Sunday, June 14, 2020

Don't Let Windows 10 Spy on You!

Don't Let Windows 10 Spy on You!



by Marco Ayllon
Nautilus Science and Technology News

Let's be honest: Windows 10 is AWESOME, but it has raised several privacy concerns because it has several online features that are flat out malware, such as Windows Defender and Telemetry, both of which send your data (sensitive and not) to Microsoft and can't be disabled. Windows Update also can't be disabled... which means Microsoft can not:
- Run the software on your computer without your consent
- Get data from your computer without your consent
- Remove software and files from your computer without your consent
This qualifies Windows 10 as malware, and more specifically, a botnet.
Fortunately, all these "features" are little more than Windows Services (aka Daemons if you're a *nix user) and can be removed with relative ease.
Let's see how!

Windows 10 Debotnet Guide:

Let's be honest: Windows 10 is AWESOME, but it has raised several privacy concerns because it has several online features that are flat out malware, such as Windows Defender and Telemetry, both of which send your data (sensitive and not) to Microsoft and can't be disabled. Windows Update also can't be disabled... which means Microsoft can not:
  • Run software on your computer without your consent
  • Get data from your computer without your consent
  • Remove software and files from your computer without your consent
This qualifies Windows 10 as malware, and more specifically, a botnet.
Fortunately, all these "features" are little more than Windows Services (aka Daemons if you're a *nix user), and can be removed with relative ease.
Let's see how!

DO NOT USE "EXPRESS SETTINGS"

At the end of the setup process, it will ask you to use Express settings or customize them. Choose customize.
Turn off everything and click next.
Again, turn off everything and click next.

USE A LOCAL ACCOUNT (RECOMMENDED)

Unless you need Windows Store apps, don't use a Microsoft account, click "Skip this step" and use a local one; this way, you won't have to provide your identity to Microsoft.

LET IT DOWNLOAD THE UPDATES

If you follow this guide while the system is updating, you will probably face issues. Let it download them, and when it's done, reboot.

DISABLING WINDOWS UPDATE P2P

Yes, Microsoft actually did this. When you download updates, you'll become a P2P node and they'll steal your bandwidth to save theirs.
Go to Start > Settings > Update & Security > Windows Update > Advanced options > Choose how updates are delivered, and uncheck the option.

DISABLING WINDOWS DEFENDER

All Windows Defender does is remove cracks without asking or even quarantining: if it thinks a file is "suspicious", it will delete it sends it to Microsoft for "examination".
Disabling it is a bit of a hassle, but possible.
First of all, go to Start > Settings > Update & Security > Windows Defender
Turn off everything. You now have exactly 5 minutes to complete this part of the guide before it will turn on again. It's like defusing a bomb!
Press Windows+R, type gpedit.msc, and press enter.
Navigate to Computer Configuration > Administrative Templates > Windows Components > Windows Defender and find the option that says "Turn off Windows Defender"
Double click it, choose Enabled and press OK.
Close everything and reboot, and Windows Defender will be turned off... but still present in your system.

REMOVING WINDOWS DEFENDER

Press Windows+R, type Regedit and press enter.
Navigate to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\WinDefend
If you try to simply delete it, you'll discover that they deliberately messed up the permissions so that you can't do that, we have to fix them first.
Right-click the WinDefend key, select Permissions and click Advanced
In the owner field, click Change

Type your user name and press enter
Now check "Replace owner on sub-containers and objects" (below the owner field), and "Replace all child object permissions entries with inheritable permission entries from this object" (at the bottom), and click Add
Click "Select a principal"
Type your user name, press enter, and check "Full control"
Press OK and close all the permission settings. You will now be able to delete the key
Keep this procedure in mind, because we'll be doing that several times more.
Now reboot the system, enter regedit again and repeat this procedure for the following keys from HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\:
  • WdNisDrv
  • WdNisSvc
  • WdBoot
  • WdFilter
Reboot again and you have obliterated Windows Defender from your PC.

