NT Five's Security Config

[NT Five]

Hi !

My current box:

HP netbook Atom N450, 2GB RAM, 1 TB HD.

Running a customized Windows NT 5.1 (XPSP3) patched with POSReady updates until EOL in mai 2019.

I only run my OS in stateless ramdisk mode for performance, security and privacy reasons.

Just started using security and antimalware software.

I used an unpatched XP with NO Firewall and NO antivirus for several months and I never got infected as far as I know. (The C drive gets flushed after reboot so it's hard to tell)
For a long time I exclusively used brain + ramdisk to stay out of trouble and I has worked like a charm.

At the moment I am busy hardening my OS to stay safe in the future.

Using my "obsolete" Windows XP daily for online payments and banking without any fear...

 

[hjlbx]

Best config I have seen in a long time = anti-executable + light virtualization + outbound network notifications ... I would not change a thing.

How do you have your RAM Disk configured ? Net cache only or have you added apps to RAM Disk image ?

 

[Piteko21]

hi, I have an old desktop running Xp and has 360 TS ...obsolete windows XP but with a clean install

You should not be ashamed to have an old XP
use brain and common sense

Best config I have seen in a long time = anti-executable + light virtualization + outbound network notifications ... I would not change a thing.

How do you have your RAM Disk configured ? Net cache only or have you added apps to RAM Disk image ?

I entirely agree with you @hjlbx , best config.

 

[hjlbx]

I entirely agree with you @hjlbx , best config.

His XP system will be safe as long as he always runs both AppGuard and NVT ERP in "Lock-Down" mode... someone who has that config knows what they are doing...

 

[Ink]

I entirely agree with you @hjlbx , best config.

Not for the average user.

 

[Piteko21]

of course it is not for average users. anti executables make the system more secure . just the fact of having no antivirus and only AppGuard shows that know that this way is still safe.
and his knowledge is advanced

 

[hjlbx]

Not for the average user.

Average user would not configure system as OP has done...

 

[Exterminator]

I think @ Huracan was just making a point.It is a great config but it should contain "Not for the average user" as a warning

 

[NT Five]

Best config I have seen in a long time = anti-executable + light virtualization + outbound network notifications ... I would not change a thing.

How do you have your RAM Disk configured ? Net cache only or have you added apps to RAM Disk image ?

My current config is ok, but it needs a lot of improvements.

I spent many years browsing uber geek forums like reboot.pro, reading a lot of blogs, M$ documentation and of course I played a lot with XP, stripping it down to the bone until stops booting or breaks otherwise.
Trial and error... wasting thousands of hours reinstalling and configuring XP.

My ramdisk contains a slimmed down bare bones version of XP with Q-Dir Multi-pane file manager, Firefox, MPC-BE video player, 1by1 audio player, PDF-XchangeViewer and some small utilities and shell extensions.
Most executables are UPX-ed to save space so I can cram OS + apps in the image file.
No pagefile most of the time and some folders (TMP folders, desktop, download folders etc.) on other partitions.

Image file sizes are often under 500 MB depending on the things I add to/strip from the system.
<500 MB means I can use MS ramdisk.sys driver and using this driver (and this driver only) I can do this:

I managed to boot from an encrypted VHD image (nested mapping) using Truecrypt's pre boot authentication.
The image is loaded in RAM but somewhere during boot the mapping (of the outer image) gets lost so the image file is not mounted when XP gets to the desktop.
This means that malware can not mount the image file and infect it ! (unless it finds a way to brute force the TrueCrypt password)
The C drive shows in explorer but not in XP's Disk management !

I am very happy with this "hack" but it's still work in progress.
Some time in the future I will write some tutorials about the subject.

 

[hjlbx]

AppGuard, NoVirusThanks Exe Radar Pro, Sandboxie, Private Firewall are all easy to learn; week of teaching novice and they will have very secure system...

My current config is ok, but it needs a lot of improvements.

You are power user and can fully utilize Software Policy (freeware) to improve some areas of your config:

IWR Computer Consultancy - Technical Support and advice on IT issues for Small Businesses. : Simple Software-Restriction Policy

Alternatively, you can check out NoVirusThanks Smart Object Browser (freeware) over at the Wilders Security forum. It can be used to monitor and control dlls and drivers.

