Danger Sampei Nihira Security Config WinXP (POS Ready2009) 2020

Status
Not open for further replies.
Last updated
Dec 26, 2019
Windows Edition
Home
Operating system
Other
Log-in security
Security updates
Block all updates
User Access Control
Notify me only when programs try to make changes to my computer
Real-time security
  • Windows Firewall
  • Firewall Hardware on router
  • 1° AdGuard DNS / 2° CloudFlare DNS
  • MBAE Premium - Custom Setting
  • OSA - Custom Setting
  • Black Viper's List - Some services Disabled/Manual
Firewall security
Microsoft Defender Firewall
About custom security
  • Trick POS Ready 2009 + KB4500331.
  • PsExec - Run browsers + email client with limited rights - Exceptions (OSA) for Interlink Mail News and New Moon.
  • DEP Always ON
  • SMB Protocol Disabled
  • No NET Framework Installed
  • I.E.8 No Flash + Trick 1803 (Block the downloadable executable files) + Disable script (F12 - on/off) + block execution I.E.8.
Periodic malware scanners
Hitman Pro,McAfee Stinger,HijackThis Portable,Adwcleaner v.6.0.4.7
Malware sample testing
I do not participate in malware testing
Browser(s) and extensions
New Moon 28 - (Pale Moon fork for Windows XP) Custom Setting about:config

  • Noscript
  • U.B.O.Legacy
  • Decentraleyes
  • No Resource URI Leak
  • Canvas Blocker Legacy 0.2 - Only to pass the ClientRects Fingerprint test
Maintenance tools
  • CCleaner - Many custom rules created by me
  • RegSekeer
  • Process Explorer
  • SigcheckGUI
  • Dependency Walker
  • CFF Explorer
  • Currports
  • WWDC
  • IobitUnistaller Portable
  • Speedyfox -Custom Rule for Interlink Mail News
  • SUMo Portable
  • JKDefragGUI
File and Photo backup
Pen Drive
System recovery
Acer System Backup
Risk factors
    • Logging into my bank account
    • Browsing to popular websites
    • Working from home
Computer specs
Acer Intel Celeron M380 1.60 GHz 1GB RAM
Notable changes
  1. Added some custom rules in OSA for Mimikatz Dump Lsass.exe mitigation.
  2. Added "sc" command rule block in OSA.
  3. Added rule to block execution of I.E.8 in OSA.
  4. Added rule to block msbuild.exe in OSA and the same rule on the Registry Key.
  5. Blocking rule in host file for CCleaner.
Notes by Staff Team

  1. This setup configuration may put you and your device at risk!
    We do not recommend that other members use this setup. We cannot be held responsible for problems that may occur to your device by using this security setup.

  2. This computer configuration is using an unsupported operating system. If possible, we recommend to upgrade to an operating system that is supported by its developers to remain protected from the latest threats.

Sampei Nihira

Sampei Nihira

Level 6
Thread author
Verified
Well-known
Dec 26, 2019
287
Andy Ful said:
Sampei Nihira,
Please ask yourself.
  1. Are there unpatched Windows XP vulnerabilities?
  2. Can this setup be used without invoking Windows XP exploits?
  3. Can OSA + MBAE be very effective for covering Windows XP exploits?
If you will be satisfied with answers, then simply use this setup.
If you want to convince others, then you should prove that the answers to points '2 and 3' are 'Yes and Yes'. Nothing in your posts is close to prove this. Most of your arguments follows from the faith in OSA + MBAE protection.
Some your arguments are evidently false, like for example:
(I have the best version of something) --> (I should be safe).:unsure:

By the way, some FireFox exploits can possibly work for Palemoon, too. The small number of known Palemoon vulnerabilities, follows from the fact that no one bothered to seek for them.
Click to expand...

When the browser is optimally configured, and subject to code modification every week, you need to worry relatively about exploits.

And as I repeat for the umpteenth time I closed all the "doors".

I don't know how old you are Andy.
I am 56 years old and in all this time I have never seen my anti-exploit protections in action.
Only in tests.
Do you have a different experience?

......By the way, some FireFox exploits can possibly work for Palemoon, too. The small number of known Palemoon vulnerabilities, follows from the fact that no one bothered to seek for them.......
Click to expand...

Likely.
Moonchild conscientiously applies all patches to its browser:


And using underused software often is a strength that protects you from possible infections.
I can also use a chrome-based browser (Chromium 78):

msfn.org

Extreme Explorer 360 Chromium 78-86 General Discussion

Hello. I was looking for internet browsers that still support XP and something caught my eye, a chinese browser called Extreme Explorer 360 (Chrome 360). It was advertised as Chromium 78 based so I decided to give it a try and to my surprise it actually worked. At first I thought that there was a...
msfn.org

But it is not to my liking for privacy reasons.

You are the developer of Configure Defender and Hard_configurator.
Answer my question and I will answer yours.

Does Windows Defender Anti-Exploit protection, also conscientiously applied to programs, protect against W.10 exploits?
 
