Kategorie

Palo Alto Networks is warning that a critical flaw impacting PAN-OS software used in its GlobalProtect gateways is being actively exploited in the wild. Tracked as CVE-2024-3400, the issue has a CVSS score of 10.0, indicating maximum severity. "A command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct Newsroomhttp://www.blogger.com/profile/[email protected]

On March 29, 2024, a single message on the Openwall OSS-security mailing list marked an important discovery for the information security, open source and Linux communities: the discovery of a malicious backdoor in XZ. XZ is a compression utility integrated into many popular distributions of Linux.

The particular danger of the backdoored library lies in its use by the OpenSSH server process sshd. On several systemd-based distributions, including Ubuntu, Debian and RedHat/Fedora Linux, OpenSSH is patched to use systemd features, and as a result has a dependency on this library (note that Arch Linux and Gentoo are unaffected). The ultimate goal of the attackers was most likely to introduce a remote code execution capability to sshd that no one else could use.

Unlike other supply chain attacks we have seen in Node.js, PyPI, FDroid, and the Linux Kernel that mostly consisted of atomic malicious patches, fake packages and typosquatted package names, this incident was a multi-stage operation that almost succeeded in compromising SSH servers on a global scale.

The backdoor in the liblzma library was introduced at two levels. The source code of the build infrastructure that generated the final packages was slightly modified (by introducing an additional file build-to-host.m4) to extract the next stage script that was hidden in a test case file (bad-3-corrupt_lzma2.xz). These scripts in turn extracted a malicious binary component from another test case file (good-large_compressed.lzma) that was linked with the legitimate library during the compilation process to be shipped to Linux repositories. Major vendors in turn shipped the malicious component in beta and experimental builds. The compromise of XZ Utils is assigned CVE-2024–3094 with the maximum severity score of 10.

The timeline of events

2024.01.19 XZ website moved to GitHub pages by a new maintainer (jiaT75)
2024.02.15 “build-to-host.m4” is added to .gitignore
2024.02.23 two “test files” that contained the stages of the malicious script are introduced
2024.02.24 XZ 5.6.0 is released
2024.02.26 commit in CMakeLists.txt that sabotages the Landlock security feature
2024.03.04 the backdoor leads to issues with Valgrind
2024.03.09 two “test files” are updated, CRC functions are modified, Valgrind issue is “fixed”
2024.03.09 XZ 5.6.1 is released
2024.03.28 bug is discovered, Debian and RedHat notified
2024.03.28 Debian rolls back XZ 5.6.1 to 5.4.5-0.2 version
2024.03.29 an email is published on the OSS-security mailing list
2024.03.29 RedHat confirms backdoored XZ was shipped in Fedora Rawhide and Fedora Linux 40 beta
2024.03.30 Debian shuts down builds and starts process to rebuild it
2024.04.02 XZ main developer recognizes the backdoor incident

Backdoored source distributions

xz-5.6.0

MD5 c518d573a716b2b2bc2413e6c9b5dbde SHA1 e7bbec6f99b6b06c46420d4b6e5b6daa86948d3b SHA256 0f5c81f14171b74fcc9777d302304d964e63ffc2d7b634ef023a7249d9b5d875

xz-5.6.1

MD5 5aeddab53ee2cbd694f901a080f84bf1 SHA1 675fd58f48dba5eceaf8bfc259d0ea1aab7ad0a7 SHA256 2398f4a8e53345325f44bdd9f0cc7401bd9025d736c6d43b372f4dea77bf75b8 Initial infection analysis

The XZ git repository contains a set of test files that are used when testing the compressor/decompressor code to verify that it’s working properly. The account named Jia Tan or “jiaT75“, committed two test files that initially appeared harmless, but served as the bootstrap to implant backdoor.

The associated files were:

• bad-3-corrupt_lzma2.xz (86fc2c94f8fa3938e3261d0b9eb4836be289f8ae)
• good-large_compressed.lzma (50941ad9fd99db6fca5debc3c89b3e899a9527d7)

These files were intended to contain shell scripts and the backdoor binary object itself. However, they were hidden within the malformed data, and the attacker knew how to properly extract them when needed.

Stage 1 – The modified build-to-host script

When the XZ release is ready, the official Github repository distributes the project’s source files. Initially, these releases on the repository, aside from containing the malicious test files, were harmless because they don’t get the chance to execute. However, the attacker appears to have only added the malicious code that bootstrap the infection when the releases were sourced from https://xz[.]tukaani.org, which was under the control of Jia Tan.

This URL is used by most distributions, and, when downloaded, it comes with a file named build-to-host.m4 that contains malicious code.

build-to-host.m4 (c86c8f8a69c07fbec8dd650c6604bf0c9876261f) is executed during the build process and executes a line of code that fixes and decompresses the first file added to the tests folder:

Deobfuscated line of code in build-to-host.m4

This line of code replaces the “broken” data from bad-3-corrupt_lzma2.xz using the tr command, and pipes the output to the xz -d command, which decompresses the data. The decompressed data contains a shell script that will be executed later using /bin/bash, triggered by this .m4 file.

Stage 2 – The injected shell script

The malicious script injected by the malicious .m4 file verifies that it’s running on a Linux machine and also that it’s running inside the intended build process.

Injected script contents

To execute the next stage, it uses good-large_compressed.lzma, which is indeed compressed correctly with XZ, but contains junk data inside the decompressed data.

The junk data removal procedure is as follows: the eval function executes the head pipeline, with each head command either ignoring the next 1024 bytes or extracting the next 2048 or 724 bytes.

In total, these commands extracted 33,492 bytes (2048*16 + 724 bytes). The tail command then retains the final 31,265 bytes of the file and ignores the rest.

Then, the tr command applies a basic substitution to the output to deobfuscate it. The second XZ command decompresses the transformed bytes as a raw lzma stream, after which the result is piped into shell.

Stage 3 – Backdoor extraction

The last stage shell script performs many checks to ensure that it is running in the expected environment, such as whether the project is configured to use IFUNC (which will be discussed in the next sections).

Many of the other checks performed by this stage include determining whether GCC is used for compilation or if the project contains specific files that will be used by the script later on.

In this stage, it extracts the backdoor binary code itself, an object file that is currently hidden in the same good-large_compressed.lzma file, but at a different offset.

The following code handles this:

Partial command used by the last script stage

The extraction process operates through a sequence of commands, with the result of each command serving as the input for the next one. The formatted one-liner code is shown below:

Formatted backdoor extraction one-liner

Initially, the file good-large_compressed.lzma is extracted using the XZ tool itself. The subsequent steps involve calling a chain of head calls with the “eval $i” function (same as the stage 3 extraction).

Then a custom RC4-like algorithm is used to decrypt the binary data, which contains another compressed file. This compressed file is also extracted using the XZ utility. The script then removes some bytes from the beginning of the decompressed data using predefined values and saves the result to disk as liblzma_la-crc64-fast.o, which is the backdoor file used in the linking process.

Finally, the script modifies the function is_arch_extension_supported from the crc_x86_clmul.h file in liblzma, to replace the call to the __get_cpuid function with _get_cpuid, removing one underscore character.

