Windows Hardening Guide | 2024 Edition

แชร์
ฝัง
  • เผยแพร่เมื่อ 23 ธ.ค. 2024

ความคิดเห็น • 86

  • @KenHarrisio
    @KenHarrisio  3 หลายเดือนก่อน +14

    I intended this video to be 20 minutes, but it turned into an hour long yap fest. If you're looking for one thing on the list for high impact, I recommend checking out one of the firewalls I mentioned.

    • @billlee5679
      @billlee5679 3 หลายเดือนก่อน +4

      I love listening to your inference and reference even to the tiniest trivial things. You have raised certain topics on malware boot kit, rootkit, rnalicious scamming software and devices, without your elaboration and illustration, we fans won't know any wherefores. I could just see and hear your continual coherence in presentation of your whole channel. Logical steps allow us to mitigate in times of crash and crisis, so your videos could be good companion with us 24/7. Thank you so much!!!

  • @michaelbennett9127
    @michaelbennett9127 3 หลายเดือนก่อน +6

    I learned so much. Waffle away mate. A great, comprehensive tutorial. Thank you.

  • @Upgrayedddd
    @Upgrayedddd 3 หลายเดือนก่อน +4

    You weren't kidding about the chatter. Subscribed

  • @steventelfer8186
    @steventelfer8186 3 หลายเดือนก่อน +1

    This is exactly what i was looking for! Thank you

  • @CedroCron
    @CedroCron 3 หลายเดือนก่อน +4

    I'm the same as you with what I use for my own windows installs, for family I use Bitdefender because I find with everything turned on it keeps my parents and in-laws safe because they click on stuff they shouldn't. I also like that I can manage their settings from my Bitdefender control panel. Also tip, turn off the auto-renewal and wait for the emails offering you a cheaper renewal. I get the 10 license super cheap.

  • @brob10
    @brob10 11 วันที่ผ่านมา

    Nice content brother.

  • @sayid3856
    @sayid3856 3 หลายเดือนก่อน +1

    Great vid as always! Keep up the good work mate! Cheers

  • @IlIIlIllI
    @IlIIlIllI 3 หลายเดือนก่อน +2

    fire video, I love long style videos but you cant please everyone, my advice is clip the important parts and make it a 15-20 minute video, then make an extended version (think of it as a solo podcast) with all the details. Just a thought, have a good day

    • @KenHarrisio
      @KenHarrisio  3 หลายเดือนก่อน

      Thanks for the suggestion! I've been strongly considering doing clips (or a clips channel) for people wanting the shorter versions.

  • @drmikeyg
    @drmikeyg 3 หลายเดือนก่อน +1

    Thanks Ken, great video.

  • @_idi0tsavant_
    @_idi0tsavant_ 3 หลายเดือนก่อน +1

    great information ken. thanks!

  • @Username28824
    @Username28824 3 หลายเดือนก่อน +1

    Amazing video. thanks so much

  • @supriyochatterjee4095
    @supriyochatterjee4095 3 หลายเดือนก่อน +2

    Excellent information, please make a video on how to configure and tuneup Windows Firewall for the maximum security.

  • @F-Bomb313
    @F-Bomb313 3 หลายเดือนก่อน

    nice, thanks for this video man, great information

  • @optimizedujjwal1592
    @optimizedujjwal1592 3 หลายเดือนก่อน +2

    hey man love u so much great u are big lion heart person brother well done

    • @KenHarrisio
      @KenHarrisio  3 หลายเดือนก่อน +1

      Hey brother, I'm glad to see you're still around! God bless!

    • @optimizedujjwal1592
      @optimizedujjwal1592 3 หลายเดือนก่อน +1

      @@KenHarrisio 🥰

  • @pashachoo
    @pashachoo 3 หลายเดือนก่อน +1

    thank you proffesor

  • @fbifido2
    @fbifido2 2 หลายเดือนก่อน +1

    Can you do a video on Windows Firewall, and why the incoming rules has stuff in it?

    • @KenHarrisio
      @KenHarrisio  หลายเดือนก่อน +1

      Excellent idea, thanks for letting me know. I'll add it to my list!

  • @JohnnyJazZzZz
    @JohnnyJazZzZz 3 หลายเดือนก่อน +2

    Great vid!
    When recall gets forced on me I'm switching OS.

  • @dukejukem413
    @dukejukem413 3 หลายเดือนก่อน +1

    Bitlocker question. Should I enable those settings in group policy before enabling bitlocker or after? I ask because I enabled bitlocker on a system a few weeks back and i noticed the setup didn't give many options and i don't think it allowed me to choose 256 bit encryption. Very odd that's not on by default.

