Is Securing Windows worth it?

notabot

Level 15
Thread author
Verified
Oct 31, 2018
703
If instead of Windows someone uses Ubuntu

1 - they have to worry much less about injections
2 - they get real time patching

If on top of that they use only store apps they get

3 - an apparmor profile per app
4 - snap containising the app
5 - continuous updates for all the apps

Pt 4) has a bug the other week but Linux in general doesn’t have a higher frequency of bugs

6 - plenty of rootkit hunter tools

The above is equivalent to having windows configured to paranoid settings with the difference that no time is spent on securing the system, even those security suites that have excellent UX functionality do require some time spent on configuration and reading what to do. Compare that to Ubuntu where security comes out of the box.

Is the time spent locking down a Windows machine worth it at the end of the day? If games is the only argument perhaps buying an Xbox is the simplest thing to do.

I’m talking about a home environment, I find my self using almost no Windows only software , even .net development can be done in Linux these days
 

LDogg

Level 33
Verified
Top Poster
Well-known
May 4, 2018
2,261
Depending on what a you and another user would constitute as "locking down a Window machine". Many individual(s) use various methods, layers, software, then approaches compared to other people. The factors of knowledge & computing experience would play a difference in one opinion too.

~LDogg
 

Freki123

Level 15
Verified
Top Poster
Aug 10, 2013
737
If games is the only argument perhaps buying an Xbox is the simplest thing to do.
Not when you like mmorpgs. Haven't seen GW2, WoW, Swtor.... on an Xbox lately.
If you just want to browse the web and check your mails Ubuntu seems easier/more secure (at least for me). But i couldn't count the time i spend to get my laptop connected to my tv screen (working with Linux mint). Resolution problems, sound problems, scaling problems. Took me quite some time to get it all working as it should. Windows was far easier with that combination.
 

notabot

Level 15
Thread author
Verified
Oct 31, 2018
703
Not when you like mmorpgs. Haven't seen GW2, WoW, Swtor.... on an Xbox lately.
If you just want to browse the web and check your mails Ubuntu seems easier/more secure (at least for me). But i couldn't count the time i spend to get my laptop connected to my tv screen (working with Linux mint). Took me quite some time to get it all working as it should. Windows was far easier with that combination.

can’t comment on mmorpgs, it’s been awhile since I last played, this may be an issue for some users.

Regarding connecting to TV: Via HDMI it should work out of the box, chromecasting should work out of the box too (using Chrome), at least this has been the case for me
 

notabot

Level 15
Thread author
Verified
Oct 31, 2018
703
Depending on what a you and another user would constitute as "locking down a Window machine". Many individual(s) use various methods, layers, software, then approaches compared to other people. The factors of knowledge & computing experience would play a difference in one opinion too.

~LDogg

It does but it’s nicer when all the layers come out of the box, I’m not saying windows can’t be locked down, I’m saying locking it down requires more time (and potentially money, if you used paid for security suites) when compared to a fresh Linux installation
 

LDogg

Level 33
Verified
Top Poster
Well-known
May 4, 2018
2,261
It does but it’s nicer when all the layers come out of the box, I’m not saying windows can’t be locked down, I’m saying locking it down requires more time (and potentially money, if you used paid for security suites) when compared to a fresh Linux installation

I agree that it's nicer when all the layers come out of the box. With locking down windows from my experience it's best to go the route of using Firewall rules to restrict access from unauthorised software, malware & other(s). Additional usage an Anti-exes and AV Firewalls such as Zonealarm or Comodo FW can add a detrimental effect on Windows security.

Linux security wise out of the box is more powerful than Linux, on the flip side of the coin not many virus authors target Linux compared to Windows designated OS'.

~LDogg
 
F

ForgottenSeer 72227

Not when you like mmorpgs. Haven't seen GW2, WoW, Swtor.... on an Xbox lately.

I'll be very honest, this is the one thing keeping me on Windows vs switching fully to Linux. Also I enjoy PC gaming more than console, just because I am more comfortable with it. In saying this, MS will be, or has released mouse and keyboard support for the Xbox. I know the PS4 has this but it hasn't been implemented well on the PS4 from what I hear. I don't have a Xbox, so I cannot comment on how effective it is, but if the support is there, game developers can port over MMORPGS and make the requirement that you need a mouse and keyboard to play vs a controller. The pieces are there, now it will be a matter of will it be taken advantage of? :unsure: If it does happen bye, bye, Windows, here comes Linux for me.

But i couldn't count the time i spend to get my laptop connected to my tv screen (working with Linux mint). Resolution problems, sound problems, scaling problems. Took me quite some time to get it all working as it should. Windows was far easier with that combination.

