Jump to content

ProfessorUltraviolet

Member
  • Posts

    11
  • Joined

  • Last visited

  • Donations

    0.00 USD 
  • Country

    United Kingdom

About ProfessorUltraviolet

Profile Information

  • OS
    Windows 10 x64

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

ProfessorUltraviolet's Achievements

9

Reputation

  1. I'm not an expert on how DNS and connections work at the network level, but I'm guessing all networking is happening via IP and NAT (or ipv6/insidious ipv6 tunnels!!!), but everything these days requests domain names to get the right IP. So by denying the IP lookup via DNS, you're blocking the connection? Or are you essentially passing 0.0.0.0 or a 'null' IP to the DNS names you don't want things to get? Is all that done silently and relatively 'lightly' on the networking overhead? To me it still seems a bit risky letting Windows out on the WWW full stop. I'll have to go read up on how DNS works. It'd be nice to run a local router with a DNS cache (from a trusted vanilla DNS provider), and then Windows only needs to see the routers DNS, and blacklist can be created at *that* point, before Windows even gets to see it. I'm assuming then you can 'feed' Win10 only the DNS info it wants, because any other DNS requests are sent to null. BUT, all it'd take is one hard IP address that Win10 could access via whatever sneaky protocol it wanted, to get an IP list avoiding DNS. Ultimately we have to trust MS isn't going to subvert these age old network systems because if it does it can do whatever it likes. Given how well VMs have improved recently (GPU related mainly), I'm increasingly tempted to just try seal Win7/10 up for work inside a VM on Linux.
  2. I grabbed W10 Privacy and let it have a play and it seemed fairly ok to me. Ideally I'd still like to do all these tasks off a long list, with sub-articles for each change explaining the logic/impacts and how they work. In an ideal world we'd all use this method, learn something along the way, and know what is really happening, and guarantee spyware free. This site was good for Win7 hardening, the Win10 one is also interesting beyond just quieting Win10 down. A lot of what adds protection also protects you from MS. Also the more you're protected generally the less you need worry about Win10 'updates' to 'save you' from hax0rs. http://hardenwindows10forsecurity.com/ Also mentioning github projects it reminds me of this thread I read the other day. OK perhaps a bit tin foil hat, but github is about as vanilla as a raspberry ripple chocolate chip lemon ice cream. If you're already donning a bit of tin foil hat because of Win10 being spyware, then github downloads don't guarantee you're getting something whiter than white. I'm certainly going to look a bit more closely at these releases and double/triple check downloads from numerous places, check all the hashes and familiarise myself with the code a bit before just blindly using them. The possibility for big CDNs to just swizzle around data/hashes on these websites is all too reasonable to not ignore as a vector for undermining these tools (load pages without scripts, using a VPN, and check the URL, then reload via other means, check hashes remain constant etc) As they say "Trust, but verify" https://voat.co/v/programming/1439646
  3. I'm far from an internets expert, but I was running Windows Firewall Notifier (newer version with the map and stuff), and even on a fresh Win10 install on another laptop with all the possible 'normal' telemetry/update/sharing settings turned fully off, and all updates done, it was perpetually running about 50kb/s between up/down. Maybe it was updates being re-shared out, it was San Antonio servers via an svchost task. But yes if this is the 'best case' spamming of your connection, then worst case over a large network would be pretty terrible! I've had Win7 and Win10 setup not to update. Win7 for over a year since all this auto-update to Win10 stuff turned up, and Win10 for a good few weeks. I just create small attack surfaces and run the risk. Given most of what MS pushes likely adds new attack vectors you didn't know about (like opening up your firewall after an update without telling you), I honestly think your safer without MS in the loop and doing all your opSec and hardening yourself.
