Author: Martin Brinkmann

When I was young, I studied German, History and English at Essen University in Germany. I worked in computer support for several years at the time to help other computer users when they ran into issues. Writing started out as a passion project, as I wanted to help more users and not just the ones that I handled in support. This lead to the founding of Ghacks Technology News in 2005. First, as a side-project, but shortly thereafter as a full-time project as the site's popularity exploded. I sold Ghacks to Softonic some years ago, but stayed on as Editor. You can still read my articles on the site. I do publish on Betanews as well. In recent years, I started to write and publish technology books, including my latest book "Windows 11 From Beginner to Advanced", which is available on Amazon. I'm also a freelance writer for the German publisher Gamestar. Chipp.in is my newest project. I want to use it to talk about my book projects, sell my books directly, and write about technology, as this is what interests me.

Control Optional Windows Updates with Group Policy

Posted on November 23, 2023November 23, 2023 by Martin Brinkmann

Optional Windows Updates fly under the radar on many Home systems. They come as different types. The most common is the monthly non-security preview update for Windows 10 and Windows 11.

There are other optional updates, e.g., bug fixes, other non-security updates and also improvements.

Up until recently, administrators had to search for optional updates manually on Windows to install them. This changed with the introduction of a new setting in Windows Updates.

Administrators who open Settings > Windows Update on Windows 11 see the “Get updates as soon as they’re available” option there. The same option is also available on Windows 10.

Windows Update Settings about optional updates

Microsoft explains on this Help page that the setting allows users to get “the latest non-security and feature updates as soon as they become available”. The caveat; Microsoft says that this only applies if the update becomes available for the device.

In other words: while it ensures that the update is installed when it becomes available, it still leaves it to Microsoft when that happens.

The following happens when the functionality is enabled in Settings. The device “will be among the first to get the latest non-security updates, fixes, improvements, and enhancements” says Microsoft. The setting does not affect security updates, which will still be pushed to devices, even if set to Off.

The “check for updates” button of Windows Updates also downloads and installs the most recent updates for the device.

The Group Policy gives administrators more control over the functionality.

Optional Windows Updates Group Policy configuration

Administrators may use the Enable Optional Updates policy to control the installation of these updates on managed devices.

Open the Start Menu, type gpedit.msc and select the Edit Group Policy from the results. This launches the program.
Navigate to Local Computer Policy > Computer Configuration > Administrative Templates >B Windows Components > Windows Update > Manage updates offered from Windows Update > Enable optional updates.
Set the policy to Enabled to configure the delivery of optional options. Set it to Disabled to turn off the optional updates delivery on the device.

A menu lists the three configuration options when Enabled is selected.

Automatically receive optional updates (including CFRs) — This installs the latest optional updates on the device. It includes Controlled Feature Rollouts and optional cumulative updates.
Automatically receive optional updates — Same as above, but without Controlled Feature Rollouts.
User scan select which optional updates to receive — The user is in control via Windows Updates in Settings.

Notes on optional updates and their delivery

At least some optional updates need to be considered beta. This is true for the optional non-security updates that Microsoft releases about two weeks before their inclusion in the regular cumulative updates for the operating system.

Most Windows users may want to skip the installation of optional updates, especially on production machines.

It is also a good idea to create backups regularly, not Windows Backup though, as it doesn’t include all data. Windows includes some restoration functionality, but it has failed for some users in the past.

Closing Words

Administrators may want to disable Optional Windows Updates on most managed devices to limit potential issues that could arise from the installation. Home users may also want to block these for the most part. There is still the option to activate the “check for updates” button, if you read about a new update that you want to install.

Now You: how do you handle optional updates?

There is more to security than Strong Passwords and 2FA

Posted on November 22, 2023November 22, 2023 by Martin Brinkmann

You may have heard it a thousand times already, but here it comes again: protecting accounts with strong and unique passwords, and using a second form of authentication is essential to security.