This modification allows it to be linked into the library (we’ll discuss this in more detail in the next section). The whole build infection chain can be summarized in the following scheme:

Binary backdoor analysis A stealth loading scenario

In the original XZ code, there are two special functions used to calculate the CRC of the given data: lzma_crc32 and lzma_crc64. Both of these functions are stored in the ELF symbol table with type IFUNC, a feature provided by the GNU C Library (GLIBC). IFUNC allows developers to dynamically select the correct function to use. This selection takes place when the dynamic linker loads the shared library.

The reason XZ uses this is that it allows for determining whether an optimized version of the lzma_crcX function should be used or not. The optimized version requires special features from modern processors (CLMUL, SSSE3, SSE4.1). These special features need to be verified by issuing the cpuid instruction, which is called using the __get_cpuid wrapper/intrinsic provided by GLIBC, and it’s at this point the backdoor takes advantage to load itself.

The backdoor is stored as an object file, and its primary goal is to be linked to the main executable during compilation. The object file contains the _get_cpuid symbol, as the injected shell scripts remove one underscore symbol from the original source code, which means that when the code calls _get_cpuid, it actually calls the backdoor’s version of it.

Backdoor code entry point

Backdoor code analysis

The initial backdoor code is invoked twice, as both lzma_crc32 and lzma_crc64 use the same modified function (_get_cpuid). To ensure control over this, a simple counter is created to verify that the code has already been executed. The actual malicious activity starts when the lzma_crc64 IFUNC invokes _get_cpuid, sees the counter value 1 indicating that that the function has already been accessed, and initiates one final step to redirect to the true entry point of this malware.

Backdoor initialization

To initialize the malicious code, the backdoor first initializes a couple of structures that hold core information about the current running process. Primarily, it locates the Global Offset Table (GOT) address using hardcoded offsets, and uses this information to find the cpuid pointer inside it.

GOT modification code

The GOT contains the offsets of symbols, including the cpuid wrapper. The backdoor then swaps the pointers to the main malware function, and calls it as if it were calling cpuid.

Core behavior

The main goal of the backdoor is to successfully hook specific functions that will allow it to monitor every connection to the infected machine. The targeted functions include:

Targeted function Description RSA_public_decrypt Used by libcrypto to decrypt a ciphertext signed by a private key EVP_PKEY_set1_RSA Used by libcrypto to set the RSA key of a given context RSA_get0_key Used by libcrypto to retrieve an RSA key

However, hooking all these functions is not a simple and straightforward task for the backdoor. It involves accessing many internal structures and manipulating process-specific structures until it achieves its goal, and it also needs to be as stealthy as possible, which means that the malicious code contains multiple checks to avoid being analyzed.

Execution environment check

It first parses ld-linux (dynamic linker), which is primarily responsible for dynamically resolving symbol addresses in memory. It also extracts various information about the environment and verifies that the current process the backdoor is running in matches its execution criteria, which are:

• The current process is /usr/bin/sshd
• Check if the kill switch is present

It extracts the name of the current process from argv[0] and also parses all the process environment variables to see if any of them are present in its internal string table. If a match is found, or the process is not sshd, the malware halts its execution.

Process environment check

The only variable inside its own table is yolAbejyiejuvnup=Evjtgvsh5okmkAvj, which in this context serves as a kill switch.

The trie structure

One of the distinctive features of the backdoor is the use of a single trie structure for string operations. Instead of directly comparing strings or using string hashes to match a particular constant (for example, the name of a library function), the code performs a trie lookup, and checks if the result is equal to a certain constant number. For example, the magic value for the ELF header results in the trie returning 0x300, and the name of the system function is matched with a return value of 0x9F8. Trie is not just used for comparisons: certain functions that use pointers to strings (for example, ssh-2.0) search for these strings in the host binary using the trie, so there will be no suspicious data in the backdoor’s body.

The implementation of the trie uses 16-byte bitmasks, each half corresponding to the byte input ranges 0x00-0x3F and 0x40-0x7F, and 2-byte trie leaf nodes, 3 bits of which are flags (direction, termination) and the rest is reserved for the value (or the location of the next node).

Part of the trie lookup function that performs the bitmap match

Symbol resolver

There are at least three symbol resolver-related routines used by the backdoor to locate the ELF Symbol structure, which holds information such as the symbol name and its offset. All symbol resolver functions receive a key to be searched in the trie.

Symbol resolver example

One of the backdoor resolver functions iterates through all symbols and verifies which one has the desired key. If it is found, it returns the Elf64_Sym structure, which will later be used to populate an internal structure of the backdoor that holds all the necessary function pointers. This process is similar to that commonly seen in Windows threats with API hashing routines.

The backdoor searches many functions from the libcrypto (OpenSSL) library, as these will be used in later encryption routines. It also keeps track of how many functions it was able to find and resolve; this determines whether it is executing properly or should stop.

Another interesting symbol resolver abuses the lzma_alloc function, which is part of the liblzma library itself. This function serves as a helper for developers to allocate memory efficiently using the default allocator (malloc) or a custom one. In the case of the XZ backdoor, this function is abused to make use of a fake allocator. In reality, it functions as another symbol resolver. The parameter intended for “allocation size” is, in fact, the symbol key inside the trie. This trick is meant to complicate backdoor analysis.

Symbol resolver using a fake allocator structure

The backdoor dynamically resolves its symbols while executing; it doesn’t necessarily do so all at once or only when it needs to use them. The resolved symbols/functions range from legitimate OpenSSL functions to functions such as system, which is used to execute commands on the machine.

The Symbind hook

As mentioned earlier, the primary objective of the backdoor initialization is to successfully hook functions. To do so, the backdoor makes use of rtdl-audit, a feature of the dynamic linker that enables the creation of custom shared libraries to be notified when certain events occur within the linker, such as symbol resolution. In a typical scenario, a developer would create a shared library following the rtdl-audit manual. However, the XZ backdoor opts to perform a runtime patch on the already registered (default) interfaces loaded in memory, thereby hijacking the symbol-resolving routine.

dl-audit runtime patch

The maliciously crafted structure audit_iface, stored in the dl_audit global variable within the dynamic linker’s memory area, contains the symbind64 callback address, which is invoked by the dynamic linker. It sends all the symbol information to the backdoor control, which is then used to obtain a malicious address for the target functions, thus achieving hooking.

Hooking placement inside the Symbind modified callback

The addresses for dl_audit and dl_naudit, which holds the number of audit interfaces available, are obtained by disassembling both the dl_main and dl_audit_symbind_alt functions. The backdoor contains an internal minimalistic disassembler used for instruction decoding. It makes extensive use of it, especially when hunting for specific values like the *audit addresses.

dl_naudit hunting code

The dl_naudit address is found by one of the mov instructions within the dl_main function code that accesses it. With that information, the backdoor hunts for access to a memory address and saves it.

It also verifies if the memory address acquired is the same address as the one accessed by the dl_audit_symbind_alt function on a given offset. This allows it to safely assume that it has indeed found the correct address. After it finds the dl_naudit address, it can easily calculate where dl_audit is, since the two are stored next to each other in memory.

Conclusion

In this article, we covered the entire process of backdooring liblzma (XZ), and delved into a detailed analysis of the binary backdoor code, up to achieving its principal goal: hooking.

It’s evident that this backdoor is highly complex and employs sophisticated methods to evade detection. These include the multi-stage implantation in the XZ repository, as well as the complex code contained within the binary itself.

There is still much more to explore about the backdoor’s internals, which is why we have decided to present this as Part I of the XZ backdoor series.

