W10 was written before E-cores were popularized. It's on the path to EOL, so it won't get any processor scheduling tweaks. W11 doesn't offer any special E-core support either, and I wouldn't expect any until W12. The entire focus of W11 has been over increasing kernel security by locking out legacy drivers and UEFI extensions.
Guide: Optimized Image
Latebloomer
New Member
I didn't criticize your massive work for the optimized image. It's great what you've done. I know you have not tested it on W11 but i was curious and wanted test it. The test was not long because i experienced a lot of short freezes and weird mouse behaviour.
I use the clean(only component removal) GamerOS preset as base. Not the latest version with additional tweaks. Only few network and other components added. Restored wlan, bluetooth and windows photos.
I'm going to do a game test myself soon. CP 2077 & RDR2. Your optimized image with W10 vs GamerOS W11. E-cores on/off, HT off
Last edited:
I'm really interested in this non-removal approach to tweaking Windows but I'm a little worried about security in that kind of setup. Is common sense and adblock really enough to stay out of trouble? I'm not that knowledgeable when it comes to malware so I would appreciate it if you guys could share your thoughts on the topic.
Necrosaro
Active Member
I have not run a malware/virus scanner since xp. This all depends on how much common sense in knowing what you are downloading and which websites you are visiting.
If you feel that you can run without one that's fantastic since it's not hogging your system but if you are a person who wants a safety net because you don't know enough then that's fine too. No judgement from me.
If I do go on sites that are less then savoury lol then yes I use my adblocker since I find it's much better in keeping that garbage away.
I followed your guide, but the security registry tweaks removed the defender or am I mistaken?
Taosd
Well-Known Member
Reg_2_Security: this file has to do with the Windows Security center app, it disables Defender, firewall, and many of the overly aggressive security features which substantially interfere with gaming, especially multiplayer games. This is where most of the bad game pings, DPC, stutter, and general game issues come from. There is a reason why older operating systems perform better, because they lack these features by default.
so , to clarify what you didnt read, NO it didnt remove defender, it disabled Defender.
So basically if I keep the defender and firewall and just disable them manually within windows, it does the same? Or are the registrys a bit more "aggresive" and keep the disabled better than just clicking the buttons in security options?
even normy websites are rammed full of crap without an adblocker, youtube is unusable without them
Hellbovine
Well-Known Member
You can still use the guide and exclude certain parts of the security file or even the whole file. Feel free to edit all the registry files and delete tweaks you don't want, it's been setup this way on purpose to be modular and easy to modify, with comments inside about what each setting toggles. I use this same image on my machine, and in a year and a half on W10 now I have had zero issues of any kind.
Security is a highly debatable topic, so I am trying to choose my wording carefully as to not stir up a debate since those arguments never go anywhere. This is because the right answer for security really depends on what the computer is being used for, and who is using it. With that being said, here is my view on the topic of security for anyone that cares, and people can take it or leave it:
I've used every Windows from DOS to 11, but I liked XP SP3 so much for gaming that I used it until December of 2021 on my main machine. I have no firewall or antivirus of any kind on my computer or my router. I've always disabled all of that ever since I got into hardcore gaming many years ago because security and gaming are like water and oil, they just don't get along. I've never been infected with any kind of malware while using this approach, and I also don't use Windows Update after Microsoft revoked user control over it in newer operating systems.
On the flipside, my friends, family, and co-workers have all asked me to fix their computers over the years after they got infected, while using the default settings everywhere, meaning they had multiple firewalls, antivirus, and updates protecting them. Why do they get infected, but I do not? Because the vast majority of security can be handled with a small toolbox and good browsing habits. Here is my basic list of stuff I require to feel secure or else I wouldn't run a machine in a zero-security configuration:
- Browser: pick a good one, Chrome is the best in my testing, but any chromium-based browser will perform well, which is actually most browsers nowadays, as they're all converting over to chromium since it has won the browser wars. All browsers have terrible default settings though which reduce performance and are security hazards. Be sure to disable all the features, such as prefetching, autofill, etcetera. Also, use incognito mode so that you won't stay signed in forever to websites since a lot of people don't actively "sign out" when they're done, or ever clear their cache.
- Adblocker: uBlock Origin is hands-down the best, there's no question. Part of why it works so great is because it actually prevents ads from being downloaded at all, meaning your browsing speeds improve and you can prevent malware too since those connections aren't being established. The internet is also horrible to browse with all the ad clutter everywhere nowadays and so this is becoming mandatory for the web to be usable.
- Vectors: optimizing the operating system greatly helps to eliminate attack vectors. There is so much going on in the background, and all of these are potential backdoors into your machine. Removing components and disabling things with NTLite can greatly improve security by giving attackers less opportunities to work with. This is where viruses tend to become famous, by targeting vulnerabilities in Windows features. You can wait around for Microsoft to patch these, or you can remove/disable these features which solves the problem and frees up resources too. Modern operating systems are actually far less secure than previous ones because the number of attack vectors has skyrocketed over the years (bloat).
