RISK: Danger TairikuOkami's Crippled Windows

Most recent changes
Oct 11, 2018
Operating System
Windows 10
Windows Edition
Home
Build
1809 (17763.1)
System type
64-bit OS
Security Updates
Check for Updates only - User interaction for download and installation
User Access Control
Always Notify - For App installs, Modify system & User settings
Device Firewall
Windows Firewall - Network security provided by Microsoft
Device Security
Disabled - Safety mechanisms are turned off
User Account
Administrator - User has complete control over the device
Recent Security Incidents
No malware or privacy issues
Malware Testing
Malware on my host PC - No Network or File isolation
Real-time Web & Malware Protection
Windows Defender Firewall & UltraDNS Threat Protection
Security Protection settings
Custom - Major changes for Increased Security
Virus and Malware Removal Tools
Random (CureIt/FRST/EEK/KVRT/NPE)
Browsers and Extensions
Yandex Browser & AdBlocker for Youtube/Cookie AutoDelete/Context Menu Search/Decentraleyes/Dictionary Lookup/h264ify/IDN Safe/Netcraft/Poper Blocker/uBlock Origin (no AD blocking, just Annoyances/Privacy/WebRTC)
Web Privacy
Ipredator.se via browser's dnscrypt & browser extensions listed above
Password Management
Keepass (offline)
Default Web Search
DuckDuckGo (Uncensored)
System Utilities collection
Autoruns, Disc Cleanup, Driver Easy, Driver Store Explorer, Geek Uninstaller, Process Hacker Nightly, Windows Repair Toolbox, Wise Disk Cleaner, Wise Registry Cleaner
Data Backup
Copy/Paste
Frequency of Data backups
Weekly
System Backup
None
Frequency of System backups
None
Device Specs
http://steamcommunity.com/id/tairikuokami

TairikuOkami

Level 18
Content Creator
Verified
Joined
May 13, 2017
Messages
851
OS
Windows 10
Antivirus
Default-Deny
#23
Whats the reason why no firewall?
What is the point of the firewall? Without the firewall all ports are closed, that is better than stealthed, because you will not get repeated requests. There are very few apps, which keep ports open for incoming requests and if you run them you trust them and you would allow them in a firewall anyway. A router will stop unsolicited traffic and its SPI Firewall takes care of illegitimate requests without any CPU overhead, which might be caused by a software firewall. Blocking potential malware outbound requests means, you have already lost, because you are infected. Even MS knows that, thus it does not enable it by default.
 

TairikuOkami

Level 18
Content Creator
Verified
Joined
May 13, 2017
Messages
851
OS
Windows 10
Antivirus
Default-Deny
#26
@TairikuOkami on your original post , you should explain with simple words what your various tweaks (Windows, Network, etc...) does (no need details just general big lines) , so basic users won't tell you are crazy :D
It is hard to sum it up, but I will give it a go and I will also try to address other settings, that I have omitted in the original post. ;)
 
Joined
Apr 28, 2017
Messages
312
OS
Windows 10
Antivirus
Webroot
#27
Do you not have other computers on your network, what if they get an adventurous worm like we saw Friday?

Also with your tweaks is your system still easily usable or a pain?

But I would say you're secure enough just based off your knowledge alone, but someone else using your computer could probably do some damage.
 

TairikuOkami

Level 18
Content Creator
Verified
Joined
May 13, 2017
Messages
851
OS
Windows 10
Antivirus
Default-Deny
#28
Do you not have other computers on your network, what if they get an adventurous worm like we saw Friday?
I use similar tweaks on other computers, just lighter version, still safe enough. That worm requires WSH and it looks like it creates a startup entry in "Command Processor" plus it alters some policies, I remove both, so I would not worry about it.
Code:
malwr.com/analysis/MjBlNjdjMWFmZGNkNDQzZDlkMmJhNjU2NmQ5YjgwZWU

Also with your tweaks is your system still easily usable or a pain?
I browse internet, listen to radio, play games on steam, nothing really bothersome. :)
I only have to restart network services with a bat to update Windows, about twice a month.
 

