Danger Sampei Nihira Security Config WinXP (POS Ready2009) 2020

Status
Not open for further replies.
Last updated
Dec 26, 2019
Windows Edition
Home
Operating system
Other
Log-in security
Security updates
Block all updates
User Access Control
Notify me only when programs try to make changes to my computer
Real-time security
  • Windows Firewall
  • Firewall Hardware on router
  • 1° AdGuard DNS / 2° CloudFlare DNS
  • MBAE Premium - Custom Setting
  • OSA - Custom Setting
  • Black Viper's List - Some services Disabled/Manual
Firewall security
Microsoft Defender Firewall
About custom security
  • Trick POS Ready 2009 + KB4500331.
  • PsExec - Run browsers + email client with limited rights - Exceptions (OSA) for Interlink Mail News and New Moon.
  • DEP Always ON
  • SMB Protocol Disabled
  • No NET Framework Installed
  • I.E.8 No Flash + Trick 1803 (Block the downloadable executable files) + Disable script (F12 - on/off) + block execution I.E.8.
Periodic malware scanners
Hitman Pro,McAfee Stinger,HijackThis Portable,Adwcleaner v.6.0.4.7
Malware sample testing
I do not participate in malware testing
Browser(s) and extensions
New Moon 28 - (Pale Moon fork for Windows XP) Custom Setting about:config

  • Noscript
  • U.B.O.Legacy
  • Decentraleyes
  • No Resource URI Leak
  • Canvas Blocker Legacy 0.2 - Only to pass the ClientRects Fingerprint test
Maintenance tools
  • CCleaner - Many custom rules created by me
  • RegSekeer
  • Process Explorer
  • SigcheckGUI
  • Dependency Walker
  • CFF Explorer
  • Currports
  • WWDC
  • IobitUnistaller Portable
  • Speedyfox -Custom Rule for Interlink Mail News
  • SUMo Portable
  • JKDefragGUI
File and Photo backup
Pen Drive
System recovery
Acer System Backup
Risk factors
    • Logging into my bank account
    • Browsing to popular websites
    • Working from home
Computer specs
Acer Intel Celeron M380 1.60 GHz 1GB RAM
Notable changes
  1. Added some custom rules in OSA for Mimikatz Dump Lsass.exe mitigation.
  2. Added "sc" command rule block in OSA.
  3. Added rule to block execution of I.E.8 in OSA.
  4. Added rule to block msbuild.exe in OSA and the same rule on the Registry Key.
  5. Blocking rule in host file for CCleaner.
Notes by Staff Team
  1. This setup configuration may put you and your device at risk!
    We do not recommend that other members use this setup. We cannot be held responsible for problems that may occur to your device by using this security setup.

  2. This computer configuration is using an unsupported operating system. If possible, we recommend to upgrade to an operating system that is supported by its developers to remain protected from the latest threats.

bribon77

Level 35
Verified
Top Poster
Well-known
Jul 6, 2017
2,392
Thank you for registering, I have read you in the other forum.
Well, regarding XP, we all know that there are no updates and therefore it is vulnerable, but a person with your experience, I think so, in addition Vladimir putin uses XP.
Thanks for sharing.(y)
 

harlan4096

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,635
This system is in danger by definition (Windows XP), apart from the all the extra layers of protection added... and using it for banking? :eek: :sick: and only 1 GB of RAM? this is insane :)
 

Sampei Nihira

Level 6
Thread author
Verified
Well-known
Dec 26, 2019
287
This system is in danger by definition (Windows XP), apart from the all the extra layers of protection added... and using it for banking? :eek: :sick: and only 1 GB of RAM? this is insane :)

Please list the configuration security flaws.
TH.

So how malware can infect my PC remotely.
Keep in mind that part of the malware circulating today is calibrated to act on 64bit PC.
 

harlan4096

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,635
Also, probably there is a good amount of malware out there still running fine in XP and in general in x86 systems... apart from that, your config is very complete... but it's an unsupported system any more and We must tag is as danger and not recommend config, even with the mitigations You applied...
 
