5

509322

It would be interesting and useful to post instructions to disable interpreters and sponsors, even without the use of SysHardener or Hard Configurator.
The instructions are posted here and all over the internet.

Want a fast and dirty way to disable something ? Navigate to a file, rename it, and append the _ character to the file name - e.g. wscript.exe_ .

The smartest way to disable stuff is SRP.
 

Andy Ful

Level 45
Verified
Trusted
Content Creator
A few words about the idea of many security programs and script blocking.
I did some tests to show, that generally, AV vendors did not solve the malicious scripts problem. So, it would be reasonable for the home user to block the script execution by the external tool or by the reg tweak. Script interpreters can be also renamed, but that can be reverted by the system, for example, after a major update.

I used very simple and very special scripts, so from the fact that particular AV blocked all my samples does not follow that it has got a great anti-script protection. In fact, all my samples could be blocked just by the proper firewall rules. The opposite reasoning can be more sound, because if the AV cannot mitigate such simple scripts (commonly used in the wild), then it has not got a great anti-script protection.
 

Andy Ful

Level 45
Verified
Trusted
Content Creator
Going back to the very beginning....

Discuss: Do we actually need so many security programs?

Yes, we do.
...
Always remember -- More is Better.
The layered security is a good idea on the stable, non-changing system. There are some, like Windows XP, Windows Vista, and Windows 8. The user can experiment on such a system to adjust the layered security based on 3rd party security applications.
But, I do not believe that this would be a good idea on Windows 10, when 3rd party real-time security applications are used for that. Even when using only Windows built-in features, the user can be faced with some problems.
Personally, I like the below idea:

For the layered security, use Windows built-in features as much as it is reasonable. Do not use 3rd party solution, if the problem is solved already by Windows built-in feature.

If you have something like KIS, do not install 3rd party security applications, but learn how to tweak KIS and learn how to avoid its weak points. Usually, you can also adopt Windows built-in features.
 
Last edited:
5

509322

Security config:

HIPS + sandbox + AV + firewall + 2nd AV + 7 browser extensions + desktop adblocker + DNS filtering + DNS encryption + VPN + rollback + backup + anti-executable =

Rbf0Cq1.gif


Oh and I forgot all the other apps I collect... PDF reader, office suite, video player, games, 1000s of vids, etc, etc, etc.

I'm lucky my system doesn't fall right through the floor it is downloaded so heavily. Heavier than a battleship. 75 programs installed...
 

Andy Ful

Level 45
Verified
Trusted
Content Creator
Symantec still offers the download of noscript, but not that publicly anymore, since it works, so people might not need to buy theirs AV then. :sneaky:
Code:
http://www.symantec.com/avcenter/noscript.exe
This proggie has to be run with admin rights to work. If not, then you will see the message that scripts are disabled, but in fact they are not. It was probably not intended to be run as a standalone tool.

This tool can simply rename the file associations for the script files. For example, disabling the *.vbs scripts is done as follows:
The Windows default key name:
HKLM\SOFTWARE\Classes\VBSFile
The key renamed by Symantec:
HKLM\SOFTWARE\Classes\VBSFile.SymantecDisabled

Yet, this cannot prevent script execution via the below command:
C:\Windows\system32\wscript.exe /e:vbscript path_to_script
 
Last edited:

Andy Ful

Level 45
Verified
Trusted
Content Creator
@Andy Ful
And what about Script Defender (AnalogX)?...it's quite old tool but it can be still valid on Windows 7...maybe even higher?
System Downloads : Script Defender /// AnalogX
Could you test it?
This tool can change the file associations in a slightly different way, so instead of wscript.exe the sdefend.exe (from the application folder) is used to open scripts. The executable sdefend.exe can ask if the script has to be run or blocked. The tool can be bypassed by using the command lines, for example (*.vbs scripts):
C:\Windows\system32\wscript.exe /e:vbscript path_to_script
and also
C:\Windows\system32\cscript.exe path_to_script
 
Last edited:

oldschool

Level 32
Verified
...Personally, I like the below idea:

For the layered security, use Windows built-in features as much as it is reasonable. Do not use 3rd party solution, if the problem is solved already by Windows built-in feature.

If you have something like KIS, do not install 3rd party security applications, but learn how to tweak KIS and learn how to avoid its weak points. Usually, you can also adopt Windows built-in features.
This is the idea that makes the most sense to me, with W10 changing so often.
 

Andy Ful

Level 45
Verified
Trusted
Content Creator
Back to the layered protection with several applications. Do MT members need additional tools for anti-script protection over the standard AV?
Let's suppose that the user has the below setup on Windows 10 (home environment with a NAT router):
  1. Default Windows settings + Standard AV based on signatures and heuristics.
  2. No installed MS Office and Adobe Acrobat applications + updated software.
  3. Explorer set to show file extensions + the basic knowledge about entries in the Type column.
  4. Basic knowledge, that most files used for installing applications and sharing files with other people, have the above extensions: .exe, .msi (installers), .docx, .xlsx, .pub, .pptx, .accdb (MS Office), .pdf (Adobe), .mobi, .epub, .azw (ebooks), .png, .jpg (photos), .mp3, .wma, .flv, .wmv, .mp4, .avi, .mkv (music and video), .zip (archive).
  5. All other file extensions should be considered as suspicious, except if the user expects such a file and know the application that opens it. Especially suspicious are of course the files wit a double extensions (.docx.exe , .jpg.scr, .mp3.js, etc.)
  6. UAC set to max and enabled SmartScreen.
  7. Safe web browser (Edge, Chrome, ...).
If the user is not a happy clicker, then the chances to infect the system without the knowledge and support of the user are close to 0. So, maybe it is not worthy to build the security pyramid, but learn a little and train a few healthy habits. It is possible, like training the habit of looking left and then right while crossing the road.
 
