Hacker News new | past | comments | ask | show | jobs | submit login
Deleting System32\curl.exe (haxx.se)
280 points by dmarby on April 24, 2023 | hide | past | favorite | 128 comments



Vodaphone blocks this site for being “18+ content”, I guess because of “hacking” or something? There’s no explanation or option to report a false positive and they want you to put in credit card details to confirm your age to unlock it

(I don’t need tips to get around this or anything, I can just connect to another network or use a VPN)



So it's been "on review" for more than a year now?! So the filter is basically unidirectional since they apparently don't care about false positives. I wonder who else uses that filter database provider


Oh, and Microsoft includes that adult software in their operating system. Can someone report to Vodafone that all Windows PCs must be blocked because they run adult content. Except for those who have deleted curl.exe of course...



Two xx's. That's almost as bad as three, and surely heuristically naughty.


"heuristically naughty" may be my new favorite phrase.


I once (early 2000's, comparison shopping) used a heuristic that any video with a volume # greater than 7 was probably porn.

Doesn't work as well today, but there were surprisingly few false positives at the time.


It could also be to do with the word “hack” because https://hackmii.com/ is blocked too


Good thing there is no shake shack in the UK.


And yet there is a town called Scunthorpe - I wonder if the inhabitants have trouble getting things delivered?



At one time, a lot of email spam filters would barf on that town's name.



Probably the xx in the domain.

In the UK where 20% of the internet is blocked – it's surprising you haven't experienced this before. Call your service provider and tell them you want access to adult material.


> In the UK where 20% of the internet is blocked

This sounds like an extreme over-estimate. Some ISP's, mostly mobile ones, default to blocking "adult material" unless you tell them to turn that off. Some of the larger ISPs are under court order to block some specific other content (Pirate Bay in particular; my old ISP was one of them, my current ISP happily lets me access it, not that I've ever done so other than to see if it's blocked).

Most ISPs block at most a tiny set of sites and personally in 23 years of using UK ISPs I've never "organically" run into those blocks (as in, no site I actually had any interest in accessing has been blocked; I've only seen them when checking whether people were right that a specific site was blocked). And yes, that includes visiting sites with "adult material" without running into any blocks.

I do have a VPN, so it'd take me as long to bypass as it takes me to press one button in my browser address bar, but I only need that to evade IP region/country blocks - never needed it to get around UK filtering.


> Probably the xx in the domain.

According to the `considered-18` post linked by a sibling comment:

> It shows that this filter is for this specific host name only [daniel.haxx.se], not for the entire haxx.se domain.

So, even more of a WTF.


Someone probably saw daniel, ha, xxx interpreted it "It's me Daniel, ha, this is my porn collection" and flagged it.


Try this one: https://www.xxxlutz.at/ (don't worry, it's an Austrian furniture chain).


That’s not blocked


Wait, but the site in the article isn’t either any more?


> In the UK where 20% of the internet is blocked

That’s not true. I’ve experienced this once before that I can remember, on https://hackmii.com/ and it doesn’t happen on my home network except on actual scam sites which isn’t a government thing but an ISP feature that can probably be turned off. This is a Vodaphone thing, not a UK thing.

I don’t care that much about this specific site, I guess I just want to complain that they don’t have a way to report false positives which maybe isn’t the best reason to post a comment on an unrelated article but still


> Call your service provider and tell them you want access to adult material.

That must be one awkward call.


They overblock, probably intentionally, so it's easy to find a "legit" reason to unblock. It was something really banal for me - I think they'd blocked a furniture site or something.


Accessing adult material is a legit reason to unblock.


Buying furniture is a very adult proposition.


Why? They already know a large number of people watch porn.


We pretend no one does, though.


he says in the article they only block "daniel.haxx.se", not other subdomains


My ISP in the UK does not block anything.

Even on those that do, 20% seems rather high??


Obligatory oi/porn license.


You can't just disable this 'feature' from Vodafone? I'm in the UK and my ISP doesn't do this.

I'm not sure why you would want your ISP interfering with your traffic like this. To me, it seems like a dealbreaker.


> "You can't just disable this 'feature' from Vodafone? I'm in the UK and my ISP doesn't do this."

Yes, you can disable it quite easily. Usually by entering a credit card number in their app or website to prove you're 18, or alternatively by contacting their customer service chat.

But of course, only pervs who want to access porn would do that, right?

