Advanced Security oldschool's surfing laptop configuration

[oldschool]

My current Exploit Protection settings:

Complete Exploit Protection settings

System settings:

Control flow guard (CFG) - Use default (On)
Data execution prevention (DEP) - Use default (On)
Force randomization for images (Mandatory ASLR) - On by default
Randomize memory allocations (Bottom-up ASLR) - Use default (On)
High entropy ASLR - Use default (On)
Validate exception chains (SEHOP) - Use default (On)
Validate heap integrity - Use default (On)

Chrome:

Block low integrity images - On
Disable extension points - On
Mandatory ASLR (default above) > Do not allow stripped images - Checked
Hardware enforced stack protection - On |  Enforce for all modules ... - Checked
Validate image dependency - On


Firefox:

Block untrusted fonts - On
Disable extension points - On
Validate handle usage - On

Edge:

Block low integrity images - On
Block remote images - On
Validate image dependency integrity - ON
Block untrusted fonts - On
Code integrity guard - On | Also allow images signed by MS Store - Unchecked
Mandatory ASLR (default above) > Do not allow stripped images - Checked
Hardware enforced stack protection - On |  Enforce for all modules ... - Checked
Validate handle usage - On

 

[oldschool]

I sure do appreciate running an all-Windows Security setup. I see folks around the various forums having all kinds of problems.

Same goes for using Windows 11 in-built settings instead of 3rd party apps.

 

[ForgottenSeer 97327]

I sure do appreciate running an all-Windows Security setup. I see folks around the various forums having all kinds of problems.

Same goes for using Windows 11 in-built settings instead of 3rd party apps.

Well with MD on MAX with SAC enabled there is little to no chance of executables sliping through this defence. The only thing you could consider is adding SWH. The vast majority of successful intrusions from Cruel Sister are script/lolbin based which start by executing a risky file extension. With SWH you simply prevent running dangereous file extensions which normal users probably never would run in user folders. Also when you allow admin's to bypass SRP, there is really nothing that could break or prevent legitimate software.

Besides old-SWH you can also use the new WHH, because WHH disables the WDAC component automatically when it discovers that SAC is enabled.

 

[ForgottenSeer 103564]

Well with MD on MAX with SAC enabled there is little to no chance of executables sliping through this defence. The only thing you could consider is adding SWH. The vast majority of successful intrusions from Cruel Sister are script/lolbin based which start by executing a risky file extension. With SWH you simply prevent running dangereous file extensions which normal users probably never would run in user folders. Also when you allow admin's to bypass SRP, there is really nothing that could break or prevent legitimate software.

Besides old-SWH you can also use the new WHH, because WHH disables the WDAC component automatically when it discovers that SAC is enabled.

You can run scripts and bypass most restrictions on just about any OS. I can fire up a linux container on a Chromebook and run scripts in a text editor and bypass restrictions to run certain elements when desired. I'm sure oldschool knows not to download/ click unfamiliar executable's on his system and to check them before doing so. His keep it simple yet secure method is one of the best as far as using knowledge to leverage, and keeping the best compatibility in doing so.

 

[oldschool]

The only thing you could consider is adding SWH.

Besides old-SWH you can also use the new WHH, because WHH disables the WDAC component automatically when it discovers that SAC is enabled.

Nope. Never going to happen. Especially when I see WHH and VoodooShield getting way too complicated and the potential for conflicts, problems, etc..
@Ultimate Vision is correct. I prefer to stay safe, not paranoid.

 

[simmerskool]

Nope. Never going to happen. Especially when I see WHH and VoodooShield getting way too complicated and the potential for conflicts, problems, etc..
@Ultimate Vision is correct. I prefer to stay safe, not paranoid.

I like your all windows security approach, but I have not found VS/CL complicated..., yet. (or one of my fav setups is windows security + VS).

 

[ForgottenSeer 97327]

Nope. Never going to happen. Especially when I see WHH and VoodooShield getting way too complicated and the potential for conflicts, problems, etc..
@Ultimate Vision is correct. I prefer to stay safe, not paranoid.

Have you ever used SWH?

