Windows 10 Security

Discussion in 'other software & services' started by NonGeek, Jan 2, 2016.

  1. malexous

    malexous Registered Member

    Joined:
    Jun 18, 2010
    Posts:
    830
    Location:
    Ireland
    AV-Comparatives August-November 2015 Microsoft Security Essentials on Windows 7 protected rate 94.5%.
     
  2. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,545
    And it erodes with each passing version, and the trade off it just not worth it. Even the security advantages are exaggerated and can be obtained on older versions with the right tweaking, know how and software.
     
  3. guest

    guest Guest

    no issues at all, i hardened it enough to mitigate almost 90% of the threats.

    on my signature; a combo of anti-executables and Virtualization to close the 10% left
     
  4. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    10,014
    It's the same overrated security story over and over again.
    Mrk
     
  5. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,408
    Location:
    Slovenia
    You mean 9,9999% don't you? ;)
     
  6. guest

    guest Guest

    yes, i was lazy to type all those numbers :p
     
  7. Not when the user respects Smartscreen warnings. I think it is very unlikely that ransomware would be on the whitelist. New unsigned software is most likely to be labelled as unknown by Smartscreen.
     
  8. Infected

    Infected Registered Member

    Joined:
    Feb 9, 2015
    Posts:
    1,053
    Do you think it will detect it at all?
     
  9. luxi

    luxi Registered Member

    Joined:
    Aug 31, 2013
    Posts:
    74
    I can't envision a scenario where I am downloading and running ransomware, or any type of malicious software really (anecdote: I haven't encountered anything of the kind in over 13 years). Stick to trusted software publishers and sources and you should be fine. Am I just overestimating the computer/internet savviness of the average Windows user?
     
    Last edited: Jan 6, 2016
  10. Dragon1952

    Dragon1952 Registered Member

    Joined:
    Sep 16, 2012
    Posts:
    2,283
    Location:
    Hollow Earth - Telos
  11. ExtremeGamerBR

    ExtremeGamerBR Registered Member

    Joined:
    Aug 3, 2010
    Posts:
    1,351
    I realize that users here are least likely to need of any security software, they (and maybe myself) do as a hobby.
     
  12. NonGeek

    NonGeek Registered Member

    Joined:
    Dec 28, 2015
    Posts:
    41
    If you were to buy a new and secure Windows 10 computer (as secure as Windows 10 can be) how would the hardware specs look like?
     
  13. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    3,165
    Location:
    Slovakia
    Nuh, ransomware is just like any other malware, it needs either an user interaction, admin rights or scripting in order to infect.
    AV vendros usually do not post detail reports, how it infects PC, so people would think, it is something with unlimited powers.
    Windows_Security made a nice sum up, disable WSH, powershell, autorun, use sandboxed Chrome and 10 gets unpenetrable.
     
  14. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
    The SmartScreen reputation feature is based on whitelisting. So yes, it will "detect" it, as in, it won't recognize it and make you go through hoops to try to execute it.

    If you want to reason that a user would ignore those warnings and continue to execute the malware/ransomware you're free to do so, I'd disagree and would think the average user would cancel.

    So in that regard Windows 10 is more secure than Windows 7, but this feature came first with Windows 8 onwards.

    This is disregarding the new anti exploitation features brought with Windows 10, as I'm not sure if we're wanting to discuss those.
     
  15. NonGeek

    NonGeek Registered Member

    Joined:
    Dec 28, 2015
    Posts:
    41
    I am the OP, let's discuss the new anti exploitation and all other security features of Windows 10 as per thread title, thanks!

    Edit: Also what hardware fully supports Windows 10 security features, would be interesting for people buying new Windows 10 computers.
     
    Last edited: Feb 8, 2016
  16. hjlbx

    hjlbx Guest

    @Windows_Security

    Could you explain these a little ?

    Risk Mitigation
    • Protect system DLL's
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager]
      "ProtectionMode"=dword:00000001
      "SafeProcessSearchMode"=dword:00000001
    • Block untrusted fonts
      [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\MitigationOptions]
      "MitigationOptions_FontBocking"="1000000000000"
    • Disable file encryption
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EFS]
      "EfsConfiguration"=dword:000001
    • Block unsigned process elevation
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
      "ValidateAdminCodeSignatures"=dword:00000001

    • Disable file encryption will block ransomware ?
     
  17. Initially I had some luck blocking them with this, but unfortunately it is not a solid defense.
     
  18. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    3,087
    Location:
    Europe, UE citizen
    Someone uses Cis Defense+ with 10 ? I tried 10 last summer, but Defense+ had conflict with it: if I enable Defense+ it blocked the license and 10 seemed alone license. I tried all possible authorizations in Defense+, but it was a bug. Hope now it's solved.
     