In my experience it's a good idea to disable it regardless, it as there are often a lot of "false positives", and the filtering can sometimes cause performance problems. (Unless you've got kids and really do want to block porn, but eventually they're gong to discover VPNs...)


> But of course, only pervs who want to access porn would do that, right?

No? Why would you say this? I disabled this back with my old carrier and it was pretty painless - I don't recall there being any stigma attatched to turning off the filters. I've since moved carriers and I don't remember having to disable filters - maybe I did or maybe something about signing up turned it off?


I'm on EE PAYG. I have to go in to a store and show them my ID if I wish to remove content protection. I can't even visit webarchive pages with it enabled.

Painless based on provider, otherwise what described above is a pain.


All I can tell you is the experience I had, which I don't remember to be a pain.


> But of course, only pervs who want to access porn would do that, right?

Are people actually afraid of some stranger call-center worker silently judging them, but not even saying anything out-loud about it because the call is recorded and they'd be fired if they tried to actually shame you?


Can you make a contract with an ISP in the UK when you are under 18?


You presumably can't get a contract if you're under 18 because that would usually mean a credit check. But you can certainly get an account, on PAYG or pre-paid monthly direct debit that is not subject to contract. Some providers have "UK residents 18+ only" in their terms but others do not.


All UK ISPs do. It's very annoying trying to access sci-hub


No, they don't all do that. Those kind of blocks are mostly confined to a handful of the larger ISPs, and especially the mobile providers. I've yet to manage to find something my current ISP blocks, for example. Might well be they block something, but none of the "usual suspects" that I'm willing to test (e.g. Pirate Bay, Sci Hub)


All of the major ISPs and mobile networks do.

The UK government threatened to make it a legal requirement that all internet connections have filters for adult content on by default.

The major ISPs and mobile networks voluntarily put filtering in place by default to avoid the regulation.

The filters can usually be removed quite easily.

While there are some smaller ISPs that don't put filtering in place, they account for something like < 10% of the market.


>All UK ISPs do.

Not all of them. I’m on Zen, no filters as far as I’m aware, sci-hub works fine. Libgen is fine. Torrent sites that the ‘main’ ISPs block come up just fine, too.

Edit: some of the ISPs that do seem to land on this URL (note http) –

http://www.ukispcourtorders.co.uk

whois shows BT (large ISP and telco) as the owner.


Andrews and Arnold doesn't do any filtering.


I can if I put in bank card details to confirm my age but it would be better if this didn’t happen in the first place unless there’s actually something 18+ on the site


Wow. I’ve never seen this class of ISP censorship. Is this some sort of government mandated system or has Vodaphone taken it upon themselves to do this?


The UK government told ISPs to put the filtering in place voluntarily, or else the government would make a law requiring it.

All of the major ISPs and mobile networks now do it on a voluntary basis.


It's pretty amazing that executive branch can enforce not just unimplemented but even undrafted laws.


> There’s no explanation or option to report a false positive and they want you to put in credit card details to confirm your age to unlock it

Are we even sure this is vodaphone? This sounds so much like a scam pop up ad.


Yes, it’s definitely Vodaphone, they want you to go to their settings page to do it and it’s not a pop up


>(I don’t need tips to get around this or anything, I can just connect to another network or use a VPN)

A better solution would be to tell Vodafone to switch off the censorship on your service.


The best solution would be the remove whatever stupid law allowed for that kind of censorship in the first place. As a bonus, if the UK puts up a better fight against this stuff it'll make it harder for it spread. Any nation where people have a vote should be strongly rejecting that crap.


Apparently, judging from the sibling comments, such law doesn't even exist: the UK government "advised" the ISPs to "voluntarily" adopt such censorship on their own, or else the government would actually bother to draft and pass such a law.


I'm happy for an ISP to be allowed to carry out as much censorship as it wants, provided it makes that known. They definitely shouldn't be forced to, though — in the general case — and I don't think anyone's demonstrated that they have been so in this case.


> I'm happy for an ISP to be allowed to carry out as much censorship as it wants, provided it makes that known.

Knowing about it won't help you if every ISP option you have is doing the same thing.

Where I live, we have laws that prevent people from interfering with the mail. If I send a letter to someone, once it's accepted the mail carriers can't generally withhold it and make demands before they deliver it or open my letter and remove or change whatever words/pages they feel like before completing delivery.

I think the internet should be treated the same. Beyond some basic QOS ISPs should be dumb pipes and be mostly forbidden from messing with things you send/receive over the connection.


