[Windows 11 , The Worst Crap Ever]

1 hour ago, Eddie Phizika said:

Why exactly is it a security prerrogative dogma to be followed that anything running must be virtualized or sandboxed? Even the OS is advocated to be like that by some. It seems completely miraculous and unbelievable from a system architectural point of view. I will not mention the dubious doubt of firefox (from old to new) application containerization capabilities, which is a very chrome-biased and hotly contested idea.

In simple words it can be explained in this way:

All that is "contained" has no capacity to act at higher levels and thus interact with anything outside the container (short of a bypass, which is usually a bypass of the kernel as well).

Firefox's sandbox has not yet reached the performance of Chrome's sandbox even in Linux.
If you are interested in learning more here is a good read:

https://madaidans-insecurities.github.io/firefox-chromium.html

In my OS W.10 I use Edge,but if I used Firefox I would almost certainly use:

https://sandboxie-plus.com/

[Windows 11 , The Worst Crap Ever]

My daughter's pc could no longer handle W.10.
Now with Xubuntu 22.04 LTS it is almost faster than my 1-year-old pc.

However from the security point of view alone Microsoft Apps are a big plus.
They have an Integrity Level AppContainer (only some browsers,not Firefox, can achieve this IL).
In Anti-exploit List they can count on a few more mitigations than other non-Microsoft apps.

This is the main reason why I use the default apps to view videos,music.................

 

[MSFN on:]

Opera browser in Android:

[Windows 11 , The Worst Crap Ever]

Last question then I'll close.
Be patient....
Is fast startup enabled?

[Windows 11 , The Worst Crap Ever]

10 hours ago, NotHereToPlayGames said:

ZERO effect.  Minor fluctuation is to be expected and the "Balanced" power plan and the "High performance" power plan are statistically identical.

It can be argued that MAX minus MIN (for my SMALL sample size) is narrower for "High performance" than it is for "Balanced" (but what are a few hundred milliseconds when it takes the OS a full MINUTE to boot?).

But it can also be argued that this sample size demonstrated an AVERAGE boot time for "Balanced" at 57.35 seconds, 0.09 seconds FASTER than the AVERAGE boot time for "High performance" at 57.44 seconds.

Granted, I chose not to log dozens upon dozens of reboots with each.  But this seems more than enough to demonstrate ZERO effect.

Boot time is the best "performance" indicator that I can think of because a "hundred" different processes are all fighting for CPU cylces in rapid succession.

Try to eliminate as much as possible at startup.

Task Manager - Startup

and see the startup impact of the list.

[Windows 11 , The Worst Crap Ever]

1 hour ago, NotHereToPlayGames said:

I'm "new" to Win10 (outside of "default" LTSB install on work computer).  (edit - can't really call it "default" due to corporate IT "stuff" also on the work computer, but I don't have that on my Win10 reference home laptop.)

The "pandemic" has enabled me the opportunity to install work's LTSB on one of my home laptops.

I'm still in-process of tweaking, but so far I can barely beat ONE MINUTE for boot time - that is an ETERNITY when all of my XP machines boot between 18 and 34 SECONDS!

My boot time ranges from 58 seconds to 62 seconds.  Basically double that of my XP boot times.

Try to check if in power saving options (but in English it could be different) you have the balanced performance (it is the default) you enter the high performance:

P.S.

Is there an AV installed?
Usually some AVs increase the boot time.

[Validate Admin Code Signatures]

Thanks for the confirmation that it works in Vista.
Yes it is an odd alert.
Thanks again time traveler.

[Validate Admin Code Signatures]

The simple modification to this registry key allows us combined ONLY if the UAC is set as a precaution of eventual bypass to the maximum value (always notify) to prevent the installation of unsigned malwares.
I'm not sure (as I used to be) if the trick can be applied from Vista.
If kindly some forum member can verify.

In my time the possible modification was only manual.
It is only necessary to change to 1 the value of defalt 0 of the registry key:

Today you can also use the Hard_Configurator software.

To perform the simple and harmless test after this modification you can use the 7-zip software (which is unsigned) and try the installation.

An anonymous (at least in the explanation) on-screen pop-up will notify you of the inability to install.

All unsigned malwares will get the same treatment as 7-zip installer.

