Danger Sampei Nihira Security Config WinXP (POS Ready2009) 2020

[ForgottenSeer 823865]

I think it's a matter of justice.
But if I have to be honest I don't know it well.
It is as if something is not in the right place.
I have read of Security Configurations that use W.10 which may be more at risk than mine.

You still don't understand the purpose of security config section.
Its purpose isn't a contest with other members about who has the safest coolest config.
It is about sharing a setup to other members, especially beginners who may need some example/inspirations/recommendations.
1- Ask yourself, will you recommend XP to a beginner?
2- Will you tell him to reproduce the multiple tweaks you had to do to secure XP?
I bet you will say no in both cases, so you know why your config will never be tagged as "secured" because (using an analogy), you use a boat with many known holes, and fix the said holes with your personal sklills, which is out of reach for an average user.

About Mimikatz, focus on blocking in-memory attack vectors, it is where Mimikatz is best used.
Blocking only LOLbins wont help much.
the safest combo is and always will be : a true anti-exploit + a default-deny application.

"Amateurs built the Ark and it was the professionals that built the Titanic"
I see. I feel the same way.

The titanic was solid, unfortunately, he was not made to hit a giant iceberg. like a car isn't designed to survive a direct hit against a concrete wall...
Btw, the Titanic was real, the Ark, not so much. Me too i can pretend i build an UFO and say it fly better than a plane...LOL

 

[Sampei Nihira]

You still don't understand the purpose of security config section.
Its purpose isn't a contest with other members about who has the safest coolest config.
It is about sharing a setup to other members, especially beginners who may need some example/inspirations/recommendations.
1- Ask yourself, will you recommend XP to a beginner?
2- Will you tell him to reproduce the multiple tweaks you had to do to secure XP?
I bet you will say no in both cases, so you know why your config will never be tagged as "secured" because (using an analogy), you use a boat with many known holes, and fix the said holes with your personal sklills, which is out of reach for an average user.

About Mimikatz, focus on blocking in-memory attack vectors, it is where Mimikatz is best used.
Blocking only LOLbins wont help much.
the safest combo is and always will be : a true anti-exploit + a default-deny application.

You're right, I would never recommend a beginner to use W.XP.
But it doesn't seem to me that the majority of the members of this forum are beginners.
Quite right?

You're still right I wouldn't recommend others to play multiple tweaks in an OS W.XP.
But I think it would be an excellent starting point to make these changes in their OS W. Vista, 7,8.1.

Copernicus knew perfectly well the geocentric system of Ptolemy.
But something was not in the right direction, these are the conditions that lead to a constructive change.

Don't you think it would be an excellent example?

Furthermore, the staff of security has already included the warning notes in my safety configuration, which would already be a warning for real beginners.

Furthermore, it seems to me that you have already written to me twice:

.....true anti-exploit .....

and I have it (MBAE Premium) plus configured with non-default settings, you already know OSA.

 

[ForgottenSeer 823865]

MT isn't Wilders, with the same 3 guys debating over and over about the new vulnerability discovered and what to use to block it.

MT is more popular and friendly to beginners. Most members here don't have much technical knowledge, many just used to play with products and know well their pros and cons.

Most members register here to ask about A vs B, nothing more.

 

[Fuzzfas]

Still on board on my XP as the support of Kerio FW Free 2.1.5...yess...I'm using firewall from 2004 so...could I feel like dinosaur? As already mentioned - there still to get a few firewalls from the past e.g. Kerio, Sygate, Sunbelt, NetVeda SN, Filseclab, Outpost, PCTools, Prvatefirewall or even the last free Online Armor from Tall Emu but nowadyas we have nice firewall that is Free also - SpyShelter Free v.12. It' s for sure worth of attention.

