out of it, the ONLY way you can mess it up is if you are simply stupid, and if you're that stupid, you shouldn't own a PC. Also, Linus never mentions it because, AGAIN, it prompts you with all this information during install. There's literally no reason to bring it up at all. Hell, I don't even like Linus and yet feel compelled to defend him here.
@@GildedPooalso i think most people who would install a custom version of windows are also able to read. Windows is used because its easy, you dont have to learn shit to use windows...kids can use windows. This also means that most windows users wont know how to install any os, they use windows, update when windows tells them to update and thats it. I really think this is just a bunch of linux users hating on windows (which isnt even the official version of windows) so they can spoon feed their own c*m for using linux. Linux is great, use it for my gameserver and NAS, but as a OS where i want to game on and do my work as an video editor i want the stability and reliability that windows gives to me. Every two years when i build my new PC i reinstall windows on my old PC to give to my girlfriend (not because windows needs to be reinstalled, just because a clean install is better for her so she can just start downloading TB's worth of sims 4 mods) and i still use windows on the new PC because i never had problems, no need to use commands, my os doesnt self destroy if it feels like it, davinci resolve doesnt just crash (like it does on linux), i can play all games without having to look up if they are even supported and i dont have to fight with thirtparty drivers (which is a Security risk in itself since so many people talk about no one making malware or viruses for linux ) just so i can actually use my graphicscard.
Risk, danger, viruses, OMG. UAC is disabled, so what? You don't have any Microsoft, Google, or other accounts enabled, no documents, no photos, and you don't log in anywhere. The machine is only for gaming, and you don't even log in to any accounts while playing."
If the machine is solely a gaming machine that's one thing but most people can't afford a whole extra computer and if you can you can afford one that's much more powerful
Finally someone addressing this I’ve been trying to get atlas higher ups to fix these issue’s months before Linus Video now they are making changes finally
@@BrodieRobertson yeah true i went in the discord not long ago sharing the video to others about the security problems all i got was a timeout and people telling me stupid video but i use ReviOS its like atlas but allows you to enable The security stuff
@@BrodieRobertson yeah i know that i tried to explain that in the discord but people didnt like it so idk personally i use ReviOS its much better for me security wise etc its already got the things you said enable and you can choose what to disable in the tool
Yes, Ideally you'd want to run a local user as default instead of the Administrator user and have UAC be the only way of gaining administrative privileges.
@@atilisma8091 You run as a non privileged user and use the admin account for admin tasks. This is security 101, UAC only has a meaning in the case where you are using an admin account as your user, in which case you already failed the class.
@@entelin Running a system like that can be very tedious and annoying if you're doing a lot of things, a lot of times every day that require admin privileges. I've been running no uac, no defender for so many years now. Never been infected, AFAIK. When you're running the latest browsers with content blockers its such a small risk.
Couldn't agree with you more. You just answered all my questions regarding that LTT video. Anthony in the background of that video, admitted that they haven't looked too deep into it, yet. This is practically an admission, like saying, "We know better than this!" We know enough here, to not do our general every day tasks, as root user in Linux. It really seems like disabling UAC is the closest Windows equivalent. I wouldn't do this to any internet connected, or even LAN connected device, at all, and even offline would still proceed with extreme caution. As a complete aside, Linus (LTT Linus, of course) says in his video about Atlas OS, "This is better than Linux!" Anthony did not quite agree with his boss' statement! I would respectfully disagree with Linus as well. While I suppose it's possible for Atlas OS to outperform the most bloated of Linux installations, if you're using a more minimal Linux installation with one of the lighter weight desktop environments, you would reap all of the performance benefits without sacrificing security like Atlas OS!
They all should have known better from the get go. Seriously. The amount of people that write and edit scripts and then produce videos at LTT is astounding. Someone should have caught this. Linux undoubtedly has better security features but as far as Linus is concerned, this is essentially Windows which makes it far superior. To which, he is wrong all round.
The issue with these "lite" versions of 11 is that it has very little, if any impact on gaming performance, which is one of the most popular reasons for wanting a "lite" version to begin with.
It’s actually a version of 10, not 11 and if you’re running an old enough cpu it can have quite bigger impact since I had an old i5 5th gen laptop which was running windows 10 desktop with 80% cpu usage and installing this helped a lot. It’s good to have this option for a lighter os because all those security functions disabled don’t bother me at all because I use this laptop for some bs and I suppose many other people use it just for the same reasons as me
Linus:”it killed linux” Lets see -Resource usage lower EVEN they closed the defender and other things -Security is infinite times better because there isnt have ANY of security piece -İt is really open source(did anyone really believed its open source? Man windows is closed source cmon) -Mostly it will be fcked up as what happened to other iso’s linux wont die until dooms day will come(because community making the linux no one can stop us) -Linux have a community,do windows have? -İts just for gaming or other basic things,in linux you can do everything you want -İn atlas everything is cropped so I dont think you can feel the complete os which linux have everything you want and you can download it if there isnt have -Good luck when you try to find the real download link in web browser but in linux you can just 1 click download or just use a command to download what you want -You need to install a lotta crap to customize windows,in linux its easy and have infinite ways to customize -I frogor 💀 but I’m sure there have more things which linux is superior Yeah linus it killed the linux absolutely 🤡 change your channel to “Winfked and blue pilled tech tips channel” thanks
Actually I have been disabling UAC all the way back to Windows 7 (from 2008 I think) (I find it VERY annoying that each time I want to run or do anything on the pc the thing would pop up). I allways use Warez too. Only ONCE I had problems with a virus. I used windows 7 till 2019 when I was forced to use Win10 because newer versions of the programs (Like blender) would refuse to run on win7. Then I used windows 10 ameliorated on both of my pcs. Never had a problem. Albeit I take some precautions: - I use firefox with Ublock origin. - I use a manual firewall (each new program should ask permition to access internet the first time I ever run it, and reject access to those who doesn't needs anything from internet) - I use warez only from somewhat "reputable" sites. I will be installing this OS too, altought I will add an extra layer of protection: I will use a quarentine computer (completely offline) just to make sure each new warez it's free from unwanted stuff.
Honestly the thing I don't get about the UAC disabling is: If it reduces performance, why not just disable the UAC *shield-thingy?* Surely the main performance problem with UAC is the background shield-thingy behind UAC causing it to be a slow nuisance on lower-end hardware (given it technically switches to the Login Screen's session to then load the UAC prompt there). Literally, all you need to do to disable the UAC shield is to just visit the UAC slider, in Control Panel, and slide it down one bar, if not two, instead of down to completely disabling UAC. You can have UAC without its shield - you'd just lose out on some features the shield provides. PS: People running Windows XP truly do be saying "First time?" right now - Windows XP never had UAC, thus it permanently has the same problem as Vista and onwards without UAC.
Yeah, this has the problem so many attempts to strip Windows down have: It goes too far. For me to recommend this thing, there's four things that need to be done: 1. UAC, re-enable it. It's not the end-all, be-all, but it's an important thing for both security and privacy that uses system approaching "LOL moving your mouse cursor takes more". Leave it be. 2. Windows Defender. It's not the best AV out there, but it's basically effective and it's the lightest-weight always-on antivirus that exists. Just use it. 3. Mitigations. Ask during installation, default yes, and caution people against no. If your system has hardware mitigations, the software mitigations speed up your system. If you do not have hardware mitigations, new ways to abuse that ARE being created all the time. However they're the biggest performance impact of the four, and if you're never going to have the machine on the Internet (offline MAME cabinet or something) you can safely turn them off for a sizable boost in performance. 4. Windows update. It needs to work. Not automatic. Bonus if I can schedule it to do its thing at a specific time, but I don't want it always churning in the background. Without that, I just can't recommend this thing. And it's too bad, because Windows telemetry, bloat, and bullshit are just unacceptable these days.
The mitigations is already done and in the latest release, Windows Defender and Windows Update will be added back as optional and configurable features with more transparency about disabling them. UAC will also be re-enabled, it was meant to be enabled but it was disabled split second without a collective decision
I plan on using this on a dedicated desktop for gaming. I'm getting tired of waiting around for better Linux compatibility especially for online games. I'm going to treat it like a console and do my normal everyday non-gaming computing on a Laptop running Linux.
I wish we had more resources on testing questionable software for malicious behavior. I've read a little about using Sysinternals Process Monitor to check for registry and file writes. Wireshark for outbound connections. A noob guide to these and similar tools would be nice.
Anyone installing any power user os like this understands the risks, they have re-added these things in atlas os currently. I believe with the option to disable them. But even without these features enabled, this is a godsend for a disconnected emulation pc.
@AYT04 We know what windows did with github copilot, taking FOSS code and placing their own license/pricing on it. I suspect they are only cherry picking open source to line their pockets without doing the work.
@@jasonfahnestock9494 Eh. Reasonable business moves. Benign impact. Reasonable and benign being the divine culmination of impeccable untold business heroism I'm sure.
UAC doesn't even impact performance to a meaningful manner and it just takes running one bad item to either make your system run worse or be deeply infested with serious malware. Disabling UAC by default is stupid, it's there for a reason
If you're going to offer an option to disable a mitigation, it should give you a very clear warning of the potential security risks before the script actually runs. This way, people won't blindly disable things and open themselves up to a world of hurt.
I've been using NTLite for several years to modify my Windows ISOs before install, and I create AND understand my post-install scripts/tweaks/modifications. All these "custom OS".. meh. And to be fair, people who want to modify their OS to this extent MUST understand what they are doing. And if they understand what they're doing, they don't need Atlas, they can do it themselves.
@Zaydan Alfariz By security i didn't even necessarily only mean vm breaks, but also just the possibility of getting credentials that are entered inside the vm (for games etc.) Being captured and either steal the accounts themselves or if these credentials were used on multiple accounts even steal access to other more important accounts that may not have 2fa
@Zaydan Alfariz Oh no I was not saying 2fa solves everything, I just was providing an example for a relatively easy attack vector that this "os" would expose. Get a keylogger or similar onto the vulnerable unprotected system, get credentials for a service that is used on it, use those credentials on something more critical if they happen to be the same. This is just one example of the many potential attack vectors running this in a vm opens up
I wouldent daily drive Atlus, but I just set up a dual boot partition for my live audio performances with it and it crushed my audio latency by a factor of 3! I've been tweaking windows since 98 and never got these kinds of latency gains before.
