According to your signature you're not even using Win10. What do you want from an Operating System? https://www.google.com.au/search?q=...5.7997j0j7&sourceid=chrome&es_sm=122&ie=UTF-8
@CHEFKOCH - I understood that the Enterprise edition gave substantially more control over what did get reported and how to get updates, as well as providing facilities for data partitioning - have you any experience of those? One of my big gripes about the retail "upgrade" to W10 from W7 Ultimate is that I would actually lose facilities like Applocker - they are not available in W10 Pro retail. Nor are any new features I can see - I just get the desktop back again - I might expect/value better support for virtualisation and partitioning baked into the OS, but I don't get it. Apart from gaming, I don't see much reason to have any OS wars, because I'd expect to run most things in VMs. What the host OS is, is up to you, but increasingly there are good grounds for that to be 'nix. But there are lots of reasons to be fed up with the retail MS licencing with VMs, it only works sensibly with suitable enterprise licences. Incidentally, I'm having quite a few performance issues with W10 on Vmware Workstation 12, which doesn't fill me with any glee to accept an "upgrade", even if it's free.
Sr, I never ever did any 'upgrade' because I always prefer a clean installation. Theoretically the GPO are backwards compatible which means you could import it into Win 10 but I never tried that so it's more theoretically since the FAQ not mentioned it. Well, there are new features but they are mostly under the hood e.g. cf-guard which was first introduced in win 8.1 but re-written because several flaws. There is also a 'new' kind of phishing protection. I agree such OS wars are dump if you asking me because besides the matter of taste thingy we should take the discussion to a serious and objective ground. Btw about the performance reasons I guess that is already reported and should be fixed in the next builds, in older versions people complaining about the network performance but I guess that is already fixed (sr, I'm using VirtualBox so I can't verify).
Applocker is included in the Pro version of Windows 10. I have two upgrades and two Windows 10 VM clean installs. All of my group policy tweaks were preserved by the upgrades which were pretty smooth as upgrades go but one was for a clean install of Windows 7 with just a few browsers and utilities added and the other for a computer I don't use that often and, likewise, light on installed software. I'm using Virtualbox for VMs and I don't have any real performance issues with Windows 10 VMs. As I'm using VMs more and more, I've found that getting the right balance between host and guests is important. The host should be lean and have minimal background processes going other than essential drivers and having a host with good drivers helps. The guest shouldn't be burdened by loading too many drivers and I keep the virtual hardware in the guest to minimum. In one example where I've virtualized a Linux Mint system I had in a laptop, the amount of memory needed by the OS in the original laptop was around 800mb. As a Virtualbox guest OS, it needs just about 300mb.
As far as I understand it, it's been said there'll be no Windows 11, 12, 13 et al. Windows 10 has been touted as the last version of Windows; instead of releasing an entirely new version of its OS every few years, Microsoft has said it will provide new features and improvements via software updates to this 'final' version of Windows. Of course, time will tell if this strategy changes.
Thanks, have you actually activated the applocker policies? - my understanding was that it was listed in Group policy and it could see the various settings for Applocker, but it did NOT apply them. I'd be grateful if you could confirm this behavior. The W10 vm system I have performance problems with is an upgrade-with-keeping-settings version from W8.1, I'll try with a clean install and see if that makes life better.
Much less overhead. I have a multiboot system running the same VMs. Windows 7 and 10 both use around 2gb of 16gb system ram just to run and have numerous background processes going that use up cpu cycles while Ubuntu 14.04 uses around 700mb of system ram and has far less going on in the background. Performance is noticeably better running the VMs in Ubuntu which is far from being the leanest Linux distro I could use as a VM host. There are also advantages in firewalling and having a packet sniffer to monitor VM network traffic. I can't think of a free Windows wire sniffer that compares with wire shark. I'm working on a Windows 10 laptop right now and the owner wanted me to install some security software. I activated applocker and had it do an automatic rule creation which makes hashes of all the software installed. Everything works as expected and there are no warnings like the one in the telemetry section that says that the disable option only works in the enterprise edition. The final test would be to alter an executable file and see if applocker stops it. I would expect it to after the set up. I don't know that I will do that with this computer but I will check to see if the service is running when I do another session with it.
