Danger TairikuOkami's Crippled Windows

[TairikuOkami]

Zemana works (HMP still not), but I hate, that you have to manually remove a driver, after you uninstall Zemana. It might cause compatibility problems.

 

[Andytay70]

you're asking for trouble!
Whats the reason why no firewall?

 

[TairikuOkami]

Whats the reason why no firewall?

What is the point of the firewall? Without the firewall all ports are closed, that is better than stealthed, because you will not get repeated requests. There are very few apps, which keep ports open for incoming requests and if you run them you trust them and you would allow them in a firewall anyway. A router will stop unsolicited traffic and its SPI Firewall takes care of illegitimate requests without any CPU overhead, which might be caused by a software firewall. Blocking potential malware outbound requests means, you have already lost, because you are infected. Even MS knows that, thus it does not enable it by default.

 

[Handsome Recluse]

Even MS knows that, thus it does not enable it by default.

Might moreso be because it's too inconvenient and requires a high skill floor.

Did you disable firewall for public networks?

 

[Deleted member 178]

@TairikuOkami on your original post , you should explain with simple words what your various tweaks (Windows, Network, etc...) does (no need details just general big lines) , so basic users won't tell you are crazy

 

[TairikuOkami]

@TairikuOkami on your original post , you should explain with simple words what your various tweaks (Windows, Network, etc...) does (no need details just general big lines) , so basic users won't tell you are crazy

It is hard to sum it up, but I will give it a go and I will also try to address other settings, that I have omitted in the original post.

 

[Windows Defender Shill]

Do you not have other computers on your network, what if they get an adventurous worm like we saw Friday?

Also with your tweaks is your system still easily usable or a pain?

But I would say you're secure enough just based off your knowledge alone, but someone else using your computer could probably do some damage.

 

[TairikuOkami]

Do you not have other computers on your network, what if they get an adventurous worm like we saw Friday?

I use similar tweaks on other computers, just lighter version, still safe enough. That worm requires WSH and it looks like it creates a startup entry in "Command Processor" plus it alters some policies, I remove both, so I would not worry about it.

malwr.com/analysis/MjBlNjdjMWFmZGNkNDQzZDlkMmJhNjU2NmQ5YjgwZWU

Also with your tweaks is your system still easily usable or a pain?

I browse internet, listen to radio, play games on steam, nothing really bothersome.
I only have to restart network services with a bat to update Windows, about twice a month.

 

[Handsome Recluse]

Why do you disable easylist/english and its cosmetic filtering on Adguard? You can consolidate adblocker for youtube with something like adguard mobile/simplified domains filter to block youtube ads or something like blockzilla or Adblock YouTube Ads outside adguard filter lists depending on your philosophy or what you find annoying.

 

[JM Safe]

Firewall disabled, SmartScreen disabled. You don't have anything in real-time protection.

RISKY badge guaranteed.

I do not really like/need system imaging. I do clean install every time the new Windows Upgrade is released (twice a year).

A backup solution is fundamental also in case of an infection.

Malware can infect your PC even if you use your scripts, only an AV solution (like Windows Defender in case of Windows 10, really improved with the latest releases) or a Default-Deny application can protect better your OS.

I think your setup is too vulnerable.

You can add ZAM Free, enable Windows Defender and add MalwareBytes.

Also, as @Winter Soldier said, ZAM doesn't work without internet connection.

Thanks for sharing.

 

[TairikuOkami]

Why do you disable easylist/english and its cosmetic filtering on Adguard?

I do not block ADs, only on youtube, because it disrupts listening to playlists. Adguard does not offer any purely youtube filter.

 

[lab34]

I've had a look to the pastebin... hmmm... very interesting,
With that kind of tweaks, you are an windows expert. And you are mastering your system.

(I don't know if building the tweaks made you a expert or if you build the tweaks because you are an expert.)

 

[TairikuOkami]

EDIT: I have tested wannacry dropper and it did encrypt my files, but not on my backup partition, which is set to read only by users.

 

[_CyberGhosT_]

you are even worse than me

That's hard to believe, in all seriousness though,
He seems to have a very unorthodox approach to securing his system, very much like Umbra.
He also has a good grasp on Windows or he would not be doing what he is doing for very long
because reinstalling the OS would get old fast.
I say this to point out that it is not an approach that I would take, and yes it is "Risky" but
if you think about it, it is no more crazy than some of the crazy **** we have seen others here
do and promote, not mentioning any names on purpose.
Having said that, if this works for you @TairikuOkami then more power to ya, just don't encourage any novice users to adopt
your security habits
It seems a bit extreme to those of us who understand the scope of what you have done, but only because "we" would not do it,
you having done it and practiced it do not feel it is and I get that.
When all is said and done it is you that has to be happy not us members and not the staff, and if you are
then that is all that matters, no matter the labels applied, or feedback given.
Welcome and Thank You for sharing this very Unique setup

 

[_CyberGhosT_]

Also let me state that your not the only one that does this to this level, I have a couple gaming friends that started tweaking the Reg for gaming performance on slower machines, they started back in the Battlefield days and never stopped.
Today they do it for security and to pump every bit of processing power from modern systems and some in the gaming community
give them feedback like I see you getting here. It is refreshing to see one aspect of this, and that is that your not afraid to think outside of the box like my 2 gamer buddies, and that is commendable

 

[Deleted member 178]

The setup of @TairikuOkami is very very tailored and can only be understood by other tweakers, he is indirectly secure because he reduces the attack vectors to the bare minimum.
"how can you break-in my house if there is no visible door or windows?"
I had a setup like that in the past for WinXP/7 but since i need some fancy Windows 10 feature (cortana, metro apps, etc...) , doing the same would limit my Windows experience, maybe one day, if seriously bored, i could go back to those cleaned setup.

