Status
Not open for further replies.
Latest changes
Dec 26, 2019
Operating system
Not listed
System type
32-bit operating system; x86-based processor
Update and Security
No security updates
User Access Control
Notify me only when programs try to make changes to my computer
Firewall and Network protection
Microsoft Defender Firewall is active
User permissions
Administrator account
User account
Local account only
Sign-in options
  • Account Password
  • Malware exposure
    No malware samples are downloaded
    Real-time Malware protection
    • Windows Firewall
    • Firewall Hardware on router
    • 1° AdGuard DNS / 2° CloudFlare DNS
    • MBAE Premium - Custom Setting
    • OSA - Custom Setting
    • Black Viper's List - Some services Disabled/Manual
    Modified security settings
    • Trick POS Ready 2009 + KB4500331.
    • PsExec - Run browsers + email client with limited rights - Exceptions (OSA) for Interlink Mail News and New Moon.
    • DEP Always ON
    • SMB Protocol Disabled
    • No NET Framework Installed
    • I.E.8 No Flash + Trick 1803 (Block the downloadable executable files) + Disable script (F12 - on/off) + block execution I.E.8.
    Periodic scanners
    Hitman Pro,McAfee Stinger,HijackThis Portable,Adwcleaner v.6.0.4.7
    Browser and Extensions
    New Moon 28 - (Pale Moon fork for Windows XP) Custom Setting about:config

    • Noscript
    • U.B.O.Legacy
    • Decentraleyes
    • No Resource URI Leak
    • Canvas Blocker Legacy 0.2 - Only to pass the ClientRects Fingerprint test
    Privacy tools and VPN
    • 1° AdGuard DNS / 2° CloudFlare DNS
    • W.M.P. off
    • O.E. off
    • New Moon Home page = DuckDuckGO - Custom settings saved via URL no cookies
    Password manager
    My Memory
    Search engine
    DuckDuckGo
    Maintenance tools
    • CCleaner - Many custom rules created by me
    • RegSekeer
    • Process Explorer
    • SigcheckGUI
    • Dependency Walker
    • CFF Explorer
    • Currports
    • WWDC
    • IobitUnistaller Portable
    • Speedyfox -Custom Rule for Interlink Mail News
    • SUMo Portable
    • JKDefragGUI
    Photos and Documents backup
    Pen Drive
    Data Backup Schedule
    Once or multiple times per month
    Backup and Restore
    Acer System Backup
    Backup Schedule
    Once or more per year
    Computer Activity
  • Online banking
  • Browsing the web and checking emails
  • Office and other work-related software (Work from Home)
  • Learning computer languages or creating apps
  • Computer Specifications
    Acer Intel Celeron M380 1.60 GHz 1GB RAM
    Your changelog
    1. Added some custom rules in OSA for Mimikatz Dump Lsass.exe mitigation.
    2. Added "sc" command rule block in OSA.
    3. Added rule to block execution of I.E.8 in OSA.
    4. Added rule to block msbuild.exe in OSA and the same rule on the Registry Key.
    5. Blocking rule in host file for CCleaner.
    Staff notes

    This setup configuration may put your device at risk .
    We don't recommend that other members use this security setup. We cannot be held responsible for problems that may occur to your device by using this security setup.

    This computer configuration is using an unsupported operating system. If possible, we recommend to upgrade to an operating system that is supported by its developers.

    F

    ForgottenSeer 823865

    I would like to bring this 3D to your attention:

    Any malware can bypass signature if properly obfuscated and encrypted, make them fileless, signed and it is guaranteed to bypass.

    About Mimikatz and lsass.exe, if you use a true anti-exploit or a soft protecting lsass.exe memory space like Appguard or the Excubit tool (forgot its name), you should be ok. However this is out if reach of most anti-exe (ERP, OSA, etc...) since they don't have any in-memory process protection (preventing lsass.exe or other processes to be read or modified).

    This kind of attacks is the perfect example of anti-exe limitations, they are excellent at blocking malicious parent-child processes but it stop there. You can't just rely solely on them if you want them as main security tool (you need an anti-exploit alongside, i told this since ages).
     
