Hi, Windhawk author here. Nice to see it on Hacker News.
This is just one Windhawk mod, submitted by a community member. There are hundreds others. Windhawk was created to simplify Windows customization and to make it more accessible, both for developers and users. For a more detailed introduction, check out the Windhawk release blog post:
Thanks for making this a safe place to modify Windows in a community-driven fashion. I mentioned it in a comment below, but I use the "Multirow taskbar for Windows 11" mod and it's been a godsend for keeping things more organized as before. I appreciate you and the mod community.
It's C++ programs in a Userscript format, which are compiled with a bundled instance of clang. Windhawk shows diffs of version changes, and most programs aren't much longer than a couple dozen lines, so pretty easy to visually verify
I've come across Windhawk before but the mods being just C++ programs seemed a little suspicious to me, how do you make sure the mods dont include malware?
When you install or run a program, how do you make sure it doesn't include malware? I assume that you check for the author's record/reputation, and perhaps look at the source code if it's available.
It's similar with Windhawk mods. The GitHub and X profiles are verified to be the profiles of the author, so you can decide whether you trust them. The source code is available, so you can inspect it as well. Mods are single-file and usually short, which makes it easier to review than an average program.
No disrespect but Windhawk’s process injection loader code was cut and paste from malware. I can’t imagine how many AV/EDR alerts that project has generated from using ROR API hashing and PEB symbol traversing.
To review these third-party mods one needs to understand C++, Windows programming, and fairly obscure theming-related parts of its internals, some of which are undocumented/reverse engineered, and many have poorly understood side effects. This is a pretty specific combination of skills that slowly approaches arcane status, even if might feel otherwise to some. But again, larger apps are indeed harder to review than this.
Huh, with AI you can always "review" those mods. They are small enough. Anyway they are distributed via the creator's github repo, so it's already somewhat of a peer reviewed mechanism.
Windhawk mods are distributed as source code and WH itself compiles it. It works the same way usescripts work with tampermonkey/violentmonkey on browsers.
If a mod includes malware it'll be very obvious as mods are usually small.
Top tier malware can be incredibly terse and sophisticated. The trigger line to execute the xz exploit was a `.` in a build script. You are probably fine do to sheer obscurity - nerds who yearn for a Win9X experience are low in number and might only be running it for a laugh in a VM.
It's not just for "nerds" if that's what you're implying. I use the "Multirow taskbar for Windows 11" Windhawk mod because I recently upgraded from Windows 10 to Windows 11, which removed the ability to have more than one row on the taskbar.
There's a malware risk in literally every piece of software. Windows itself behaves as malware with all the telemetry it gathers.
The tiny fraction of computer users who have the capability and interest to do this qualifies as nerds in my book. I did not realize this was still a pejorative on a forum where we are mostly all technical experts in some domain or another. It is your computer - go nuts.
Windows is weird. The way these mods work is injecting code into different processes, which is a very common malware technique. Keyloggers in particular work similarly to Windhawk. And that is not a swipe at Windhawk, that is just how Windows has you do this type of thing.
What’s really fun is hooking into the WM_PAINT event from the target processes main thread and then drawing your own controls over whatever was rendered…
Overlays, AIMBots, Discord, Flight Sim Software, we all do it…
Thanks to LD_PRELOAD you could downgrade tons of OpenGL effects and enforce some settings for high end games and make them playable with good speeds on legacy systems.
Also to force texture sizes and whatnot.
I wish Wine/Proton had options for those, to override antialising, texture sizes, rendering resolution and everything.
No one told you to be afraid, install anything you want on your computer. Personally I just dont want to deal with getting my logins and keys stolen. It'd be very annoying.
> If you want to live without the risk of a little danger, go live in prison.
You have a very interesting idea of prison life.
In any case, labeling this a FUD I find to be a rather ill-spirited characterization. "Be cautious, not afraid." It is difficult to exercise caution without being aware of the risks, and this is a real risk.
But since we're getting all philosophical, it also hampers the exploration of the space between uncontrolled safety + original vision <-> controlled safety + a total loss of that vision. Which I find is what a lot of the pleas towards "freedom" actually turn out to be; an obstruction of curiosity and rigor that would otherwise yield a more robust portfolio of options. The Monkey's Paw edition of the idea, where freedom is just another word for the unknown. The ability to do better, and an active choice not to.
If I think about when I usually take on operational risks at work confidently, it comes down to two things: knowing what might go wrong, and having a contingency plan. It is not going YOLO. Note the emphasis on taking on risks (so these are not unavoidable risks).
Contrast this with what was said. You're appealing to the risk both remaining unknown and staying unavoidable, while being fully aware that people do not maintain contingencies for this. How is this any reasonable? Is "rolling the dice on getting their systems infected" vs. "just getting their OS look different" really what you think people are looking to spice up their life with?
This is not a knock on the project or the community mind you, it's a knock on your idea of preferring to keep things yeeing and hawing. Something which I can assure you I'm growing equally if not more tired of than purportedly "having to be afraid". Especially given how I increasingly struggle to suspend my disbelief when people claim they're now being told all the time how they should "be afraid", and how they're now supposedly living in terror because of it, as the innocent victims they are. People blatantly mischaracterizing reasonable concerns as FUD over and over kinda does that to you. I think the trendy word for this is "performative"?
Between having to choose "not telling people about dangers so that those with an inability to properly self-regulate their anxiety don't go toast" and "always leading with the danger and safety information", maybe the way forward instead is having appropriate spaces for these? Cause I'd argue in that case, the extents the post you replied to went is pretty okay for this forum in my view. They know that arbitrary code is submitted, so they're wondering how malware is screened. Big deal.
> You have a very interesting idea of prison life.
That was intentional, because not only are you trapped and told exactly when and where to go by the obnoxious Cult Of Security, but every once in a while Windows Update and Windows Defender will come along and shiv you in the bathroom. Rev your system fans the moment you let your computer go “idle”, drain your battery in your bag, reboot out from under you, delete all your keygens and tell you it's for your benefit, and constantly hash your files and report your unique usage patterns to not only Microsoft but the NSA-weaponized Internet infrastructure between you and them. So-called security is inherently the panopticon just like prison.
