Jump to content

Windows 7: Built in Security


Lite

Recommended Posts

  • Administrator

Windows is often said to be "insecure" and requires lots of third-party tools to "be secure", but is this really the case?

Windows includes some powerful security tools by default, did you know they existed?

AppLocker:

AppLocker restricts unauthorized software while allowing applications, installation programs, and scripts that users need.

Review | Overview

BitLocker:

BitLocker Drive Encryption is a data protection feature.

Review | Overview

DEP:

Prevents an application or service from executing code from a non-executable memory region

Overview

Kernel Patch Protection:

Prevents patching the kernel. Basically: Prevents unauthorised modifications of the "core" operating system.

FAQ | Overview

User Account Control:

Limits application software to standard user privileges until an administrator authorizes an increase or elevation

Review | Guide | Overview

Windows Defender:

A software product from Microsoft to prevent, remove and quarantine spyware.

Review | Overview

Windows Firewall:

Is the firewall service included with Windows.

Guide | Overview

Windows Security Center:

Provides users with the ability to view the status of computer security settings and services. Windows Security Center also continually monitors these security settings and informs the users about the status.

Overview

So are these componants (& a bit of common sense) enough to keep us secure? Do we really need to waste time, money and resources on those additonal tools?

Link to comment
Share on other sites


  • Replies 33
  • Views 39k
  • Created
  • Last Reply

I could run my system without AV.

I could rely on the standard security. But I like to know whats stopped/blocked etc. I don't use my AV a lot.. I haven't had any problem with unwanted apps for a long time. :P

Link to comment
Share on other sites


Me either.. even with XP... but then again.. I have changed some things too.. but yeah I don't really use my Security Suite alot ..

@Lite AHH.. I see.. :)

Link to comment
Share on other sites


  • 1 month later...

@ Lite:

Very Nice Post. Wanna add to it SEHOP. In windows 7 it already come enabled for Internet Explorer, but there is a Microsoft Fix It to enable to all apps. There is UAC virtualization too. Internet explorer security is improved too (If you have enabled "Protected Mode" IE runs with low privileges).

Link to comment
Share on other sites


Thank you very much.

Actually, I'm testing these features cause I'm tired of the cumbersome of security apps (AV etc..) and saw some posts by ssj100. I discovered the couple "LUA (SUA) + SRP (AppLocker)" and trying it.

++

Link to comment
Share on other sites


Thank you very much.

Actually, I'm testing these features cause I'm tired of the cumbersome of security apps (AV etc..) and saw some posts by ssj100. I discovered the couple "LUA (SUA) + SRP (AppLocker)" and trying it.

++

Indeed is good.... add a backup/virtualization app and that's it. Applocker is a way better than SRP.... for what I read (not know if is really true) SRP is enforced by the parent application and applocker is enforced by the kernel. Adding to this the "Autogenerate rules" wizard to create publisher/hash rules to executables and scripts in "Program Files" and "Windows" folders and the default rules to windows installers and dlls.... a great lock. Easy and not use resources. You can even use this in a Adm account if you not use the rules garanting full access to ADM. Not sure if ssj100 mentioned, but some subfolders in "Windows" have write access to SUA, so if you are using the default rules (folder rules) a way to bypass it exist. some talk here:

http://anonymz.com/?http://www.wilderssecurity.com/showthread.php?t=272761

Link to comment
Share on other sites


I always wanted to use Windows firewall and Applocker , it's a shame that there is no some sort of popup which will ask user what to do for apps not included in rules.

I'm lazy and I hate manual labour :)

Otherwise I would use just internal Windows security features for sure.

Link to comment
Share on other sites


Sl@pSh0ck™

I am using hardware DEP, SEHOP and Windows Firewall on win7... no realtime AV just sandboxie and now playing w/ the updated winpatrol ... nice and easy setup :dance2:

Link to comment
Share on other sites


Thank you very much.

Actually, I'm testing these features cause I'm tired of the cumbersome of security apps (AV etc..) and saw some posts by ssj100. I discovered the couple "LUA (SUA) + SRP (AppLocker)" and trying it.

++

Indeed is good.... add a backup/virtualization app and that's it. Applocker is a way better than SRP.... for what I read (not know if is really true) SRP is enforced by the parent application and applocker is enforced by the kernel. Adding to this the "Autogenerate rules" wizard to create publisher/hash rules to executables and scripts in "Program Files" and "Windows" folders and the default rules to windows installers and dlls.... a great lock. Easy and not use resources. You can even use this in a Adm account if you not use the rules garanting full access to ADM. Not sure if ssj100 mentioned, but some subfolders in "Windows" have write access to SUA, so if you are using the default rules (folder rules) a way to bypass it exist. some talk here:

http://anonymz.com/?http://www.wilderssecurity.com/showthread.php?t=272761

Thank you for the informations.

