The colors and GIFs are a lot to take in lol. Does look interesting, however it does seem to sacrifice some privacy in the name of security for a handful of settings.
haha that was my first reaction too.
Yes that definitely is the case as sheâs basically just following all of Microsoftâs recommendations. Either way, still a great repo.
Windows by default is secure and safe
Doesnât sandbox your apps by default
mfw. No it isnât..
I love the design of this tool tho, very unique and pretty.
I disagree with that statement too lol.
Compared to what?
Itâs a security tool, not a privacy tool, so it makes sense.
Android/ChromeOS. An OS isnât âsecure by defaultâ if any program that is executed has full access to user data and/or can do whatever it wants to the system. Also, to my knowledge, there is no way other than virtualisation to securely sandbox windows apps. Preventing sandbox escapes require blacklisting some widely used syscalls which in turn breaks lots of common programs. Linux sandboxing is much better.
Letâs not turn this into another broad desktop OS discussion please.
There is also BeerIsGood who has both Windows and macOS hardening guides. It also has a link to this one and mentions that it provides more hardening and is better maintained.
Did you try this script?
yeah it works nicely.
Oh awesome! Did you do all the categories? It seems the script turns on a lot of potential things that would hurt privacy? Or am I mistaken?
I messed around with it in a VM and tried all the categories for the lols.
Thatâs true, a lot of the settings can compromise your privacy. I would recommend reading through what each option does before deciding if you should enable it or not.
This update marks the inaugural release of the Harden System Security application, representing a comprehensive reimagining of the original module. The new application is architected for enhanced efficiency, fortified security, and superior user experience.
It seems like this tool has received quite the substantial update.
The update is nice as the app store version works for more versions of Windows (such as iot).
I still think for casual users its a bit heavy handed. For example the recommended presets disables NTLM authentication (when I tested it did so regardless if I have the âblock NTLMâ box checked), which for most users will mean remote desktop is blocked. I doubt most users would want that.
But it is a nice tool if you are willing to research a bit before screwing with it.
I wouldnât follow any of her advice. She sounds like someone working for or paid by Microsoft to shill all their products because itâs clearly biased in their favor. Windows is not safe, nor is anything else from Microsoft.
There are situations where using VPN can provide security and privacy. For example, when using a public WiFi hotspot or basically any network that you donât have control over. In such cases, use Cloudflare WARP which uses WireGuard protocol, or as mentioned, use Secure Network in Edge browser that utilizes the same secure Cloudflare network.
So the connection goes from you â Cloudflare WARP â Cloudflare CDN â site basically defeating the whole point of the VPN and allowing sites to identify you? Or you â Microsoft â Cloudflare â Cloudflare â site if using the so-called âsecure networkâ? This is worse than no VPN at all. Itâs like using Tor is one company controlled all the entry, middle, and exit nodes and all of the onionsites. Even if it isnât, most VPNs nowadays use WireGuard.
Use Microsoft account (MSA) or Microsoft Entra ID to sign into Windows. Never use local administrators. Real security is achieved when there is no local administrator and identities are managed using Entra ID.
Connecting an online account to your whole system is one of the worst things you could do for privacy, security, and software freedom. What happens if Microsoft suddenly locks your account as theyâve done? Do users lose access to their own desktop?
BeerIsGoodâs advice isnât any better. But let all of this be a reminder as to what PrivacyGuides could have become if security was the only focus and the majority of users and team members were big tech advocates.
while I agree the connected account is worse on the privacy end, local accounts are laughably easy to get into. Geek Squad breaks into peoples local accounts all the time and has their own proprietary software to do so.
In nature, such vibrant displays are used to overwhelm and distract prey before moving in for the kill.
Some strong opinions on privacy from the author:
tl;dr
She failed to sync time in Whonix, because anonymity is hard. So why donât you want Mossad spying on your devices? Do you want to live in a terrorists paradise or what?
But the tool seems nice, I would like to use something like this. If we had similar thing from a random anonymous âprivacy-centeredâ dev, it wouldnât be any better, I guess, because it seems like no-one seriously auditing anything open-sourced anyway.