> your idea of preferring to keep things yeeing and hawing
Hell yeah, at least my intent comes through. You may choose not to live free, but please respect that some of us do and are willing to have fun toys with community reputation :)
There's nothing on my Windows machine that could be leaked that hasn't already been leaked by Experian, AT&T, Snowflake, a million other breaches, probably lots of breaches we've never even heard about. My personal files back up to my mesh-VPNed NAS on a regular automated basis, and I enjoy a read+write Samba share and protection from cryptolockers simultaneously thanks to automated monthly/weekly/daily ZFS snapshots on my NAS. The yee-est of haws!
The intent sure comes through (despite your attempts to conceal it), the reasoning doesn't. And it continues not to, not the least because of the desire for superiority relentlessly taking over you, muddying your rationale with persistent smug mockery and creative interpretations. So unfortunately no, I'll have to kindly refuse your request to respect all this.
Can't speak for this product but disabling a lot of the animations, gradients, shadows & visual effects has made Windows 11 run significantly better on the computers I have it on. They didn't seem to add much value anyways.
I'm a fan of a lot of the user experience improvements being made in Windows over the last decade, such as Terminal, running Linux, Power Toys features, screenshots & recording, Paint finally getting layers, window management & more.
At the same time, I'm still not sure why we needed Windows 11 as the only good updates seem like they could have been done without it. All the visual changes have seemed to cause bugs & performance issues on relatively high powered PCs (64GB+ memory, m2 ssd drives, latest gen mid level GPU & CPU)
It seems the Windows ME, Vista, etc experiment continues to live on.
Disabling animations makes everything better no matter the OS.
When executing a sequence of actions, not having to wait 100-300ms for the device to show some random animation before inputing the next action is a time saver and a removes the "why is my computer/phone wasting my time" feeling.
Human reaction time is around 200ms but in a sequence of actions, we don't need visual feedback to move to the next action; it's just muscle memory and we can reach pretty low delay between inputs if the OS and apps do not impede us.
Back to Windows, I'm quite sad that 24H2 removed support for the legacy app switcher (alt-tab). It was very low latency and operated well in many high-load situations. The new one works okay but is not as snappy and can take a bit of time to show up under load. Plus I prefer the old style (smaller box, no need for eye movement to check its content).
I agree there are many bad timer-waster animations. But animations can be a good thing. Take scrolling as an example. Pressing page-down on a text-page or in a text-editor, without animation, it takes me a lot of time and energy to find the place where I left off reading or editing before scrolling. A good animation can save a lot of time here. It's similar with other operations -- and I agree that those operations that we don't do that often tend to be the ones that profit more from animation, while the ones where we already know in advance what will happen can be made worse by animation. I think an animation should never slow down the user, they should not be blocking. An unfinished animation should not prevent the user from typing the next action.
> Pressing page-down on a text-page or in a text-editor, without animation, it takes me a lot of time and energy to find the place where I left off reading or editing before scrolling.
We used to be able to look at the scroll bar to keep track.
Furthermore page down/up used to move a full page consistently. But today it might as well be a random amount specific to the application or content. Making it impossible to train muscle memory.
SimpleWindowSwitcher looks like a good alternative, unfortunately on my side I think I would prefer switching between all windows of all apps rather than have two different shortcuts for "switch between windows of the current app" and "switch between apps" (but that's just a personal preference).
ExplorerPatcher looks cool too, though patching explorer is probably a no-no in corporate setups.
I also saw https://github.com/kvakulo/Switcheroo which I was curious to try (although it's not an exact replacement either) but never got to it (also seems quite old).
This change annoyed me too, enough to look up a solution, but not enough to actually install anything to work around it. I have this thread bookmarked, where someone implemented it in AHK, so if you're running that already it might be worth a try: https://www.elevenforum.com/t/classic-alt-tab-reincarnation....
I discovered Switcheroo two weeks ago and seeing it abandoned with over 30 forks with relevant commits made me want try to consolidate the forks and add my own flavor to it:
Not exactly alt-tab but it’s a ui-less immediate switcher (snappy af, zero latency) to switch between windows of the same app with alt-backtick (next to escape), originally a macOS feature: https://neosmart.net/EasySwitch/
Actually the registry entry on 24H2 behaves somewhat similarly: alt-tab still switches windows (of all apps) but the UI is just gone (which is a problem for me because knowing how much time I need to press tab in advance leads to faster switching than "press tab, see if the focused window is what I wanted, and press tab again if it's not" which involves a computer-brain round trip every key press).
Interesting thanks for sharing. I can see how that makes sense for switching apps but imho for switching windows of the same app that benefit is negated since the thumbnail (without intense scrutiny) is generally too similar between windows of the same app.
(As a dev, I often have a dozen browser windows and a dozen or more terminals open, half a dozen IDEs, etc so being able to switch directly between instances if the same app, esp automatically filtering out minimized ones, is much faster than alt-tabbing through then all interleaved, and was my motivation for writing this.)
Even if you are talking about the entire loop, that sounds pretty high. Maybe if its moving your hands in reaction to an unexpected stimulus in your feet...
We can tell the difference between 60fps (~16ms per frame) and 120fps (~8ms per frame). Any more than that is a noticeable amount of waiting.
It does get complicated, though. What if the information is presented immediately, then animated? Well, that's where a complete measurement of reaction time would be relevant.
Even so, as you pointed out, we often predict what we will be doing in advance, and can perform a sequence of learned actions much more quickly. If there is a delay imposed before you can perform an action, then you must learn the delay, too. That learning process involves making mistakes (attempting the action before the animation is over), which is extra frustrating, considering how unnecessary it is.
On mobile, I consistently get just under 400ms. I suspect using a mouse would get me closer to 200ms, since I would be resting my finger on the button.
So yes, total reaction time is generally quite long, but most of that time is spent performing "action".
That site would be more interesting if it provided a second interface where you do something predictable, like match a repeating beat.
The Win11 screenshot tool is a travesty. It now takes multiple seconds to initialize, plus additional delay in actually selecting what you want to capture. The previous iteration was instantaneous. I have lost many opportunities to screenshot something from a screen share because of this trash performance.
I agree, even on fast hardware there is a lot of unnecessary delay trying to take a screenshot.
My old workflow from the Win2k/XP days was: Print Screen, Win + R, type mspaint, Enter, Ctrl+V, Ctrl+S, Enter, done. Still feels faster than watching my screen fade in and out for the snipping tool.
They probably had to go to 11 (unlike Spinal Tap, Microsoft's 11 isn't awesome) because they added the TPM requirement. If a computer was Windows 10 compatible but not Windows 10 version 24Hblahblah, it would confuse the average user...