  4. I agree NoelC. Use Win10, but accept that it's no consipracy to say it's the thin end of a wedge in MS's plans. It's not going to get nicer to use, it's going to get harder to use if you want to have any semblance of privacy. Only a huge scandal/data leak will change things. In the UK we're just about to get the new snooping law which makes all government departments able to access your web meta-data. Anyone using VPN/Tor/other systems (like the US laws coming along?!) to obfuscate their web use is seen as fair game for government attack to see what you're 'hiding' Windows 10, Google, government via ISP. All your internets/computing activity are belong to us! I'm using Win10 just to learn more than I am to be happy with. Win7 will likely go on this laptop as soon as Win10 gets too much work. Purely from a professional stance, I'm not at all happy that MS and government can lift so much data and then make it available to 3rd parties, or exposed to hacks. I work with NDA material and competitive material. I pay professional insurance to cover all the legal side of things but when you move from a 'safe' Win7 config to the wild west Win10 you're a little uneasy if it'll come back to bite you down the line and you still somehow end up liable for agreeing to the MS TOS. Without having an 'off' button for all the spyware, how can I ever guarantee anything with regards to data security? As a 'small' business (freelancer) it certainly makes me feel like I'm never going to be able to be taken seriously when I'm using a leaky software operating system, and not having the 'big company' clout to have Enterprise versions and an IT chap making it secure (on paper) for me. In Win7 I could guarantee safety (or liability was clear) just by having encrypted drives and a firewall with MWB scanning actively. With Win10 all that is for nothing if it's sending data around willy nilly through AWS and whoever else, without me knowing!
  5. Unless MS make it so Win10 subverts the built in firewall, which is what I'm worried will eventually happen, then you're good to use Win10 how you like without adverts it seems. I closed up the firewall asap and I've not seen one advert anywhere. A block list of IPs was also added to a big chunk of Redmond, San Antonio and Virginia. I assume any of the CDNs will be serving adverts. Last time I had my firewall open (well, default, not open), MS was quick to have connections opening to amazon aws, among the other usual cdn. Just block it all I'd say. Either you buy into all the convenience, and you have to live with the adverts and spying in return for the free service, or you don't, and you can turn it all off. To be honest I think that's fine. Trying to get something for nothing is never going to work out.
  6. I agree, they didn't have to drag their desktop user market along for the ride though. They now appear to have a huge succesful thriving 'app' market like Apple, and loads of 'mobile' users, but really it's all a big numbers scam for those same shareholders. Reality will bite hard soon I hope. People are dumb sheep, until they're not. Once one of the big spyware houses like MS, Google or Apple get a big leak and people lose a good chunk of personal data, then the show will end abruptly I'd say. Personally I don't think MS can go back now. The US government and Western governments in general have their hooks too deep into these traditional software offerings these days. They'll never want to give up the telemetry and spyware. Which is exactly why an OS that is just that, a traditional OS, with no in-built anything, or cloud anything, will be the winner. I'm sure it can't be far away now. The market for people who want that must be reaching fever pitch now. Linux Mint, people locking down Win10, all the other Linux distros, people staying back on Win7/8. The userbase is huge!
  7. If there is one thing the whole Win10 thing has done it's made me and I'm sure many others more aware of what MS have been doing all these years, and with most of the opsec improvements many are making, I question the need for so many restraints and restrictions and updates. Windows has added so much convenience and 'ease' that they've made it insecure, now they're trying to put the genie back in the bottle with user restrictions. The irony being the system is now just as complex for an end user to set up, and no more 'safe' than it was before. The end result is you may as well just understand firewalls, setting up networks, and all that stuff the correct way, and then turn all the MS crap off!
  8. Yeah you're always going to miss out on new features unless you upgrade. But 5 years ago this idea of cloud/perpetual paying wasn't really a thing, now it is... but only really from the 'big' software producers or software service providers. So Microsoft + LinkedIn (all paying perpetually via personal data and real money with Skype) Autodesk, almost all is pay as you go now, and it's literally paying enough to have bought the software outright in just a few years now! Crazy money. Adobe, all pay as you go, not crazy money yet, but it's not a good deal either. If they divvied the cost outright to a truly PAYG monthly equivalent over 3 years, then it'd be quite attractive. But the higher costs to go PAYG and so