Windows 10 in VMs is really a pain atm. I had Windows 10 in Virtualbox and found the performance poor, the graphics drivers crashed quite a bit and other features (seamless mode) did not work. Changed back to Windows 7 and it all worked flawless. I think it will get solved over time but at least for the near future I will stick with Windows 7.
To add to @MisterB 's thoughts, it's rather easier to harden and stop unnecessary services running. I also feel that it's less vulnerable to KSL, which, if you think about the context of the security of the VMs is important. I prefer the update mechanism on Linux, and there's clearly the issue of transparency in terms of what's actually running and being communicated to the outside world. It's also not clear to me why I should be paying multiple times for an operating system running in host and VM, nor do I need the extravagant legacy APIs for all those Windows applications on the host - where I run very little. I would actually like to be able to pay for a security hardened desktop Linux with support, say with grsec - and will be very interested in what Wayland can do to act as a graphics host in future. Against that, for normal commercial-type threats (as opposed to privacy ones), I think the Windows boot-protection/TPM/Bitlocker approach is convenient and seamless. 'Fraid I don't game, and if I did, it would be on a dedicated Windows gaming box on a segregated part of the network (not VM) - gaming software is way too risky to give access to your "real" data.
Interesting - and perhaps why Qubes has stuck with W7 support for now, even though it's getting harder to get licences for it.
Privacy-wise, the best Windows 10 edition is Enterprise LTSB (Long Term Servicing Branch), no apps, no Edge, no Cortana, no telemetry garbage, just a stripped down Windows 10. the trade-off? 10 years of only security updates/fixes but no new feature updates.
Well, the other trade-off being it's not available to savvy retail users and some SMB. Have you any experience of the data partitioning facilities?
Personally I'm using Entp LTSB N x64 and I can agree there is only ONE Update (you can uninstall the old one because they are superseded then which each new update) + Flash Updates + Win Defender update and that's it. I simply not care much about 'new features' especially because Redstone (the new 'improved 10) is already in the pipe. So I upgrade if it comes out asap. In meantime I found this but I can't confirm and I think it's just another troll which want to scare others. Since they are all not really experts it's critical because there is no serious ground to talk about if people have lack of knowledge to understand what's going on. Overall I'm using the final entp. version since the beginning and security wise I not run into much problems, Defender does it's job, I teaked secpol/gpo/apmx and such (as usually) and that's it. I don't think you simply can compare that easy Linux with Windows due several aspects and they both getting updates regularly. I also not getting more spam mails just because I'm using Windows/MS products or something like people want always troll, so slow down and not let the hype win. Just take a cup of coffee and take your time to come to your own conclusion and test objective instead of 'wha there are some IP's ... orly?' Personally I like the new protection mechanism and a lot of programs I'm using already adopting them which then makes it more complicated for hackers to get into the system/programs. For me 'traditional' malware is dead, not just because Windows or Linux but people now getting more news about it, more useful forum entries to protect against and many more, and all this without the necessary to install other stuff. The only real which I had would be an sandbox on the application layer, but this is more because I sometimes download myself stuff from unknown places .. well you know ... *uargh*. But this is complaining on a high level. In fact there already exist software for this since 20 years. The Kerberos hole I sometimes read about isn't (sadly) not fully fixed in Windows because that would require an entire re-write and would break compatibility, so hopefully we get fixes (as we already did with e.g. the last update(s)) or maybe another solution in Redstone or next OS.
I knew I had been round this loop before, trying to check what was in and out - this summarises the situation with Applocker: https://www.microsoft.com/en-gb/WindowsForBusiness/Compare Applocker is NOT in Windows 10 Pro, it's only in Enterprise and Education. It can be "seen" from GPO (and I think you can configure the policies), but cannot be activated on that machine. This is the "upgrade" MS is offering me from W7 Ultimate: going backwards with facilities useful for security.
As a workaround you could just import it via registry, see also a little tutorial https://www.youtube.com/watch?v=WxEa5bk8V20.