Last edited:
  • Like
Reactions: Venustus, harlan4096, Protomartyr and 2 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,513
Ha, Ha. I am older than you, and I did not see any exploit on my computers for over 30 years. But, I was never (unintentionally) infected by any malware, so I am not a good person for proving that exploits are rare. Furthermore, all my computers were always well patched.
I can see some advantages in your setup, over the "secure" setups. It is true that many users could use it without much fear. But, I cannot see the way to efficiently cover Windows XP vulnerabilities.
Personally, If I have to use Windows XP then I would choose the setup based on SUA + Comodo Firewall (ver. 8) with autosandbox set to Block + Sandboxie for the vulnerable applications, and I would use ShadowDefender to protect the system from permanent changes. I would also use a simple Linux distro from Live CD for shopping/banking.
 
  • +Reputation
  • Like
Reactions: Venustus, harlan4096, Protomartyr and 2 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,513
Sampei Nihira said:
...
Does Windows Defender Anti-Exploit protection, also conscientiously applied to programs, protect against W.10 exploits?
Click to expand...
Windows Defender Exploit Protection is an extension of EMET to Windows 10. So, you can find a comparison with MBAE somewhere on the web. Obviously, it is not intended to protect against Windows 10 OS exploits. But, there is a big difference between Windows 10 and Windows XP. The problem of exploits in Windows 10 can be easily solved by simply updating the system/software. The exploits can be dangerous for enterprises and organizations, because they usually delay or block Windows Updates for compatibility with outdated software.
 
  • Like
Reactions: Venustus, harlan4096, ForgottenSeer 78429 and 2 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,513
Sampei Nihira said:
:);)

You have your preferences and I have mine.
Moreover, the many security configurations in this forum ..... demonstrate just that.
Click to expand...
That is right. My posts are not intended to change your mind, because you are not an average user. I post here because your setup could be risky for many MT users/readers.
 
  • Like
  • +Reputation
Reactions: Venustus, harlan4096, Protomartyr and 3 others
Sampei Nihira

Sampei Nihira

Level 6
Thread author
Verified
Well-known
Dec 26, 2019
287
Andy Ful said:
Windows Defender Exploit Protection is an extension of EMET to Windows 10. So, you can find a comparison with MBAE somewhere on the web. Obviously, it is not intended to protect against Windows 10 OS exploits. But, there is a big difference between Windows 10 and Windows XP. The problem of exploits in Windows 10 can be easily solved by simply updating the system/software. The exploits can be dangerous for enterprises and organizations, because they usually delay or block Windows Updates for compatibility with outdated software.
Click to expand...

Microsoft is famous for not quickly releasing patches for already published and functioning exploits.
In this case, the use of anti-exploits can make a difference.
I have a lot of confidence in my MBAE.
Used together with OSA it blocks all tests of:

[URL unfurl = "true"] http://dl.surfright.nl/Exploit Test Tool Manual.pdf [/ URL]

If there is someone who wants to see the intervention for a specific test I would be happy to insert an image.
All, are not.
I should make a video and with my XP, due to RAM, it is difficult but always possible.
 
  • Like
Reactions: Venustus, harlan4096, oldschool and 3 others
Prorootect

Prorootect

Level 69
Verified
Nov 5, 2011
5,855
  • Like
Reactions: oldschool, Venustus, harlan4096 and 3 others
F

ForgottenSeer 78429

Sampei Nihira said:
I am 56 years old and in all this time I have never seen my anti-exploit protections in action.
Click to expand...
Andy Ful said:
Ha, Ha. I am older than you, and I did not see any exploit on my computers for over 30 years.
Click to expand...
I am learning here a lot. Debates like this are full of knowledge for new generation. I think many people like you here can beat Windows 10 and Google by protecting users privacy. I am only 18 years old and have a lot to learn. Unfortunately didn't got enough marks to study Computer Science or Information Technology in entrance test(chose mechanical as equally inclined towards mechanical too). So internet is only medium for me to learn all this stuff and I am really happy to be part of this community. And for last I think Danger mark on this configuration is for newcomers like us because we don't have enough wit to manage a system like it:).
 
  • Like
  • +Reputation
  • Applause
Reactions: AlanOstaszewski, DDE_Server, Venustus and 6 others
bribon77

bribon77

Level 35
Verified
Top Poster
Well-known
Jul 6, 2017
2,392
I think you have not understood the "Tag".
There are many new people, who look at the most advanced and want to do the same, but do not have the same knowledge as you, therefore, it is a configuration not recommended, that does not mean that your configuration in your h.ands is bad.
You should not worry about the color of the label
 
  • Like
Reactions: Venustus, harlan4096, oldschool and 5 others
N

Nagisa

Level 7
Verified
Jul 19, 2018
342
Anyways, I don't already think a newcomer person would do install a variant of an old operating system and start using a browser which is fork of a fork of a firefox as his main browser. So, the tag doesn't make sense here. I think, with all these mitigations, your setup is pretty secure.
 