DISABLING TELEMETRY

Go to Start > Settings > Privacy > Feedback & Diagnostics and... surprise surprise! You can't turn off "Diagnostic and usage data" (aka telemetry).
Right-click Start and select "Command Prompt (Admin)", and type these commands:
sc delete DiagTrack
sc delete dmwappushservice
Now open File Explorer and type in the address bar: C:\ProgramData\Microsoft
You will find a folder called "Diagnosis". Just like the registry keys before, its permissions are deliberately messed up, and we have to fix them in order to delete it.
Right-click it and select the Security tab
Click Advanced, then click Change in the owner field.
Type your user name, press enter, check "Replace owner on subcontainers and objects" and "Replace all child object permission entries with inheritable permission entries from this object"
Click Add, then Select a principal, type your user name and press enter, and check Full control
Press OK and close all the windows to go back to the File Explorer. You can now enter the directory.
Select everything and delete it. If it complains that the files are in use, reboot and try again.
Right click Start and select "Comamnd Prompt (Admin)", and type the following commands:
sc stop DPS
sc stop WdiServiceHost
sc stop WdiSystemHost
sc stop WerSvc
If it says they're already stopped, don't worry. Now close the terminal, press Windows+R, type regedit and press enter.
Navigate to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ and delete the following keys with the usual method of fixing permissions:
  • DPS
  • WdiServiceHost
  • WdiSystemHost
  • WerSvc

DISABLING CORTANA AND WEB SEARCH

By default, when you type something in the search box, it will search it not only on your computer, but also online. We don't want that.
Click on the search box, and click the settings icon on the left
turn off everything.

DISABLING AND REMOVING ONEDRIVE

Press Windows+R, type gpedit.msc, and press enter.
Navigate to Computer Configuration > Administrative Templates > Windows Components > OneDrive. You will find a setting that says "Prevent the usage of OneDrive for file storage".
Double click it, select Enabled, press OK and reboot.
That's enough to disable it, but we also want to remove the icons all over the system.
Press Windows+R, type regedit and press enter.
Navigate to HKEY_CLASSES_ROOT\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}
Strangely enough, this one doesn't have broken permissions, so you can just right click and delete it, and reboot the system.

DISABLING WIFI SENSOR AND DEFENDING YOUR NETWORK FROM IDIOTS WHO DIDN'T DISABLE IT

If your computer is logged into a Microsoft account, by default it will share your Wifi password with your Skype, Outlook and Facebook friends... which means your Wifi password will be sent to Microsoft.
Why on Earth you'd want your friends to freely access your Wifi, I have no idea, but at least you should disable it.
Go to Start > Settings > Network & Internet > Wi-Fi > Manage Wi-Fi settings and turn off everything.
That's enough to stop your PC from sending your Wifi password, but you can't expect everyone to have it turned off.
Kindly enough (or maybe they were scared of getting fined up the ass by the EU again), if you add _optout at the end of your Wifi network's SSID, Wifi sensor won't send your password.
You can change your SSID from your router's settings.

LAST LINE OF DEFENCE: USE A FIREWALL!

You can use firewall software, such as TinyWall to block all traffic except the one you explicitly allow.
Setting up the firewall may take some time, but you'll be as safe as you could possibly be when using Windows.

DON'T USE MICROSOFT APPS

Apps like the photo viewer, media player, etc. send data to Microsoft. If you're behind a properly configured firewall, it will be blocked, otherwise, consider using some replacements, such as VLC, Sumatra PDF, JpegView, and so on. There's plenty of excellent free and open-source software online.

NOT RECOMMENDED: DISABLE WINDOWS UPDATE

Using a firewall, it is possible to block the Windows Update Service. This is something I don't recommend because Windows 10 will (probably) be the last version of Windows and will only receive updates through Windows Update. Not to mention, your PC would be exposed without security fixes.

CONGRATULATIONS! YOUR COPY OF WINDOWS IS NOW DEBOTNETTED!

Things will change in the future, and I'll do what I can to keep this guide updated.
As of November 2015, this guide works on Windows 10 Pro.


