notabot

Level 8
If instead of Windows someone uses Ubuntu

1 - they have to worry much less about injections
2 - they get real time patching

If on top of that they use only store apps they get

3 - an apparmor profile per app
4 - snap containising the app
5 - continuous updates for all the apps

Pt 4) has a bug the other week but Linux in general doesn’t have a higher frequency of bugs

6 - plenty of rootkit hunter tools

The above is equivalent to having windows configured to paranoid settings with the difference that no time is spent on securing the system, even those security suites that have excellent UX functionality do require some time spent on configuration and reading what to do. Compare that to Ubuntu where security comes out of the box.

Is the time spent locking down a Windows machine worth it at the end of the day? If games is the only argument perhaps buying an Xbox is the simplest thing to do.

I’m talking about a home environment, I find my self using almost no Windows only software , even .net development can be done in Linux these days
 

LDogg

Level 29
Verified
Depending on what a you and another user would constitute as "locking down a Window machine". Many individual(s) use various methods, layers, software, then approaches compared to other people. The factors of knowledge & computing experience would play a difference in one opinion too.

~LDogg
 

Freki123

Level 6
Verified
If games is the only argument perhaps buying an Xbox is the simplest thing to do.
Not when you like mmorpgs. Haven't seen GW2, WoW, Swtor.... on an Xbox lately.
If you just want to browse the web and check your mails Ubuntu seems easier/more secure (at least for me). But i couldn't count the time i spend to get my laptop connected to my tv screen (working with Linux mint). Resolution problems, sound problems, scaling problems. Took me quite some time to get it all working as it should. Windows was far easier with that combination.
 

notabot

Level 8
Not when you like mmorpgs. Haven't seen GW2, WoW, Swtor.... on an Xbox lately.
If you just want to browse the web and check your mails Ubuntu seems easier/more secure (at least for me). But i couldn't count the time i spend to get my laptop connected to my tv screen (working with Linux mint). Took me quite some time to get it all working as it should. Windows was far easier with that combination.
can’t comment on mmorpgs, it’s been awhile since I last played, this may be an issue for some users.

Regarding connecting to TV: Via HDMI it should work out of the box, chromecasting should work out of the box too (using Chrome), at least this has been the case for me
 

notabot

Level 8
Depending on what a you and another user would constitute as "locking down a Window machine". Many individual(s) use various methods, layers, software, then approaches compared to other people. The factors of knowledge & computing experience would play a difference in one opinion too.

~LDogg
It does but it’s nicer when all the layers come out of the box, I’m not saying windows can’t be locked down, I’m saying locking it down requires more time (and potentially money, if you used paid for security suites) when compared to a fresh Linux installation
 

LDogg

Level 29
Verified
It does but it’s nicer when all the layers come out of the box, I’m not saying windows can’t be locked down, I’m saying locking it down requires more time (and potentially money, if you used paid for security suites) when compared to a fresh Linux installation
I agree that it's nicer when all the layers come out of the box. With locking down windows from my experience it's best to go the route of using Firewall rules to restrict access from unauthorised software, malware & other(s). Additional usage an Anti-exes and AV Firewalls such as Zonealarm or Comodo FW can add a detrimental effect on Windows security.

Linux security wise out of the box is more powerful than Linux, on the flip side of the coin not many virus authors target Linux compared to Windows designated OS'.

~LDogg
 

Raiden

Level 13
Verified
Content Creator
Not when you like mmorpgs. Haven't seen GW2, WoW, Swtor.... on an Xbox lately.
I'll be very honest, this is the one thing keeping me on Windows vs switching fully to Linux. Also I enjoy PC gaming more than console, just because I am more comfortable with it. In saying this, MS will be, or has released mouse and keyboard support for the Xbox. I know the PS4 has this but it hasn't been implemented well on the PS4 from what I hear. I don't have a Xbox, so I cannot comment on how effective it is, but if the support is there, game developers can port over MMORPGS and make the requirement that you need a mouse and keyboard to play vs a controller. The pieces are there, now it will be a matter of will it be taken advantage of? :emoji_thinking: If it does happen bye, bye, Windows, here comes Linux for me.

But i couldn't count the time i spend to get my laptop connected to my tv screen (working with Linux mint). Resolution problems, sound problems, scaling problems. Took me quite some time to get it all working as it should. Windows was far easier with that combination.
Ya this is the other big thing with Linux. While it's getting better, the fact is every time you look for help with something or want to get something, it's still very heavily based on the terminal. I don't know of one help section for Linux that doesn't require the use of the terminal. While you can copy and paste the various commands into the terminal, it's still very much a techie wonderland, where the average person may still get lost IMO.
 

notabot

Level 8
I agree that it's nicer when all the layers come out of the box. With locking down windows from my experience it's best to go the route of using Firewall rules to restrict access from unauthorised software, malware & other(s). Additional usage an Anti-exes and AV Firewalls such as Zonealarm or Comodo FW can add a detrimental effect on Windows security.