Kaspersky products detect malicious objects related to the attack as HEUR:Trojan.Script.XZ and Trojan.Shell.XZ. In addition, Kaspersky Endpoint Security for Linux detects malicious code in SSHD process memory as MEM:Trojan.Linux.XZ (as part of the Critical Areas Scan task).

Indicators of compromise Yara rules rule liblzma_get_cpuid_function { meta: description = "Rule to find the malicious get_cpuid function CVE-2024-3094" author = "Kaspersky Lab" strings: $a = { F3 0F 1E FA 55 48 89 F5 4C 89 CE 53 89 FB 81 E7 00 00 00 80 48 83 EC 28 48 89 54 24 18 48 89 4C 24 10 4C 89 44 24 08 E8 ?? ?? ?? ?? 85 C0 74 27 39 D8 72 23 4C 8B 44 24 08 48 8B 4C 24 10 45 31 C9 48 89 EE 48 8B 54 24 18 89 DF E8 ?? ?? ?? ?? B8 01 00 00 00 EB 02 31 C0 48 83 C4 28 5B 5D C3 } condition: $a } Known backdoored libraries

Debian Sid liblzma.so.5.6.0
4f0cf1d2a2d44b75079b3ea5ed28fe54
72e8163734d586b6360b24167a3aff2a3c961efb
319feb5a9cddd81955d915b5632b4a5f8f9080281fb46e2f6d69d53f693c23ae

Debian Sid liblzma.so.5.6.1
53d82bb511b71a5d4794cf2d8a2072c1
8a75968834fc11ba774d7bbdc566d272ff45476c
605861f833fc181c7cdcabd5577ddb8989bea332648a8f498b4eef89b8f85ad4

Related files
d302c6cb2fa1c03c710fa5285651530f, liblzma.so.5
4f0cf1d2a2d44b75079b3ea5ed28fe54, liblzma.so.5.6.0
153df9727a2729879a26c1995007ffbc, liblzma.so.5.6.0.patch
53d82bb511b71a5d4794cf2d8a2072c1, liblzma.so.5.6.1
212ffa0b24bb7d749532425a46764433, liblzma_la-crc64-fast.o

Analyzed artefacts
35028f4b5c6673d6f2e1a80f02944fb2, bad-3-corrupt_lzma2.xz
b4dd2661a7c69e85f19216a6dbbb1664, build-to-host.m4
540c665dfcd4e5cfba5b72b4787fec4f, good-large_compressed.lzma

Cybersecurity researchers have discovered a credit card skimmer that's concealed within a fake Meta Pixel tracker script in an attempt to evade detection. Sucuri said that the malware is injected into websites through tools that allow for custom code, such as WordPress plugins like Simple Custom CSS and JS or the "Miscellaneous Scripts" section of the Magento admin panel. "

Cybersecurity researchers have discovered a credit card skimmer that's concealed within a fake Meta Pixel tracker script in an attempt to evade detection. Sucuri said that the malware is injected into websites through tools that allow for custom code, such as WordPress plugins like Simple Custom CSS and JS or the "Miscellaneous Scripts" section of the Magento admin panel. "Newsroomhttp://www.blogger.com/profile/[email protected]

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday issued an emergency directive (ED 24-02) urging federal agencies to hunt for signs of compromise and enact preventive measures following the recent compromise of Microsoft's systems that led to the theft of email correspondence with the company. The attack, which came to light earlier this year, has been

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday issued an emergency directive (ED 24-02) urging federal agencies to hunt for signs of compromise and enact preventive measures following the recent compromise of Microsoft's systems that led to the theft of email correspondence with the company. The attack, which came to light earlier this year, has been Newsroomhttp://www.blogger.com/profile/[email protected]

Far from shrinking, the scale of mercenary surveillance companies paid by governments to spy on journalists, human rights campaigners, and other members of the civil state is growing.

Today Apple warned iPhone users in an astonishing 92 nations that attacks against them have taken place. (The company sends out these notifications several times each year.) Without opposition, governments and other entities will not quit this unconstrained descent into becoming a surveillance society.

You are a surveillance target

According to TechCrunch, Apple wrote users: “Apple detected that you are being targeted by a mercenary spyware attack that is trying to remotely compromise the iPhone associated with your Apple ID. This attack is likely targeting you specifically because of who you are or what you do. Although it’s never possible to achieve absolute certainty when detecting such attacks, Apple has high confidence in this warning — please take it seriously.” 

The latest rash of warnings means Apple has now identified 150 nations in which such attacks have taken place. There are 196 nations on the planet.

“Since 2021, we have sent Apple threat notifications multiple times a year as we have detected these attacks, and to date we have notified users in over 150 countries in total,” Apple said.

Though it may not be aware of every attack, its security teams work around the clock to protect customers against what it has until recently described as “state sponsored mercenary surveillance.” Many of the firms engaged in selling snooping software are, like NSO Group, Israel-based. 

What to do if you receive a warning 

If you have received a threat notification, you should act immediately. Amnesty International’s Security Lab tells us that an Apple threat notification should be seen as a very strong indication that you are being attacked. 

Amnesty’s own forensic tests with individual devices that have received such notifications confirm they should be taken seriously, and if you have received one, you should take immediate steps to remediate and secure your digital existence. 

Apple advises that you secure expert help, such as the rapid-response emergency security assistance provided by the Digital Security Helpline at the non-profit Access Now. Amnesty International and other Security Lab civil society partners are also equipped to provide support to individuals who received the Apple notifications. 

Are these attacks proliferating?

Reuters also notes that Apple has changed how it describes the attacks. The company now tells people that they may have been victims of “mercenary spyware attack,” rather than framing the assault as being “state-sponsored” as it did before. 

While this is described as a reaction to government reluctance to be linked with such attacks, it is also plausible to believe that it reflects continued growth in the surveillance business. As I’ve warned before, today’s expensive state-sponsored attacks become tomorrow’s $100 bargain deal on the dark web. These offensive technologies are utterly insidious and rot the center of democracy.

Apple also updated its Apple Support article concerning mercenary spyware and the threat notifications it has shared. “Mercenary spyware attacks cost millions of dollars and often have a short shelf life, making them much harder to detect and prevent,” the company said. “The vast majority of users will never be targeted by such attacks.”

Ivan Krstić, head of Apple security engineering and architecture, has previously promised to keep fighting back: “Apple runs one of the most sophisticated security engineering operations in the world, and we will continue to work tirelessly to protect our users from abusive state-sponsored actors like NSO Group.”

That said, a report today from Interpres Security seems to confirm the growing magnitude of these threats.

Security advice

In an increasingly challenging security environment, everyone online should protect themselves:

• Update devices with latest software.
• Use complex passcodes.
• Use two-factor authentication.
• Protect their Apple ID with a strong password.
• Install apps only from trusted sources, such as the App Store.
• Use strong and unique passwords.
• Never click on links or attachments from people you do not know.

Finally, if you think you may be a target, use Lockdown Mode.

Apple developed this mode in response to a wave of sophisticated attacks (Pegasus, Devils Tongue and Hermit). Lockdown Mode provides a great deal of protection at the cost of some utility; Apple is expected to continue to invest in securing its platforms, even against the designed in weaknesses it is being forced to adopt in reaction to some regulations, particularly in Europe and the UK.

