Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
General Security Discussions
Microsoft Best Security Practices
Message
<blockquote data-quote="mazskolnieces" data-source="post: 923078" data-attributes="member: 88422"><p>Did you actually believe that the 10 S and the other list are the de facto final word on Microsoft best practices ? Obviously you did.</p><p></p><p>Microsoft does not publish a 10,000 page manual that outlines everything that professionals and users need to figure out for themselves. Microsoft's best practice has always been "if you don't need it, then disable it." And that references, in particular, LOLBins of which Microsoft has supported and advised every major body that provides security infos out there. Just about everything you find on the major security advisory websites, Microsoft has had a hand in it, devoted resources and contributed directly. Microsoft adheres and endorses, and always has, the greater security community advisories. It's implicit in their best practices.</p><p></p><p>Enterprises routinely disable many more processes than are listed in the OP.</p><p></p><p>You won't find anywhere where Microsoft says that access to Control Panel via rundll32 is a vital system resource. In fact, in any enterprise environment, no admin in their right mind would want anyone other than the admin accessing the control panel. Security 101. ~ IQ.</p><p></p><p>It doesn't matter if you disagree with Microsoft's best practices and you insist upon placing your product users at risk because you think they should have access to control panel. It's an absurd argument that denying access to control panel is breaking vital functionality.</p><p></p><p>Here's the thing about you. You're not really interested in evidence. Even if I presented a letter from Satya Nadella that explained Microsoft best practices in depth, you would come up with some way to deny Microsoft's position. I mean, the fact that you keep insisting that if it isn't in writing is nothing more than a silly game that you're playing.</p></blockquote><p></p>
[QUOTE="mazskolnieces, post: 923078, member: 88422"] Did you actually believe that the 10 S and the other list are the de facto final word on Microsoft best practices ? Obviously you did. Microsoft does not publish a 10,000 page manual that outlines everything that professionals and users need to figure out for themselves. Microsoft's best practice has always been "if you don't need it, then disable it." And that references, in particular, LOLBins of which Microsoft has supported and advised every major body that provides security infos out there. Just about everything you find on the major security advisory websites, Microsoft has had a hand in it, devoted resources and contributed directly. Microsoft adheres and endorses, and always has, the greater security community advisories. It's implicit in their best practices. Enterprises routinely disable many more processes than are listed in the OP. You won't find anywhere where Microsoft says that access to Control Panel via rundll32 is a vital system resource. In fact, in any enterprise environment, no admin in their right mind would want anyone other than the admin accessing the control panel. Security 101. ~ IQ. It doesn't matter if you disagree with Microsoft's best practices and you insist upon placing your product users at risk because you think they should have access to control panel. It's an absurd argument that denying access to control panel is breaking vital functionality. Here's the thing about you. You're not really interested in evidence. Even if I presented a letter from Satya Nadella that explained Microsoft best practices in depth, you would come up with some way to deny Microsoft's position. I mean, the fact that you keep insisting that if it isn't in writing is nothing more than a silly game that you're playing. [/QUOTE]
Insert quotes…
Verification
Post reply
Top