I don't know if this has been posted before, but... Configure telemetry and other settings in your organization https://technet.microsoft.com/en-us/library/mt577208.aspx
Well nothing new but the hype was or is that even Entp. versions (by default) sending stuff back and MS promised to fix this and I guess they will. I can't confirm this because it's difficult especially because there are security mechanism which requires internet so on each OS on the world there are 'call homes', I'm talking about e.g. OCSP certificate checks for example which are done once every 24 hours. I could tell much more about this and wrong myths if it comes to 'calling' home but people always want believe the hype. No matter what proof you give, one can destroy every arguments .... Windows is that evil now all should use Linux, what a nonsense, because if Linux would be more attractive (only 4% market share) then the malware talk would belong to Linux. So, chill I guess with several hardening each OS could be very good without any tools just read the given documents and test your own settings and everything will be fine.
It's hardly the case that Linux can be as complacent as it has been - I fondly hope that the glibc debacle will focus the Linux kernel team a bit more down the line of putting more things in sandboxes etc, or using techniques similar to grsec (which now sadly seems to have gone underground). I thought their reaction to grsec was head-in-sand. That's not to say that it's any worse than Windows, just that claiming any of them is anything better than flaky is a bit optimistic, so we have to spend our time sandboxing, firejailing and virtual machining all over the place.
The holes in linux doesn't matter much, only 4% market share is simply nothing to worth talking about it. It's more attractive to attackers to concentrate about OS'es which are widely used. I doubt that sandboxing everything helps, in fact recent attacks like locky showing that if you use backups or cloud based backups which had access to everything could be very easy compromised because if you forgot (after you backup'ed your files) to lock/unplug them, it could be compromised anyway. And this with Windows/Linux and sandbox or not. For me it's useless to talk about such things, the tools and humans aren't fail safe and this is more dangerous because in the wrong hands Linux always can be infected. The recently holes aren't 'new' - Linux malware exists since the beginning but it's simply not hyped that much because only 'a few' people are affected by this. There are also holes which affecting every OS, like in the past BEAST, GHOST, Operation Windigo, Mayhem to just call a few.... So stop to say Linux is the answer this is simply BS, social engineering for example works on every OS and there are no tools to 'fix' this. For me and my understanding Windows is okay and most people (even if they have 100k toggles [opt-in's/opt-out's]) never use/touch such settings, which then again means you're possible more vulnerable - but such game also works exactly in the other way too, touching or changing the wrong things because you think your harden something can make you more vulnerable, so it's very difficult. No AV company or anyone I know ever wrote a complex guide to harden Windows/Linux. There are only some tipps but there's no complete guide about this because this would require a huge knowledge, a lot of time (and coffee) and a lot of research .. and of course it needs to be updated immediately after each patchday (kernel update). - For one single man it's impossible to do all of these.
Article on some settings below. http://www.theregister.co.uk/2016/02/24/windows_10_telemetry/ There are four telemetry settings: "Security", "Basic", "Enhanced", and "Full". Here's how Microsoft sums up the four modes: Security: "Information that’s required to help keep Windows secure, including info about the Connected User Experience and Telemetry component settings, the Malicious Software Removal Tool, and Windows Defender." Basic: "Basic device info, including: quality-related info, app compat, and info from the Security level." Enhanced: "Additional insights, including: how Windows and Windows apps are used, how they perform, advanced reliability info, and info from both the Basic and the Security levels." Full: "All info necessary to identify and help to fix problems, plus info from the Security, Basic, and Enhanced levels."
I hope so too. Unfortunately, the Linux Kernel has always been more about performance than Security. This doesn't imply that it's not secure, though The way I see, the Kernel gives too much permissions to applications like Firefox or Libreoffice, everybody is giving too much trust on these programs. And then when a vulnerability is found, people think Linux is not secure, which isn't the case at all. Linux is way more secure than Windows, but there are a few areas where it could improve that are still haunting people, like Xorg, the default Firewall rules, and etc.
Linux is not more secure. .. or not more as Windows ... but as said everything changes in the wrong hands...