My Windows PC constantly asks me to allow programs to "make changes to this computer". I never really know what the purpose is so I just click "yes". I doesn't add any security.
Always have been suspicious of repackaged Windows OSes. Not always clear what all of the changes they make are compared to a guide you can follow to tweak the OS yourself where you can elect to follow a step to enable/disable a feature or not yourself. Also didn't like how LTT only showed their list of drawbacks for a very short time on screen where you have to pause it to even really read and comprehend it. Also really surprised that LTT would recommend installing it, but then turn around and on camera admit that they really don't know much about it.
Disabling UAC isn't a security concern if you know what you're doing. Just use a non-Administrator account and manually elevate only when needed. It's probably more secure doing this than running everything in a UAC-limited Administrator. Still, I don't get the point of disabling UAC. Other than some severe annoyances if using network drives it doesn't hurt.
So for a normal user, and certainly within the context of an LTT video I completely agree. It's terrible general advice, and you certainly shouldn't run it on a pc just because "it's old" or something. *However* This kind of windows distribution is really only useful for gamers or other niche situations where you want peak performance and minimum latency/hitching in the hands of a power user. I made a hacked up version of windows like this that I run as my gaming system (or at least I used to, but linux is actually so damn good now I almost never reboot for that reason), the difference is night and day. Not so much in terms of raw performance, though there is a gain there, but in smoothness, it's almost immediately apparent. Getting rid of windows updates is one of the core points of something like this, you pick a known performant version that has minimal extra cruft and you freeze it in time, some of the other changes would potentially be "fixed" by windows update or have mutual breakages if you don't anyway. You sure as hell don't want things like AV on a gaming system, windows firewalling, defender, or any of that. Spectre & Meltdown can only be an issue if malicious code is already running on your system, big deal for hosting environments, mostly irrelevant for home pc's except for some edge cases like that browser exploit, but as you suggested, it can be mitigated with some common sense browsing habits. You went overboard on the significance of UAC, firstly, it's only relevant if you are in fact running as administrator, which on a normal system you certainly should not be. UAC is a pretty stupid hack to help mitigate the long custom on windows of running with admin privilages, it rarely has any importance when it comes to actual malware & exploits. In fact Microsoft significantly scaled back the number of things it prompts for because it was having a genuine detrimental effect on security by training users to press accept on prompts they don't actually understand. Bottom line, if you are depending on UAC for security then you doing it wrong, if you care about security *do not run as administrator in the first place*. Regardless it's certainly useless for a system like this where you are intentionally stripping out things that are far more important from a security perspective (like updates). This is the kind of system you put in your DMZ, play games, and do anything important on something else. Then reload it in the fairly unlikely event something actually happens.
You made it sound like disabling UAC programs would cause programs to run as administrator all the time. Only if you are in fact admin, which you should not be, it's like running your linux system as root and trying to patch together some assemblence of security with selinux policies and vauge prompts. I've been in IT for over 20 years at this point and I've genuinely never once seen a user that was actually saved from something malicious by UAC, most users will just click "accept/ok" when bothered by some prompt where "win32blahblah.dll is requesting permission to...." is preventing them from doing whatever it was they were doing, because they were already trained by that same system to hit ok in 95% of other cases where it's totally valid. Do you really expect an average user to know the difference between a malicious filename or a valid one? No of course not. The whole problem is that they are running as admin to begin with. Let's not forget also that most of the most dangerous malware doesn't need admin permissions anyway, if a crypto malware runs as the user, the damage it does is almost always basically the same because in most cases it's only the one user on system anyway and they have full privilages to their data. In a corporate network that user likely has access to a pretty good amount of other things around the network as well so it gets that stuff too, all without admin rights. Those are all separate challenges that have their own solutions, but for real, UAC is 90% security theater, and the remaining 10% is just a patch on top of already bad security practices.
I just read about this OS (I think it was on itsfoss news) and they kinda recommended it as well. I don't run Windows anymore but I might need it somewhere to update my Alpha Camera and my Xperia Phone. So I thought this might be a good idea.
The word "security" is only mentioned once in that article and it's buried in the middle of a list. They don't give any warnings or even discuss the point further.
If that's all you need, setting up a VM with an official ISO might not be as "convenient" but it sure is safer, I mean. Why would you want a black box on top of another? I understand the desire for a lighter Windows experience, but stuff like this ain't it
@@RadikAlice The problem is updating your Camera/phone Software within a VM OS could break the update/software. If Sony would just finally support Linux. After all they are using Linux in many of their Products. Even their Alpha Cameras run Linux if I am not mistaken.
Hi im a on the Altas Site right now. Features being added back in v0.3.0 In v0.3.0, these features are being added back as optional features: Windows Defender Hopefully, Windows Update will be configured to only get security definition updates by default. Windows Defender will slow down performance (especially on older hardware using components like HDDs). Configured with policies by default for the least annoyance. Tools for virus and malware protection (such as SecHealth, HealthCheck, MsMpEng and SmartScreen). Windows Updates It will be configured with policies by default for the least annoyance possible, including manual updates. It is most likely that Windows Updates will revert changes from Atlas, so you might have to re-run the AME Wizard on updates (there might be a tool to check the integrity of the tweaks). These features will be enabled by default: User Account Control (UAC) (already enabled in GitHub Actions builds - commit) See this tweet for more information. Overall, Atlas will be more transparent from now on, with more clarity and warnings to the user about security.
You are a good person telling this, unfortunately most LTT users aren't that well knowledge. I'm not saying all of them, but I've seen LTT praising an insecure VPN service (for Netflix) and people actually using it. So yeah, still a good video, unfortunately I don't think you'll reach the people actually needed to see this.
You are right about that. Most of the people that are going to go head first into trying this are not going to be Brodie Fans. It is going to be the people with a 10-year-old PC that sees a video put out by a TH-camr that gets millions of views on all of his videos and just blindly trust installing this faster windows on their pc because he said it will make it faster.
Many so-called "power users" I see are infatuated with the idea of a self-hosted VPN, which defeats the purpose of having a private VPN. Honestly, while the security advice is valid, I don't think LTT did anything wrong by providing this recommendation. Everyday users are not trying to harden their PC, they just want it to work. A lot of what Atlas disables and gets rid of more than makes up for disabling UAC even if that's done for a misguided reason. So assuming they have a third-party AV (which should have been a recommendation paired with Atlas) users following LTT's advice are better off than they would be with base Windows.
No, they are not getting a better Windows/game experience by disabling/removing core security features. It makes them vulnerable to all sorts of attacks, especially when Windows Update does not work anymore. People are allowed to do whatever they want, however I agree with this, it's terrible to praise something for a few extra FPS.
All stripped down features can be easily enabled in seconds using the Atlas folder provided on the desktop by default with scripts for each feature, CPU mitigations and UAC, etc... Can all be enabled! So dunna why you're so serious Brodie...
@@BrodieRobertson Ok i agree with you, UAC and mitigations should be enabled by default other than that everything is pretty OK! I talked to the devs and they said that UAC will be enabled in 0.3 which is much better for security... Hope that AtlasOS will become more acceptable, also remember that this is still in beta so after 1.0 things should be perfect, and remember atlas rn is already MUCH better than any other custom windows!
@@Hooorse sorta not tho, there's some other users who own parts of the system that are not owned by SYSTEM(or localized equivalent like СИСТЕМА for russian), and the SYSTEM user itself which you need to take away R/W permissions from using gui tools clicking 55 million buttons and using some of the leftover windows 3.X UI. fun.
@@generallyunimportant Oh, and we can't forget about TrustedInstaller, aka the 'Windows File Integrity Protection ''''User''''', and how they use it to make even SYSTEM not have R/W permissions on certain files too.
@@BrodieRobertson No MS store or apps that use MS store as a dependency (new calculator, new media player, etc), no feature updates, all telemetry is disabled and cannot be enabled. Windows defender, UAC and security updates are still intact. It is meant for things like ATMS, air traffic control towers and medical equipment but can be used on a regular computer like any other Windows version. I use it on my gaming laptop and it has actually been really good.
Been using Atlas 21H2 (with UAC enabled of course) for a year now, can't complain. But also I know what I'm doing and I'm only running games with it. Performance is definitely boosted and latency very much reduced.
>Been using Atlas 21H2 (with UAC enabled of course) for a year now.... I was doing to comment about the screenshot of Atlas homepage on the LTT video showing 20H2 and how out of date it was.
You see, this isn't a ringing endorsement in the fact that you don't trust the default OS configuration, and you only use it for a very limited task set. If you don't trust it, to do regular computing tasks like office work, or internet banking, or even just your emails, what does that say about the OS?
@@schemage2210 well the GitHub readme has this to say: "Atlas is a modified version of Windows 10, which removes nearly all the drawbacks of Windows that negatively affect gaming performance. Atlas is also a good option to reduce system latency, network latency, input lag, and keep your system private while focusing on performance." So it is for getting the best gaming performance out of your system and nothing else. I only enabled UAC back. I mean, you wouldn't run your desktop Linux purely as root user would you?!
@@cheebadigga4092 Hey, you say this is for gaming, but that requires an internet connection, right? An internet connection through which any malicious actor will happily exploit your "perfect gaming setup". And come off it, how does removing privacy features hinder gaming performance? How does removing UAC by default enhance gaming? Honestly! Once a game is installed and running UAC is not going to bother you. Read between the BS that they present and see the scam for what it actually is.
@@schemage2210 I didn't say UAC hinders gaming performance. They say themselves that they disable UAC to make the system more responsive, in the sense that there is less user interaction required. However I think that's bad reasoning for this specific kind of thing. Everything else is fine. I know how to use my PC and I know which sites to go to and which not. That's the things LTT should've talked about.
LTT's handling of their NFS storage server was a clear sign for me they are amateurs as far as software and IT infrastructure goes. NFS servers, when done properly are the closest thing to perfection if you want safe data storage. That is, if you know what you're doing.