    • @KenHarrisio
      @KenHarrisio  หลายเดือนก่อน

      Sorry for the super late reply. I'm finally going through all my comments now. This is something annoying about BitLocker - these settings aren't turned on by default. If you want to harden anything (PIN, encryption strength, etc), it requires disabling and then re-encrypting to have the changes work.

  • @fbifido2
    @fbifido2 2 หลายเดือนก่อน +1

    I just installed Win 11 24H2 and removed all the Windows defender incoming rules, and the machine works fine.
    after I restarted, a few rules gets auto install back into incoming rules?

    • @KenHarrisio
      @KenHarrisio  หลายเดือนก่อน +1

      Here's some guessing on my part - I'm not sure what apps are specifically getting rules added, but Windows is probably auto adding rules back in automatically so its processes can work correctly.
      As for any potential 3rd party rule getting added, this has been one of my contentions with Windows Firewall, where apps can add in rules whenever they want to.

  • @lotuschamp7796
    @lotuschamp7796 3 หลายเดือนก่อน +2

    You reckon the Microsoft Activation Scripts (MAS) safe for use, or has there been any reports of underhand mischief at play?

    • @Sarah-vs-Hagar
      @Sarah-vs-Hagar 3 หลายเดือนก่อน

      Microsoft is never safe when you have Gates using his worldview to change the lives of people. He is committed to Jesuitism. Watch the new video by Adullam Films called American Jesuits to see how Georgetown is behind the scenes as well,

    • @KenHarrisio
      @KenHarrisio  3 หลายเดือนก่อน +2

      As long as you download it from the official site/repo, you should be good. The people who say they've been infected by it got it from a shady source. Like any popular repo, bad actors will clone these to try to get people to download malware and sometimes they get the repo listed on Google. With how many people use the tool, I think people would catch malicious changes right away.

  • @adrianocastaldini
    @adrianocastaldini 27 วันที่ผ่านมา

    Just a doubt: I've installed Bitdefender and it replaced Windows Defender, but I also noticed that Core Isolation is now un-activable. Is it normal? Many thanks in advance.

  • @tanjifoyo3821
    @tanjifoyo3821 2 หลายเดือนก่อน +2

    How does port master compare to comodo firewall

    • @KenHarrisio
      @KenHarrisio  หลายเดือนก่อน

      Portmaster is more feature rich, but if you want something with basic firewall functionality, Comodo would be okay.

    • @СерхиоБускетс-ф7я
      @СерхиоБускетс-ф7я 18 วันที่ผ่านมา +2

      Comodo has a sandbox and powerful HIPS protection. The firewall is not very convenient, but you can still configure access quite effectively. Comodo is needed for maniacs who are willing to spend time on truly powerful protection.

    • @infotruther
      @infotruther 10 วันที่ผ่านมา

      @@KenHarrisio or simplewall

  • @blake-ow9mv
    @blake-ow9mv 2 หลายเดือนก่อน +1

    Is portmaster working fine now? I used it few years ago it was very buggy and it was breaking things.

    • @KenHarrisio
      @KenHarrisio  หลายเดือนก่อน

      It has improved massively since then. I have been a user of it since right after the first release and it is a much different program now.

  • @nubfaceforthelose
    @nubfaceforthelose 3 หลายเดือนก่อน +1

    I assume this applies to Windows 10 also until it dies? How does the CTT script go with defender and portmaster and having tron for emergency sound? As always thanks for the videos man.

    • @KenHarrisio
      @KenHarrisio  3 หลายเดือนก่อน +1

      Yeah, I've tested this and these tweaks work 1:1 across 10 and 11. The only difference will be some slight differences in Group Policy between the two versions. CTT's script seems to work well with Defender and Portmaster. I've seem some reports that some of the tweaks can cause issues with wifi, but I've not seem anyone talk about issues with ethernet. I haven't tested Tron before, so I can't speak to the compatibility of it with everything else.
      Thanks for supporting the channel!

  • @yosyh
    @yosyh 3 หลายเดือนก่อน +1

    Hi, will "Windows Firewall Control" work with DefenderUI or ConfigureDefender?

    • @KenHarrisio
      @KenHarrisio  3 หลายเดือนก่อน

      Yeah, it'll work well with both options. The firewall just makes it easier to allow/deny what gets access to the internet. I've used Simplewall for years (similar to WFC) and it works great with hardening tools.

    • @yosyh
      @yosyh 3 หลายเดือนก่อน

      @@KenHarrisio Thanks,
      Thanks,
      I'll try.
      DefenderUI or ConfigureDefender?

    • @KenHarrisio
      @KenHarrisio  3 หลายเดือนก่อน

      @@yosyh The abilities of each are close enough to each other, so I would give preference to ConfigureDefender since it's open source.

