Sampei.Nihira

Guys, I found out today that it is possible to enable the sandbox to "Network Service" in the latest stable version of Edge when the policy reports that it would be available from version 102: https://docs.microsoft.com/en-us/deployedge/microsoft-edge-policies#networkservicesandboxenabled To check: Edge://sandbox To enter the registry key: HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Edge

In simple words it can be explained in this way: All that is "contained" has no capacity to act at higher levels and thus interact with anything outside the container (short of a bypass, which is usually a bypass of the kernel as well). Firefox's sandbox has not yet reached the performance of Chrome's sandbox even in Linux. If you are interested in learning more here is a good read: https://madaidans-insecurities.github.io/firefox-chromium.html In my OS W.10 I use Edge,but if I used Firefox I would almost certainly use: https://sandboxie-plus.com/

My daughter's pc could no longer handle W.10. Now with Xubuntu 22.04 LTS it is almost faster than my 1-year-old pc. However from the security point of view alone Microsoft Apps are a big plus. They have an Integrity Level AppContainer (only some browsers,not Firefox, can achieve this IL). In Anti-exploit List they can count on a few more mitigations than other non-Microsoft apps. This is the main reason why I use the default apps to view videos,music.................

Opera browser in Android:

Last question then I'll close. Be patient.... Is fast startup enabled?

Try to eliminate as much as possible at startup. Task Manager - Startup and see the startup impact of the list.

Try to check if in power saving options (but in English it could be different) you have the balanced performance (it is the default) you enter the high performance: P.S. Is there an AV installed? Usually some AVs increase the boot time.

Thanks for the confirmation that it works in Vista. Yes it is an odd alert. Thanks again time traveler.

The simple modification to this registry key allows us combined ONLY if the UAC is set as a precaution of eventual bypass to the maximum value (always notify) to prevent the installation of unsigned malwares. I'm not sure (as I used to be) if the trick can be applied from Vista. If kindly some forum member can verify. In my time the possible modification was only manual. It is only necessary to change to 1 the value of defalt 0 of the registry key: Today you can also use the Hard_Configurator software. To perform the simple and harmless test after this modification you can use the 7-zip software (which is unsigned) and try the installation. An anonymous (at least in the explanation) on-screen pop-up will notify you of the inability to install. All unsigned malwares will get the same treatment as 7-zip installer.

I can tolerate W.10,but W.11 is very disturbing to me. The prevailing line followed by Microsoft is for me a jumble of styles (taken from other OS). Also the possibility to install Linux in Windows is something that disturbs me deeply. Just as dual boot has always bothered me. I see it as the Edge browser (a lot of bloatware) and I struggle to get rid of everything they add with each new version. I'll make it to 2025 with W.10 then decide. Probably in my only pc I have at home today (in the past I had also 4), I will install a Linux distro. The future is nebulous, and I will be getting older and older. Old people don't adapt well to young people's innovations.

Snap would not be a good reason. Besides, you can install FF as a Deb package. Probably a good reason would be what is written in the article below: https://madaidans-insecurities.github.io/firefox-chromium.html

I had missed this answer of yours.....is the age I had to update the configuration in my daughter's pc. The pc will move permanently (sigh!!) to my daughter's house, next saturday. This configuration allows for excellent usability and provides good protection: Xubuntu 22.04 LTS Strong password enabled Software Updates - LTS version notification Quad9 DNS UFW Firewall - enabled Google Chrome --disable-webgl --cipher-suite-blacklist=0x0035,0x002f,0xc014,0xc013 Javascript blocked for HTTP://* Privacy Sandbox - disabled Third party cookies enabled Clears cookies and data from sites when you close Secure DNS - DOH Quad9 Search Engine and Home web-page DuckDuckGo Always HTTPS Chrome://flags - Enabled: Block scripts loaded via document.write Strict-Origin-Isolation Parallel downloading Reduce User-Agent request header Enable CSS Container Queries Disable subframe process reuse Extensions: Speed Dial [FVD] Stream Recorder VideoDownloadHelper Don't add custom search engines Decentraleyes Ublock Origin in Hard Mode - with TLD by Kees1958: * * 3p block * * 3p-frame block * * 3p-script block * com * noop * edu * noop * eu * noop * gov * noop * inf * noop * io * noop * it * noop * net * noop * org * noop

https://jshelter.org/

I use a promising extension. Its development is followed by Giorgio Maone (Noscript's developer) who helped me especially in a bug for documentation, I have already reported a couple of bugs that have been corrected. In my opinion it should be used in chrome-based browsers but it is also available for firefox-based browsers. Want to know what it is?

There are 8 policies for extensions. See if any of these can be useful to you. https://docs.microsoft.com/en-us/deployedge/microsoft-edge-policies

Interesting result with Edge on the test: https://coveryourtracks.eff.org/

No, I don't have a list. But you can find a lot of settings in the softwares I wrote down. Other settings I disable for knowledge. Example I disable all services I don't use even if probably my services are in Italian and there is not a perfect translation match with your English services. Example: Connected user experiences and telemetry - disabled I can give you the security configuration of a very meticulous user, maybe it can help: https://malwaretips.com/threads/securekongos-computer-security-config-2022.105925/ I also make some of those changes but I don't write them down in a list because it would be mile long. As email client I use Thunderbird could be of help this js: https://github.com/HorlogeSkynet/thunderbird-user.js/blob/master/user.js Another example, to open the PDF saved in the pc (offline) I use SumatraPDF. I have set in the firewall the block of the connections in/out. I put the software in the anti-exploit list (if you have WD you can use the anti-exploit settings of SecureKongo for Firefox) and I put SumatraPDF in the LocalLow folder to lower the Integrity Level of the software to "Low" instead of the normal value "Medium" in the Standard Account (I would never use an Administrator Account). I've been doing these settings all my life........don't need to write them down in a list. Sorry.

I took about 1 month. I, as you can imagine, like to harden not only the OS but also the most security/privacy sensitive softwares. You at least from the points that you have listed it certainly takes less time. Can I give you an advice? If you have to install in 2 pc an updated operating system, I would opt for a single pc with W.10. In the other I would install W.11 or a Linux distro.

By hand, best solution of success/customization. I don't even use some proven js for hardening of some softwares, example the email client.

I had the same problem in July 2021. But everything was quicker and more painless than expected. It may be an idea, although personally I prefer to do everything by hand: https://www.oo-software.com/en/shutup10 For the browser I use, it's better to do it by hand to avoid the "managed by your organization" message as much as possible. _________________________________________________________________ Another way to speed up is to backup/restore any settings in UBlock Origin,if used in the browser. _______________________________________________________________ Other software that can speed up the setting of the Microsoft Firewall and WD is this: https://github.com/AndyFul/Hard_Configurator Firewall rules are not deleted even in case of a major system upgrade. I recommend the use of HC.

Interesting,you could open an issue to report this lack of functionality. And improve the future development of the browser. Also I have recently reported to the developer of an extension that I use (with the help of Giorgio Maone the developer of Noscript) a problem.

Yes indeed WEBGL and WEBRTC can put privacy at risk. But you have to consider that for the fact that you use XP + a browser that is not the usual standard one used by most of those who surf the internet today you are certainly more visible (for example than me) to the fingerprint.

Thanks for the test. Is it not possible to get a better result for fingerprinting? I read that the new Mypal release released yesterday finally has WEBRTC.

Hi guys,has anyone done any testing against trackers + fingerprint? https://coveryourtracks.eff.org/

P.S. If any MFSN members have problems downloading, Mypal can also be downloaded here: https://github.com/Feodor2/Mypal/issues/64