Instead they can throw away their perfectly good computer and buy the confusion as a single package! Relax, the climate can take it!
Classic Windows (95-7) was the best era for Windows and always will be the best in terms of GUI. Everything that came after 7 has been a downgrade from 7's GUI.
If you run emulated Windows 98 in the browser with e.g. v86, it is faster to open the start menu on the emulated Windows 98 than on the real Windows 11 running it. Windows user experience really went downhill after 7.
I wish there was a "power user" mode in Windows that you could activate and you'd get the ability to have classic themes (my MS themselves), classic Control Panel, no constant nudging, no weather/Xbox/Solitaire apps, etc...
THe settings siutation is so annoying, there are still so many options locked away inside control panel and the new settings app has a few that dont exist in control panel, its so fragmented.
They tried that during the Chicago development and discarded the idea due to multiple problems with how humans work.
Two different UIs meant that you had to learn them separately, you didn't have a slow ramp from one to the other, one familiar with one could get stuck on the other with no knowledge of how to get back, divided efforts between the two, etc.
Not quite what you are asking for, but closer to Win95 shipping with progman.exe which could allow someone to cosplay Win3.11 while running Win95.
And yet they seem to have lost all that knowledge from Win8 onwards. WinForms, WPF, UWP, WinUI, MAUI... All of these with their own metaphores, design language, and they all feel half-baked, full of bugs.
It's incredible the effort Windows 10/11 users will go to in order to reach a somewhat functional and reliable computing experience via third party modifications, yet Linux is somehow too much effort. Just look at the instructions on that page..
The "solutions" provided to me so far for my primary issue (using Ableton Suite DAW) has not worked. There is no practical solution that allows this software to function in a Linux environment successfully. I can open the app, but that's the extent of it. It's not usable.
> I so badly want to jump ship entirely, but there's several things holding me back. I do music production as a hobby and Ableton Live doesn't play nice with Linux. In fact it seems anything that is resource intensive without native linux support has some issues. I'm also an MS stack developer, so things like Visual Studio Pro aren't available (although I've been using Cursor IDE more and more these days). Lastly I have some games acquired through "the high seas" in which a work-around doesn't exist for compatibility.
> The responses I got were to switch to different software. No, no, and no. I paid a lot of money for Ableton Suite and poured many many hours into learning how to use it; it's the DAW I prefer to use, I don't want to switch.
> Having said this, I did try to dual boot recently with Linux Mint, and once again ran into headaches getting my Logitech mouse buttons to work.
Adobe products, for example. Or any of other of miriad of other products which have only Win/MacOS and no Linux support.
And, no, Wine cannot run anything.
You see, I don't need OS at all, I need applications. Some of these applications are "universal" (FireFox, for example), some has good equivalents, and some are unique to OS.
And, no, DarkTable, or RAW Therappe are not equivalent to Lightroom or Capture One. And no, there is no equivalent to foobar2000 among music players.
Creative Cloud and DAWs. Those are my only reasons and basically the only reasons I ever hear from people. A Linux port of Photoshop would probably put a small dent in Windows' market share at this point.
For some it's just fun. Changing things because we can. I was a huge tinkerer in the XP days, I'd test out every tweak and tool I could get my hands on and would reinstall the OS every couple months. I'd use Resource Hacker to change out the XP flag icons, put my initials on the start button, etc. It wasn't about making it more usable so much as it was just making it mine.
It makes me happy to see newer generations still doing the same stuff, granted its much more complex to do this work on Win11 vs XP.
A foolish take, makes me believe you didn't really work in the real world. Because the entire global computer ecosystem is built on Windows-compatible software. Finance, accounting, medical, car diagnostics, and even HVAC software are built windows-compatible-only only.
Don't get me wrong, I use Xubuntu on my crappy old devices, Ubuntu on my secondary mini-pc, and switch between them with KVM while working. I tried to make Linux work for everything but missing industry software made it difficult.
Don’t bother. HN has a very hard anti-Microsoft bias, especially when it comes to Windows. At the same time will completely overlook many of the same warts or different warts that exist on macOS or Linux because they get a free pass for some reason.
Despite its flaws Windows still remains a very capable workhorse general purpose OS, and with WSL dev is a non issue. Hell, having actual Linux is better than the macOS Frankenstein Unix and homrbrew
I agree. You described my main pc. WSL + Ubuntu, VSCode with WSL plugin + Claude code. I can access Linux files and edit them with Windows while running local servers on different ports without dealing with XAMPP, Python for Windows, or similar messy Windows services. If I need to run any Debian software (so rare), I can run a VM if I am too lazy to turn on my other Linux system. All while I can use Windows-specific software on the side. All I am missing is the Gnome desktop, but who cares, I am already used to Windows since the 90s.
I find the various privacy and 'feature' disabling scripts/utilities questionable for a similar reason, it's moving outside of the expected behavior of the OS for how applications and future MS updates expect things to work. The core issue seems to be you're working against what MS want and they provide a moving target, functionally it's their system, not yours.
I imagine it would be frustrating to be the windows shell dev who has to investigate the torrent of bizarre memory corruption bugs that inevitably occur on Windhawk users’ machines after major OS updates. There’s really no avoiding it when you detour unstable “implementation detail” sort of functions across the taskbar/systray/start/etc. especially now that c++ coroutines are in widespread usage therein.
But to be fair, I understand the demand for products like this, because of several painful feature takebacks between 10 -> 11. It would be nice if cleaner approaches like wholesale shell replacement were still as straightforward as they were prior to windows 8. The “immersive shell” infra running in explorer + the opaque nature of enumerating installed UWPs + a bunch of other things make that almost impossible today.
From what I've learned: stuff like this makes up a not insignificant portion of the crash reports that come through. This results in crash dumps that are useless at best because they just look like memory corruption or badly written malware. In my discussions with folks about this, an annoying number of people who run this sort of software either a) do not care that it makes developing Windows harder for the devs or b) actively want the usable signal for the Windows development teams to be low.
Me too! The Aero effect still holds up great today IMO.
Kind of fun to imagine some hybrid between Aero and Apple's new glass effect. Imagine if Aero could "bend light" instead of just applying a blur effect.
I've had to return to Windows for my daily work after 20 years mostly away from it. I already knew about a lot of UI and functionality regressions, but when you truly experience the defective mess that Windows has become... it's hard to take.
So while I'd love to install this mod, it seems way too fraught with potential side-effects. But it looks like there might be some minor, safe mods to explore here.
