Hi, Some people know me by name in the Matrix room. I am working on the Windows Guide for PG.
I am following Windows Hardening and Privacy Guide by Beerisgood on Github for this. I worked a lot on it. But due to many conflicts in the PR. I closed it and working on the same in a new one.
I would like to get some advice on what should I add in my guide.
I think a Windows guide is a good idea as many people cannot switch to Linux as it lacks software like Microsoft Office, Adobe Creative Cloud, and many games. Also Windows is a lot more secure than Linux. I agree with Beerisgood on a lot of things:
Itâs a good idea not to install anti-spying tools like ShutUp10 but to use official documentation instead as installing extra tools increases attack surface and gives you another party to trust, and itâs always best to get information from first-party resources and not third-party ones, hence why TOS;DR was removed. In general itâs best to use first-party software as much as possible and avoid installing extra software.
Microsoft edge is the only browser Iâd recommend for Windows users as it is the only one that natively supports hardware isolation and allows disabling JIT.
I agree that open source software like 7-Zip, LibreOffice, Veracrypt, and Firefox should be avoided as itâs less secure than Microsoft software.
I agree with most of the Microsoft recommendations for the average home user. Paranoia about Microsoft telemetry is worse than the telemetry itself and using a Microsoft account does have security benefits and I see why Microsoft requires using a Microsoft account with Windows now, though it does allow Microsoft to spy on you even more. It depends on whether you prioritize privacy or security.
Not really. Youâre adding another party to trust simply for convenience. Itâs best people learn to use Windows firewall.
Hardly a cut and dry case. Microsoft Edge is also known for showing ads for malware on its home screen, bundling bloatware like invasive âbuy now, pay laterâ services, and integrating âfeaturesâ like automatic coupon/deal finding (which send your browsing history and bookmarks to Microsoft). It also doesnât implement privacy features even Chrome has standard, like end-to-end encrypted sync.
Microsoft does not have native tools which do what 7-Zip does (i.e. opening anything other than a .zip file).
Microsoft telemetry is literally a keylogger.* Besides maybe Facebook and their complete lack of ethics and boundaries Iâm having a hard time thinking of something pushed by a big tech company which is more invasive than Microsoft telemetry on Windows 10/11.
I also canât find any sources indicating a Microsoft Account user is more secure than a Local user at a glance, but I could be wrong about this. The only security advantage which comes to mind is automatic device encryption, which we specifically recommend against already in favor of a manual Bitlocker setup because âDevice Encryptionâ sends your recovery key to Microsoft.
* Microsoft telemetry is better than it was, I remember a lot of overblown articles about it when Windows 10 was Insiders-only, when pretty much all beta software will require deeper analytics/telemetry for product improvement because itâs⌠in beta. But Microsoftâs privacy defaults are still unsafe, their whole approach to privacy is a giant âjust trust us!â black box.
open source software like [âŚ] LibreOffice [âŚ] should be avoided as itâs less secure than Microsoft software.
I wasnât aware that LibreOffice is less secure than Microsoft software (Iâm assuming you mean the Office 365 suite). Iâm interested to know more (I currently use it): do you have any references I could read?
Microsoft Office can utilize MDAG (Microsoft Defender Application Guard). The free versions of Microsoft Office work inside web browsers and donât allow active content on desktops. LibreOffice has no sandboxing preventing untrusted files from accessing trusted resources. If there was a vulnerability in LibreOffice like there was a few years ago, attackers can create documents that can execute malicious code onto your computer.
I didnât know that the Application Guard supported Office: thatâs great. And Iâll keep an eye on The Document Foundationâs security advisories. Thanks!
I really like privacy.sexy to create my windows configurations. It also has settings i really wouldnât recommend like disabling defender, but itâs very transparent and easy to configure.
As Jonah pointed out the telemetry of windows is something to worry about. It really is super invasive (especially the non-EU version). We should advice users to limit this as much as possible.
Microsoft accounts do not automatically enable device encryption actually, but device encryption is enabled by default under windows 11 (depending on hardware available). In my opinion it isnât much more secure. An attacker can still add another administrator account and through this gain access to the userâ files using the same attacks that are known against local accounts, so this practically does not make any difference.
There is nothing hypocritical about this. Simplewall does not add anything new that cannot be done with the standard Windows firewall. How else is someone going to play Steam games? It may be better to just game on consoles instead of the PC.
PrivacyGuides became sane. One cannot have privacy without security and security is more important than freedom. It makes much more sense to use a Google Pixel than a Linux phone and a new Windows secured core PC or a Chromebook than a Thinkpad older than a decade. Security researchers are more trustworthy and reputable than free software activists.
I agree with most of your points from a very high level, but this:
is honestly a dangerous thought process to me. Putting faith into huge organizations with outsized power in the world is a recipe for disaster.
Sure, getting malware is terrible and could potentially materially impact your real life if your bank account got drained as a result, for example. But by prioritizing security this much, one loses balance and view of the bigger picture, in my opinion.
Since you replied to some of my recommendations. You cannot achieve privacy without security and neither the other way around. There are definitely differences but privacy and security more often overlap in their goals. The balance is hard to define but a large part of privacy, in context of today, is about data protection. Without good security you risk being infected or leak your data somewhere. You can really put a lot of effort in hiding with projects giving you a lot of privacy but no security until one day you get pwned and everything you worked for is gone. In the current day security risks are really high, especially for individuals seeking privacy. We have got enough proof for that seeing cases like Pegasus (the possibility of this I have warned people for for years). And many have been shocked by the wide spread of these attacks, and we yet have seen only one of them. May it serve as an example of what is possible and how little we know what is out there. To put it simply without security your privacy protections are worthless. This sometimes means you need to make compromises.