[Windows 11 , The Worst Crap Ever]

I can tolerate W.10,but W.11 is very disturbing to me.
The prevailing line followed by Microsoft is for me a jumble of styles (taken from other OS).
Also the possibility to install Linux in Windows is something that disturbs me deeply.
Just as dual boot has always bothered me.
I see it as the Edge browser (a lot of bloatware) and I struggle to get rid of everything they add with each new version.
I'll make it to 2025 with W.10 then decide.
Probably in my only pc I have at home today (in the past I had also 4), I will install a Linux distro.
The future is nebulous, and I will be getting older and older.
Old people don't adapt well to young people's innovations.

 

[LinuxLite]

On 4/28/2022 at 9:35 PM, XPerceniol said:

I'm sorry, I somehow missed your reply - thank you very much. For me, Peppermint OS and Zorin OS Are quite good. Manjaro was terrible IMO. For now, I only go with live sessions and remain with XP for the time being and use ArcticFoxie 360 Chrome and Roytam's Serpent and will hang in there as long as possible. Will likely keep XP even if online browsing becomes minimal and we'll see at that point what is the best option. Still not sure, actually.

Just FYI..

Linux Lite has ditched FF and went with google chrome as their default browser

https://betanews.com/2022/04/25/linux-lite-6-0-rc1-google-chrome

If you need - V5.8 64 Bit https://osdn.net/projects/linuxlite/storage/5.8/ still uses FF.

Snap would not be a good reason.
Besides, you can install FF as a Deb package.

Probably a good reason would be what is written in the article below:

https://madaidans-insecurities.github.io/firefox-chromium.html

[LinuxLite]

I had missed this answer of yours.....is the age

I had to update the configuration in my daughter's pc.
The pc will move permanently (sigh!!) to my daughter's house, next saturday.

This configuration allows for excellent usability and provides good protection:

Xubuntu 22.04 LTS
Strong password enabled
Software Updates - LTS version notification
Quad9 DNS
UFW Firewall - enabled

Google Chrome --disable-webgl --cipher-suite-blacklist=0x0035,0x002f,0xc014,0xc013

• Javascript blocked for HTTP://*
• Privacy Sandbox - disabled
• Third party cookies enabled
• Clears cookies and data from sites when you close
• Secure DNS - DOH Quad9
• Search Engine and Home web-page DuckDuckGo
• Always HTTPS

Chrome://flags - Enabled:

• Block scripts loaded via document.write
• Strict-Origin-Isolation
• Parallel downloading
• Reduce User-Agent request header
• Enable CSS Container Queries
• Disable subframe process reuse

Extensions:

• Speed Dial [FVD]
• Stream Recorder
• VideoDownloadHelper
• Don't add custom search engines
• Decentraleyes
• Ublock Origin in Hard Mode - with TLD by Kees1958:

* * 3p block
* * 3p-frame block
* * 3p-script block
* com * noop
* edu * noop
* eu * noop
* gov * noop
* inf * noop
* io * noop
* it * noop
* net * noop
* org * noop

 

[Microsoft Edge Chromium (Updated: May 17th, 2022)]

https://jshelter.org/

[Microsoft Edge Chromium (Updated: May 17th, 2022)]

4 hours ago, UCyborg said:

uBlock Origin is enough for strong protection against Web tracking message. You're using tricks for randomized fingerprint, aren't you?

About Edge and extension policies, with policies in general, some just aren't followed unless you're joined to a domain (or so it's written). I have "Configure extension management settings" policy set containing JSON specifying all extensions with "override_update_url" set to "true" and "update_url" set to locally hosted updates.xml file, along with this trick applied, but it doesn't care.

There should be some better way than blocking access to clients2.google.com or side-loading the extensions.

I use a promising extension.
Its development is followed by Giorgio Maone (Noscript's developer) who helped me especially in a bug for documentation, I have already reported a couple of bugs that have been corrected.
In my opinion it should be used in chrome-based browsers but it is also available for firefox-based browsers.

Want to know what it is?