Linux security wise out of the box is more powerful than Linux, on the flip side of the coin not many virus authors target Linux compared to Windows designated OS'.

~LDogg
It’s less targeted as far as Desktop is concerned, that’s true but people shouldn’t bank on that as security by obscurity may bite back. That’s why I listed non-obscure pluses that come out of the box
 
  • Like
Reactions: oldschool and LDogg

Slyguy

Level 41
Verified
Attempting to fully secure windows is largest a waste of time IMO. There are too many leaks to plug and as such, I feel Windows use should only be in cases where the alternatives won't serve the purpose.

In the case of Gamers, not much choice other than Windows. As such, those gaming rigs should be considered compromised devices and isolated accordingly from the network to eliminate lateral movement from Windows machines within the network. (VLAN, etc) I always consider myself working on Windows systems to be operating in a compromised environment, regardless of security precautions.
 

notabot

Level 8
Attempting to fully secure windows is largest a waste of time IMO. There are too many leaks to plug and as such, I feel Windows use should only be in cases where the alternatives won't serve the purpose.

In the case of Gamers, not much choice other than Windows. As such, those gaming rigs should be considered compromised devices and isolated accordingly from the network to eliminate lateral movement from Windows machines within the network. (VLAN, etc) I always consider myself working on Windows systems to be operating in a compromised environment, regardless of security precautions.
I just went through the process of

1 - uninstalling unneeded windows features
2 - removing unneeded stuff like netbios
3 - locking windows via GPO
4 - hardening Defender
5 - writing exploit Guard profiles for browsers & readers
6 - locking Office & browser via GPO

Also time was spent to check if all that stuff worked

SRP & WDAC are still pending

In my Linux installations, I just install snap apps and go for a beer - everything comes out of the box - other than turning on a few flags in Chrome. So much simpler
 

Moonhorse

Level 26
Verified
Content Creator
My gaming rig i built in late 2014 is gonna run well for years from now, so i dont have reason to switch since all i do is web browsing and playing java game from early 2000

But if i had to buy new pc for that browsing/ light gaming i do i would go with chromebook, due security and of course its more handy to carry during travelling or plug into television than desktop pc
 

notabot

Level 8
My gaming rig i built in late 2014 is gonna run well for years from now, so i dont have reason to switch since all i do is web browsing and playing java game from early 2000

But if i had to buy new pc for that browsing/ light gaming i do i would go with chromebook, due security and of course its more handy to carry during travelling or plug into television than desktop pc
I left Chromebooks out as I don’t have one but I hear very good things about having out of the box security
 

LDogg

Level 29
Verified
I just went through the process of

1 - uninstalling unneeded windows features
2 - removing unneeded stuff like netbios
3 - locking windows via GPO
4 - hardening Defender
5 - writing exploit Guard profiles for browsers & readers
6 - locking Office & browser via GPO

Also time was spent to check if all that stuff worked

SRP & WDAC are still pending

In my Linux installations, I just install snap apps and go for a beer - everything comes out of the box - other than turning on a few flags in Chrome. So much simpler
Is all this needed though for Windows though?

  1. You can just block them in Control Panel
  2. You can disable Netbios via Syshardener
  3. Sounding daft, what's GPO?
  4. Assume you're using Configure_Defender?
  5. Sandboxie.
  6. OSArmor (office) Sandboxie (web)

~LDogg
 

notabot

Level 8
Is all this needed though for Windows though?

  1. You can just block them in Control Panel
  2. You can disable Netbios via Syshardener
  3. Sounding daft, what's GPO?
  4. Assume you're using Configure_Defender?
  5. Sandboxie.
  6. OSArmor (office) Sandboxie (web)
~LDogg
That’s the point, even using tools that make it faster, why should the user need to go through the steps you mentioned and install 3rd party software that may or may not affect stability ?
 

roger_m

Level 23
Verified
Content Creator
I don't do anything to secure Windows other than installing an antivirus. I don't do anything else, because I don't need to.

I keep Windows and vulnerable software updated and I'm not click happy. If you are click happy and open random files and don't keep your systen uodated, it's very easy to get infected. But with a little bit of care, it has been my experience over many years, that it's extremely hard to get infected.

For daily use, for the most part, I don't need to use any Windows specific apps. So I certainly could use Linux. But in my case there's just no point. Windows is fast, stable and generally (while not being perfect) works very well.