Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
General Security Discussions
Windows Directories to Lock Down
Message
<blockquote data-quote="bazang" data-source="post: 1119121" data-attributes="member: 114717"><p>No. You do not. There are ways to completely lock down Windows without losing one bit of functionality.</p><p></p><p>Microsoft Security itself will tell you that just because Windows Home and Pro ship with everything enabled, does not mean that they should be left enabled. Windows was designed and intended to have features and functionality that place the system at-risk to be disabled. Windows is a modular operating system. It is not optimized for security "out-of-the-box." It must be properly configured and managed - IF - digital (localhost) is a priority for the user.</p><p></p><p>The issue with system lock down - ALL default deny actually - is more about the user and what they can emotionally and mentally cope with. A lot of people cannot cope with anything being blocked. Ever. Even when it is malicious.</p><p></p><p>But most users live a thing called "I do what I want, mommy." So anything that prevents that is not acceptable. Hence we have a world filled with malware and threat actors who target the herd that wants to use stuff.</p><p></p><p></p><p>Full system lock down is the only effective insurance against highly effective, easily deployed exploits that you don't see coming. The ones such as Eternal Blue and Double Pulsar.</p><p></p><p>100% always-on system lock down along with not allowing users to make decisions is the only proven, highly effective speed bump in a post-exploitation environment.</p><p></p><p>It depends upon your belief system whether protecting against those kinds of scenarios are important.</p></blockquote><p></p>
[QUOTE="bazang, post: 1119121, member: 114717"] No. You do not. There are ways to completely lock down Windows without losing one bit of functionality. Microsoft Security itself will tell you that just because Windows Home and Pro ship with everything enabled, does not mean that they should be left enabled. Windows was designed and intended to have features and functionality that place the system at-risk to be disabled. Windows is a modular operating system. It is not optimized for security "out-of-the-box." It must be properly configured and managed - IF - digital (localhost) is a priority for the user. The issue with system lock down - ALL default deny actually - is more about the user and what they can emotionally and mentally cope with. A lot of people cannot cope with anything being blocked. Ever. Even when it is malicious. But most users live a thing called "I do what I want, mommy." So anything that prevents that is not acceptable. Hence we have a world filled with malware and threat actors who target the herd that wants to use stuff. Full system lock down is the only effective insurance against highly effective, easily deployed exploits that you don't see coming. The ones such as Eternal Blue and Double Pulsar. 100% always-on system lock down along with not allowing users to make decisions is the only proven, highly effective speed bump in a post-exploitation environment. It depends upon your belief system whether protecting against those kinds of scenarios are important. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