While the main focus seems to be on this recommendation, many guides fail to mention other essentials. One example: while strong passwords and 2FA keep attackers out, they won’t help you if you get locked out of an account.

What happens to your data if you get banned? What if your desktop computer, laptop or mobile device gets stolen?

There is more to security than strong passwords. This guide looks at these, often neglected, security options.

Encryption is key

Encryption protects data against unauthorized access. Encrypt data on all of your devices to make sure that it is protected. Encryption helps when devices are turned off. While it is still possible to create a dump of the storage device or try to brute force the encryption, this is a futile attempt if the password is strong.

Encryption is enabled automatically on Android and iOS devices when you pick a PIN. It is important to select a strong PIN, not the four-digit number that is convenient to type. Yes, that makes unlocking the device painful, but it is essential when it comes to protecting data on it.

On Windows, data gets encrypted, but only for Microsoft account users. While you may use Bitlocker on Pro, Education and Enterprise devices to protect the entire system, I recommend using a different encryption software. VeraCrypt is open source and can encrypt the system drive and any other storage device.

Recovery Codes

Recovery codes help you get back into accounts or devices if you forget your password or lose access to something else that you need to sign-in. This can be a Titan security key, a hardware key used for 2-step verification, or access to an email account.

The main idea behind recovery keys is to use them in emergency situations. You lose access to the dedicated two-factor authentication method and can’t sign-in to your account anymore. Setting up multiple methods helps against this, but you may also use recovery codes instead.

Recovery keys may be used to regain access to the account. Many online services that support two-factor authentication support recovery keys.

These are highlighted most of the time when you set up two-factor authentication for the account. It is a good idea to keep these codes secure, for instance as notes in your password manager.

Backups are essential

Backups are a burden as long as you don’t require them. They help you recover data that may not be accessible anymore. If a device breaks or gets stolen, when you forget your password or delete something accidentally.

Creating local backups regularly is an essential security precaution. Whether you keep all backups in one place or spread them is up to you. It depends on the device as well.

If data is important, you may want to store backups separate from the actual device.

Computer users may want to use external storage devices to create backups. These come in different shapes and form factors.

I recommend the free Paragon Backup & Recovery software for the task on Windows, but there are lots of other options available.

Android and iOS devices support backups to Google’s or Apple’s cloud infrastructure. You may also connect your device to your PC or Mac, and transfer important data, which often means images and videos, to the device.

Content Blockers

Content blockers prevent certain types of attacks. Extensions such as uBlock Origin don’t just block advertisement, they may also block known malware sites, improve your privacy online and much more.

Advertisement is used regularly for attacks. This can be as simple as placing an ad for a program download to lure users to a site where malware is offered.

Using content blockers protects you while you are browsing the Internet. You may want to disable the blocker for sites that you value though, as they rely on the revenue and may shut down otherwise.

Antivirus and Firewall

On PC, you need to make sure that you have a proper antivirus solution and firewall installed. Most Windows users may find Windows Defender adequate.

Advanced users may install third-party antivirus solutions, such as BitDefender Free, to protect their PCs.

No antivirus solution is perfect. Thousands of new threats emerge daily and while most users will never notice most of them, there is always the chance that one slips through defences.

Common sense is important as well. The best antivirus solution can’t protect you if you allow malware to run on your devices.

Firewalls, when properly configured, control incoming and outgoing traffic. They may block certain threats outright, by refusing connections.

Windows comes with its own firewall, which is fine for most use cases. Most advanced antivirus solutions come with firewalls.

How to set up a Titan Security Key to protect your Google account (and others)

Posted on November 21, 2023November 21, 2023 by Martin Brinkmann

Google launched an updated Titan Security Key last week. The new hardware key supports FIDO2, which means that it is compatible with a wide range of services. While you may use it exclusively for Google accounts, you can store up to 250 entries using it.

