Advice Request Worth Upgrading to Win 11 Pro for Security Reasons?

Please provide comments and solutions that are helpful to the author of this topic.

patrick85

Level 1
Thread author
Mar 13, 2022
12
Hello I'm currently using win 11 standard edition. I'm thinking of doing windows reinstall to win 11 pro. Are there any significant benefits in terms of security especially to use win 11 pro ? I also had a bad experience with my remote desktop functionality being hacked so I was in fact glad to have only win 11, I may need this functionality for work now hovewer. Other thing in terms of security that comes to my mind is bitlocker encryption. Would anybody please be able to recommend some more security features or even whether it's reasonable to do this upgrade from a security perspective ?

Thank you.
 

Bot

AI-powered Bot
Apr 21, 2016
4,447
Hello! Upgrading from Windows 11 Standard to Windows 11 Pro can offer some additional security features that may be beneficial, especially if you are concerned about security and remote desktop functionality. Here are some security features that Windows 11 Pro offers:

1. **BitLocker Encryption**: Windows 11 Pro includes BitLocker, which allows you to encrypt your hard drive to protect your data in case your device is lost or stolen. This feature can help ensure that your data remains secure even if someone gains physical access to your device.

2. **Remote Desktop**: With Windows 11 Pro, you have more control over remote desktop functionality. You can use Remote Desktop to connect to your computer from another device securely. You can also configure more advanced settings to enhance security when accessing your computer remotely.

3. **Group Policy Management**: Windows 11 Pro includes Group Policy Management, which allows you to configure and control security settings across multiple devices in your network. This can help you enforce security policies and settings consistently across your devices.

4. **Windows Update for Business**: Windows 11 Pro gives you more control over Windows updates through Windows Update for Business. You can delay updates, schedule installation times, and manage updates more effectively to ensure that your system is always up to date with the latest security patches.

5. **Windows Defender Antivirus**: Windows 11 Pro comes with Windows Defender Antivirus, which provides real-time protection against malware, viruses, and other security threats. It offers built-in security features to help protect your device from various online threats.

Overall, upgrading to Windows 11 Pro can provide you with additional security features and tools that can help enhance the security of your device and data. If security is a top priority for you, especially considering your previous experience with remote desktop hacking, upgrading to Windows 11 Pro may be a reasonable step to take.

Before proceeding with the upgrade, make sure to back up your important data and settings. Additionally, consider enabling additional security measures such as two-factor authentication for remote desktop access to further enhance the security of your system.

I hope this information helps you make an informed decision about upgrading to Windows 11 Pro for security reasons. If you have any more questions or need further assistance, feel free to ask!
 

TairikuOkami

Level 37
Verified
Top Poster
Content Creator
Well-known
May 13, 2017
2,665
I also had a bad experience with my remote desktop functionality being hacked so I was in fact glad to have only win 11, I may need this functionality for work now hovewer.
This is one of the reasons I prefer Home over Pro, sometimes less is more. Pro slowly fades away, you would need Enterprise edition to have a full control.
You can use 3rd party software for remote control like TeamViewer or AnyDesk. You might also consider VeryCrypt over Bitlocker. MS apps are generally dull.
 

brambedkar59

Level 32
Verified
Top Poster
Well-known
Apr 16, 2017
2,116
GPedit was the only reason I went from home to pro.
If you don't need GPedit (there are ways to get it on home but it was finnicky for me, sometimes it would work other times it wouldn't) and Bitlocker then Pro is not worth it.

PS you can disable the remote desktop thing.
 

Victor M

Level 13
Verified
Top Poster
Well-known
Oct 3, 2022
621
Well, what you are going to use may be dictated by your company, and you will need Pro if they say so. I agree with Bot that having Group Policy gives you more control security wise. For a simple one step thing to setup group policy you can consider using Microsoft Windows 11 Baseline for 23H2.

To apply the Baseline you need to issue 3 commands in Powershell:
Set-ExecutionPolicy RemoteSigned
Baseline-LocalInstall -Win11NonDomainJoined
Set-ExecutionPolicy Restricted
If you are not comfortable with Powershell, you can ask your IT admin gal to help you out.