Last edited:

Sampei Nihira

Level 6
Thread author
Verified
Well-known
Dec 26, 2019
287
Also, probably there is a good amount of malware out there still running fine in XP and in general in x86 systems... apart from that, your config is very complete... but it's an unsupported system any more and We must tag is as danger and not recommend config, even with the mitigations You applied...

Can you explain to me why the configuration of Ichito with an OS Vista received a "Secure: Complete" rating?
Vista is also an OS no longer supported.
 

Lenny_Fox

Level 22
Verified
Top Poster
Well-known
Oct 1, 2019
1,120
Why not buy a cheap digital Windows 10 license or switch to Manjaro linux? Manjaro runs great on my 10 year old laptop and you get rolling updates (even smoother than Windows 10 updates).

With an Android emulator on Manjaro, you get access to all Apps you like (e.g Outlook and Netflix).
 
Last edited:

Sampei Nihira

Level 6
Thread author
Verified
Well-known
Dec 26, 2019
287
Why not buy a cheap digital Windows 10 license or switch to Manjaro linux? Manjaro runs great on my 10 year old laptop and you get rolling updates (even smoother than Windows 10 updates).

With an Android emulator on Manjaro, you get access to all Apps you like (e.g Outlook and Netflix).

I already have a Windows 10 PC:


and unfortunately linux bores me.
My daughter was the first child in my city to use a linux distro from middle school to high school.

But there is no such need, my PC with Windows XP is perfectly safe.
And surpass Windows 10 in privacy.

So as long as it is "alive" I will continue to use it with satisfaction.
 

Sampei Nihira

Level 6
Thread author
Verified
Well-known
Dec 26, 2019
287
Can you explain to me why the configuration of Ichito with an OS Vista received a "Secure: Complete" rating?
Vista is also an OS no longer supported.

@ to all Security Staff

There is someone from the staff who can explain to me this disparity of judgment regarding the security configuration that I mentioned in the example?
TH.

@ to all Security Staff

Well you have changed the rating of the security configuration of Ichito.
I sincerely hope that you have done this NOT to avoid an obvious disparity, and above all NOT because the PC with Windows Vista of Ichito is "dead".
 

Jack

Administrator
Verified
Staff Member
Well-known
Jan 24, 2011
9,377
@ to all Security Staff

There is someone from the staff who can explain to me this disparity of judgment regarding the security configuration that I mentioned in the example?
TH.

Hello @Sampei Nihira,
We've decided a while ago that if a user is running an operating system that doesn't receive security updates, it will be marked as a dangerous security configuration. If new configs are created with an operating system that isn't supported, it will receive the red "Danger" tag.

We do understand that you've taken all the steps to secure your operating system, and most likely you're 100% safe, however, this is basically not related to the config itself but to the operating system.
You clearly know what you are doing and how to stay safe, and your system specs won't allow you to install Windows 10, so you can ignore that red tag.
 

Sampei Nihira

Level 6
Thread author
Verified
Well-known
Dec 26, 2019
287
Hello @Sampei Nihira,
We've decided a while ago that if a user is running an operating system that doesn't receive security updates, it will be marked as a dangerous security configuration. If new configs are created with an operating system that isn't supported, it will receive the red "Danger" tag.

We do understand that you've taken all the steps to secure your operating system, and most likely you're 100% safe, however, this is basically not related to the config itself but to the operating system.
You clearly know what you are doing and how to stay safe, and your system specs won't allow you to install Windows 10, so you can ignore that red tag.

Hi Jack, so you're telling me that if I published this security configuration in March 2019 I would have obtained the "Secure:complete" rating "? :unsure:
Let me doubt .....
OS Windows Vista can receive monthly KB of Windows Server 2008 and have an OS updated to the present.
 
