Windows 8 and 8.1 Forums

Windows 8.1 – What are Best-Practice security tweaks?

  1. #11

    Posts : 1,360
    Windows 8.1 Enterprise

    Firefox Security Tweaks

    1) Type about:config into the address bar > click "I'll be careful, I promise"
    2) Type Security into search > double click the following..
    • security.enable_ssl3 Value = false
    • security.enable_tls Value = true
    • security.ssl.false_start.require-forward-secrecy Value = true
    • security.ssl3.dhe_dss_des_ede3_sha Value = false
    • security.ssl3.dhe_rsa_des_ede3_sha Value = false
    • security.ssl3.ecdh_ecdsa_des_ede3_sha Value = false
    • security.ssl3.ecdh_ecdsa_rc4_128_sha Value = false
    • security.ssl3.ecdh_rsa_des_ede3_sha Value = false
    • security.ssl3.ecdh_rsa_rc4_128_sha Value = false
    • security.ssl3.ecdhe_ecdsa_des_ede3_sha Value = false
    • security.ssl3.ecdhe_ecdsa_rc4_128_sha Value = false
    • security.ssl3.ecdhe_rsa_des_ede3_sha Value = false
    • security.ssl3.ecdhe_rsa_rc4_128_sha Value = false
    • security.ssl3.rsa_des_ede3_sha Value = false
    • security.ssl3.rsa_fips_des_ede3_sha Value = false
    • security.ssl3.rsa_rc4_128_md5 Value = false
    • security.ssl3.rsa_rc4_128_sha Value = false
    • security.ssl3.rsa_seed_sha Value = false

    These settings will force secure connections to use stronger encryption for added security.

      My System SpecsSystem Spec

  2. #12

    This is great info too!

    But I use HTTPS Everywhere. I wonder how much of the above is already taken care of with their Extension.

    I also run NoScript.
    NoScript - JavaScript/Java/Flash blocker for a safer Firefox experience! - what is it? - InformAction

    Then at some point the question becomes is disabling all these things creating security problems... Impossible to know.
      My System SpecsSystem Spec

  3. #13

    Posts : 70
    windows 8.1

    force-tls, noredirect, refcontrol, requestpolicy,

    Have you disabled
    Server service
    Computer Browser Service

    if you can get good results here
    IP check

    and if you are not leaking DNS info here (even with VPN connection)

    then probably you are fine in terms of browser security. Ulimately you system should be also usable, not only secured to the point of breaking everything.
    Win 8.1 is my first Microsoft OS since XP (and even then I was using it only as secondary OS), but with XP I could make system partition read-only for users so never had to install anti-virus or anti-malware. I doubt that this would be possible with windows 8.
      My System SpecsSystem Spec

  4. #14

    Posts : 1,360
    Windows 8.1 Enterprise

    Quote Originally Posted by Win8fait View Post
    But I use HTTPS Everywhere. I wonder how much of the above is already taken care of with their Extension.
    HTTPS Everywhere works exactly like the hosts file. It only redirects a web address to the secure version, it has no effect on the encryption chosen.
      My System SpecsSystem Spec

  5. #15

    Posts : 1,875
    Windows 10 Pro Prieview x64

    Quote Originally Posted by Michal View Post
    I could make system partition read-only for users so never had to install anti-virus or anti-malware..
    Really? Do you mean you made the C:/Windows directory read only? Or all of it including users directories, ProgramData etc? And it worked? It is not the only Windows directory that viruses and malware attack of course.

    Quote Originally Posted by Michal View Post
    I doubt that this would be possible with windows 8.
    I agree. I doubt it would be possible with XP. Or any OS at all unless you are thinking of some kind of live CD. Your users could not update the registry for the current user for example or did you somehow move it to another partition? At the very least they would need read/execute for OS programs. Read only simply would not work.

