aldist

Level 1
Installed Hard_Configurator H_C. I decided to see what Simple Windows Hardening is, especially since it is portable. SWH at startup immediately sets the rules without asking the user, and broke the H_C rules. I think that SWH should still ask the user for consent to set the rules. Silence is not very good.
 

oldschool

Level 53
Verified
Installed Hard_Configurator H_C. I decided to see what Simple Windows Hardening is, especially since it is portable. SWH at startup immediately sets the rules without asking the user, and broke the H_C rules. I think that SWH should still ask the user for consent to set the rules. Silence is not very good.
Running both at the same time was not a good idea either.
 

Andy Ful

Level 60
Verified
Trusted
Content Creator
Installed Hard_Configurator H_C. I decided to see what Simple Windows Hardening is, especially since it is portable. SWH at startup immediately sets the rules without asking the user, and broke the H_C rules. I think that SWH should still ask the user for consent to set the rules. Silence is not very good.
The intention of SWH is to make some hardening without using the H_C. The hardening is simple because it is done without asking the user about things that should be done anyway.
Most users who wants to harden the system will prefer this way, as compared to seeing unnecessary alerts.

You probably think that SWH can be used by inexperienced users. This might support your wishes about some more alerts. But, in my opinion, any sensible hardening should be done by (semi)advanced users (like many MT members). It can be useful on the computers of inexperienced users, but the configuration and occasional maintenance should be done by (semi)advanced user.

SWH does not break the H_C rules, but simply applies the settings similar to H_C's Basic Recommended Settings - all whitelisted entries are not changed.
 
Last edited:

mazskolnieces

New Member
But, in my opinion, any sensible hardening should be done by (semi)advanced users (like many MT members). It can be useful on the computers of inexperienced users, but the configuration and occasional maintenance should be done by (semi)advanced user.
That is not a realistic scenario. Most people do not have some youngster or acquaintance that is acting as the family sysadmin with ongoing maintenance. Not only that, you are assuming that these "advanced" users will get things right, when more often than not they don't get it right.

"Advanced" users doing stuff for inexperienced users might be a phenomena amongst a very limited number of security forum members families and friends, but it is not a wider user-land trend. The impression I get from reading some of the posts here is 16 year olds doing stuff on mummy and daddy's systems or trying to do it for grandma only to have her so confused she cannot use the security or the system. Grandpa is pretty smart. He just stays away from all of it.

Ask @Evjl's Rain about his experience with all of this.
 

aldist

Level 1
Running both at the same time was not a good idea either.
In other words, just to see what the SWH menu looks like, should I deinstall H_C? And if I have NotePad ++ installed, then I shouldn't launch AkelPad Portable? :rolleyes:
The intention of SWH is to make some hardening without using the H_C.
Did I talk about their simultaneous use? I just want to see what the menu looks like.
The hardening is simple because it is done without asking the user about things that should be done anyway.
Most users who wants to harden the system will prefer this way, as compared to seeing unnecessary alerts.
Let me disagree with you. The vast majority of users will find it helpful to see a warning If you click Yes, the SRP hardening will be made immediately and without warning. Otherwise, click No to exit.
This will not affect simplicity in any way. It's not Windows 10, which decides for the user.
 

JasonUK

New Member
The SWH manual does, to be fair, clearly state (Quick Configuration & Apply Basic Recommended Settings sections) that restrictions are automatically configured/applied when SWH is run. The opening post of this thread does too. Options can be toggled on/off or windows defaults reapplied easily enough. If someone wants to have a look at SWH there's plenty of screenshots available and it's easy enough to save H_C profile / reset H_C to Windows default if you wanted to try SWH out. Both programs change windows settings so you wouldn't layer them or other similar programs over each other unless you were prepared for potential conflicts/settings being overridden.