I think there's a reasonable need for an ISP to act as a censor, if that's what its customers require. Hopefully, enough people want a censorship-free experience that every provider becoming a censor is unlikely to happen.

If your mail service had a "make sure mail from known pornographers doesn't get delivered to my house" option, and you had kids at home, you might well opt for it.


If someone wants to block certain sites there are client-based solutions that people can set up themselves and proxies they can use if they really want to depend on someone else to decide what they should be allowed to see. There's no need for it at the ISP level. At the very least it should be opt in, but something you have to ask to have removed.


I think this is a reasonable thing for Vodaphone to do, they just need a way to report false positives


The site seems to not be blocked any more, did someone contact them about it or something?

I would have edited this in to my original comment but it won’t let me any more


I always turn the filters off, prior to that I couldn't even visit the Ubuntu forums.


CMD > run as admin > enter "sfc /scannow" without quotes then update should work again.

Next time anyone runs into a similar problem you might just want to zip the file before deleting it put a password if you AV still reports it. Or just get rid of your AV software it clearly su*ks if it reports legit system files.


The article doesn't mention an AV software, but a vulnerability assessment solution. Its purpose is to report known vulnerabilities and it would suck, if it did not report known vulnerabilities in system files out of fear of a downstream PEBKAC.


One of the very few times 'sfc /scannow' actually fixes something...


And after that "DISM /Online /Cleanup-Image /RestoreHealth" to make sure everything is fine and dandy.


Actually the reverse.

Run DISM first, then SFC.

https://support.microsoft.com/en-us/topic/use-the-system-fil...

If you are running Windows 10, Windows 8.1 or Windows 8, first run the inbox Deployment Image Servicing and Management (DISM) tool prior to running the System File Checker. (If you are running Windows 7 or Windows Vista, skip to Step 3.)


I'm of the opinion that answers.microsoft.com exists only to mislead and confuse people so they stop reporting issues. I have NEVER seen an actual answer on there, and have never seen an answer that wasn't just copy/pasted by a stranger from an irrelevant Microsoft knowledgebase article.

It gets top SEO billing, and seems to be entirely unmoderated, or at least moderated by people who don't know anything about Windows. It's less informative than Quora. All this does is take all the air out of the room for an actual information source about Windows problems, and it's clearly ignored by Microsoft internal teams.

Creating a "Support Forum" for your brand that never offers actual support should be fraud.


People who delete system binaries due to whacky CVEs deserve a broken system.

I don't even know who else to blame for this.


> I don't even know who else to blame for this.

The people who told them that deleting system binaries would fix their problems?

> I have been pointed to responses on the Microsoft site answers.microsoft.com done by “helpful volunteers” that specifically recommend removing the curl.exe executable as a fix.

Don't trust strangers on the internet with advice you don't understand the implications of. Even if they are sincere and mean well, they can still be wrong.


The problem here is that if they understand the implications they probably would not be on awnsers.microsoft.com in the first place


But that's the problem, the people doing this do not understand what curl is/does so want it gone because its got a CVE and some outlet somewhere has said its worse than what it is.

if that's the case we should just delete the entire OS as there are vulns all over it.


> The people who told them that deleting system binaries would fix their problems?

If you are responsible for the security posture and compliance in your organization, reading and acting on security assessments, and yet you do random changes based on random comments on forums, you deserve the blame.

I don't think we're not talking about individual end-users here. Those do not scan their systems for CVEs and do not have a requirement to get to 0 alerts.


> If you are responsible for the security posture and compliance in your organization, reading and acting on security assessments, and yet you do random changes based on random comments on forums, you deserve the blame.

It's not as easy. Of course experienced sysadmins know it's bullshit. The problem is that cybersecurity insurance policies require "immediate action" on alerts and no one, even assuming a competent CTO, wants to be stuck with the bill should a security incident arise and the insurance say "audit says no of your machines had mitigated issue xyz, claim denied". Deleting a flagged binary is evidence of mitigation.

The amount of utter bullshit, not to mention the literal spyware that is insurance-compliant antivirus solutions, that insurances force clients to comply with is insane.

The core problem is that insurances don't have the time to actually do deep dives to check if their clients have decent or no IT security. Hell, I'd wager everyone here knows of "that one server that never got updates, was in no inventory or whatever, and once the last disk failed suddenly everything else came crashing down". And so, insurances go with a 12 pound hammer to which everything is a nail, as it is the best way for them to be able to underwrite policies with the insane amount of coverage that GDPR and friends expose the clients to.