To see all the settings available in Group Policy, you run gpedit. There are a LOT of settings. Take your time to explore.

Use VeraCrypt as @TairikuOkami suggests. BitLocker only safeguards your laptop data if it is stolen and prevents a person who can't sign in from seeing your things. BitLocker automatically decrypts everything once you sign in. So it offers no protection for most threats: from ransomware to hackers.

So you were among the unlucky ones that got hacked via Remote Desktop, it happened to a buddy of mine too. One thing I remember seeing is that you can change the default port 3389 to something else. By doing that, you escape those attackers who blindly attack that port number and scan the internet for it. But @TairikuOkami 's suggestion of TeamView offers an extra safeguard, you have to use a phone app to authorize yourself in addition to the username and password. But depending if you are calling the office,, the TeamViewer option may not be available to you if they don't use it. Most large corps don't allow end users to install software. We are not big, but we emulate best practices that big corps follow and we don't allow it either.

One security control I have used for many years is called CyberLock. It works adjacent to Windows Defender or any anti-malware. And it inspects everything that tries to run, checking the program's signatures, and several other things. It can stop things that Windows Defender misses. It's developer is on this forum, and if you have any questions, you can find him directly. His username is Dan. Just use the message search function and lookup CyberLock.
 
Last edited:
F

ForgottenSeer 107474

Hello I'm currently using win 11 standard edition. I'm thinking of doing windows reinstall to win 11 pro. Are there any significant benefits in terms of security especially to use win 11 pro ? I also had a bad experience with my remote desktop functionality being hacked so I was in fact glad to have only win 11, I may need this functionality for work now hovewer. Other thing in terms of security that comes to my mind is bitlocker encryption. Would anybody please be able to recommend some more security features or even whether it's reasonable to do this upgrade from a security perspective ?

Thank you.
With PRO you get WDAC, SRP and you can raise Microsoft Defender protection on par to top-notch paid premium Antivirus and implement all sorts of hardening (e.g. the baseline recommendations). So you get a lot more for just a few bucks.
 

patrick85

Level 1
Thread author
Mar 13, 2022
12
This is one of the reasons I prefer Home over Pro, sometimes less is more. Pro slowly fades away, you would need Enterprise edition to have a full control.
You can use 3rd party software for remote control like TeamViewer or AnyDesk. You might also consider VeryCrypt over Bitlocker. MS apps are generally dull.
Well regarding this I heard that even if you have windows home edition hackers can install remote desktop capability hiddenly and use it even on win home editions. In fact I wonder how it really is with the remote desktop on home and pro edition as even now on win 11 home I can see this windows and when I put in some address and hit connect it tries to connect.
rmtConnSettings.png


Well, what you are going to use may be dictated by your company, and you will need Pro if they say so. I agree with Bot that having Group Policy gives you more control security wise. For a simple one step thing to setup group policy you can consider using Microsoft Windows 11 Baseline for 23H2.

To apply the Baseline you need to issue 3 commands in Powershell:
Set-ExecutionPolicy RemoteSigned
Baseline-LocalInstall -Win11NonDomainJoined
Set-ExecutionPolicy Restricted
If you are not comfortable with Powershell, you can ask your IT admin gal to help you out.

To see all the settings available in Group Policy, you run gpedit. There are a LOT of settings. Take your time to explore.

Use VeraCrypt as @TairikuOkami suggests. BitLocker only safeguards your laptop data f it is stolen and prevents a person who can't sign in from seeing your things. BitLocker automatically decrypts everything once you sign in. So it offers no protection for most threats: from ransomware to hackers.

So you were among the unlucky ones that got hacked via Remote Desktop, it happened to a buddy of mine too. One thing I remember seeing is that you can change the default port 3389 to something else. By doing that, you escape those attackers who blindly attack that port number and scan the internet for it. But @TairikuOkami 's suggestion of TeamView offers an extra safeguard, you have to use a phone app to authorize yourself in addition to the username and password. But depending if you are calling the office,, the TeamViewer option may not be available to you if they don't use it. Most large corps don't allow end users to install software. We are not big, but we emulate best practices that big corps follow and we don't allow it either.