++

Link to comment
Share on other sites


Sl@pSh0ck™

Wanna add to it SEHOP. In windows 7 it already come enabled for Internet Explorer, but there is a Microsoft Fix It to enable to all apps. There is UAC virtualization too. Internet explorer security is improved too (If you have enabled "Protected Mode" IE runs with low privileges).

here is how to enable Structured Exception Handling Overwrite Protection (SEHOP) in windows 7 manually (I always want to do it manually rather than running M$ Fix It :P)

  • Click Start, click Run, type regedit, and then press ENTER.
  • Locate the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\DisableExceptionChainValidationNote If you cannot find the DisableExceptionChainValidation registry entry under the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\ subkey, follow these steps to create it:
    • Right-click kernel, point to New, and then click DWORD Value.
    • Type DisableExceptionChainValidation, and then press ENTER.
  • Double-click DisableExceptionChainValidation.
  • Change the value of the DisableExceptionChainValidation registry entry to 0 to enable it, and then click OK.

    Note A value of 1 disables the registry entry. A value of 0 enables it.

  • Exit Registry Editor.
Link to comment
Share on other sites


I always wanted to use Windows firewall and Applocker , it's a shame that there is no some sort of popup which will ask user what to do for apps not included in rules.

I'm lazy and I hate manual labour :)

Otherwise I would use just internal Windows security features for sure.

If you not install/change your apps with frequency, you can use a software firewall (here i used Outpost to do this - I like the information and the easy to create rules in it) to see the rules needed to my gamer snapshot. After run all the apps i normally use, i anoted the name of the executables/ports/protocols and used the advanced firewall interface to create rules for Windows firewall. In this way you can easily make a Outbound traffic control through whitelisted traffic. How the core networking rules is already enabled, things are more easy. This app add a UI interface to you manipulate windows firewall... you receive prompts and can configure all from it.

http://anonymz.com/?http://www.sphinx-soft.com/Vista/order.html

Link to comment
Share on other sites


I always wanted to use Windows firewall and Applocker , it's a shame that there is no some sort of popup which will ask user what to do for apps not included in rules.

I'm lazy and I hate manual labour :)

Otherwise I would use just internal Windows security features for sure.

If you not install/change your apps with frequency, you can use a software firewall (here i used Outpost to do this - I like the information and the easy to create rules in it) to see the rules needed to my gamer snapshot. After run all the apps i normally use, i anoted the name of the executables/ports/protocols and used the advanced firewall interface to create rules for Windows firewall. In this way you can easily make a Outbound traffic control through whitelisted traffic. How the core networking rules is already enabled, things are more easy. This app add a UI interface to you manipulate windows firewall... you receive prompts and can configure all from it.

http://anonymz.com/?http://www.sphinx-soft.com/Vista/order.html

I have experience with Windows firewall, it's very good one.

Applocker I never used.

Yes, it's easy to make rules, that's not a big problem.

I even used Vista firewall control for a while.

However, I realized that I really don't need to waste time on something simple which can be done easily with some third-party software.

Biggest problem with Applocker is lack of whitelist.

There are few apps which are very light and do the job perfectly without causing any problems.

Link to comment
Share on other sites


  • 2 months later...

Enhanced Mitigation Evaluation Toolkit

"A toolkit to apply security mitigation technologies to arbitrary applications"

http://anonymz.com/?http://www.microsoft.com/downloads/details.aspx?FamilyID=4a2346ac-b772-4d40-a750-9046542f343d&displaylang=en

Link to comment
Share on other sites


  • 1 month later...

EMET V2 out, now with a GUI to make things more easy.

For those who may be unfamiliar with the tool, EMET provides users with the ability to deploy security mitigation technologies to arbitrary applications. This helps prevent vulnerabilities in those applications (especially line of business and 3rd party apps) from successfully being exploited. By deploying these mitigation technologies on legacy products, the tool can also help customers manage risk while they are in the process of transitioning over to modern, more secure products. In addition, it makes it easy for customers to test mitigations against any software and provide feedback on their experience to the vendor.

http://anonymz.com/?http://blogs.technet.com/b/srd/archive/2010/09/02/enhanced-mitigation-experience-toolkit-emet-v2-0-0.aspx

Link to comment
Share on other sites


Thank you someone !

Trying to understand these technologies (DEP, SEHOP...)

Link is dead for the moment for me...

++

Glad in help.

There is some information and a very nice video in these links:

http://anonymz.com/?http://blogs.technet.com/b/srd/archive/2010/07/28/announcing-the-upcoming-release-of-emet-v2.aspx

http://anonymz.com/?http://technet.microsoft.com/en-us/security/ff859539.aspx

Link to comment
Share on other sites


  • 1 year later...

I have used Windows 7 (64 bit) over a year now,with only Prevx.3.220 as only extern antimalware.There are so good security in Windows 7 as it is,but when used with Prevx it makes a system thats verrry good to combat malware.There has only been 2 malware attacks,and they was stopped (I dont know how much Windows own security did) by Prevx.Its so great to use a malware defender,there is practically non exsistent (ressource wise).You simply cannot feel its there.Great. :ph34r:

By the way I use a router with NAT together with Windows 7 own firewall.

Link to comment
Share on other sites


  • 7 months later...
  • 1 month later...
  • 2 weeks later...

all of them can't help without anti viruses

Link to comment
Share on other sites


all of them can't help without anti viruses

What is your security setup? B)
Link to comment
Share on other sites


Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...