[ art / civ / cult / cyb / diy / drg / feels / layer / lit / λ / q / r / sci / sec / tech / w / zzz ] archive provided by lainchan.jp

lainchan archive - /sec/ - 3644



File: 1484620356504.png (210.78 KB, 300x169, maxresdefault.jpg)

No.3644

Greetings Lainons.

We already know that Linux distros are more secure than Windows (in regards to unauthorized intrusion, NSA and spying, and general privacy). This thread does NOT debate this.

However, how can we take steps to secure the privacy of Windows? Namely Windows 10? What are some suits and programs that help protect privacy and security within Windows?

We already know about the backdoors (through fuarrrking updates no-less) and that Windows is fundamentally insecure anyway, but what are some things to help protect it more anyway?

>pic related

  No.3645

File: 1484622588859.png (80.59 KB, 200x113, oceanoftromp.jpg)

>>3644
tl;dr you can't "secure the privacy" of Win10 without crippling it. As you already stated:
>Windows is fundamentally insecure

You could prevent the machine from transmitting data entirely with a hardware firewall, though this limits functionality and wastes local resources.

Once you allow a Win10 machine to transmit it's compromised and the code can't be audited anyways.

Assuming the software holes can't be audited or plugged, you could resort to tracking the data as it's transmitted and modifying it with false data.

Mass disinformation would be the biggest counter to mass surveillance that I can think of. The hurdle would be getting a distributed disinformation system for Windows users going that would do this in the background using networked, rather than local resources. Think torrents, but with massive amounts of modified metadata, telemetry, and whatever else the machine is already wasting resources transmitting in the background.

  No.3646

>Assuming the software holes can't be audited or plugged, you could resort to tracking the data as it's transmitted and modifying it with false data.
I'm pretty sure Windows encrypts it telemetry traffic so it can't be easily modified.

  No.3648

File: 1484639089563.png (96.51 KB, 200x200, 1438841567134.jpg)

https://www.safer-networking.org/spybot-anti-beacon/

this will help a little, it's from the guys who brought us spybot search and destroy, you know, before malwarebytes became number 1. it blocks telemetry servers in your host file, that's all.

  No.3649

I have not used windows 10 and have not researced the latest updates in telemetry. I was considering writing a script to visit various websites during work time and time at home to throw disinformation into ISP monitoring mix. I do not know if windows 10 monitors mouse movements in the telemetry details, but it could be a good way to skew their data collection.

  No.3650

File: 1484649781982.png (1.46 MB, 200x113, xp bliss.png)

>>3644
Even Windows 7 has telemetry that gets sent to Microsoft if you install all the updates. So did 8 and 8.1. If you are only just now worrying about the telemetry in 10 you are really late to the game.

If you absolutely need Windows, you are better off just running XP (x64 if you really need it) in a vm. Personally I use XP on bare hardware (and posting this from the same), mainly for gaming. I use various programs (Wireshark, Prio, and others; my router has some facilities built in as well) to see what data is being sent to who and when, and so far I have had no problems for the past 10+ years.

  No.3651

You can always try to use something like Ancile for blocking Windows stuff.
https://bitbucket.org/matthewlinton/ancile/

  No.3652

File: 1484666815547.png (762.04 KB, 200x106, microsofot.png)

The main issue of security is trust. There is already plenty of evidence that Microsoft and its software cannot be trusted [1]. But trust is not black and white, it's a matter of degree. It's like the cool friend who's fun to hang out with and do drugs with, but who at the end of the day you wouldn't trust with your innermost secrets or to be there for you when you're in trouble. You should think of Windows as that guy. With that in mind, I'll outline a few principles I find useful when thinking about security and how to apply them to make running Windows safer:

1. Data compartmentalization - never, never, never trust Windows with *all* of your data. Only the data that is essential to run Windows. Keep anything important on an encrypted Linux partition. If you need to access this frequently, consider setting it up as a network share (SFTP, Samba) and make it accessible to Windows that way, since then you can control finely grained permissions.

2. Threat modeling - always model the threats against you and their likelihood. It's highly unlikely that you're subject to targeted attacks by law enforcement or intelligence agencies (and if you are, you know who you are and probably shouldn't be using Windows for ANYTHING). Therefore you should trust Windows update and keep your system up to date. None of this nonsense about blocking updates or running Windows XP [2]. Your main threat is random malware spreading on the Internet, and the best defense is getting security patches installed as quickly as possible. Do not install software from unverified sources, especially pirated software, unless you can trust and verify its integrity. Otherwise you're just asking to get rootkitted and turn your botnet into botnet^2.