Here's one gallingly dumb thing Windows does now that I wonder if you guys can recommend a fix to: If you hover over an application's icons in the taskbar, it pops up thumbnails of the app's open windows and forces you to choose ONE. WTF. I want to bring ALL of the application's windows to the front. It's incredible that clicking on the application's icon (instead of one thumbnail) doesn't do this. Instead, it does NOTHING. Is there a fix for this?
Yeah, it would be so much better if it was American-made, because as everyone knows there are no corrupt people in the US and every person of Russian descent is a spy for their motherland's government (:
Yes, it would be better if it was American made, because the US government has lesser capability to compell otherwise independent developers to do their bidding.
You missed my point, which is that all governments exist to oppress by design, it's literally what governments are, they are businesses that monopolize violence. Some people, esp. people of the Western world are too arrogant to admit it. Personally, I would honestly rather trust someone who is aware of that fact over someone who isn't.
Look, I'm as much an enjoyer of Kropotkin and von Mises as the other guy and torched more then zero regional police HQs in my life.
You are right in principle, but there is a varying degree to which different governments actually oppress people and there are certain patterns of what to expect from which.
I would not trust american company, like msft to not snitch to me to US government either, but the likehood of random shmuk being coopted is much more likely in one case as opposed to another.
> the likehood of random shmuk being coopted is much more likely in one case as opposed to another.
I don't think Russians actually live in fear of the big brother, I wouldn't be friends with so many Russian femboys if that really was the case. But what do I know, it could all be a conspiracy.
Edit: I also don't understand how torching police hqs makes the world a better, more peaceful place. At best, you'll just end up creating another monopoly on violence… @.@
Why such a simple UI utility app needed a VSCodium/Electron UI? The author seems to be well versed in Win32 API, so why not just learn the GUI part as well? It's not that hard.
The reason the Windhawk UI is based on VSCodium is mainly for the mod editing functionality. VSCodium with clangd are used for C++ intellisense out of the box.
You might say that many users don't care about mod development and don't need it. I agree, and I have it on my list to create a lite Windhawk version which doesn't depend on VSCodium.
Note that VSCodium is only used for the UI. When Windhawk is running in the background, its memory consumption is a couple of MB.
as opposed to any other updater on your system...?
> Tech Enthusiasts: Everything in my house is wired to the Internet of Things! I control it all from my smartphone! My smart-house is bluetooth enabled and I can give it voice commands via alexa! I love the future!
> Programmers / Engineers: The most recent piece of technology I own is a printer from 2004 and I keep a loaded gun ready to shoot it if it ever makes an unexpected noise.
Absolutely. Sufficiently capable LLMs can mass produce exploits against whole ecosystems; recent Anthropic post moves the risk needle from ‘theoretical’ to ‘realized’. Any auto-updating software is running a risk of its cdn and/or build forge being compromised. Scary times.
This is not an updater. Due to the sensitive nature of Windhawk, it has no auto-updating mechanism, only update notifications (this file is part of that).
I've tried these things before. Use with caution, and definitely not on a work device. They never fully uninstall and you might be left with incorrect registry keys and other weirdness. May break updates as well.
I've had good success with Total Uninstall for this problem (with software in general). It does a diff of your registry and filesystem before/after installing an app, and after uninstall highlights lingering remnants. Over time you and it "learn" to filter out background changes unrelated to the install process.
Hi, Windhawk author here. Nice to see it on Hacker News.
This is just one Windhawk mod, submitted by a community member. There are hundreds others. Windhawk was created to simplify Windows customization and to make it more accessible, both for developers and users. For a more detailed introduction, check out the Windhawk release blog post:
https://ramensoftware.com/windhawk
Thanks for making this a safe place to modify Windows in a community-driven fashion. I mentioned it in a comment below, but I use the "Multirow taskbar for Windows 11" mod and it's been a godsend for keeping things more organized as before. I appreciate you and the mod community.
How do you know it's safe?
It's C++ programs in a Userscript format, which are compiled with a bundled instance of clang. Windhawk shows diffs of version changes, and most programs aren't much longer than a couple dozen lines, so pretty easy to visually verify
I've come across Windhawk before but the mods being just C++ programs seemed a little suspicious to me, how do you make sure the mods dont include malware?
When you install or run a program, how do you make sure it doesn't include malware? I assume that you check for the author's record/reputation, and perhaps look at the source code if it's available.
It's similar with Windhawk mods. The GitHub and X profiles are verified to be the profiles of the author, so you can decide whether you trust them. The source code is available, so you can inspect it as well. Mods are single-file and usually short, which makes it easier to review than an average program.
No disrespect but Windhawk’s process injection loader code was cut and paste from malware. I can’t imagine how many AV/EDR alerts that project has generated from using ROR API hashing and PEB symbol traversing.
To review these third-party mods one needs to understand C++, Windows programming, and fairly obscure theming-related parts of its internals, some of which are undocumented/reverse engineered, and many have poorly understood side effects. This is a pretty specific combination of skills that slowly approaches arcane status, even if might feel otherwise to some. But again, larger apps are indeed harder to review than this.
(this particular mod is 100% innocuous, though)
Huh, with AI you can always "review" those mods. They are small enough. Anyway they are distributed via the creator's github repo, so it's already somewhat of a peer reviewed mechanism.
Windhawk mods are distributed as source code and WH itself compiles it. It works the same way usescripts work with tampermonkey/violentmonkey on browsers.
If a mod includes malware it'll be very obvious as mods are usually small.
Top tier malware can be incredibly terse and sophisticated. The trigger line to execute the xz exploit was a `.` in a build script. You are probably fine do to sheer obscurity - nerds who yearn for a Win9X experience are low in number and might only be running it for a laugh in a VM.
It's not just for "nerds" if that's what you're implying. I use the "Multirow taskbar for Windows 11" Windhawk mod because I recently upgraded from Windows 10 to Windows 11, which removed the ability to have more than one row on the taskbar.
There's a malware risk in literally every piece of software. Windows itself behaves as malware with all the telemetry it gathers.
The tiny fraction of computer users who have the capability and interest to do this qualifies as nerds in my book. I did not realize this was still a pejorative on a forum where we are mostly all technical experts in some domain or another. It is your computer - go nuts.
Windows is weird. The way these mods work is injecting code into different processes, which is a very common malware technique. Keyloggers in particular work similarly to Windhawk. And that is not a swipe at Windhawk, that is just how Windows has you do this type of thing.