I want to thankyou for making this video as it may have stopped a lot of people from making a decision that could have caused a lot of problems ( or made them a lot more possible ). Thanks
Atlas is like a godsend to my laptop though. Just enable the security stuff. They should add some warnings though. By default, it's set to ultimate speed. But a balanced preset with security enabled would be neat.
this guy when he come to know that thousand of users around the world already have windows updates, microsoft defender and uac disabled and that's one of the main reason microsoft keep re-enabling them and making them harder to disable in the first place O_O
@@thingsiplay I don't think it was staged exactly. I think he just prefers the extra YT drama he can generate by moving fast and breaking things. He can think when he wants to, but he gets more views when he doesn't.
@@thingsiplay The PopOS devs admitted to the bug. But even then Linus went out of his way to type out a whole sentence and got all surprised when Gnome got deleted. Then he threw gas on the fire by installing Manjaro. Meanwhile Luke was doing pretty well on Mint and even seemed to be enjoying it.
I used to work in an Intel Lab, and those CPU security mitigations SERIOUSLY impact performance. I always wanted an option to choose whether or not to enable them. Now I have one.
The problem i had with atlas os was their "suggest programs" to bulk install drivers since windows is unable to search and install applicable drivers for your hardware. turns out that the program atlas os suggests recommends incompatible drivers causing my pc to brick itself. nice. back to normal windows i go
8:34 Ransomware can work regardless of UAC, though. When you disable UAC, the risk goes _from_ encrypting all your files to infiltrating your bootloader and/or firmware.
"We redesigned Windows for gamers". Actually, their tagline should be "We redesigned Windows for people who have just enough technical knowledge to be dangerous to themselves and others"
Ghost Spectre better, you can install and change anything with its toolbox id necessary also it comes with custom installation where you can either install compact or superlite with either defender or no defender.
Been using AtlasOS for a year now and even before that i had a standard windows install which i ripped windows defender from(as well as some unnecessary bloatware) for as long as i remember and i never had any problems. Only did the occasional full system virus scan for peace of mind and enjoyed the upsides of a cleaner system.
I know uBlock Origin is great for blocking tracker and ads, but I do not understand how it would make your system more secure against viruses or other attacks? Could you expand on the technical details with what you mean with this statement?
@@katrinabryce What do we mean by a virus? If I do not explicitly download anything that comes from a sketchy ad and run it, and the browser is up to date and does its job, nothing bad should be possible to happen to my computery by visiting any website and running any javascript? Am I right?
@@katrinabryce How often do serious browser bugs get found? And how serious are they? Could someone gain shell access to my computer just because I visit the homepage of a certain site? Do you have any example CVE of this?
As I understand it, spectre and meltdown are bugs in the cpu that allows processes to extract information from other processes on the system. This is due to speculative execution. In practice, does there exist any exploits using this? And what is the worst possible scenario if the mitigations for these were disabled? Could one tab in your browser, running some sketchy JavaScript, read a password being entered in another tab through reading the memory content of the other tabs process? Or are even worse scenarios theoretically possible for your average computer user?
There were many PoCs for a browser tab stealing your password manager's keys with such vulnerabilities. Some of it may have been addressed in Chromium, though it's mostly about OS level mitigations, or better yet, manufacturer-level fixes.
Linus often has no idea about what he's talking about. I'm not sure if it was always like that but I have started noticing it more and more lately, especially on WAN show.
The CPU mitigations can indeed be disabled! This was thoroughly detailed in the disclaimer during the installation process. Had you exercised due diligence instead of reacting to someone else's video, you would have seen it. It's crucial for people to read and comprehend what they're doing. To everyone else who believes that the advice given was misguided, here's my response: Linus made a video introducing a new product, and within that limited timeframe, he balanced the pros and cons. Product reviews are not an excuse for viewers to disengage their critical thinking! Like all other aspects of life, you need to understand, decide, and then proceed. As consumers, we're expected to function as responsible individuals. The role of a reviewer is not to hold your hand and guide you lazily through your decisions.
I ran a system for many years without UAC enabled and nothing ever happened. Did bi-annual malware scans with no results. The best antivirus/malware protection is smart internet usage.
Turning off, UAC is safe only if you run windows as a non-administrator. That becomes a major pain because without UAC you also lose the ability to run something as another user, so you are stuck logging onto another account anything you need to install or update something. Long story short, just use UAC.
Windows defender being disabled is the primary reason I'd use something like this. Also I've only considered using it in a VM specifically for running steam games I can't get working great with proton or stock wine. I still plan to at some point.
You won't be able to play games with anti-cheats. I prefer the concept of a shitbox over a sandbox. (I have a Windows PC isolated on my network that runs all my games and isn't logged into anything sensitive).
With UAC disabled everything will run with current user's privileges! If the user is not in Administrators group then the program won't get any Administrator's privileges. But even without UAC running software as Administrator with Defender disabled I personally daily driving my Windows PC with no issues for more than 10 years. So it depends on your user experience and your mileage may vary. I don't support the idea of disabling these features by default.
Honestly? The security half-measures aren't even my real issue with this. Without self-promoting one's own content, as someone who did use Ameliorated--the tweaks of which the Atlas tool is derived from--Windows becomes *dramatically* less functional when you take the cruft out of it! Most of the conveniences of Windows, aside from *basic* binary compatibility, gets stripped away since it's lacking many dependencies newer applications expect, no reasonable way to update the system (should you want to), and installing things like graphics drivers becomes a bigger PITA because of it. The experience was so clunky that I honestly believe moving to Linux is a MUCH better alternative to debloating Windows - either because the bloat will sneak its way back in through updates, or will be in a state where you can't really upgrade it anymore and will just be a bad time. Hence why it's just easier to switch to Linux and make your stuff run on there - at least when things don't work, it's *expected* not to, and you can still receive updates and constantly improving compatibility. Obviously, actually switching is an ordeal unto itself, but half-measures like AME or Atlus don't cut it, and proves how the core of Windows is designed to rope you into Michaelsoft's way. Do anything beyond that like trying to take back functionality and control, it's a wilder west than actual Linux. Which is hilarious.
@@Juiceboxmakes I really don't want to attribute malice to what can adequately be described as stupidity, but something about Windows still rubs me the wrong way and has me reconsidering that... I'm sure there's software engineers over at MS who feel passionate about their jobs, they strive to improve their own work. But then there's these other aspects of the way the system is designed that makes me think that Windows' breaking was intentional. I don't like being cynical, but it's hard not to be.
Another similar project by the name of ReviOS also exists. Probably, that also poses the same risks but it would have been great if you had mentioned it. Also, AME Wizard has a playbook of its own too. By the way, great video. I was going to try AtlasOS. Now I won't. Thank you for the warning.
Thanks for pointing these things out. I had seen that video and was almost tempted to try out Atlas OS. I ultimately stopped because I am running windows 11 on my windows drive (with endevourOS on my other drive) and I didn't really want to go back to Windows 11. That being said I am glad I didn't without knowing that I would need to re-enable some things. I still want to keep an eye on this project, though, as I do like the idea of a faster, leaner version of windows. That being said I want to be able to use defender, have updates, and UAC, so maybe it's not right for me at the moment.
It's definitely a case of "know what you're doing". I've said for ages that if you want serious performance for gaming you gotta turn off all that security crap. Suitable for business PC? Hell no! Suitable for grandma? Hell no! Suitable for a hacker/gamer? Hell yes! Install your own anti-virus, backup your data, stay away from shady stuff.
Been running atlas os for almost a year and been downloading a lot of stuff, no antivirus or anything, only things I use to protect my computer are my brain and the ublock extension, the fact is that if you're getting hacked seriously then windows defender isn't going to block everything anyway, really it's easier than you think to bypass it's checks. If it doesn't bypass windows defender it's gonna be do sketchy anyone with a little bit of brain will notice that and avoid downloading. I'm actually using an old core 2 quad CPU with an SSD and 8 gigs of ram and I'm running atlas os win 11 based (got it from their discord) and really smooth for what i use it for (internet browsing, Google colab, accessing my servers with RDP, and managing file downloads)
This seems more like a LTT hate video than anything else. I've been running Windows since forever with UAC disabled and have had no issues whatsoever. UAC is perfectly safe to disable as long as you are not downloading unknown software or software from third-party sites... Similar to why an antivirus is not required as well.
So I just installed this on a fresh install. The installer for Atlas OS has changed. They no longer recommend turning off defender, Windows Mitigation settings or updates in the installer. The default option is Keep them enabled by default. The Developer must be listening to feed back. So this video and the LTT video are now dated.
Thank you Brody for being sane voice on this topic. While I like to watch Linus Tech Tips they do really click bait the viewer. Just see Anthonys face when Linus says you dont need Linux. Anthony is an extremely smart individual who I think exposed the video. The way he installed the components and I can relate. You have a strict schedule so you blitz through the deployment and installation doing your best to evaluate the software within a limited time window. Why else would he not know these major security flaws. This guy is extremely tech savy. I can also see Microsoft not caring until this software gets very popular. When it does they will shut it down. Because it alters Windows. Theres a liable case right there. Also think about this from a Linux point of view. You might say its ok to remove some AppArmour components or to switch off SELinux or even remove some PAM modules. Yes you can do all of these at your own risk. Same applies to the removal of UAC and Windows defender. I hate both but without them you are leaving your machine totally exposed to all manner of viruses and Root Kits. Keep your old hardware by all means but follow the recommended standard setup on Windows or Linux baked in by the distro and you will be fine.
7:30 - Just some clarification, UAC can easily be bypassed anyways by default (even on the latest versions of Windows 10), so it's not like this is really a significant thing for malware. However, UAC is a good feature and shouldn't be disabled regardless. The decision to disable UAC was not made collectively at the final second, and we will revert this change in 0.3, so we are sorry for that change.
I just wish nobody gets in a bad situation when using this, I hate to see someone get infected and didn’t follow any basic didn’t follow basic security practices
Undoubtedly atlas is a great piece of software. Useful for those who need it. Preferably for those who know what they are doing. I'm happy to see projects like this being worked on.
I'm sure a few extra warnings won't hurt the would be users.
Are you really sorry, though? It's not hard to posit that you are a bad actor "collectively" or have bad actors in your organisation and I would suggest that you cancel this project before people get hurt. You know, the people that you're conning into installing a malicious OS which is nothing but a trap for your ultimate malicious plans.