Ya this is the other big thing with Linux. While it's getting better, the fact is every time you look for help with something or want to get something, it's still very heavily based on the terminal. I don't know of one help section for Linux that doesn't require the use of the terminal. While you can copy and paste the various commands into the terminal, it's still very much a techie wonderland, where the average person may still get lost IMO.
 

notabot

Level 15
Thread author
Verified
Oct 31, 2018
703
I agree that it's nicer when all the layers come out of the box. With locking down windows from my experience it's best to go the route of using Firewall rules to restrict access from unauthorised software, malware & other(s). Additional usage an Anti-exes and AV Firewalls such as Zonealarm or Comodo FW can add a detrimental effect on Windows security.

Linux security wise out of the box is more powerful than Linux, on the flip side of the coin not many virus authors target Linux compared to Windows designated OS'.

~LDogg

It’s less targeted as far as Desktop is concerned, that’s true but people shouldn’t bank on that as security by obscurity may bite back. That’s why I listed non-obscure pluses that come out of the box
 
  • Like
Reactions: oldschool and LDogg
F

ForgottenSeer 58943

Attempting to fully secure windows is largest a waste of time IMO. There are too many leaks to plug and as such, I feel Windows use should only be in cases where the alternatives won't serve the purpose.

In the case of Gamers, not much choice other than Windows. As such, those gaming rigs should be considered compromised devices and isolated accordingly from the network to eliminate lateral movement from Windows machines within the network. (VLAN, etc) I always consider myself working on Windows systems to be operating in a compromised environment, regardless of security precautions.
 

notabot

Level 15
Thread author
Verified
Oct 31, 2018
703
Attempting to fully secure windows is largest a waste of time IMO. There are too many leaks to plug and as such, I feel Windows use should only be in cases where the alternatives won't serve the purpose.

In the case of Gamers, not much choice other than Windows. As such, those gaming rigs should be considered compromised devices and isolated accordingly from the network to eliminate lateral movement from Windows machines within the network. (VLAN, etc) I always consider myself working on Windows systems to be operating in a compromised environment, regardless of security precautions.

I just went through the process of

1 - uninstalling unneeded windows features
2 - removing unneeded stuff like netbios
3 - locking windows via GPO
4 - hardening Defender
5 - writing exploit Guard profiles for browsers & readers
6 - locking Office & browser via GPO

Also time was spent to check if all that stuff worked

SRP & WDAC are still pending

In my Linux installations, I just install snap apps and go for a beer - everything comes out of the box - other than turning on a few flags in Chrome. So much simpler
 

Moonhorse

Level 37
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,602
My gaming rig i built in late 2014 is gonna run well for years from now, so i dont have reason to switch since all i do is web browsing and playing java game from early 2000

But if i had to buy new pc for that browsing/ light gaming i do i would go with chromebook, due security and of course its more handy to carry during travelling or plug into television than desktop pc
 

notabot

Level 15
Thread author
Verified
Oct 31, 2018
703
My gaming rig i built in late 2014 is gonna run well for years from now, so i dont have reason to switch since all i do is web browsing and playing java game from early 2000

But if i had to buy new pc for that browsing/ light gaming i do i would go with chromebook, due security and of course its more handy to carry during travelling or plug into television than desktop pc

I left Chromebooks out as I don’t have one but I hear very good things about having out of the box security
 

LDogg

Level 33
Verified
Top Poster
Well-known
May 4, 2018
2,261
I just went through the process of

1 - uninstalling unneeded windows features
2 - removing unneeded stuff like netbios
3 - locking windows via GPO
4 - hardening Defender
5 - writing exploit Guard profiles for browsers & readers
6 - locking Office & browser via GPO

Also time was spent to check if all that stuff worked

SRP & WDAC are still pending

In my Linux installations, I just install snap apps and go for a beer - everything comes out of the box - other than turning on a few flags in Chrome. So much simpler
Is all this needed though for Windows though?

  1. You can just block them in Control Panel
  2. You can disable Netbios via Syshardener
  3. Sounding daft, what's GPO?
  4. Assume you're using Configure_Defender?
  5. Sandboxie.
  6. OSArmor (office) Sandboxie (web)

~LDogg
 

notabot

Level 15
Thread author
Verified
Oct 31, 2018
703
Is all this needed though for Windows though?

  1. You can just block them in Control Panel
  2. You can disable Netbios via Syshardener
  3. Sounding daft, what's GPO?
  4. Assume you're using Configure_Defender?
  5. Sandboxie.
  6. OSArmor (office) Sandboxie (web)
~LDogg

That’s the point, even using tools that make it faster, why should the user need to go through the steps you mentioned and install 3rd party software that may or may not affect stability ?
 

roger_m

Level 41
Verified
Top Poster
Content Creator
Dec 4, 2014
3,014
I don't do anything to secure Windows other than installing an antivirus. I don't do anything else, because I don't need to.

I keep Windows and vulnerable software updated and I'm not click happy. If you are click happy and open random files and don't keep your systen uodated, it's very easy to get infected. But with a little bit of care, it has been my experience over many years, that it's extremely hard to get infected.

For daily use, for the most part, I don't need to use any Windows specific apps. So I certainly could use Linux. But in my case there's just no point. Windows is fast, stable and generally (while not being perfect) works very well.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top