One security control I have used for many years is called CyberLock. It works adjacent to Windows Defender or any anti-malware. And it inspects everything that tries to run, checking the program's signatures, and several other things. It can stop things that Windows Defender misses. It's developer is on this forum, and if you have any questions, you can find him directly. His username is Dan. Just use the message search function and lookup CyberLock.
Thank you regarding group policy configurations I personally use windows hard configurator even on my win 11 home edition and I would use it on win 11 pro edition as well and given the policies you can configure on pro compared to home edition I think it could be even better security wise. I use paid antivirus solutions nowadays - Bitdefender Total Security that should check for any unauthorised access to remote desktop and I also have it disabled via all possible settings and also in my registry editor. Regarding bitlocker I think I would use it as somebody can get physical access to your laptop and get the data as you mentioned so some sort of encryption like this I believe is better than nothing and bitlocker seems like out of the box solution that you won't find on home editions. Regarding the signatures I use spyshelter premium as well, they did large update now and I wanted to check all the capabilities of the new version. Spyshelter checks for signatures as well and it also encrypts keystrokes which is something I like given my past where my devices were compromised for long period of time and lots of my data being stolen I don't believe in complete protection anymore so better to have these present and I know how damaging this can be to a person.
 
Last edited by a moderator:

Victor M

Level 13
Verified
Top Poster
Well-known
Oct 3, 2022
621
Hackers, are by definition, the worst threat there is. It's the intelligent human element that separates this threat from like say malware. They can Get Around your protections when you put up a particular piece of security control. They can adapt.

Your BitDefender Total, sad to inform you, is a toy in their eyes. I have tested it with our red team, and they treated it as if nothing is there. Those AV-Comparative tests that many rely on, are only good for that day that they tested. It DID stop a set of hacking attacks, and you can extrapolate based on a few past tests that that vendor has what it takes. But know that hackers learned about the test the very next day and they adapted.

The current security control that we use currently is Xcitium OpenEDR. It virtualizes any new exe ( be it malware or hacking tool) and it shouldn't be able to touch the OS. It is better than BitDfender. But our red team is working on it. And I expect they will succeed in bypassing it in the coming months. But until they do, I can still recommend it with an honest face. It costs $8/month/PC postpaid. It has a cloud control panel where you can view and respond to the Alerts it generates. You can thus Monitor you whole network's PCs centrally. There is a PC component which handles all the auto-containment stuff, malware detection stuff, script analysis stuff.

The takeaway summary I can offer is this. Monitor those Alerts every day, you won't know what hit you if you are not there to pay attention. Monitoring threats is the current best practice in dealing with hackers. If you need to replace Xcitium, choose a Flexible security control with lots of knobs with customization rules capability. If a security control has some form of rules, then its a good sign. Xcitium has auto-containment rules that lets you specify what files to virtualize, and that virtualization method can be adjusted. It has HIDS rules. ( Host Intrusion Prevention ) You can specify that a particular Windows native exe has to be blocked (like Powershell, hackers love Powershell) until you turn off that block rule temporarily to use it. It can block access to named registry keys, and it offers pre-made groups of keys already set up. And you can add in your own. In short, it's a good flexible tool. And I have used it to deal with our red team hacking attacks.

But technical solutions all have a limited life time. And you have to learn to expect that.

You have also to complement technical solutions with administrative solutions. ( manual procedures that you follow to a T ) For example, you never plug in someone else's USB; you Always check a downloaded program installer's Properties > Signatures for the correct signature and company name; you Must prepare a golden image drive image backup of your Still-Offline Already-Configured Windows every time configuration changes; you Must do regular backups. These manual procedural things Must be followed unwaveringly.

And lastly there are physical security controls like locked office doors, burglar alarms, and so forth.

Good security comprises of all 3. You have to do them all as a set or else the entire thing is flawed. Our company, of course, has more items on our to-do list, but they belong to these same 3 categories.This is the home techie version.