Last edited:

Sampei Nihira

Level 6
Thread author
Verified
Well-known
Dec 26, 2019
287
  • Like
Reactions: AtlBo

Sampei Nihira

Level 6
Thread author
Verified
Well-known
Dec 26, 2019
287
(y):)

I understand your thinking.
The subforum has as its title:

"Computer Security Configuration"

therefore it is obvious that a judgment on the security configuration of the pc is expected.
When the security configuration is OK ......
 

valvaris

Level 6
Verified
Well-known
Jul 26, 2015
263
Hello @Sampei Nihira

thank you for sharing your topic / config. found some interesting programs and extensions you use. ;)

In terms of Network security I would go a step farther and try to segment the network (Example):

Old Windows 192.168.0.1 /30 if there is only one PC that subnet allows a range of two IPs (PC NIC and Router Interface)
New Windows/Linux 192.168.1.1 /30 and up if you have more then one device try to keep the subnet as small as possible
IoT/WiFi Devices 192.168.2.1 /30 and up

That is basic subnet segmentation and adds a good amount of protection on the network side. Of course you can add another layer on top VLAN IDs. Easiest way is port based VLAN Example:

VLAN: 100 Old Windows 192.168.0.2 /30 for Router Interface LAN 1
VLAN: 200 New Windows 192.168.1.2 /30 for Router Interface LAN 2
VLAN 300 IoT / WiFi Devices 192.168.2.2 /30 for Router Interface LAN3 / WiFi

What segmentation does in that way is that you can setup a Rule-Set on the Router Firewall for each individual segment and makes maintaining it easier. The other part is that you can Route Traffic to specific Hosts in your network -Example: PC1 to PC2 and not PC3

Another side effect is performance - Since you have segments of enclosed networks the broadcast overhead is smaller and gains more responsiveness. The other part is if one is infected it can not reach the others that easily!

If you need more assistance in networking ill be glad to help you out and develop a schismatic for your needs.

Another part is a Firewall appliance on that part ill recommend Sophos XG Home (easy to setup and very powerfull) -> Free Firewall - Home Edition | Sophos Firewall for Home

Best regards
Val.
 

Sampei Nihira

Level 6
Thread author
Verified
Well-known
Dec 26, 2019
287
Hello @Sampei Nihira

thank you for sharing your topic / config. found some interesting programs and extensions you use. ;)

In terms of Network security I would go a step farther and try to segment the network (Example):

Old Windows 192.168.0.1 /30 if there is only one PC that subnet allows a range of two IPs (PC NIC and Router Interface)
New Windows/Linux 192.168.1.1 /30 and up if you have more then one device try to keep the subnet as small as possible
IoT/WiFi Devices 192.168.2.1 /30 and up

That is basic subnet segmentation and adds a good amount of protection on the network side. Of course you can add another layer on top VLAN IDs. Easiest way is port based VLAN Example:

VLAN: 100 Old Windows 192.168.0.2 /30 for Router Interface LAN 1
VLAN: 200 New Windows 192.168.1.2 /30 for Router Interface LAN 2
VLAN 300 IoT / WiFi Devices 192.168.2.2 /30 for Router Interface LAN3 / WiFi

What segmentation does in that way is that you can setup a Rule-Set on the Router Firewall for each individual segment and makes maintaining it easier. The other part is that you can Route Traffic to specific Hosts in your network -Example: PC1 to PC2 and not PC3

Another side effect is performance - Since you have segments of enclosed networks the broadcast overhead is smaller and gains more responsiveness. The other part is if one is infected it can not reach the others that easily!

If you need more assistance in networking ill be glad to help you out and develop a schismatic for your needs.

Another part is a Firewall appliance on that part ill recommend Sophos XG Home (easy to setup and very powerfull) -> Free Firewall - Home Edition | Sophos Firewall for Home

Best regards
Val.

Thank you very much for your considerations.
It will probably amaze you but I would be very interested in a better explanation of:

....Another side effect is performance - Since you have segments of enclosed networks the broadcast overhead is smaller and gains more responsiveness.....

You can write comfortably, after this post unfortunately I have to unplug until almost certainly Sunday afternoon.
The usual commitments, the family, wife .....:cautious::)

Thanks a lot again.
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top