All software is bypassable if you can find the exploits but even so there is software that in a normal context could be stopped before doing actual damage, I'm happy to see this change being made
Bypassing UAC (or any other security measure) is a cat-and-mouse game, though. Sure, the newest malware probably has the most recent exploits, but it always will anyways. Having UAC and other security features turned on will stop older malware that doesn't have the most recent exploits. Security isn't about absolute perfection - it's about minimizing the attack surface. If I remember correctly, trying to run some older versions of Windows could get you infected in minutes thanks to a bunch of legacy malware and botnets out there.
The ATLAS "OS" deal can be a security nightmare if someone doesn't understand what they're doing. I wonder if using WINGET to install your applications would be safe long-term.
Which is most users, and since Linus targets most PC enthusiasts, his audience as a whole is only slightly more knowledgeable than the average.
@@LaughingOrange Agreed
when he said everything will be run as admin I whiffed poor atlas users
@@LaughingOrange I always wonder what an average user is. No user is the average of all users. This term doesn't make sense. But that is a different story.
Generally you are right about targeting more PC enthusiasts, but also newcomers are watching this. And even PC and Gaming "enthusiasts" often don't know some basic stuff. Even..., yes even professionals in their field for whatever they are professional, often don't know some basic knowledge.
Even if you "know what you are doing" such a system is impossible to protect.
For a guy who recently got his channel hijacked, Linus continues doing intense security gambles.
Hahah, true that!
He owned up to his mistake and said it was his fault for not properly educating his staff and the mistake was made by someone who works for him, he himself didn't do it.
@@neonshadow5005 he is still a twit (jk lol.. thats david!)
Oh man, if only he had UAC on to save his cookies from being stolen... oh wait, UAC isn't a magic security pill?
@@Xaito no its a single layer defense intended to work in conjunction with defender antivirus, defender firewall, real time protection, cloud-delivered protection, automatic sample submission, tamper control, core isolation, memory integrity and cloud backup
A lot of problems could be solved if Microsoft just released an official "Lite" version for older hardware. That'd probably piss off their hardware partners though. I'd probably use Tiny11 over this, as it supposedly doesn't disable basic security features. But any of these third party Windows spins should be looked at with some degree of apprehension.
That'll never happen lol
> But any of these third party Windows spins should be looked at with some degree of apprehension
Yeah, especially when they aren't open-source in nature. That's just so sus to run something like that with a pinky promise that it's not doing anything malicious...
@@BrodieRobertson Good. More Linux users for us! 😂
@@hsoj9550 to be fair the tool they've built is GPLv3
Why would MS do that? You think its just to not make hardware partners pissed off? You are saying MS should take a lot of time and money to make and support something better that will do nothing but make MS lose money... MS gets money for those sales, and they want you to buy a new computer, its better for their bottom line.
If nobody has already pointed it out, this is officially old news. AtlasOS does support windows defender and update according to their FAQ and UAC is enabled by default. Considering that Spectre/Meltdown mitigation can also be enabled (in the setup now, not just settings), anyone techy enough to install a custom windows config should be considering this and all other security features anyway. I watched through the whole video and I don't think anything mentioned is an issue anymore. As far as a review of Linus is concerned, I'll let that be...
Is it possible to install Atlas OS on top Ghost Spectre? I reckon in theory it's possible but I hesitate to do it but it should work. Ghost Spectre does have its own ISO so reinstalling and upgrading Ghost Spectre shouldn't be a problem even if you install Atlas OS on top of Ghost Spectre. If it's not possible, is it too much to ask if Atlas can check if Ghost Spectre is installed and will refuse or warn to install on top of it for safety reasons.
Thank you for this!
I use my laptop for programming and since it's an old laptop I rely heavily on windows updates to get my drivers after a fresh install. I was considering Atlaos for a while now since my laptop is suffering from bad performance so my question is, Do I need to be worried? is it a good idea to switch to Atlas? is it gonna boost my performance more than a vanilla windows 10?
@@abdelrahmanghonim1260 I still get windows updates through the normal windows update settings, no difference there.
just get iot ltsc windows, basically official debloated windows
He proves time and time again that he knows a lot about hardware, but not so much about software.
Thanks for pointing this out, hope some people see it before they might be affected by one of these exploits.
Yea Linus is okay with hardware, but when it comes to software not knowledgeable at all. This became to me very clear from having listened to some of the WAN shows, basically Linus has the mentality that learning software is a waste of time.
To be fair though he has a team of folks, in this case Emily, that made wrote the video recommending it... Would've though t Emily to be more attentive to risks than this though
that's the most generous thing I've ever seen anyone say online, ever. He's a complete idiot, let's say it how it is. My grandma could guess that "hey, if my computer is telling me to type something verbatim before it will let me do this thing, maybe it's more serious than I realize and I should contact someone who knows more about what it is I'm doing before I do" Linus on the other hand just fucking sent it.
I try to avoid being overzealous with accusations, but he's a bloody charlatan plain and simple. This is a guy who rakes in MILLIONS as the head of a multimedia company that focusses specifically on technology, that understands technology so little he doesn't know better than to blindly google things, paste in random commands to a terminal, give them full admin access, bypass your OS's warnings, and press that enter key into the core of the earth. At that point, you become a charlatan. Not everyone needs to be super tech literate, *_but we are talking about a guy who almost certainly pulls in more yearly than you do in a decade based soley on the fact that he is claiming to be tech literate enough to give technical advice_* . And that's not even mentioning how intellectually dishonest he has been about Anthony. "Oh we don't want to give him his own channel because no-one would watch it" Meanwhile literally every comment under every video Anthony is in that even vaguely mentions linux : "Give anthony his own channel already we love watching him work on shit he likes". He's covering his own ass. Best case? They rely on Anthony too much for behind the scenes stuff that they literally can't lose him as an asset becuase no-one else on staff is tech literate enough to handle what they do, which proves my point. Worst case? Linus knows people would watch Anthony's channel, and he knows it would show everyone what an actually tech literate channel is. If you never let someone eat a real burger, you can keep telling them "beef" comes out of a cow, rather than *_IS_* cow.
I'm sorry, but it isn't that he knows "not so much about software", it's that he's a hack.
@@TurtleKwitty Anthony has a few niche specialities like classic console emulation and a bit of Linux server administration, but other than that his insight is also very limited.
I don't get why they don't occasionally pull a programmer from Floatplane to consult on their videos about software things.
@@anlumo1 You don't necessarily need a programmer to do the consultation (and tbh, not every programmer is tech savvy. Lots of us aren't and I became surprised when I saw some colleagues having issues with simple command line). A system administrator, or OpSec personnel would be a better fit to help with the script and fact-checking.
Atlas recently made a statement on Twitter that they are planning to make defender optional. 3:26 now optional to enable upon install
this guy doesnt care just likes riding off the back off LTT fame to be honest
windows distros 🤡
So brave man
This is pretty cursed
The ironic thing is that it's not even a distro anymore, it's instead classifiable as being a 'transformation pack'. To be a windows distro would be to make an ISO out of it, whereas a transformation pack just entails being a set of patches, automated or manual, for existing installations - AtlasOS is the latter nowadays.
Although, I'm surprised the idea of windows distros even seems new to most people - Winstros, as I like to call them, have existed for many years: Hiren's MiniXP, Windows Clevine, etc.
Exactly, all those windows normies, criticizing linux to be not ready out of the box, seem to ignore windows own need for a better set up and configuration.
Anyway i highly doubt, one could really cut out all the problematic parts of windows with certainty.
This is rather a waste of time.
Да
Apparently in the latest version of the AtlasOS, the devs has enabled UAC by default and Windows Defender + Updates as optional features
You would figure an antivirus and update would be required and not optional, huh?
Some people are just.... weird like this.
@@Mario583a Not particularly. Microsoft Defender is effective at security from every malicious actor expect Microsoft and we don't need to talk about Windows update. Microsoft made themselves unreliable when it comes to updates.
Linus Media Group is not a tech company. They're an ADVERTISING company. They get paid to promote products, and they try to do it with as much good faith as possible. But their revenue is dependent on pushing products made by other companies.
A big part of why Linux has historically been much more secure than Windows is because you never run regular software as root. UAC was Microsoft’s answer to that, so clearly very important.
Also, why would you replace Windows Defender with third party antivirus? From a performance perspective, Defender is definitely a lot faster, and it’s effectiveness is about the same as other offerings.
"A big part of why Linux has historically been much more secure than Windows is because you never run regular software as root."
If you go around making statements like that then you deserve to have your systems compromised.
I do not run Windows since Windows 7 died, I just run Linux - I am no Microsoft fan.
But security is NOT about a single OS or a piece of hardware or software, it's about the entire system, where it's located, who has access to it and what access controls are around it. You could put a Linux server in a DMZ exposed directly to the Internet with a Windows server tucked behind a firewall nearby, and the Linux server would be hacked in minutes with nobody ever getting to the Windows server.
Please don't make these silly kinds of statement - Linux and Windows are vulnerable to different types of attack vectors and when you understand what those vectors are, then you cut put the proper security wrappers around them.
And I don't allow Windows 10 or 11 into my home because of PRIVACY (not SECURITY) concerns - there's a big difference between the two.
UAC wasn't really Microsoft's response to Linux. It's an additional security feature that requires confirmation and/or authentication before running a process with admin privileges. It's kind of like the root account requiring sudo.
Because defender uploads files, also private ones for allegedly security reasons to microsoft servers. Not everybody does feel comfortable, when sensitive data has left his computer to microsoft's cloud.
PS: Of course many anti virus programs do uploads too, but they are not Microsoft, a company with bad reputation. But i guess, some fanboys still find excuses, no matter how deep privacy infiltration gets and how far the vendor lock-in gets.
Linux is more secure because it's less popular. In fact if it was targeted more it would probably be very vulnerable.
@@jakedespppp I'm so glad someone else knows this! It's absolutely true!
Hey, you can disable CPU mitigations, etc. on Linux as well, and I wouldn't want it to be any other way. If anything, I appreciate that the option is there for when I want to try it and know what I'm doing. Which on Windows is quite often a pain, the options usually just aren't there. So I can appreciate the Altas project as well.
That said, I can't agree more that advertising it mostly as "the thing that makes your Windows go vroom" to a broad audience maybe isn't the best idea. They should've clearly said that this most probably isn't something you want to be daily driving. On a separate, gaming-only machine, preferably not connected to the Internet - sure, why not.
