Jump to content

Sampei.Nihira

Member
  • Posts

    1,040
  • Joined

  • Last visited

  • Days Won

    30
  • Donations

    $0.00 
  • Country

    Italy

Posts posted by Sampei.Nihira

  1. 1 hour ago, Eddie Phizika said:

    Why exactly is it a security prerrogative dogma to be followed that anything running must be virtualized or sandboxed? Even the OS is advocated to be like that by some. It seems completely miraculous and unbelievable from a system architectural point of view. I will not mention the dubious doubt of firefox (from old to new) application containerization capabilities, which is a very chrome-biased and hotly contested idea.

    In simple words it can be explained in this way:

    All that is "contained" has no capacity to act at higher levels and thus interact with anything outside the container (short of a bypass, which is usually a bypass of the kernel as well).

    Firefox's sandbox has not yet reached the performance of Chrome's sandbox even in Linux.
    If you are interested in learning more here is a good read:

    https://madaidans-insecurities.github.io/firefox-chromium.html

    In my OS W.10 I use Edge,but if I used Firefox I would almost certainly use:

    https://sandboxie-plus.com/

    • Like 2
  2. My daughter's pc could no longer handle W.10.
    Now with Xubuntu 22.04 LTS it is almost faster than my 1-year-old pc.

    However from the security point of view alone Microsoft Apps are a big plus.
    They have an Integrity Level AppContainer (only some browsers,not Firefox, can achieve this IL).
    In Anti-exploit List they can count on a few more mitigations than other non-Microsoft apps.

    This is the main reason why I use the default apps to view videos,music.................

     

  3. 10 hours ago, NotHereToPlayGames said:

    ZERO effect.  Minor fluctuation is to be expected and the "Balanced" power plan and the "High performance" power plan are statistically identical.

    It can be argued that MAX minus MIN (for my SMALL sample size) is narrower for "High performance" than it is for "Balanced" (but what are a few hundred milliseconds when it takes the OS a full MINUTE to boot?).

    But it can also be argued that this sample size demonstrated an AVERAGE boot time for "Balanced" at 57.35 seconds, 0.09 seconds FASTER than the AVERAGE boot time for "High performance" at 57.44 seconds.

    Granted, I chose not to log dozens upon dozens of reboots with each.  But this seems more than enough to demonstrate ZERO effect.

    Boot time is the best "performance" indicator that I can think of because a "hundred" different processes are all fighting for CPU cylces in rapid succession.

    image.png.0be6dec2e107b76182d79c12e6cec01b.png

    Try to eliminate as much as possible at startup.

    Task Manager - Startup

    and see the startup impact of the list.

  4. 1 hour ago, NotHereToPlayGames said:

    I'm "new" to Win10 (outside of "default" LTSB install on work computer).  (edit - can't really call it "default" due to corporate IT "stuff" also on the work computer, but I don't have that on my Win10 reference home laptop.)

    The "pandemic" has enabled me the opportunity to install work's LTSB on one of my home laptops.

    I'm still in-process of tweaking, but so far I can barely beat ONE MINUTE for boot time - that is an ETERNITY when all of my XP machines boot between 18 and 34 SECONDS!

    My boot time ranges from 58 seconds to 62 seconds.  Basically double that of my XP boot times.

    image.png.d90c6425f6ddfe4f0e8145387a86def8.png

    Try to check if in power saving options (but in English it could be different) you have the balanced performance (it is the default) you enter the high performance:

    P.S.

    Is there an AV installed?
    Usually some AVs increase the boot time.

    5.jpg

  5. The simple modification to this registry key allows us combined ONLY if the UAC is set as a precaution of eventual bypass to the maximum value (always notify) to prevent the installation of unsigned malwares.
    I'm not sure (as I used to be) if the trick can be applied from Vista.
    If kindly some forum member can verify.