    Last edited by a moderator:

    Sampei Nihira

    Level 6
    Verified
    Sampei Nihira,
    Did you make a comparison of PaleMoon safety to other possible web browsers like K-Meleon, Maxthon 5, or Opera (ver. 36)? All are still patched for security on Windows XP.
    Stay away from Maxthon especially for privacy reasons.
    Roytam1 develops an XP version of K-Meleon but has inferior functionality to New Moon as you well know.
    I don't know anyone who still uses Opera36 with XP.
    He gave me several problems, a few years ago.
     

    Sampei Nihira

    Level 6
    Verified
    Any malware can bypass signature if properly obfuscated and encrypted, make them fileless, signed and it is guaranteed to bypass.

    About Mimikatz and lsass.exe, if you use a true anti-exploit or a soft protecting lsass.exe memory space like Appguard or the Excubit tool (forgot its name), you should be ok. However this is out if reach of most anti-exe (ERP, OSA, etc...) since they don't have any in-memory process protection (preventing lsass.exe or other processes to be read or modified).

    This kind of attacks is the perfect example of anti-exe limitations, they are excellent at blocking malicious parent-child processes but it stop there. You can't just rely solely on them if you want them as main security tool (you need an anti-exploit alongside, i told this since ages).
    The purpose of 3D on Wilders,from post 6 onwards, is prevention, as usual.
    The attacker's aim is to appropriate our Lsass.dmp.
    Our aim is to block the creation of this file in our pc.
    Those who have read 3D have understood that there are various ways and systems to do this.

    I with my Windows XP have prevented all possible methods for creating the file minus one, Process Explorer.

    The method with P.E. was highlighted by me.

    I do not think it is appropriate to waste time with P.E. in my OS.
    If you want I can explain the reason.

    Although an OS W.10 protects upstream from this type of attack, I believe that it is beneficial for Wilders and MT members to carry out some tests.

    Which unfortunately only me and itman did.:unsure:
     
    Last edited:
    F

    ForgottenSeer 823865

    I will tell you honestly, 90% of the discussions in security forums (especially on Wilders, where it involve just a handful of people) are more theoretical than practical.
    It is like debating about the result of a meteor impact on Earth.

    Those who have read 3D have understood that there are various ways and systems to do this.
    Which after i quickly read, seems to involve the abuse of lsass.exe, which can be easily prevented by in-memory protection kind of software (unless i overlooked something while quickly reading)
     

    Sampei Nihira

    Level 6
    Verified
    @ to All

    The abuse of lsass.exe in creating the dump file with an OS W.10 is mitigated by the OS itself.
    I believe in most cases, for what I recommend you check.

    In an OS W.XP such abuse must be blocked in the sequence of events that can lead to the success of the attacker.
    In my OS I just did this, I ran several tests.
     

    Andy Ful

    Level 59
    Verified
    Trusted
    Content Creator
    Stay away from Maxthon especially for privacy reasons.
    ...
    Yes, there were some issues in the year 2016, for example:
    Honestly, I read far worse things about Google Chrome, Avast, etc. Furthermore, I could not find anything suspicious about it after the year 2016 (the company is in the US). It looks like the safest browser for Windows XP and Vista (except maybe the PaleMoon).

    The cons are the extensions made by unknown people. So, I would rather use the Adguard DNS, or another safe DNS.
     

    Sampei Nihira

    Level 6
    Verified
    Yes, there were some issues in the year 2016, for example:
    Honestly, I read far worse things about Google Chrome, Avast, etc. Furthermore, I could not find anything suspicious about it after the year 2016 (the company is in the US). It looks like the safest browser for Windows XP and Vista (except maybe the PaleMoon).

    The cons are the extensions made by unknown people. So, I would rather use the Adguard DNS, or another safe DNS.
    Look at this old 3D:


    see my post.
    Using a browser also means having functionality.;)

    P.S. Pale Moon ranks better than Maxthon in you article.
     
    Last edited:

    Sampei Nihira

    Level 6
    Verified
    The Mimikatz discussion on the Wilders forum has ended.
    The result for my security configuration, with one exception (P.E.), ended positively.