Posted by at No comments:
Labels: , ,

Saturday, June 13, 2020

The Best Cybersecurity Tips for Working Remotely






The Best Cybersecurity Tips for Working Remotely


It is important to implement a few best practices that will keep Cybercriminals and your computers, devices, and data safe.





If working from home is the 'future of work,' here are 11 reasons ...

By Marco Ayllon 
Nautilus Science and Technology News

 Your health isn’t the only thing under threat from the COVID-19 pandemic. The rise in remote work presents hackers with plenty of new opportunities to steal your — or your employer’s — sensitive information.

Cybercriminals are taking advantage of more people working from home. Are you looking for ways to keep your computer and information safe and secure while working remotely? Do you own a business and want to help your employees maintain cybersecurity measures while working from home? Either way, you can find helpful advice in the following tips from SMU Chief Security Officer George Finney.

Cybersecurity tips for remote workers

  • If you use Wi-Fi at home, confirm your network is set up with the proper security. Ensure your password is hard to guess, and use “WPA2” or “WPA3” security.
  • If you’re using your own computer or mobile device (a device not issued by your employer) for remote work, make sure you’ve enabled basic security features. Enabling the password, PIN, fingerprint or facial ID feature will prevent people from accessing your device.
  • Take the time to update your computer software. Better yet, enable the option on your device to check for updates and have them installed automatically. Working with outdated software is very risky, as it is a major target for cybercriminals.
  • Make sure your computer has an up-to-date antivirus solution installed.
  • If possible, don’t store work documents that contain sensitive information on your personal computer. If this isn’t possible, ensure the files are encrypted and password-protected.
  • Avoid giving personal information online unless you are very familiar with the website. Hackers may try to get your information by creating fake charities and asking for COVID-19 related donations.
  • If you’re seeing unusual or suspicious activity on any device you’re using while working remotely, reach out to your employer to investigate the situation.

Look out for phishing emails and websites

Beware of phishing emails and websites, especially ones pertaining to the coronavirus pandemic and related topics, such as health information, by following the suggestions below:
  • Closely scan emails and don’t open attachments unless they’re from a source you know and trust. If you receive an email with an attachment from someone you don’t know, or an email from someone you do know but with an attachment you weren’t expecting, it may be a phishing attempt.
  • Pay close attention to the actual email address of senders — fake emails are going around from individuals disguising themselves as high-ranking employees.
  • Inspect a link by hovering your mouse over the URL to see where it leads. Keep in mind that phishers can create links that closely resemble legitimate addresses, so you’ll need to do this with a keen eye.
  • Beware of online requests for personal information such as your Social Security number or login information. Legitimate government agencies and organizations won’t ask for that information.
  • Be leery of generic greetings in emails. Phishing emails are unlikely to use your name; instead, you may see greetings such as “Dear sir or madam.” This is a good sign that the email isn’t legitimate.
  • Phishing emails often try to create a sense of urgency and demand immediate action. Don’t click any links in these emails or respond to them. Just delete them.

Cybersecurity tips for participating in virtual meetings and events

Whenever taking part in a virtual event, you’ll want to secure your physical space, the video/audio interaction and the connection.
  • Physical space: Take a look at the background that will be appearing behind you. Ensure there isn’t any private information the webcam can pick up, including books and other items that appear on shelves. Avoid displaying anything that may contain personal or personally identifiable information, such as personal photos or a white board with private company information.
  • Video/audio interaction: When you don’t need to interact during a virtual meeting, it’s best to keep your camera off and your microphone muted. When not using meeting software, close the application.
  • The connection: If you are hosting a virtual meeting with colleagues or employees, don’t post your meeting links anywhere someone outside of your company can find them, including social media. Only keep your meeting room links between you and your colleagues and employees.
Don’t give cybercriminals a chance to trick you and compromise your confidential data. Follow the above tips and pass them along to your employees to create a safe home office environment that’s protected against hackers.
Resources:
https://smu.app.box.com/v/OIT-Security-Report-2020-04
Posted by at No comments:
Labels: , ,
Subscribe to: Posts (Atom)