    In my time the possible modification was only manual.
    It is only necessary to change to 1 the value of defalt 0 of the registry key:

    1.jpg

    Today you can also use the Hard_Configurator software.

    To perform the simple and harmless test after this modification you can use the 7-zip software (which is unsigned) and try the installation.

    An anonymous (at least in the explanation) on-screen pop-up will notify you of the inability to install.

    All unsigned malwares will get the same treatment as 7-zip installer.

  6. I can tolerate W.10,but W.11 is very disturbing to me.
    The prevailing line followed by Microsoft is for me a jumble of styles (taken from other OS).
    Also the possibility to install Linux in Windows is something that disturbs me deeply.
    Just as dual boot has always bothered me.
    I see it as the Edge browser (a lot of bloatware) and I struggle to get rid of everything they add with each new version.
    I'll make it to 2025 with W.10 then decide.
    Probably in my only pc I have at home today (in the past I had also 4), I will install a Linux distro.
    The future is nebulous, and I will be getting older and older.:(
    Old people don't adapt well to young people's innovations.:no:

     

    • Like 1
  7. On 4/28/2022 at 9:35 PM, XPerceniol said:

    I'm sorry, I somehow missed your reply - thank you very much. For me, Peppermint OS and Zorin OS Are quite good. Manjaro was terrible IMO. For now, I only go with live sessions and remain with XP for the time being and use ArcticFoxie 360 Chrome and Roytam's Serpent and will hang in there as long as possible. Will likely keep XP even if online browsing becomes minimal and we'll see at that point what is the best option. Still not sure, actually.

    Just FYI..

    Linux Lite has ditched FF and went with google chrome as their default browser

    https://betanews.com/2022/04/25/linux-lite-6-0-rc1-google-chrome

    If you need - V5.8 64 Bit https://osdn.net/projects/linuxlite/storage/5.8/ still uses FF.

    Snap would not be a good reason.
    Besides, you can install FF as a Deb package.

    Probably a good reason would be what is written in the article below:

    https://madaidans-insecurities.github.io/firefox-chromium.html

    • Like 1
  8. I had missed this answer of yours.....is the age

    I had to update the configuration in my daughter's pc.
    The pc will move permanently (sigh!!) to my daughter's house, next saturday.

    This configuration allows for excellent usability and provides good protection:

    Xubuntu 22.04 LTS
    Strong password enabled
    Software Updates - LTS version notification
    Quad9 DNS
    UFW Firewall - enabled

    Google Chrome --disable-webgl --cipher-suite-blacklist=0x0035,0x002f,0xc014,0xc013

    • Javascript blocked for HTTP://*
    • Privacy Sandbox - disabled
    • Third party cookies enabled
    • Clears cookies and data from sites when you close
    • Secure DNS - DOH Quad9
    • Search Engine and Home web-page DuckDuckGo
    • Always HTTPS

    Chrome://flags - Enabled:

    • Block scripts loaded via document.write
    • Strict-Origin-Isolation
    • Parallel downloading
    • Reduce User-Agent request header
    • Enable CSS Container Queries
    • Disable subframe process reuse

    Extensions:

    • Speed Dial [FVD]
    • Stream Recorder
    • VideoDownloadHelper
    • Don't add custom search engines
    • Decentraleyes
    • Ublock Origin in Hard Mode - with TLD by Kees1958:

    * * 3p block
    * * 3p-frame block
    * * 3p-script block
    * com * noop
    * edu * noop
    * eu * noop
    * gov * noop
    * inf * noop
    * io * noop
    * it * noop
    * net * noop
    * org * noop

     

    Linux.png

    • Like 1
  9. 4 hours ago, UCyborg said:

    uBlock Origin is enough for strong protection against Web tracking message. You're using tricks for randomized fingerprint, aren't you?

    About Edge and extension policies, with policies in general, some just aren't followed unless you're joined to a domain (or so it's written). I have "Configure extension management settings" policy set containing JSON specifying all extensions with "override_update_url" set to "true" and "update_url" set to locally hosted updates.xml file, along with this trick applied, but it doesn't care.