  19. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    2,130
    Location:
    Italy
    Block Untrusted Fonts:

    http://www.ghacks.net/2016/02/05/block-programs-from-loading-untrusted-fonts-in-windows-10/

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\

    Immagine.jpg

    for example, you need to configure an exception for Thunderbird.
     
    Last edited: Apr 18, 2016
  20. JLD

    JLD Guest

    Very interesting list. Thank you for sharing.
    I'm testing SRP for Windows 10 Pro. I have some questions. Before I ask them, a brief overview of my test configuration:

    * UAC: I have a local admin account for installing and updating software, but I run day-to-day as a standard user.
    * AV: I'm currently running Webroot.
    * Browser Protection: I run force Chrome to open in Sandboxie. I also force PDFs to open in Chrome, and thus in Sandboxie.
    * Email Protection: For Outlook, I block (via GPO) ~120 file extensions beyond Outlook's native file extension blocks (~85). Additional blocked file types include .zip, .rar,...basically, every archive and any file extension that I could find that might contain code. I do allow PDFs, xlsx, pptx, docx, and picture files (e.g. .jpg, .png,...). I also block OLE objects in Outlook (via GPO). All OST and PST files are contained in SRP-protected folders
    * SRP: My SRP has rules similar to https://community.spiceworks.com/ho...ction-policy-to-prevent-cryptolocker-and-more (DLLs are not protected). In addition, I also block the NSA-recommended additional folders. In appdata, I have exceptions for OneDrive (the whole folder) and for one Chrome executable
    * Firewall: I block outbound Regsvr32 (two files)
    * USB: Autorun is off (via GPO), and we do not use USB drives that are not new or are not ours
    * Firewall: Running a well-configured Sophos Home UTM (default deny, a handful of firewall rules and ~25 Web Protection exceptions for various programs like Revo Uninstaller, MBAM updates,..., some country blocking,...)

    This looks pretty bulletproof to me, but I am seeking a 2nd opinion. I think almost nothing will hit my hard drive from Outlook, and I'm not click-happy.

    I've been reading about ways to bypass SRP, and found your post. My questions:

    1. Where did you get your registry edits to disable Powershell? I found them only on one other site: virus-protect.org. It seems like they are not widely discussed
    2. Will those two Powershell registry edits cause trouble with Windows Updates or major programs like Chrome, Office 2016, Veracrypt, Sandboxie,....?
    3. Given my configuration, which of the other registry or GPO edits (I'm looking for no additional software) that you listed would you suggest to protect against "fileless" malware, Powershell exploits, and/or other advanced exploits? (e.g. fonts?, DLL protection,...) I'd like to add only what is necessary
    4. Any other suggestions?

    Thank you:)
     
  21. Powerscript registry tweak had not given me trouble on Windows 7, 8.1 and 10 (all 32 bits versions).

    I would add DLL files also. You wont notice any performance drop.

    I would not run Chrome sandboxed, but would enable AppContainer and Sys32 lockdown and put Chrome download folder in force folder mode of Sandboxie.
     
  22. chrcol

    chrcol Registered Member

    Joined:
    Apr 19, 2006
    Posts:
    977
    Location:
    UK
    what are all the security improvements in windows 10 vs 8.1?

    I know of the font blacklist system and the improvements to UAC whitelisted apps (which should be backported to 7 and 8.1 but they not). The latter has no relevance to me since I run UAC on the most paranoid setting.

    To me having the vendor handling all my updates automated is unacceptable, I also dont like that they reinstall the OS everytime is a new threshold build (more if insider) which in turn loses settings, can lose apps, and breaks compatibility. This is why I moved to 8.1 from 7 instead of 10. Moving to 8.1 has still given me appcontainers and secureboot.

    JLD do you mind sharing your outlook extension list for blocking, thank you :)

    Regarding SRP, I use certificate rules, cannot really feel performance impact. I do not use DLL blocking because it seems buggy, e.g. I cannot get blizzard battle.net launcher to work with DLL enforcement without doing widespread path whitelisting. Chrome netflix also broke with DLL enforcement. Shame as DLL blocking in applocker works fine.

    Also I use the WSH shell entries and nothing has broken on my system. I also use the DLL sessionmanager entries, likewise with nothing broken. Both the WSH and DLL stuff is mentioned in a australian government security policy pdf document I downloaded, but cannot remember where from.
     
    Last edited: May 21, 2016
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.