Please follow me on Mastodon, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.

Apple, iOS Security, Mobile Security

GitGuardian is famous for its annual State of Secrets Sprawl report. In their 2023 report, they found over 10 million exposed passwords, API keys, and other credentials exposed in public GitHub commits. The takeaways in their 2024 report did not just highlight 12.8 million new exposed secrets in GitHub, but a number in the popular Python package repository PyPI. PyPI,

A threat actor tracked as TA547 has targeted dozens of German organizations with an information stealer called Rhadamanthys as part of an invoice-themed phishing campaign. "This is the first time researchers observed TA547 use Rhadamanthys, an information stealer that is used by multiple cybercriminal threat actors," Proofpoint said. "Additionally, the actor appeared to

GitGuardian is famous for its annual State of Secrets Sprawl report. In their 2023 report, they found over 10 million exposed passwords, API keys, and other credentials exposed in public GitHub commits. The takeaways in their 2024 report did not just highlight 12.8 million new exposed secrets in GitHub, but a number in the popular Python package repository PyPI. PyPI, The Hacker Newshttp://www.blogger.com/profile/[email protected]

A threat actor tracked as TA547 has targeted dozens of German organizations with an information stealer called Rhadamanthys as part of an invoice-themed phishing campaign. "This is the first time researchers observed TA547 use Rhadamanthys, an information stealer that is used by multiple cybercriminal threat actors," Proofpoint said. "Additionally, the actor appeared to Newsroomhttp://www.blogger.com/profile/[email protected]

**Microsoft ve Windows 11 všem zapíná druhou část Momentu 5 **Do Windows 10 míří Spotlight, který automaticky mění tapety **Dubnové povinné aktualizace opravují 149 zranitelných míst

Spreadsheets can be vast, often containing thousands of rows of repetitive data that makes them impossible to parse at a glance. Fortunately, Excel offers two powerful features — PivotTables and PivotCharts — for summarizing data sets and presenting them visually.

What is a PivotTable?

A PivotTable allows you to take an extensive data set with multiple columns and rows and summarize that data in a compact, easy-to-read table. You can create multiple PivotTables from the same data set, each highlighting different aspects of the data. And PivotTables are interactive — you can easily manipulate them to filter or rearrange the data shown in one.

What is a PivotChart?

A PivotChart is a chart visualization based on the summarized information in a PivotTable. You can choose from a wide variety of chart types to best display a PivotTable’s data. The combinations you can create using these tools are countless.

In this tutorial, we will give you step-by-step instructions on how to get started with PivotTables and PivotCharts, and you can apply these steps to any data set you work with in Excel. We’ll demonstrate in Excel for Windows under a Microsoft 365 subscription; if you’re using a different version of Excel, your interface might look a little different and the steps might vary slightly, but things work more or less the same way.

How to create a PivotTable in Excel

We will use the data set shown below as our starting point:

The starting data set for our PivotTable examples.

Shimon Brathwaite / IDG

To get started, select any cell in the data set, then go to the Ribbon toolbar at the top of the spreadsheet and select Insert. At the far left of the toolbar, select the PivotTable button.

A pop-up appears that lets you select the range of data you want to analyze and where to place the PivotTable. Make sure the whole data set is selected and that the PivotTable will be placed in a new worksheet, then click OK.

Starting a PivotTable in Excel.

Shimon Brathwaite / IDG

Now we are brought to the starting page for creating a PivotTable. From here, we can begin constructing our first data summary.

Your blank canvas for PivotTable creation.

Shimon Brathwaite / IDG

First, we will look at the total quantity of each ordered product. To do this, let’s check the checkbox next to Quantity in the PivotTable Fields sidebar on the right. This will move Quantity into the Values area at the bottom right of the sidebar. Next, drag Product_# into the Rows area to sort by Product_#. The screenshot below shows the result.

This PivotTable shows the quantity of each product type sold.

Shimon Brathwaite / IDG

Here we see a summary of the quantity of products sold by product number and the total quantity of all products sold. You can do this sort of simple analysis with any two variables, but you can also do more fine-grained summaries.

Next, we will add another layer to our analysis by displaying quantity of products by product number and categorizing them by order category. To do this, drag Order_Category into the Rows section of the sidebar and make sure that Order_Category is on top. (You can reorder the items in any area of the sidebar by dragging and dropping them.)

In this version of the PivotTable, another element is shown: Order_Category.

Shimon Brathwaite / IDG

It’s important to understand that you can manipulate how information is shown in the table by the order in which you place the items in any section of the PivotTable. Since we put Order_Category on top of the Rows area, the PivotTable is summarized by that first and then by Product_# inside. To show the opposite sorting, move Product_# to the top in the Rows section and see the result.

Reversing how Product_# and Order_Category are displayed in the PivotTable.

Shimon Brathwaite / IDG

So far, we have only used the Rows section of the PivotTable builder, but we can show even more information using the Rows and Columns sections together. To demonstrate, we will display the total quantity of products sold at different unit prices. To do this, uncheck the Order_Category checkbox at the top of the sidebar, keep Product_# in the Rows section, and then drag Unit_Price into the Columns section.

The PivotTable now has columns for different unit prices.

Shimon Brathwaite / IDG

We have created a summary showing the amount of each product sold at a particular unit price. Now, let’s say we don’t want to view all of the products at the same time. We can limit the products shown using the filtering tools built into PivotTables.

First, let’s filter our results by Products 1, 2, and 3. Click the downward triangle icon next to Row Labels. In the filtering pop-up that appears, select Products 1, 2, and 3. The PivotTable will change to show only those three products.

Filtering the PivotTable to show only Products 1, 2, and 3.

Shimon Brathwaite / IDG

Once you are done, select the Clear Filter button in the pop-up, and the full PivotTable reappears.

Next, let’s filter by unit price using the Column Labels filter option. Select that filter and select the $4.00, $5.00, & $7.00 options to change your PivotTable.

Filtering the PivotTable to show only items that cost $4.00, $5.00, and $7.00.

Shimon Brathwaite / IDG

You can also use the pop-up to sort the items in the PivotTable by various fields, and to filter using conditions such as “Greater Than” or “Contains.” It’s worth spending a little time playing with the options to see what happens; just remember to click Clear Filter when you’re done.

Before we move on to PivotCharts, let’s discuss the Filters area of the sidebar. This can be used to filter out specific items from the PivotTable, but you may find it simpler to remove the field altogether or use the filtering and sorting options that we discussed earlier for more granular control. However, you can see how this box functions by moving the “Product_#” field to the Filters area.

Another way to filter PivotTable data is by using the Filters area in the PivotTable Fields sidebar.

Shimon Brathwaite / IDG

How to create a PivotChart in Excel

Now, let’s move on to how to create data visualizations using PivotCharts. To add a PivotChart to the main data set, go back to the worksheet that contains the main data set, place your cursor in a cell that contains data, and select Insert>  PivotChart in the Ribbon.

Starting a PivotChart in Excel.

Shimon Brathwaite / IDG

Hit OK on the dialog box that pops up, and the familiar PivotTable builder interface appears, with an additional placeholder for a PivotChart.

Your blank canvas for PivotChart creation.

Shimon Brathwaite / IDG

We will summarize the quantity of items sold by order category and unit price. In the sidebar, check Quantity to add it to the Values area, then drag Order_Category and Unit_Price to the Axis (Categories) area, with Order_Category on top. This will create a PivotTable and a column chart displaying the information we have selected.