NOTE: If use NVT SOB, then remove NVT ERP. - unless you will use SOB only to monitor dlls and drivers. ERP has very good user-interface, SOB essentially has almost non-existent GUI. SOB can do everything that ERP can do... and more. You will see what I mean.

Smart Object Blocker (Block EXE, DLL, Drivers) | Wilders Security Forums

Similarly, VooDooShield (freeware & paid) will soon have ability to allow\block dlls and drivers. It won't be ready for probably a month. An almost full-functioning beta is available:

https://voodooshield.com/Download/beta/InstallVoodooShieldbeta.exe

Finally, you can monkey with AppLocker - although - that requires a Pro or Ultimate version of Windows - which I surmise you would find unacceptable due to the cost.

In any case, in my estimation, you will be best served by either Software Policy or Smart Object Blocker...

 

[Deleted member 178]

very Approved by Staff, you are one of the few of us here to have similar setup

 

[Cats-4_Owners-2]

Thank you, NT Five, for sharing this, your "Work in progress" / "Not for the average user" configuration! I am somewhat dumbfounded (an unusual & good thing) and found Umbra's word "very" leading on deck to "Approved.." spoke volumes in that (AFAIK) this is the first time I've seen him up the ante (adding "very") to the "Approved by Staff" stamp of approval!
I can think of (2) one syllable words, and they are "wow" & "cool".

 

[JM Safe]

It is a good config, just add Collusion extension for Firefox, which let you know which sites are tracking your traffic!

 

[NT Five]

I'm happy you all like my config.
It's a pain to set it up but it gives you a warm fuzzy feeling once you get it running.

I think people should stop installing OS'es on regular hard drive partitions and just run them without any virtualization.
RAM is cheap and plentiful nowadays so running Windows in ramdisk mode should be standard procedure recommended by Microsoft.
You don't have to run everything in your ramdisk.
I've got 25 GB of portable apps sitting on a separate partition.

I'm very happy running my Windows and Program Files folders and parts of "Documents and Settings" in RAM.
My browser, PDF reader and my media and audio players are installed in Program Files and this is good for performance, and I it takes care of evil cookies and keeps my browser config clean because all modifications are gone after reboot.

All the registry files live in ramdisk and they can be modified or corrupted by malware but the changes are non-persistent.
Non-persistence is the key to security.
Sandboxie is just an extra layer of security.
My sandbox lives in RAM too.

If I uninstal all my security software and disable my firewall I might get malware on my system when I surf the internet but it's all gone after reboot (except for stuff that has been written to the MBR)

I suggest you all start playing with ramdisks just for fun (if you have time on your hands), to see what you can do with the concept.

Here's a nice tutorial (for advanced users only) : http://www.911cd.net/forums/index.php?showtopic=23553

 

[frogboy]

Looks good but also looks a bit scary to me.

 

[NT Five]

You are power user and can fully utilize Software Policy (freeware) to improve some areas of your config:

Software Policy can be circumvented.

Circumventing Group Policy as a Limited User - Mark's Blog - Site Home - TechNet Blogs

I think I am going to use a freeware kernel driver instead:

Bouncer (previously Tuersteher Light) | Wilders Security Forums

Alternatively, you can check out NoVirusThanks Smart Object Browser (freeware) over at the Wilders Security forum. It can be used to monitor and control dlls and drivers.

NOTE: If use NVT SOB, then remove NVT ERP. - unless you will use SOB only to monitor dlls and drivers. ERP has very good user-interface, SOB essentially has almost non-existent GUI. SOB can do everything that ERP can do... and more. You will see what I mean.

Yeah ! good idea.
I started reading the thread on Wilders and I will give SOB a try.
No GUI means probably that it is less resource hungry and I like that because I want my system to be lean and mean.

Finally, you can monkey with AppLocker - although - that requires a Pro or Ultimate version of Windows - which I surmise you would find unacceptable due to the cost.

I am willing to pay for software if I have to, but Applocker doesn't run on XP and I will never upgrade to Win 7.
I will not even touch Win 10 with a ten foot pole.

