Contribute
Register

Windows is not secure, what can you do about it ?

Status
Not open for further replies.
trs96

trs96

Moderator
Joined
Jul 30, 2012
Messages
25,516
Motherboard
Gigabyte B460M Aorus Pro
CPU
i5-10500
Graphics
RX 570
Mac
  1. MacBook Pro
  2. Mac mini
Mobile Phone
  1. Android
Of course, you can simply switch to Linux. That's not what this video is all about.

Chris Titus discusses features built in to Windows that make it more vulnerable to being hacked. There are numerous attack vectors that you can close to prevent an attacker from using them against you. Use at your own discretion. The source code is available on Github. https://github.com/securitywithoutborders/hardentools

The HardenTools part of the video starts at 9:30 if you already know the reasons why Windows is so insecure.

 
Last edited:
Who might this be useful for ? Most home users that don't use the MS office suite (Excel especially) or Adobe products like PDF Reader, but have them installed on their PC. Gamers and those that go places on the internet where they really shouldn't and download "free" software that infects their PC. Anyone that banks and shops online or generally just consumes content.

On an even more basic level than this, surf the internet with a Limited account rather than your Admin account. I see many people that have not even set an Admin password that use that account to surf the internet. They usually end up with a highly compromised Windows PC that eventually won't boot or run normally. Then they call me for help to resolve the mess they've gotten in to.

Hardentools is designed to disable a number of "features" exposed by operating systems (Microsoft Windows, for now) and some widely used applications (Microsoft Office and Adobe PDF Reader, for now). These features, commonly thought for enterprise customers, are generally useless to regular users and rather pose as dangers as they are very commonly abused by attackers to execute malicious code on a victim's computer. The intent of this tool is to simply reduce the attack surface by disabling the low-hanging fruit. Hardentools is intended for individuals at risk, who might want an extra level of security at the price of some usability. It is not intended for corporate environments.
Click to expand...

This tool is developed by Claudio Guarnieri, Mariano Graziano and Florian Probst.
 
Last edited:
Lemme see if I understand this presentation:

"In order to secure your system, go to this website, download this tool, click yes to elevate privileges, and click the DO IT! button."

Okay, sure!
BTW, what does DO IT! do?

"And if running DO IT! breaks anything, don't ask me. I don't use this because I'm a pro. I actually need all the stuff this disables — lord help you"

I see...

"Adobe products are land mines!"

Go on...

"Disable this, unless you need it."

"But don't disable that!"

"When a User Account Control popup happens, click OK"

"BTW I don't use most of this because I actually need my PC to work."

"And don't drink and drive!"



Look, Windows is horrible. That's a fact. But this guy's is making it even worse!

As to what this script is actually hardening... That's a question for another thread.
 
c-o-pr said:
Lemme see if I understand this presentation:

"In order to secure your system, go to this website, download this tool, click yes to elevate privileges, and click the DO IT! button."

Okay, sure!
BTW, what does DO IT! do?

"And if running DO IT! breaks anything, don't ask me. I don't use this because I'm a pro. I actually need all the stuff this disables — lord help you"

I see...

"Adobe products are land mines!"

Go on...

"Disable this, unless you need it."

"But don't disable that!"

"When a User Account Control popup happens, click OK"

"BTW I don't use most of this because I actually need my PC to work."

"And don't drink and drive!"



Look, Windows is horrible. That's a fact. But this guy's is making it even worse!

As to what this script is actually hardening... That's a question for another thread.
Click to expand...

I agree with your viewpoint on this.

Too many times non-expert users are told to do this or do that to make things better and safer - in whatever scenario - but that is demanding one huge leap of trust in whoever is telling you to do this.

The company or blogger may indeed be 100% honest, but without a certain amount of knowledge the average non-technical user will not know for sure.

People then call you paranoid, or tell you it's your own fault if you get hacked ... Doh!
 
UtterDisbelief 2020
Z390 M GAMING |  i5 9600K |  Radeon Other
UtterDisbelief CL
Z370M-DS3H |  i3 8350K |  Radeon Other
UtterDisbelief KL
GA-Z270-Gaming K3 |  i3 7320 |  GeForce GTX 1050 OC
UtterDisbelief said:
But that is demanding one huge leap of trust in whoever is telling you to do this.
Click to expand...
I think that what Chris fails to emphasize is that security on a PC is also greatly dependent on how the end user makes decisions regarding what sites they visit, what they download and the emails they choose to open. It's not completely MS's fault that people get their PCs compromised on a regular basis. It's one reason why they came up with Win10 S mode a few years ago. It prevents the PC user from installing any software not from the Windows Store. Nobody actually uses Win10 S mode but the idea has good intentions. Protect ignorant people from themselves.

For people that never use PowerShell or edit the registry etc. I don't see it as any kind of a risk to limit access to these things in Windows. Can you trust Chris's advice here ? It depends on whether you can analyze the open source code and learn exactly what each script is doing and decide for yourself. The whole premise of the video is that Windows is inherently insecure and that most people using it as their daily driver really don't need access to everything it can do. What is mainly intended for power users.

As you know, the majority of public schools give their students Chromebooks instead of Windows 10 or 11 laptops. It's mainly because Chromebooks cost less but also because ChromeOS can be locked down from tampering many times better than Windows can ever be. Could you imagine trying to administer Windows based laptops for HS students ? What a nightmare that would be !

Google designed Chrome OS with security as a first priority. Here's their public statemtent.

Chromebooks use the principle of "defense in depth" to provide multiple layers of protection, so if any one layer is bypassed, others are still in effect. So while it's still important to take precautions to protect your data, Chromebooks let you breathe just a little bit easier.
Click to expand...
www.fortinet.com

What is Defense in Depth? Defined and Explained | Fortinet

A defense-in-depth strategy leverages multiple security measures to protect an organization's assets. Learn about the different elements and layers of the defense in-depth mechanism.
www.fortinet.com www.fortinet.com
 
Last edited:
Status
Not open for further replies.
Copyright © 2010 - 2024 tonymacx86 LLC
Back
Top