Danger Sampei Nihira Security Config WinXP (POS Ready2009) 2020

Status
Not open for further replies.
Last updated
Dec 26, 2019
Windows Edition
Home
Operating system
Other
Log-in security
Security updates
Block all updates
User Access Control
Notify me only when programs try to make changes to my computer
Real-time security
  • Windows Firewall
  • Firewall Hardware on router
  • 1° AdGuard DNS / 2° CloudFlare DNS
  • MBAE Premium - Custom Setting
  • OSA - Custom Setting
  • Black Viper's List - Some services Disabled/Manual
Firewall security
Microsoft Defender Firewall
About custom security
  • Trick POS Ready 2009 + KB4500331.
  • PsExec - Run browsers + email client with limited rights - Exceptions (OSA) for Interlink Mail News and New Moon.
  • DEP Always ON
  • SMB Protocol Disabled
  • No NET Framework Installed
  • I.E.8 No Flash + Trick 1803 (Block the downloadable executable files) + Disable script (F12 - on/off) + block execution I.E.8.
Periodic malware scanners
Hitman Pro,McAfee Stinger,HijackThis Portable,Adwcleaner v.6.0.4.7
Malware sample testing
I do not participate in malware testing
Browser(s) and extensions
New Moon 28 - (Pale Moon fork for Windows XP) Custom Setting about:config

  • Noscript
  • U.B.O.Legacy
  • Decentraleyes
  • No Resource URI Leak
  • Canvas Blocker Legacy 0.2 - Only to pass the ClientRects Fingerprint test
Maintenance tools
  • CCleaner - Many custom rules created by me
  • RegSekeer
  • Process Explorer
  • SigcheckGUI
  • Dependency Walker
  • CFF Explorer
  • Currports
  • WWDC
  • IobitUnistaller Portable
  • Speedyfox -Custom Rule for Interlink Mail News
  • SUMo Portable
  • JKDefragGUI
File and Photo backup
Pen Drive
System recovery
Acer System Backup
Risk factors
    • Logging into my bank account
    • Browsing to popular websites
    • Working from home
Computer specs
Acer Intel Celeron M380 1.60 GHz 1GB RAM
Notable changes
  1. Added some custom rules in OSA for Mimikatz Dump Lsass.exe mitigation.
  2. Added "sc" command rule block in OSA.
  3. Added rule to block execution of I.E.8 in OSA.
  4. Added rule to block msbuild.exe in OSA and the same rule on the Registry Key.
  5. Blocking rule in host file for CCleaner.
Notes by Staff Team
  1. This setup configuration may put you and your device at risk!
    We do not recommend that other members use this setup. We cannot be held responsible for problems that may occur to your device by using this security setup.

  2. This computer configuration is using an unsupported operating system. If possible, we recommend to upgrade to an operating system that is supported by its developers to remain protected from the latest threats.

Sampei Nihira

Level 6
Thread author
Verified
Well-known
Dec 26, 2019
287
Sampei Nihira,
Please ask yourself.
  1. Are there unpatched Windows XP vulnerabilities?
  2. Can this setup be used without invoking Windows XP exploits?
  3. Can OSA + MBAE be very effective for covering Windows XP exploits?
If you will be satisfied with answers, then simply use this setup.
If you want to convince others, then you should prove that the answers to points '2 and 3' are 'Yes and Yes'. Nothing in your posts is close to prove this. Most of your arguments follows from the faith in OSA + MBAE protection.
Some your arguments are evidently false, like for example:
(I have the best version of something) --> (I should be safe).:unsure:

By the way, some FireFox exploits can possibly work for Palemoon, too. The small number of known Palemoon vulnerabilities, follows from the fact that no one bothered to seek for them.

When the browser is optimally configured, and subject to code modification every week, you need to worry relatively about exploits.

And as I repeat for the umpteenth time I closed all the "doors".