Agreed! And when people like that go to random forums asking for solutions to fix that CVE now, and are told to just override it with latest curl, that is the optimal solution given their (bullshit) constraints and I wouldn't blame the random forums.


> I don't think we're not talking about individual end-users here.

Are you sure about that? From TFA:

> Lots of Windows users everywhere runs security scanners on their systems with regular intervals in order to verify that their systems are fine. At some point after December 21, 2022, some of these scanners started to detect installations of curl that included the above mentioned CVE. Nessus apparently started this on February 23.

> This is not helpful.

> Lots of Windows users everywhere then started to panic when these security applications warned them about their vulnerable curl.exe.

That sounded like it included individual end-users to me.

Anectodally, I know a few Windows users who don't trust Microsoft to do security well, but can't bring themselves to move off Windows for whatever reason, so run 3rd party AV and security tools to help protect themselves.


The compliance madness I can understand, but for an individual with no legal or management-mandated constraints...

Either you're security-conscious or you do random changes based on anonymous forum posts, I just don't really see an overlap.

In any case, I don't think it's fair to blame the forums for giving you the solution given your whacky requirements.


> Either you're security-conscious or you do random changes based on anonymous forum posts, I just don't really see an overlap.

I think there's going to be a not-totally-insignificant minority of people out there who are both worried about security, but just don't have great technical knowledge. (They sometimes show up on r/privacy if you need convincing they even exist.) Even if it's a really small percentage of users, given how large the Windows install base is, that's still going to be a fair amount of people looking for any kind of fix for the "problem" that their security scanner has warned them about.


I'm guessing a common sequence is someone knowing what curl is, but not knowing that Windows ships with it. So, thinking that System32\curl.exe must have been put there by malware, or put there by someone installing optional software.


Microsoft should have renamed it to WINDLHLP.COM or something Windowsy like that, and none of these people would have dared touch it.


I noticed that "curl" in PowerShell is an alias, so you would have to deliberately say "curl.exe" to get System32\curl.exe

  C:\> alias curl

  CommandType     Name                                               Version    
  Source
  -----------     ----                                               -------    ------
  Alias           curl -> Invoke-WebRequest


That is for Windows Powershell, not Powershell (and yes Windows Powershell is different from PowerShell [1])

curl > curl.exe > C:\Windows\System32\curl.exe

[1] https://learn.microsoft.com/en-us/powershell/scripting/whats...


This is so Microsoft


Yeah they did the same thing with wget. Just absolutely bonkers


That's not the case in the latest versions of powershell.


There are people responsible for the security of Windows systems in some organisations that do not understand their job. They look into their AV solution and it says vulnerable file detected on $x systems and they instruct their IT department to remove the file.


Indeed. Whole companies such as Crowdstrike exist just to sit in between automated tools and heavy-handed action based on tool output.


Ive been actually impressed by Crowdstrike product (I guess)

Ive tested a two or three years old Chrome version with JIT compiler vulnerability and guess what - on empty Linux vm it managed to escape chrome and execute code

Meanwhile on Windows with Crowdstrike Chrome just showed some error message about mem. access

Im not sure who handled that attack - was it Windows or Crowdstrike, but eitherway Ive been impressed


The UK government.

This is a quote from the Cyber Essentials requirements (https://www.ncsc.gov.uk/files/Cyber-Essentials-Requirements-...):

""" The Applicant must be active in its management of computers and network devices. It must routinely

...

remove or disable unnecessary software (including applications, system utilities and network services) """

So, based on the quote above, curl.exe must be removed if it is not used, no matter whether it is vulnerable or not (yes I know it is a misreading, but it's frightening that the most literal interpretation is a misreading).


As mentioned in the article:

>Many Windows users are even contractually “forced” to fix (all) such security warnings within a certain time period or risk bad consequences and penalties.

So the blame would be on managers who think checking boxes is how every single job works.


Many times those managers are not responsible for the contractual obligation either. It's one of those comedy of errors type situations where no one single group is fully responsible but put all the decisions together and bad things result.


> I don't even know who else to blame for this.

Microsoft. It's their binary shipped in their system, and their customers are being directed to break their own systems. It's on them to remediate the situation.


But Microsoft are not advising them to remove curl AFAIK, in that case Microsoft should fix every issue ever within Windows, even if its self inflicted.