TerrakionSmash

Level 16
Verified
Joined
Nov 17, 2016
Messages
765
OS
Windows 10
Antivirus
Microsoft
#29
Why do you disable easylist/english and its cosmetic filtering on Adguard? You can consolidate adblocker for youtube with something like adguard mobile/simplified domains filter to block youtube ads or something like blockzilla or Adblock YouTube Ads outside adguard filter lists depending on your philosophy or what you find annoying.
 

JM Security

Level 31
Verified
Joined
Apr 12, 2015
Messages
2,038
#30
Firewall disabled, SmartScreen disabled. You don't have anything in real-time protection.

RISKY badge guaranteed.
I do not really like/need system imaging. I do clean install every time the new Windows Upgrade is released (twice a year).
A backup solution is fundamental also in case of an infection.

Malware can infect your PC even if you use your scripts, only an AV solution (like Windows Defender in case of Windows 10, really improved with the latest releases) or a Default-Deny application can protect better your OS.

I think your setup is too vulnerable.

You can add ZAM Free, enable Windows Defender and add MalwareBytes.

Also, as @Winter Soldier said, ZAM doesn't work without internet connection.

Thanks for sharing.
 
Last edited:

_CyberGhosT_

Level 52
Verified
Joined
Aug 2, 2015
Messages
4,180
OS
Linux Mint
Antivirus
Default-Deny
#34
you are even worse than me :p
That's hard to believe, in all seriousness though,
He seems to have a very unorthodox approach to securing his system, very much like Umbra.
He also has a good grasp on Windows or he would not be doing what he is doing for very long
because reinstalling the OS would get old fast.
I say this to point out that it is not an approach that I would take, and yes it is "Risky" but
if you think about it, it is no more crazy than some of the crazy **** we have seen others here
do and promote, not mentioning any names on purpose.
Having said that, if this works for you @TairikuOkami then more power to ya, just don't encourage any novice users to adopt
your security habits ;)
It seems a bit extreme to those of us who understand the scope of what you have done, but only because "we" would not do it,
you having done it and practiced it do not feel it is and I get that.
When all is said and done it is you that has to be happy not us members and not the staff, and if you are
then that is all that matters, no matter the labels applied, or feedback given.
Welcome and Thank You for sharing this very Unique setup ;)
 

_CyberGhosT_

Level 52
Verified
Joined
Aug 2, 2015
Messages
4,180
OS
Linux Mint
Antivirus
Default-Deny
#35
Also let me state that your not the only one that does this to this level, I have a couple gaming friends that started tweaking the Reg for gaming performance on slower machines, they started back in the Battlefield days and never stopped.
Today they do it for security and to pump every bit of processing power from modern systems and some in the gaming community
give them feedback like I see you getting here. It is refreshing to see one aspect of this, and that is that your not afraid to think outside of the box like my 2 gamer buddies, and that is commendable ;)
 

Umbra

Level 85
Content Creator
Verified
Joined
May 16, 2011
Messages
18,422
OS
Windows 10
Antivirus
Default-Deny
#36
The setup of @TairikuOkami is very very tailored and can only be understood by other tweakers, he is indirectly secure because he reduces the attack vectors to the bare minimum.
"how can you break-in my house if there is no visible door or windows?"
I had a setup like that in the past for WinXP/7 but since i need some fancy Windows 10 feature (cortana, metro apps, etc...) , doing the same would limit my Windows experience, maybe one day, if seriously bored, i could go back to those cleaned setup.

In his case he is "risky" not just because of the lack of security features/softs , but also because any beginners copying him would need to reformat his OS after 10mn :D
But at least he knows and understand that.
 

Umbra

Level 85
Content Creator
Verified
Joined
May 16, 2011
Messages
18,422
OS
Windows 10
Antivirus
Default-Deny
#37
(I don't know if building the tweaks made you a expert or if you build the tweaks because you are an expert.)
Basically he started like every tweakers, found some on forums, experimenting some of his own, then adapted all of them to fit his system and needs , then with time learned what they exactly does on his system.
 

TairikuOkami

Level 18
Content Creator
Verified
Joined
May 13, 2017
Messages
851
OS
Windows 10
Antivirus
Default-Deny
#38
EDIT (12-Nov-17): Removed: Firewall App Blocker to easily create Windows Firewall rules. I am a big boy now, I can do it myself. :D

EDIT (17-Dec-17): Re-added: Avast Free. I have disabled GUI (self-protection). Some higher CPU/Disk usage, when app is launched, otherwise it is around 0% CPU & 32 B/s.

