Patrick's System32 Deletion Trick

Patrick knows how to actually delete System32. Patrick is good at his job.

(In seriousness, I thought Windows File Protection would have intervened for integrity, but who knows if they maintain that for new files anymore. Last time I saw that trigger was XP.) https://t.co/j0GyumwMee

— SwiftOnSecurity (@SwiftOnSecurity) April 4, 2023

This is a GREAT example of how people like me, who think they know something about the integrity of a system based on experiences a decade+ ago can fall to people just... seeing if an assumption or folk knowledge is actually true.

Prepare for a humbling.

— SwiftOnSecurity (@SwiftOnSecurity) April 4, 2023

(This is NOT about @KaoAtlantis)

I've found there are situations you need to tell a mentee/junior person, "no that's not possible" to guide them to the right answer.

But often... you should just let them find out and gain muscle. Your relationship is not to flatter yourself.

— SwiftOnSecurity (@SwiftOnSecurity) April 4, 2023

🧵...Here's another in the series of" IT Experiences That Made Me Who I Am."

I work for a fairly large firm that does backoffice stuff for many major firms around the country. Reps in every state.

Randomly, people's fonts would turn italic. A lot of Windows interfaces. Italic.

— SwiftOnSecurity (@SwiftOnSecurity) April 4, 2023

This "bug" has been going on for years. windows XP system fonts turning italic.

Here's the critical bit: It doesn't _stop_ anyone from doing their job. It doesn't cause errors. It's just... what the hell? And nobody even asked because it was folk knowledge Helpdesk didn't care.

— SwiftOnSecurity (@SwiftOnSecurity) April 4, 2023

Well I arrive and I'm young and eager and this just annoys the ****ing shit out of me when I'm remote-controlling machines to fix them.

Eventually I get a laptop from someone who retired with this problem. I login as myself. I'm going to ****ing figure this out.

Look @ settings

— SwiftOnSecurity (@SwiftOnSecurity) April 4, 2023

(Clarification: Former employer I'm talking about)

XP was adaptable and let you change interface fonts very liberally. I had modded XP shell, so I was very familiar with this. You went to settings, everything was set to Arial Italic.

And (trying to remember) there was no Arial.

— SwiftOnSecurity (@SwiftOnSecurity) April 4, 2023

I don't fully understand fonts, nobody who thinks they do actually does. But Arial Italic for some reason was a different font.
So I go looking for Arial in the Fonts folder. It's not there. Wtf? This is a core system file. It comes in Windows.

No way to find out what happened.

— SwiftOnSecurity (@SwiftOnSecurity) April 4, 2023

Months/year later I'm helping a tech with one of the pieces of software we sell. I determined a service was screwing with the system and they didn't need it, so whatever easy fix kill it.

We remove it and reboot.

Everything is italic. What. The. Fuck.
(Going to start swearing)

— SwiftOnSecurity (@SwiftOnSecurity) April 4, 2023

I go to the team who makes this software. They're just coders. They have no idea how to make a Windows installer. They needed to move to another installer system.

So what they did was make a recording of everything the installer touched and recorded that into their own installer

— SwiftOnSecurity (@SwiftOnSecurity) April 4, 2023

TURNS THE FUCK OUT the installer recorder noticed their old installer relies on the Arial font. That's fine.

SO NEW UNINSTALLER REMOVES THE ARIAL FONT ON EVERY SYSTEM ON PRODUCT UNINSTALL. And XP, missing that, would go to next interface font, which was

Arial. Fucking. Italic.

— SwiftOnSecurity (@SwiftOnSecurity) April 4, 2023