I don't know how old you are Andy.
I am 56 years old and in all this time I have never seen my anti-exploit protections in action.
Only in tests.
Do you have a different experience?

......By the way, some FireFox exploits can possibly work for Palemoon, too. The small number of known Palemoon vulnerabilities, follows from the fact that no one bothered to seek for them.......

Likely.
Moonchild conscientiously applies all patches to its browser:


And using underused software often is a strength that protects you from possible infections.
I can also use a chrome-based browser (Chromium 78):


But it is not to my liking for privacy reasons.

You are the developer of Configure Defender and Hard_configurator.
Answer my question and I will answer yours.

Does Windows Defender Anti-Exploit protection, also conscientiously applied to programs, protect against W.10 exploits?
 
Last edited:

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,600
Ha, Ha. I am older than you, and I did not see any exploit on my computers for over 30 years. But, I was never (unintentionally) infected by any malware, so I am not a good person for proving that exploits are rare. Furthermore, all my computers were always well patched.
I can see some advantages in your setup, over the "secure" setups. It is true that many users could use it without much fear. But, I cannot see the way to efficiently cover Windows XP vulnerabilities.
Personally, If I have to use Windows XP then I would choose the setup based on SUA + Comodo Firewall (ver. 8) with autosandbox set to Block + Sandboxie for the vulnerable applications, and I would use ShadowDefender to protect the system from permanent changes. I would also use a simple Linux distro from Live CD for shopping/banking.
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,600
...
Does Windows Defender Anti-Exploit protection, also conscientiously applied to programs, protect against W.10 exploits?
Windows Defender Exploit Protection is an extension of EMET to Windows 10. So, you can find a comparison with MBAE somewhere on the web. Obviously, it is not intended to protect against Windows 10 OS exploits. But, there is a big difference between Windows 10 and Windows XP. The problem of exploits in Windows 10 can be easily solved by simply updating the system/software. The exploits can be dangerous for enterprises and organizations, because they usually delay or block Windows Updates for compatibility with outdated software.
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,600
:);)

You have your preferences and I have mine.
Moreover, the many security configurations in this forum ..... demonstrate just that.
That is right. My posts are not intended to change your mind, because you are not an average user. I post here because your setup could be risky for many MT users/readers.
 

Sampei Nihira

Level 6
Thread author
Verified
Well-known
Dec 26, 2019
287
Windows Defender Exploit Protection is an extension of EMET to Windows 10. So, you can find a comparison with MBAE somewhere on the web. Obviously, it is not intended to protect against Windows 10 OS exploits. But, there is a big difference between Windows 10 and Windows XP. The problem of exploits in Windows 10 can be easily solved by simply updating the system/software. The exploits can be dangerous for enterprises and organizations, because they usually delay or block Windows Updates for compatibility with outdated software.

Microsoft is famous for not quickly releasing patches for already published and functioning exploits.
In this case, the use of anti-exploits can make a difference.
I have a lot of confidence in my MBAE.
Used together with OSA it blocks all tests of:

[URL unfurl = "true"] http://dl.surfright.nl/Exploit Test Tool Manual.pdf [/ URL]

If there is someone who wants to see the intervention for a specific test I would be happy to insert an image.
All, are not.
I should make a video and with my XP, due to RAM, it is difficult but always possible.
 

Prorootect

Level 69
Verified
Nov 5, 2011
5,855
F

ForgottenSeer 78429

I am 56 years old and in all this time I have never seen my anti-exploit protections in action.
Ha, Ha. I am older than you, and I did not see any exploit on my computers for over 30 years.
I am learning here a lot. Debates like this are full of knowledge for new generation. I think many people like you here can beat Windows 10 and Google by protecting users privacy. I am only 18 years old and have a lot to learn. Unfortunately didn't got enough marks to study Computer Science or Information Technology in entrance test(chose mechanical as equally inclined towards mechanical too). So internet is only medium for me to learn all this stuff and I am really happy to be part of this community. And for last I think Danger mark on this configuration is for newcomers like us because we don't have enough wit to manage a system like it:).
 

