So I only use Windows 10 for gaming, but curious to see if anyone has any resources for hardening Windows 10?
hardening means to secure against intruders. If you use windows 10, the fox is in the henhouse.
You can look in removing the telemetry.
Take a sensual voice and whisper you personal informations in your microphone.
Joke aside I’ve seen winutil recommended often, might be worth to take a look https://github.com/ChrisTitusTech/winutil
That thing is paid, but probably nice
It’s free If you copy one command into powershell.
From there you can even create a shortcut on the desktop.
Wait what? Since when? Crazy
It was always free. The paid version is just a donation if you support the project and want to keep it going, but you can use it for free, look at the source code, modify it, redistribute it, you can do with it whatever you want. It’s under the MIT license.
Delete the partitions it’s installed on and install a Linux distro
Ugh. Even as a Linux user, I find people giving this knee-jerk response insufferable…
Agreed. It’s so annoying and not helpful in the slightest.
Basically this: https://imgur.com/QEOYcAD.png
This is the answer.
Privacy or security hardening?
If you’re just using Windows for gaming, and you’re only on game markets like Steam and maybe video/audio streaming services while gaming then you’re probably pretty secure. As far as if you’re just installing games, then there’s not really too many inroads for malware outside of a market like Steam or the particular game company getting compromised, which would have issues regardless of which OS you’re using them on. Windows 10 already has anti-virus built in and UAC so you’re probably just about there already. I say this as a die hard Linux advocate: the idea that Windows is wildly insecure when compared to Linux/Mac/BSDs is incorrect as far as I know and is just a myth from back when nobody cared about writing malware for anything other than Windows.
If you’re also web browsing, I’d say having a well configured browser would be good to do, and making sure you are regularly updating/auto updating Windows and other software. Also, if you play a lot of online games and end up opening up port forwarding or something similar just be conscious of it and make sure to do something like that right and limit what kind of attack surface you’re opening up.
If you’re thinking privacy, I did just do a blog post about Win 11 which is similar, but I have a feeling if you’re on Lemmy you’re already familiar with what the basics the post includes: get a decently configured browser, toggle off as many privacy invasive settings as you can, disable the telemetry service, and try to limit the bloat Microsoft likes to include during or after installation.
I’d also very carefully vet any sort of scripts, custom ISOs, and the like if you choose to use them. You’d be putting a lot of faith on whoever made them. And probably don’t worry about VPNs and such, they’re not going to do anything to hide the fact that you (presumably) purchased games under your name and you’re using your account to play them.
I’m typing this up on the fly and by no means the leading expert in the field, but these would probably get you a good 95% there. Happy gaming
deleted by creator
Honestly with the way chips are these days I would virtualized it and sandbox the fuck out of it. Use what I absolutely cannot do on Linux and start moving over permanently.
It’ll take time, but you’ll eventually shed your reliance on the MS mothership and just enjoy computing for what it should be, not a gateway to ad revenue and invasive surveillance.
Grab a live CD, toss it on a USB stick and take Ubuntu for a spin. It’s insanely impressive even in RAM lol.
Lots of shitcomments here, but in theory I agree use Linux. Lol but thats not an option for all tools poorly so:
- enable everything apart freakin browser scanning or cloud based “security” in the security settings. Also this code execution protection and all that.
- do security updates
- use a non admin account I guess? Clicking on ‘okay’ is not a security measurement??
- only install software from very trusted sources. Poorly I havent got chocolatey to run, thats the only good one. The MS store sucks
- debloat as many apps as possible as they are not needed
The default firewall is secure, but you may want to improve privacy by using Portmaster. SimpleWall always launches a few seconds after system boot and I need to accept it, so I dont trust its capabilities really.
You may want to disable this .exe scanning before installation, as its pure tracking, but this will reduce security.
On Windows all main apps have their own updaters as there is no working package management. This is crazy, as all apps need internet access, but well.
Microsoft store apps poorly cant really be recommended. Avoid rootkits like Adobe suite, ArcGIS Pro, weird games etc. Even if they are in that store they will just have an installer there and plant themselves into your system like crazy. Also afaik all browsers in that store are using Edge Webview, like on iOS.
Remove as much as you can, use BulkCrapUninstaller for that. Edge can be completely purged by plugging the disk into a linux machine and deleting its exe under something like C:/Programs/…
I wonder what % of windows “users” couldn’t even figure out how to burn a windows recovery ISO to a USB, nevermind Linux. Lol.