    There should be some better way than blocking access to clients2.google.com or side-loading the extensions.

    I use a promising extension.
    Its development is followed by Giorgio Maone (Noscript's developer) who helped me especially in a bug for documentation, I have already reported a couple of bugs that have been corrected.
    In my opinion it should be used in chrome-based browsers but it is also available for firefox-based browsers.

    Want to know what it is?

    • Like 1
  10. No, I don't have a list.
    But you can find a lot of settings in the softwares I wrote down.
    Other settings I disable for knowledge.
    Example I disable all services I don't use even if probably my services are in Italian and there is not a perfect translation match with your English services.
    Example:

    Connected user experiences and telemetry - disabled

    I can give you the security configuration of a very meticulous user, maybe it can help:

     

    https://malwaretips.com/threads/securekongos-computer-security-config-2022.105925/


    I also make some of those changes but I don't write them down in a list because it would be mile long.
    As email client I use Thunderbird could be of help this js:

     

    https://github.com/HorlogeSkynet/thunderbird-user.js/blob/master/user.js

    Another example, to open the PDF saved in the pc (offline) I use SumatraPDF.
    I have set in the firewall the block of the connections in/out.
    I put the software in the anti-exploit list (if you have WD you can use the anti-exploit settings of SecureKongo for Firefox) and I put SumatraPDF in the LocalLow folder to lower the Integrity Level of the software to "Low" instead of the normal value "Medium" in the Standard Account (I would never use an Administrator Account).
    I've been doing these settings all my life........don't need to write them down in a list.

    Sorry.

     

     

  11. I took about 1 month.
    I, as you can imagine, like to harden not only the OS but also the most security/privacy sensitive softwares.
    You at least from the points that you have listed it certainly takes less time.

    Can I give you an advice?
    If you have to install in 2 pc an updated operating system, I would opt for a single pc with W.10.
    In the other I would install W.11 or a Linux distro.:hello:

  12. I had the same problem in July 2021.
    But everything was quicker and more painless than expected.

    It may be an idea, although personally I prefer to do everything by hand:

     

     

    https://www.oo-software.com/en/shutup10

     

    For the browser I use, it's better to do it by hand to avoid the "managed by your organization" message as much as possible.

    _________________________________________________________________

     

    Another way to speed up is to backup/restore any settings in UBlock Origin,if used in the browser.

     

    _______________________________________________________________

    Other software that can speed up the setting of the Microsoft Firewall and WD is this:

     

    https://github.com/AndyFul/Hard_Configurator

     

    Firewall rules are not deleted even in case of a major system upgrade.

    I recommend the use of HC.:yes:

     

     

     

     

  13. 6 hours ago, UCyborg said:

    github-wc-polyfill for one. Maybe I read you wrong, I interpreted it as you got Serpent 52 addons working in Mypal 68.

    I tried Skype, spoofing newer Firefox 96 got it to detect microphone, doesn't detect speakers/headphones though.

    :yes:

    Interesting,you could open an issue to report this lack of functionality.
    And improve the future development of the browser.

    Also I have recently reported to the developer of an extension that I use (with the help of Giorgio Maone the developer of Noscript) a problem.

  14. Yes indeed WEBGL and WEBRTC can put privacy at risk.
    But you have to consider that for the fact that you use XP + a browser that is not the usual standard one used by most of those who surf the internet today you are certainly more visible (for example than me) to the fingerprint.

  15. 2 hours ago, dmiranda said:

    Blocking tracking ads?Yes

    Blocking invisible trackers?Yes

    Protecting you from fingerprinting?Your browser has a nearly-unique fingerprint [changs every time]

    Thanks for the test.:)
    Is it not possible to get a better result for fingerprinting?
    I read that the new Mypal release released yesterday finally has WEBRTC.



×
×
  • Create New...