The important part is "I want to try it and know what I'm doing" I agree doing conventionally "dangerous" stuff to your system here and there is fun and helpful with learning to troubleshoot. But having the option to disable security features is Very different then having those features disabled by default. Especially for ppl who, lets be honest, probably never messed with their os much.
In addition, any windows OS is a much bigger target for pc malware, so disabling mitigations on linux is technically safer then on windows. At least statistically. Personally I don't think any os should up performance by sacrificing security. Especially when windows have a lot of other places to trim the bloat on. Tbh I just find it really alarming as a project that shows the company priority list
For most of the (legal) games you need internet connection to run or update them, or look up for walkthroughs etc you always need internet. Most of the users does not using 2-3PCs for multiple reasons
Certain Linux kernel mitigations can be adjusted to a limited extent at boot-time or run-time. Other kernel mitigations are addressed at compile-time, some within the kernel and also by code paths generated by newer compilers. Some are select-able through kernel and/or compiler options and others not. Mitigations also exist throughout user-space. They too sometimes partly involve the compilation process and aren't normally selected for by the user.
Windows is very different. Mitigations applied by Microsoft have greater potential to interact, and more likely in undocumented ways, as compared to those that tend to be confined to individual components under typical Linux system architecture. There is an additional constraint in that users and system integrators generally have little autonomy over compile-time aspects of large amounts of user-space code.
@Zaydan Alfariz that's the point!! A lot of use use a server that controls the flow of internet so atlas connected to the network isn't a issue as only apps whitelisted get access the rest is denied access. But it's plain common sense for any system running windows without being on a protected network no defender no banking and financial services just gaming and streaming apps online only
I don't appreciate the option is there. You're wrong.
I recently switched to atlas and all I can say is that before installing: 1.) be an advanced power user so you know what everything does and 2.) understand what your doing
If anybody sees this while scrolling through the comments, looking for the low-down on 'what atlas actually is,' and 'is it good/bad,' here you go. Since a lot of info seems to revolve around having surface level knowledge of the systems revolving around this issue...
It's not an OS, and it's misleading to call it opensource in the context of opensource being 'safer.' It's effectively the same thing as if you would install a large feature update on Windows. It's still the same OS. Most if not all of what we would consider the GUI in a stock windows distribution can be modified, and Atlas leverages the components of Windows 'running under the hood' to modify variables, add/delete variables, add extensions to Windows components, and otherwise change the manner in which the Microsoft components interact with each other.
Anything that Atlas modifies is done in situ, on the Windows system itself. People in the tuning community modify many of the same things, but in varying degrees, as needed.
The reason Atlas boasts a performance increase can easily be summed up in how it disables a large portion of the telemetry and security infrastructure of Windows. The constant analysis, measurement, processing, capturing, filtering, auditing, etc, of a stock Windows system generally adds up to - - - this is without exaggeration - - - about a 50% decrease in overall system latency. Most specs listed by manufacturers are fluff, and while the numbers are usually true, they're only relevant to a small percentage of the time spent using the system. For instance, having the highest sequential read/write speed SSD only sees a benefit with the processing of large files. The vast, vast majority of the operations that happen while we're actually using these machines are very quick and random operations. This is why the disabled features of Atlas have such an impact, because all of the telemetry and processing the stock Windows system uses causes a - - - persistent cascade of interruptions to disk, memory, and processing.
Whether one or the other is more secure, is entirely subjective and depends on the user. I could make the argument that the belief in a system being secure leads to more severe security breaches. My personal view is that nothing is really secure, and my system template is the answer to the question, 'what is more valuable to me, system performance that I can use right now, or data protection?'
Lastly, I don't use Atlas. I don't think I would either, but that's because I choose to modify the system myself in a controllable way that I can analyze and compare to the stock system.
The least he could do is say something like "don't try this at home, I haven't researched it myself" instead of presenting it as "the" solution for old PC. He could also boot up Linux for performance comparison, and present it as the more secure option. I can imagine some kid's PC ruined by malware from trying this out.
I'm surprised that you didn't mention what was one of my personal biggest worries, the Atlas OS team themselves. I'm sure they're trustworthy, but it would be really easy for them to embed malware in the system, especially with how much they edit Windows it would be hard to find.
Even if they don't, a hacker could replace the software on their server with malware. They don't have the same resources as microsoft to guard against that.
>it would be really easy for them to embed malware in the system, especially with how much they edit Windows it would be hard to find
Do you use a Linux distro? If so, spoiler alert: the distro devs/maintainers "edit" just as much (if not more) of your system, and could just as easily "embed" malware into it. They obviously wouldn't, but if you're going to make that point for this project, I don't see why it wouldn't apply to any other.
@@denoww9261 for any big distro I’d say there’s about as much chance for malware being embedded in the system as Microsoft embedding malware into Windows. And even for smaller distros most are built with trusted and public facing members of the community, whereas I couldn’t even find the names of the Atlas OS team.
@@denoww9261 There is a lot more protection against this than you are implying, even in Arch, the most permissive system.
@@munkycoolgaming You are confusing things. Atlas is an installer and scripts from a 3rd party, not Microsoft. Their security is a concern.
As someone who uses Atlas. The CPU mitigation disabler is optional and you are promoted to choose when installing
The guy is going hard on the scare tactics
does it has issues on connecting to projector
@@joemann7971 I disagree. He and a plethora of others brought up the same thing, not as a warning, but as a criticism and/or a problem. I am using Atlas, I have installed it on several machines, and this guy is being kind of dishonest by withholding the below fact:
When installing Atlas, it literally pauses installation and tells you what the risks are if you pick the wrong option and which option is likely best for you. The install process takes the guesswork out of it, the ONLY way you can mess it up is if you are simply stupid, and if you're that stupid, you shouldn't own a PC.
Also, Linus never mentions it because, AGAIN, it prompts you with all this information during install. There's literally no reason to bring it up at all. Hell, I don't even like Linus and yet feel compelled to defend him here.
@@GildedPooalso i think most people who would install a custom version of windows are also able to read. Windows is used because its easy, you dont have to learn shit to use windows...kids can use windows. This also means that most windows users wont know how to install any os, they use windows, update when windows tells them to update and thats it.
I really think this is just a bunch of linux users hating on windows (which isnt even the official version of windows) so they can spoon feed their own c*m for using linux.
Linux is great, use it for my gameserver and NAS, but as a OS where i want to game on and do my work as an video editor i want the stability and reliability that windows gives to me. Every two years when i build my new PC i reinstall windows on my old PC to give to my girlfriend (not because windows needs to be reinstalled, just because a clean install is better for her so she can just start downloading TB's worth of sims 4 mods) and i still use windows on the new PC because i never had problems, no need to use commands, my os doesnt self destroy if it feels like it, davinci resolve doesnt just crash (like it does on linux), i can play all games without having to look up if they are even supported and i dont have to fight with thirtparty drivers (which is a Security risk in itself since so many people talk about no one making malware or viruses for linux ) just so i can actually use my graphicscard.
Atlas is a modern version of XP.
If you install Atlas os the "Atlas" folder is created for enable/disable UAC, Bluetooth and other thing that Atlas disabled
How often is your laymans user going to do the 'what does this do?' click?
I've been disabling UAC directly after install since around 2008, never had any issues.
Risk, danger, viruses, OMG. UAC is disabled, so what? You don't have any Microsoft, Google, or other accounts enabled, no documents, no photos, and you don't log in anywhere. The machine is only for gaming, and you don't even log in to any accounts while playing."
If the machine is solely a gaming machine that's one thing but most people can't afford a whole extra computer and if you can you can afford one that's much more powerful
Windows LTSC and Chris Titus debloat tool is the only way to make windows usable these days.
LMAO CHRIS TITUS
Finally someone addressing this I’ve been trying to get atlas higher ups to fix these issue’s months before Linus Video now they are making changes finally
They needed the drama that came from the LTT viewers with a brain, and this is just the easy to share warning
@@BrodieRobertson yeah true i went in the discord not long ago sharing the video to others about the security problems all i got was a timeout and people telling me stupid video but i use ReviOS its like atlas but allows you to enable The security stuff
@@Jayy_R2 this allows you to re enable but it shouldn't be disabled out of the box
@@BrodieRobertson yeah i know that i tried to explain that in the discord but people didnt like it so idk personally i use ReviOS its much better for me security wise etc its already got the things you said enable and you can choose what to disable in the tool
Disabling UAC is just moronic.
Came here to post exactly this. This choice immediately means game over for this "windows distribution"
Yes, Ideally you'd want to run a local user as default instead of the Administrator user and have UAC be the only way of gaining administrative privileges.
“Mommy your pc is making horse sounds!”
@@atilisma8091 You run as a non privileged user and use the admin account for admin tasks. This is security 101, UAC only has a meaning in the case where you are using an admin account as your user, in which case you already failed the class.
@@entelin Running a system like that can be very tedious and annoying if you're doing a lot of things, a lot of times every day that require admin privileges.
I've been running no uac, no defender for so many years now. Never been infected, AFAIK.
When you're running the latest browsers with content blockers its such a small risk.
Couldn't agree with you more. You just answered all my questions regarding that LTT video.
Anthony in the background of that video, admitted that they haven't looked too deep into it, yet. This is practically an admission, like saying, "We know better than this!"
We know enough here, to not do our general every day tasks, as root user in Linux. It really seems like disabling UAC is the closest Windows equivalent. I wouldn't do this to any internet connected, or even LAN connected device, at all, and even offline would still proceed with extreme caution.
As a complete aside, Linus (LTT Linus, of course) says in his video about Atlas OS, "This is better than Linux!" Anthony did not quite agree with his boss' statement! I would respectfully disagree with Linus as well. While I suppose it's possible for Atlas OS to outperform the most bloated of Linux installations, if you're using a more minimal Linux installation with one of the lighter weight desktop environments, you would reap all of the performance benefits without sacrificing security like Atlas OS!
They all should have known better from the get go. Seriously. The amount of people that write and edit scripts and then produce videos at LTT is astounding. Someone should have caught this.
Linux undoubtedly has better security features but as far as Linus is concerned, this is essentially Windows which makes it far superior. To which, he is wrong all round.
The issue with these "lite" versions of 11 is that it has very little, if any impact on gaming performance, which is one of the most popular reasons for wanting a "lite" version to begin with.
