I intended this video to be 20 minutes, but it turned into an hour long yap fest. If you're looking for one thing on the list for high impact, I recommend checking out one of the firewalls I mentioned.
I love listening to your inference and reference even to the tiniest trivial things. You have raised certain topics on malware boot kit, rootkit, rnalicious scamming software and devices, without your elaboration and illustration, we fans won't know any wherefores. I could just see and hear your continual coherence in presentation of your whole channel. Logical steps allow us to mitigate in times of crash and crisis, so your videos could be good companion with us 24/7. Thank you so much!!!
I'm the same as you with what I use for my own windows installs, for family I use Bitdefender because I find with everything turned on it keeps my parents and in-laws safe because they click on stuff they shouldn't. I also like that I can manage their settings from my Bitdefender control panel. Also tip, turn off the auto-renewal and wait for the emails offering you a cheaper renewal. I get the 10 license super cheap.
fire video, I love long style videos but you cant please everyone, my advice is clip the important parts and make it a 15-20 minute video, then make an extended version (think of it as a solo podcast) with all the details. Just a thought, have a good day
Bitlocker question. Should I enable those settings in group policy before enabling bitlocker or after? I ask because I enabled bitlocker on a system a few weeks back and i noticed the setup didn't give many options and i don't think it allowed me to choose 256 bit encryption. Very odd that's not on by default.
Sorry for the super late reply. I'm finally going through all my comments now. This is something annoying about BitLocker - these settings aren't turned on by default. If you want to harden anything (PIN, encryption strength, etc), it requires disabling and then re-encrypting to have the changes work.
I just installed Win 11 24H2 and removed all the Windows defender incoming rules, and the machine works fine. after I restarted, a few rules gets auto install back into incoming rules?
Here's some guessing on my part - I'm not sure what apps are specifically getting rules added, but Windows is probably auto adding rules back in automatically so its processes can work correctly. As for any potential 3rd party rule getting added, this has been one of my contentions with Windows Firewall, where apps can add in rules whenever they want to.
Microsoft is never safe when you have Gates using his worldview to change the lives of people. He is committed to Jesuitism. Watch the new video by Adullam Films called American Jesuits to see how Georgetown is behind the scenes as well,
As long as you download it from the official site/repo, you should be good. The people who say they've been infected by it got it from a shady source. Like any popular repo, bad actors will clone these to try to get people to download malware and sometimes they get the repo listed on Google. With how many people use the tool, I think people would catch malicious changes right away.
Just a doubt: I've installed Bitdefender and it replaced Windows Defender, but I also noticed that Core Isolation is now un-activable. Is it normal? Many thanks in advance.
Comodo has a sandbox and powerful HIPS protection. The firewall is not very convenient, but you can still configure access quite effectively. Comodo is needed for maniacs who are willing to spend time on truly powerful protection.
I assume this applies to Windows 10 also until it dies? How does the CTT script go with defender and portmaster and having tron for emergency sound? As always thanks for the videos man.
Yeah, I've tested this and these tweaks work 1:1 across 10 and 11. The only difference will be some slight differences in Group Policy between the two versions. CTT's script seems to work well with Defender and Portmaster. I've seem some reports that some of the tweaks can cause issues with wifi, but I've not seem anyone talk about issues with ethernet. I haven't tested Tron before, so I can't speak to the compatibility of it with everything else. Thanks for supporting the channel!
Yeah, it'll work well with both options. The firewall just makes it easier to allow/deny what gets access to the internet. I've used Simplewall for years (similar to WFC) and it works great with hardening tools.
That's up in the air. Most services can detect a VPN IP and might not allow account creation. If it does work and the connection dropped even for a moment, your account would probably be blocked.
As far as what they accomplish, they have similar capabilities. I would be more willing to recommend DefenderUI if the app was open source. I'm becoming more hesitant these days to recommend something that isn't open source with a large user base or a closed source program with a publicly known team.
The tweaks here can be used on both W10 and W11. I use these tweaks personally between the editions and they work well. Group Policy used to have some privacy differences between 10/11, but they are mostly the same now.
@@lussor1 I have no way of checking which tools you think are good or whether Titus worked on other tools on the download site that's full of other programs. Word of mouth is still one of the best ways to check on something, especially small projects without an advertising budget. When you like one of those projects, the idea is to help promote it by telling other people about it, especially when they ask.
The built in Windows option is okay as long as you use IPsec. The ability to use PPTP is still there which hasn't been safe to use for years. A VPN app is my preferred choice, since you'll get to choose either Wireguard or OpenVPN.