What’s really fun is hooking into the WM_PAINT event from the target processes main thread and then drawing your own controls over whatever was rendered…
Overlays, AIMBots, Discord, Flight Sim Software, we all do it…
`LD_PRELOAD` works on UNIX-like systems too.
Thanks to LD_PRELOAD you could downgrade tons of OpenGL effects and enforce some settings for high end games and make them playable with good speeds on legacy systems.
Also to force texture sizes and whatnot.
I wish Wine/Proton had options for those, to override antialising, texture sizes, rendering resolution and everything.
FUD: https://en.wikipedia.org/wiki/Fear,_uncertainty,_and_doubt
I'm so sick of people telling me to BE AFRAID. If you want to live without the risk of a little danger, go live in prison.
No one told you to be afraid, install anything you want on your computer. Personally I just dont want to deal with getting my logins and keys stolen. It'd be very annoying.
> If you want to live without the risk of a little danger, go live in prison.
You have a very interesting idea of prison life.
In any case, labeling this a FUD I find to be a rather ill-spirited characterization. "Be cautious, not afraid." It is difficult to exercise caution without being aware of the risks, and this is a real risk.
But since we're getting all philosophical, it also hampers the exploration of the space between uncontrolled safety + original vision <-> controlled safety + a total loss of that vision. Which I find is what a lot of the pleas towards "freedom" actually turn out to be; an obstruction of curiosity and rigor that would otherwise yield a more robust portfolio of options. The Monkey's Paw edition of the idea, where freedom is just another word for the unknown. The ability to do better, and an active choice not to.
If I think about when I usually take on operational risks at work confidently, it comes down to two things: knowing what might go wrong, and having a contingency plan. It is not going YOLO. Note the emphasis on taking on risks (so these are not unavoidable risks).
Contrast this with what was said. You're appealing to the risk both remaining unknown and staying unavoidable, while being fully aware that people do not maintain contingencies for this. How is this any reasonable? Is "rolling the dice on getting their systems infected" vs. "just getting their OS look different" really what you think people are looking to spice up their life with?
This is not a knock on the project or the community mind you, it's a knock on your idea of preferring to keep things yeeing and hawing. Something which I can assure you I'm growing equally if not more tired of than purportedly "having to be afraid". Especially given how I increasingly struggle to suspend my disbelief when people claim they're now being told all the time how they should "be afraid", and how they're now supposedly living in terror because of it, as the innocent victims they are. People blatantly mischaracterizing reasonable concerns as FUD over and over kinda does that to you. I think the trendy word for this is "performative"?
Between having to choose "not telling people about dangers so that those with an inability to properly self-regulate their anxiety don't go toast" and "always leading with the danger and safety information", maybe the way forward instead is having appropriate spaces for these? Cause I'd argue in that case, the extents the post you replied to went is pretty okay for this forum in my view. They know that arbitrary code is submitted, so they're wondering how malware is screened. Big deal.
> You have a very interesting idea of prison life.
That was intentional, because not only are you trapped and told exactly when and where to go by the obnoxious Cult Of Security, but every once in a while Windows Update and Windows Defender will come along and shiv you in the bathroom. Rev your system fans the moment you let your computer go “idle”, drain your battery in your bag, reboot out from under you, delete all your keygens and tell you it's for your benefit, and constantly hash your files and report your unique usage patterns to not only Microsoft but the NSA-weaponized Internet infrastructure between you and them. So-called security is inherently the panopticon just like prison.
> your idea of preferring to keep things yeeing and hawing
Hell yeah, at least my intent comes through. You may choose not to live free, but please respect that some of us do and are willing to have fun toys with community reputation :)
There's nothing on my Windows machine that could be leaked that hasn't already been leaked by Experian, AT&T, Snowflake, a million other breaches, probably lots of breaches we've never even heard about. My personal files back up to my mesh-VPNed NAS on a regular automated basis, and I enjoy a read+write Samba share and protection from cryptolockers simultaneously thanks to automated monthly/weekly/daily ZFS snapshots on my NAS. The yee-est of haws!
The intent sure comes through (despite your attempts to conceal it), the reasoning doesn't. And it continues not to, not the least because of the desire for superiority relentlessly taking over you, muddying your rationale with persistent smug mockery and creative interpretations. So unfortunately no, I'll have to kindly refuse your request to respect all this.
thank you for making modern windows usable - it has made the transition from xp/7 to 10/11 more tolerable
Can't speak for this product but disabling a lot of the animations, gradients, shadows & visual effects has made Windows 11 run significantly better on the computers I have it on. They didn't seem to add much value anyways.
I'm a fan of a lot of the user experience improvements being made in Windows over the last decade, such as Terminal, running Linux, Power Toys features, screenshots & recording, Paint finally getting layers, window management & more.
At the same time, I'm still not sure why we needed Windows 11 as the only good updates seem like they could have been done without it. All the visual changes have seemed to cause bugs & performance issues on relatively high powered PCs (64GB+ memory, m2 ssd drives, latest gen mid level GPU & CPU)
It seems the Windows ME, Vista, etc experiment continues to live on.
Disabling animations makes everything better no matter the OS.
When executing a sequence of actions, not having to wait 100-300ms for the device to show some random animation before inputing the next action is a time saver and a removes the "why is my computer/phone wasting my time" feeling.
Human reaction time is around 200ms but in a sequence of actions, we don't need visual feedback to move to the next action; it's just muscle memory and we can reach pretty low delay between inputs if the OS and apps do not impede us.
Back to Windows, I'm quite sad that 24H2 removed support for the legacy app switcher (alt-tab). It was very low latency and operated well in many high-load situations. The new one works okay but is not as snappy and can take a bit of time to show up under load. Plus I prefer the old style (smaller box, no need for eye movement to check its content).
I agree there are many bad timer-waster animations. But animations can be a good thing. Take scrolling as an example. Pressing page-down on a text-page or in a text-editor, without animation, it takes me a lot of time and energy to find the place where I left off reading or editing before scrolling. A good animation can save a lot of time here. It's similar with other operations -- and I agree that those operations that we don't do that often tend to be the ones that profit more from animation, while the ones where we already know in advance what will happen can be made worse by animation. I think an animation should never slow down the user, they should not be blocking. An unfinished animation should not prevent the user from typing the next action.
> Pressing page-down on a text-page or in a text-editor, without animation, it takes me a lot of time and energy to find the place where I left off reading or editing before scrolling.
