We are still actively working on the spam issue.

Windows 10

From InstallGentoo Wiki
Jump to: navigation, search
Windows 10 is not your friend
Warning: There is a high likelihood that Windows 10 is compromised. It is highly malicious, and has been proven time and time again to not only datamine and steal user information, but it has been designed to do this. Continue at your own risk.

Windows 10 is the latest iteration of Microsoft's desktop operating systems. The primary "appeal" of Windows 10 over the generally preferred Windows 7 is DirectX 12, which improved the graphics rendering in certain supported games. There are few games that specifically support ONLY DirectX 12. Windows 10 comes with Cortana, a personal assistant similar to Apple's Siri, and Edge, the new browser created in Microsoft's efforts to distance itself from Internet Explorer.

There are major concerns about how much Windows 10 will phone home, even with all the "privacy tweaks" enabled during install. Even Russian Lawyers were trying to get it banned from Russia.


This section will cover performing a clean install of Windows 10. This is preferred over upgrading if you want a fresh system that does not drag along temp files, app data and other junk from your 7/8/8.1 install.

It will not cover upgrading from an existing Windows 7/8/8.1 install. If you have an existing Windows 7/8/8.1 install, you can still use this section, but beware you'll lose all your installed apps and data with a clean install. From October 2015 to August 2016, Windows 10 can be activated using 7/8/8.1 product keys. This works by checking the system hardware profile with Microsoft's servers to ensure it matches the hardware the product key was originally activated on. The edition of Windows 10 must match the edition the product key was for (i.e. Home Premium or Professional).

If you want to do a test run of installing Windows 10, without committing your hard drive to it, setup a VirtualBox and skip ahead to the Installation section.

Preinstall preparation

To install Windows 10 we'll need a few things:

  • The Windows 10 disc image (.iso file).
    • This can be sourced directly from microsoft.com here. You'll need to enable javascript. (This link will likely disappear after August 2016, when Windows 10 is no longer free).
      • If you're planning on pirating Windows 10, you need the Professional version or above.
      • If the above link no longer works (i.e. Microsoft have stopped supplying an official Windows 10 ISO publicly) you can always look for a copy on KAT or TPB. Look for something which includes the official updates up until today (whatever month/year this is) and perhaps avoid isos that install lots of Super Kewl Appz and generally fuck with the source.
  • A utility to copy the Windows 10 image to a DVD or USB stick for installation like the official Windows USB/DVD Download Tool, UNetbootin or Rufus.
  • Backups of your data.
  • An install kit, which will contain:
    • Drivers for your hardware that are compatible with Windows 10. If you can't find a specific Windows 10 driver, grab the Windows 8.1 driver and cross your fingers. If you're super cautious (which is fine) wait until your hardware manufacturer releases Windows 10 drivers.
    • Common programs you use (e.g. your media player, your compression utility, your browser).

Once you have the .iso, use a spare USB flash drive or DVD with one of the aforementioned tools to create a bootable install disk.

Installation preparation

Insert your bootable DVD or USB drive and reboot. Jump into the BIOS/UEFI with F1 or DEL (or whatever you're told to on the first screen your computer displays as it boots. On ThinkPads this is the ThinkVantage button).

Inside the BIOS/UEFI, you need to set the Boot Order to boot from your USB stick or DVD. This is just a matter of putting the USB stick or DVD ahead of your other drives in the Boot Priority. If you are using a computer which has both UEFI and Legacy options choose UEFI first. Most modern installation images are designed to boot using UEFI, but also have legacy fallback for older motherboards.

With your BIOS settings set, save and exit the BIOS. At this point it should reboot automatically into the installer.


Once BIOS hands over control to your boot device you may get a message to hit any key to boot from CD/DVD or USB. Hit a key if you see this message.

