Windows 7 security - A few tips more

Discussion in 'other software & services' started by Mrkvonic, Feb 19, 2010.

Thread Status:
Not open for further replies.
  1. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Hi guys,

    It's time for a second tutorial on Windows 7 security, focusing on AppLocker and Software Restriction Policies (SRP), BitLocker encryption, privacy and security settings in Windows Media Player (WMP), and Parental Control. Have fun.

    http://www.dedoimedo.com/computers/windows-7-security-more.html


    P.S. If you have more tips, in addition to the first article, feel free to suggest them!

    Cheers,
    Mrk
     
  2. wat0114

    wat0114 Guest

    Nice tutorial, as always, Mrkvonic :thumb:
     
  3. MaB69

    MaB69 Registered Member

    Joined:
    Dec 9, 2005
    Posts:
    540
    Location:
    Paris
    Hi,

    Thanks Mrk and again a gread read at dedoimedo

    Regards,

    MaB
     
  4. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    I would suggest you include the filename.(namespace) trick to enable the Control Panel to show all panels available for opening. You can place this file in the root and it becomes essentially a directory when exploring.

    You can also use the namespace in context menus or scripts if you like.

    With all the panels that vista/7 like to use, it can be very helpful when you are showing people how to do something. A few less screenshots involved.

    I am wondering, do you actually use AppLocker?

    Sul.
     
  5. dcrowe0050

    dcrowe0050 Registered Member

    Joined:
    Sep 1, 2009
    Posts:
    378
    Location:
    NC
    Thanks Mrk. By the way Sully, did you get PGS to work correctly on Win 7. I only ask because I was asked to write an article on Win 7 security,eg. SRP, Integrity, SEHOP etc. I was thinking of including it if it is working like it did on Vista. Thanks
     
  6. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    PGS does work on win 7. Ignore the prompts and it is fine. I have only used it on Ultimate, so don't know how it works on other versions. I was thinking AppLocker might work the same, but it seems to only be usable from the GPO. So no GPO, no AppLocker even if the .reg values exist (so far anyway).

    However, it is only usable if you wish to Allow or Deny, there is no more implementation for the Basic User option in Win 7.

    I plan to update it, but there will be no significant changes to the SRP portion other than perhaps a new layout. There are some other things that I am looking at putting into it, but nothing earth shattering to most members here. Just some things you might want to implement that make it automated instead of merging .reg files, same as PGS set out to do.

    It will have to wait though until I both finish getting all of my tweaks in line for 7 (it is my every day OS now) and figure out how exactly I am going to harden it. You know, gotta do that by hand to learn it ;)

    Sul.
     
  7. dcrowe0050

    dcrowe0050 Registered Member

    Joined:
    Sep 1, 2009
    Posts:
    378
    Location:
    NC
    OK I think i'll download it and take a look, I personally have never used it but I have read a lot in the thread and posts for it. Yeah I have an older desktop that I just upgrade to Home Premium, so I might test on it and see how it works. Thanks
     
    Last edited: Feb 20, 2010
  8. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Sully, I'm still not using win 7 in a production environment, testing.
    I'd like to see something like surun for win 7, that seems like the ideal solution.
    Mrk
     
  9. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    Will you be doing any research on what services to shut down to harden 7? There are so many, and I have killed many of them, but would be willing to disable even more if it is possible and still have basic functionality. I care about both services that are not normally needed that might bring exploits as well as trimming down the footprint.

    Very willing to test o_O

    Sul.
     
  10. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
  11. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    Thank you. I have been visiting both of those for many years. BVs list is so large now, and I have not seen options like he used to have, where he put all that mumbo jumbo into .pdf or .csv/.xls formats, so I really don't like viewing it in a browser. I could print it, except that would not be much better by the amount of pages because the layout is terrible for that.

    Short of stripping his website to my hdd, or typing it manually, or writing a script to do it, I am looking for someone who wants to test those out, and find out the real skinny. Many of them are so intwined together that it is a needle in a haystack sometimes to figure out which one broke something. A systematic approach to it will be best.

    But since this was focused on win7 security, and we know there are default services in every version of this OS that should NOT be running, maybe there would be some testing to see just what is what. It is not enough to understand that serviceX has port123 open, but if you shut down services X,Y & Z, how does this effect both security and functionality. In XP we had years to figure it out, and the services list was much smaller, and the services were not so modular.

    I do appreciate the time you took though. Thanks again.

    Sul.
     
  12. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
    Your welcome Sully! It was no problem. I had those sites bookmarked and I sorta figured you knew about them.

    I've only tried Windows 7 RC and your right about there being a lot of services. The longer I tried the more it bothered me having tons of services running and things listening on ports.

    Hopefully more info will be available soon for those of us that like to tighten things up.

    Cheers
     
Loading...
Thread Status:
Not open for further replies.