Titan Security Key works similarly to other hardware keys, including latest generation YubiKey products. Google promises state of the art encryption and protections. For users, it is an option to protect their accounts with two-factor authentication. You’d use the hardware key instead of an authenticator app or other means to provide the second form of authentication.

I bought a Titan Security Key of the latest generation last week to check it out. This guide includes step-by-step instructions to set up the hardware key to protect your Google account and others. It includes important information also, for instance, how you can protect yourself to avoid locking yourself out.

Did you know that Google plans to delete inactive Google accounts?

Setting up the Google Titan Security Key

The box includes the selected hardware key — there are two versions that have different USB ports, USB-A or USB-C, but are functional identical otherwise. It also includes a small getting started booklet, which simply tells you to go to this Google website to get started. There is also a bigger Safety & Warranty booklet that no one reads. The USB-A version includes an USB-C to USB-A adapter, the USB-C version of the hardware key none.

Protecting the Google account with the key is a simple process that requires the following steps:

Open this Google Security page in a modern browser, e.g., Firefox, Microsoft Edge, Google Chrome, Safari, Vivaldi, Opera or Brave.
- If you prefer to go there manually, open this Google Account Help page instead and click on “Enroll your security key” under Step 2.
A prompt asks you to keep the key disconnected from the device for now. Select the Next button to continue.
A set up request is displayed as a prompt. Select OK to continue the process.
Another prompt explains that Google will see the make and model of the security now if you continue. Select OK to proceed.
Connect the security key to the device when prompted to do so.
Type a name for the key on the “Security Key registered” page and select Done.

This is the entire process.

Word of Caution

The Security Key becomes the default two-factor authentication option. It is advisable to make sure that there is at least one additional option enabled. This can be an authenticator app, voice or text message, another security key, Google prompts or backup codes.

If you lose the Titan Security Key and don’t have another option enabled in the account, you will be locked out of the account.

Signing-in with the Hardware security key

The first sign-in step is exactly the same as before. You need to supply your Google email address and password to continue.

The 2-step verification prompt lists the email address. Make sure it is the right one. There is a menu to switch to another email address; useful if you set up more than one account.

Select Continue to authenticate using the Titan Security Key. You may also select “Try another way”, which you need to do if you don’t have the hardware key with out. The option “Don’t ask again on this device” should only be used on personal devices.

You are now asked to touch your security key. It contains a small area that reacts to touch. This acts as local confirmation to proceed.

You should now be logged-in to the account.

The same option is also available on mobile devices. Just connect the security key to the mobile device and follow the instructions to sign-in.

Non-Google accounts

Non-Google accounts can be saved to the key. It supports up to 250 keys, e.g. passkeys, that you may add. Numerous services and companies support passkeys already and more will follow in the coming years.

Generally speaking, all you need to do is open the 2-step verification preferences at the service and follow the instructions to protect the account using a hardware key.

Other useful resources

Here is a list of Google resources that you may find useful:

Passkeys Management – this page lists all devices linked to the Google Account. You can edit or remove them, and create new passkeys on the page.
Security Keys Management — similarly, this page lists all security keys associated with the Google account.
Support page with information about lost security keys.

Google’s key or third-party keys?

There are other keys besides Google’s. I already mentioned Yubico keys as an alternative, but there are many more. To name a few: Onlykey, Feitian, or Thetis. All support FIDO2 and offer similar functionality.

Trust plays a role, but so may other factors, including price or the built-in security. There is no clear answer to that question. If you use a Google account and want to protect it, there is nothing wrong with using a Titan Security Key to do so. Similarly, you may use other hardware keys for the same protections.

Now You: do you use hardware keys?

Is Google turning Chrome into its agent?

Posted on November 17, 2023November 17, 2023 by Martin Brinkmann

What would you do, if you were in control of the world’s most used search engine and web browser, and also the world’s largest advertising company? Would you keep things strictly separate, even if it would mean leaving billions of Dollar on the table?