The Windows 10 install process will begin:

  • The first screen, which has a lovely purple background, will have a window asking for your language (English (United States)), your Time and Currency Format (English (United States)) and your Keyboard or input method (US). Set the Time and Currency Format to your region (and anything else if you want a non english install) and hit the Next button in the bottom right.
  • Hit the Install Now button.
  • After a short pause, you'll be presented with the product key window. This wants your product key, but we can worry about that later, so hit Skip.
  • If your .iso has multiple versions of Windows 10 available, the next screen will allow you to choose which version of Windows 10 you install (Home, Pro, etc) and what architecture version you want (x64, unless you're on a toaster).
    • If you're some kind of pirate scumbag, select Pro or above.
  • The license terms screen is next. Kiss your first born goodbye and pray to Buddha, click I accept the license terms, and hit Next.
  • Next is the "type of installation you want" screen. You always want Custom. So click it.
  • Next is the partition screen. This is the most serious screen of the install, so be careful here:
    • You need two partitions:
      • A boot ("System Reserved") partition of about 350mb (the installer will force you to make this).
      • A partition of 15gb+ to install Windows 10 to (this will become C: drive).
    • If the drive is empty, just make a new partition and follow the prompts.
    • If you're installing over the top of win7/8.1, format your old C: drive.
    • If you plan to dual boot install Windows first and Linux second. This will ensure you get GRUB as your bootloader with an entry for Linux and Windows. Remember to leave free space for Linux when partitioning C:. Around 15GB should be good depending on usage. Installing to a separate drive is preferred over dual booting because Windows 10 tends to aggressively overwrite other bootloaders on its drive.
    • If you already have Linux partitions, don't touch them unless you want Windows to format them and destroy all your data. (Windows will still destroy your grub-bios install, but that's easily reinstalled with a quick boot into your Linux install USB, chrooting to your installation, and # grub-install --target=i386-pc --recheck /dev/sdX ; grub-mkconfig -o /boot-grub/grub.cfg).
    • With your new C: drive selected, hit Next.
  • Windows will copy the install files. This will take 5-10mins from a USB.
  • The Windows 10 install will then reboot. After the reboot you no longer need your USB stick or DVD inserted for the install to continue. You might get a message about booting from your USB or DVD (defaulting to no), and no is the correct answer.
  • Windows will spend some time "Getting ready" and then reboot again.
  • At long last you'll be presented with a blue screen and white text, asking you to enter the product key. In the bottom left, in quite small text, will be "Do this later". Click this.
  • At the "Get Going Fast" (like sonic) screen, look in the bottom left for Customize Settings. Click it.
  • In the first Customize Settings screen, turn all four privacy invasion options Off, then hit Next.
  • In the second Customize Settings screen, turn off the four privacy invasion options, then scroll down to turn off the fifth privacy invasion option, then hit Next.
  • In the Create an Account screen, enter a username and perhaps a password, then hit Next.
  • Windows will show you a few friendly screens like "Hi" and "This won't take long".
  • You'll then be dropped into a freshly installed Windows 10 install.

Post installation


Follow Microsoft's instructions to activate it.

Beginning in October 2015 and through August 2016, if you had a legitimate product key for Windows 7/8/8.1 activated on the system before you can use the same key to activate Windows 10. Your product key can be found with your Windows 7/8/8.1 installation media or on the Microsoft sticker on your PC. This sticker is usually found on the bottom of laptops and the side of prebuilt desktops.

If you're a pirate, you need KMSPico. KMS is a key management system meant for offices and administrators of multiple Windows computers. KMSPico emulates that system and can activate Windows installs without them being legal.

Further reading

.NET Framework 3.5 offline installation

Windows 10 (and 8/8.1) comes with .NET 4+ installed. Some apps need .NET 3.5 (or 2.0 or 1.0). You need internet access to be able to install .NET 3.5. If you don't give Windows internet access, you might think that you can download a dotNetFx35setup.exe from microsoft.com. Nope. You will actually get an error saying that .NET 3.5 is not installed when you run the installer for .NET 3.5.

So to install .NET 3.5 without giving Windows internet access:

  • Mount the Windows 10 install .iso or plug in your USB/DVD.
  • Take note of the drive letter assigned to it.
  • Open a Command Prompt as an Administrator:
    • Start > All Apps > Windows System > right click Command Prompt > Run as Administrator.
  • Check the following command and change the drive letter as required. Here it is listed as D: drive (straight after /Source):

Dism /online /enable-feature /featurename:NetFx3 /All /Source:D:\sources\sxs /LimitAccess

  • With the drive letter correct, copy the above command.
  • Paste it into the Administration Command Prompt and hit enter.
  • The "feature" will be "enabled". This will take a minute or so and when it's done will say "The operation completed successfully".
  • Close the Administration Command Prompt.