We used to be able to look at the scroll bar to keep track.
Furthermore page down/up used to move a full page consistently. But today it might as well be a random amount specific to the application or content. Making it impossible to train muscle memory.
Have you looked into SimpleWindowSwitcher? https://github.com/sigoden/window-switcher
ExplorerPatcher makes it easy to configure in the settings menu, I'm not aware of any other projects that implement SWS: https://github.com/valinet/ExplorerPatcher
It's very fast and can be configured to set window thumbnail size/area
Thank you, I was not aware of either of those.
SimpleWindowSwitcher looks like a good alternative, unfortunately on my side I think I would prefer switching between all windows of all apps rather than have two different shortcuts for "switch between windows of the current app" and "switch between apps" (but that's just a personal preference).
ExplorerPatcher looks cool too, though patching explorer is probably a no-no in corporate setups.
I also saw https://github.com/kvakulo/Switcheroo which I was curious to try (although it's not an exact replacement either) but never got to it (also seems quite old).
This change annoyed me too, enough to look up a solution, but not enough to actually install anything to work around it. I have this thread bookmarked, where someone implemented it in AHK, so if you're running that already it might be worth a try: https://www.elevenforum.com/t/classic-alt-tab-reincarnation....
I discovered Switcheroo two weeks ago and seeing it abandoned with over 30 forks with relevant commits made me want try to consolidate the forks and add my own flavor to it:
First beta release at
https://github.com/coezbek/switcheroo
Noteable: column design for most frequently used applications and pinned apps shown separately.
Not exactly alt-tab but it’s a ui-less immediate switcher (snappy af, zero latency) to switch between windows of the same app with alt-backtick (next to escape), originally a macOS feature: https://neosmart.net/EasySwitch/
(Backwards navigation with alt-shift-backtick)
Thank you.
Actually the registry entry on 24H2 behaves somewhat similarly: alt-tab still switches windows (of all apps) but the UI is just gone (which is a problem for me because knowing how much time I need to press tab in advance leads to faster switching than "press tab, see if the focused window is what I wanted, and press tab again if it's not" which involves a computer-brain round trip every key press).
Interesting thanks for sharing. I can see how that makes sense for switching apps but imho for switching windows of the same app that benefit is negated since the thumbnail (without intense scrutiny) is generally too similar between windows of the same app.
(As a dev, I often have a dozen browser windows and a dozen or more terminals open, half a dozen IDEs, etc so being able to switch directly between instances if the same app, esp automatically filtering out minimized ones, is much faster than alt-tabbing through then all interleaved, and was my motivation for writing this.)
> Human reaction time is around 200ms
Even if you are talking about the entire loop, that sounds pretty high. Maybe if its moving your hands in reaction to an unexpected stimulus in your feet...
We can tell the difference between 60fps (~16ms per frame) and 120fps (~8ms per frame). Any more than that is a noticeable amount of waiting.
It does get complicated, though. What if the information is presented immediately, then animated? Well, that's where a complete measurement of reaction time would be relevant.
Even so, as you pointed out, we often predict what we will be doing in advance, and can perform a sequence of learned actions much more quickly. If there is a delay imposed before you can perform an action, then you must learn the delay, too. That learning process involves making mistakes (attempting the action before the animation is over), which is extra frustrating, considering how unnecessary it is.
https://humanbenchmark.com/tests/reactiontime
You'll probably see around 200ms. Not saying that's the relevant number in this discussion, but that's probably where the number comes from.
On mobile, I consistently get just under 400ms. I suspect using a mouse would get me closer to 200ms, since I would be resting my finger on the button.
So yes, total reaction time is generally quite long, but most of that time is spent performing "action".
That site would be more interesting if it provided a second interface where you do something predictable, like match a repeating beat.
The Win11 screenshot tool is a travesty. It now takes multiple seconds to initialize, plus additional delay in actually selecting what you want to capture. The previous iteration was instantaneous. I have lost many opportunities to screenshot something from a screen share because of this trash performance.
I agree, even on fast hardware there is a lot of unnecessary delay trying to take a screenshot.
My old workflow from the Win2k/XP days was: Print Screen, Win + R, type mspaint, Enter, Ctrl+V, Ctrl+S, Enter, done. Still feels faster than watching my screen fade in and out for the snipping tool.
I too have had to resort to full page screenshots. Such a complete waste for a tool that was Done.
I've been using the open source ShareX screenshot tool: https://getsharex.com/
Win+Print = takes screenshot and saves to Pictures/Screenshots/
Pressing Shift+Win+S is pretty instantaneous for taking screenshots, you don't need to open the tool.
alt-prtscn still works to take screenshot of active window instantly
They probably had to go to 11 (unlike Spinal Tap, Microsoft's 11 isn't awesome) because they added the TPM requirement. If a computer was Windows 10 compatible but not Windows 10 version 24Hblahblah, it would confuse the average user...
Instead they can throw away their perfectly good computer and buy the confusion as a single package! Relax, the climate can take it!
Classic Windows (95-7) was the best era for Windows and always will be the best in terms of GUI. Everything that came after 7 has been a downgrade from 7's GUI.
If you run emulated Windows 98 in the browser with e.g. v86, it is faster to open the start menu on the emulated Windows 98 than on the real Windows 11 running it. Windows user experience really went downhill after 7.
I wish there was a "power user" mode in Windows that you could activate and you'd get the ability to have classic themes (my MS themselves), classic Control Panel, no constant nudging, no weather/Xbox/Solitaire apps, etc...
THe settings siutation is so annoying, there are still so many options locked away inside control panel and the new settings app has a few that dont exist in control panel, its so fragmented.
I find myself reaching for the Control Panel all the time in Windows 11. I won't go into the main settings panel unless it's the only way.
They tried that during the Chicago development and discarded the idea due to multiple problems with how humans work.
Two different UIs meant that you had to learn them separately, you didn't have a slow ramp from one to the other, one familiar with one could get stuck on the other with no knowledge of how to get back, divided efforts between the two, etc.
Not quite what you are asking for, but closer to Win95 shipping with progman.exe which could allow someone to cosplay Win3.11 while running Win95.
And yet they seem to have lost all that knowledge from Win8 onwards. WinForms, WPF, UWP, WinUI, MAUI... All of these with their own metaphores, design language, and they all feel half-baked, full of bugs.
Windows' GOD mode CLSID:
https://www.thewindowsclub.com/create-master-control-panel-g...