It’s actually a version of 10, not 11 and if you’re running an old enough cpu it can have quite bigger impact since I had an old i5 5th gen laptop which was running windows 10 desktop with 80% cpu usage and installing this helped a lot. It’s good to have this option for a lighter os because all those security functions disabled don’t bother me at all because I use this laptop for some bs and I suppose many other people use it just for the same reasons as me
@@mxrtoedo u use it as a daily driver?
DIsabling WIndows Defender and disabling mitigations will have an impact on gaming performance, especially mitigations with older CPUs.
Linus:”it killed linux”
Lets see
-Resource usage lower EVEN they closed the defender and other things
-Security is infinite times better because there isnt have ANY of security piece
-İt is really open source(did anyone really believed its open source? Man windows is closed source cmon)
-Mostly it will be fcked up as what happened to other iso’s linux wont die until dooms day will come(because community making the linux no one can stop us)
-Linux have a community,do windows have?
-İts just for gaming or other basic things,in linux you can do everything you want
-İn atlas everything is cropped so I dont think you can feel the complete os which linux have everything you want and you can download it if there isnt have
-Good luck when you try to find the real download link in web browser but in linux you can just 1 click download or just use a command to download what you want
-You need to install a lotta crap to customize windows,in linux its easy and have infinite ways to customize
-I frogor 💀 but I’m sure there have more things which linux is superior
Yeah linus it killed the linux absolutely 🤡 change your channel to “Winfked and blue pilled tech tips channel” thanks
+it have freedom,idk atlas have or not but we re sure microsoft wont let you do anything you want
Don't take any "tips" from Linus regarding server administration or security. He has proven time and time again he is clueless.
Dude got his digree in ADHD and rose through the TH-cam land without much tech knowledge. Anthony was the real goat of LTT
Actually I have been disabling UAC all the way back to Windows 7 (from 2008 I think) (I find it VERY annoying that each time I want to run or do anything on the pc the thing would pop up). I allways use Warez too. Only ONCE I had problems with a virus.
I used windows 7 till 2019 when I was forced to use Win10 because newer versions of the programs (Like blender) would refuse to run on win7. Then I used windows 10 ameliorated on both of my pcs. Never had a problem. Albeit I take some precautions:
- I use firefox with Ublock origin.
- I use a manual firewall (each new program should ask permition to access internet the first time I ever run it, and reject access to those who doesn't needs anything from internet)
- I use warez only from somewhat "reputable" sites.
I will be installing this OS too, altought I will add an extra layer of protection: I will use a quarentine computer (completely offline) just to make sure each new warez it's free from unwanted stuff.
Honestly the thing I don't get about the UAC disabling is: If it reduces performance, why not just disable the UAC *shield-thingy?* Surely the main performance problem with UAC is the background shield-thingy behind UAC causing it to be a slow nuisance on lower-end hardware (given it technically switches to the Login Screen's session to then load the UAC prompt there).
Literally, all you need to do to disable the UAC shield is to just visit the UAC slider, in Control Panel, and slide it down one bar, if not two, instead of down to completely disabling UAC. You can have UAC without its shield - you'd just lose out on some features the shield provides.
PS: People running Windows XP truly do be saying "First time?" right now - Windows XP never had UAC, thus it permanently has the same problem as Vista and onwards without UAC.
Because Atlas OS isn't as advanced as it appears. Its developers probably didn't know that which you are saying.
Windows XP was in many ways a security nightmare too.
Yeah, this has the problem so many attempts to strip Windows down have: It goes too far. For me to recommend this thing, there's four things that need to be done:
1. UAC, re-enable it. It's not the end-all, be-all, but it's an important thing for both security and privacy that uses system approaching "LOL moving your mouse cursor takes more". Leave it be.
2. Windows Defender. It's not the best AV out there, but it's basically effective and it's the lightest-weight always-on antivirus that exists. Just use it.
3. Mitigations. Ask during installation, default yes, and caution people against no. If your system has hardware mitigations, the software mitigations speed up your system. If you do not have hardware mitigations, new ways to abuse that ARE being created all the time. However they're the biggest performance impact of the four, and if you're never going to have the machine on the Internet (offline MAME cabinet or something) you can safely turn them off for a sizable boost in performance.
4. Windows update. It needs to work. Not automatic. Bonus if I can schedule it to do its thing at a specific time, but I don't want it always churning in the background.
Without that, I just can't recommend this thing. And it's too bad, because Windows telemetry, bloat, and bullshit are just unacceptable these days.
The mitigations is already done and in the latest release, Windows Defender and Windows Update will be added back as optional and configurable features with more transparency about disabling them. UAC will also be re-enabled, it was meant to be enabled but it was disabled split second without a collective decision
I plan on using this on a dedicated desktop for gaming. I'm getting tired of waiting around for better Linux compatibility especially for online games. I'm going to treat it like a console and do my normal everyday non-gaming computing on a Laptop running Linux.
I wish we had more resources on testing questionable software for malicious behavior. I've read a little about using Sysinternals Process Monitor to check for registry and file writes. Wireshark for outbound connections. A noob guide to these and similar tools would be nice.
Anyone installing any power user os like this understands the risks, they have re-added these things in atlas os currently. I believe with the option to disable them. But even without these features enabled, this is a godsend for a disconnected emulation pc.
I personally prefer linux over a modified version of windows. It’s still proprietary if you modify it, and who knows what Microsoft is doing.
@AYT04 We know what windows did with github copilot, taking FOSS code and placing their own license/pricing on it. I suspect they are only cherry picking open source to line their pockets without doing the work.
@@jasonfahnestock9494 Eh. Reasonable business moves. Benign impact. Reasonable and benign being the divine culmination of impeccable untold business heroism I'm sure.
@World of Fear Only if heavily debloated.
UAC doesn't even impact performance to a meaningful manner and it just takes running one bad item to either make your system run worse or be deeply infested with serious malware. Disabling UAC by default is stupid, it's there for a reason
If you're going to offer an option to disable a mitigation, it should give you a very clear warning of the potential security risks before the script actually runs. This way, people won't blindly disable things and open themselves up to a world of hurt.
Like origin or blizzards launcher.
I've been using NTLite for several years to modify my Windows ISOs before install, and I create AND understand my post-install scripts/tweaks/modifications. All these "custom OS".. meh. And to be fair, people who want to modify their OS to this extent MUST understand what they are doing. And if they understand what they're doing, they don't need Atlas, they can do it themselves.
Its just not a "OS" for everyday use but only for gaming. I use it on a VM personally.
Why would you need to optimize an image that will be run virtualized? Doesn't that add a lot more overhead and almost cancel out the optimizations?
@@ibrahimhussain3248 That's the point, to compensate for the overhead.
At that point why are you running a vm. Just run your applications in wine or proton. More secure, more convenient and less overhead
@Zaydan Alfariz By security i didn't even necessarily only mean vm breaks, but also just the possibility of getting credentials that are entered inside the vm (for games etc.) Being captured and either steal the accounts themselves or if these credentials were used on multiple accounts even steal access to other more important accounts that may not have 2fa
@Zaydan Alfariz Oh no I was not saying 2fa solves everything, I just was providing an example for a relatively easy attack vector that this "os" would expose. Get a keylogger or similar onto the vulnerable unprotected system, get credentials for a service that is used on it, use those credentials on something more critical if they happen to be the same. This is just one example of the many potential attack vectors running this in a vm opens up
I tried Atlas OS but I haven't noticed any differences. Heck. Even some games don't work like Microsoft Flight Simulator.
well with Atlas the MS Store doesn't fully work, so of course that game won't work lol
I wouldent daily drive Atlus, but I just set up a dual boot partition for my live audio performances with it and it crushed my audio latency by a factor of 3! I've been tweaking windows since 98 and never got these kinds of latency gains before.
My Windows PC constantly asks me to allow programs to "make changes to this computer". I never really know what the purpose is so I just click "yes". I doesn't add any security.
Always have been suspicious of repackaged Windows OSes. Not always clear what all of the changes they make are compared to a guide you can follow to tweak the OS yourself where you can elect to follow a step to enable/disable a feature or not yourself. Also didn't like how LTT only showed their list of drawbacks for a very short time on screen where you have to pause it to even really read and comprehend it. Also really surprised that LTT would recommend installing it, but then turn around and on camera admit that they really don't know much about it.
it's not a repacked windows distro. those are illegal. this is a tool that tweaks your windows install automatically.
Disabling UAC isn't a security concern if you know what you're doing. Just use a non-Administrator account and manually elevate only when needed. It's probably more secure doing this than running everything in a UAC-limited Administrator. Still, I don't get the point of disabling UAC. Other than some severe annoyances if using network drives it doesn't hurt.
So for a normal user, and certainly within the context of an LTT video I completely agree. It's terrible general advice, and you certainly shouldn't run it on a pc just because "it's old" or something. *However* This kind of windows distribution is really only useful for gamers or other niche situations where you want peak performance and minimum latency/hitching in the hands of a power user. I made a hacked up version of windows like this that I run as my gaming system (or at least I used to, but linux is actually so damn good now I almost never reboot for that reason), the difference is night and day. Not so much in terms of raw performance, though there is a gain there, but in smoothness, it's almost immediately apparent. Getting rid of windows updates is one of the core points of something like this, you pick a known performant version that has minimal extra cruft and you freeze it in time, some of the other changes would potentially be "fixed" by windows update or have mutual breakages if you don't anyway. You sure as hell don't want things like AV on a gaming system, windows firewalling, defender, or any of that. Spectre & Meltdown can only be an issue if malicious code is already running on your system, big deal for hosting environments, mostly irrelevant for home pc's except for some edge cases like that browser exploit, but as you suggested, it can be mitigated with some common sense browsing habits. You went overboard on the significance of UAC, firstly, it's only relevant if you are in fact running as administrator, which on a normal system you certainly should not be. UAC is a pretty stupid hack to help mitigate the long custom on windows of running with admin privilages, it rarely has any importance when it comes to actual malware & exploits. In fact Microsoft significantly scaled back the number of things it prompts for because it was having a genuine detrimental effect on security by training users to press accept on prompts they don't actually understand. Bottom line, if you are depending on UAC for security then you doing it wrong, if you care about security *do not run as administrator in the first place*. Regardless it's certainly useless for a system like this where you are intentionally stripping out things that are far more important from a security perspective (like updates). This is the kind of system you put in your DMZ, play games, and do anything important on something else. Then reload it in the fairly unlikely event something actually happens.