In his case he is "risky" not just because of the lack of security features/softs , but also because any beginners copying him would need to reformat his OS after 10mn
But at least he knows and understand that.

 

[Deleted member 178]

(I don't know if building the tweaks made you a expert or if you build the tweaks because you are an expert.)

Basically he started like every tweakers, found some on forums, experimenting some of his own, then adapted all of them to fit his system and needs , then with time learned what they exactly does on his system.

 

[TairikuOkami]

EDIT (12-Nov-17): Removed: Firewall App Blocker to easily create Windows Firewall rules. I am a big boy now, I can do it myself.

EDIT (17-Dec-17): Re-added: Avast Free. I have disabled GUI (self-protection). Some higher CPU/Disk usage, when app is launched, otherwise it is around 0% CPU & 32 B/s.

EDIT (18-Dec-17): Removed Avast, again. It locked my mouse, I could not use right click properly and games felt sluggish.

EDIT (18-Dec-17): Added: Netcraft extension, it blocks 99% of phishing (www.phishtank.com).

takeown /f "%ProgramFiles%\AVAST Software\Avast\wsc_proxy.exe" /a
icacls "%ProgramFiles%\AVAST Software\Avast\wsc_proxy.exe" /inheritance:r /remove "Administrators" "Authenticated Users" "Users" "System"

netsh advfirewall firewall add rule name="Avast instup DNS" dir=out action=allow protocol=UDP remoteip=84.200.70.40,84.200.69.80 remoteport=53 program="%ProgramFiles%\AVAST Software\Avast\setup\instup.exe"
netsh advfirewall firewall add rule name="Avast instup TCP" dir=out action=allow protocol=TCP remoteip=2.16.0.0-2.23.255.255 remoteport=80,443 program="%ProgramFiles%\AVAST Software\Avast\setup\instup.exe"
netsh advfirewall firewall add rule name="Avast Svc DNS" dir=out action=allow protocol=UDP remoteip=84.200.70.40,84.200.69.80 remoteport=53 program="%ProgramFiles%\AVAST Software\Avast\AvastSvc.exe"
netsh advfirewall firewall add rule name="Avast Svc TCP" dir=out action=allow protocol=TCP remoteip=5.45.58.0-5.45.58.255,77.234.41.0-77.234.41.255 remoteport=80,443 program="%ProgramFiles%\AVAST Software\Avast\AvastSvc.exe"
netsh advfirewall firewall add rule name="Avast UI DNS" dir=out action=allow protocol=UDP remoteip=84.200.70.40,84.200.69.80 remoteport=53 program="%ProgramFiles%\AVAST Software\Avast\AvastUI.exe"
netsh advfirewall firewall add rule name="Avast UI TCP" dir=out action=allow protocol=TCP remoteip=5.45.58.0-5.45.58.255,77.234.41.0-77.234.41.255 remoteport=80,443 program="%ProgramFiles%\AVAST Software\Avast\AvastUI.exe"

I wanted to use SmartScreen, but it is too dependent on Windows Defender, which I have fully disabled. No idea, how to get it working, even if I wanted to.

Note: This is just temporary, I will reconsider it, once Fall Update RTM is released. The only hiccup was Avast blocking Process Hacker, but I have dealt with that.

RISKY badge guaranteed.
A backup solution is fundamental also in case of an infection.

System Restore is known to have restored a lot of malware, just like any other system imagining, it backups everything, good and bad. Some threats can not be detected by AV/cloud. They can be dormant for months, even years, so it would be hard to tell, if the image is really clean. I would never use it, but it is fine for system repairs.

 

[JHomes]

For Backup solutions, try Rollback Rx, which at time of this posting there's a giveaway for: MalwareTips Giveaway - RollBack Rx Professional Giveaway

System Restore is known to have restored a lot of malware, just like any other system imagining, it backups everything, good and bad. Some threats can not be detected by AV/cloud. They can be dormant for months, even years, so it would be hard to tell, if the image is really clean. I would never use it, but it is fine for system repairs.

Most backup solutions will actually verify the state of the image or snapshot. If you rely on Sys Restore, that will be completely obliterated at the first sign of infection. It's a Windows service, viruses infect Windows and their services almost right away.

 

[TairikuOkami]

OK, I have just had to post it, because I can not believe it myself. I decided to try out FortiClient and it is indeed light, but that is not, what has surprised me. The most shocking part is, that it feels, like it actually speeds up my computer. Browsing seems noticeably faster and lagging in games is gone. Maybe because I had no realtime AV before and WD was disabled, Windows might have been trying to scan files or something, but it failed, so it caused a slowdown. Either way, this one is a keeper.