EDIT (18-Dec-17): Removed Avast, again. It locked my mouse, I could not use right click properly and games felt sluggish.

EDIT (18-Dec-17): Added: Netcraft extension, it blocks 99% of phishing (www.phishtank.com).
Code:
takeown /f "%ProgramFiles%\AVAST Software\Avast\wsc_proxy.exe" /a
icacls "%ProgramFiles%\AVAST Software\Avast\wsc_proxy.exe" /inheritance:r /remove "Administrators" "Authenticated Users" "Users" "System"
Code:
netsh advfirewall firewall add rule name="Avast instup DNS" dir=out action=allow protocol=UDP remoteip=84.200.70.40,84.200.69.80 remoteport=53 program="%ProgramFiles%\AVAST Software\Avast\setup\instup.exe"
netsh advfirewall firewall add rule name="Avast instup TCP" dir=out action=allow protocol=TCP remoteip=2.16.0.0-2.23.255.255 remoteport=80,443 program="%ProgramFiles%\AVAST Software\Avast\setup\instup.exe"
netsh advfirewall firewall add rule name="Avast Svc DNS" dir=out action=allow protocol=UDP remoteip=84.200.70.40,84.200.69.80 remoteport=53 program="%ProgramFiles%\AVAST Software\Avast\AvastSvc.exe"
netsh advfirewall firewall add rule name="Avast Svc TCP" dir=out action=allow protocol=TCP remoteip=5.45.58.0-5.45.58.255,77.234.41.0-77.234.41.255 remoteport=80,443 program="%ProgramFiles%\AVAST Software\Avast\AvastSvc.exe"
netsh advfirewall firewall add rule name="Avast UI DNS" dir=out action=allow protocol=UDP remoteip=84.200.70.40,84.200.69.80 remoteport=53 program="%ProgramFiles%\AVAST Software\Avast\AvastUI.exe"
netsh advfirewall firewall add rule name="Avast UI TCP" dir=out action=allow protocol=TCP remoteip=5.45.58.0-5.45.58.255,77.234.41.0-77.234.41.255 remoteport=80,443 program="%ProgramFiles%\AVAST Software\Avast\AvastUI.exe"

I wanted to use SmartScreen, but it is too dependent on Windows Defender, which I have fully disabled. No idea, how to get it working, even if I wanted to.

Note: This is just temporary, I will reconsider it, once Fall Update RTM is released. The only hiccup was Avast blocking Process Hacker, but I have dealt with that.

RISKY badge guaranteed.
A backup solution is fundamental also in case of an infection.
System Restore is known to have restored a lot of malware, just like any other system imagining, it backups everything, good and bad. Some threats can not be detected by AV/cloud. They can be dormant for months, even years, so it would be hard to tell, if the image is really clean. I would never use it, but it is fine for system repairs.
 

Attachments

Last edited:

JHomes

Level 7
Verified
Joined
Jul 7, 2016
Messages
321
OS
Windows 10
Antivirus
AVG
#39
For Backup solutions, try Rollback Rx, which at time of this posting there's a giveaway for: MalwareTips Giveaway - RollBack Rx Professional Giveaway

System Restore is known to have restored a lot of malware, just like any other system imagining, it backups everything, good and bad. Some threats can not be detected by AV/cloud. They can be dormant for months, even years, so it would be hard to tell, if the image is really clean. I would never use it, but it is fine for system repairs.
Most backup solutions will actually verify the state of the image or snapshot. If you rely on Sys Restore, that will be completely obliterated at the first sign of infection. It's a Windows service, viruses infect Windows and their services almost right away.
 

TairikuOkami

Level 18
Content Creator
Verified
Joined
May 13, 2017
Messages
851
OS
Windows 10
Antivirus
Default-Deny
#40
OK, I have just had to post it, because I can not believe it myself. I decided to try out FortiClient and it is indeed light, but that is not, what has surprised me. The most shocking part is, that it feels, like it actually speeds up my computer. Browsing seems noticeably faster and lagging in games is gone. Maybe because I had no realtime AV before and WD was disabled, Windows might have been trying to scan files or something, but it failed, so it caused a slowdown. Either way, this one is a keeper. :coffee:
 

Attachments