So what is the best way to implement a secure a windows install without enabling being a complete botnet cuck?
Don't suggest anvivirus meme, I am actually not a Sup Forums babby
So far I was thinking: >Sand boxing mounted Flash drives >Disabling auto run >Highest UAC restriction >Highest Firewall restriction >Sand boxing firefox >DNSSec >Using a Non-admin account
Too bad windows has neither any role-based access control nor PaX equivalent.
I have been hearing a lot about running Ubuntu's firefox in Windows 10.
Is it somehow possible to let only THAT browser through to the Internet with firewall?
Also, is it actually possible to use the ReFS by default?
Jackson Wood
Reported, fucking terrorist pedo.
Daniel Kelly
Antivirus you fucking idiot
John Price
Fuck off, tumblr scum Nice meme. I don't like ads
Ayden Davis
>Nice meme. I don't like ads
Heard of paying for it and not being a greedy fuck?
Oliver Phillips
Antiviruses are memes, all they do is find matches to a fucking blacklist. Calling these real security software is a joke
Eli Wood
>Antiviruses are memes, all they do is find matches to a fucking blacklist.
Yes? So? How does that in any way devalue them? You realize this is a relatively very effective way of preventing malware?
Noah Myers
Not connecting it to any network
Jackson Kelly
>There can be no malware outside my blacklist wow
My current windows VM has no network. But I am turning the hard mode on this time with my spare laptop
Nathaniel Sullivan
if you're this concerned windows just isn't for you
Joseph Hall
So windows is still an unsecured piece of shit in 2016?
Cameron Carter
>>There can be no malware outside my blacklist >wow
..what Do you think that is what I think?
Do you think there is such a thing as a 100% perfect way to prevent viruses? Of course not. Is there a very good way to prevent viruses? Yes, it's called antivirus.
Isaac Green
Time to leave retard.
Jesus what happened to Sup Forums?
Jack Hill
So you ran out of your dumb arguments and resort to namecalling huh. You're wrong, face it
Hunter Russell
For the last time you dumb wintard, blacklisting known files is NOT a decent security implementation. I did NOT ask for a placebo. Fuck off
Matthew Mitchell
You can keep repeating that but it doesn't make it true.
Ryder Bennett
Thanks but I don't run on opinions. Now if you don't have any more security hardening ideas, get the fuck back to Sup Forums
Nathan Mitchell
>Thanks but I don't run on opinions.
Bullshit, opinions is all you have said so far
Nolan Reyes
1. Disable all unnecessary services. To do this, you first need to determine which services can be disabled. Sounds simple enough, but it's not. For example, it's impossible to disable the Remote Procedure Call (RPC) service. Also, little documentation exists to identify what services a given purpose will require. Even if we had such a list, it would likely change depending on a vendor's specific implementation (say, of a DNS or mail server). In the end, knowing which services are required and which can be disabled is largely a matter of trial and error.
2. Remove all unnecessary executables and registry entries. Forgetting to remove unneeded executables and registry entries might allow an attacker to invoke something that had previously been disabled.
3. Apply appropriately restrictive permissions to files, services, end points and registry entries. Inappropriate permissions could give an attacker an opening. The ability to launch CMD.EXE as "LocalSystem," for example, is a classic backdoor.
Don't know about windows 10 though. Some controls might be missing
Ethan Bennett
>Remove all unnecessary executables and registry entries. How do I do that?
Kevin Brooks
Windows has no real security, not by defult if you want no botnet
Liam Parker
Delete system32
Carter White
>babby baby
Lincoln Turner
There is no way to secure a Windows installation completely other than uninstalling it and DBANing the hard drive.
Kayden Nelson
kek
William Torres
>So what is the best way to implement a secure a windows install without enabling being a complete botnet cuck? Not possible. Windows is fundamentally insecure.
>Sand boxing mounted Flash drives Windows has no useful concept of sandboxing
>Disabling auto run Won't protect you. Sophisticated attacks against the fundamental parsers exist.
>Highest UAC restriction Placebo
>Highest Firewall restriction Even more placebo. Won't remove malware.
>DNSSec Completely irrelevant
>Using a Non-admin account Negated by privilege escalation
Samuel Lewis
Windows doesn't know sandboxing but some third party softwares actually bring sandboxing in the poo OS.
DNSSEC was a web security measurement.
Grayson Adams
>a secure a windows install without enabling being a complete botnet cuck?
this is literally what winbabies think
Tyler Moore
>So what is the best way to implement a secure a windows install without enabling being a complete botnet cuck? >>Not possible. Windows is fundamentally insecure. Not True. Hyper-V, AppLocker, and a NAT Switch. Good luck compromising that level of security.
>Sand boxing mounted Flash drives >>Windows has no useful concept of sandboxing Sandboxie, VDrivers, and once again, Applocker.
>Disabling auto run >>Won't protect you. Sophisticated attacks against the fundamental parsers exist. Delete the service and sys32 directory. Autorun no longer exists.
>Highest UAC restriction >>Placebo Really? Try breaking a SHA-256 PKI ECC.
>Highest Firewall restriction >>Even more placebo. Won't remove malware. Kaspersky, MD5 Hash Algorithm, and AGAIN, Applocker. Malware can still find it's way onto your machine, but falls into an infinite failed execution state before being identified and removed.
>DNSSec >>Completely irrelevant For Windows purposes, this is completely irrelevant.
>Using a Non-admin account >>Negated by privilege escalation Virtual DC, no local admin, and GPO blocking local administrators / privledge escalation. Done.
Windows is actually one of the more secure OS on the market. Check your facts before making the vague claims.
