Danger TairikuOkami's Crippled Windows

Last updated
Dec 22, 2018
Windows Edition
Home
Security updates
Check for updates and Notify
User Access Control
Always notify
Real-time security
UltraDNS Threat Protection
Windows Defender Firewall
Firewall security
Microsoft Defender Firewall
Periodic malware scanners
Random (CureIt/FRST/KVRT/NPE)
Malware sample testing
I do not participate in malware testing
Browser(s) and extensions
Yandex Browser - https://yandex.com/support/browser/security

AdBlocker for Youtube (effectively removes annoying contents, ads, and banners from YouTube)
Cache Killer (clears the browser cache automatically on opening a new tab or refreshing a tab)
Cookie AutoDelete (auto-delete unused cookies from closed tabs while keeping the ones you want)
Context Menu Search (use the right-click menu to search for selected text in any search engines)
Decentraleyes (protects against tracking through "free", centralized, content delivery)
Dictionary Lookup (look up any word in an inline frame with a simple click)
h264ify (makes YouTube stream H.264 videos instead of VP8/VP9 videos)
I don't care about cookies (get rid of annoying cookie warnings from almost all websites)
IDN Safe (blocks internationalized domain names to prevent visiting probable fake sites)
Netcraft (blocks XSS attacks, phishing and suspicious sites)
Poper Blocker (blocks annoying popups and some cryptomining)
Privacy Badger (blocks trackers and WebRTC, not ADs generally)
Youtube Auto HD + FPS (Automatically set the videos' quality on YouTube)
Maintenance tools
Autoruns
Disc Cleanup
Driver Easy
Driver Store Explorer
Geek Uninstaller
Process Hacker Nightly
Windows Repair Toolbox
Wise Disk Cleaner
Wise Registry Cleaner
File and Photo backup
Copy/Paste - automatic backups deleted my files, twice, I will not fall for that again
System recovery
None - System Backup trashed my system, besides, I can reinstall everything within an hour anyway
Computer specs
http://steamcommunity.com/id/tairikuokami

TairikuOkami

Level 37
Thread author
Verified
Top Poster
Content Creator
Well-known
May 13, 2017
2,692
Zemana works (HMP still not), but I hate, that you have to manually remove a driver, after you uninstall Zemana. It might cause compatibility problems.
 

Attachments

  • capture_05142017_113859.jpg
    capture_05142017_113859.jpg
    25.7 KB · Views: 526
  • capture_05142017_113755.jpg
    capture_05142017_113755.jpg
    43.6 KB · Views: 546
  • capture_05142017_114601.jpg
    capture_05142017_114601.jpg
    37.5 KB · Views: 570

TairikuOkami

Level 37
Thread author
Verified
Top Poster
Content Creator
Well-known
May 13, 2017
2,692
Whats the reason why no firewall?
What is the point of the firewall? Without the firewall all ports are closed, that is better than stealthed, because you will not get repeated requests. There are very few apps, which keep ports open for incoming requests and if you run them you trust them and you would allow them in a firewall anyway. A router will stop unsolicited traffic and its SPI Firewall takes care of illegitimate requests without any CPU overhead, which might be caused by a software firewall. Blocking potential malware outbound requests means, you have already lost, because you are infected. Even MS knows that, thus it does not enable it by default.
 

TairikuOkami

Level 37
Thread author
Verified
Top Poster
Content Creator
Well-known
May 13, 2017
2,692
@TairikuOkami on your original post , you should explain with simple words what your various tweaks (Windows, Network, etc...) does (no need details just general big lines) , so basic users won't tell you are crazy :D
It is hard to sum it up, but I will give it a go and I will also try to address other settings, that I have omitted in the original post. ;)
 

Windows Defender Shill

Level 7
Verified
Well-known
Apr 28, 2017
326
Do you not have other computers on your network, what if they get an adventurous worm like we saw Friday?

Also with your tweaks is your system still easily usable or a pain?

But I would say you're secure enough just based off your knowledge alone, but someone else using your computer could probably do some damage.
 

TairikuOkami

Level 37
Thread author
Verified
Top Poster
Content Creator
Well-known
May 13, 2017
2,692
Do you not have other computers on your network, what if they get an adventurous worm like we saw Friday?
I use similar tweaks on other computers, just lighter version, still safe enough. That worm requires WSH and it looks like it creates a startup entry in "Command Processor" plus it alters some policies, I remove both, so I would not worry about it.
Code:
malwr.com/analysis/MjBlNjdjMWFmZGNkNDQzZDlkMmJhNjU2NmQ5YjgwZWU


Also with your tweaks is your system still easily usable or a pain?
I browse internet, listen to radio, play games on steam, nothing really bothersome. :)
I only have to restart network services with a bat to update Windows, about twice a month.
 