Here's a much easier solution for "hardening" Windows: 1. Back up data, wipe system drive, install Linux in its place 2. Set up a Windows virtual machine containing *only* what you absolutely need 3. Only use the virtual machine when absolutely necessary; shut down and use the main OS for anything else For even better privacy and security, drop the virtual machine and avoid Windows entirely. Can't get much simpler than that.
Group Policy is the method I use to block it, along with the telemetry blocking in Simplewall and Portmaster. It's safe to operate with the presumption that MS has the ability to see what you're doing on Windows regardless.
copilot and ms bloat are not malware. malware would be better, coz then it would be easier to find with av and remove. if ur concerned about that, use an unattend.xml install and have those disabled by default. you can use stigs or whatever the current is to disable all ms telemetry. ultimately just dont use windows if concerned about this, coz it is designed to leak data.
Guy with a Google account thinking Microsoft is spying on him. Yes, MS is collecting telemetry to advertise more ‘precisely’ but they can’t read your system files or anything stored on your PC. Furthermore it’s fairly easy to setup Windows11 as debloated as Linux. I don’t use a MS account, don’t even have the MS store installed, have all telemetry software disabled and uninstalled from the system, a customised Start menu which resembles more the old windows Start menu style or the one of KDE Plasma and have a system that consumes less RAM in idle than my T430 Archpad with GNOME. Also: Linux would be great if software would just work without tinkering. Which just isn’t the case. It’s often a pain in the A** to get programmes to work under Linux. Just take Affinity. It took me 12 hours to source compile and configure some weird Wine fork from GitHub to get a decent result. Davinci Resolve and most Radeon cards doesn’t work at all on Linux. Video editing in general is a mess. Even KDEnLive is a nightmare. Especially since some video codecs are unsupported on Linux.
Says the guy with the Google Account lol. Linux doesn’t do sh*t for your privacy if you have Meta/Alphabet/Reddit/Steam/TikTok or whatever accounts. And since I strongly believe that you have at least a Reddit account to your name all your privacy concerns about Windows are pretty much negligible.
I'm sure your video is great, and looking at the content timestamps I realize it is. BUT. It's too long. With all the respect to you and your channel I wouldn't watch it right here right now. Later, and probably not all at once. The best idea I guess would split it into parts, and it's still not too late )
That a fair point. I could have split it into to parts but I figured most people would watch the two or three sections they thought applied most for them.
I highly disagree with this. Especially when he puts all the timestamps in the video, you can just click that and skip to whatever you need to see, instead of having to watch part 2 or 3 to find what you're looking for.
Sure you can totally disagree. But think about content creator and YT algorithms. Shorter videos will be watched from beginning to the end without jumping, they will probably get more recommendations and more people will come to this channel. I think that Ken deserves it
I appreciate the support as always. This isn't something most people would say but at least for the time being, channel growth isn't something I'm working on. I like making mostly long niche videos, so they don't get much for views. My channel is at a size where I have enough time to still comment with most people which is a plus.
I intended this video to be 20 minutes, but it turned into an hour long yap fest. If you're looking for one thing on the list for high impact, I recommend checking out one of the firewalls I mentioned.
I love listening to your inference and reference even to the tiniest trivial things. You have raised certain topics on malware boot kit, rootkit, rnalicious scamming software and devices, without your elaboration and illustration, we fans won't know any wherefores. I could just see and hear your continual coherence in presentation of your whole channel. Logical steps allow us to mitigate in times of crash and crisis, so your videos could be good companion with us 24/7. Thank you so much!!!
I learned so much. Waffle away mate. A great, comprehensive tutorial. Thank you.
You weren't kidding about the chatter. Subscribed
This is exactly what i was looking for! Thank you
I'm the same as you with what I use for my own windows installs, for family I use Bitdefender because I find with everything turned on it keeps my parents and in-laws safe because they click on stuff they shouldn't. I also like that I can manage their settings from my Bitdefender control panel. Also tip, turn off the auto-renewal and wait for the emails offering you a cheaper renewal. I get the 10 license super cheap.
Nice content brother.
Great vid as always! Keep up the good work mate! Cheers
fire video, I love long style videos but you cant please everyone, my advice is clip the important parts and make it a 15-20 minute video, then make an extended version (think of it as a solo podcast) with all the details. Just a thought, have a good day
Thanks for the suggestion! I've been strongly considering doing clips (or a clips channel) for people wanting the shorter versions.
Thanks Ken, great video.
great information ken. thanks!