    Nice links though although Tor beats JonDonym if you are really worried about that sort of thing IMO
      My System SpecsSystem Spec

  6. #16

    Posts : 70
    windows 8.1

    You are correct this was not read-only setup, rather unix like approach.
    unix user can read or execute program but not write or modify and in some instances even list directory content. That is what I did with XP. User had read-only access to allowed folders and execute rights to exe files but write or modify attributes set to deny. The real problem was with registry to fix that I used regmon from sysinternals.

    Not sure at what Tor beats Jon Donym but Tor does not have an way of testing browser so for this specific purpose JonDonym beats Tor.
      My System SpecsSystem Spec

  7. #17

    @Michal – I disabled my [Server] service, but do not have a [Computer Browser] service. Perhaps disabling IE took that away.

    force-tls, noredirect, refcontrol, requestpolicy – wow, so adding/running all of these add-ons at the same time (along with HTTPS-everywhre & NoScripts)... The idea seems sound to me of disabling OEM functions, but ADDING scripts and whatnot to a browser from others... are all of those “open source” and more or less verified? (I'm an idiot – I apologize in advance.)

    This is an experimental machine anyway. Zero banking/finance/etc. I'm all-in to try this stuff. But I'm taking off in a few hours for a huge trip. Will have to reply/recon all this in a few weeks.

    @ectech – I'm going to run every one of those Firefox security tweaks too, when I get back!

    Thank you both for contributing!
      My System SpecsSystem Spec

  8. #18

    Posts : 70
    windows 8.1

    Computer Browser service is needed for browsing/announcing workgroups and domains so you can see shared resources. It has nothing to do with Internet Explorer.

    Computer Browser Service is gone from your services list because you had to disable Client for Microsoft Networks.

    As I mentioned though you did not remove IE from your computer, you just disabled IE accessibility for the user.

    Browser add-ons that I listed are verified by Mozilla, these are as trustworthy as HTTPS-everywhere - which on the other hand - is not verified by Mozilla, source code can be stolen from developer and modified to the whishes of bad guys. Bigger names (and more trustworthy) got servers broken. So all is up to you whom do you trust.
    I use all of these including HTTPS-everywhere. Never had any problems with banking, stolen credit cards info or any of important personal information.
      My System SpecsSystem Spec

  9. #19

    Posts : 1,875
    Windows 10 Pro Prieview x64

    What about firewall? 3rd party firewall recommendations

    I found the comment by OneEyed useful - just a snippit here

    Quote Originally Posted by oneeyed View Post
    For proper security you'll have to use a deny all on outbound connections, and create exceptions via rules in the advanced settings.
      My System SpecsSystem Spec

  10. #20

    Posts : 70
    windows 8.1

    of course, good firewall is important. Remember though that good bad software can get easily around it by using legitimate traffic. There is a lot of information about this issue on the net.
      My System SpecsSystem Spec

Page 2 of 3 FirstFirst 123 LastLast
Windows 8.1 – What are Best-Practice security tweaks?
Related Threads
Solved Performance Tweaks for Windows 8.(1) in Performance & Maintenance
Hello, Is there some good Registry Tweaks for better/faster performance? I Run Windows 8.1 64 bits - build 9600. I tried JV16 powertools. But is there some other tweaks for a faster responsive OS? Thanks!
Hi What is the 'best practice' for managing one's passwords? A) HOW SHOULD I STORE PASSWORDS? Problems: 1. I need to manage a fairly large number (i.e. 50+). So there are too many to remember. 2. Obviously I don't want to keep them inside a simple unencrypted text file, in case my data...
Hi, this is somethig i do not get, and relly do not like how it seems to work: what i would like to achieve is 1) in first instance: to update *all the system* at a time, so far what it seems to me now it's like i have to manage two operating systems one on the desktop side and one on... Read More: Windows 8.1 preview: many small tweaks make for a significant update | The Verge
story here: Windows 8 Apps Get Pre-Launch Tweaks - Software - Windows 8 -
Eight Forums Android App Eight Forums IOS App Follow us on Facebook