3. Auditing - it helps to periodically check your system to understand what it's doing. Run Wireshark to see what servers your computer is talking to. Audit your running processes and uninstall anything that's not essential. Run nmap for open ports and close those services.

4. Minimize attack surface - this was already alluded to above, but basically don't expose yourself to unnecessary risk. Install the minimum amount of software needed to use your machine and make sure that limited set is trustworthy.

Unfortunately security is a hard problem and most people want an easy solution. Security is a process and there is no single solution. Educate yourself, read up on InfoSec, set up good habits, and start thinking about where your information is flowing.

[1] https://www.gnu.org/proprietary/malware-microsoft.en.html
[2] I'm sure some are going to argue that the decreased security of older versions is a good tradeoff to avoid the privacy implications of Windows 10's telemetry. But if you have followed data compartmentalization, you won't be giving Windows 10 any information worth snooping on. If you require privacy for a particular activity, use a technology you trust to keep you private. Or better, don't involve technology in that activity at all. Most technology is designed to relinquish your privacy.

  No.3655

File: 1484680176627.png (47.56 KB, 200x156, wes7.png)

>>3644
There is WES7 (Windows Embedded Standard 7), which you can use until it's end of life. It supports a custom modular installation and has telemetry off by default (see pic). Below is a copypasta from /g/:

------------------------------

WES7 summary copypasta:
-Based off Windows 7
-Support ends in 2021 instead of 2020
-You can select components you want to install. Including removing IE.
-Embedded Features such as no GUI boot, RAMDisk driver, ability to be installed and booted from external HDD and write filters.
-Volume_BA channel, insert key and you are done. No activation.
-Enterprise features such as Applocker available in Windows 7 Enterprise/Ultimate
-Keyboard Filter* through group policy that allows you to disable keyboard keys/key combinations.
-Updates are on separate channel, does not install dedicated telemetry updates.**
**Do contain Quality Rollups though. Advice to either disable Update and use write filters:EWF(HORM)/FBWF or manually download the security only updates from windows catalog.
*Requires WEDU1.2 to download the update, and use DISM to add the package.
-Links:
http://download.microsoft.com/download/1/B/5/1B5FDE63-DA91-4A22-A320-91E002DE1326/Standard_7SP1_64bit/Standard 7 SP1 64bit IBW.part1.exe
http://download.microsoft.com/download/1/B/5/1B5FDE63-DA91-4A22-A320-91E002DE1326/Standard_7SP1_64bit/Standard 7 SP1 64bit IBW.part2.rar
http://download.microsoft.com/download/1/B/5/1B5FDE63-DA91-4A22-A320-91E002DE1326/Standard_7SP1_64bit/Standard 7 SP1 64bit IBW.part3.rar
http://download.microsoft.com/download/1/B/5/1B5FDE63-DA91-4A22-A320-91E002DE1326/Standard_7SP1_64bit/Standard 7 SP1 64bit IBW.part4.rar
http://download.microsoft.com/download/1/B/5/1B5FDE63-DA91-4A22-A320-91E002DE1326/Standard_7SP1_64bit/Standard 7 SP1 64bit IBW.part5.rar
http://download.microsoft.com/download/1/B/5/1B5FDE63-DA91-4A22-A320-91E002DE1326/Standard_7SP1_64bit/Standard 7 SP1 64bit IBW.part6.rar
http://download.microsoft.com/download/1/B/5/1B5FDE63-DA91-4A22-A320-91E002DE1326/Standard_7SP1_64bit/Standard 7 SP1 64bit IBW.part7.rar

Google "XGY72" for PID.

  No.3665

Ya' know, I really wonder if Ubuntu, Mint, and all the other *buntus have some kind of backdoor. After all Canonical (or whatever they're called) is a wannabe Microsoft...

  No.3668

>>3665
eh. people would have found it by now if there was one.

  No.3669

>>3650
I heard/read a lot of people that claimed that even if you attempt to block all traffic with firewalls and whatnot, the os would still have the ability to call home without you noticing.
How true is this?

  No.3670

>>3669
Control over all of the available routers for the computer is usually sufficient; this has been shown to stop so-called smart appliances from phoning home.

With regards to a general computer, I would suggest this and removing wireless hardware if this isn't feasible. It's possible that an Intel chip can use what I believe I've read is a radio system to communicate with the outside world, however.

  No.3675

>>3670
What you described sounds like Intel ME. Its a BIOS firmware blob that can send out of band transmissions. All below ring0 where the kernel communicates. Meaning its invisible to an OS. Atleast thatswhat I read.