Aaaawwwwww! Kerio 2!!! The memories!!! XP! The golden era of firewalls! Sygate too with its fabulous monitor display and the huge hole when using proxy! Ah, i miss those times! Nowdays the firewalls just suck! They were my favourite toy! I had used Kerio2, Sygate, Ashampoo Firewall, Kerio 4, PCTools, Filseclab, Ghost Firewall (boy, was that light and fun!!!), Outpost, Comodo, Rising, Zone Alarm (while it was still king), Online Armor. Nowdays it's so sad... Kerio 2 with BlitzenZeus rules!

Spyshelter free now has firewall? Wow, this is news to me! Last time i knew, the free version was killed! I will have to try that sooner or later, thanks!

 

[Andy Ful]

Windows XP will never get similar security level as Windows 7, 8, 8.1 and 10. This will be true, even when the user will install MBAE, OSA, and will harden the system. Anyway, it is possible to apply an unusual setup to make Win XP the security by obscurity. So, if the user knows the consequences of using it and understands its limitations, then the chances of being infected by malware in the wild are minimal. It may be that @Sampei Nihira can be in practice pretty much safe when using it.

Yet, as Umbra noted, such a setup is too specific. In my opinion, it also relies on faith too much. The 3rd party applications like MBAE and OSA, are not well tested against the real modern threats on Windows XP (some tests suggest that they can be very useful). Also, the web browser is not properly tested, and we do not know if all security Windows Updates (from Windows Server 2003) work properly on Windows XP.

I have some practice in protecting the computers on Windows XP. Generally, they are not worth bothering - the effort is too much, except if you are the XP enthusiast.

I totally agree with the MT note:

"This setup configuration may put your device at risk .
We don't recommend that other members use this setup. We cannot not be held responsible for problems that may occur to your device by using this security setup.
This computer configuration is using an unsupported operating system. If possible, we recommend to upgrade to an operating system that is supported by its developers."

Edit.
I noticed a typing error.

 

[Sampei Nihira]

Windows XP will never get similar security level as Windows 7, 8, 8.1 and 10. This will be true, even when the user will install MBAE, OSA, and will harden the system. Anyway, it is possible to apply an unusual setup to make Win XP the security by obscurity. So, if the user knows the consequences of using it and understands its limitations, then the chances of being infected by malware in the wild are minimal. It may be that @Sampei Nihira can be in practice pretty much safe when using it.

Yet, as Umbra noted, such a setup is too specific. In my opinion, it also relies on faith too much. The 3rd party applications like MBAE and OSA, are not well tested against the real modern threats on Windows XP (some tests suggest that they can be very useful). Also, the web browser is not properly tested, and we do not know if all security Windows Updates (from Windows Server 2003) work properly on Windows XP.

I have some practice in protecting the computers on Windows XP. Generally, they are not worth bothering - the effort is too much, except if you are the XP enthusiast.

I totally agree with the MT note:

"This setup configuration may put your device at risk .
We don't recommend that other members use this setup. We cannot not be held responsible for problems that may occur to your device by using this security setup.
This computer configuration is using an unsupported operating system. If possible, we recommend to upgrade to an operating system that is supported by its developers."

Edit.
I noticed a typing error.

You recommended Maxthon, a browser, it seems to me, that can also use Trident .............
The updates until March (sorry) April 2019 that I installed are those for Windows XP embedded (Not Windows Server 2003).
I show you an image not taken from my PC:



P.S. It's not faith ...... trust me.

 

[RKRN3]

P.S. It's not faith ...... trust me.

Well, no one can, right now, move to XP unless they pirate it, which defeats the purpose of security. i know you are much more knowledgeable, but this MT section isn't about competition but a guide for newcomers like me to learn some stuff. I learnt many things in this post but one thing is certain, I won't move to XP, so will not the others here.

 

[Andy Ful]

You recommended Maxthon, a browser, it seems to me, that can also use Trident .............

I did not. I do not recommend any web browser on Windows XP.

The updates until March 2019 that I installed are those for Windows XP embedded (Not Windows Server 2003).
...