The PivotChart graphically displays the information from the PivotTable at left.

Shimon Brathwaite / IDG

But you’re not limited to column charts; there are multiple types of charts to choose from. Right-click the column chart, select Change Chart Type, and select Pie > 3-D Pie to see a different chart example.

Choosing a different chart type for the PivotChart.

Shimon Brathwaite / IDG

The result will look like the screenshot below.

The PivotChart in 3-D pie chart form.

Shimon Brathwaite / IDG

You can filter or sort the data in the PivotTable that a PivotChart is based on, and those changes will be reflected in the PivotChart. To see what this looks like, click the minus sign to the left of Large Order in the PivotTable to the left of the chart. The Large Order section of the PivotTable collapses and shows only the large order total, without breaking it down by unit price. The same thing happens in the PivotChart to the right.

The PivotChart with Large Orders collapsed into a single slice of pie.

Shimon Brathwaite / IDG

Now you see how using PivotTables and PivotCharts lets you create data summaries and visualizations to display specific data quickly and easily. These options can be used on data sets of almost any size and easily customized to show only very specific information. The combinations that you can create using PivotTables and PivotCharts are almost endless, and we encourage you to test them out on any data sets that you work with in Excel.

Microsoft 365, Microsoft Excel, Microsoft Office, Office Suites, Productivity Software

Apple on Wednesday revised its documentation pertaining to its mercenary spyware threat notification system to mention that it alerts users when they may have been individually targeted by such attacks. It also specifically called out companies like NSO Group for developing commercial surveillance tools such as Pegasus that are used by state actors to pull off "individually targeted

Apple on Wednesday revised its documentation pertaining to its mercenary spyware threat notification system to mention that it alerts users when they may have been individually targeted by such attacks. It also specifically called out companies like NSO Group for developing commercial surveillance tools such as Pegasus that are used by state actors to pull off "individually targeted Newsroomhttp://www.blogger.com/profile/[email protected]

Fortinet has released patches to address a critical security flaw impacting FortiClientLinux that could be exploited to achieve arbitrary code execution. Tracked as CVE-2023-45590, the vulnerability carries a CVSS score of 9.4 out of a maximum of 10. "An Improper Control of Generation of Code ('Code Injection') vulnerability [CWE-94] in FortiClientLinux may allow an unauthenticated attacker to

Fortinet has released patches to address a critical security flaw impacting FortiClientLinux that could be exploited to achieve arbitrary code execution. Tracked as CVE-2023-45590, the vulnerability carries a CVSS score of 9.4 out of a maximum of 10. "An Improper Control of Generation of Code ('Code Injection') vulnerability [CWE-94] in FortiClientLinux may allow an unauthenticated attacker to Newsroomhttp://www.blogger.com/profile/[email protected]

In the dynamic landscape of web development , ensuring that applications perform uniformly across various web browsers is a vital aspect of user experience. This becomes increasingly important for Linux systems, where the default browsers and configurations range presents unique challenges. Cross-browser compatibility testing on Linux helps to identify and resolve these discrepancies, thereby enhancing the accessibility and functionality of web applications for all users.

The one thing that seems about as certain as death and taxes is that, over time, your Windows 10 PC seems to slow down. There are a variety of reasons this can happen, from accumulated apps and background processes that run amok to registry problems and outdated drivers.

How to speed up your computer

Want your Windows 10 PC to run faster? We’re here to help. By tweaking some of the operating settings, your machine will be zippier and less prone to performance and system issues.

And if you’re already running Windows 11, we’ve got you covered there. Check out our top ways to keep Windows 11 devices chugging along smoothly.

Here’s our list of tips for Windows 10.

The top ways to speed up Windows 10

• Change your power settings
• Disable programs that run on startup
• Go to a previous restore point
• Use ReadyBoost to speed up disk caching
• Shut off Windows tips and tricks
• Stop OneDrive from syncing
• Use OneDrive files on-Demand
• Turn off search indexing
• Clean out your hard disk
• Clean out your Registry
• Disable shadows, animations and visual effects
• Disable transparency
• Update your device drivers
• Turn on automated Windows maintenance
• Kill bloatware
• Defrag your hard disk
• Disable Game Mode
• Shut down and restart Windows

You may notice that that last tip is the most tried-and-true way of (hopefully) smoothing out any problems in Windows 10. There’s a reason it’s effectively an internet meme.

1. Change your power settings

If you’re using Windows 10’s “Power saver” plan, you’re slowing down your PC. That plan reduces your PC’s performance in order to save energy. (Even desktop PCs typically have a “Power saver” plan.) Changing your power plan from “Power saver” to “High performance” or “Balanced” will give you an instant performance boost.

To do it, launch the Control Panel app, then select Hardware and Sound > Power Options. You’ll typically see two options: Balanced (recommended) and Power saver. (Depending on your make and model, you might see other plans here as well, including some branded by the manufacturer.) To see the High performance setting, click the down arrow by Show additional plans.

Change your power settings in Control Panel to give your PC a performance boost. (Click image to enlarge it.)

To change your power setting, simply choose the one you want, then exit Control Panel. “High performance” gives you the most oomph, but uses the most power; “Balanced” finds a happy medium between power use and better performance; and “Power saver” does everything it can to give you as much battery life as possible. Desktop users have no reason to choose “Power saver,” and even laptop users should consider the “Balanced” option when unplugged — and “High performance” when connected to a power source.

2. Disable programs that run on startup

One reason your Windows 10 PC may feel sluggish is that you’ve got too many programs running in the background — programs that you rarely or never use. Stop them from running, and your PC will run more smoothly.

Start by launching the Task Manager: Press Ctrl-Shift-Esc, right-click the lower-right corner of your screen and select Task Manager, or type task manager into the Windows 10 search box and press Enter. If the Task Manager launches as a compact app with no tabs, click More details at the bottom of your screen. The Task Manager will then appear in its full-tabbed glory. There’s plenty you can do with it, but we’re going to focus only on killing unnecessary programs that run at startup.

Click the Startup tab. You’ll see a list of the programs and services that launch when you start Windows. Included on the list is each program’s name as well as its publisher, whether it’s enabled to run on startup, and its “Startup impact,” which is how much it slows down Windows 10 when the system starts up.

To stop a program or service from launching at startup, right-click it and select Disable. This doesn’t disable the program entirely; it only prevents it from launching at startup — you can always run the application after launch. Also, if you later decide you want it to launch at startup, you can just return to this area of the Task Manager, right-click the application and select Enable.

You can use the Task Manager to help get information about programs that launch at startup and disable any you don’t need. (Click image to enlarge it.)

Many of the programs and services that run on startup may be familiar to you, like OneDrive or Evernote Clipper. But you may not recognize many of them. (Anyone who immediately knows what “bzbui.exe” is, please raise your hand. No fair Googling it first.)

The Task Manager helps you get information about unfamiliar programs. Right-click an item and select Properties for more information about it, including its location on your hard disk, whether it has a digital signature, and other information such as the version number, the file size and the last time it was modified.

You can also right-click the item and select Open file location. That opens File Explorer and takes it to the folder where the file is located, which may give you another clue about the program’s purpose.

