Seems every week there is something new to learn about the (in)security of Microsoft Windows. In this description <https://www.theregister.com/2022/04/14/microsoft-tarrask-malware-in-windows/> of a malware attack, the software infection creates a scheduled task to automatically reinstall itself if it has been removed. So far, no big deal: on *nix we have cron, and systemd timers, that do much the same thing. But on Windows, these scheduled tasks have “security descriptors” -- basically, ACLs, as far as I have been able to determine, that control who can manage these tasks or even see them. So if a program creates a task and deletes all its security descriptors, the task effectively becomes invisible to the normal Windows admin tools. Except, it can still be seen and managed through its Registry entries. So, having write access to the Registry lets you bypass the entire security-descriptor mechanism, yet it still does not let you see these tasks in any other way? Like the “security” those higher-level tools think they are enforcing is a complete mirage, and end up making the system, not more, but less, secure.