End of the day this as Daniel says is scare mongering by others who don't know what they are doing.

The phrase, if someone told you to jump off a cliff, would you?, and, Your scientists were so preoccupied with whether or not they could, they didn't stop to think if they should...


Not really. They aren't the ones directing customers to break their systems. They could ban anti-virus software and get slammed for being anti-competitive I suppose. Or they could try to track down all the vendors who are being stupid and ask them to please stop but that probably won't remediate it. They don't have a lot of moves here nor does the curl project.


Their platform (Windows) is getting a bad reputation due to the problem they neglected to fix (shipping a "vulnerable" curl, informing users when the old curl was getting flagged). They could pass the buck but it's just going to be bad for them later when users think Windows itself has security vulns and breaks itself when the users do what they're told to do by vendors. If they don't want the bad rep, they need to be proactive and work with vendors and better inform customers. If I was the CEO I'd do something about it.


How do I know which CVE is wacky and which isn't? Do we need another database for actually-real-CVEs?


The last couple of CVEs I was forced to address were in docker images based on alpine or debian, in which the some library version on the system was hit with a High or Critical level CVE. But in reality the ability to exploit the vulnerability required being able to execute a particular program on the running system. The levels of exploit required to even get to being able to exploit this vulnerability in the context I was required to mitigate it meant that in reality, your systems have already been compromised even before this can be exploited.

CVE numbers have exploded while their quality has declined partly due to things like company and project bug bounties, where individuals get bonuses internally for submitting CVEs that get an ID. There's a virtual army of people doing nothing but looking for subtle ways to exploit key tools just to be able to earn a bonus. Some bigger projects, like the linux kernel, dispute some CVEs (e.g. CVE-2023-23005) because they are b.s., but smaller projects don't have the luxury.

See the curl maintainer's take on this: https://daniel.haxx.se/blog/2023/03/06/nvd-makes-up-vulnerab...


Follow the links to the actual issue description and check if it makes sense in your context. While the current aggregators are not perfect, there will always be edge cases where you care about some issues more/less than someone else. The whole idea of having a single number has limitations.


They deserve to not be allowed to restore their system to normal?

> The people who deleted or replaced the curl executable noticed that they cannot upgrade because the Windows update procedure detects that the Windows install has been tampered with and it refuses to continue.

This policy makes absolutely no sense.


It does make sense, as the upgrade may break the system because of the tampering. Probably say upfront that there's a problem and let the user do a full reinstall when they can rather than attempt to upgrade and break everything. They could have a "force upgrade" button, but many people would just click that without thinking twice then blame MS when it breaks everything.


Strictly speaking the update process isn't able to update to the new version without the existing file (https://devblogs.microsoft.com/oldnewthing/20200213-00/?p=10...).

As noted on the blog post, the solution is to run the system file checker (sfc) to repair it before running the update


curl is used to download files… if it is missing, Windows presumably won’t be able to download something. If they just go for it anyway, the system could end up in some undefined state.


I doubt curl is involved in the windows update process itself (seeing as Windows Update is a lot older than the inclusion of curl in Windows)


Since the policy is going an extra mile preventing something rather than simply not caring, it probably does make sense. Just in a way that's not trivial to anticipate.


Moral of the story: answers.microsoft.com is the worst


Every time I run into a Windows related problem I find an answers.microsoft.com post of someone with the exact problem I'm having and every time the thread runs dry after some Verified Super Duper Senior Adviser Technician Microsoft Windows Expert Professional says "have you tried reinstalling Windows 11".

I don't know if you get forum points for suggesting wiping your drive or something but I've never seen a useful response from someone tagged as some kind of expert by answers.microsoft.com.


Or have you tried disabling anti-virus...


that actually is a solution to many problems though


they cannot upgrade because the Windows update procedure detects that the Windows install has been tampered with and it refuses to continue.

I'm surprised I've never heard of this before. In my experience you can almost hear Windows Update cackling with glee as it un-customizes your Windows install.


If you are missing curl.exe, the System File Checker may be able to restore it. Worth giving sfc /scannow a shot.


SFC takes a while, so `sfc /scanfile=c:\windows\system32\curl.exe` may be more useful for people who encounter this specific problem.


Antimalware is the worst malware I’ve seen in my decades-long career in IT.


I use whatever Microsoft call their built in security this year, use ublock origin, and reinstall Windows about once a year. This seems to be the better alternative to having Norton/McCafe/<insert name of "security" program that uses more CPU than malware>.


