Computer Software > Windows

Microsoft Windows and Security Considerations

(1/7) > >>

Weaver:
[Moderator note: This topic has been created by splitting off the following posts from renluop's "Updating Office" thread

Make sure not to buy Windows Home as it isn’t secure (lots of security- and networking functionality is disabled so it isn’t possible to fully secure the machine correctly even if you know what you’re doing or have some help) - always by Windows Pro or whatever it’s now called.

tubaman:

--- Quote from: Weaver on March 27, 2020, 01:55:00 AM ---Make sure not to buy Windows Home as it isn’t secure (lots of security- and networking functionality is disabled so it isn’t possible to fully secure the machine correctly even if you know what you’re doing or have some help) - always by Windows Pro or whatever it’s now called.

--- End quote ---
@Weaver - in what ways is Windows Home 'insecure' please? I've been using it for many years on a number of devices and have never encountered any issues at all. Yes, some of the more advanced features are not available, but as most would not be used by the average user I'm not sure it's fair to call the whole system 'insecure'.
 :)

Ronski:
I'm in agreement with you tubaman, all except two of my home PC's are running Windows 10 Home, my two that are running Pro have had no additional hardening as I wouldn't have a clue what to do, so the average home user will be completely clueless.

I suppose the only one I do know about which Pro does have and Home doesn't, but have got around to implementing is Bit-locker, I really should one for that extra level of protection should my PC ever be stolen,.

Weaver:
It’s insecure in that it cannot be configured securely. There are not multiple user accounts in the networking system and iirc you cannot use SRP. I can’t lock down a system such that malware exes can not be placed in the file system anywhere and run. On a correctly configured system an exe installed in a non-approved location simply will never run; there will be an error on startup. SRP used correctly will achieve this. Needs to be used in conjunction with locked-down file system ACLs.

I have always ensured that windows pro systems that I have administered never have users able to run as admins and have made it impossible to download exes, dlls etc and then run them successfully, nor can users run them from removable media and they can copy exes from removable media but they will not run

Buying windows home is a disastrous mistake because it’s a huge false economy, but what is a user supposed to do if they don’t know anything about securing / hardening windows. Most so-called professionals have no clue about how to completely lock down a system so it’s safe to use.

Ronski:
Simply put, I do not want a system that locked down, I imagine it would be like putting a flame retardant suite, full race harness, and crash helmet on every time you went out for a drive.

Navigation

[0] Message Index

[#] Next page