Finally, and most helpfully, you can select Search online after you right-click. Bing will then launch with links to sites with information about the program or service.

If you’re really nervous about one of the listed applications, you can go to a site run by Reason Software called Should I Block It? and search for the file name. You’ll usually find very solid information about the program or service.

Now that you’ve selected all the programs that you want to disable at startup, the next time you restart your computer, the system will be a lot less concerned with unnecessary programs.

3. Go to a previous restore point

As you use Windows 10, it automatically creates restore points that are essentially snapshots of your system at specific moments in time, including installed software, drivers, and updates. Restore points are a kind of safety net so if something goes wrong, you can always restore your PC to a previous state.

They can also be used to speed up your PC if you notice — for no reason you can fathom — it’s started to slow down. Recently installed problematic drivers, software, or updates could be to blame, so going back to a previous restore point could speed things up again because the system will be returned to the state it was in before the problems started. Keep in mind, though, that you’ll only be able to restore your system to the state it was in during the last seven to 10 days. (Restore points don’t affect your files, so you won’t lose any files by going to a restore point.)

To go to a previous restore point:

1. Save any open files and close all your programs.
2. In the search box type advanced system and then click View advanced system settings. You’ll be sent to the Advanced tab of System Properties in the Control Panel.
3. Click the System Protection tab.
4. In the System Restore area, click System Restore.
5. On the screen that pops up, the “Recommended restore” option will be chosen for you. Click Next if you want to go that restore point. To see others, click Choose a different restore point. Highlight the one you want to use and click Next.
6. Click Finish from the screen that appears.
7. Your system will restore to the restore point you chose and shut down. Restart your PC.

Going to a restore point can help speed up your PC if you’ve recently installed drivers, software, or updates that have slowed down your system. (Click image to enlarge it.)

Note: there’s a chance System Restore isn’t turned on, meaning you won’t be able to use this tip. If that’s the case, you should turn it on to solve any future problems. To do so:

1. In the search box, type create a restore point, then click Create a restore point.
2. On the System Protection tab, select Configure.
3. Select Turn on system protection. Leave the other settings on the page as they are.
4. Click OK. From now on, your PC will automatically create restore points.

4. Use ReadyBoost to speed up disk caching

Windows 10 regularly stores cached data on your hard disk, and then when it needs the data, fetches it from there. The time it takes to fetch cached data depends on the speed of your hard disk. If you have a traditional hard disk instead of an SSD, there’s a trick that can help speed up your cache: use Windows’ ReadyBoost feature. It tells Windows to cache data to a USB flash drive, which is faster than a hard disk. Fetching data from that speedier cache should speed up Windows.

First, plug a USB flash drive into one of your PC’s USB ports. The flash drive needs to support at least USB 2.0, and preferably USB 3 or faster. The faster your flash drive, the more of a speed boost you should see. Also, look for a flash drive that is at least double the size of your PC’s RAM for maximum performance.

After you plug in in the drive, open File Explorer and click This PC. Look for the flash drive. It may have an odd name, like UDISK 28X, or something even less obvious. Right-click it, choose Properties, and click the ReadyBoost tab.

Turn on ReadyBoost from this screen to speed up your PC. (Click image to enlarge it.)

You’ll come to a screen that asks whether you want to use the flash drive as a cache and recommends a cache size. Leave the cache size as is or change it if you like. Then select Dedicate this device to ReadyBoost and click Apply and then OK.

(Note that if you see the message, “This device cannot be used for ReadyBoost” when you click the ReadyBoost tab, it means your flash drive doesn’t meet ReadyBoost’s minimum performance standards, so you’ll have to insert a new one.)

As you use your computer, ReadyBoost will start filling the cache with files, so you may notice an increase in disk activity. Depending on how much you use your PC, it can take a few days for your cache to fill and offer maximum improved performance. If you don’t see an increase in performance, try a flash disk with more capacity.

Note: If you have an SSD, you won’t get any extra speed from ReadyBoost, and it might even hurt performance. So don’t use this on a system with an SSD.

5. Shut off Windows tips and tricks

As you use your Windows 10 PC, Windows keeps an eye on what you’re doing and offers tips about things you might want to do with the operating system. In my experience, I’ve rarely if ever found these “tips” helpful. I also don’t like the privacy implications of Windows constantly taking a virtual look over my shoulder.

Windows watching what you’re doing and offering advice can also make your PC run more sluggishly. So if you want to speed things up, tell Windows to stop giving you advice. To do so, click the Start button, select the Settings icon and then go to System > Notifications & actions. Scroll down to the Notifications section and uncheck the box marked “Get tips, tricks, and suggestions as you use Windows.”

Turning off Windows’ suggestions for you should help things run more smoothly (and give you back a measure of privacy). (Click image to enlarge it.)

That’ll do the trick.

6. Stop OneDrive from syncing

Microsoft’s cloud-based OneDrive file storage, built into Windows 10, keeps files synced and up to date on all of your PCs. It’s also a useful backup tool so that if your PC or its hard disk dies, you still have all your files intact, waiting for you to restore them.

Here’s how to turn off OneDrive syncing temporarily, to see if that boosts system performance. (Click image to enlarge it.)

It does this by constantly syncing files between your PC and cloud storage — something that can also slow down your PC. That’s why one way to speed up your PC is to stop the syncing. Before you turn it off permanently, though, you’ll want to check whether it is actually slowing down your PC.

To do so, right-click the OneDrive icon (it looks like a cloud) in the notification area on the right side of the taskbar. (Note: In order to see the OneDrive icon, you may need to click an upward facing arrow.) From the pop-up screen that appears, click Pause syncing and select either 2 hours, 8 hours, or 24 hours, depending upon how long you want it paused. During that time, gauge whether you’re seeing a noticeable speed boost.

If so, and you decide you do indeed want to turn off syncing, right-click the OneDrive icon, and from the pop-up, select Settings > Account. Click Unlink this PC, and then from the screen that appears, click Unlink account. When you do that, you’ll still be able to save your files to your local OneDrive folder, but it won’t sync with the cloud.

If you find that OneDrive slows down your PC but prefer to keep using it, you can try to troubleshoot OneDrive problems. For info on how to do that, check out Microsoft’s “Fix OneDrive sync problems” page.

7. Use OneDrive Files On-Demand

Some users may not want to stop OneDrive from syncing; doing so defeats its purpose of making sure you have the latest files on whatever device you use. And it would also mean you won’t be able to use OneDrive as a way to safely back up files.

But there’s a way to get the best of both worlds: You can keep syncing to an absolute minimum and only do it when absolutely necessary. You’ll speed up performance, and still get the best of what OneDrive has to offer.

To do this, you use Windows’ OneDrive Files On-Demand feature. With it, you can choose to keep only certain files on your PC, but still have access to all your other OneDrive files in the cloud. When you want to use one of those online files, you open it directly from the cloud. With fewer files on your PC syncing, you should see a performance boost.

Right-click the OneDrive icon on the right side of the Taskbar and select Settings. Click Advanced settings and scroll down to the Files On-Demand section. Click Free up disk space and select Continue. When you do that, all the files on your PC will be set to online-only, which means they’re only available from OneDrive in the cloud not on your PC. From now on, the first time you want to open one of your files, you’ll have to be online – that is, unless you use the following instructions to make some files available on your PC as well as in the cloud, while you leave others available only in the cloud.