Yes, that is my fault. I forgot that the updates for Windows XP were available from Windows XP Embedded (not from Windows Server 2003). Anyway, my conclusion is the same. Both systems are very close cousins, but they are not the same - some components are modified and simplified in the Embedded version. Although I did not hear that there were problems with such updates, there is also no proof (test) that these updates should cover all vulnerabilities in Windows XP (most of them should).

P.S. It's not faith ...... trust me.

If I would trust you, then this would be the act of pure faith.
Anyway, If someone had to use Windows XP, then your setup would be much safer than most XP setups (still risky for most users).

 

[Sampei Nihira]

New Moon28 is Pale Moon.
Without the code, forcedly introduced since FF52 works in Windows XP, which prevents its use in W.XP.

 

[Sampei Nihira]

I replaced the files of 7z subfolder of Bandizip 5.23 with the 7zip files of the alpha version 2020-02-06:





Weekly update also of browser (New Moon 28) and e-mail client (Interlink Mail New).
New update also of Potplayer v.200206 - 2020-02-06.

 

[Zorro]

Here in the comments above already mentioned Spyshelter Free. By the way, it supports Win XP. Therefore, it could be a good help in the config.

 

[Sampei Nihira]

Here in the comments above already mentioned Spyshelter Free. By the way, it supports Win XP. Therefore, it could be a good help in the config.

You say?
And what more protection would I have from installing this software?

Please keep in mind my amount of RAM, and the fact that the swap in my HD of a pc over ten years old is rather slow.

 

[Zorro]

Please keep in mind my amount of RAM, and the fact that the swap in my HD of a pc over ten years old is rather slow.

I don’t know how much RAM the free version consumes, but the paid one consumes an average of 5.5 MB. It's a lot? What can this program give? Yes, at least a normal firewall.

 

[Zorro]

You say?

And what is surprising in what I say?

 

[Sampei Nihira]

You say a firewall with monitoring also outgoing?

 

[Zorro]

You say a firewall with monitoring also outgoing?

SpyShelter Firewall provides incoming and outgoing network requests detection, allowing you control every inbound and outbound connection that is being established. This feature locks out hackers from connecting to your PC, and stops undesired applications from connecting to the internet.

 

[Sampei Nihira]

The XP firewall is also OK for incoming connections.
What unwanted applications?
I don't have unwanted applications in my PC.................

P.S.

The only application that tries to connect to the internet is MBAE because it is looking for the most updated version.
But I blocked it with an ad hoc rule in the Host file.

 

[ichito]

The XP firewall is also OK for incoming connections.
What unwanted applications?
I don't have unwanted applications in my PC.................

I think he mean not a particular apps but its action and "willing" to call outside to some unwanted...uknown...serwes. Do you perhaps remember CCleaner/Avast affair or allother kinds of telemetry? Do you know thet some user...me also...apdate apps manualy not autmaticaly? Yes...I think this are the examples of matter of controlling both direction.

 

[Sampei Nihira]

I think he mean not a particular apps but its action and "willing" to call outside to some unwanted...uknown...serwes. Do you perhaps remember CCleaner/Avast affair or allother kinds of telemetry? Do you know thet some user...me also...apdate apps manualy not autmaticaly? Yes...I think this are the examples of matter of controlling both direction.

Thanks for the explanation Ichito.
But I stay away from these applications.
And then I repeat there is always the HOST file.

For example, my MBAE rule not only prevents the application from calling home, but avoids an annoying pop-up of updating the app which then automatically updates automatically.

P.S.

Forget about the malware that calls home to progress in the infection.
If malware already has the ability to take this action, you must thoroughly review the "prevention zone" of your Security Configuration.

 

[Outpost]

Forget about the malware that calls home to progress in the infection.
If malware already has the ability to take this action, you must thoroughly review the "prevention zone" of your Security Configuration.

Indeed. When you're at that point it's already late.
It is a "theory" that I have supported for "centuries"!
Why can't you give "likes" as consecutive?