  • Like
Reactions: oldschool, Venustus, Prorootect and 2 others
Sampei Nihira

Sampei Nihira

Level 6
Thread author
Verified
Well-known
Dec 26, 2019
287
Guys, I'd like to be with you again.
But here in my country it is 20:07 and tomorrow morning I have to get up early to go to Rome with my wife.

I wish you all a good evening.

P.S.
I also always have a lot to learn.

For example what is the procedure to like what other forum members have written?
 
  • Like
Reactions: oldschool, Venustus, harlan4096 and 5 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,513
Sampei Nihira said:
Microsoft is famous for not quickly releasing patches for already published and functioning exploits.
In this case, the use of anti-exploits can make a difference.
Click to expand...
That is not true. There were some exceptions, but these exceptional exploits were not used in the widespread attacks (as far I know). Using anti-exploit security (like MBAE) for mitigating Windows OS vulnerabilities makes no sense. It makes sense for mitigating software exploits.

Sampei Nihira said:
I have a lot of confidence in my MBAE.
Used together with OSA it blocks all tests of:
[URL unfurl = "true"] http://dl.surfright.nl/Exploit Test Tool Manual.pdf [/ URL]
Click to expand...
This is a very old testing tool (5 years). I am not sure if it can be reliably used to test modern 'software exploits'.
It cannot be used to test Windows OS exploits.
 
Last edited:
  • Like
  • +Reputation
Reactions: Venustus, harlan4096, oldschool and 2 others
Sampei Nihira

Sampei Nihira

Level 6
Thread author
Verified
Well-known
Dec 26, 2019
287
Andy Ful said:
That is not true. There were some exceptions, but these exceptional exploits were not used in the widespread attacks (as far I know). Using anti-exploit security (like MBAE) for mitigating Windows OS vulnerabilities makes no sense. It makes sense for mitigating software exploits.


This is a very old testing tool (5 years). I am not sure if it can be reliably used to test modern 'software exploits'.
It cannot be used to test Windows OS exploits.
Click to expand...

Please read carefully:

blog.malwarebytes.com

What are exploits? (And why you should care) | Malwarebytes Labs

In this article, we take a closer look at exploits: how they work, why criminals use them, and what the future looks like for this sneaky form of attack.
blog.malwarebytes.com blog.malwarebytes.com

With an unpatched system bug, exploit through the browser does not necessarily bypass the security configuration and therefore exploits the system bug.

....The problem with patches is they often aren’t released immediately after a vulnerability is discovered, so criminals have time to act and exploit......
Click to expand...

Etc....etc.....etc...

Good nighttttttttttttttttttttttttttttttttttt.....:giggle:
 
Last edited:
  • Like
Reactions: oldschool and bribon77
Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,513
Last edited:
  • Like
  • +Reputation
  • Applause
Reactions: ForgottenSeer 78429, AlanOstaszewski, valvaris and 9 others
Sampei Nihira

Sampei Nihira

Level 6
Thread author
Verified
Well-known
Dec 26, 2019
287
Andy Ful said:
Did not you miss the most important part of it?:unsure:

"How to protect against exploits
...
First, make sure you keep your software programs, plugins, and operating systems updated at all times."
Click to expand...

My used softwares are updated (and inserted under the protection of MBAE + OSA), plugins are updated.

Unfortunately the OS can no longer be updated.

But even if there is a system bug it is not sure that if there is an exploit that leverages that bug it will be able to overcome the defenses of the security configuration.

It does not seem difficult to understand.

So to compromise the system you need:

1) Bug remotely exploitable of OS W.XP.
2) Exploit that leverages that bug.
3) Overcoming all the defenses implemented in the security configuration.

First of all, those of the browser because the blocking of scripts + iframes (Noscript) prevents 99% an eventual exploitation attempt in the bud.
Then there are all the other defenses of the security configuration.
 
  • Like
Reactions: Protomartyr, Venustus and oldschool
Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,513
Sampei Nihira said:
...
But even if there is a system bug it is not sure that if there is an exploit that leverages that bug it will be able to overcome the defenses of the security configuration.
...
Click to expand...
I am probably more conservative, so I would require from the security setup something more.
I think that the readers of this thread have enough information about the pros and cons of using such a setup, so we can happily end our discussion. Be safe.(y):)
 
  • Like
Reactions: bribon77, Protomartyr, Venustus and 4 others
Status
Not open for further replies.

Similar threads

Stenographers
    • Like
    • Applause
    • +Reputation
Advanced Plus Security Stenographer's Security Config 2022
Replies
4
Views
1,204
PC Setup Configuration Help & Showcase
Stenographers
Stenographers
Trident
    • Like
    • +Reputation
    • Thanks
Serious Discussion Decoding the Trend Micro Components and Protection Model
Replies
24
Views
3,008
Other security for Windows, Mac, Linux
Mahesh Sudula
Mahesh Sudula
SpiderWeb
    • Like
    • Wow
Advanced Plus Security SpiderWeb's Security Config 2020
Replies
23
Views
6,745
CSC Archive
Ink
I

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top