- Aug 2, 2015
- 4,286
Thanks WS & Gurus for shining light on this.
WS keep us updated on how this works out please. PeAcE
WS keep us updated on how this works out please. PeAcE
Who has already played with new W10 security features?
- Thread starter Windows_Security
- Start date
I think the funniest Windows exploit I have ever seen was from Windows 2000 where someone tried to load ntoskrnl.exe as a module and then managed to actually use the privileged functions for privilege escalation from ring 3. It was quite funny. Now I think about it, while it was patched back then, explorer.exe has ntoskrnl.exe loaded as a module. I wonder what they use it for.
However... An old exploitation method which is a bit more recent with ntoskrnl.exe as a module worked by overwriting HalDispatchTable (function exported by ntoskrnl.exe) as a method of shell-code execution (it would also be privilege escalation - and would have been able to be done with standard rights). Maybe it still works to this day, I do not know. It was used in 2015 by malware still I think though...
Microsoft need to make the OS more secure as much as they can!!
Last edited by a moderator:
- Jul 5, 2016
- 416
Tried it out a bit about a month ago and posted screen shots over at the other forum untill I got banned from posting.
Windows_Security
Level 24
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
- Mar 13, 2016
- 1,298
@_CyberGhosT_ Well right now I wish I had Windows Pro like AV_gurus (all these new features), for the moment only added rules for Office, Albidelli (photo book) and Chrome (Disable extension points and Do not allow child processes). These two extra mitigations seem to be compatible with all the programs I tried.
Controlled folder access seems to give a warning when some program violates it,
Controlled folder access seems to give a warning when some program violates it,
The problem is some users prefer to stay with old OS like windows XP and Windows 7. And they don't take advantage of the higher security available in Windows 10.
- Sep 22, 2014
- 1,767
- Nov 19, 2014
- 2,350
Few $ of ebay if you have a paypal account or a credit card.Note they usually sell upgrade licenses but there are ways to do the upgrade even with that using a trick.
- Aug 2, 2015
- 4,286
I had Win7 Ultimate, when I updated to 10 in the first stages of the Insider program (I no longer participate) it updated me to Win10 Pro
all by itself. Anyone you know have Win7 anything above "Home" if you update to the Insider Prog with anything above home it will give you Win10 Pro. Just a thought.
Windows_Security
Level 24
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
- Mar 13, 2016
- 1,298
@_CyberGhosT_
You are so right (also online upgrades of Pro can be purchased for under 10 euro as @SHvFl mentions)
I had upgraded to Windows 10 (Pro) on all devices. Then my wife asked whether I could get her laptop the same looks as het work laptop. So I downgraded to Windows 7 again. Then I bought a new laptop for her with Windows 10 home and she told me that she really liked the looks of her new laptop, while I was downgrading it to Windows 7). You can see in my status that I blew of steam in this forum (aaaaaaaaaaaaaaahhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhh status update )
My desktop is Windows 7 enterprise (my tablet has Windows 8.1 because I also have 8.1 on my phone). Her new laptop/tablet runs Windows 10 Home (Lenovo Yoga 520 with 128 GB SSD and 1 TB HD).
You are so right (also online upgrades of Pro can be purchased for under 10 euro as @SHvFl mentions)
I had upgraded to Windows 10 (Pro) on all devices. Then my wife asked whether I could get her laptop the same looks as het work laptop. So I downgraded to Windows 7 again. Then I bought a new laptop for her with Windows 10 home and she told me that she really liked the looks of her new laptop, while I was downgrading it to Windows 7). You can see in my status that I blew of steam in this forum (aaaaaaaaaaaaaaahhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhh status update
)My desktop is Windows 7 enterprise (my tablet has Windows 8.1 because I also have 8.1 on my phone). Her new laptop/tablet runs Windows 10 Home (Lenovo Yoga 520 with 128 GB SSD and 1 TB HD).
Last edited:
Oh yes I totally agree. There are many internal security improvements on modern versions of Windows average users won't know about. Which are pretty important IMO.
Windows 7 is commonly liked and still preferred by many but has its own fair share of security issues, even newer versions do of course. But fact of the matter is up to date Windows with the latest security patches keeps you safer...
Last edited by a moderator:
- Jul 5, 2016
- 416
I have win 10 home and have all these new setting on insider. Also have Enterprise in VM with all of them. Ghost , you should have stuck with the insider updates.
- Aug 2, 2015
- 4,286
At the time, I had too much going on, now in simi-retirement I have the time to actually "participate"
but Insider builds will not run with the Process / Services restrictions I have in place now.
I will live vicariously through you brave Insiders lol
- May 26, 2014
- 1,130
Windows_Security
Level 24
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
- Mar 13, 2016
- 1,298
@Av Gurus
Select override and enable
I see second has audit option. I will check my wife's laptop when she is done photo editing (could take a while) Canada trip photo's (she thinks security is nonsense anyway and all people on security forums are geeks, so can't tell her to bugger of for my forum pall Av guru's..... I am not that brave).
EDIT child processes start can only be monitored with chrome. When you disable audit (so block it), it won;t work. I was put n the wrong feet, because they used 'controleren' in Dutch which means 'control'. This is technically a correct translation for audit, only to controle in Dutch also means to manage (or to rule), so apologize for the confusion.
Select override and enable
I see second has audit option. I will check my wife's laptop when she is done photo editing (could take a while) Canada trip photo's (she thinks security is nonsense anyway and all people on security forums are geeks, so can't tell her to bugger of for my forum pall Av guru's..... I am not that brave).
EDIT child processes start can only be monitored with chrome. When you disable audit (so block it), it won;t work. I was put n the wrong feet, because they used 'controleren' in Dutch which means 'control'. This is technically a correct translation for audit, only to controle in Dutch also means to manage (or to rule), so apologize for the confusion.
Attachments
Last edited:
Windows_Security
Level 24
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
- Mar 13, 2016
- 1,298
Yes, I bought Office 2016 Pro digital license thanks to your tip for 45 euro's for my wife's new latop/tablet. I should have bough Windows 10 Pro also at that time. Now I think it is to much hassle to install everything again.
- Nov 19, 2014
- 2,350
Don't think ebay gives other options. Sadly for most of us they have their sister service paypal that needs to syphon money.i dont have both, how i do ?
- Sep 22, 2014
- 1,767
- Jul 3, 2015
- 8,153
Depends what fonts you use. If none of your programs use exotic non-unicode fonts, you will be okay. If they use such fonts, you will see right away, when the text is not displaying properly in a menu or dialogue box or search result box etc.
Is there an option for "monitor" fonts? That's a compromise solution that has worked well for me in other security softs.
- Sep 22, 2014
- 1,767
Similar threads
