@Sampei.Nihira I use MBAE to protect my SIEM agent and all programs that use the firewall. (my firewall is outbound=block, so everything has to be defined)
Last edited:
What are the essential programs that you will still install on your Windows system in 2026, and what are the programs that you will stop using?
- Thread starter lokamoka820
- Start date
- Featured
Please provide comments and solutions that are helpful to the author of this topic.
first things i usually do when getting a new pc is uninstalling all crapware then install my AV of choice plus any other security software, then i usually go to non essential apps but that includes things like Libreoffice, VLC, Discord, NordVPN, qbittorent ect.
and disabling unnecessary services and settings.
Setting yes especially privacy setting, but services depends on which one. I used to use BlackVipers list but then realized it was a waste of time.
Selecting which services to disable is very indvidualized; it vary according to each user needs.
If in doubt, do not disable the service to avoid breaking things; leaving few unnecessary services will not make the OS crawl.
Kerish Doctor suggests what to disabled according to how you use ur device.
Did not use before; if accurately suggesting, that would be a nice feature.
I have a list of services to disable based on reading, and trial and error.
It does not suggest much. It suggests what is recommened to disable according to your use profile without risking breaking anything.
Moreover, any changes done by Kerish, can be reverted instantly.
I don't think disabling services is the security panacea it used to be, there are just so many moving parts of modern windows and so many co-dependencies that it doesn't make sense to butcher your OS. I would rather block LOLbins and install a decent security solution than disable 50 services and hope nothing breaks.
Disabling services is not a waste of time, it can bypass some network based attacks
Well, i would not call it a waste of time, but rather time consuming especially if you do not what you're doing. Personally, my expereince is ver limited when it comes to Windows services so I need to constantly check guides. Later, I decided to leave Windows on its own without any changes.
You can script the SC command in a .bat to disable services.
Yeah but what network based attacks exactly ? Why bother going after a fully patched Windows 11 when you can just hack the router with 5 year old exploits?
Besides the usual suspects Remote Desktop services and a few others I leave them as is.
Take for example an SQL Injection attack. All web programmers know that all inputs fields on a web page must be validated to check for crafted inputs that could instruct your db to do something stupid. (like spitting out the admin password) Similarly all inputs to your Windows must have validation routines to check the input. Eg, Windows Spotlight takes input from MS in the form of pictures. What if I debugged it and found a flaw? Then work my way to make an exploit out of it? I may not succeed, it may not give me system rights, but hackers are trying day in day out to find flaws and make exploits.
Services that interact with the network is a good example. MS is prudent enough to give us a disable switch just in case cow dung hits the fan. So I would use it preemptively if the service isn't a business requirement.
Services that interact with the network is a good example. MS is prudent enough to give us a disable switch just in case cow dung hits the fan. So I would use it preemptively if the service isn't a business requirement.
Last edited:
Are you so sure of your 'fully patched' windows now, you're forgetting that hackers have non-disclosed exploits.
If one of your Windows services or software is vulnerable to SQL in 2026 we have more problems than disabling a few services.
Never sure, just assume your breached and compromised and act accordingly. I would be more paranoid about your mobile device, commercial and government exploits and implants are very mature and with a 1 click through iMessage, Signal or WhatsApp you have no defense and ability to know if your pwned.
Look @ the exploit market and prices they pay for exploits, iOS/Android your looking at anywhere 2.5 to 10 million for a 1 click zero day. Windows is much lower and attackers go where the honey is but take that information with grain of salt.
For me my base config is:
1. Control D DNS (Paid)
2. Smart App Control (SAC) set to "On"
3. Windows Security, ESET, or McAfee depending on the weather
1. Control D DNS (Paid)
2. Smart App Control (SAC) set to "On"
3. Windows Security, ESET, or McAfee depending on the weather
How is your experience with SAC in terms of performance?For me my base config is:
1. Control D DNS (Paid)
2. Smart App Control (SAC) set to "On"
3. Windows Security, ESET, or McAfee depending on the weather
On my device it stays on Evaluation and never turns on on its own.
You may also like...
-
SWe’re moving to Experimental and Beta! Announcing new builds for 24 April 2026
- Started by Stephen Lines
- Replies: 0
-
Windows 11 KB5083769 April 2026 Patch Tuesday update- Started by Gandalf_The_Grey
- Replies: 5
-
F-Secure Internet Security 2026- Started by Shadowra
- Replies: 21
-
What do you think Linux needs to take over home users market?- Started by RoboMan
- Replies: 44
-
S