- Habits: don't visit shady sites, and only download from reputable places. This is pretty basic stuff, but it's by far where most problems come from, and is way more important than any combination of firewall or antivirus. My mother in-law for example kept getting infected repeatedly and I discovered it was because she was downloading "free" Sims game expansions from random sites, which were infecting her with viruses.
- Minimalism: I view computers as volatile devices (because they are). As such, I don't keep my entire life on my computer, and instead I keep important files elsewhere and only install whatever my computer actually needs. It stays in a minimalistic state at all times. If disaster ever happens, I can plug in the USB stick with my custom Windows, reinstall, and within 2-3 hours I'm back in business. I have a routine to reinstall Windows once every 6 or 12 months depending on how heavy I'm using my PC because that ensures top performance and keeps security tight.
- Updates: instead of using Windows Update, I disable it and at the end of every year when the new version comes out (21H2, 22H2, etcetera) I test it and see if it's worth upgrading to. If it is, then I build a brand new custom Windows using that new version and cleanly install it. This gives you the benefits of having a patched system, but without all the numerous headaches and problems of Microsoft's low quality control nowadays, pushing out bad updates. This approach also releases the excessive computer resources that Windows update consumes.
- Router: at a minimum you need to be behind a router, using NAT (network address translation) to avoid problems in a zero-security configuration, otherwise, connecting your PC straight to a cable or DSL modem will eventually result in malware.
To help prove my point about being able to use a computer without security, many older Windows operating systems had no firewall or antivirus and yet there wasn't a global computer virus pandemic. Yes, this stuff is always being hyped in the news because it's great click-bait for ad revenue, but it's really not as much of a problem as it gets made out to be, as running XP in modern days has shown.
On the flipside, my friends, family, and co-workers have all asked me to fix their computers over the years after they got infected, while using the default settings everywhere, meaning they had multiple firewalls, antivirus, and updates protecting them. Why do they get infected, but I do not? Because the vast majority of security can be handled with a small toolbox and good browsing habits. Here is my basic list of stuff I require to feel secure or else I wouldn't run a machine in a zero-security configuration:
- Browser: pick a good one, Chrome is the best in my testing, but any chromium-based browser will perform well, which is actually most browsers nowadays, as they're all converting over to chromium since it has won the browser wars. All browsers have terrible default settings though which reduce performance and are security hazards. Be sure to disable all the features, such as prefetching, autofill, etcetera. Also, use incognito mode so that you won't stay signed in forever to websites since a lot of people don't actively "sign out" when they're done, or ever clear their cache.
- Adblocker: uBlock Origin is hands-down the best, there's no question. Part of why it works so great is because it actually prevents ads from being downloaded at all, meaning your browsing speeds improve and you can prevent malware too since those connections aren't being established. The internet is also horrible to browse with all the ad clutter everywhere nowadays and so this is becoming mandatory for the web to be usable.
- Vectors: optimizing the operating system greatly helps to eliminate attack vectors. There is so much going on in the background, and all of these are potential backdoors into your machine. Removing components and disabling things with NTLite can greatly improve security by giving attackers less opportunities to work with. This is where viruses tend to become famous, by targeting vulnerabilities in Windows features. You can wait around for Microsoft to patch these, or you can remove/disable these features which solves the problem and frees up resources too. Modern operating systems are actually far less secure than previous ones because the number of attack vectors has skyrocketed over the years (bloat).
- Habits: don't visit shady sites, and only download from reputable places. This is pretty basic stuff, but it's by far where most problems come from, and is way more important than any combination of firewall or antivirus. My mother in-law for example kept getting infected repeatedly and I discovered it was because she was downloading "free" Sims game expansions from random sites, which were infecting her with viruses.
- Minimalism: I view computers as volatile devices (because they are). As such, I don't keep my entire life on my computer, and instead I keep important files elsewhere and only install whatever my computer actually needs. It stays in a minimalistic state at all times. If disaster ever happens, I can plug in the USB stick with my custom Windows, reinstall, and within 2-3 hours I'm back in business. I have a routine to reinstall Windows once every 6 or 12 months depending on how heavy I'm using my PC because that ensures top performance and keeps security tight.
- Updates: instead of using Windows Update, I disable it and at the end of every year when the new version comes out (21H2, 22H2, etcetera) I test it and see if it's worth upgrading to. If it is, then I build a brand new custom Windows using that new version and cleanly install it. This gives you the benefits of having a patched system, but without all the numerous headaches and problems of Microsoft's low quality control nowadays, pushing out bad updates. This approach also releases the excessive computer resources that Windows update consumes.
- Router: at a minimum you need to be behind a router, using NAT (network address translation) to avoid problems in a zero-security configuration, otherwise, connecting your PC straight to a cable or DSL modem will eventually result in malware.
To help prove my point about being able to use a computer without security, many older Windows operating systems had no firewall or antivirus and yet there wasn't a global computer virus pandemic. Yes, this stuff is always being hyped in the news because it's great click-bait for ad revenue, but it's really not as much of a problem as it gets made out to be, as running XP in modern days has shown.
