So what is the best way to implement a secure a windows install without enabling being a complete botnet cuck?
Don't suggest anvivirus meme, I am actually not a /v/ babby
So far I was thinking:
>Sand boxing mounted Flash drives
>Disabling auto run
>Highest UAC restriction
>Highest Firewall restriction
>Sand boxing firefox
>DNSSec
>Using a Non-admin account
Too bad windows has neither any role-based access control nor PaX equivalent.
I have been hearing a lot about running Ubuntu's firefox in Windows 10.
Is it somehow possible to let only THAT browser through to the Internet with firewall?
Also, is it actually possible to use the ReFS by default?
>>54768184
Reported, fucking terrorist pedo.
Antivirus you fucking idiot
>>54768426
Fuck off, tumblr scum
>>54768436
Nice meme. I don't like ads
>>54768462
>Nice meme. I don't like ads
Heard of paying for it and not being a greedy fuck?
>>54768552
Antiviruses are memes, all they do is find matches to a fucking blacklist. Calling these real security software is a joke
>>54768601
>Antiviruses are memes, all they do is find matches to a fucking blacklist.
Yes? So? How does that in any way devalue them? You realize this is a relatively very effective way of preventing malware?
Not connecting it to any network
>>54768715
>There can be no malware outside my blacklist
wow
>>54768729
My current windows VM has no network. But I am turning the hard mode on this time with my spare laptop
if you're this concerned windows just isn't for you
>>54768817
So windows is still an unsecured piece of shit in 2016?
>>54768795
>>There can be no malware outside my blacklist
>wow
..what
Do you think that is what I think?
Do you think there is such a thing as a 100% perfect way to prevent viruses? Of course not. Is there a very good way to prevent viruses? Yes, it's called antivirus.
>>54768893
Time to leave retard.
Jesus what happened to /g/?
>>54768920
So you ran out of your dumb arguments and resort to namecalling huh. You're wrong, face it
>>54768977
For the last time you dumb wintard, blacklisting known files is NOT a decent security implementation. I did NOT ask for a placebo. Fuck off
>>54769027
You can keep repeating that but it doesn't make it true.
>>54769044
Thanks but I don't run on opinions. Now if you don't have any more security hardening ideas, get the fuck back to /v/
>>54769068
>Thanks but I don't run on opinions.
Bullshit, opinions is all you have said so far
1. Disable all unnecessary services. To do this, you first need to determine which services can be disabled. Sounds simple enough, but it's not. For example, it's impossible to disable the Remote Procedure Call (RPC) service. Also, little documentation exists to identify what services a given purpose will require. Even if we had such a list, it would likely change depending on a vendor's specific implementation (say, of a DNS or mail server). In the end, knowing which services are required and which can be disabled is largely a matter of trial and error.
2. Remove all unnecessary executables and registry entries. Forgetting to remove unneeded executables and registry entries might allow an attacker to invoke something that had previously been disabled.
3. Apply appropriately restrictive permissions to files, services, end points and registry entries. Inappropriate permissions could give an attacker an opening. The ability to launch CMD.EXE as "LocalSystem," for example, is a classic backdoor.
Don't know about windows 10 though. Some controls might be missing
>>54769127
>Remove all unnecessary executables and registry entries.
How do I do that?
>>54768184
Windows has no real security, not by defult if you want no botnet
>>54769210
Delete system32
>>54768184
>babby
baby
>>54768184
There is no way to secure a Windows installation completely other than uninstalling it and DBANing the hard drive.
>>54770950
kek
>>54768184
>So what is the best way to implement a secure a windows install without enabling being a complete botnet cuck?
Not possible. Windows is fundamentally insecure.
>Sand boxing mounted Flash drives
Windows has no useful concept of sandboxing
>Disabling auto run
Won't protect you. Sophisticated attacks against the fundamental parsers exist.
>Highest UAC restriction
Placebo
>Highest Firewall restriction
Even more placebo. Won't remove malware.
>DNSSec
Completely irrelevant
>Using a Non-admin account
Negated by privilege escalation
>>54771503
Windows doesn't know sandboxing but some third party softwares actually bring sandboxing in the poo OS.
DNSSEC was a web security measurement.
>>54768184
>a secure a windows install without enabling being a complete botnet cuck?
this is literally what winbabies think
>>54771503
>So what is the best way to implement a secure a windows install without enabling being a complete botnet cuck?
>>Not possible. Windows is fundamentally insecure.
Not True. Hyper-V, AppLocker, and a NAT Switch. Good luck compromising that level of security.
>Sand boxing mounted Flash drives
>>Windows has no useful concept of sandboxing
Sandboxie, VDrivers, and once again, Applocker.
>Disabling auto run
>>Won't protect you. Sophisticated attacks against the fundamental parsers exist.
Delete the service and sys32 directory. Autorun no longer exists.
>Highest UAC restriction
>>Placebo
Really? Try breaking a SHA-256 PKI ECC.
>Highest Firewall restriction
>>Even more placebo. Won't remove malware.
Kaspersky, MD5 Hash Algorithm, and AGAIN, Applocker. Malware can still find it's way onto your machine, but falls into an infinite failed execution state before being identified and removed.
>DNSSec
>>Completely irrelevant
For Windows purposes, this is completely irrelevant.
>Using a Non-admin account
>>Negated by privilege escalation
Virtual DC, no local admin, and GPO blocking local administrators / privledge escalation. Done.
Windows is actually one of the more secure OS on the market. Check your facts before making the vague claims.