ESET NOD32 is still going to be lighter and more performant than any alternative, including Windows Defender. The latter includes big delay for small file access, even just metadata!


Nessus is not "antimalware"

It is a network scanner


Is there a windows equivalent of "chmod 0000 /file/to/be/made/unavailable" ? Even that seems pretty brutal but at least it's easily reversible if you discover that "oh I needed that to download the vendor patch that will _actually_ fix the problem"


There is, you can go into the NTFS permissions and just deny access to every group and user on every type of file access. I did that for compattelrunner.exe*

Windows has so far randomly undone these changes so there's probably some kind of recovery mechanism that gets triggered when you alter file permissions. A script running on login setting the permissions through powershell seems to have put that stupid executable in stasis on my machine at least, so perhaps it works for curl too.

* compattelrunner is a telemetry generation tool that seemingly cannot be killed. I have applied every registry hack, privacy tool, and Windows setting, but that damned thing will not be disabled. If it weren't for the driver signature enforcement, I would've written a minifilter driver that makes all files with that name disappear to finally rid myself of this curse.


Really depends on how windows put that curl.exe there in the first place. WinSxS would probably detect the damage and fix it. It is kind of how MS 'fixed' DLL hell. Windows really tries to stop that sort of thing. Also depending on how it was installed you may be able to get the windows installer subsystem that controls it to just uninstall it for you. Would just depend if it s part of another bundle or not. If you want to see how there are tons of vids on how people make stripped down windows installs.

Also if you are stuck with this another way to fix it is to just run the file out of a different directory and/or rename your new one. Windows load hierarchy is local folder first, then path (which usually has system32 in there somewhere).

But if you are dead set on your chmod method yes you could use calcs to do it. Add the executable permission to false. You prob would have to do that from a decently privlaged account. You probably could also do it from active directory using a group policy.

A better way is to open a phone support ticket with MS if they are the ones installing it. Going onto their web support boards is usually basically a dead end. If you bought your PC from an OEM you can call them too then they can open a ticket with MS.


Even more low-tech: I can't believe people just hose the executable (and immediately empty their recycle bin?) rather than just renaming it.


yes there is, you just need to right click the file and remove the privileges for system.

I just did this for the "AsusComService" which would take 30% of my i9 13k simply because i have dns blocking running for it.


Why can't you uninstall it?


because it comes from the motherboard and will reinstall every time i reboot. I have deleted it before, renamed it and more but nothing helped unless i revoked its privileges.

Or differently said, modern asus motherboards actively come with a rootkit.


TIL that curl is installed in Windows 10 and 11 - useful article for that alone!


Another one a lot of people don't realize ships with Windows 10 & 11 is tar. Specifically bsdtar which along with tar files can also create and extract zip files.


It’s not enabled by default, but under Optional Features you can also install an OpenSSH client, making tools like putty no longer necessary


The OpenSSH client has been part of the default install of the Pro version since the April 2018 Windows 10 update.


curl on windows is my fallback to telnet (which is even less likely to be available on a clients windows computer) to quickly check connectivity and address resolution without having to install anything


I love the sneer towards the helpful voulonteers on the Microsoft forums.

Hello, <name>, how are you?

Good day! I'm <other name> a Windows user like you and I'll be happy to assist you today. I know this has been difficult for you, Rest assured, I'm going to do my best to help you

Please do

<giant copy paste including scf /scannnow and dism /something>

If the problem still persists, please try to update using the Microsoft tool.

Kindly let me know if this helps or if you have any further concerns.

Sincerely,

<other name> Independent Advisor

Standard Disclaimer: This is a non-Microsoft website. The page appears to be providing accurate, safe information. Watch out for ads on the site that may advertise products frequently classified as a PUP (Potentially Unwanted Products). Thoroughly research any product advertised on the site before you decide to download and install it.


>I just want to emphasize that if you install and run Windows, your friendly provider is Microsoft. You need to contact Microsoft for support and help with Windows related issues.

Worth remembering this is only the case if you buy a retail license.

If you cheaped out with an OEM license, you are your own customer support and Microsoft won't help you.

If you bought a laptop or pre-made desktop, you have an OEM license provided to you by whoever manufactured your computer and they are your customer support; Microsoft won't help you.


Honestly Microsoft doesn’t help you even if you paid directly. You might get lucky and have some forum volunteer give you a hand, but Microsoft will absolutely under no circumstances fix your PC




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: