Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Operating Systems
Windows 11
Worth Upgrading to Win 11 Pro for Security Reasons?
Message
<blockquote data-quote="Victor M" data-source="post: 1076712" data-attributes="member: 96560"><p>Well, what you are going to use may be dictated by your company, and you will need Pro if they say so. I agree with Bot that having Group Policy gives you more control security wise. For a simple one step thing to setup group policy you can consider using Microsoft Windows 11 Baseline for 23H2.</p><p></p><p>To apply the Baseline you need to issue 3 commands in Powershell:</p><p>Set-ExecutionPolicy RemoteSigned</p><p>Baseline-LocalInstall -Win11NonDomainJoined</p><p>Set-ExecutionPolicy Restricted</p><p>If you are not comfortable with Powershell, you can ask your IT admin gal to help you out.</p><p></p><p>To see all the settings available in Group Policy, you run gpedit. There are a LOT of settings. Take your time to explore.</p><p></p><p>Use VeraCrypt as @[USER=61892]TairikuOkami[/USER] suggests. BitLocker only safeguards your laptop data if it is stolen and prevents a person who can't sign in from seeing your things. BitLocker automatically decrypts everything once you sign in. So it offers no protection for most threats: from ransomware to hackers.</p><p></p><p>So you were among the unlucky ones that got hacked via Remote Desktop, it happened to a buddy of mine too. One thing I remember seeing is that you can change the default port 3389 to something else. By doing that, you escape those attackers who blindly attack that port number and scan the internet for it. But [USER=61892]@TairikuOkami[/USER] 's suggestion of TeamView offers an extra safeguard, you have to use a phone app to authorize yourself in addition to the username and password. But depending if you are calling the office,, the TeamViewer option may not be available to you if they don't use it. Most large corps don't allow end users to install software. We are not big, but we emulate best practices that big corps follow and we don't allow it either.</p><p></p><p>One security control I have used for many years is called CyberLock. It works adjacent to Windows Defender or any anti-malware. And it inspects everything that tries to run, checking the program's signatures, and several other things. It can stop things that Windows Defender misses. It's developer is on this forum, and if you have any questions, you can find him directly. His username is Dan. Just use the message search function and lookup CyberLock.</p></blockquote><p></p>
[QUOTE="Victor M, post: 1076712, member: 96560"] Well, what you are going to use may be dictated by your company, and you will need Pro if they say so. I agree with Bot that having Group Policy gives you more control security wise. For a simple one step thing to setup group policy you can consider using Microsoft Windows 11 Baseline for 23H2. To apply the Baseline you need to issue 3 commands in Powershell: Set-ExecutionPolicy RemoteSigned Baseline-LocalInstall -Win11NonDomainJoined Set-ExecutionPolicy Restricted If you are not comfortable with Powershell, you can ask your IT admin gal to help you out. To see all the settings available in Group Policy, you run gpedit. There are a LOT of settings. Take your time to explore. Use VeraCrypt as @[USER=61892]TairikuOkami[/USER] suggests. BitLocker only safeguards your laptop data if it is stolen and prevents a person who can't sign in from seeing your things. BitLocker automatically decrypts everything once you sign in. So it offers no protection for most threats: from ransomware to hackers. So you were among the unlucky ones that got hacked via Remote Desktop, it happened to a buddy of mine too. One thing I remember seeing is that you can change the default port 3389 to something else. By doing that, you escape those attackers who blindly attack that port number and scan the internet for it. But [USER=61892]@TairikuOkami[/USER] 's suggestion of TeamView offers an extra safeguard, you have to use a phone app to authorize yourself in addition to the username and password. But depending if you are calling the office,, the TeamViewer option may not be available to you if they don't use it. Most large corps don't allow end users to install software. We are not big, but we emulate best practices that big corps follow and we don't allow it either. One security control I have used for many years is called CyberLock. It works adjacent to Windows Defender or any anti-malware. And it inspects everything that tries to run, checking the program's signatures, and several other things. It can stop things that Windows Defender misses. It's developer is on this forum, and if you have any questions, you can find him directly. His username is Dan. Just use the message search function and lookup CyberLock. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
