Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
General Security Discussions
Can I trust this script from github?
Message
<blockquote data-quote="SimeonOnSecurity" data-source="post: 1066068" data-attributes="member: 105125"><p>In our readme, we explain you shouldn't run it if you don't understand what it does. However, we do try out best to provide the best tools possible and document any bugs or shortcomings.</p><p>You should always verify what scripts are doing. In situations where you can't, asking other professionals is the best thing to do. I congratulate you on doing things correctly. Many of our users don't even read the first sentence of the readme lol.</p><p>The scripts you mentioned do make a lot of changes on your system. They are designed for home use. Or, in the defender script, both home and enterprise.</p><p>You should test this script on a test system or vm first. It changes a lot of what people know and use in windows.</p><p>Things like signing in with microsoft accounts or pins, SMB v1 and v2, telnet, weak encryption ciphers and hashing algos, any TLS version below 1.2, all SSL versions, password saving in browsers, using macros in office, auto connecting to wifi, etc are all disabled. It's primarily a security script and implements many best practices from many organizations. These are significant and not to be taken lightly. There will be a learning curve. But it is all there to make it harder to do things insecurely. You'd have to go out of your way to do that 99% of the time if you run the script.</p><p>Now with regards to debloating, debloating can break windows almost as badly, if not worse, than hardening. Most debloating scripts to basically nothing or far far too much.</p><p>For instance, you can disable cortana and all of its telemetry without issues. But if you physically remove it, you break windows search, explorer, (the old version of edge), and a few other things. We don't do that in our debloating scripts. We debloat to a level that is good for the majority of people. Now for the extremists. If you're one of those, learn and switch to linux already <img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite110" alt=";)" title="Wink ;)" loading="lazy" data-shortname=";)" /></p></blockquote><p></p>
[QUOTE="SimeonOnSecurity, post: 1066068, member: 105125"] In our readme, we explain you shouldn't run it if you don't understand what it does. However, we do try out best to provide the best tools possible and document any bugs or shortcomings. You should always verify what scripts are doing. In situations where you can't, asking other professionals is the best thing to do. I congratulate you on doing things correctly. Many of our users don't even read the first sentence of the readme lol. The scripts you mentioned do make a lot of changes on your system. They are designed for home use. Or, in the defender script, both home and enterprise. You should test this script on a test system or vm first. It changes a lot of what people know and use in windows. Things like signing in with microsoft accounts or pins, SMB v1 and v2, telnet, weak encryption ciphers and hashing algos, any TLS version below 1.2, all SSL versions, password saving in browsers, using macros in office, auto connecting to wifi, etc are all disabled. It's primarily a security script and implements many best practices from many organizations. These are significant and not to be taken lightly. There will be a learning curve. But it is all there to make it harder to do things insecurely. You'd have to go out of your way to do that 99% of the time if you run the script. Now with regards to debloating, debloating can break windows almost as badly, if not worse, than hardening. Most debloating scripts to basically nothing or far far too much. For instance, you can disable cortana and all of its telemetry without issues. But if you physically remove it, you break windows search, explorer, (the old version of edge), and a few other things. We don't do that in our debloating scripts. We debloat to a level that is good for the majority of people. Now for the extremists. If you're one of those, learn and switch to linux already ;) [/QUOTE]
Insert quotes…
Verification
Post reply
Top