bribon77

Level 35
Verified
Top Poster
Well-known
Jul 6, 2017
2,392
I think you have not understood the "Tag".
There are many new people, who look at the most advanced and want to do the same, but do not have the same knowledge as you, therefore, it is a configuration not recommended, that does not mean that your configuration in your h.ands is bad.
You should not worry about the color of the label
 

Nagisa

Level 7
Verified
Jul 19, 2018
342
Anyways, I don't already think a newcomer person would do install a variant of an old operating system and start using a browser which is fork of a fork of a firefox as his main browser. So, the tag doesn't make sense here. I think, with all these mitigations, your setup is pretty secure.
 

Sampei Nihira

Level 6
Thread author
Verified
Well-known
Dec 26, 2019
287
Guys, I'd like to be with you again.
But here in my country it is 20:07 and tomorrow morning I have to get up early to go to Rome with my wife.

I wish you all a good evening.

P.S.
I also always have a lot to learn.

For example what is the procedure to like what other forum members have written?
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,600
Microsoft is famous for not quickly releasing patches for already published and functioning exploits.
In this case, the use of anti-exploits can make a difference.
That is not true. There were some exceptions, but these exceptional exploits were not used in the widespread attacks (as far I know). Using anti-exploit security (like MBAE) for mitigating Windows OS vulnerabilities makes no sense. It makes sense for mitigating software exploits.

I have a lot of confidence in my MBAE.
Used together with OSA it blocks all tests of:
[URL unfurl = "true"] http://dl.surfright.nl/Exploit Test Tool Manual.pdf [/ URL]
This is a very old testing tool (5 years). I am not sure if it can be reliably used to test modern 'software exploits'.
It cannot be used to test Windows OS exploits.
 
Last edited:

Sampei Nihira

Level 6
Thread author
Verified
Well-known
Dec 26, 2019
287
That is not true. There were some exceptions, but these exceptional exploits were not used in the widespread attacks (as far I know). Using anti-exploit security (like MBAE) for mitigating Windows OS vulnerabilities makes no sense. It makes sense for mitigating software exploits.


This is a very old testing tool (5 years). I am not sure if it can be reliably used to test modern 'software exploits'.
It cannot be used to test Windows OS exploits.

Please read carefully:


With an unpatched system bug, exploit through the browser does not necessarily bypass the security configuration and therefore exploits the system bug.

....The problem with patches is they often aren’t released immediately after a vulnerability is discovered, so criminals have time to act and exploit......

Etc....etc.....etc...

Good nighttttttttttttttttttttttttttttttttttt.....:giggle:
 
Last edited:

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,600
Last edited:

Sampei Nihira

Level 6
Thread author
Verified
Well-known
Dec 26, 2019
287
Did not you miss the most important part of it?:unsure:

"How to protect against exploits
...
First, make sure you keep your software programs, plugins, and operating systems updated at all times."

My used softwares are updated (and inserted under the protection of MBAE + OSA), plugins are updated.

Unfortunately the OS can no longer be updated.

But even if there is a system bug it is not sure that if there is an exploit that leverages that bug it will be able to overcome the defenses of the security configuration.

It does not seem difficult to understand.

So to compromise the system you need:

1) Bug remotely exploitable of OS W.XP.
2) Exploit that leverages that bug.
3) Overcoming all the defenses implemented in the security configuration.

First of all, those of the browser because the blocking of scripts + iframes (Noscript) prevents 99% an eventual exploitation attempt in the bud.
Then there are all the other defenses of the security configuration.
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,600
...
But even if there is a system bug it is not sure that if there is an exploit that leverages that bug it will be able to overcome the defenses of the security configuration.
...
I am probably more conservative, so I would require from the security setup something more.
I think that the readers of this thread have enough information about the pros and cons of using such a setup, so we can happily end our discussion. Be safe.(y):)
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top