  No.3676

>>3675
That's what I was describing, yes.

  No.3734

>>3655
Wondering if you know of/have a link for the x32-bit version? Have a few old PCs that I like to revive. thx

Also, for anyone wanting to download a variety of ISOs directly from M$, you might want to have a look here:
https://www.heidoc.net/joomla/technology-science/microsoft/67-microsoft-windows-and-office-iso-download-tool

  No.3735

File: 1485053027273.png (157.75 KB, 200x102, Screen Shot 01-22-17 at 09.43 PM.png)

>>3734
That tool doesn't seem to work anymore.
I have another tool that DOES work from here:
http://www.majorgeeks.com/files/details/universal_windows_downloader.html


  No.3737

>>3670
>It's possible that an Intel chip can use what I believe I've read is a radio system to communicate with the outside world, however.
False. Yes, Intel's Management Engine does exist and Intel does have their anti theft feature where laptops can be remotely disabled wirelessly. However, that feature depends on your laptop having a compatible WWAN adapter and can be disabled by simply removing the WWAN adapter.

  No.3738

>>3735
wow what a sketchy looking site. no https and tons of scripts trying to run

  No.3747

>>3738
Majorgeeks is an older than dirt web 1.0 website that strangely enough is still up and running. It's not surprising at all.

  No.3751

>>3648
w10 bypasses hosts file blocking, not smart to rely on the OS to block itself anyway.

  No.3758

File: 1485109421581.png (1.65 MB, 143x200, 57751795.gif)

>>3736
Oh wow, thank you. will report back in a few hours.

  No.3761

File: 1485114823320.png (411.77 KB, 200x112, Welcome_to_City_17.jpg)

>>3736

'XGY72' confirmed valid. Currently running a fresh installation within a virtual machine. Please accept this wallpaper as a humble gift of gratitude. Again, thank you.

  No.3762


  No.3766

>>3761
Thanks lainon, added it to my wallpaper folder. The good thing about WES7 is that it activates with that key without any extra steps.

  No.4120

File: 1486912001058.png (796.4 KB, 200x103, ClipboardImage.png)

>>3644
This is a pretty comprehensive guide:

http://www.cyberpunkforums.com/links/windows

  No.4121

>>4120
The thread actually has a legitimate forward as well.

###

An exceedingly common sentiment among the general public and even the supposedly more technically savvy cyberpunk community is that if one has nothing to hide that there is no reason to pursue privacy in their affairs. If the situation were reversed and instead we lived in a world where all of our data were protected by default, how many would deliberately compromise their security in an effort to show the world that they, in fact, had nothing to hide?

If your answer is negative, then you should make some minimal effort to ensure the security and privacy of your operating system. Following these instructions will perhaps add an additional 30 minutes to the duration of the installation and configuration, but will net a very lean and responsive operating system in return.

The optimization part of this guide is perhaps less important. While it is true that it is no longer necessary given that the power of CPUs and GPUs have radically outpaced the resource requirements of features aimed at aesthetics and convenience, there may still be other reasons to optimize the system beyond performance gains. Perhaps you want to reduce boot times, CPU/GPU usage, or power consumption.

Whatever the reason, if one is interested in optimizing the operating system, the time to do so is while first installing and configuring it. Therefore, the steps to optimize the system are mixed in with those changes made purely for security or privacy reasons to streamline the process and make it as fast as possible.

If you already have Windows 10 installed, you can still make the following changes to optimize your system and prevent further data collection activity.

This guide is of course specifically written for those using the Windows 10 operating system, but we invite others to share their practices of optimizing and securing *nix systems as well.

  No.4122

File: 1486912213565.png (2.74 KB, 150x42, ClipboardImage.png)

>>4121
You can always follow the guide and run Wireshark to test if it really does prevent leaking to Microsoft and whatnot.

https://1.na.dl.wireshark.org/win64/Wireshark-win64-2.2.4.exe

  No.4125

File: 1486917082277.png (1.83 MB, 200x110, e0b2986657b8394aed9302aea87d6b17263d00c34039ed29b337ac5ecc44344c.gif)


  No.4132

File: 1486934142024.png (6.7 MB, 200x112, w10.webm)

>>4125
here's the full webm with captions

  No.4133

>>4132
sorry here is *A* webm, mistaken for the one with the gif.

  No.4135

>>4122
I'm not an expert, but I did follow the guide and Wireshark shows some TCP traffic with at least four IPs without doing anything

  No.4136

>>4132
This seems like an easy thing to fake. Have people been able to reproduce it?