    I hope the

    @MT Security Staff

    will reevaluate their assessment.:)
    A kind of exception that confirms your rules.(y)

    With best regards.:)


    P.S. This my pleading is very little, compared to Humphrey Bogart's final pleading in the movie:

     
    Last edited:
    F

    ForgottenSeer 823865

    @MT Security Staff

    will reevaluate their assessment.:)
    A kind of exception that confirms your rules.(y)

    With best regards.:)
    Don't hope too much, the actual rules are less strict than the ones I enforced when I was in charge of the security config section.
    So I don't see any exceptions being made for you. The tags aren't only made to rate your config, but also to inform other members about replicating it.
    Those tags aren't considering the user skills or workarounds but only the items used.
    XP is vulnerable, so risky is your config.
     

    Sampei Nihira

    Level 6
    Verified
    Don't hope too much, the actual rules are less strict than the ones I enforced when I was in charge of the security config section.
    So I don't see any exceptions being made for you. The tags aren't only made to rate your config, but also to inform other members about replicating it.
    Those tags aren't considering the user skills or workarounds but only the items used.
    XP is vulnerable, so risky is your config.
    I don't hope.
    The ending of the film, which I have seen, and I have brought to attention is clear.
    If you ask yourself "then why?"

    I will answer you, if you can find that film, see it and you will know it.
     

    Andy Ful

    Level 59
    Verified
    Trusted
    Content Creator
    I think that it would be much easier to protect a Vista computer.
    1. Stronger design.
    2. The security patches are still available (manually via Server 2008).
    3. This is a rarely used Windows version.
    4. You can use Comodo Firewall or any AV + H_C to lock/unlock the computer in a few minutes.
    1. Windows XP (for advanced swimmers only) :):
    tratwaXP.png



    2. Windows Vista (rarely used):
    WinVista.jpg



    3. Windows 7:
    Windows 7.jpg
     
    Last edited:

    Outpost

    Level 5
    Verified
    @MT Security Staff
    will reevaluate their assessment.:)
    But what are you interested in their assessment? The thing that should matter most to you is only one: you have been using your configuration for years, over time you have improved and mastered it. In all this time no virus or anything has ever gone through it. So for you (which you know how to use very well) it is more than good. That's all that matters.
     
    Last edited:

    Sampei Nihira

    Level 6
    Verified
    I think that it would be much easier to protect a Vista computer.
    1. Stronger design.
    2. The security patches are still available (manually via Server 2008).
    3. This is a rarely used Windows version.
    4. You can use Comodo Firewall or any AV + H_C to lock/unlock the computer in a few minutes.
    1. Windows XP (for advanced swimmers only) :):
    View attachment 232414


    2. Windows Vista (rarely used):
    View attachment 232415


    3. Windows 7:
    View attachment 232416
    Kon Tiki in the year 1947 crossed the Pacific to arrive Polynesia:

     
    Last edited:

    Sampei Nihira

    Level 6
    Verified
    But what are you interested in their assessment? The thing that should matter most to you is only one: you have been using your configuration for years, over time you have improved and mastered it. In all this time no virus or anything has ever gone through it. So for you (which you know how to use very well) it is more than good. That's all that matters.
    I think it's a matter of justice.
    But if I have to be honest I don't know it well.
    It is as if something is not in the right place.

    I have read of Security Configurations that use W.10 which may be more at risk than mine.
     

    Sampei Nihira

    Level 6
    Verified
    I solved the Mimikatz dump lsass.exe problem with Process Explorer.:):)

    You won't believe it but the idea came to me before I fell asleep.

    I entered a general blocking rule for Process Explorer.
    At the same time, an exception to my Process Explorer path was added.

    The mitigations in this case are so varied that any attack would be impossible.

    - P.E. works only in my path.

    - The latest versions of P.E. although they start in W.XP they malfunction, an attacker will hardly be able to know because the "systeminfo" command does not work in W.XP.
    And even if it works in OSA there is a specific rule.
     
    Status
    Not open for further replies.
    Top