Handsome Recluse

Level 23
Verified
Top Poster
Well-known
Nov 17, 2016
1,242
Why do you disable easylist/english and its cosmetic filtering on Adguard? You can consolidate adblocker for youtube with something like adguard mobile/simplified domains filter to block youtube ads or something like blockzilla or Adblock YouTube Ads outside adguard filter lists depending on your philosophy or what you find annoying.
 

JM Safe

Level 39
Verified
Top Poster
Apr 12, 2015
2,882
Firewall disabled, SmartScreen disabled. You don't have anything in real-time protection.

RISKY badge guaranteed.
I do not really like/need system imaging. I do clean install every time the new Windows Upgrade is released (twice a year).
A backup solution is fundamental also in case of an infection.

Malware can infect your PC even if you use your scripts, only an AV solution (like Windows Defender in case of Windows 10, really improved with the latest releases) or a Default-Deny application can protect better your OS.

I think your setup is too vulnerable.

You can add ZAM Free, enable Windows Defender and add MalwareBytes.

Also, as @Winter Soldier said, ZAM doesn't work without internet connection.

Thanks for sharing.
 
Last edited:

lab34

Level 6
Verified
Well-known
Mar 28, 2017
263
I've had a look to the pastebin... hmmm... very interesting,
With that kind of tweaks, you are an windows expert. And you are mastering your system.

(I don't know if building the tweaks made you a expert or if you build the tweaks because you are an expert.)
 

_CyberGhosT_

Level 53
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Aug 2, 2015
4,286
you are even worse than me :p
That's hard to believe, in all seriousness though,
He seems to have a very unorthodox approach to securing his system, very much like Umbra.
He also has a good grasp on Windows or he would not be doing what he is doing for very long
because reinstalling the OS would get old fast.
I say this to point out that it is not an approach that I would take, and yes it is "Risky" but
if you think about it, it is no more crazy than some of the crazy **** we have seen others here
do and promote, not mentioning any names on purpose.
Having said that, if this works for you @TairikuOkami then more power to ya, just don't encourage any novice users to adopt
your security habits ;)
It seems a bit extreme to those of us who understand the scope of what you have done, but only because "we" would not do it,
you having done it and practiced it do not feel it is and I get that.
When all is said and done it is you that has to be happy not us members and not the staff, and if you are
then that is all that matters, no matter the labels applied, or feedback given.
Welcome and Thank You for sharing this very Unique setup ;)
 

_CyberGhosT_

Level 53
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Aug 2, 2015
4,286
Also let me state that your not the only one that does this to this level, I have a couple gaming friends that started tweaking the Reg for gaming performance on slower machines, they started back in the Battlefield days and never stopped.
Today they do it for security and to pump every bit of processing power from modern systems and some in the gaming community
give them feedback like I see you getting here. It is refreshing to see one aspect of this, and that is that your not afraid to think outside of the box like my 2 gamer buddies, and that is commendable ;)
 
D

Deleted member 178

The setup of @TairikuOkami is very very tailored and can only be understood by other tweakers, he is indirectly secure because he reduces the attack vectors to the bare minimum.
"how can you break-in my house if there is no visible door or windows?"
I had a setup like that in the past for WinXP/7 but since i need some fancy Windows 10 feature (cortana, metro apps, etc...) , doing the same would limit my Windows experience, maybe one day, if seriously bored, i could go back to those cleaned setup.

In his case he is "risky" not just because of the lack of security features/softs , but also because any beginners copying him would need to reformat his OS after 10mn :D
But at least he knows and understand that.
 

TairikuOkami

Level 37
Thread author
Verified
Top Poster
Content Creator
Well-known
May 13, 2017
2,692
EDIT (12-Nov-17): Removed: Firewall App Blocker to easily create Windows Firewall rules. I am a big boy now, I can do it myself. :D

EDIT (17-Dec-17): Re-added: Avast Free. I have disabled GUI (self-protection). Some higher CPU/Disk usage, when app is launched, otherwise it is around 0% CPU & 32 B/s.

EDIT (18-Dec-17): Removed Avast, again. It locked my mouse, I could not use right click properly and games felt sluggish.