If Xcitium is too expensive for your budget, their consumer line is called Comodo Internet Security $30. It has most of the same knobs and switches minus the cloud. Have fun playing the hackers game.
 
Last edited:

n8chavez

Level 20
Well-known
Feb 26, 2021
961
Just to echo what was already said. @LennyFox if 100% correct, in my view. I always go pro. If for so other reason that the GPM. There are a lot of security restrictions that can be put in place with the group policy manager that cannot be done with home. I prefer to keep things stock; not duplicating functionality with third party software. Pro versions help me do that.
 

Freki123

Level 16
Verified
Top Poster
Aug 10, 2013
753
The takeaway summary I can offer is this. Monitor those Alerts every day, you won't know what hit you if you are not there to pay attention. Monitoring threats is the current best practice in dealing with hackers. If you need to replace Xcitium, choose a Flexible security control with lots of knobs with customization rules capability. If a security control has some form of rules, then its a good sign. Xcitium has auto-containment rules that lets you specify what files to virtualize, and that virtualization method can be adjusted. It has HIDS rules. ( Host Intrusion Prevention ) You can specify that a particular Windows native exe has to be blocked (like Powershell, hackers love Powershell) until you turn off that block rule temporarily to use it. It can block access to named registry keys, and it offers pre-made groups of keys already set up. And you can add in your own. In short, it's a good flexible tool. And I have used it to deal with our red team hacking attacks.
To be honest I'm not sure if a user asking for a windows home vs pro security benefit review is the right target group for what you posted (no insults in any form intended). I wouldn't feel comfortable about rules or to decide which stuff to virtualize without a lot of reading up and a good backup (in case I break stuff).

The software you mention is probably great I just think you need to have some understanding of threats/windows security to use the right settings. Otherwise it will result in guesswork if any user decisions is needed.
 

n8chavez

Level 20
Well-known
Feb 26, 2021
961
Windows Pro is meant to be centrally managed by sysadmin with Intune, Mobile Device Manager, SCCM or equivalent. Should your employer require you to do something that is only available on Pro then it needs to provide the OS that it requires. Typically the employer provides the employee with a laptop or desktop.

Be aware that if you are using cracked software or volume licenses on your own system that you use for your employer's business purposes then your employer can get into both civil and criminal trouble for your actions.

You should ask your employer. Not here.

That's not true. Pro versions are not server versions. You do not need to be in a business environment to use Pro. A lot of people use Pro that are in a stand-alone workstation, me included. The reasons why people use it have been mentioned. But you're giving bad advice here, saying that Pro is only meant for business.
 

Victor M

Level 13
Verified
Top Poster
Well-known
Oct 3, 2022
621
To be honest I'm not sure if a user asking for a windows home vs pro security benefit review is the right target group for what you posted (no insults in any form intended). I wouldn't feel comfortable about rules or to decide which stuff to virtualize without a lot of reading up and a good backup (in case I break stuff).

The software you mention is probably great I just think you need to have some understanding of threats/windows security to use the right settings. Otherwise it will result in guesswork if any user decisions is needed.
The reason I started spewing out technobabble was because from what you explained, you do have some security in place, like Hard Configurator and SpyShelter, as you explained below.
Thank you regarding group policy configurations I personally use windows hard configurator even on my win 11 home edition and I would use it on win 11 pro edition as well and given the policies you can configure on pro compared to home edition I think it could be even better security wise. I use paid antivirus solutions nowadays - Bitdefender Total Security that should check for any unauthorised access to remote desktop and I also have it disabled via all possible settings and also in my registry editor. Regarding bitlocker I think I would use it as somebody can get physical access to your laptop and get the data as you mentioned so some sort of encryption like this I believe is better than nothing and bitlocker seems like out of the box solution that you won't find on home editions. Regarding the signatures I use spyshelter premium as well, they did large update now and I wanted to check all the capabilities of the new version. Spyshelter checks for signatures as well and it also encrypts keystrokes which is something I like given my past where my devices were compromised for long period of time and lots of my data being stolen I don't believe in complete protection anymore so better to have these present and I know how damaging this can be to a person.
But you also explained that you had a hacker for a long time.