  • @shiijei2638
    @shiijei2638 3 หลายเดือนก่อน +1

    "You won't be able to connect to Kaspersky servers"
    I assume this means "if you aren't using a VPN"?

    • @KenHarrisio
      @KenHarrisio  หลายเดือนก่อน

      That's up in the air. Most services can detect a VPN IP and might not allow account creation. If it does work and the connection dropped even for a moment, your account would probably be blocked.

    • @СерхиоБускетс-ф7я
      @СерхиоБускетс-ф7я 18 วันที่ผ่านมา

      @@KenHarrisio Funny. I update Bitdefender via VPN while the antivirus is blocked for Russia. There is no problem using Kaspersky in the USA.

  • @Yoursss_Trulyyy
    @Yoursss_Trulyyy 3 หลายเดือนก่อน +1

    Thank you for making a security educational video about security. Can you make a video about online banking security?

    • @KenHarrisio
      @KenHarrisio  3 หลายเดือนก่อน

      Sure thing, I'll add it to the list!

  • @epic_journey.
    @epic_journey. 3 หลายเดือนก่อน +1

    Defender ui vs configure defender which is better?

    • @KenHarrisio
      @KenHarrisio  3 หลายเดือนก่อน +1

      As far as what they accomplish, they have similar capabilities. I would be more willing to recommend DefenderUI if the app was open source. I'm becoming more hesitant these days to recommend something that isn't open source with a large user base or a closed source program with a publicly known team.

  • @Alex13312
    @Alex13312 3 หลายเดือนก่อน +1

    Are you using both simplewall and portmaster?

    • @KenHarrisio
      @KenHarrisio  3 หลายเดือนก่อน

      Yeah, I've been doing it for a few years and they work great together!

  • @_vindicator_
    @_vindicator_ 29 วันที่ผ่านมา

    as far as i remember core isolation was done for spectre & meltdown

  • @TacticalBoss
    @TacticalBoss 3 หลายเดือนก่อน +1

    Hey could you do one for windows 11 please? thank you

    • @KenHarrisio
      @KenHarrisio  3 หลายเดือนก่อน

      The tweaks here can be used on both W10 and W11. I use these tweaks personally between the editions and they work well. Group Policy used to have some privacy differences between 10/11, but they are mostly the same now.

  • @lussor1
    @lussor1 3 หลายเดือนก่อน +4

    You missed tweaking privacy tools like Chris Titus wintool

    • @KenHarrisio
      @KenHarrisio  3 หลายเดือนก่อน +2

      Damn, good point. The ISO creator he added is solid.

    • @Upgrayedddd
      @Upgrayedddd 3 หลายเดือนก่อน

      Ultimate tweaker or does he have multi tools?

    • @lussor1
      @lussor1 3 หลายเดือนก่อน

      @@Upgrayedddd check it yourself

    • @KenHarrisio
      @KenHarrisio  3 หลายเดือนก่อน

      Chris has build a ton of features into his Windows utility. I recommend giving it a go to see what you think of it.

    • @Upgrayedddd
      @Upgrayedddd 3 หลายเดือนก่อน

      @@lussor1 I have no way of checking which tools you think are good or whether Titus worked on other tools on the download site that's full of other programs. Word of mouth is still one of the best ways to check on something, especially small projects without an advertising budget. When you like one of those projects, the idea is to help promote it by telling other people about it, especially when they ask.

  • @RazoBeckett.
    @RazoBeckett. 3 หลายเดือนก่อน +1

    "Security is just an illusion!"

  • @gtm5650
    @gtm5650 3 หลายเดือนก่อน +1

    Whats your take on Windows build in VPN?

    • @KenHarrisio
      @KenHarrisio  3 หลายเดือนก่อน

      The built in Windows option is okay as long as you use IPsec. The ability to use PPTP is still there which hasn't been safe to use for years. A VPN app is my preferred choice, since you'll get to choose either Wireguard or OpenVPN.

  • @UltraZelda64
    @UltraZelda64 3 หลายเดือนก่อน +2

    Here's a much easier solution for "hardening" Windows:
    1. Back up data, wipe system drive, install Linux in its place
    2. Set up a Windows virtual machine containing *only* what you absolutely need
    3. Only use the virtual machine when absolutely necessary; shut down and use the main OS for anything else
    For even better privacy and security, drop the virtual machine and avoid Windows entirely. Can't get much simpler than that.

  • @masztos9573
    @masztos9573 3 หลายเดือนก่อน +1

    Cool chef

  • @ognjenjakovljevic494
    @ognjenjakovljevic494 3 หลายเดือนก่อน +4

    You are blocking all 3rd party malware, what about windows malware like copilot and other malicions microsoft intents?