Also note we never recommended Windows in the first place. But given you already trust Microsoft (by using it) you may as well use them to secure you instead of being even more vulnerable. If you need a higher standard of privacy: DO NOT USE WINDOWS.
Yes but you can have privacy without freedom. You canât have privacy without security.
If you need a higher standard of privacy, you should use GrapheneOS on the newest Google Pixel and nothing else. Linux and OpenBSD are a security nightmare.
Which is why you only install apps from the Microsoft store. Windows out of the box is far more secure than Linux out of the box and it can be hardened like any other operating system. Out of the box, ChromeOS is the most secure, then macOS, then Windows, then Linux. I agree that Linux can be made secure once hardened but most people arenât expected to harden Linux enough to where it matters and really are better off using Windows, macOS, or ChromeOS.
OpenBSD has no GUI isolation as it uses Xenocara (a fork of Xorg) instead of Wayland, making it impossible to fully sandbox apps. It also lacks proper verified boot among other mitigations and the mitigations it does have arenât as good as the ones found in proprietary operating systems. To call OpenBSD a secure operating system is like calling Lynx a secure browser. OpenBSD is a meme.
I think everyone here as a valid point: security, privacy, attack surface, freedom, etc. are all important subjects but I think we are losing sight about threat model.
Weâre talking about the Windows guide section, the average user here has a pc probably with an office suite, some games, utilities like 7zip, pdf reader, music and video player and more.
Iâm all into minimal setup but imo it is not realistic nor useful to simply promote âdo not install anything outside MSâ cause it potentially increases attack surface. Itâs quite useless to have a PC that canât run software. So the question for me should be how can we run software without too much compromise security and privacy and usability.
The GrapheneOS approach is a great example, itâs secure, hardened and it still retains a great usability and user experience. To block network use you donât have to install a firewall app or mess around with obscure settings, you just flip a switch.
Now Windows itâs not so easily manageable in that regard and if itâs not simple enough people just donât use it, so a relatively easy approach should not be totally dismissed (I also think disable telemetry here).
So, are third party sandboxes, firewalls, privacy scripts, etc. worth to improve the security/privacy/usability Windows balance?
By only installing software that we need and using whatâs provided by Microsoft whenever possible. In general, itâs advised to stay away from desktop apps and use the web browser for most activities including Email as websites in a browser are much less privileged than native apps and installing extra software can increase attack surface. Games and apps like Spotify and Discord are fine if they are required but it is possible to do a lot of this inside the browser.
If one cannot afford Microsoft Office, they should use the free versions that work inside a web browser and donât allow active contents in desktops.
Use your browserâs built-in PDF reader. You can download the PDFs and then turn off your internet connection to prevent network connections from being made while reading the PDF.
Use the default music and video players that come with Windows.
Use Bitlocker for encryption as Veracrypt breaks secure boot.
Do not install a bunch of security software and stay away from cleanup tools like CCleaner, anti-spying tools like ShutUp10, backup software (use cloud storage or USB drives for backups), and third-party uninstallers like Revo Uninstaller. Itâs best to use the default Windows Defender instead of installing a third-party antivirus.
Firewalls and privacy scripts are not. Use official documentation from Microsoft. I have not used Sandboxie so I canât really speak for it, though generally third-party security software can weaken the desktop security model like VeraCrypt does.
Iâll let others deal with the misinformarion in this threadâŚ
To the op CSI benchmarks are the gold standard baseline that even the biggest companies use.
Many sysadmins and Cybersecueity professionals in my professional experience (and most sysadmin forums) will agree. You can do a search on your preferred engine to easily verify my claims.
Note: itâs good practise to paste thinks in full, on forums and emails, where feasible.
Search for âWindows Desktopâ and your Linux distro for Linux users.
NIST and STIGs are also considered authoratative standards in the industry
NIST (National Institute of Standards and Technology)
STIGs (Security Technical Implementation Guides).
Aside from these resources you should identify common threat models and usage goals to tailor the benchmarks accordingly into different âprofilesâ that are relevant to readers.
From memory when running through BeerIsGoodâs guide there were some flaws in his thinking, that caused me to stop reading part way through, Iâm no longer a windows user so Iâm not going to review it again to be more specific.
Do not install a bunch of security software and stay away from cleanup tools like CCleaner, anti-spying tools like ShutUp10, backup software (use cloud storage or USB drives for backups), and third-party uninstallers like Revo Uninstaller. Itâs best to use the default Windows Defender instead of installing a third-party antivirus.
Itâs worth noting that Microsoft lets you uninstall a lot of apps with the winget package manager (If you donât like Cortana itâs as simple as winget uninstall Cortana for example), so third party uninstallers arenât really needed. Though of course itâs best to clean install Enterprise/Education so as to be able to have minimal bloatware and easy disabling of telemetry out of the box. If one isnât a student/canât afford either/isnât willing to use MAS, then I think Pro still has less bloatware out of the box (though telemetry canât be fully disabled like on Enterprise/Education).
If you are going to forgo clean-up and blocking scripts, then I think the suggested Group Policy edits need to be quite extensive. Telemetry: Level 0 isnât a catch all to stop Windows from sending data completely.
I think Sandboxie should not be recommended as it doesnât have any hardware isolation unlike Windows Sandbox, which uses Hyper-V, making it much harder for malware to escape.