What I forgot to point out, is that hackers do return. They had privileged access, and it is normal hacker practice to establish means of guaranteed re-entry, should you do something funny like re-install Windows. They return for various reasons, to 'check up' on you, to see what new defenses you have put up, to see what new data is now available to exfiltrate, or just to satisfy their curiosity.

So I elaborated on what are the established ways to ensure proper security. And I went a bit overboard in the technical description of our current technical control. Operationally, I actually works quite simply.

Here's what I should have focused on first: Prevent the hacker from coming back.

There exists hacker tools that write to the boot sectors of a drive. This lies outside of Windows. They start when you start your pc and because it starts up outside of Windows before Windows loads, no Windows based anti-malware tool can find them. And when you re-install Windows, and use the Custom option to Delete every partition, their code stays intact.

There is a disk utility called Parted Magic. It has a feature called Erase Disk. It works on hard drives, SSDs, NvMEs. What it can do is securely wipe a disk by filling it with 0 and 1's, or invoke a NvME drive's built in secure erase process. It also can verify the job is done properly. The latest version is Not free, but the older versions are. You google for 'Parted Magic old version' and you will find it. It downloads as an ISO file, which is a disk image file. You then use the freeware Rufus program to write this ISO to a USB stick. Then you boot your pc using this USB stick and invoke the Erase Disk. Optionally you can checkmark Verify.

Then, you can re-install Windows onto the now fully erased disk. This 2 step process guarantees that the hacker's tools are gone from your system. He will have to re-attack you from scratch if he decides to revisit you. Since you no longer use Remote Desktop, you have eliminated one of his options.

Back to Comodo Internet Security. The program automatically virtualizes all new programs that does not currently reside on your drive. So that would include legitimate programs you are installing, malware, ransomware, hacking tools, whatever. This it calls 'Auto-Containment'. A contained program installer will not install properly, so you simply turn off Auto Containment temporarily from the main menu when you need to install something. And remember to re-activate it afterwards. A contained/virtualized program will have a green windows border. That's how you tell the difference.

We have an expert on Comodo Internet Security and Comodo Firewall (a free product without anti-malware) in the forum by the username 'cruelsister'. She has laid out a fool proof setup procedure for setting this up. Simply do a message search and you will find it. She has also recently made a video demoing the latest beta version of CIS 2024. Actually there is another demo of CIS beta 2024 by Shadowra. Both videos demonstrate CIS's strong protection capability.

But as I mentioned, technical defenses all have a limited life time. Please remember that. Employ all 3 categories of defenses or it will be flawed.
 
Last edited:
  • Like
Reactions: simmerskool

simmerskool

Level 38
Verified
Top Poster
Well-known
Apr 16, 2017
2,715
There exists hacker tools that write to the boot sectors of a drive. This lies outside of Windows. They start when you start your pc and because it starts up outside of Windows before Windows loads, no Windows based anti-malware tool can find them. And when you re-install Windows, and use the Custom option to Delete every partition, their code stays intact.
@Victor M , Do not disagree, but a question. Where does the hacker tool reside, in BIOS? And, in more remote past, it was, or seemed, "common" (more common) to have a strong AV on a Linux CD or USB and boot from that and scan Windows without running Windows. Just curious, does this work, I don't see it mentioned lately, so have not researched it. I supposed it could only scan for signatures and not behavior.
 

Victor M

Level 13
Verified
Top Poster
Well-known
Oct 3, 2022
621
Where does the hacker tool reside, in BIOS?
It resides on the boot sectors of the disk. It is aside from the partition table where you define various partitions that you label C, D etc.

An AV that boots from another media like CD, DVD, USB stick will work, since it doesn't boot from that boot sector on the HDD. And any hacker tool that resides in the boot sector will not activate and defend itself. But this CD has to be prepared from a known clean machine.