Google’s control of advertising, to a large degree at least, and the Chrome web browser is a problem. The company has made several attempts in the past to push technologies that favor it through Google Chrome.

The oddly named Privacy Sandbox is just one attempt. Google uses the name to portrait an image of improvement for users of the Chrome browser. While not totally wrong, as it is a better system in some regards than the currently used third-party cookie tracking system, it is not the Holy Grail of privacy efforts Google portraits it as.

See, privacy sandbox is still about tracking. What sets it apart from cookie-based tracking are two things: first, that users are associated with interest groups instead of individual interests. Chrome looks at the browsing history and assigns groups to the user. Browse lots of car, sports or knitting sites? Chrome picks these as your interests and advertisers may use the information to display advertisement that falls into the groups.

Second, because it puts Google at the center of control of the feature. Google controls Chromium by and large, and also Chrome. If the system is baked into the browser, Google is in control. It can make adjustments and other changes, and everyone has to play ball to avoid being shut out entirely from the system.

Manifest V3

Privacy Sandbox is not the only attempt that mixes Google’s core interests, advertising, with the development of Internet browsers.

Manifest V3 is a new ruleset for extensions. Google had to postpone the release multiple times as protests sounded loud and clear throughout the Internet.

Apart from some technical issues, missing APIs and the like, Manifest V3 is clearly aimed at making content blockers and other privacy tools less useful. It would go too far to dive deep into technicalities, only this much.

Content blockers, such as uBlock Origin, reign freely under Manifest V2 rules. When they are active, they tell the browser what to do with certain requests. The browser then acts accordingly, for instance by blocking advertisement or allowing a video to play.

Under Manifest V3, that power moves to the browser. The browser controls the blocking and extensions may only make “declarations”. The extension would tell the browser to block or allow a certain element, and the browser would act accordingly.

Google’s explanation for this is improved privacy. Extensions are no longer able to access “potentially sensitive user data”, which in turn makes extensions safer to use.

The argument is flawed, as extensions still have access to the data. They may still use the old API, but only with read access. This means, that they can still access all the data, which in turn means that nothing is won or lost in regards to privacy.

Google announced this week that it will go forward with Manifest V3. Old extensions, those based on Manifest V2, will be disabled automatically for most Chrome users by mid-2024. Enterprise users may get a 1-year extension through a special policy.

Closing Words

There is a conflict of interest at work. Google depends on the advertising business and will go through great lengths to expand it and keep its dominance in the sector. To be fair, the vast majority of changes that are made to Chromium and Google Chrome have nothing to do with Google’s advertising business.

Still, some of the changes appear to favor the business over the interests of users of the browser.

It remains to be seen if the changes will lead to a mass exodus of Chrome users to other platforms. It is too early to tell, especially since the changes affect a sizeable but still relatively small part of the entire Chrome population.

Now You: do you use Google Chrome?

Microsoft confirms that the new Outlook may be transferring third-party logins

Posted on November 16, 2023November 16, 2023 by Martin Brinkmann

The new Outlook app by Microsoft will replace the apps Mail and Calendar on Windows, and the classic Outlook desktop app in the future. This app may transfer email login information to Microsoft Cloud servers, if users use IMAP or SMTP accounts. This happens only if the sync feature is enabled according to Microsoft.

Put plainly; email account logins and passwords are transferred to Microsoft if users set up third-party email accounts via SMTP or IMAP in Outlook and if syncing is enabled.

Microsoft’s statement

Microsoft explained in a statement to Heise Online that the synchronization of emails delivers a consistent user experience for all accounts added in Microsoft Outlook. One such feature is the ability to mark emails as read or unread.

Users of Outlook are informed about the features in a support article. What Microsoft fails to mention to Heise and also in the support article is that it is transferring and storing login information when sync is enabled.

Microsoft confirmed that it is storing access data of IMAP providers that use the BasicAuth method in encrypted form in the user’s mailbox. Basic Authentication is a method that HTTP user agents use to provide username and password when requests are made. It is considered insecure, but still widely used.

