Hard_Configurator - Windows Hardening Configurator

[Andy Ful]

Easy to use too.

Ha, ha.
Thanks. I wish they would be so easy.

 

[polishpatriot]

Thanks. I wish they would be so easy.

C'mon bro. It does make it easy for a security geek that is too lazy to research and write a few scripts for themselves.

Make it paid. $29.95. Then see what people say.

Everybody loves free.

PS - for typical user... forget it. Not easy. They are lost.

 

[plat]

Uh, I believe Hard_Configurator is ESPECIALLY for "typical" users like me, if only they were lucky enough to come across it like I was. Probably moreso than for advanced users. A straightforward, unadorned, easy-to-read user interface devoid of jargon and techno-babble, something Microsoft hasn't been able to accomplish in the past three decades. One doesn't have to be Einstein in order to strengthen Defender's OOBE, to click a few boxes and know in general that protection is now strengthened and without sacrificing machine performance. Don't even have to hunt and search for obscure ways to harden Defender (that is, if you happen to already know these techniques are, in fact, out there and available to anyone).

I asked the developer one time about monetizing, using NVTOSArmor as a reference (which is a donationware). It's in this thread somewhere.

 

[polishpatriot]

Uh, I believe Hard_Configurator is ESPECIALLY for "typical" users like me, if only they were lucky enough to come across it like I was. Probably moreso than for advanced users. A straightforward, unadorned, easy-to-read user interface devoid of jargon and techno-babble, something Microsoft hasn't been able to accomplish in the past three decades. One doesn't have to be Einstein in order to strengthen Defender's OOBE, to click a few boxes and know in general that protection is now strengthened and without sacrificing machine performance. Don't even have to hunt and search for obscure ways to harden Defender (that is, if you happen to already know these techniques are, in fact, out there and available to anyone).

I asked the developer one time about monetizing, using NVTOSArmor as a reference (which is a donationware). It's in this thread somewhere.

@Andy Ful will tell you himself how "typical" user deals with using Hard_Configurator and SRP.

It's definitely not just about ticking a few boxes, pushing a few buttons to enable protections. There is a lot more to it than that. You have to actually understand what the protections are doing on the system when it comes time to troubleshoot and resolve issues.

A typical user knows absolutely nothing about their ecosystem. So when it comes to resolving blocked objects they don't know what to do.

If the price of Hard_Configurator was $29.95, then nobody would be using it. Well, maybe a handful. A lot of its popularity is driven solely by the fact that it is free.

 

[oldschool]

I love free. Doesn't everyone?

 

[plat]

OK, you make good points here, polishpatriot. How about for "typical" users who have an actual interest in computer security, then. Not all of us are the "typical" type of user you appear to indicate, there's a range there. You don't have to know all the technical details about paints and pigments and canvases in order to enjoy a Matisse.

I understand the point you were making about monetizing it now, it needed a little clarification.

 

[polishpatriot]

OK, you make good points here, polishpatriot. How about for "typical" users who have an actual interest in computer security, then. Not all of us are the "typical" type of user you appear to indicate, there's a range there. You don't have to know all the technical details about paints and pigments and canvases in order to enjoy a Matisse.

I understand the point you were making about monetizing it now, it needed a little clarification.

a typical user will have no interest beyond powering the unit on and connecting to netflix and security is not a priority for them

that is always the kind of typical user that i'm talking about

so we're talking about usability for them, and something like VS or H_C just doesn't work for that class of user; everybody knows that default deny is for the initiated user and not the typical, casual user

for that class of user, antivirus that uses signatures is far better suited to them - and peoples' observations here have proven that point many times

the people that come to forums such as this and have even a passing interest in security represent less than 0.1% of all users

 

[polishpatriot]

I love free. Doesn't everyone?

That's the whole point. You wouldn't have such adoration and proclaim any love if you had to pay for it - because you never would pay for it and therefore would never use it.

LOL

 

[oldschool]

I love to pay too! I paid for VoodooShield, one of the best apps on the market. I'd pay Andy too, as would others. But Andy loves people so he wouldn't charge for it. In fact, I love everything and everyone!

 

[HarborFront]

@Andy Ful

I posted my questions on Windows Defender Application Guard and WD Sandbox below

Advice Request - Syshardener tweak suggestions?

I did this to restore defaults on a pc so I could use a program that needed a script (checking for specter/meltdown patches). Everything seemed fine until I could no longer open ConfigureDefender. I don’t know what setting it changed, but it was not changed to the value it was originally set at...

malwaretips.com

and you said they can be added to HC and they also can be enabled in Windows settings

So to confirm will you be adding the 2 items to HC? It'll be easier to just tick the features in HC instead of going into Windows settings to enable them

Thanks

 

[Andy Ful]

...
PS - for typical user... forget it. Not easy. They are lost.

