Securing Win 8.1

whysper

New Member
Messages
1
I would like to know if anyone can point me to any guides I can look over to secure my windows 8.1 laptop. I don't need it a kiosk, but I wanted it similar to something you'd find on a Linux distribution, if that's possible. Does anyone know of any good guides, or have personal experience with said guides?
 
This page is probably the best guide I have come across that's free and public.
Harden Windows 8.1

So in short.

Disable services you dont need.
Turn of unneeded network protocols.
Enable SRP or Applocker.
Cryptoprevent is a good free tool that populates some SRP rules for you.
Whitelist outbound traffic access.
If using a browser with no native privilege reduction implement icacls to enforce it.
Install malware bytes anti exploit, its free. It will enforce memory exploit protections on web browsers.
Consider also using EMET to apply protections to other apps, although this isnt as easy to use as MBAE.
Set DEP to optout or always on with this command. dont use EMET to set it, is a bug, see my post here----> Weird DEP behaviour | Wilders Security Forums
'bcdedit /set nx optout' or 'bcdedit /set nx alwayson' reboot to apply change.
Try to use an anti virus that has a whitelist system for binaries, avast is free and has whitelisting if you enable hardened aggressive mode. When a unrecognised binary is executed you will be prompted to whitelist it or it wont run. avastwhitelisting.png
If you installed EMET, add all binaries that access the internet if possible to its app list, also add svchost.exe, lsass.exe and winlogon.exe system32 binaries for protection.
 
Just throwing it out there, I believe I recently read that There was a security group that beat emet.. I'll try to find that article for you..

Though I think I remember them saying it would have to be a pretty hardcore dedicated hacker to bypass it..
 
Of course it can probably be defeated, but its a barrier. it will still probably block most malware that targets memory type exploits..
 
One more idea, to not have to configure everything and hope you can use your "fortified" system properly, without so much hassle -

is just buying a computer for less than $200 you could just have a secondary computer that you don't care what happens to and then use the 1st primary computer for the "secure" stuff.. Just hook it up to your 40 inch TV and good to go without caring about it being malware flooded because you can just format the hard drive every week hah.

cheap.JPG





--------------
2ndcheap.JPG
 
Back
Top