I kid. But also curious.
I use Bazzite BTW:
I am on Kinoite, decided against ublue and layering only “libavcodec-freeworld” and a few others instead.
Take a look at ameliorated.io
If you don’t want to put in the effort, the most time efficient way is just to install windows 10 LTSC (long term support), and slapping portmaster or adguard on it, with some telemetry-blocking DNS.
Feel free to ask for more info if you’d like to know more
Removed by mod
I don’t know about ansible, sorry
Ame provides a wizard that runs with fairly elevated permissions to apply a set of scripts to the system.
The changes are more or less radical depending on the playbook (the set of scripts) you choose.
I’ve been using AME 10 for some years now and I’ve been really enjoying it. It removes windows update, ms store, XBOX apps and all windows telemetry and ads.
Very polished experience overall, but not recommended to those who do not want or know how to mantain their system (stuff installed through chocolatey needs to be manually updated through CLI, even auto updating software, and you might need to find alternative apps to do stuff if the original ones are too integrated into the system, like Minecraft launcher)
I use a simple bash script on my parents pc and schedule cup all -y with windows scheduler. No longer on call IT support :)
By switching to Linux, lol. Seriously though, most games do run on Linux now, so you might want to take a serious look.
Windows Ameliorated
iirc there’s also hardentools for windows
No
I used this script previously and would recommend it, but note it has been archived for now (won’t be updated unless someone maintains a fork).
You might want to check out this github link privacy.sexy. It has a bunch if scripts to do all sorts of things. It also has a GUI to customize your script the way you want. Disable telemetry, uninstall default programs like edge and skype. You can setup a task to run on interval’s of your choosing.
I run Linux on all my computers but one tablet/computer and have used privacy.sexy since I bought it. It seems to work well and you can roll back your changes you make if you like or if their script brakes something you need.
By installing Linux on top of it.
You can harden and make more private Windows10, there existen even a lot of FOSS tools to do it, like https://github.com/hellzerg/optimizer (one of the best), avoid as much as possible the MS Store and less as possible proprietary apps. In this point in Windows there is a big advantage, no other OS has the amount of FOSS than Windows, not even Linux.
Install Portmaster, with this you can controll and if need also block, every byte which go out or in, in the net traffic of every app. ts also OpenSource, only if you use also it’s SPN you need to pay a monthly fee (its like a VPN on steroids), but also without is a pretty good Tool to tame Windows https://safing.io.
Desactivate any Service and App which you don’t use (eg. the hibernation service is a big resource hog, because create a copy of every app you open, that mean, every app use the doble of RAM, and also the index service, which, at least with an SSD isn’t really needed, it only permits to find files some seconds faster in the explorer. Only with these both, yo will increase the speed of Windows 20-30% and free a lot of RAM). More if you desactivate animations, transparecies and services “to improve the user experience” crap.
Activate GodMode, with this you have access to all the settings (over 200), even the hidden ones. Its easy:
- Create a new folder anywhere you want
- Rename it to
GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}
(copy paste this as is)
Done. The folder has change it’s icon and when you open it, you have a large list, ordered by topics, of all existing settings in Windows.
Don’t forget, although the aforementioned tools are safe, easy and intuitive to use, it is always a good idea to create a restore point before messing with the guts of Windows.
Don’t install anything on it…
If you’re only using it for gaming, does it need to be hardened?
My thought would be yes. Personality I don’t trust games requiring internet that have no online functionality or when using non multiplayer modes.
Installing mods from nexus in the past I have ran into several PUA and one virus modding original skyrim years ago. These were rare though and I haven’t run into one in a while. I’m an avid modder running 400+ mods in skyrimAE and fo4. Most mod makers just want to make the game better but there is potential for those who have other thing on their minds.
I have also seen on r/piracy that rock star was supposedly selling cracked copies on steam. While I don’t believe all cracked copies contain malicious scripts, viruses, rootkits etc the potential is there and sometimes what you might think are trusted sources might not be so trustworthy.
On Linux I run steam in a sandbox often disallowing internet. Whatever data collection is limited to playtime and in game choices.
It all boil’s down to trust and there bring money and motive in the breach thereof. Multimillion dollar companies have shown their greed and I have removed my trust.