 

[ForgottenSeer 97327]

You can run scripts and bypass most restrictions on just about any OS. I can fire up a linux container on a Chromebook and run scripts in a text editor and bypass restrictions to run certain elements when desired. I'm sure oldschool knows not to download/ click unfamiliar executable's on his system and to check them before doing so. His keep it simple yet secure method is one of the best as far as using knowledge to leverage, and keeping the best compatibility in doing so.

Nice that you can bypass Chromebook security and fire up linux a container to run scripts in a text editor, but that has little relevance in regard to blocking risky file extensions (not executable's) in user folders for standard user.

 

[ForgottenSeer 103564]

Nice that you can bypass Chromebook security and fire up a container to run scripts in a text editor, but that has little relevance in regard to blocking risky file extensions (not executable's) in user folders for standard user.

It was a point anyone on their system with admin rights can run what they want. So mentioned scripts in an executable in testing in a system as such had little relevance because it's obvious the user is not a new one or average user lacking the ability to use experience not to randomly click things.

You should use that energy more constructively like helping out in the help needed section.

 

[ForgottenSeer 97327]

So mentioned scripts in an executable in testing in a system as such had little relevance because it's obvious the user is not a new one or average user lacking the ability to use experience not to randomly click things.

You should use that energy more constructively like helping out in the help needed section.

Reading what SWH is about (LINK) is more constructive than starting bickering again

 

[ForgottenSeer 103564]

Reading what SWH is about (LINK) is more constructive than starting bickering again

I don't know, maybe it's just me, when he stated and I quote "nope, never going to happen" that he was not interested in reading or having that thrust in his face.

Oldschools set up is absolutely perfect on a windows machine, if I had one right now that's about how id run it.

Props to @oldschool for finding balance and security which equals pleasurable usability.

 

[oldschool]

I like your all windows security approach, but I have not found VS/CL complicated

You misunderstand me. The point is that recent developments take VS way beyond what it once was. Even the latest stable saw unaccounted for command-line blocks. Heaven knows what problems this new Beta/Attack Chain development will bring, beyond the confusion that it already presents to beta users, e.g. users report things like "I don't understand what this is..."

 

[oldschool]

Have you ever used SWH?

Yes I have, which is beside the point that it will be discontinued in the future in favor of the new WHH which is essentially in beta stage ATM based on my reading of the thread.

 

[simmerskool]

You misunderstand me. The point is that recent developments take VS way beyond what it once was. Even the latest stable saw unaccounted for command-line blocks. Heaven knows what problems this new Beta/Attack Chain development will bring, beyond the confusion that it already presents to beta users, e.g. users report things like "I don't understand what this is..."

You're right, I did read about some cmd line irregularities in the current betas, but also Dan said this development will be beneficial in the long run. He is usually right about VS.

 

[danb]

Hehehe, guys, I am cleaning up the CommandLine code while waiting for enough data to finish writing the rules for the Attack Chain feature. The CommandLine code was the last part of the code that needed to be cleaned up, and I always put it off because I knew it was going to be difficult, and the existing code worked well. Anyway, the CommandLine code is all clean now, so it will be super easy to add new exceptions moving forward. And as far as the Attack Chain feature goes... you do not need to do anything at all with it, or even understand it at all (even though it is super easy to understand), you just let it work its magic and it will drastically reduce unwanted user prompts while also monitoring process execution flow for web and vulnerable apps.

 

[oldschool]

Added Smoothfox user.js to Firefox.

Get Edge-like smooth scrolling on your favorite browser — or choose something more your style.

 

[silversurfer]

Added Smoothfox user.js to Firefox.

Just to inform in case you haven't tried this built-in method via Firefox about:config
Search for this two entries and modify them how do you like a more Smooth-Scrolling

• general.smoothScroll.mouseWheel.durationMaxMS
• general.smoothScroll.mouseWheel.durationMinMS

 

[SeriousHoax]

Added Smoothfox user.js to Firefox.

Doesn't Firefox has better smooth scrolling by default anyway?

 

[oldschool]

Doesn't Firefox has better smooth scrolling by default anyway?

I don't know

 

[CyberTech]

I don't know

Oh? You are fired, take your stuff and leave FF ASAP. good luck with your new brave office.