[Microsoft Edge Chromium (Updated: May 17th, 2022)]

There are 8 policies for extensions.
See if any of these can be useful to you.
 

https://docs.microsoft.com/en-us/deployedge/microsoft-edge-policies

[Microsoft Edge Chromium (Updated: May 17th, 2022)]

Interesting result with Edge on the test:

https://coveryourtracks.eff.org/

 

[Export / Import Win10 Settings]

No, I don't have a list.
But you can find a lot of settings in the softwares I wrote down.
Other settings I disable for knowledge.
Example I disable all services I don't use even if probably my services are in Italian and there is not a perfect translation match with your English services.
Example:

Connected user experiences and telemetry - disabled

I can give you the security configuration of a very meticulous user, maybe it can help:

 

https://malwaretips.com/threads/securekongos-computer-security-config-2022.105925/

I also make some of those changes but I don't write them down in a list because it would be mile long.
As email client I use Thunderbird could be of help this js:

 

https://github.com/HorlogeSkynet/thunderbird-user.js/blob/master/user.js

Another example, to open the PDF saved in the pc (offline) I use SumatraPDF.
I have set in the firewall the block of the connections in/out.
I put the software in the anti-exploit list (if you have WD you can use the anti-exploit settings of SecureKongo for Firefox) and I put SumatraPDF in the LocalLow folder to lower the Integrity Level of the software to "Low" instead of the normal value "Medium" in the Standard Account (I would never use an Administrator Account).
I've been doing these settings all my life........don't need to write them down in a list.

Sorry.

 

 

[Export / Import Win10 Settings]

I took about 1 month.
I, as you can imagine, like to harden not only the OS but also the most security/privacy sensitive softwares.
You at least from the points that you have listed it certainly takes less time.

Can I give you an advice?
If you have to install in 2 pc an updated operating system, I would opt for a single pc with W.10.
In the other I would install W.11 or a Linux distro.

[Export / Import Win10 Settings]

By hand, best solution of success/customization.

I don't even use some proven js for hardening of some softwares, example the email client.

[Export / Import Win10 Settings]

I had the same problem in July 2021.
But everything was quicker and more painless than expected.

It may be an idea, although personally I prefer to do everything by hand:

 

 

https://www.oo-software.com/en/shutup10

 

For the browser I use, it's better to do it by hand to avoid the "managed by your organization" message as much as possible.

_________________________________________________________________

 

Another way to speed up is to backup/restore any settings in UBlock Origin,if used in the browser.

 

_______________________________________________________________

Other software that can speed up the setting of the Microsoft Firewall and WD is this:

 

https://github.com/AndyFul/Hard_Configurator

 

Firewall rules are not deleted even in case of a major system upgrade.

I recommend the use of HC.

 

 

 

 

[MyPal 68]

6 hours ago, UCyborg said:

github-wc-polyfill for one. Maybe I read you wrong, I interpreted it as you got Serpent 52 addons working in Mypal 68.

I tried Skype, spoofing newer Firefox 96 got it to detect microphone, doesn't detect speakers/headphones though.

Interesting,you could open an issue to report this lack of functionality.
And improve the future development of the browser.

Also I have recently reported to the developer of an extension that I use (with the help of Giorgio Maone the developer of Noscript) a problem.

[MyPal 68]

Yes indeed WEBGL and WEBRTC can put privacy at risk.
But you have to consider that for the fact that you use XP + a browser that is not the usual standard one used by most of those who surf the internet today you are certainly more visible (for example than me) to the fingerprint.

[MyPal 68]

2 hours ago, dmiranda said:

Blocking tracking ads?Yes

Blocking invisible trackers?Yes

Protecting you from fingerprinting?Your browser has a nearly-unique fingerprint [changs every time]

Thanks for the test.
Is it not possible to get a better result for fingerprinting?
I read that the new Mypal release released yesterday finally has WEBRTC.

[MyPal 68]

Hi guys,has anyone done any testing against trackers + fingerprint?

 

https://coveryourtracks.eff.org/

[Palemoon drama has gotten bad]

P.S.

If any MFSN members have problems downloading, Mypal can also be downloaded here:

https://github.com/Feodor2/Mypal/issues/64

 

[Don't add custom search engines to browsers Chrome-based]

It bothers me a lot every now and then to eliminate from the list of the search engines, some personalized engines added without my consent in the normal navigation.

You can use this extension to eliminate this inconvenience:

 

https://chrome.google.com/webstore/detail/dont-add-custom-search-en/dnodlcololidkjgbpeoleabmkocdhacc?ucbcb=1

 

But is there another valid method without using any extension?