Amazing video. thanks so much
Excellent information, please make a video on how to configure and tuneup Windows Firewall for the maximum security.
nice, thanks for this video man, great information
hey man love u so much great u are big lion heart person brother well done
Hey brother, I'm glad to see you're still around! God bless!
@@KenHarrisio 🥰
thank you proffesor
Can you do a video on Windows Firewall, and why the incoming rules has stuff in it?
Excellent idea, thanks for letting me know. I'll add it to my list!
Great vid!
When recall gets forced on me I'm switching OS.
Bitlocker question. Should I enable those settings in group policy before enabling bitlocker or after? I ask because I enabled bitlocker on a system a few weeks back and i noticed the setup didn't give many options and i don't think it allowed me to choose 256 bit encryption. Very odd that's not on by default.
Sorry for the super late reply. I'm finally going through all my comments now. This is something annoying about BitLocker - these settings aren't turned on by default. If you want to harden anything (PIN, encryption strength, etc), it requires disabling and then re-encrypting to have the changes work.
I just installed Win 11 24H2 and removed all the Windows defender incoming rules, and the machine works fine.
after I restarted, a few rules gets auto install back into incoming rules?
Here's some guessing on my part - I'm not sure what apps are specifically getting rules added, but Windows is probably auto adding rules back in automatically so its processes can work correctly.
As for any potential 3rd party rule getting added, this has been one of my contentions with Windows Firewall, where apps can add in rules whenever they want to.
You reckon the Microsoft Activation Scripts (MAS) safe for use, or has there been any reports of underhand mischief at play?
Microsoft is never safe when you have Gates using his worldview to change the lives of people. He is committed to Jesuitism. Watch the new video by Adullam Films called American Jesuits to see how Georgetown is behind the scenes as well,
As long as you download it from the official site/repo, you should be good. The people who say they've been infected by it got it from a shady source. Like any popular repo, bad actors will clone these to try to get people to download malware and sometimes they get the repo listed on Google. With how many people use the tool, I think people would catch malicious changes right away.
Just a doubt: I've installed Bitdefender and it replaced Windows Defender, but I also noticed that Core Isolation is now un-activable. Is it normal? Many thanks in advance.
How does port master compare to comodo firewall
Portmaster is more feature rich, but if you want something with basic firewall functionality, Comodo would be okay.
Comodo has a sandbox and powerful HIPS protection. The firewall is not very convenient, but you can still configure access quite effectively. Comodo is needed for maniacs who are willing to spend time on truly powerful protection.
@@KenHarrisio or simplewall
Is portmaster working fine now? I used it few years ago it was very buggy and it was breaking things.
It has improved massively since then. I have been a user of it since right after the first release and it is a much different program now.
I assume this applies to Windows 10 also until it dies? How does the CTT script go with defender and portmaster and having tron for emergency sound? As always thanks for the videos man.
Yeah, I've tested this and these tweaks work 1:1 across 10 and 11. The only difference will be some slight differences in Group Policy between the two versions. CTT's script seems to work well with Defender and Portmaster. I've seem some reports that some of the tweaks can cause issues with wifi, but I've not seem anyone talk about issues with ethernet. I haven't tested Tron before, so I can't speak to the compatibility of it with everything else.
Thanks for supporting the channel!
Hi, will "Windows Firewall Control" work with DefenderUI or ConfigureDefender?
Yeah, it'll work well with both options. The firewall just makes it easier to allow/deny what gets access to the internet. I've used Simplewall for years (similar to WFC) and it works great with hardening tools.
@@KenHarrisio Thanks,
Thanks,
I'll try.
DefenderUI or ConfigureDefender?
@@yosyh The abilities of each are close enough to each other, so I would give preference to ConfigureDefender since it's open source.
"You won't be able to connect to Kaspersky servers"
I assume this means "if you aren't using a VPN"?
That's up in the air. Most services can detect a VPN IP and might not allow account creation. If it does work and the connection dropped even for a moment, your account would probably be blocked.
@@KenHarrisio Funny. I update Bitdefender via VPN while the antivirus is blocked for Russia. There is no problem using Kaspersky in the USA.
Thank you for making a security educational video about security. Can you make a video about online banking security?
Sure thing, I'll add it to the list!
Defender ui vs configure defender which is better?
As far as what they accomplish, they have similar capabilities. I would be more willing to recommend DefenderUI if the app was open source. I'm becoming more hesitant these days to recommend something that isn't open source with a large user base or a closed source program with a publicly known team.
Are you using both simplewall and portmaster?