After you click the Continue button, you’ll see OneDrive in a File Explorer window.  For every folder whose files you want kept on your PC, right-click the folder and select Always keep on this device. You can do the same thing for subfolders and individual files.

Later, if you want to have folders, subfolders, or files stored only in OneDrive in the cloud, right-click it in File Explorer, and uncheck the box next to Always keep on this device. You can change the status of folders, subfolders, and files like this whenever you like.

Use this dialog box to turn on OneDrive Files on-Demand

If you change your mind and want all your files stored locally and kept in sync via OneDrive, go back to the “Advanced settings” section of OneDrive settings page, scroll down to the Files On-Demand section and click Download all files.

Note that OneDrive Files On-Demand is available only on Windows 10 version 1709 and higher.

8. Turn off search indexing

Windows 10 indexes your hard disk in the background, allowing you — in theory — to search your PC more quickly than if no indexing were being done. But slower PCs that use indexing can see a performance hit, and you can give them a speed boost by turning off indexing. Even if you have an SSD disk, turning off indexing can improve your speed, because the constant writing to disk that indexing does can eventually slow down SSDs.

To get the maximum benefit in Windows 10, you need to turn indexing off completely. To do so, type services.msc in the Windows search box and press Enter. The Services app appears. Scroll down to either Indexing Service or Windows Search in the list of services. Double-click it, and from the screen that appears, click Stop. Then reboot your machine. Your searches may be slightly slower, although you may not notice the difference. But you should get an overall performance boost.

Here’s how to turn off Windows 10 indexing. (Click image to enlarge it.)

If you’d like, you can turn off indexing only for files in certain locations. To do this, type index in the Windows search box and click the Indexing Options result that appears. The Indexing Options page of the Control Panel appears. Click the Modify button, and you’ll see a list of locations that are being indexed, including Microsoft Outlook, Internet Explorer History, and your hard drive or drives. Uncheck the box next to any location, and it will no longer be indexed. If you’d like to customize what gets indexed and what doesn’t on individual drives, click the down arrow next to any drive and check the box next to what you want indexed and uncheck the box of what you don’t.

9. Clean out your hard disk

If you’ve got a bloated hard disk filled with files you don’t need, you could be slowing down your PC. Cleaning it out can give you a speed boost. Windows 10 has a surprisingly useful built-in tool for doing this called Storage Sense. Go to Settings > System > Storage and at the top of the screen, move the toggle from Off to On. When you do this, Windows constantly monitors your PC and deletes old junk files you no longer need — temporary files, files in the Downloads folder that haven’t been changed in a month, and old Recycle Bin files.

You can customize how Storage Sense works and also use it to free up even more space than it normally would. Underneath Storage Sense, click Configure Storage Sense or run it now. From the screen that appears, you can change how often Storage Sense deletes files (every day, every week, every month or when your storage space gets low).

You can also tell Storage Sense to delete files in your Download folder, depending on how long they’ve been there, and set how long to wait to delete files in the Recycle Bin automatically. You can also have Storage Sense move files from your PC to the cloud in Microsoft’s OneDrive cloud storage if they’re not opened for a certain amount of time (every day, or every 14 days, 30 days, or 60 days).

IDG

Here’s how to customize the way Storage Sense works, and to tell it to delete old versions of Windows. (Click image to enlarge it.)

10. Clean out your Registry

Under the Windows hood, the Registry tracks and controls just about everything about the way Windows works and looks. That includes information about where your programs are stored, which DLLs they use and share, what file types should be opened by which program, and just about everything else.

But the Registry is a very messy thing. When you uninstall a program, for example, that program’s settings don’t always get cleaned up in the Registry. So over time, it can get filled with countless outdated settings of all types. And that can lead to system slowdowns.

Don’t even think of trying to clean any of this out yourself. It’s impossible. To do it, you need a Registry Cleaner. There are plenty available, some free and some paid. But there’s really no need to outright buy one, because the free Auslogics Registry Cleaner does a solid job.

Before using Auslogics or any other Registry cleaner, you should back up your Registry so you can restore it if anything goes wrong. (Auslogics Registry Cleaner does this for you as well, but it can’t hurt to have it backed up twice.) To do your own Registry backup, type regedit.exe in the search box, then press Enter. That runs the Registry editor. From the File menu, select Export. From the screen that appears, make sure to choose the All option in the “Export range” section at the bottom of the screen. Then choose a file location and file name and click Save. To restore the Registry, open the Registry editor, select Import from the File menu, then open the file you saved.

Now download, install, and run Auslogics Registry Cleaner. On the left-hand side of the screen you can select the kinds of Registry issues you want to clean up — for example, File Associations, Internet, or Fonts. I generally select them all.

IDG

Auslogics Registry Cleaner scans for and fixes problems in your Windows Registry. (Click image to enlarge it.)

Next, tell it to scan the Registry for problems. To do that, click Scan Now, and from the drop-down menu that appears, select Scan. That lets you first examine the Registry problems it finds. If you instead choose Scan and Resolve, it makes the fixes without you checking them.

It now scans your Registry for errors, then shows you what it found. Uncheck the boxes next to any you don’t want it to fix.  Click Resolve when you’ve made your decision, and make sure that Back Up Changes is checked, so you can restore the Registry easily if something goes wrong. If you want to see details about what it’s done, click View detailed report at the bottom of the screen.

11. Disable shadows, animations, and visual effects

Windows 10 has some nice eye candy — shadows, animations, and visual effects. On fast, newer PCs, these don’t usually affect system performance. But on slower and older PCs, they can exact a performance hit.

It’s easy to turn them off. In the Windows 10 search box, type sysdm.cpl and press Enter. That launches the System Properties dialog box. Click the Advanced tab and click Settings in the Performance section. That brings you to the Performance Options dialog box. You’ll see a varied list of animations and special effects.

IDG

The Performance Options dialog box lets you turn off effects that might be slowing down Windows 10. (Click image to enlarge it.)

If you have time on your hands and love to tweak, you can turn individual options on and off. These are the animations and special effects you’ll probably want to turn off, because they have the greatest effect on system performance:

• Animate controls and elements inside windows
• Animate windows when minimizing and maximizing
• Animations in the taskbar
• Fade or slide menus into view
• Fade or slide ToolTips into view
• Fade out menu items after clicking
• Show shadows under windows

However, it’s probably a lot easier to just select Adjust for best performance at the top of the screen and then click OK. Windows 10 will then turn off the effects that slow down your system.

12. Disable transparency

In addition to turning off shadows, animations, and visual effects, you should also disable the transparency effects that Windows 10 uses for the Start menu, the Taskbar, and the Action Center. It takes a surprising amount of work for Windows to create these transparency effects, and turning them off can make a difference in system performance.

To do it, from Settings, choose Personalization > Colors, scroll down to “Transparency effects” and move the slider to Off.

IDG

Turning off Windows 10’s transparency effects can help speed up performance. (Click image to enlarge it.)

13. Update your device drivers

Windows 10 can take a big performance hit if it’s using outdated drivers. Installing the latest ones can go a long way towards speeding it up. Particularly problematic are graphics drivers, so those are the ones you should make sure to update. To do it:

1. Type devmgmt.msc into the Search box and click the Device Manager icon that appears in the right pane.
2. Scroll to the Display Adapters entry and click the side-facing arrow to expand it.
3. Right-click the driver that appears.
4. From the context menu that appears, select Update driver.
5. You’ll be asked whether to have Windows search for an updated driver or if you want to find one and install it manually. Your best bet is to let Windows do the work. Follow the on-screen instructions to install the driver.