Last edited:
5

509322

Back to the layered protection with several applications. Do MT members need additional tools for anti-script protection over the standard AV?
Let's suppose that the user has the below setup on Windows 10 (home environment with a NAT router):
  1. Default Windows settings + Standard AV based on signatures and heuristics.
  2. No installed MS Office and Adobe Acrobat applications + updated software.
  3. Explorer set to show file extensions + the basic knowledge about entries in the Type column.
  4. Basic knowledge, that most files used for installing applications and sharing files with other people, have the above extensions: .exe, .msi (installers), .docx, .xlsx, .pub, .pptx, .accdb (MS Office), .pdf (Adobe), .mobi, .epub, .azw (ebooks), .png, .jpg (photos), .mp3, .wma, .flv, .wmv, .mp4, .avi, .mkv (music and video), .zip (archive).
  5. All other file extensions should be considered as suspicious, except if the user expects such a file and know the application that opens it.
  6. UAC set to max and enabled SmartScreen.
  7. Safe web browser (Edge, Chrome, ...).
If the user is not a happy clicker, then the chances to infect the system without the knowledge and support of the user are close to 0. So, maybe it is not worthy to build the security pyramid, but learn a little and train a few healthy habits. It is possible, like training the habit of looking left and then right while crossing the road.
A user that knows all of the above of course anti-scriptor is not needed, but you have to remember the amount and level of irrational paranoia here on the forums. Not to mention the rampant addiction of playing with security softs just for the sake of having something to play with.

Anyway... Microsoft itself (it's security division) advises that IT Pros disable a whole list of things if they aren't needed. So if they tell that to IT Pros, then it is doubly true for home users. It's not the home users' fault that Microsoft is negligent in properly informing and protecting consumers.
 

Andy Ful

Level 45
Verified
Trusted
Content Creator
A user that knows all of the above of course anti-scriptor is not needed, but you have to remember the amount and level of irrational paranoia here on the forums. Not to mention the rampant addiction of playing with security softs just for the sake of having something to play with.
...
That is right. :giggle:
There is also another kind of paranoia in restricting the system without understanding the consequences. It can be as dangerous as using several security applications.
It is reasonable to sell one of the two bicycles if you only need one. But, it is not reasonable to sell two bicycles, because it can be done and someone did so, successfully. I have observed such tendention on the threads of SysHardener, OSArmor, and Hard_Configurator. Especially dangerous can be restrictions applied via the several reg tweaks, because after some time the users often forget what had been restricted. Also, some of them do not even know, how to revert the restrictions.
 
Last edited:

shmu26

Level 82
Verified
Trusted
Content Creator
Especially dangerous can be restrictions applied via the several reg tweaks, because after some time the users often forget what had been restricted.
Yup.
I ran SysHardener several times, with different sets of tweaks, and also Hard_Configurator, plus a few of my own manual system tweaks, and I got to the point that I wasn't sure I knew what my settings really were anymore, so I did a Windows Reset.
 

Moonhorse

Level 26
Verified
Content Creator
Security config:

HIPS + sandbox + AV + firewall + 2nd AV + 7 browser extensions + desktop adblocker + DNS filtering + DNS encryption + VPN + rollback + backup + anti-executable =

View attachment 201137

Oh and I forgot all the other apps I collect... PDF reader, office suite, video player, games, 1000s of vids, etc, etc, etc.

I'm lucky my system doesn't fall right through the floor it is downloaded so heavily. Heavier than a battleship. 75 programs installed...
Just download ram from the internet, and youre fine(y)
 

Andy Ful

Level 45
Verified
Trusted
Content Creator
Security config:

HIPS + sandbox + AV + firewall + 2nd AV + 7 browser extensions + desktop adblocker + DNS filtering + DNS encryption + VPN + rollback + backup + anti-executable =

View attachment 201137
...
What an excelent idea of the layered protection:
Comodo Firewall (set to Anti-exe) + Windows Defender + WD Network Protection + Adguard DNS + VPN.AC (VPN + DNS encryption) + RollBack Rx PRO + Macrium Reflect + 7 extensions (Grammarly, Word Online, Excel Online, PowerPoint Online, DNS over HTTPS, Enhancer for YouTube3, Netcraft, Canvas Defender).
Many MT members would love it.:giggle:
 

Data Volta

New Member
It depends on what security you need. For computer, you only need one service because if you have multiple anti virus installed, it may disrupt your computer.

There are web application firewall for websites which is different kind of security.
 

erreale

Level 8
Verified
Content Creator
Malware Hunter
What an excelent idea of the layered protection:
Comodo Firewall (set to Anti-exe) + Windows Defender + WD Network Protection + Adguard DNS + VPN.AC (VPN + DNS encryption) + RollBack Rx PRO + Macrium Reflect + 7 extensions (Grammarly, Word Online, Excel Online, PowerPoint Online, DNS over HTTPS, Enhancer for YouTube3, Netcraft, Canvas Defender).
You forgot VoodooShield!

:):)