  No.4161

File: 1487144770179.png (18.33 KB, 200x194, snippy trippy.jpg)

>>4132
>RSA_Decryptor.exe
>"With special program that can decrypt RSA keys"
>"decrypt RSA keys"

I cringed a little.

Smells like smoke screens and soykaf. Decrypting RSA-encrypted traffic without the keys isn't exactly feasible on commodity hardware. The claim that anyone listening in on your traffic can decrypt those supposed screenshots is completely asinine.

If the encryption keys used to encrypt the traffic are still in memory, it is completely within the realm of possibility to read them out and decrypt the traffic that way. Provided the client verifies the servers identity in some way, this approach would only work on the client and server machines.

Also, notice how he dumps a packet that's 1 KB in size (much too small for a PNG screenshot of his entire desktop, which would probably be in the range of 1 MB), sent via UDP and on port 53, which is commonly used for DNS (why would MS do this instead of simply uploading the screenshots via HTTPS?)

None of this adds up in any way.

  No.4205

>>4135
What were the IP addresses?

  No.4224

>>4135
>>4205

At least two of them should be for checking connection and looking for updates. Others are probably other application looking to update as well.

  No.4227

>>4136
You mean the volume of communication? Probably, since apps like Money, Weather, News, Calendar and others, you know, fetch some data every few seconds. Most sources claimed that it's sending keystrokes, which has been proven to be false and was based on the fact that searches in start menu also include searches by Bing. They also claimed that it sends your photo when a webcam is available, which has been proven false and was based on the OneDrive setting where you can automatically send your captured photos to OneDrive. There were also claims that it sends your voice recordings without you knowing, which is also false and was based on the telemetry included in Cortana. There were claims that it sends every one of your file to MS servers, which is unsurprisingly false and it wouldn't even work, probably based on OneDrive as well...


You know what's funny? As far as I know, the Czech Aeronet site was one of the first, if not the first that published this nonsense about sending keystrokes, photos, recordings and files. Few days later, plenty of tools from Russian sources came up and they all promised to stop the "spying". The "proof" video is in Russian. The Czech site, if you czech (haha, ok) its background, has privately registered domain, their content is only political and it started right after the invasion of Ukraine. Their content is so pro-Russian it almost hurts, especially the hoaxes. IP is located in Bratislava, Slovakia. Now the interesting stuff - they are supported by Communist Party of Bohemia and Moravia, which is supported by Russian government. All the content published is either published anonymous, or by somebody from the Party. The site is blacklisted as a Russian-propaganda source by Czech government.


If you installed one of the tools, you probably fuarrrked up even more even if the hoax was true, which it obviously isn't.

  No.4233

>>4224
>>4205
It is a clean install and I did follow the guide that claims that no data is sent to Microsoft. The IPs are:
213.254.15.240 and 213.254.15.246
40.77.229.141
134.170.115.56
13.107.4.50
2.18.240.209
95.100.232.212
191.232.239.2
23.223.64.221

  No.4237

>>4233
13.107.4.50 - MS update server
23.223.64.221, 2.18.240.209, 95.100.232.212 - Akamai
191.232.239.2 - MS Brazil
134.170.115.56 - MS US
40.77.229.141 - MS Ireland

The first two belong to itgate.it. The three MS servers are probably just for figuring out your location before checking for updates.

  No.4238

>>4237
Just to add that it is safe to assume that all of them were downloading, not uploading.

  No.4245

>>4237
Data is both sent and received continuously.

  No.4247

>>4245
Well yes, it's called sending a request and receiving a response.

  No.4250

>>4247
I rember it was like 80kb data sent and 27kb received on one TCP stream

  No.4251

>>4250
That's like hundred times less data than checking for updates on most Linux distributions. 64B times number of packets of these 10KB are just headers.

  No.4272

>>4233
>>4237
It's hard for me to believe that Microsoft would be fooled that easily just by blocking a couple of IP addresses and domains. Especially considering that they go to great lengths to hide which ones they actually own (see WhoIsGuard, Markmonitor). Apparently Microsoft owns more than a million IP addresses.

  No.4278

>>4272
Fooled? How? You crippled your OS down to bare minimum apps using internet connection. Feel free to use Ubuntu next time any program crashes and report on every connection made to evil Canonical servers. Also check how many evil connections are made by NetworkManager.

There is no proof that Windows sends any other data than any other application in its telemetry program. If you are going to spew your tinfoil soykaf here, I expect to see some proof.

