New Update Simple Windows Hardening

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,593
It seems that finally, the new digital certificate has gained a sufficient reputation in SmartScreen, so SimpleWindowsHardening is accepted when downloading it via Edge (SmartScreen + PUA enabled).:)
 

aldist

Level 2
Jul 22, 2020
59
Installed Hard_Configurator H_C. I decided to see what Simple Windows Hardening is, especially since it is portable. SWH at startup immediately sets the rules without asking the user, and broke the H_C rules. I think that SWH should still ask the user for consent to set the rules. Silence is not very good.
 

oldschool

Level 85
Verified
Top Poster
Well-known
Mar 29, 2018
7,700
Installed Hard_Configurator H_C. I decided to see what Simple Windows Hardening is, especially since it is portable. SWH at startup immediately sets the rules without asking the user, and broke the H_C rules. I think that SWH should still ask the user for consent to set the rules. Silence is not very good.
Running both at the same time was not a good idea either.
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,593
Installed Hard_Configurator H_C. I decided to see what Simple Windows Hardening is, especially since it is portable. SWH at startup immediately sets the rules without asking the user, and broke the H_C rules. I think that SWH should still ask the user for consent to set the rules. Silence is not very good.
The intention of SWH is to make some hardening without using the H_C. The hardening is simple because it is done without asking the user about things that should be done anyway.
Most users who wants to harden the system will prefer this way, as compared to seeing unnecessary alerts.

You probably think that SWH can be used by inexperienced users. This might support your wishes about some more alerts. But, in my opinion, any sensible hardening should be done by (semi)advanced users (like many MT members). It can be useful on the computers of inexperienced users, but the configuration and occasional maintenance should be done by (semi)advanced user.

SWH does not break the H_C rules, but simply applies the settings similar to H_C's Basic Recommended Settings - all whitelisted entries are not changed.
 
Last edited:

mazskolnieces

Level 3
Well-known
Jul 25, 2020
117
But, in my opinion, any sensible hardening should be done by (semi)advanced users (like many MT members). It can be useful on the computers of inexperienced users, but the configuration and occasional maintenance should be done by (semi)advanced user.

That is not a realistic scenario. Most people do not have some youngster or acquaintance that is acting as the family sysadmin with ongoing maintenance. Not only that, you are assuming that these "advanced" users will get things right, when more often than not they don't get it right.

"Advanced" users doing stuff for inexperienced users might be a phenomena amongst a very limited number of security forum members families and friends, but it is not a wider user-land trend. The impression I get from reading some of the posts here is 16 year olds doing stuff on mummy and daddy's systems or trying to do it for grandma only to have her so confused she cannot use the security or the system. Grandpa is pretty smart. He just stays away from all of it.

Ask @Evjl's Rain about his experience with all of this.
 

aldist

Level 2
Jul 22, 2020
59
Running both at the same time was not a good idea either.
In other words, just to see what the SWH menu looks like, should I deinstall H_C? And if I have NotePad ++ installed, then I shouldn't launch AkelPad Portable? :rolleyes:
The intention of SWH is to make some hardening without using the H_C.
Did I talk about their simultaneous use? I just want to see what the menu looks like.
The hardening is simple because it is done without asking the user about things that should be done anyway.
Most users who wants to harden the system will prefer this way, as compared to seeing unnecessary alerts.
Let me disagree with you. The vast majority of users will find it helpful to see a warning If you click Yes, the SRP hardening will be made immediately and without warning. Otherwise, click No to exit.
This will not affect simplicity in any way. It's not Windows 10, which decides for the user.
 

JasonUK

Level 5
Apr 14, 2020
241
The SWH manual does, to be fair, clearly state (Quick Configuration & Apply Basic Recommended Settings sections) that restrictions are automatically configured/applied when SWH is run. The opening post of this thread does too. Options can be toggled on/off or windows defaults reapplied easily enough. If someone wants to have a look at SWH there's plenty of screenshots available and it's easy enough to save H_C profile / reset H_C to Windows default if you wanted to try SWH out. Both programs change windows settings so you wouldn't layer them or other similar programs over each other unless you were prepared for potential conflicts/settings being overridden.