    • @mohammadiaa
      @mohammadiaa 3 หลายเดือนก่อน +1

      Then don't use windows lawl

    • @KenHarrisio
      @KenHarrisio  3 หลายเดือนก่อน

      Group Policy is the method I use to block it, along with the telemetry blocking in Simplewall and Portmaster. It's safe to operate with the presumption that MS has the ability to see what you're doing on Windows regardless.

    • @_vindicator_
      @_vindicator_ 29 วันที่ผ่านมา

      copilot and ms bloat are not malware. malware would be better, coz then it would be easier to find with av and remove. if ur concerned about that, use an unattend.xml install and have those disabled by default. you can use stigs or whatever the current is to disable all ms telemetry. ultimately just dont use windows if concerned about this, coz it is designed to leak data.

  • @hyiping5926
    @hyiping5926 3 หลายเดือนก่อน +5

    Only windows hardening you need is Linux

    • @Upgrayedddd
      @Upgrayedddd 3 หลายเดือนก่อน +1

      Unless you're white and male though, right?

    • @theredspoon1763
      @theredspoon1763 3 หลายเดือนก่อน

      Guy with a Google account thinking Microsoft is spying on him. Yes, MS is collecting telemetry to advertise more ‘precisely’ but they can’t read your system files or anything stored on your PC.
      Furthermore it’s fairly easy to setup Windows11 as debloated as Linux. I don’t use a MS account, don’t even have the MS store installed, have all telemetry software disabled and uninstalled from the system, a customised Start menu which resembles more the old windows Start menu style or the one of KDE Plasma and have a system that consumes less RAM in idle than my T430 Archpad with GNOME.
      Also: Linux would be great if software would just work without tinkering. Which just isn’t the case. It’s often a pain in the A** to get programmes to work under Linux. Just take Affinity. It took me 12 hours to source compile and configure some weird Wine fork from GitHub to get a decent result. Davinci Resolve and most Radeon cards doesn’t work at all on Linux. Video editing in general is a mess. Even KDEnLive is a nightmare. Especially since some video codecs are unsupported on Linux.

  • @knofi7052
    @knofi7052 3 หลายเดือนก่อน +2

    Just install Linux!😉

  • @togwam
    @togwam 3 หลายเดือนก่อน +1

    Tip #1: Avoid using Windows altogether if you value privacy and security

    • @theredspoon1763
      @theredspoon1763 3 หลายเดือนก่อน

      Says the guy with the Google Account lol. Linux doesn’t do sh*t for your privacy if you have Meta/Alphabet/Reddit/Steam/TikTok or whatever accounts. And since I strongly believe that you have at least a Reddit account to your name all your privacy concerns about Windows are pretty much negligible.

    • @togwam
      @togwam 3 หลายเดือนก่อน

      @@theredspoon1763 just don’t use them on Linux

  • @ТоварищКамрадовСоциалистКоммун
    @ТоварищКамрадовСоциалистКоммун 3 หลายเดือนก่อน +1

    I'm sure your video is great, and looking at the content timestamps I realize it is. BUT.
    It's too long. With all the respect to you and your channel I wouldn't watch it right here right now. Later, and probably not all at once.
    The best idea I guess would split it into parts, and it's still not too late )

    • @KenHarrisio
      @KenHarrisio  3 หลายเดือนก่อน +1

      That a fair point. I could have split it into to parts but I figured most people would watch the two or three sections they thought applied most for them.

    • @JakeNach
      @JakeNach 3 หลายเดือนก่อน +1

      I highly disagree with this. Especially when he puts all the timestamps in the video, you can just click that and skip to whatever you need to see, instead of having to watch part 2 or 3 to find what you're looking for.

    • @ТоварищКамрадовСоциалистКоммун
      @ТоварищКамрадовСоциалистКоммун 3 หลายเดือนก่อน

      Sure you can totally disagree. But think about content creator and YT algorithms. Shorter videos will be watched from beginning to the end without jumping, they will probably get more recommendations and more people will come to this channel. I think that Ken deserves it

    • @JakeNach
      @JakeNach 3 หลายเดือนก่อน

      @@ТоварищКамрадовСоциалистКоммун Yeah, I guess from an algorithm standpoint you're right.

    • @KenHarrisio
      @KenHarrisio  3 หลายเดือนก่อน +3

      I appreciate the support as always. This isn't something most people would say but at least for the time being, channel growth isn't something I'm working on. I like making mostly long niche videos, so they don't get much for views. My channel is at a size where I have enough time to still comment with most people which is a plus.