on, really put you off bothering. So yes they have professionals by the balls. Some people let themselves get bullied. Others take their business elsewhere. BUT, loads of other people are making great new software that you just buy and keep forever. Too many people just struggle to change, but it's the only way to not be shafted for convenience. I say get vocal, get all crowdfundy, and get decent programmers out there to write quality standalone tools to do things like camera raw > open format. Maybe a small fee to update to the latest cameras? Or just a small fee for each camera you use? And the chances are a team like that could do it for a lot less money, create it 'open' so anyone can contribute, etc. Adobe only have a monopoly on that because consumers are too lazy to forge a new path. The internet is the perfect platform to make a stand. Microsoft is a different matter. All I can hope is that Microsoft goes near belly up on some privacy/data leak scandal and they at least rewind their data stance. Then all they need is to segregate (or offer choices) on how Windows is deployed. Ie, professional like win2k, mid level blends (win10), or novice tiley metro (win8). I can but dream!
  9. Aside from all the internety integration stuff, this is the major flaw with Win10 as a product. There is no alternative to things being dumbed down for professional users. MS seem to think everyone professional just draws circles and arrows pointing to things on a picture on a Surface using their finger, or tinkers all day. Little consideration is made for people who spend 8hrs a day pushing pixels and rendering, expecting them to sit through updates, scans etc, or interrupting a quick reboot for two hours for an update at a critical time! Increasingly the basic install is further and further away from what Windows users want and classically got. A user operated computer operating system. We now get an autonomous computer system. Win8 and Win10 were really not "Windows" in the classic lineage, they were a new line. Win 7 still hasn't been superseded by a program that moves it forward without changing the core purpose for end users. £100 for an unopened Win7Pro Retail is looking like an essential buy right now because despite my hopes, Win10 isn't getting better. It's kinda getting worse.
  10. I'm still on CS6 PS and AE here. I got them 4.5yrs ago now, so it was much cheaper than going CC which just arrived at the time. They're both still perfectly great for doing all my professional work. The way these big software companies want to go is total cloud. They can then take their market from a discretionary one into an essential one for any professionals and businesses. That is a better business model for financials, but not so great for the consumers. It won't be long until enough people transition to GIMP alike releases, despite the difficulty in doing so, and cause enough interest from the devs to rework the UIs into something half sensible, and then Adobe's business model is dead. But while businesses like MS, Adobe, Autodesk etc are all chasing cloud to chase capitve markets and fixed monthly revenue streams for their investors, they're slowly signing their customers transitions to open source software!
  11. I run a closed Windows Firewall, everything deleted. I explicity add what is needed, and turn it off if I'm not using it. So it's DHCP and DNS, a blocklist of loads of IP ranges for MS stuff is added over the list as extra protection, and then apps I toggle on and off as needed. I'll admit I've been tooling around lots today getting the 'ping' to work at various levels (a subnet rule and a global rule), so I've been opening and closing my custom firewall and the default firewall rules. But I'm pretty sure I had new Firewall rules added (crypto service, update service, etc), and Windows had added them to basically get the update function to work. I'm certain they were prefixed with "custom rule" then something like "crypto graphic service" etc In my haste/shock at seeing these new rules I just selected and deleted immediately, while I should have really disconnected my machine and looked at them more closely. I saw this behaviour a few days back with a new rule that had appeared for a Minecraft demo or something? The rules included one for crypto services, another for windows update... basically it looked like a hit list of 4 or 5 rules that would be specifically needed for Windows Update to run. Has anyone seen what SIH Client can do? After reading it's description it sounds exactly like this is the kind of task it could undertake to 'restore' Windows Update functionality? I've disabled the task, but I'm now thinking if there are other tasks that check up on this task, and turn it on. Basically will I ever 'win'?
×
×
  • Create New...