EDIT (18-Dec-17): Added: Netcraft extension, it blocks 99% of phishing (www.phishtank.com).
Code:
takeown /f "%ProgramFiles%\AVAST Software\Avast\wsc_proxy.exe" /a
icacls "%ProgramFiles%\AVAST Software\Avast\wsc_proxy.exe" /inheritance:r /remove "Administrators" "Authenticated Users" "Users" "System"
Code:
netsh advfirewall firewall add rule name="Avast instup DNS" dir=out action=allow protocol=UDP remoteip=84.200.70.40,84.200.69.80 remoteport=53 program="%ProgramFiles%\AVAST Software\Avast\setup\instup.exe"
netsh advfirewall firewall add rule name="Avast instup TCP" dir=out action=allow protocol=TCP remoteip=2.16.0.0-2.23.255.255 remoteport=80,443 program="%ProgramFiles%\AVAST Software\Avast\setup\instup.exe"
netsh advfirewall firewall add rule name="Avast Svc DNS" dir=out action=allow protocol=UDP remoteip=84.200.70.40,84.200.69.80 remoteport=53 program="%ProgramFiles%\AVAST Software\Avast\AvastSvc.exe"
netsh advfirewall firewall add rule name="Avast Svc TCP" dir=out action=allow protocol=TCP remoteip=5.45.58.0-5.45.58.255,77.234.41.0-77.234.41.255 remoteport=80,443 program="%ProgramFiles%\AVAST Software\Avast\AvastSvc.exe"
netsh advfirewall firewall add rule name="Avast UI DNS" dir=out action=allow protocol=UDP remoteip=84.200.70.40,84.200.69.80 remoteport=53 program="%ProgramFiles%\AVAST Software\Avast\AvastUI.exe"
netsh advfirewall firewall add rule name="Avast UI TCP" dir=out action=allow protocol=TCP remoteip=5.45.58.0-5.45.58.255,77.234.41.0-77.234.41.255 remoteport=80,443 program="%ProgramFiles%\AVAST Software\Avast\AvastUI.exe"


I wanted to use SmartScreen, but it is too dependent on Windows Defender, which I have fully disabled. No idea, how to get it working, even if I wanted to.

Note: This is just temporary, I will reconsider it, once Fall Update RTM is released. The only hiccup was Avast blocking Process Hacker, but I have dealt with that.

RISKY badge guaranteed.
A backup solution is fundamental also in case of an infection.
System Restore is known to have restored a lot of malware, just like any other system imagining, it backups everything, good and bad. Some threats can not be detected by AV/cloud. They can be dormant for months, even years, so it would be hard to tell, if the image is really clean. I would never use it, but it is fine for system repairs.
 

Attachments

  • capture_12172017_123825.jpg
    capture_12172017_123825.jpg
    139.5 KB · Views: 451
Last edited:

JHomes

Level 7
Verified
Well-known
Jul 7, 2016
339
For Backup solutions, try Rollback Rx, which at time of this posting there's a giveaway for: MalwareTips Giveaway - RollBack Rx Professional Giveaway

System Restore is known to have restored a lot of malware, just like any other system imagining, it backups everything, good and bad. Some threats can not be detected by AV/cloud. They can be dormant for months, even years, so it would be hard to tell, if the image is really clean. I would never use it, but it is fine for system repairs.

Most backup solutions will actually verify the state of the image or snapshot. If you rely on Sys Restore, that will be completely obliterated at the first sign of infection. It's a Windows service, viruses infect Windows and their services almost right away.
 

TairikuOkami

Level 37
Thread author
Verified
Top Poster
Content Creator
Well-known
May 13, 2017
2,692
OK, I have just had to post it, because I can not believe it myself. I decided to try out FortiClient and it is indeed light, but that is not, what has surprised me. The most shocking part is, that it feels, like it actually speeds up my computer. Browsing seems noticeably faster and lagging in games is gone. Maybe because I had no realtime AV before and WD was disabled, Windows might have been trying to scan files or something, but it failed, so it caused a slowdown. Either way, this one is a keeper. :coffee:
 

Attachments

  • capture_02062018_175547.jpg
    capture_02062018_175547.jpg
    169.9 KB · Views: 448
  • capture_02062018_180605.jpg
    capture_02062018_180605.jpg
    92 KB · Views: 462
  • capture_02062018_180500.jpg
    capture_02062018_180500.jpg
    88.5 KB · Views: 498

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top