It's incredible the effort Windows 10/11 users will go to in order to reach a somewhat functional and reliable computing experience via third party modifications, yet Linux is somehow too much effort. Just look at the instructions on that page..
Every techie knows about Linux by now. Not everyone chooses to use Windows because they're foolish or don't know any better
why do they choose it?
i have a windows workstation because one CNC machine that we use needs it. only other reason i can see is gaming?
I have all 3 major OSs at home and, honestly, Windows 11 is stuff of nightmares to me
I've given some good reasons before: https://news.ycombinator.com/item?id=45858749
The "solutions" provided to me so far for my primary issue (using Ableton Suite DAW) has not worked. There is no practical solution that allows this software to function in a Linux environment successfully. I can open the app, but that's the extent of it. It's not usable.
> I so badly want to jump ship entirely, but there's several things holding me back. I do music production as a hobby and Ableton Live doesn't play nice with Linux. In fact it seems anything that is resource intensive without native linux support has some issues. I'm also an MS stack developer, so things like Visual Studio Pro aren't available (although I've been using Cursor IDE more and more these days). Lastly I have some games acquired through "the high seas" in which a work-around doesn't exist for compatibility.
> The responses I got were to switch to different software. No, no, and no. I paid a lot of money for Ableton Suite and poured many many hours into learning how to use it; it's the DAW I prefer to use, I don't want to switch.
> Having said this, I did try to dual boot recently with Linux Mint, and once again ran into headaches getting my Logitech mouse buttons to work.
Adobe products, for example. Or any of other of miriad of other products which have only Win/MacOS and no Linux support.
And, no, Wine cannot run anything.
You see, I don't need OS at all, I need applications. Some of these applications are "universal" (FireFox, for example), some has good equivalents, and some are unique to OS.
And, no, DarkTable, or RAW Therappe are not equivalent to Lightroom or Capture One. And no, there is no equivalent to foobar2000 among music players.
>And, no, Wine cannot run anything.
Wine may not be able to run the apps you need, but it can run plenty. The older the software gets the more wine becomes the only option to run it.
You can run nearly any Windows app with winboat. Its not based on wine, it runs real windows in a container.
MPD + advanced clients pown foobar 2000 anytime. Also, Audacious, Strayberry...
Audacious with audacious-plugins could play anything (even video game music files) and it still has ProjectM plugins' support.
Creative Cloud and DAWs. Those are my only reasons and basically the only reasons I ever hear from people. A Linux port of Photoshop would probably put a small dent in Windows' market share at this point.
Some of us still rely on Windows applications that either don’t run on Linux, can’t run under Wine, or don’t have alternatives that meet our needs.
For some it's just fun. Changing things because we can. I was a huge tinkerer in the XP days, I'd test out every tweak and tool I could get my hands on and would reinstall the OS every couple months. I'd use Resource Hacker to change out the XP flag icons, put my initials on the start button, etc. It wasn't about making it more usable so much as it was just making it mine.
It makes me happy to see newer generations still doing the same stuff, granted its much more complex to do this work on Win11 vs XP.
"but he's sweet sometimes"
It's just an abusive relationship and eventually some of them break out of it.
Yeah, that effectively describes my experiences with desktop linux.
Linux isn’t hard, it’s just different. Better, but different. That’s too much effort for some.
Windows 11 user here. I use zero third-party modifications. Some people are masochists.
Indeed, some people are :)
Most of us are forced to use it because of corporate IT requirements.
A foolish take, makes me believe you didn't really work in the real world. Because the entire global computer ecosystem is built on Windows-compatible software. Finance, accounting, medical, car diagnostics, and even HVAC software are built windows-compatible-only only.
Don't get me wrong, I use Xubuntu on my crappy old devices, Ubuntu on my secondary mini-pc, and switch between them with KVM while working. I tried to make Linux work for everything but missing industry software made it difficult.
Don’t bother. HN has a very hard anti-Microsoft bias, especially when it comes to Windows. At the same time will completely overlook many of the same warts or different warts that exist on macOS or Linux because they get a free pass for some reason.
Despite its flaws Windows still remains a very capable workhorse general purpose OS, and with WSL dev is a non issue. Hell, having actual Linux is better than the macOS Frankenstein Unix and homrbrew
I agree. You described my main pc. WSL + Ubuntu, VSCode with WSL plugin + Claude code. I can access Linux files and edit them with Windows while running local servers on different ports without dealing with XAMPP, Python for Windows, or similar messy Windows services. If I need to run any Debian software (so rare), I can run a VM if I am too lazy to turn on my other Linux system. All while I can use Windows-specific software on the side. All I am missing is the Gnome desktop, but who cares, I am already used to Windows since the 90s.
I used to use Stardock WindowBlinds to do something similar, but it leads to all sorts of weird compatibility issues with various applications.
I wonder if this will have the same issues?
I find the various privacy and 'feature' disabling scripts/utilities questionable for a similar reason, it's moving outside of the expected behavior of the OS for how applications and future MS updates expect things to work. The core issue seems to be you're working against what MS want and they provide a moving target, functionally it's their system, not yours.
I imagine it would be frustrating to be the windows shell dev who has to investigate the torrent of bizarre memory corruption bugs that inevitably occur on Windhawk users’ machines after major OS updates. There’s really no avoiding it when you detour unstable “implementation detail” sort of functions across the taskbar/systray/start/etc. especially now that c++ coroutines are in widespread usage therein.
But to be fair, I understand the demand for products like this, because of several painful feature takebacks between 10 -> 11. It would be nice if cleaner approaches like wholesale shell replacement were still as straightforward as they were prior to windows 8. The “immersive shell” infra running in explorer + the opaque nature of enumerating installed UWPs + a bunch of other things make that almost impossible today.
From what I've learned: stuff like this makes up a not insignificant portion of the crash reports that come through. This results in crash dumps that are useless at best because they just look like memory corruption or badly written malware. In my discussions with folks about this, an annoying number of people who run this sort of software either a) do not care that it makes developing Windows harder for the devs or b) actively want the usable signal for the Windows development teams to be low.
Been playing around with this, it's more consistent than Windows 11's UI itself
I also do miss the Windows 7 Aero theme.
Windhawk has a Windows 11 Taskbar Styler with Aero theme:
https://github.com/ramensoftware/windows-11-taskbar-styling-...
Me too! The Aero effect still holds up great today IMO.