Last edited:
Hellbovine
Well-Known Member
What Taosd said is accurate, I think maybe you're getting confused about some terminology? I'll try to clarify more:
Enabled/Disabled = toggle on/off a component by using a registry key or through a user interface.
Uninstalled/Removed = the component's files have been deleted so it no longer exists at all, meaning it can't be enabled again because it's not actually disabled, it just doesn't even exist on the computer anymore. This is why people that do component removals in NTLite have to fully reinstall Windows with a new image if they need to restore a component.
If you use my guide as-is, it will "disable" Defender and Firewall, but you can go to Start > Security Center and easily toggle them both back on through the user interface. Alternatively, you could delete those registry keys from the security file to prevent them from being toggled off during the image install.
My guide makes it so that Defender and Firewall are toggled off, just like it would happen if you go to Start > Security Center right now and toggle them.
You do have a good point about the "better than just clicking the buttons" and yes, in some cases this is true. My guide will more properly and completely disable a component, better than toggling it in the interface in a few instances. This is because there are other relevant keys that are indirectly connected, but Windows doesn't toggle them. An example of this would be how Action Center constantly complains if you disable the firewall, and so some additional keys have to be added to turn that off too. All of this is thoroughly documented in my files though, just right-click on them and select "edit" to see inside.
Last edited:
Yeah I mixed it up. I applied the Lite template beforehand and didnt check defender and firewall , they were completely removed becaus of the template. Tried to apply the registry inside windows after reinstalling windows without the security registry, but I get a error that some of those settings arent able to load because some of the programs are running. I decided to do a clean install without the template and just using all the registrys from your tweaks and everything works fine now. Ty.
Hellbovine
Well-Known Member
Check out the "Processing Order" section in the Quality Control guide (link) for some relevant tips when you go to make another image in the future, but yeah otherwise just restore some components from the templates before processing the image if you need those features.
If someone wants to combine the GamerOS (or any other preset) with my Optimized Image for example, the best way to do that would be to load the preset and process it, then load that newly created image and follow my guide to process that, then install the final image.
There's a few registry keys that require a clean install of Windows to work right. In addition, some keys require higher permissions and cannot be added post-install without also altering permissions (which is why security file failed to install). In other words, by having all of your tweaks integrated into an image, it results in a more optimized and robust machine than people that try to do all the same stuff in a post-install scenario.
Last edited:
Latebloomer
New Member
Benchmark as promised. W10 Optimized Image + GamerOS vs W11 GamerOS
Clean windows install. Same GamerOS-preset(only component removal). Same setup&settings.
Tested both scenarios multiple times and each time the difference was ~2 fps in favor of W11.
With e-cores disabled, the performance drop was identical 4-5 fps in W10&W11. So, at least we can conclude that W10 can actually utilize/handle e-cores properly.
Clean windows install. Same GamerOS-preset(only component removal). Same setup&settings.
Tested both scenarios multiple times and each time the difference was ~2 fps in favor of W11.
With e-cores disabled, the performance drop was identical 4-5 fps in W10&W11. So, at least we can conclude that W10 can actually utilize/handle e-cores properly.
Hellbovine
Well-Known Member
Thank you for taking the time to test. This is the kind of post I can thoroughly get behind.
Your conclusion is now the same as mine, and this is what I meant by e-cores being "moot" because e-cores is not the issue it's being made out to be on places like Reddit. I find that site to be the 2nd worst place ever for computer advice, with answers.microsoft.com being the worst of them all.
What tends to happen in scenarios like these, is people discover something valid, but either misinterpret what they're seeing or it changes rapidly afterwards, but that "knowledge" continues to remain in the past and never advances. For example, I believe that at one time e-core was likely an issue because new technology tends to have major problems at launch, but that timeframe was probably 2 years ago, and things have been patched up enough in various places (drivers, windows, software, etcetera) so that it's not bugged/unoptimized anymore.
Another benchmarking/testing problem I see often too is someone will go and make a non-equal comparison, such as their favorite Windows 10, which might be a grossly outdated version (1809) and compare that to Windows 11 22H2. Then they draw incorrect conclusions because the testing methodology is completely flawed. This happens way more than it should, especially in places filled with inexperienced users, such as Reddit.
There's some changes I would make in the testing methodology, but I don't think it would affect the outcome. Otherwise I think you did a good job and if people made more posts of this nature, with evidence, facts, data, links, etcetera, then we could all optimize Windows much easier and better since we'd spend less time bickering about generalizations.
Last edited:
This brings up a huge point -- software isn't static, so the correct answer can quickly change based on the exact environment that's involved.
It's a lot of work to keep up on new developments, but stay flexible on solutions and be specific as possible on the starting conditions.
It's a lot of work to keep up on new developments, but stay flexible on solutions and be specific as possible on the starting conditions.
Latebloomer
New Member
This is probably true. Microsoft.. if you accidentally find yourself on that site.. you will fall into deep state of..
It won't let you leave.
One wonders why they even bother
PerhapsAverage
New Member
The registries do not apply.