SWH is very straightforward to use IMHO. I found H_C was above my competence level :)
 
Last edited:

Andy Ful

Level 60
Verified
Trusted
Content Creator
That is not a realistic scenario. Most people do not have some youngster or acquaintance that is acting as the family sysadmin with ongoing maintenance.
Most people do not harden Windows and should not do it. That is why I insist that basic hardening should be done by (semi)advanced users and serious hardening by advanced users. There are people who can do it and doing it via SWH is safer (also more convenient) than hardening by using reg tweaks. Many of such people can be family administrators (If they want).
"Advanced" users doing stuff for inexperienced users might be a phenomena amongst a very limited number of security forum members families and friends, but it is not a wider user-land trend.
That is right. Is not it obvious?:unsure:
The wider user-land trend is a standard AV on default settings.(y)
 
Last edited:

Andy Ful

Level 60
Verified
Trusted
Content Creator
I just want to see what the menu looks like.
Please, look into the SWH manual.
Generally, I can advise you to read the application manual or available information about security-related stuff before running it. If the manual is too long or too complex, then do not use the application. In the case of SWH, nothing really happened, but you can be really surprised/disappointed when running other security stuff.

Let me disagree with you. The vast majority of users will find it helpful to see a warning If you click Yes, the SRP hardening will be made immediately and without warning. Otherwise, click No to exit.
This will not affect simplicity in any way. It's not Windows 10, which decides for the user.
I understand your point and I am sorry. I do not sell my applications, so they are made most convenient for people who want to use them, at the expense of people who only want to look at them. In my opinion, adding the alert you have proposed is unnecessary for the first group.
 
Last edited:

Andy Ful

Level 60
Verified
Trusted
Content Creator
In other words, just to see what the SWH menu looks like, should I deinstall H_C?
...
You have the luck that SWH is based on H_C and I made them compatible. So, you do not need to uninstall the H_C. Please, look into the SWH manual about details and post here if you have some questions.:) (y)
You can simply save your H_C settings (<Save Profile>) and recover them easily (<Load Profile>). If you use the Recommended Settings then simply press <Recommended Settings>.
SWH does not change ConfigureDefender settings or FirewallHardening settings. Both SWH and H_C share the whitelisted entries in SRP.
 
Last edited:

oldschool

Level 53
Verified
In other words, just to see what the SWH menu looks like,
In other words, this is what a curious user could do:
The SWH manual does, to be fair, clearly state (Quick Configuration & Apply Basic Recommended Settings sections) that restrictions are automatically configured/applied when SWH is run. The opening post of this thread does too. Options can be toggled on/off or windows defaults reapplied easily enough. If someone wants to have a look at SWH there's plenty of screenshots available and it's easy enough to save H_C profile / reset H_C to Windows default if you wanted to try SWH out. Both programs change windows settings so you wouldn't layer them or other similar programs over each other unless you were prepared for potential conflicts/settings being overridden.
 

Andy Ful

Level 60
Verified
Trusted
Content Creator
Simple Windows Hardening is this not what it was announced as a Casual User Protection? Or hasn't there been an CUP release yet?
CUP has not been released yet. It will probably look like:

CUP5.png


CUP4.png


Similar to SWH but it will allow downloading predefined setting profiles:
SRP Level 0 - 3 (default allow, globally allowed EXE/MSI, EXE/MSI allowed in ProgramData and AppData, EXE/MSI blocked).
SWH restrictions are similar to CUP with SRP Level 1 and 0 Sponsors.
I will finish it this year.
 

Andy Ful

Level 60
Verified
Trusted
Content Creator
I tried to use it, but got an error message:
View attachment 244996

Any suggestions?
It is a fresh virtual machine, running the latest Windows 10.

Best regards
Thanks for reporting. It looks like some kind of incompatibility with Autoit - probably related to the virtual machine.
Did anyone had this issue on the real system? I tried to reproduce this issue on my Windows Pro ver. 2004 compilation 19041.388, but SWH works without any issues.:unsure:
 

Andy Ful

Level 60
Verified
Trusted
Content Creator
@Semlr,
Could you please test if this issue is also present for some other applications:
Thank you.

What version of a virtual machine do you use?
 
Top