This means, nevertheless, that Microsoft is storing the login information using encryption for these type of accounts.

Email providers that use newer standards, OAuth for instance, are handled different. Login information of providers like Gmail or Yahoo Mail are not stored by Microsoft. Microsoft has no access to the password of the account according to the statement.

The OAuth token used for authentication is only accessible by the user and the Microsoft service that communicates with the target servers.

While Microsoft may not have access to the account password, it still owns the infrastructure that has access to the OAuth token. Heise comes to the same conclusion. Microsoft has access to authentication data that it can use, and uses, to access email accounts.

Microsoft’s Syncing notification

Microsoft informs users of Outlook about the synchronization functionality, but the notification does not reveal that access data is transferred when sync is enabled and certain email accounts are added.

Outlook users need to enable the synchronization before it becomes available. Each third-party account added in the Outlook app can be synchronized or not. Microsoft says that users need to accept the syncing with the Microsoft Cloud each time a third-party account is added.

Still, there is no clear information that account data is transferred to Microsoft when users enable the synchronization.

Microsoft states furthermore that it stores the account data for as long as the email client is used actively by the user. The Account Lifecycle Process determines when inactive account data is deleted.

Outlook users may delete the data when they delete their account and select the option to remove the data from all devices.

Closing Words

The new Outlook app is a work in progress and most users may want to stay away from it at least for now. It needs to mature and the fact that Microsoft is gaining access to account access data, at least in theory, is the icing on the cake.

Alternatives like the open source Thunderbird email client respect user data and are without doubt the better option, at least for now.

Microsoft released the Moment 4 update for Windows 11 again?

Posted on November 15, 2023November 15, 2023 by Martin Brinkmann

Microsoft released security updates for all supported client versions of Windows yesterday. Only three non-Enterprise versions are supported right now: Windows 10 version 22H2, Windows 11 version 22H2 and the new Windows 11 version 23H2.

A quick check of KB5032190, the update for both Windows 11 versions, reveals, that it includes the Moment 4 features. Microsoft lists Copilot, Windows Spotlight, security and graphics changes on the support page.

If you follow releases of Microsoft updates, you may wonder why Microsoft highlights the update again here. Did not Microsoft release the Moment 4 update already in October 2023?

The chronology of the Moment 4 update for Windows 11

Microsoft announced in September 2023 that it would launch the Moment 4 update for Windows 11 on September 26, 2023. This was the first release of the update for the operating system.

At the time, it was part of the September 2023 preview update for Windows 11. Only users who installed the update manually or configured their devices to install optional updates automatically received it at the time.

Then came the October 2023 Patch Day update. Microsoft used the cumulative update for Windows 11 to deliver the Moment 4 update to Windows 11 devices.

The release of the preview update of the November 2023 security update included the Moment 4 update again.

Yesterday’s release of the November 2023 update for Windows 11 listed the features of the Moment 4 update again on the release notes page.

One has to wonder why the update is highlighted this often by Microsoft.

An explanation attempt

Microsoft did not post a news article or comment on this specifically. Clearly, most would have expected two announcements about the Moment 4 update integration in Windows 11.

First about the integration of the update in the preview update for the operating system, and second about the full integration for all users.

The repeat performance is puzzling. Martin Geuß over at the German site Dr. Windows suggests that it has something to do with Microsoft’s staged rollout approach to updates.

Many features are not enabled for all users at the same time. Microsoft controls features on the server side. It is an explanation that makes sense. Microsoft did not enable Moment 4 on all devices when it released the update in October 2023.

We don’t even know if the November 2023 announcement is the final one for the update.

This topic may not be of interest to average users of Windows. They don’t follow Microsoft announcements or have an interest in updates most of the time, unless they go wrong.

Users and admins interested in new features and when these features are introduced on their devices are, however. Many want to play around with features early or know exactly when something becomes available.

Microsoft’s recent approach to staged rollouts of features makes this nearly impossible.