Kind of fun to imagine some hybrid between Aero and Apple's new glass effect. Imagine if Aero could "bend light" instead of just applying a blur effect.
The description of how this works gave my inner ops guy a panic attack. I love this kind of hack.
Wow, quite a lot of work, but the end result looks amazing!
I've had to return to Windows for my daily work after 20 years mostly away from it. I already knew about a lot of UI and functionality regressions, but when you truly experience the defective mess that Windows has become... it's hard to take.
So while I'd love to install this mod, it seems way too fraught with potential side-effects. But it looks like there might be some minor, safe mods to explore here.
Here's one gallingly dumb thing Windows does now that I wonder if you guys can recommend a fix to: If you hover over an application's icons in the taskbar, it pops up thumbnails of the app's open windows and forces you to choose ONE. WTF. I want to bring ALL of the application's windows to the front. It's incredible that clicking on the application's icon (instead of one thumbnail) doesn't do this. Instead, it does NOTHING. Is there a fix for this?
You might want to check out this mod: Taskbar minimize/restore on scroll
https://windhawk.net/mods/taskbar-button-scroll
Looks like that might do it. Thanks!
This is so neat looking. Is there an equivalent for MacOS?
Not exactly afaik, but I've recently been going to System Settings > Accessibility > Display, and turning on:
https://imgur.com/a/DqfN07kI like the retro and simple vibe compared to the new Liquid Glass controls.
Ah! Thank you! Even on Sequoia this is a massive improvement!
Great, glad to help. FYI there are similar settings for iOS and I do same on my phone.
Would love to see someone running this theme + a tiling window manager!
> The mod injects only in the process Winlogon.exe, and exits once the handle of the memory area is closed. It does not hook any functions.
Yep. Sure. Going to let a Russian utility fuck with winlogon.exe. Excellent idea.
Yeah, it would be so much better if it was American-made, because as everyone knows there are no corrupt people in the US and every person of Russian descent is a spy for their motherland's government (:
Yes, it would be better if it was American made, because the US government has lesser capability to compell otherwise independent developers to do their bidding.
You missed my point, which is that all governments exist to oppress by design, it's literally what governments are, they are businesses that monopolize violence. Some people, esp. people of the Western world are too arrogant to admit it. Personally, I would honestly rather trust someone who is aware of that fact over someone who isn't.
Look, I'm as much an enjoyer of Kropotkin and von Mises as the other guy and torched more then zero regional police HQs in my life.
You are right in principle, but there is a varying degree to which different governments actually oppress people and there are certain patterns of what to expect from which.
I would not trust american company, like msft to not snitch to me to US government either, but the likehood of random shmuk being coopted is much more likely in one case as opposed to another.
> the likehood of random shmuk being coopted is much more likely in one case as opposed to another.
I don't think Russians actually live in fear of the big brother, I wouldn't be friends with so many Russian femboys if that really was the case. But what do I know, it could all be a conspiracy.
Edit: I also don't understand how torching police hqs makes the world a better, more peaceful place. At best, you'll just end up creating another monopoly on violence… @.@
>I don't think Russians actually live in fear of the big brother, I wouldn't be friends with so many Russian femboys if that really was the case.
I'm not sure what it has to do with anything, other than you own ideas about what oppressive governments are up to.
>makes the world a better, more peaceful place.
the chain has to be yanked from time to time, otherwise the thing at the end of it tends to forget you are holding it.
That was my first concern too, but it does look like you can build the binary from source:
https://github.com/ramensoftware/windhawk
Why such a simple UI utility app needed a VSCodium/Electron UI? The author seems to be well versed in Win32 API, so why not just learn the GUI part as well? It's not that hard.
The reason the Windhawk UI is based on VSCodium is mainly for the mod editing functionality. VSCodium with clangd are used for C++ intellisense out of the box.
You might say that many users don't care about mod development and don't need it. I agree, and I have it on my list to create a lite Windhawk version which doesn't depend on VSCodium.
Note that VSCodium is only used for the UI. When Windhawk is running in the background, its memory consumption is a couple of MB.
I believe those who write C++ have already installed their favorite IDE or editor.
Sounds like a reasonable trade off to me. Improves your dev experience and users still get a fast binary.
Thanks for this by the way. Carrying the torch of Windows modding in the future!
I 100% agree with this sentiment
Doesn't mean it's safe.
I didn't say it was. But having the source means you (and others) can vet the code if that's a concern.
Yeah, I would probably delete this updater if I were to try this: https://github.com/ramensoftware/windhawk/blob/main/src/wind...
as opposed to any other updater on your system...?
> Tech Enthusiasts: Everything in my house is wired to the Internet of Things! I control it all from my smartphone! My smart-house is bluetooth enabled and I can give it voice commands via alexa! I love the future!
> Programmers / Engineers: The most recent piece of technology I own is a printer from 2004 and I keep a loaded gun ready to shoot it if it ever makes an unexpected noise.
— https://imgur.com/6wbgy2L (actually a tweet from someone else, but apparently it's private now)
It's actually not completely outside of my threat profile.
Honestly, with the prevailaince of ransomware attacks, unless you're a literal hermit, it shouldn't be out of anyone's threat profile.
Absolutely. Sufficiently capable LLMs can mass produce exploits against whole ecosystems; recent Anthropic post moves the risk needle from ‘theoretical’ to ‘realized’. Any auto-updating software is running a risk of its cdn and/or build forge being compromised. Scary times.
This is not an updater. Due to the sensitive nature of Windhawk, it has no auto-updating mechanism, only update notifications (this file is part of that).
And the author is a security/malware researcher. Yeah, you might want to pass.
just add the r===ain keyboard to input sources and you will be fine.
>fuck with winlogon.exe. Excellent idea.
That's mostly irrelevant because all the thing baddies want to do with your computer, they can do without touching winlogon or even getting admin.
https://xkcd.com/1200/
Look at the top of this page. It says "hacker news".
I've tried these things before. Use with caution, and definitely not on a work device. They never fully uninstall and you might be left with incorrect registry keys and other weirdness. May break updates as well.
They never fully uninstall
Ugh, you'd think we'd be better by now.
I've had good success with Total Uninstall for this problem (with software in general). It does a diff of your registry and filesystem before/after installing an app, and after uninstall highlights lingering remnants. Over time you and it "learn" to filter out background changes unrelated to the install process.
windhawk patches stuff in memory, so the changes won't remain if you just disable its service and reboot