That is what I meant in my post (and many posts in other threads).

 

[Andy Ful]

@Andy Ful

I posted my questions on Windows Defender Application Guard and WD Sandbox below

https://malwaretips.com/threads/syshardener-tweak-suggestions.90645/page-2

and you said they can be added to HC and they also can be enabled in Windows settings

So to confirm will you be adding the 2 items to HC? It'll be easier to just tick the features in HC instead of going into Windows settings to enable them

Thanks

I did not decide, yet. H_C was not created to save people a few mouse-clicks per year. For now, I am engaged in other important features, so improving the convenience must wait.
I would like to recall that H_C was created for advanced users (Home Administrators) to protect the computers used by average users (family members, friends). The advanced user can apply H_C settings on his/her computer if he/she likes the semi-locked setup. H_C can be used also by semi-advanced users who read/post in this thread, because I can help them. H_C is intended to support Windows Home editions.
The average user must have occasional help from the Home Administrator, because smart-default-deny configuration will sometimes block software installations and software updates. I found out that by applying H_C default-deny settings, I spend much less time to maintain the family/friends computers.
Home users who install many applications for fun should not use H_C settings because this would be inconvenient.

 

[Andy Ful]

a typical user will have no interest beyond powering the unit on and connecting to netflix and security is not a priority for them

that is always the kind of typical user that i'm talking about

so we're talking about usability for them, and something like VS or H_C just doesn't work for that class of user; everybody knows that default deny is for the initiated user and not the typical, casual user

for that class of user, antivirus that uses signatures is far better suited to them - and peoples' observations here have proven that point many times

the people that come to forums such as this and have even a passing interest in security represent less than 0.1% of all users

This is true for average users who cannot get occasional help from an advanced user.
A typical user can use H_C settings (but not configure them) in daily work without any problem, with the occasional help from an advanced user.
H_C is for the convenience of advanced users to keep safe the average users.
It is a user choice: use H_C + knowledge + free AV or buy good commercial AV (like KIS).

 

[manchesterunited]

That is what I meant in my post (and many posts in other threads).

i think he meant some of your fans are unaware of this fact
the ongoing argument is that default deny is easy for a novice to use
and the fact of the matter based upon decades of experience is that novices cannot handle anti-executable and srp
you know that, others who are objective know that
but there are those who want to make generic statements of "easy to use" so they can promote programs like voodooshield and h_c
which is pointless because nobody except security geeks use them
as you have stated numerous times

 

[Andy Ful]

i think he meant some of your fans are unaware of this fact
the ongoing argument is that default deny is easy for a novice to use
and the fact of the matter based upon decades of experience is that novices cannot handle anti-executable and srp

Both statements below can be true or false:

1. Novices can handle SRP.
2. Novices cannot handle SRP.

The important thing is occasional help from advanced users.
H_C is far more convenient and usually safer as compared to SRP introduced by GPO. Still, it is not for an average user without the occasional help from an advanced user.
...

nobody except security geeks use them
as you have stated numerous times

That is true for SRP but not for H_C. By advanced user, I do not mean a security geek. The knowledge of security geek is already built in the H_C. Advanced users has to know more about Windows OS than average users to use and apply the information gathered by H_C Logs and other H_C features.

 

[Andy Ful]

Ooops, I pushed my post twice.

 

[shmu26]

I found out that by applying H_C default-deny settings, I spend much less time to maintain the family/friends computers.

Because it prevented them from installing poorly designed programs? Or because you spent time disinfecting?

 

[Andy Ful]

Because it prevented them from installing poorly designed programs? Or because you spent time disinfecting?

By forcing SmartScreen they do not install unsafe applications. If it is necessary I install the application which is blocked by SmartScreen or send by email the link to another one which is allowed (and usually better than the previous one). I do not have to perform full scans because I have the control (via H_C) over things that can happen in the computer. There are no problems introduced by 3rd party security applications and no broken Windows Updates. They were not infected while using WD + H_C (for a few years).
On average, I spend up to one hour per year per computer on security matters. On my wife's computer, it is 1/2 hour per year, because she uses only one application which needs to be manually updated and installs GPS update on Memory Card twice a year.

 

[oldschool]

but there are those who want to make generic statements of "easy to use" so they can promote programs like voodooshield and h_c

I and some others make such generic statements because they are true for people who read and learn, and not for complete novices. I also make bombastic statements when I hear such myself!

Of course, I am a promoter and have become fabulously wealthy by being one. I now have a substantial stake in VoodooShield and Malwarebytes!

 

[shmu26]

I and some others make such generic statements because they are true for people who read and learn, and not for complete novices. I also make bombastic statements when I hear such myself!

Of course, I am a promoter and have become fabulously wealthy by being one. I now have a substantial stake in VoodooShield and Malwarebytes!

Share the wealth, man! LOL