Danger Sampei Nihira Security Config WinXP (POS Ready2009) 2020

Status
Not open for further replies.
Last updated
Dec 26, 2019
Windows Edition
Home
Operating system
Other
Log-in security
Security updates
Block all updates
User Access Control
Notify me only when programs try to make changes to my computer
Real-time security
  • Windows Firewall
  • Firewall Hardware on router
  • 1° AdGuard DNS / 2° CloudFlare DNS
  • MBAE Premium - Custom Setting
  • OSA - Custom Setting
  • Black Viper's List - Some services Disabled/Manual
Firewall security
Microsoft Defender Firewall
About custom security
  • Trick POS Ready 2009 + KB4500331.
  • PsExec - Run browsers + email client with limited rights - Exceptions (OSA) for Interlink Mail News and New Moon.
  • DEP Always ON
  • SMB Protocol Disabled
  • No NET Framework Installed
  • I.E.8 No Flash + Trick 1803 (Block the downloadable executable files) + Disable script (F12 - on/off) + block execution I.E.8.
Periodic malware scanners
Hitman Pro,McAfee Stinger,HijackThis Portable,Adwcleaner v.6.0.4.7
Malware sample testing
I do not participate in malware testing
Browser(s) and extensions
New Moon 28 - (Pale Moon fork for Windows XP) Custom Setting about:config

  • Noscript
  • U.B.O.Legacy
  • Decentraleyes
  • No Resource URI Leak
  • Canvas Blocker Legacy 0.2 - Only to pass the ClientRects Fingerprint test
Maintenance tools
  • CCleaner - Many custom rules created by me
  • RegSekeer
  • Process Explorer
  • SigcheckGUI
  • Dependency Walker
  • CFF Explorer
  • Currports
  • WWDC
  • IobitUnistaller Portable
  • Speedyfox -Custom Rule for Interlink Mail News
  • SUMo Portable
  • JKDefragGUI
File and Photo backup
Pen Drive
System recovery
Acer System Backup
Risk factors
    • Logging into my bank account
    • Browsing to popular websites
    • Working from home
Computer specs
Acer Intel Celeron M380 1.60 GHz 1GB RAM
Notable changes
  1. Added some custom rules in OSA for Mimikatz Dump Lsass.exe mitigation.
  2. Added "sc" command rule block in OSA.
  3. Added rule to block execution of I.E.8 in OSA.
  4. Added rule to block msbuild.exe in OSA and the same rule on the Registry Key.
  5. Blocking rule in host file for CCleaner.
Notes by Staff Team
  1. This setup configuration may put you and your device at risk!
    We do not recommend that other members use this setup. We cannot be held responsible for problems that may occur to your device by using this security setup.

  2. This computer configuration is using an unsupported operating system. If possible, we recommend to upgrade to an operating system that is supported by its developers to remain protected from the latest threats.

F

ForgottenSeer 823865

I think it's a matter of justice.
But if I have to be honest I don't know it well.
It is as if something is not in the right place.
I have read of Security Configurations that use W.10 which may be more at risk than mine.
You still don't understand the purpose of security config section.
Its purpose isn't a contest with other members about who has the safest coolest config.
It is about sharing a setup to other members, especially beginners who may need some example/inspirations/recommendations.
1- Ask yourself, will you recommend XP to a beginner?
2- Will you tell him to reproduce the multiple tweaks you had to do to secure XP?
I bet you will say no in both cases, so you know why your config will never be tagged as "secured" because (using an analogy), you use a boat with many known holes, and fix the said holes with your personal sklills, which is out of reach for an average user.

About Mimikatz, focus on blocking in-memory attack vectors, it is where Mimikatz is best used.
Blocking only LOLbins wont help much.
the safest combo is and always will be : a true anti-exploit + a default-deny application.

"Amateurs built the Ark and it was the professionals that built the Titanic" ;)
I see. I feel the same way.
The titanic was solid, unfortunately, he was not made to hit a giant iceberg. like a car isn't designed to survive a direct hit against a concrete wall...
Btw, the Titanic was real, the Ark, not so much. Me too i can pretend i build an UFO and say it fly better than a plane...LOL
 
Last edited by a moderator:

Sampei Nihira

Level 6
Thread author
Verified
Well-known
Dec 26, 2019
287
You still don't understand the purpose of security config section.
Its purpose isn't a contest with other members about who has the safest coolest config.
It is about sharing a setup to other members, especially beginners who may need some example/inspirations/recommendations.
1- Ask yourself, will you recommend XP to a beginner?
2- Will you tell him to reproduce the multiple tweaks you had to do to secure XP?
I bet you will say no in both cases, so you know why your config will never be tagged as "secured" because (using an analogy), you use a boat with many known holes, and fix the said holes with your personal sklills, which is out of reach for an average user.

About Mimikatz, focus on blocking in-memory attack vectors, it is where Mimikatz is best used.
Blocking only LOLbins wont help much.
the safest combo is and always will be : a true anti-exploit + a default-deny application.

You're right, I would never recommend a beginner to use W.XP.
But it doesn't seem to me that the majority of the members of this forum are beginners.
Quite right?