Now You: what is your take on this development?

Windows 11’s Archive extraction and creation feature is useful, but slow

Posted on November 14, 2023November 14, 2023 by Martin Brinkmann

Microsoft added support for creating and extracting ZIP archives into its Windows operating system. The Moment 4 update and the Windows 11 version 23H2 update introduced support for extracting additional formats, including RAR, TAR and 7Z.

The archive functionality is certainly a useful feature. Right-click on an archive and select the extract option to decompress it right away. Third-party tools are no longer required.

You may also right-click on files to create ZIP archives out of the selection. It is a handy feature, especially for users who encounter ZIP only occasionally.

Experienced users may have noticed that the implementation is basic. It lacks support for advanced features, especially on the creation side. You can’t create password protected archives, change the compression level or add comments to archives. All of this continues to require dedicated archive apps such as WinRAR, 7-Zip or PeaZip.

A comparison of the time that it takes to extract archives shows, furthermore, that the built-in feature is slower in most cases.

Windows 11: native archive extraction tests

I ran several benchmarking tests to find out if Windows 11’s native archive extraction feature is slower than that of third-party apps.

I ran all extraction jobs 5 times and used the average for the comparison. The first file was an 18.6 gigabyte ZIP archive with 1205 files.

It took Windows 11’s native feature an average of 6.28 minutes to extract the contents of the file on a 2019 idle PC.

WinRAR, which focuses primarily on its own format RAR, extracted the archive on average in 3.51 minutes, which is is more than a third faster.

The open source tool 7-Zip extracted the archive’s content on average in 3.15 minutes, which is almost half the time it took Windows 11’s native implementation to extract the archive.

What about the extraction of RAR archives? I used WinRAR to create a RAR archive out of the extracted ZIP archive and ran the same test again to see how the performance is. The RAR archive had a size of 18.8 GB and the same number of included files.

It took Windows 11’s native RAR extraction feature an average of 5.39 minutes to extract the archive to the system.

WinRAR extracted the same RAR archive in 2.54 minutes on average. 7-Zip was just a few seconds slower, as it took an average of 3.05 minutes to decompress the RAR archive.

Windows 11: compressing ZIP archives comparison

Current stable versions of Windows 11 support the creation of ZIP archives only. This changes in the future.

This time, I picked a a folder with 5307 files and a total size of 2.41 gigabytes . The native ZIP creation feature of Windows 11 created the ZIP archive in 2.29 minutes on average. WinRAR managed to create the archive in 1.28 minutes. 7-Zip flew through the creation of the archive. It took an average of 45 seconds to create it. Both apps have a different native format.

Closing Words

The native integration of support for extracting archive formats and creating some archives is a useful addition to Windows. While that is the case, it is clear that the implementation is not up-to-par with dedicated software.

Users who extract or create archives regularly may want to use third-party solutions for that. It is likely that most of them are faster than the native implementation.

Now You: do you use third-party software to create and extract archives?

Don’t worry too much about Google deleting inactive accounts

Posted on November 13, 2023November 13, 2023 by Martin Brinkmann

Google announced an update to storage policies in November 2020. Back then, the company informed users that it changed which files count against a user’s storage quota.

The change affects high quality photos uploaded to Google Photos and also new Google Docs, Sheets, Slides, Drawings, Forms or Jamboard files. One of these services, Jamboard, a whiteboarding app, has been shut down in the meantime.

A help page on Google’s support website lists data that counts against a user’s quota. Apart from what is listed above, this also includes the following:

Meet call recordings.
Files in Google Drive.
Gmail messages and attachments.
Original quality photos and videos backed up to Google Photos.

Users may experience issues when they are over quota. Broken down, it limits the ability to save new files to the cloud storage in many Google products.

Inactive Google accounts

In the same update, Google announced new policies for inactive accounts and accounts that are over the limit.