I had a machine which was from 2008 or there abouts. And for those old machines hackers can actually infect the BIOS. (days before UEFI came about) There is slack space in the BIOS to allow for newer larger versions., and it must have resided there. Those infections have god mode access that controls the entire machine. This was rumored to be due to leaked malware research by NSA, and it affects old BIOSs. I had horrible memories of that episode; I lost the battle. So if you are still keeping pcs from that era, get rid of them. People recommend bare bones Linux versions for them or download old versions of Windows to make them useful again, avoid the risk. Once an attacker knows about the age of the machine and attacks, there is no possible remediation.
 
Last edited:
  • Thanks
Reactions: simmerskool

patrick85

Level 1
Thread author
Mar 13, 2022
12
The reason I started spewing out technobabble was because from what you explained, you do have some security in place, like Hard Configurator and SpyShelter, as you explained below.

But you also explained that you had a hacker for a long time.

What I forgot to point out, is that hackers do return. They had privileged access, and it is normal hacker practice to establish means of guaranteed re-entry, should you do something funny like re-install Windows. They return for various reasons, to 'check up' on you, to see what new defenses you have put up, to see what new data is now available to exfiltrate, or just to satisfy their curiosity.

So I elaborated on what are the established ways to ensure proper security. And I went a bit overboard in the technical description of our current technical control. Operationally, I actually works quite simply.

Here's what I should have focused on first: Prevent the hacker from coming back.

There exists hacker tools that write to the boot sectors of a drive. This lies outside of Windows. They start when you start your pc and because it starts up outside of Windows before Windows loads, no Windows based anti-malware tool can find them. And when you re-install Windows, and use the Custom option to Delete every partition, their code stays intact.

There is a disk utility called Parted Magic. It has a feature called Erase Disk. It works on hard drives, SSDs, NvMEs. What it can do is securely wipe a disk by filling it with 0 and 1's, or invoke a NvME drive's built in secure erase process. It also can verify the job is done properly. The latest version is Not free, but the older versions are. You google for 'Parted Magic old version' and you will find it. It downloads as an ISO file, which is a disk image file. You then use the freeware Rufus program to write this ISO to a USB stick. Then you boot your pc using this USB stick and invoke the Erase Disk. Optionally you can checkmark Verify.

Then, you can re-install Windows onto the now fully erased disk. This 2 step process guarantees that the hacker's tools are gone from your system. He will have to re-attack you from scratch if he decides to revisit you. Since you no longer use Remote Desktop, you have eliminated one of his options.

Back to Comodo Internet Security. The program automatically virtualizes all new programs that does not currently reside on your drive. So that would include legitimate programs you are installing, malware, ransomware, hacking tools, whatever. This it calls 'Auto-Containment'. A contained program installer will not install properly, so you simply turn off Auto Containment temporarily from the main menu when you need to install something. And remember to re-activate it afterwards. A contained/virtualized program will have a green windows border. That's how you tell the difference.

We have an expert on Comodo Internet Security and Comodo Firewall (a free product without anti-malware) in the forum by the username 'cruelsister'. She has laid out a fool proof setup procedure for setting this up. Simply do a message search and you will find it. She has also recently made a video demoing the latest beta version of CIS 2024. Actually there is another demo of CIS beta 2024 by Shadowra. Both videos demonstrate CIS's strong protection capability.

But as I mentioned, technical defenses all have a limited life time. Please remember that. Employ all 3 categories of defenses or it will be flawed.
Interesting, I read through Bitdefender forums and it seems that Bitdefender do scan boot sectors as well (I made a full scan and got this result , I don't know what to do). Regarding the solutions you mentioned, I maybe wasn't very specific, the laptop I use is for my own personal use mainly such as normal web browsing, gaming, I do also use it for work on different projects so I wouldn't want to have a machine where nothing is allowed on it. Lots of customisation can also sometimes represent an issue because when I get too many manual prompts about whether to allow something or not I don't want to be spending 2 hours each day investigating whether any change that happens was legitimate or not.