Yeah, I've been doing it for a few years and they work great together!
as far as i remember core isolation was done for spectre & meltdown
Hey could you do one for windows 11 please? thank you
The tweaks here can be used on both W10 and W11. I use these tweaks personally between the editions and they work well. Group Policy used to have some privacy differences between 10/11, but they are mostly the same now.
You missed tweaking privacy tools like Chris Titus wintool
Damn, good point. The ISO creator he added is solid.
Ultimate tweaker or does he have multi tools?
@@Upgrayedddd check it yourself
Chris has build a ton of features into his Windows utility. I recommend giving it a go to see what you think of it.
@@lussor1 I have no way of checking which tools you think are good or whether Titus worked on other tools on the download site that's full of other programs. Word of mouth is still one of the best ways to check on something, especially small projects without an advertising budget. When you like one of those projects, the idea is to help promote it by telling other people about it, especially when they ask.
"Security is just an illusion!"
Whats your take on Windows build in VPN?
The built in Windows option is okay as long as you use IPsec. The ability to use PPTP is still there which hasn't been safe to use for years. A VPN app is my preferred choice, since you'll get to choose either Wireguard or OpenVPN.
Here's a much easier solution for "hardening" Windows:
1. Back up data, wipe system drive, install Linux in its place
2. Set up a Windows virtual machine containing *only* what you absolutely need
3. Only use the virtual machine when absolutely necessary; shut down and use the main OS for anything else
For even better privacy and security, drop the virtual machine and avoid Windows entirely. Can't get much simpler than that.
Cool chef
You are blocking all 3rd party malware, what about windows malware like copilot and other malicions microsoft intents?
Then don't use windows lawl
Group Policy is the method I use to block it, along with the telemetry blocking in Simplewall and Portmaster. It's safe to operate with the presumption that MS has the ability to see what you're doing on Windows regardless.
copilot and ms bloat are not malware. malware would be better, coz then it would be easier to find with av and remove. if ur concerned about that, use an unattend.xml install and have those disabled by default. you can use stigs or whatever the current is to disable all ms telemetry. ultimately just dont use windows if concerned about this, coz it is designed to leak data.
Only windows hardening you need is Linux
Unless you're white and male though, right?
Guy with a Google account thinking Microsoft is spying on him. Yes, MS is collecting telemetry to advertise more ‘precisely’ but they can’t read your system files or anything stored on your PC.
Furthermore it’s fairly easy to setup Windows11 as debloated as Linux. I don’t use a MS account, don’t even have the MS store installed, have all telemetry software disabled and uninstalled from the system, a customised Start menu which resembles more the old windows Start menu style or the one of KDE Plasma and have a system that consumes less RAM in idle than my T430 Archpad with GNOME.
Also: Linux would be great if software would just work without tinkering. Which just isn’t the case. It’s often a pain in the A** to get programmes to work under Linux. Just take Affinity. It took me 12 hours to source compile and configure some weird Wine fork from GitHub to get a decent result. Davinci Resolve and most Radeon cards doesn’t work at all on Linux. Video editing in general is a mess. Even KDEnLive is a nightmare. Especially since some video codecs are unsupported on Linux.
Just install Linux!😉
Tip #1: Avoid using Windows altogether if you value privacy and security
Says the guy with the Google Account lol. Linux doesn’t do sh*t for your privacy if you have Meta/Alphabet/Reddit/Steam/TikTok or whatever accounts. And since I strongly believe that you have at least a Reddit account to your name all your privacy concerns about Windows are pretty much negligible.
@@theredspoon1763 just don’t use them on Linux
I'm sure your video is great, and looking at the content timestamps I realize it is. BUT.
It's too long. With all the respect to you and your channel I wouldn't watch it right here right now. Later, and probably not all at once.
The best idea I guess would split it into parts, and it's still not too late )
That a fair point. I could have split it into to parts but I figured most people would watch the two or three sections they thought applied most for them.
I highly disagree with this. Especially when he puts all the timestamps in the video, you can just click that and skip to whatever you need to see, instead of having to watch part 2 or 3 to find what you're looking for.
Sure you can totally disagree. But think about content creator and YT algorithms. Shorter videos will be watched from beginning to the end without jumping, they will probably get more recommendations and more people will come to this channel. I think that Ken deserves it
@@ТоварищКамрадовСоциалистКоммун Yeah, I guess from an algorithm standpoint you're right.
I appreciate the support as always. This isn't something most people would say but at least for the time being, channel growth isn't something I'm working on. I like making mostly long niche videos, so they don't get much for views. My channel is at a size where I have enough time to still comment with most people which is a plus.