You made it sound like disabling UAC programs would cause programs to run as administrator all the time. Only if you are in fact admin, which you should not be, it's like running your linux system as root and trying to patch together some assemblence of security with selinux policies and vauge prompts. I've been in IT for over 20 years at this point and I've genuinely never once seen a user that was actually saved from something malicious by UAC, most users will just click "accept/ok" when bothered by some prompt where "win32blahblah.dll is requesting permission to...." is preventing them from doing whatever it was they were doing, because they were already trained by that same system to hit ok in 95% of other cases where it's totally valid. Do you really expect an average user to know the difference between a malicious filename or a valid one? No of course not. The whole problem is that they are running as admin to begin with. Let's not forget also that most of the most dangerous malware doesn't need admin permissions anyway, if a crypto malware runs as the user, the damage it does is almost always basically the same because in most cases it's only the one user on system anyway and they have full privilages to their data. In a corporate network that user likely has access to a pretty good amount of other things around the network as well so it gets that stuff too, all without admin rights. Those are all separate challenges that have their own solutions, but for real, UAC is 90% security theater, and the remaining 10% is just a patch on top of already bad security practices.
Power users don't watch Linus videos.
I just read about this OS (I think it was on itsfoss news) and they kinda recommended it as well.
I don't run Windows anymore but I might need it somewhere to update my Alpha Camera and my Xperia Phone. So I thought this might be a good idea.
The word "security" is only mentioned once in that article and it's buried in the middle of a list. They don't give any warnings or even discuss the point further.
If that's all you need, setting up a VM with an official ISO might not be as "convenient"
but it sure is safer, I mean. Why would you want a black box on top of another?
I understand the desire for a lighter Windows experience, but stuff like this ain't it
@@RadikAlice The problem is updating your Camera/phone Software within a VM OS could break the update/software.
If Sony would just finally support Linux. After all they are using Linux in many of their Products. Even their Alpha Cameras run Linux if I am not mistaken.
This video brought to you by Windows 98, a lightweight Windows distribution!
Nah man I run Windows 3.1
@@BrodieRobertson Oh yeah? I'm using DOSShell 😂😂😂😂
Hi im a on the Altas Site right now.
Features being added back in v0.3.0
In v0.3.0, these features are being added back as optional features:
Windows Defender
Hopefully, Windows Update will be configured to only get security definition updates by default.
Windows Defender will slow down performance (especially on older hardware using components like HDDs).
Configured with policies by default for the least annoyance.
Tools for virus and malware protection (such as SecHealth, HealthCheck, MsMpEng and SmartScreen).
Windows Updates
It will be configured with policies by default for the least annoyance possible, including manual updates.
It is most likely that Windows Updates will revert changes from Atlas, so you might have to re-run the AME Wizard on updates (there might be a tool to check the integrity of the tweaks).
These features will be enabled by default:
User Account Control (UAC) (already enabled in GitHub Actions builds - commit)
See this tweet for more information.
Overall, Atlas will be more transparent from now on, with more clarity and warnings to the user about security.
You are a good person telling this, unfortunately most LTT users aren't that well knowledge. I'm not saying all of them, but I've seen LTT praising an insecure VPN service (for Netflix) and people actually using it.
So yeah, still a good video, unfortunately I don't think you'll reach the people actually needed to see this.
You are right about that. Most of the people that are going to go head first into trying this are not going to be Brodie Fans. It is going to be the people with a 10-year-old PC that sees a video put out by a TH-camr that gets millions of views on all of his videos and just blindly trust installing this faster windows on their pc because he said it will make it faster.
Many so-called "power users" I see are infatuated with the idea of a self-hosted VPN, which defeats the purpose of having a private VPN. Honestly, while the security advice is valid, I don't think LTT did anything wrong by providing this recommendation. Everyday users are not trying to harden their PC, they just want it to work. A lot of what Atlas disables and gets rid of more than makes up for disabling UAC even if that's done for a misguided reason. So assuming they have a third-party AV (which should have been a recommendation paired with Atlas) users following LTT's advice are better off than they would be with base Windows.
No, they are not getting a better Windows/game experience by disabling/removing core security features. It makes them vulnerable to all sorts of attacks, especially when Windows Update does not work anymore.
People are allowed to do whatever they want, however I agree with this, it's terrible to praise something for a few extra FPS.
@@dashcharger24 cry harder, their pc their choice
@@dashcharger24 Better than Linux offers
All stripped down features can be easily enabled in seconds using the Atlas folder provided on the desktop by default with scripts for each feature, CPU mitigations and UAC, etc... Can all be enabled! So dunna why you're so serious Brodie...
Because defaults are incredibly important
@@BrodieRobertson Ok i agree with you, UAC and mitigations should be enabled by default other than that everything is pretty OK! I talked to the devs and they said that UAC will be enabled in 0.3 which is much better for security... Hope that AtlasOS will become more acceptable, also remember that this is still in beta so after 1.0 things should be perfect, and remember atlas rn is already MUCH better than any other custom windows!
@@gamerking64 his views were too low so he had to come up with something random
The outro is glorious, but running every single stuff as administrator is just such an awful thing to do
Your average gamer by far isn't tech savy enough to be left to their devices without an antivirus.
Administrator is like giving root access to the world?
Its the equivalent of the root user, yes.
@@Hooorse sorta not tho, there's some other users who own parts of the system that are not owned by SYSTEM(or localized equivalent like СИСТЕМА for russian), and the SYSTEM user itself which you need to take away R/W permissions from using gui tools clicking 55 million buttons and using some of the leftover windows 3.X UI.
fun.
@@Hooorse lol
@@generallyunimportant Oh, and we can't forget about TrustedInstaller, aka the 'Windows File Integrity Protection ''''User''''', and how they use it to make even SYSTEM not have R/W permissions on certain files too.
People wanting a clean Windows should be using Enterprise LTSC instead of those shady 3rd party ISOs.
I've not looked into that, what does that offer?
@@BrodieRobertson No MS store or apps that use MS store as a dependency (new calculator, new media player, etc), no feature updates, all telemetry is disabled and cannot be enabled. Windows defender, UAC and security updates are still intact. It is meant for things like ATMS, air traffic control towers and medical equipment but can be used on a regular computer like any other Windows version. I use it on my gaming laptop and it has actually been really good.
Been using Atlas 21H2 (with UAC enabled of course) for a year now, can't complain. But also I know what I'm doing and I'm only running games with it. Performance is definitely boosted and latency very much reduced.
>Been using Atlas 21H2 (with UAC enabled of course) for a year now....
I was doing to comment about the screenshot of Atlas homepage on the LTT video showing 20H2 and how out of date it was.
You see, this isn't a ringing endorsement in the fact that you don't trust the default OS configuration, and you only use it for a very limited task set. If you don't trust it, to do regular computing tasks like office work, or internet banking, or even just your emails, what does that say about the OS?
@@schemage2210 well the GitHub readme has this to say: "Atlas is a modified version of Windows 10, which removes nearly all the drawbacks of Windows that negatively affect gaming performance. Atlas is also a good option to reduce system latency, network latency, input lag, and keep your system private while focusing on performance."
So it is for getting the best gaming performance out of your system and nothing else. I only enabled UAC back. I mean, you wouldn't run your desktop Linux purely as root user would you?!
@@cheebadigga4092 Hey, you say this is for gaming, but that requires an internet connection, right? An internet connection through which any malicious actor will happily exploit your "perfect gaming setup". And come off it, how does removing privacy features hinder gaming performance? How does removing UAC by default enhance gaming? Honestly! Once a game is installed and running UAC is not going to bother you.
Read between the BS that they present and see the scam for what it actually is.
@@schemage2210 I didn't say UAC hinders gaming performance. They say themselves that they disable UAC to make the system more responsive, in the sense that there is less user interaction required. However I think that's bad reasoning for this specific kind of thing. Everything else is fine. I know how to use my PC and I know which sites to go to and which not. That's the things LTT should've talked about.
LTT's handling of their NFS storage server was a clear sign for me they are amateurs as far as software and IT infrastructure goes. NFS servers, when done properly are the closest thing to perfection if you want safe data storage. That is, if you know what you're doing.
I want to thankyou for making this video as it may have stopped a lot of people from making a decision that could have caused a lot of problems ( or made them a lot more possible ). Thanks
What lot of people? His viewers are tiny and this video is bs completely
Atlas is like a godsend to my laptop though. Just enable the security stuff. They should add some warnings though. By default, it's set to ultimate speed. But a balanced preset with security enabled would be neat.
big note here is if u have a good Antivirus like ESET you dont need to care about most of those points
This a video aged great @gamers Nexus
this guy when he come to know that thousand of users around the world already have windows updates, microsoft defender and uac disabled and that's one of the main reason microsoft keep re-enabling them and making them harder to disable in the first place
O_O
I watched the video (not entirely) and was expecting from him to recommend Linux.
How wrong I was.
I think Linus doesn't like Linux. Oh the irony.
@@jrpgweeb8751 Plus he got burned by PopOS (if it wasn't staged at all).
@@thingsiplay I don't think it was staged exactly. I think he just prefers the extra YT drama he can generate by moving fast and breaking things. He can think when he wants to, but he gets more views when he doesn't.
@JRPG Enjoyer manjaro is still garbage, horrible devs.
@@thingsiplay The PopOS devs admitted to the bug. But even then Linus went out of his way to type out a whole sentence and got all surprised when Gnome got deleted. Then he threw gas on the fire by installing Manjaro. Meanwhile Luke was doing pretty well on Mint and even seemed to be enjoying it.
I used to work in an Intel Lab, and those CPU security mitigations SERIOUSLY impact performance. I always wanted an option to choose whether or not to enable them. Now I have one.
I hope this video gets more views, because what you said should have been in Linus's video.
The problem i had with atlas os was their "suggest programs" to bulk install drivers since windows is unable to search and install applicable drivers for your hardware. turns out that the program atlas os suggests recommends incompatible drivers causing my pc to brick itself. nice. back to normal windows i go
I was laughing so hard when this dropped;
I wouldn't have touched Atlas with legit data for nothing, a white box junker at best for testing
8:34 Ransomware can work regardless of UAC, though. When you disable UAC, the risk goes _from_ encrypting all your files to infiltrating your bootloader and/or firmware.