You're still right I wouldn't recommend others to play multiple tweaks in an OS W.XP.
But I think it would be an excellent starting point to make these changes in their OS W. Vista, 7,8.1.

Copernicus knew perfectly well the geocentric system of Ptolemy.
But something was not in the right direction, these are the conditions that lead to a constructive change.;););)

Don't you think it would be an excellent example?

Furthermore, the staff of security has already included the warning notes in my safety configuration, which would already be a warning for real beginners.

Furthermore, it seems to me that you have already written to me twice:

.....true anti-exploit .....

and I have it (MBAE Premium) plus configured with non-default settings, you already know OSA.
 
F

ForgottenSeer 823865

MT isn't Wilders, with the same 3 guys debating over and over about the new vulnerability discovered and what to use to block it.

MT is more popular and friendly to beginners. Most members here don't have much technical knowledge, many just used to play with products and know well their pros and cons.

Most members register here to ask about A vs B, nothing more.
 
Last edited by a moderator:

Fuzzfas

Level 3
Verified
Well-known
Jan 8, 2013
109
Still on board on my XP as the support of Kerio FW Free 2.1.5...yess...I'm using firewall from 2004 so...could I feel like dinosaur? :) As already mentioned - there still to get a few firewalls from the past e.g. Kerio, Sygate, Sunbelt, NetVeda SN, Filseclab, Outpost, PCTools, Prvatefirewall or even the last free Online Armor from Tall Emu but nowadyas we have nice firewall that is Free also - SpyShelter Free v.12. It' s for sure worth of attention.

Aaaawwwwww! Kerio 2!!! :love: The memories!!! XP! The golden era of firewalls! Sygate too with its fabulous monitor display and the huge hole when using proxy! Ah, i miss those times! Nowdays the firewalls just suck! They were my favourite toy! I had used Kerio2, Sygate, Ashampoo Firewall, Kerio 4, PCTools, Filseclab, Ghost Firewall (boy, was that light and fun!!!), Outpost, Comodo, Rising, Zone Alarm (while it was still king), Online Armor. Nowdays it's so sad... Kerio 2 with BlitzenZeus rules! :love:

Spyshelter free now has firewall? Wow, this is news to me! Last time i knew, the free version was killed! I will have to try that sooner or later, thanks!
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,223
Windows XP will never get similar security level as Windows 7, 8, 8.1 and 10. This will be true, even when the user will install MBAE, OSA, and will harden the system. Anyway, it is possible to apply an unusual setup to make Win XP the security by obscurity. So, if the user knows the consequences of using it and understands its limitations, then the chances of being infected by malware in the wild are minimal. It may be that @Sampei Nihira can be in practice pretty much safe when using it.

Yet, as Umbra noted, such a setup is too specific. In my opinion, it also relies on faith too much. The 3rd party applications like MBAE and OSA, are not well tested against the real modern threats on Windows XP (some tests suggest that they can be very useful). Also, the web browser is not properly tested, and we do not know if all security Windows Updates (from Windows Server 2003) work properly on Windows XP.

I have some practice in protecting the computers on Windows XP. Generally, they are not worth bothering - the effort is too much, except if you are the XP enthusiast.

I totally agree with the MT note:

"This setup configuration may put your device at risk .
We don't recommend that other members use this setup. We cannot not be held responsible for problems that may occur to your device by using this security setup.
This computer configuration is using an unsupported operating system. If possible, we recommend to upgrade to an operating system that is supported by its developers."

Edit.
I noticed a typing error.(y)
 

Sampei Nihira

Level 6
Thread author
Verified
Well-known
Dec 26, 2019
287
Windows XP will never get similar security level as Windows 7, 8, 8.1 and 10. This will be true, even when the user will install MBAE, OSA, and will harden the system. Anyway, it is possible to apply an unusual setup to make Win XP the security by obscurity. So, if the user knows the consequences of using it and understands its limitations, then the chances of being infected by malware in the wild are minimal. It may be that @Sampei Nihira can be in practice pretty much safe when using it.

Yet, as Umbra noted, such a setup is too specific. In my opinion, it also relies on faith too much. The 3rd party applications like MBAE and OSA, are not well tested against the real modern threats on Windows XP (some tests suggest that they can be very useful). Also, the web browser is not properly tested, and we do not know if all security Windows Updates (from Windows Server 2003) work properly on Windows XP.

I have some practice in protecting the computers on Windows XP. Generally, they are not worth bothering - the effort is too much, except if you are the XP enthusiast.

I totally agree with the MT note:

"This setup configuration may put your device at risk .
We don't recommend that other members use this setup. We cannot not be held responsible for problems that may occur to your device by using this security setup.
This computer configuration is using an unsupported operating system. If possible, we recommend to upgrade to an operating system that is supported by its developers."