The reason I know I had my remote desktop compromised and this happened on my old laptop was that I seen some symptoms of my device acting weird such as slowing down and then I was also threatened outside of digital life where I knew 100 percent my devices(not only laptop but as I found out also my smartphone...) were compromised. I then bought paid version of Avast Antivirus that had remote desktop protection module which Immediately after installation notified me of breach of my remote desktop connection. Some time after that I got completely different devices and installed named security tools(not avast as when I was being hacked for a long period of time I had free version of Avast installed that obviously didn't protect me) from previous post on my system right after win installation, win 11 also has secure boot enabled by default and all other security settings as part of TMP 2.0. Unfortunately recently bitdefender has found out Babar malware family trojan on my system and I again have some real life reasons to believe my personal devices may have been compromised.

Also I see this black stains on my display from time to time for some split second which could be some graphics problem but also I have screen taking ability disabled by spyshelter and if you would take a print screen you would get just a dark square, may be a far fetch but if some RAT or something similar is taking screenshots of my desktop and sending it somewhere in a split microsecond it could perhaps cause something like this. I unfortunately also think that the laptop I have may be/have been physically accessed by the attackers so I think that Bitlocker could potentially at least help me with that if attackers would get physical access to the device again. Also regarding the recommendations there is always this discussion for every AV that it's the best one but I guess no security solution is a guarantee.
 
Last edited by a moderator:
  • Like
Reactions: simmerskool

Victor M

Level 13
Verified
Top Poster
Well-known
Oct 3, 2022
621
no security solution is a guarantee
That is the correct conclusion. Technical defenses can fail. And as I said, I fully expect my red team to be able to bypass Xcitium in the coming months.

There exists a security strategy to deal with this problem, and that is to deploy 'layers' of security. Once a layer is broken thru, there should exist yet another layer and thus the battle is not lost. As you have correctly learned, you cannot rely on a one layer complete protection. You additionally have SpyShelter currently that implements this strategy. If your cpu can handle it, add one more layer.

You mentioned the potential problem of encountering customization problems and too many security prompts. Sorry to say this, but it is best to maintain a 'steady state' configuration. When your list of applications don't change much, it is much easier to spot 'problems'. Attacks will stand out and you will be able to easily spot irregularities and know when to go on full alert. If you don't employ an EDR that gives alerts and choose the consumer Comodo, inspect the logs every day and you get the same visibility. Home users who are install happy are just taking on risks. You need to maintain a steady state or you will be wasting time, getting frustrated and making mistakes allowing things where you shouldn't. Separate your important private data from your work environment. Use a separate work machine which will never hold non work related programs and data. This is a procedural manual security control. Thus malware would not get onto the work machine. Your private machine can hold games, personal accounting things and whatever your risk appetite allows. Then you can adjust what security measures you need for each machine.

Another solution is to do regular penetration testing. Try to break thru things and bring out remediation in advance of the 'real big battle'. That's why we have red team hackers on staff. Small companies can do this too, as there are free lance pen testers for hire for as low as $40/hr (hacking expertise can vary) and you can state your budget hours. So you estimate how much time effort a real attacker will likely spend trying to attack you and your valuable data before giving up and going for easier prey and you set the budget hours for the pen test. Visa and Mastercard regulations actually mandate this. We do it more regularly than required. There is no reason why families can't do this too, set a small budget like 5 hrs and do it once a year. You will get a report showing where you ought to improve from an attacker's perspective.

I have a slightly different take on your avoidance of 'complete protection'. I avoid signature driven detection, and prefer solutions that apply the default deny principle. The idea is simple, whatever is not explicitly allowed is denied. This can be a in-use software vendors list, a 'white list' in any sort of rule set. It makes life simpler, you simply give it a small list of allowed things, and things that don't match up are blocked. Kaspersky, the anti-malware solution can be configured to behave this way. CyberLock, keeps a white list of the files currently on your drive. Xcitium auto-contains things not currently on your drive. These are all examples of security solutions that apply the default deny principle. Look into it.