SWH is very straightforward to use IMHO. I found H_C was above my competence level :)
 
Last edited:

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,593
That is not a realistic scenario. Most people do not have some youngster or acquaintance that is acting as the family sysadmin with ongoing maintenance.
Most people do not harden Windows and should not do it. That is why I insist that basic hardening should be done by (semi)advanced users and serious hardening by advanced users. There are people who can do it and doing it via SWH is safer (also more convenient) than hardening by using reg tweaks. Many of such people can be family administrators (If they want).
"Advanced" users doing stuff for inexperienced users might be a phenomena amongst a very limited number of security forum members families and friends, but it is not a wider user-land trend.
That is right. Is not it obvious?:unsure:
The wider user-land trend is a standard AV on default settings.(y)
 
Last edited:

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,593
I just want to see what the menu looks like.
Please, look into the SWH manual.
Generally, I can advise you to read the application manual or available information about security-related stuff before running it. If the manual is too long or too complex, then do not use the application. In the case of SWH, nothing really happened, but you can be really surprised/disappointed when running other security stuff.

Let me disagree with you. The vast majority of users will find it helpful to see a warning If you click Yes, the SRP hardening will be made immediately and without warning. Otherwise, click No to exit.
This will not affect simplicity in any way. It's not Windows 10, which decides for the user.
I understand your point and I am sorry. I do not sell my applications, so they are made most convenient for people who want to use them, at the expense of people who only want to look at them. In my opinion, adding the alert you have proposed is unnecessary for the first group.
 
Last edited:

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,593
In other words, just to see what the SWH menu looks like, should I deinstall H_C?
...
You have the luck that SWH is based on H_C and I made them compatible. So, you do not need to uninstall the H_C. Please, look into the SWH manual about details and post here if you have some questions.:) (y)
You can simply save your H_C settings (<Save Profile>) and recover them easily (<Load Profile>). If you use the Recommended Settings then simply press <Recommended Settings>.
SWH does not change ConfigureDefender settings or FirewallHardening settings. Both SWH and H_C share the whitelisted entries in SRP.
 
Last edited:

oldschool

Level 85
Verified
Top Poster
Well-known
Mar 29, 2018
7,700
In other words, just to see what the SWH menu looks like,
In other words, this is what a curious user could do:
The SWH manual does, to be fair, clearly state (Quick Configuration & Apply Basic Recommended Settings sections) that restrictions are automatically configured/applied when SWH is run. The opening post of this thread does too. Options can be toggled on/off or windows defaults reapplied easily enough. If someone wants to have a look at SWH there's plenty of screenshots available and it's easy enough to save H_C profile / reset H_C to Windows default if you wanted to try SWH out. Both programs change windows settings so you wouldn't layer them or other similar programs over each other unless you were prepared for potential conflicts/settings being overridden.
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,593
Simple Windows Hardening is this not what it was announced as a Casual User Protection? Or hasn't there been an CUP release yet?
CUP has not been released yet. It will probably look like:

CUP5.png


CUP4.png


Similar to SWH but it will allow downloading predefined setting profiles:
SRP Level 0 - 3 (default allow, globally allowed EXE/MSI, EXE/MSI allowed in ProgramData and AppData, EXE/MSI blocked).
SWH restrictions are similar to CUP with SRP Level 1 and 0 Sponsors.
I will finish it this year.
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,593
I tried to use it, but got an error message:
View attachment 244996

Any suggestions?
It is a fresh virtual machine, running the latest Windows 10.

Best regards
Thanks for reporting. It looks like some kind of incompatibility with Autoit - probably related to the virtual machine.
Did anyone had this issue on the real system? I tried to reproduce this issue on my Windows Pro ver. 2004 compilation 19041.388, but SWH works without any issues.:unsure:
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,593
@Semlr,
Could you please test if this issue is also present for some other applications:
Thank you.

What version of a virtual machine do you use?
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top