Edit.
I noticed a typing error.(y)

You recommended Maxthon, a browser, it seems to me, that can also use Trident .............(n)
The updates until March (sorry) April 2019 that I installed are those for Windows XP embedded (Not Windows Server 2003).
I show you an image not taken from my PC:

161.jpg

P.S. It's not faith ...... trust me.;):)
 
Last edited:

RKRN3

Level 3
Verified
Well-known
Sep 6, 2019
122
P.S. It's not faith ...... trust me.;):)
Well, no one can, right now, move to XP unless they pirate it, which defeats the purpose of security. i know you are much more knowledgeable, but this MT section isn't about competition but a guide for newcomers like me to learn some stuff. I learnt many things in this post but one thing is certain, I won't move to XP, so will not the others here.
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,223
You recommended Maxthon, a browser, it seems to me, that can also use Trident .............(n)
I did not. I do not recommend any web browser on Windows XP.

The updates until March 2019 that I installed are those for Windows XP embedded (Not Windows Server 2003).
...
Yes, that is my fault. I forgot that the updates for Windows XP were available from Windows XP Embedded (not from Windows Server 2003). Anyway, my conclusion is the same. Both systems are very close cousins, but they are not the same - some components are modified and simplified in the Embedded version. Although I did not hear that there were problems with such updates, there is also no proof (test) that these updates should cover all vulnerabilities in Windows XP (most of them should).
P.S. It's not faith ...... trust me.;):)
If I would trust you, then this would be the act of pure faith.:)(y)
Anyway, If someone had to use Windows XP, then your setup would be much safer than most XP setups (still risky for most users).(y)
 

Sampei Nihira

Level 6
Thread author
Verified
Well-known
Dec 26, 2019
287
I replaced the files of 7z subfolder of Bandizip 5.23 with the 7zip files of the alpha version 2020-02-06:

200.JPG

200a.JPG

Weekly update also of browser (New Moon 28) and e-mail client (Interlink Mail New).
New update also of Potplayer v.200206 - 2020-02-06.
 
Last edited:

Zorro

Level 9
Verified
Well-known
Jun 11, 2019
407
Here in the comments above already mentioned Spyshelter Free. By the way, it supports Win XP. Therefore, it could be a good help in the config.
 

Sampei Nihira

Level 6
Thread author
Verified
Well-known
Dec 26, 2019
287
Here in the comments above already mentioned Spyshelter Free. By the way, it supports Win XP. Therefore, it could be a good help in the config.

You say?:)
And what more protection would I have from installing this software?

Please keep in mind my amount of RAM, and the fact that the swap in my HD of a pc over ten years old is rather slow.;)
 

Zorro

Level 9
Verified
Well-known
Jun 11, 2019
407
Please keep in mind my amount of RAM, and the fact that the swap in my HD of a pc over ten years old is rather slow.;)
I don’t know how much RAM the free version consumes, but the paid one consumes an average of 5.5 MB. It's a lot? What can this program give? Yes, at least a normal firewall.
 
  • Like
Reactions: [correlate]

Zorro

Level 9
Verified
Well-known
Jun 11, 2019
407
You say a firewall with monitoring also outgoing?
SpyShelter Firewall provides incoming and outgoing network requests detection, allowing you control every inbound and outbound connection that is being established. This feature locks out hackers from connecting to your PC, and stops undesired applications from connecting to the internet.
 
  • Like
Reactions: [correlate]

Sampei Nihira

Level 6
Thread author
Verified
Well-known
Dec 26, 2019
287
The XP firewall is also OK for incoming connections.
What unwanted applications?
I don't have unwanted applications in my PC.................

P.S.

The only application that tries to connect to the internet is MBAE because it is looking for the most updated version.
But I blocked it with an ad hoc rule in the Host file.
 
Last edited:

ichito

Level 11
Verified
Top Poster
Content Creator
Well-known
Dec 12, 2013
541
The XP firewall is also OK for incoming connections.
What unwanted applications?
I don't have unwanted applications in my PC.................
I think he mean not a particular apps but its action and "willing" to call outside to some unwanted...uknown...serwes. Do you perhaps remember CCleaner/Avast affair or allother kinds of telemetry? Do you know thet some user...me also...apdate apps manualy not autmaticaly? Yes...I think this are the examples of matter of controlling both direction.
 

Sampei Nihira

Level 6
Thread author
Verified
Well-known
Dec 26, 2019
287
I think he mean not a particular apps but its action and "willing" to call outside to some unwanted...uknown...serwes. Do you perhaps remember CCleaner/Avast affair or allother kinds of telemetry? Do you know thet some user...me also...apdate apps manualy not autmaticaly? Yes...I think this are the examples of matter of controlling both direction.

Thanks for the explanation Ichito.;)
But I stay away from these applications.
And then I repeat there is always the HOST file.

For example, my MBAE rule not only prevents the application from calling home, but avoids an annoying pop-up of updating the app which then automatically updates automatically.

P.S.

Forget about the malware that calls home to progress in the infection.
If malware already has the ability to take this action, you must thoroughly review the "prevention zone" of your Security Configuration.
 
Last edited:

Outpost

Level 5
Verified
Well-known
Jan 11, 2020
220
Forget about the malware that calls home to progress in the infection.
If malware already has the ability to take this action, you must thoroughly review the "prevention zone" of your Security Configuration.

Indeed. When you're at that point it's already late.
It is a "theory" that I have supported for "centuries"!
Why can't you give "likes" as consecutive?

;)
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top