Network spyware

Windows and Windows 10: Considered Harmful
Note: This doesn't do much, as most, if not all, DNS lookups concerning Microsoft hostnames are hardcoded in dnsapi.dll. Add them to your router's blocklist as well for additional security.
Note: If you complain that this breaks things you use, then you are using the wrong things and should kill yourself

Open your hosts file, located in C:\Windows\System32\drivers\etc with notepad. Copy and paste these lines (some lines are irrelevant, but are included for extra security):

#List from this URL: https://bitbucket.org/matthewlinton/ancile/src/2701ae9f728df20b0e569c97b91d4580663f1638/data/modify_Hosts/modify_hosts.lst?at=master

# Lines starting with a "#" are comments and will be ignored. 0.r.msn.com a.ads1.msn.com a.ads1.msn.com a.ads2.msads.net a.ads2.msn.com a.rad.msn.com ac3.msn.com act-3-blu.mesh.com activesync.glbdns2.microsoft.com ad.doubleclick.net adnexus.net adnxs.com ads.eu.msn.com ads.msn.com ads.msn.com.nsatc.net ads1.msads.net ads1.msn.com ads2.msn.com ads2.msn.com.c.footprint.net adsmockarc.azurewebsites.net adsyndication.msn.com aidps.atdmt.com aidps.msn.com.nsatc.net aka-cdn-ns.adtech.de analytics.live.com analytics.microsoft.com analytics.msn.com analytics.msnbc.msn.com analytics.r.msn.com appexmapsappupdate.blob.core.windows.net arc2.msn.com arc3.msn.com arc9.msn.com atlas.c10r.facebook.com az361816.vo.msecnd.net az512334.vo.msecnd.net b.ads1.msn.com b.ads2.msads.net b.rad.msn.com bat.bing.com bingads.microsoft.com bl3302.storage.skyprod.akadns.net blu.mobileads.msn.com bn1-2cd.wns.windows.com bn1cd.wns.windows.com bn1wns2011508.wns.windows.com bn2wns1.wns.windows.com bn2wns1b.wns.windows.com bs.eyeblaster.akadns.net bs.serving-sys.com c.atdmt.com c.atdmt.com.nsatc.net c.bing.com c.microsoft.com c.msn.com c.msn.com.nsatc.net c.ninemsn.com.au c.no.msn.com c1.microsoft.com ca.telemetry.microsoft.com cache.datamart.windows.com cdn.atdmt.com cdn.content.prod.cms.msn.com cds26.ams9.msecn.net choice.microsoft.com choice.microsoft.com.nsatc.net cmsresources.windowsphone.com col.mobileads.msn.com compatexchange.cloudapp.net content.windows.microsoft.com corp.sts.microsoft.com corpext.msitadfs.glbdns2.microsoft.com crl.microsoft.com cs1.wpc.v0cdn.net cy2.settings.data.microsoft.com.akadns.net dart.l.doubleclick.net db3aqu.atdmt.com db3wns2011111.wns.windows.com db5.settings.data.microsoft.com.akadns.net db5sch101101511.wns.windows.com db5sch101101939.wns.windows.com db5sch101110626.wns.windows.com db5sch101110634.wns.windows.com db5sch103082111.wns.windows.com db5sch103082406.wns.windows.com db5sch103092209.wns.windows.com dc.services.visualstudio.com dev.virtualearth.net df.telemetry.microsoft.com diagnostics.support.microsoft.akadns.net diagnostics.support.microsoft.com digg.analytics.live.com directory.services.live.com.akadns.net displaycatalog.md.mp.microsoft.com displaycatalog.mp.microsoft.com dl.delivery.mp.microsoft.com dmd.metaservices.microsoft.com download-ssl.msgamestudios.com ec.atdmt.com ecn.dev.virtualearth.net en-us.appex-rf.msn.com fe2.update.microsoft.com.akadns.net fe3.delivery.dsp.mp.microsoft.com.nsatc.net fe3.delivery.mp.microsoft.com feedback.microsoft-hohm.com feedback.search.microsoft.com feedback.windows.com fesweb1.ch1d.binginternal.com f4a487e56259f4bd5831e9e30470e83.azr.msnetworkanalytics.testanalytics.net flex.msn.com flex.msn.com.nsatc.net g.msn.com g.msn.com.nsatc.net geo.settings.data.microsoft.com.akadns.net geo-prod.do.dsp.mp.microsoft.com geover-prod.do.dsp.mp.microsoft.com global.msads.net.c.footprint.net h1.msn.com h2.msn.com help.bingads.microsoft.com