Accounts inactive for 24 months may have content deleted in the aforementioned services. Google explicitly refers to “product(s) in which you’re inactive”.

The wording is confusing, as users may interpret it as having to use all of these services at least once in a 2 year period to avoid having their data deleted.

This appears to not be the case. Google suggests to “periodically visit Gmail, Drive or Photos on the web or mobile, while signed in and connected to the internet” to avoid the banhammer.

Google reassures users that it will notify users multiple times by email and notifications prior to deleting content or deleting the entire account.

Accounts that exceed their storage quota for a 2 year period also risk deletion, according to Google.

Most accounts are safe

Some news outlet painted the new policy in dramatic terms. While it is true that Google may delete inactive accounts, it is relatively easy to do something about it.

One could argue that users who have not used their account for 2 years may not hold it in high value and that most may not mind the deletion.

In any event, here is what I recommend:

If you store valuable files or emails in your Google account, create a backup.-You can use Google’s Takeout service to export the data. Another option is to save files locally or use a local email client, e.g., Thunderbird, to synchronize the emails.
To make sure the account is not deleted, sign-in to one of the supported Google products at least once every 24 months.

Closing Words

Google is not the only company that threatens to delete inactive accounts. Microsoft, for example, has similar policies in place. Microsoft users who have not signed-in to their account in a 2 year period may have their accounts deleted as well.

O&O AppBuster: uninstall locked Windows apps

Posted on November 12, 2023November 12, 2023 by Martin Brinkmann

O&O AppBuster is a free application by O&O Software GMBH. The program enables Windows 10 and 11 users to uninstall apps that Microsoft does not want users to remove from the system.

While some apps are critical components of Windows, the same can’t be said for all locked apps. Apps like Photos, Phone Link, Game Bar or Tips can’t be uninstalled from the Settings app.

PowerShell has long been the primary option to remove locked apps on Windows 10 and 11. It is a great option for system administrators and experienced users. You may check out my guide on uninstall the Photos app on Windows 11 as an example.

Regular Windows users may not feel comfortable enough running commands from PowerShell.

O&O AppBuster comes to the rescue. It has an easy-to-use interface to remove locked apps. Other features include mass removal of apps, including third-party apps, and more.

Tip: check out our review of O&O ShutUp10++ as well. This free program may improve your privacy.

O&O AppBuster: an overview

You can run the application right after the download. An installation is not required. The application has a clean interface that lists all installed apps and programs immediately.

The program lists all applications with their name and publisher, installation date, status, storage and also the number of users it is available for. A click on a column header at the top allows users to sort the list accordingly.

This is a handy option to sort by installation date or storage.

The Desktop and Windows tabs at the top lead to filtered listings:

Desktop lists all user-installed programs.
Windows lists all native apps and Store-installed apps.

A search allows users to find specific apps next to these. The search matches the name and publisher, which is an excellent option to quickly find multiple apps.

Using the program to remove Windows apps

One of the main applications of O&O AppBuster is the removal of native Windows apps. While Microsoft is making progress in this regard, by unlocking more apps for removal, it continues to lock some.

It is a welcome change of course, but slow-paced and not complete. O&O AppBuster supports other features that make it a good choice. First, by supporting mass uninstalls. Second, through an optional safety feature that relies on System Restore.

Here are the required steps to remove native Windows apps:

Select Actions > Create a System Restore point to create a restore option.
Pick “yes” when asked whether you want to create a system restore point.
Switch to the Windows tab in the program interface.
Check any of the apps that you want to remove.
Activate the “Remove” button once done.
O&O AppBuster displays a prompt immediately afterwards with three options:
- Current user — removes the app(s) only for the logged in user
- All users — removes the app(s) for all users that exist consequently.
- Computer — removes the apps from the entire machine.
Select yes after you have made the selection.
At this instant, O&O may display a prompt to create a system restore point. This happens only if you have not created one previously.
Select Close to complete the removal.