That's true, but you don't want to take a pointless risk that comes with almost 0 benefits
@@BrodieRobertson No disagreement there.
"We redesigned Windows for gamers". Actually, their tagline should be "We redesigned Windows for people who have just enough technical knowledge to be dangerous to themselves and others"
Ghost Spectre better, you can install and change anything with its toolbox id necessary also it comes with custom installation where you can either install compact or superlite with either defender or no defender.
Been using AtlasOS for a year now and even before that i had a standard windows install which i ripped windows defender from(as well as some unnecessary bloatware) for as long as i remember and i never had any problems. Only did the occasional full system virus scan for peace of mind and enjoyed the upsides of a cleaner system.
I know uBlock Origin is great for blocking tracker and ads, but I do not understand how it would make your system more secure against viruses or other attacks? Could you expand on the technical details with what you mean with this statement?
Ads are a major source of viruses.
Blacklisting a larger pool of dodgy links, I would suppose.
@@katrinabryce What do we mean by a virus? If I do not explicitly download anything that comes from a sketchy ad and run it, and the browser is up to date and does its job, nothing bad should be possible to happen to my computery by visiting any website and running any javascript? Am I right?
@@CrazyMineCuber In theory, yes. In practice, no. Also, with automatic updates disabled, your browser probably isn’t going to be up to date.
@@katrinabryce How often do serious browser bugs get found? And how serious are they? Could someone gain shell access to my computer just because I visit the homepage of a certain site? Do you have any example CVE of this?
As I understand it, spectre and meltdown are bugs in the cpu that allows processes to extract information from other processes on the system. This is due to speculative execution. In practice, does there exist any exploits using this? And what is the worst possible scenario if the mitigations for these were disabled? Could one tab in your browser, running some sketchy JavaScript, read a password being entered in another tab through reading the memory content of the other tabs process? Or are even worse scenarios theoretically possible for your average computer user?
There were many PoCs for a browser tab stealing your password manager's keys with such vulnerabilities. Some of it may have been addressed in Chromium, though it's mostly about OS level mitigations, or better yet, manufacturer-level fixes.
So no
Linus often has no idea about what he's talking about. I'm not sure if it was always like that but I have started noticing it more and more lately, especially on WAN show.
The CPU mitigations can indeed be disabled! This was thoroughly detailed in the disclaimer during the installation process. Had you exercised due diligence instead of reacting to someone else's video, you would have seen it. It's crucial for people to read and comprehend what they're doing.
To everyone else who believes that the advice given was misguided, here's my response:
Linus made a video introducing a new product, and within that limited timeframe, he balanced the pros and cons. Product reviews are not an excuse for viewers to disengage their critical thinking! Like all other aspects of life, you need to understand, decide, and then proceed.
As consumers, we're expected to function as responsible individuals. The role of a reviewer is not to hold your hand and guide you lazily through your decisions.
And they wonder why "power user" is synonymous with "idiot" among some circles.
Just keep the system offline?
I ran a system for many years without UAC enabled and nothing ever happened. Did bi-annual malware scans with no results. The best antivirus/malware protection is smart internet usage.
Who would thought that guy hacked multiple times will disregard all security implications?
Turning off, UAC is safe only if you run windows as a non-administrator. That becomes a major pain because without UAC you also lose the ability to run something as another user, so you are stuck logging onto another account anything you need to install or update something. Long story short, just use UAC.
ah yes, just run everything on your desktop as root, what could go wrong
Windows defender being disabled is the primary reason I'd use something like this.
Also I've only considered using it in a VM specifically for running steam games I can't get working great with proton or stock wine. I still plan to at some point.
You won't be able to play games with anti-cheats. I prefer the concept of a shitbox over a sandbox. (I have a Windows PC isolated on my network that runs all my games and isn't logged into anything sensitive).
You can disable windows defender without custom OS though.
@@user-di5wj8is7iSo you run it remotely? Dunno, that kind of method still translates to additional latency. Can be crucial for competitive games.
@@axandraalex5869 No, I have a separate Windows machine.
Such a blunder to recommend this security nightmare to multi million audience, quite a lot of which are not tech-savvy
With UAC disabled everything will run with current user's privileges! If the user is not in Administrators group then the program won't get any Administrator's privileges. But even without UAC running software as Administrator with Defender disabled I personally daily driving my Windows PC with no issues for more than 10 years. So it depends on your user experience and your mileage may vary. I don't support the idea of disabling these features by default.
The issue is most people have 1 account and that account is the admin
Honestly? The security half-measures aren't even my real issue with this.
Without self-promoting one's own content, as someone who did use Ameliorated--the tweaks of which the Atlas tool is derived from--Windows becomes *dramatically* less functional when you take the cruft out of it! Most of the conveniences of Windows, aside from *basic* binary compatibility, gets stripped away since it's lacking many dependencies newer applications expect, no reasonable way to update the system (should you want to), and installing things like graphics drivers becomes a bigger PITA because of it. The experience was so clunky that I honestly believe moving to Linux is a MUCH better alternative to debloating Windows - either because the bloat will sneak its way back in through updates, or will be in a state where you can't really upgrade it anymore and will just be a bad time.
Hence why it's just easier to switch to Linux and make your stuff run on there - at least when things don't work, it's *expected* not to, and you can still receive updates and constantly improving compatibility. Obviously, actually switching is an ordeal unto itself, but half-measures like AME or Atlus don't cut it, and proves how the core of Windows is designed to rope you into Michaelsoft's way. Do anything beyond that like trying to take back functionality and control, it's a wilder west than actual Linux. Which is hilarious.
They pay their engineers to make sure of it
@@Juiceboxmakes I really don't want to attribute malice to what can adequately be described as stupidity, but something about Windows still rubs me the wrong way and has me reconsidering that...
I'm sure there's software engineers over at MS who feel passionate about their jobs, they strive to improve their own work. But then there's these other aspects of the way the system is designed that makes me think that Windows' breaking was intentional.
I don't like being cynical, but it's hard not to be.
The infamous "I use Arch btw" is hilarious
Another similar project by the name of ReviOS also exists. Probably, that also poses the same risks but it would have been great if you had mentioned it. Also, AME Wizard has a playbook of its own too.
By the way, great video. I was going to try AtlasOS. Now I won't. Thank you for the warning.
Yes. But ReviOS gives you the option to re enable mitigations
@@soulsearch7383 great
Thank you so much my i5-8400 is lacking behind but i don't wanna get atlas unless they add windows defender and UAC******
Thanks for pointing these things out. I had seen that video and was almost tempted to try out Atlas OS. I ultimately stopped because I am running windows 11 on my windows drive (with endevourOS on my other drive) and I didn't really want to go back to Windows 11. That being said I am glad I didn't without knowing that I would need to re-enable some things. I still want to keep an eye on this project, though, as I do like the idea of a faster, leaner version of windows. That being said I want to be able to use defender, have updates, and UAC, so maybe it's not right for me at the moment.
It sounds like Atlas OS is like running Windows 10 with Windows XP security.
wow no UAC is REALLY bad
1 important method is also to always delete all browsing history, cookies etc upon exit because never know when it caches malware files
That's not how that works....
It's definitely a case of "know what you're doing".
I've said for ages that if you want serious performance for gaming you gotta turn off all that security crap. Suitable for business PC? Hell no! Suitable for grandma? Hell no!
Suitable for a hacker/gamer? Hell yes!
Install your own anti-virus, backup your data, stay away from shady stuff.
did you just arch btw
They have recently released a big update for it which might help with some of these concerns. I run LTSC for Windows. Comes already debloated.
Been running atlas os for almost a year and been downloading a lot of stuff, no antivirus or anything, only things I use to protect my computer are my brain and the ublock extension, the fact is that if you're getting hacked seriously then windows defender isn't going to block everything anyway, really it's easier than you think to bypass it's checks. If it doesn't bypass windows defender it's gonna be do sketchy anyone with a little bit of brain will notice that and avoid downloading. I'm actually using an old core 2 quad CPU with an SSD and 8 gigs of ram and I'm running atlas os win 11 based (got it from their discord) and really smooth for what i use it for (internet browsing, Google colab, accessing my servers with RDP, and managing file downloads)
Someone is going to make a program that "fixes anticheat on Atlas" and people are going to be very sad when it doesn't work
This seems more like a LTT hate video than anything else. I've been running Windows since forever with UAC disabled and have had no issues whatsoever. UAC is perfectly safe to disable as long as you are not downloading unknown software or software from third-party sites... Similar to why an antivirus is not required as well.
@@Teivy yes fair enough, but it's unlikely a casual will proceed with actually installing Atlas OS
LLT are pushing more and more videos with less time to ensure video quality. This is even mentioned by LTT employees in recent video.
Yep, can't remember who it was but they were like "I wish we could slow down to polish things up"
LTT is great when talking about hardware but when it comes to software there are some giant mistakes
@@RadikAlice Its Anthony i believe
So I just installed this on a fresh install. The installer for Atlas OS has changed. They no longer recommend turning off defender, Windows Mitigation settings or updates in the installer. The default option is Keep them enabled by default. The Developer must be listening to feed back. So this video and the LTT video are now dated.
When I must run windows for whatever reason I want every "windows security feature" out of my way!
So Atlas OS seems to be perfect!
that "I use arch btw" moment xD
Thank you Brody for being sane voice on this topic. While I like to watch Linus Tech Tips they do really click bait the viewer. Just see Anthonys face when Linus says you dont need Linux. Anthony is an extremely smart individual who I think exposed the video. The way he installed the components and I can relate. You have a strict schedule so you blitz through the deployment and installation doing your best to evaluate the software within a limited time window. Why else would he not know these major security flaws. This guy is extremely tech savy. I can also see Microsoft not caring until this software gets very popular. When it does they will shut it down. Because it alters Windows. Theres a liable case right there. Also think about this from a Linux point of view. You might say its ok to remove some AppArmour components or to switch off SELinux or even remove some PAM modules. Yes you can do all of these at your own risk. Same applies to the removal of UAC and Windows defender. I hate both but without them you are leaving your machine totally exposed to all manner of viruses and Root Kits. Keep your old hardware by all means but follow the recommended standard setup on Windows or Linux baked in by the distro and you will be fine.