i1.services.social.microsoft.com i1.services.social.microsoft.com.nsatc.net inference.location.live.net js.microsoft.com lb1.www.ms.akadns.net licensing.md.mp.microsoft.com live.rads.msn.com livetileedge.dsx.mp.microsoft.com logging.windows.microsoft.com ls2web.redmond.corp.microsoft.com m.adnxs.com m.anycast.adnxs.com m.hotmail.com mediadiscovery.microsoft.com microsoft-hohm.com mobile.pipe.aria.microsoft.com msedge.net msnportal.112.2o7.net msntest.serving-sys.com nexus.officeapps.live.com nexusrules.officeapps.live.com oca.telemetry.microsoft.com oca.telemetry.microsoft.com.nsatc.net officeclient.microsoft.com onesettings-bn2.metron.live.com.nsatc.net onesettings-cy2.metron.live.com.nsatc.net onesettings-db5.metron.live.com.nsatc.net onesettings-hk2.metron.live.com.nsatc.net otf.msn.com popup.msn.com pre.footprintpredict.com preview.msn.com rad.live.com rad.msn.com rad.msn.com.nsatc.net redir.metaservices.microsoft.com reports.wes.df.telemetry.microsoft.com rmads.eu.msn.com rmads.msn.com rpt.rad.msn.com sb.scorecardresearch.com schemas.microsoft.akadns.net search.msn.com secure.adnxs.com secure.anycast.adnxs.com secure.flashtalking.com services.wes.df.telemetry.microsoft.com settings.data.glbdns2.microsoft.com settings.data.microsoft.com settings-sandbox.data.glbdns2.microsoft.com settings-sandbox.data.microsoft.com settings-ssl.xboxlive.com settings-win.data.microsoft.com sgmetrics.cloudapp.net shell.windows.com siweb.microsoft.akadns.net skyapi.skyprod.akadns.net sls.update.microsoft.com sls.update.microsoft.com.akadns.net sls.update.microsoft.com.nsatc.net sO.2mdn.net spynet.microsoft.com spynet2.microsoft.com spynetalt.microsoft.com spynettest.microsoft.com sqm.df.telemetry.microsoft.com sqm.microsoft.com sqm.telemetry.microsoft.com sqm.telemetry.microsoft.com.nsatc.net ssw.live.com ssw.live.com.nsatc.net static.2mdn.net static-2mdn-net.l.google.com statsfe1.ws.microsoft.com statsfe1.ws.microsoft.com.nsatc.net statsfe2.update.microsoft.com statsfe2.update.microsoft.com.akadns.net statsfe2.ws.microsoft.com statsfe2.ws.microsoft.com.nsatc.net storeedgefd.dsx.mp.microsoft.com support.msn.microsoft.akadns.net survey.watson.microsoft.com t.urs.microsoft.com.nsatc.net t0.ssl.ak.dynamic.tiles.virtualearth.net t0.ssl.ak.tiles.virtualearth.net tele.trafficmanager.net telecommand.telemetry.microsoft.com telecommand.telemetry.microsoft.com.nsatc.net telemetry.appex.bing.net telemetry.appex.search.prod.ms.akadns.net telemetry.microsoft.com telemetry.urs.microsoft.com teredo.ipv6.microsoft.com tile-service.weather.microsoft.com tlu.dl.delivery.mp.microsoft.com tsfe.trafficshaping.dsp.mp.microsoft.com udc.msn.com urs.microsoft.com v10.vortex-win.data.metron.live.com.nsatc.net v10.vortex-win.data.microsoft.com version.hybrid.api.here.com view.atdmt.com vortex.data.glbdns2.microsoft.com vortex.data.metron.live.com.nsatc.net vortex.data.microsoft.com vortex-bn2.metron.live.com.nsatc.net vortex-cy2.metron.live.com.nsatc.net vortex-db5.metron.live.com.nsatc.net vortex-hk2.metron.live.com.nsatc.net vortex-sandbox.data.glbdns2.microsoft.com vortex-sandbox.data.microsoft.com vortex-win.data.metron.live.com.nsatc.net vortex-win.data.microsoft.com w3.b.cap-mii.net watson.live.com watson.live.comwatson.microsoft.com watson.microsoft.com watson.microsoft.com.nsatc.net watson.ppe.telemetry.microsoft.com watson.telemetry.microsoft.com watson.telemetry.microsoft.com.nsatc.net web.vortex.data.microsoft.com wes.df.telemetry.microsoft.com win10.ipv6.microsoft.com win10.ipv6.microsoft.com.nsatc.net win8.ipv6.microsoft.com www.modern.iechoice.microsoft.com www.msedge.net