If you suspect a RAT problem, then take steps to address the risk. Did BitDefender confirm that it was able to remove the Barbar malware? Brief google search reveals it is a RAT. Security is not complete until you at least Try to address it the best you can. To get to the root of the problem, you would have to consider the possibility that your hacker has returned. A RAT has to be deployed by someone. And as long as you don't remove his persistence mechanism, the hacker stays. I am not familiar enough with the many persistence mechanisms: registry hiding places where he can lodge himself and relaunch automatically whenever Windows reboots. You can research the Mitre Att&ck web site, look under Persistence, and it lists many techniques. If I knew those techniques by heart, there is a chance we can surgically remove him. So I'll just deal with the problem broadly. This maybe that your re-installation of Windows did not thoroughly get rid of him, so we can deal with problem the 'traditional' way - a thorough re-install of Windows. This should be done only after the forensics folks obtain their necessary disk images and ram images, or we lose valuable information, like the whole path of his attack, and how we can prevent a reoccurrence. But we don't have a forensics team handy. So we can't follow 'proper' incident response procedures. Constraints constraints. Or this maybe a new infection brought about by some new trojaned software install. Or this may simply be some hardware glitch. Take one possibility at a time and address it. Once you have got it covered, then move to the next. Until you eliminate the last possibility. I am a programmer by training, and this is the way problems are solved - you break down a problem into pieces and solve them one followed by the next. If one piece seems too big, break it down into sub tasks. It turns out like an organizational chart, main problem written at the top, then divided into pieces, and then further sub divided when necessary to break down complexity. Draw out the chart. Then it's just a matter of methodically doing the things required by each bottom most box. It takes whatever effort it takes; the risk Must be addressed. Big seemingly difficult problems can be solved with this method. Huge projects that span years are planned out this way.

Hacker returning: You say BitDefender scans the boot sector. That's all good, but do they have the right signature to match up to This hacker's tweaked tool and quarantine it. That's the key question. AV's are a technical defense, and they can fail. So switch to an administrative procedural defense. Before you start this step, do backup of all your data, browser bookmarks and passwords, plus all your program installers. Then download, burn and run Parted Magic's erase disk, before you re-install Windows. Just takes 15 mins longer than a regular Windows re-install and then you are assured. Hacker returning possibility eliminated. Sort of. We are missing data of his attack path, and he may be able to just repeat it. Then we might be going thru this again repeatedly.

Then you look at the second possibility which is that it might be a new infection brought about by some new trojaned software install. You just wiped the hdd and re-installed Windows, now check each of your installers' Properties > Signatures for OK signature and verify correct company name. If the complete signature checks out, then it guarantees that the installer is official and has not been tampered with. If it doesn't check out, delete it. Proceed to install all your software. 2nd possibility addressed.

Then you look at the last possibility which is a hardware screen problem. Things to do: run hardware diagnostics of the laptop, If an error is reported then send it to be repaired. Download latest display driver from hardware manufacturer web site; verifying signature; install them. Screen glitch possibility addressed with best effort. Nothing else left to do.

Big problem stated on the top of chart solved.

You should take this opportunity

Anyways, I am being long winded. For all I know, you may be a programmer. But your problem is not just deciding whether to purchase Windows or not. You have a security breach that is still on going.
 
Last edited:
  • Like
Reactions: simmerskool

n8chavez

Level 20
Well-known
Feb 26, 2021
961
I never said Pro is a server version, because it is not.

Microsoft developed the Pro version for businesses to be centrally managed by a sysadmin. That was Microsoft's intent for creating the Pro version of Windows in the first place.


I never said that a home user cannot use Pro. However, Pro was developed for businesses to be centrally managed. Most of the benefits of Pro are lost when a non-business entity uses it.

Most companies that require features only available on Pro provide the employee with a laptop with Windows Pro installed and centrally managed.
OP states that they might need to upgrade to Pro because their employer might require it. In Europe and North America, a company that requires an employee to use a specific version of Windows usually provides that version of Windows, most often on a pre-configured, centrally managed laptop.

There is no ambiguity here.

You're negating the original topic. There was no mention of business, any anything related to anything business. The original question asked about security, bitlocker and remote access between the Home and Pro versions. That's it. So why bring business into the discussion at all? There's no need, since it was never asked. You're talking about something no one else is, and about something that has no bearing in this conversation.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top