You are dealing with an incurable XP fanboy here...

 

[NT Five]

very Approved by Staff, you are one of the few of us here to have similar setup

Maybe I finally found the right forum.
I'm here to promote unconventional ways of setting up Windows OS'es with the goal to obtain good performance and over the top security.

It takes some effort to grasp some concepts and people need to be willing to spend time to study these things and to set it up, but when it's finally running it's like heaven.

The peace of mind and the ease of maintenance you achieve following certain methods are well worth the effort.

Since 2009 I am running 99% of the time XP in ramdisk and I will NEVER go back to a standard setup... NEVER !!!

I haven't had ANY problem with malware infection with this setup even doing stupid things like running without AV and firewall on an unpatched system and surfing on dangerous sites.
Maybe I'm just lucky but I really think running in ramdisk mode is the holy grail.

 

[NT Five]

Looks good but also looks a bit scary to me.

Breaking old habits and learning new things is sometimes scary but we need to shift our paradigm.
We're not living in 1999 anymore...

Nowadays we have banking trojans, cryptolocker and other evil stuff.
People come here to ask help to get rid of their infections but they shouldn't run systems that are that vulnerable to malware to begin with.

Blacklisting (anti virus databases) doesn't work any more because there is too much evil crap out on the internet, so running a system that's based on persistence and blacklisting is just crazy.
We have to shift to non-persistent systems using virtualization.
The technology exists and is slowly going mainstream.
We need to use sandboxing, ramdisks and filter drivers if we want to stay safe permanently.

Getting infected on a regular basis has almost become normal for many users and this has to change in a world where people use their systems to do online payments and banking.
I spent a lot of time and energy to learn to strip XP to the bone and to play with ramdisks but you don't have to spent 2000 hours on trial and error like me.

Just spend 10, 50 or 100 hours on studying these concepts and methods and you will be where I am now; happily running a unconventional over the top secure system.

Learning these things is fun and it will stimulate you intellectually.
You will get a better understanding about how your OS works and that is a good thing.

People have written tutorials and you can find them all over the internet.
The hardcore tech development stuff has been done already so you don't have to do that.
People have created freeware apps like IMG_XP that take care of all the difficult stuff.

Now you can use an app to strip your OS to the bone and to make your ramdisk image.
Just point and click, tick some boxes, browse to directories and files in a dialog box and select them.
Hit the "Go" button and let the app do the job for you.
Copy the image file to the right partion and maybe edit some boot menu configuration with notepad and you're done.

You just have to take care to RTFM and spend a Saturday afternoon browsing some forum threads and you will understand what it's all about.
It's not as hard to achieve as it looks like, but I agree it can be intimidating when you look at all the hardcore geek stuff for the first time.

Just use an old box to do some testing or swap the HD on your system so you don't screw up your current system by mistake and you'll be fine.

Just read about it, test it on an old box and ask questions on forums if run into problems.
People are glad to help you.

Go the extra mile and secure your system to the max using these methods and you won't regret it.
You'll feel all warm and fuzzy inside and you don't have to worry about malware anymore.

 

[Deleted member 178]

Blacklisting (anti virus databases) doesn't work any more because there is too much evil crap out on the internet, so running a system that's based on persistence and blacklisting is just crazy.
We have to shift to non-persistent systems using virtualization.
The technology exists and is slowly going mainstream.
We need to use sandboxing, ramdisks and filter drivers if we want to stay safe permanently.

finally an echo to my voice

 

[hjlbx]

We need to use sandboxing, ramdisks and filter drivers if we want to stay safe permanently.

I too subscribe to this protection model... at the current state of IT, this protection model is the only logical solution.

However, the perception is that it is too radical, too "difficult," too much of a hassle - for the typical user. On top of that, all the current AV vendors will resist because they probably stand to lose tons of money for they would have to "re-tool" and head in a different direction with their security soft products.

OK then, it is a difficult hassle... shrewd, forward-looking developer would translate that "difficult hassle" (= user problem needing good solution) and translate it into something innovative for the security soft market (= big money for developer).