Furthermore, you can add these in your routing table.

# This list was derived from this URL: https://bitbucket.org/matthewlinton/ancile/src/2701ae9f728df20b0e569c97b91d4580663f1638/data/modify_Routing/modify_routes.lst?at=master

# Lines starting with a "#" are comments and will be ignored.

Windows 10 AME

Warning: This section needs more information. Essentially, an installation guide and more about the limitations experienced by other anons can help.

As already stated, blocking trackers can only remove some low hanging fruit and is not a proper approach to improving privacy. This is the reason the Tor Browser does not include any tracker blockers. The only way to completely git rid of privacy-invading networking is to remove services and applications that cause those connections in the first place, as well as ensure that those programs and service do not get installed again (by other services such as Windows Update). Tools like ShutUp10 and WPD are NOT sufficient for privacy, since they either rely on disabling group policies or just temporarily disable spyware, which then get reactivated with the next security update.

Windows 10 Ameliorated is a project that provides a detailed long guide, some scripts and tools to get a modified Windows 10 installation which DOES NOT remove the spyware by disabling group policy, registry entries, hostfiles and other workarounds, but rather kills privacy-invasive services from the system on an executable level. This includes Windows Update, and any related services intended to re-patch the system via what is essentially a universal backdoor. Core applications, such as the included Edge web-browser, Windows Media Player, Cortana, as well as any appx applications, will also be purged. You system will spare about 2 GB of pre-installed garbage.

Note, that it is advised to do the manual installation, rather that using the ISO image. You shouldn't trust the source too much, but understand what you are doing and you can verify if you did everything right with tools like Wireshark. Also, it takes a lot of fucking time (about 2-3h, depends on your system and knowledge), so be prepared and patient.


It may also not really be what you would want, since the absence of Windows Update requires you to download all necessary security updates and drivers yourself. But since Windows Update is also one of the most privacy invasive and user-raping applications out there, this could be considered good riddance (MS is not able to rape you in the ass with forced updates). You can also use a free and open-source software like Snappy Driver Installer to get your drivers.

The absence of Microsoft Store is objectively good riddance, except if you're retarded enough to depend on applications which are only provided from this cancerous source. Fuck you.

Now, the biggest possible limitation of Windows 10 AME is that there is no way to install any version of Microsoft Office newer than Microsoft Office 2007. That's pretty shit, since a lot of people use Windows just to use Office, but since the inclusion of the telemetry agent software in MS Office 2013 sends a fuckton of metadata to Microsoft about every single document you have written (possibly even every single keystroke), Office 2007 does not look so bad at all (and it just works™). Or just use the superior alternative.

External links

  • It was revealed that Microsoft sends encrypted images of the user's desktop back to Redmond. This video decrypts the encrypted images sent of the user's desktop. Happy browsing! Dead, and new source being found

Check the talk page for a very extensive compilation of shady things Windows 10 does.