Other features of O&O AppBuster

The program supports a number of other features furthermore. While the main focus is on the removal of Windows apps, it may also be used for other purposes.

You can use it to uninstall Win32 programs. This works a bit differently as the default uninstaller is spawned each time.

You need to be careful here, as some installers may prompt for a reboot.

Mass removal of apps and programs is a useful feature of the program. Just select all of them and hit the remove action afterwards.

Closing Words

O&O AppBuster is a useful program for Windows. It offers an elegant option to remove system apps from Windows as well as regular desktop programs.

Integration of System Restore ensures that you can go back to a previous state. Mass uninstalls is another useful feature, as it speeds up the process significantly.

Now You: do you keep or remove native Windows apps on your devices?

How to make files unrecoverable on decommissioned hard drives

Posted on November 11, 2023November 11, 2023 by Martin Brinkmann

Hard drives may become obsolete from time to time. Maybe your are switching to a new PC or replaced a hard drive with a new one. You may also sell a PC or laptop, or hand it over to someone else.

Data on hard drives may be recoverable, even if you format the hard drive. Windows suggests quick format by default. While that is super speedy, it also leaves the files untouched on the hard drive. Anyone with the right tools may recover the files. Files may contain sensitive information. They may range from personal photos and videos to bank account statements, emails, receipts, letters or your browsing history.

You may want to protect the files in most cases. The best option is to never give away hard drives or other storage devices. This may not be viable in many cases, though.

A full format may work in some cases, but there is an even better option. One that ensures that data can’t be recovered, even with professional tools.

This solution relies on encryption.

The process

The main idea is to encrypt the entire hard drive to protect all data. You’d then run a second full encrypt on the drive afterwards to prevent brute force attacks.

Here is what you need:

VeraCrypt, an open source encryption software.

You may also use other encryption tools if you prefer those. Note that the following steps apply to any drive that is not the system drive (the drive with the operating system).

Make sure the hard drive is connected to the PC. Here are the required steps:

Start VeraCrypt.
Select Volumes > Create New Volume from the menu at the top.
Pick Encrypt a non-system partition/drive and select Next.
Confirm the UAC prompt on Windows.
Keep “Standard VeraCrypt volume” selected and activate the Next button again.
Activate “select device” and pick the drive that you want to erase all data on and protect. Select Next afterwards.
Keep “Create encrypted volume and format it” and select Next on the next screen,
Pick an algorithm, any will do, and select Next. Tip: you may run a quick benchmark to find out which runs well on the device.
Select Next on the Volume Size screen.
Type a secure password. You don’t have to remember it. Use copy and paste if you like.
Check the “use PIM” option to add even better protection.
Select the Next button.
Type a PIM. The default value is 485. Selecting any other number makes recovery attempts difficult. Select Next to continue.
If the PIM is larger, confirm the message with OK.
Move the mouse around in the window to create randomness. Select Next once the status is green.
Confirm that all data on the selected drive will be erased with a click on the Yes button.
Wait for the process to finish.

Note that full formats may take a while to complete. It depends largely on the speed of the drive. The following screenshot was taken from a full format of an external hard drive.

Now repeat the entire process. You can change the format type from Full Format to Quick Format under Volume Format to speed up the process.

Protecting data on an entire PC / laptop

The process is somewhat different if you plan to sell or hand over an entire PC. This requires a system encryption, which VeraCrypt supports.

The process is nearly identical. Here are the main differences:

Select System > Encrypt System Partition / Drive in VeraCrypt.
The process of encrypting the system drive is identical, with one notable exception:
- VeraCrypt wants to run a test to make sure that the operating system boots fine after the drive has been encrypted.
Once you have encrypted the system partition with a strong password and PIM, initiate a reset of the system if you use Windows.
- In Windows 11, go to Settings > System > Recovery > Reset this PC > Reset PC.
- Follow the instructions. Make sure you select to keep no files or other data.

Resetting is important, as it ensures that Windows can be booted. That is all to the process.