IDG

Updating your device drivers with the Device Manager can give Windows 10 a speed boost. (Click image to enlarge it.)

You can do this to update all your drivers, not just graphics-related ones. It can take a while to do that one by one using the Device Manager, so you might want to use Windows Update to do it for you instead.

1. Launch the Settings app and select Update & Security > Windows Update.
2. Select Advanced Options > View optional updates > Driver updates. A list of all driver updates that Windows has found but hasn’t installed appears.
3. Select any of the drivers you want to install and click Download & Install.

IDG

Windows Update finds drivers you might want to update. (Click image to enlarge it.)

14. Turn on automated Windows maintenance

Every day, behind the scenes, Windows 10 performs maintenance on your PC. It does things like security scanning and performing system diagnostics to make sure everything is up to snuff — and automatically fixes problems if it finds them. That makes sure your PC runs at peak performance. By default, this automatic maintenance runs every day at 2:00 a.m., as long as your device is plugged into a power source and is asleep.

There’s a chance, though, that the feature has been accidentally turned off or you haven’t had your PC plugged in for a while, so the maintenance hasn’t been done. You can make sure it’s turned on and runs every day, and run it manually if you’d like.

Run the Control Panel app and select System and Security > Security and Maintenance. In the Maintenance section, under Automatic Maintenance, click “Start maintenance” if you want it to run now. To make sure that it runs every day, click “Change maintenance settings,” and from the screen that appears, select the time you’d like maintenance to run, and check the box next to “Allow scheduled maintenance to wake up my computer at the scheduled time.” Then click OK.

IDG

You can designate a time each day for Windows to run its maintenance tasks. (Click image to enlarge it.)

15. Kill bloatware

Sometimes the biggest factor slowing down your PC isn’t Windows 10 itself, but bloatware or adware that takes up CPU and system resources. Adware and bloatware are particularly insidious because they may have been installed by your computer’s manufacturer. You’d be amazed at how much more quickly your Windows 10 PC can run if you get rid of it.

First, run a system scan to find adware and malware. If you’ve already installed a security suite such as Norton Security or McAfee LiveSafe, you can use that. You can also use Windows 10’s built in anti-malware app — just type windows security in the search box, press Enter, and then select Virus & threat protection > Quick Scan. Windows Defender will look for malware and remove any it finds.

It’s a good idea to get a second opinion, though, so consider a free tool like Malwarebytes Anti-Malware. The free version scans for malware and removes what it finds; the paid version offers always-on protection to stop infections in the first place.

IDG

Malwarebytes Anti-Malware is a useful application that will scan for and fix Windows 10 PC problems. (Click image to enlarge it.)

Now you can check for bloatware and get rid of it. A good program to do that is PC Decrapifier. And Should I Remove It? is a website that offers advice on what files may be malware or bloatware.

For more details about removing bloatware, check out Computerworld’s article “Bloatware: What it is and how to get rid of it.”

16. Defrag your hard disk

The more you use your hard disk, the more it can become fragmented, which can slow down your PC. When a disk gets fragmented, it stores files willy-nilly across it, and it takes a while for Windows to put them together before running them.

Windows 10, though, has a built-in defragmenter you can use to defragment your hard disk. You can even tell it to run automatically so it stays constantly defragmented.

To do it, type defrag into the search box and press Enter. From the screen that appears, select the drive you want you want to defragment. Click the Optimize button to defragment it. Select multiple disks by holding down the Ctrl key and clicking each one you want to defragment.

If you want to have your disk or disks defragmented automatically, click the Change settings button, then check the box next to Run on a schedule. Now select the frequency at which you want the disk(s) defragmented by clicking the drop-down next to Frequency and selecting Daily, Weekly, or Monthly. (Weekly will be your best bet.) From this screen you can also choose multiple drives to defragment.

Note: If you have an SSD, defragging won’t offer any noticeable performance boost, and it could cause wear on the disk. So it’s not worth your while to defrag SSDs.

IDG

You can set Windows 10’s built-in disk defragmenter to run automatically on a schedule. (Click image to enlarge it.)

17. Disable Game Mode

If you’re a serious gamer, you probably know all about Game Mode, which optimizes your PC for playing games. That’s great for when you’re doing just that, but it can slow down your system when you’re not playing because it keeps some system resources in reserve in case you start playing a game and has occasionally been linked to stability issues. So turning off Game Mode can give your PC a quick boost. (You can always turn it back on again when you want to play a game.)

Game Mode is turned on by default, so even if you’ve never played a game on your PC, it’s probably enabled. To turn it off, go to Settings > Gaming > Game Mode and move the Game Mode slider to Off.

IDG

Turning off Game Mode can give your PC an instant boost. (Click image to enlarge it.)

18. Shut down and restart Windows

Here’s one of IT’s not-quite-secret weapons for troubleshooting and speeding up a PC: Shut it down and restart it. Doing that clears out any excess use of RAM that otherwise can’t be cleared. It also kills processes that you might have set in motion and are no longer needed, but that continue running and slow your system. If your Windows 10 PC has turned sluggish over time for no apparent reason, you may be surprised at how much more quickly it will run when you do this.

Try just some of these tricks, and you’ll find that you’ve got a faster Windows 10 PC — and one that is less likely to have any reliability problems.

This article was originally published in February 2016 and most recently updated in December 2023.

Computers, Microsoft, Small and Medium Business, Windows, Windows 10

Google has rolled out a premium tier for Chrome Enterprise, offering additional security features for the popular web browser.

Google launched Chrome Enterprise in 2017 as a business-focused edition of its Chrome browser with built-in management features for IT admins and security teams. On Tuesday, Google unveiled Chrome Enterprise Premium, promising enhanced security with features not available in the core version. 

This includes malware deep scanning, data loss prevention, the ability to filter URLs based on website category, and “context-aware access controls” that help enforce zero-trust access to cloud applications. There are also additional controls that enable admins to enforce enterprise policies and manage software updates, Google said. 

The growth in remote work has created new challenges around endpoint security, Parisa Tabriz, Google’s vice president for Chrome, said in a blog post, with businesses forced to contend with variety of employee devices outside of an organization’s managed fleet. “As these trends continue to accelerate and converge, it’s clear that the browser is a natural enforcement point for endpoint security in the modern enterprise,” she said. 

Indeed, with many business apps running in the cloud, the browser is becoming the entire endpoint environment for many end users, said Phil Hochmuth, research vice president for endpoint management and enterprise mobility for IDC. The new features will allow IT and security teams to manage browsers “like a PC endpoint,” he said, “allowing for granular access control, data protection and usage polices to be applied to the Enterprise Chrome browser environment separately from the underlying hardware device.”

When managed-device-level security can be enforced at the browser level, he said, it’s possible to extend corporate apps and data access to more types of users, including  remote or contract workers with BYOD endpoints. “It can help workers become more productive with a more flexible, but secure and managed, computing environment,” said Hochmuth.

Chrome Enterprise Premium is generally available now, with prices starting at $6 per user, per month. 

Browser Security, Chrome, Enterprise Applications, Google, Vendors and Providers