  No.4279

>>4278
>There is no proof that Windows sends any other data than any other application in its telemetry program.
Yeah, and there wasn't any proof leading up to the PRISM leaks which exposed that Microsoft was giving data to the NSA, does that invalidate the leak? Since we know Microsoft did soykaf in the past and didn't tell us, it would be COMMON SENSE to assume they're doing things behind our backs.
(I'm not the lainon that replied to you)

  No.4281

>>4278
It feels weird to me that traffic going on with so many IPs even with telemetry disabled. What's the point of checking for updates literally ever second? Sure, it's probably nothing that I should to worry about and I don't think it's "spying" either, but as >>4279 said I wouldn't trust Microsoft that much. They have the ability to send and receive data to all these servers, it would be very hard to blacklist all of them on a firewall, and we can't see what the OS is actually doing.

  No.4282

>>4279
"We provide customer data only when we receive a legally binding order or subpoena to do so, and never on a voluntary basis. In addition we only ever comply with orders for requests about specific accounts or identifiers. If the government has a broader voluntary national security program to gather customer data we don't participate in it."

They handed over the data they had, there is no proof they actively collected them for NSA or any other agency for that matter. Most of these handed over data are OneDrive files and MS hosted emails. There is no proof that the OS itself collects any relevant data for this reason (and no, crash report isn't really relevant data for anybody else than MS), but there sure are plenty "proofs" showing that it sends your nude photos, whole harddrive, your bank password, your cat and half of your family.

You can just fake MS certificate and send all encrypted data with your key to your bogus server to see how boring the data actually is.

If you can't trust MS because they handed over the data when they were told to, you can't trust any company or individual living in a country that has at least basic law system in place, because that can happen anywhere.

>>4281
Do you realize that these request also include checking for connection? And yes, that kind of has to be checked every few seconds, otherwise it has no point. NetworkManager does exactly the same thing.

  No.4283

>>4282
>there is no proof they actively collected them for NSA or any other agency for that matter.
you can't search for "nsa microsoft"? Snowden leaks have implicated MS many times.
Your quote is meaningless because these companies always lie through their teeth, time and time again.
>If you can't trust MS because they handed over the data when they were told to, you can't trust any company or individual living in a country that has at least basic law system in place, because that can happen anywhere.
So? Governments can force information out of almost anyone, and threaten them to keep it a secret. The whole point is to use software that can't provide so much useful data in this scenario; MS can provide all and everything by design.

  No.4295

>>3668
Or they all just tell themselves that so nobody bothers to check.

  No.4304

canonical = microsoft
As the years go by i am more and more convinced of this.

  No.4310

>>3644
If I had to secure it, I'd use a good router setup to filter a decent amount of the garbage that would otherwise float through.

>>4282
I can only believe you're not arguing in good faith, when so much proof that Microsoft, Google, Apple, and these other technological companies shouldn't be trusted exists and yet you only ask for more and more.
Asking for evidence isn't wrong, of course, but you don't seem to want to accept anything less than a press release from Microsoft explaining in cold detail exactly how they help the NSA and other agencies.

  No.4346

>>4233
Couldn't you just continue to add more IPs to the hosts file as MS adds more? I mean yeah it's a burden, but if you have to use Windows, why not? Just boot into safe mode w/ networking once a month and see what IPs are being accessed. Add them all to hosts?

  No.4347

>>4346
There are third party apps on Github that add more IPs as necessary, but the list of blocked IPs isn't increasing very fast. Just follow the project and re-run the app as updates are available.

https://github.com/10se1ucgo/DisableWinTracking

  No.4357

>>4310
>I can only believe you're not arguing in good faith, when so much proof that Microsoft, Google, Apple, and these other technological companies shouldn't be trusted exists and yet you only ask for more and more.

Yet no proof was posted. And there are proofs on the internet means nothing. There are "proofs" that Moon landing is a fake, that 9/11 was an inside job, that homeopathy works, that Hitler did nothing wrong.

>Asking for evidence isn't wrong, of course, but you don't seem to want to accept anything less than a press release from Microsoft explaining in cold detail exactly how they help the NSA and other agencies.


That's great that you know what proof I will accept and post none of them anyway, just "Google it". You claimed something, you prove that it's true, otherwise it's just your conspiracy theory. I can also play this game.

Free software is a big security risk and software developers are employed by NSA. Google it.

  No.4768

>>4295
since ubuntu and it's dervirates are among the most popular distributions out there i'm pretty sure some autist already checked and keeps checking. i can't imagine canonical BTFO themselves by adding some bullsoykaf backdoor (it's not even an american company).