/cyb/ - cyberpunk and cybersecurity

Windows 7 gathers limited telemetry and has backdoors even without Windows 10 updates.
Stop larping and install a proper OS that respects your freedoms, or simply run this one in virtual machine without the need to "patch" or "harden".

>>1909

Pretty much this, even if windows 7 as limited telemetry in it compared to Windows 10 it's still is back door head to toes.

I'm sorry bud but the only solution you've got is to jump on the Gnu/Linux hype train.

>>1909
>>1910

>limited telemetry without updates
Yes I was already aware of this. However I was curious as to the prospect of further backdoors introduced by updates retroactively, and whether anybody had information on that.

>install leenux
I would, but there are applications that are not compatible with Wine or Linux proper that I will be running.

>install windows7 in VM
I had considered running Win7 inside of QEMU with PCI passthrough, or some other virtualization layer. However the lack of overhead in a baremetal install was appealing. Besides, that system would not be handling anything sensitive, so there would be no need for an underlying system to perform tasks I am not comfortable running on Win32.

>stop larping
What?

Just to clarify, I wasn't asking for "install linux hurr" responses. I was looking for information on specific updates.

>>1918

You could look into Tron it has .bat file that remove telemetry and it FOSS i believe.

As for backdoor introduce in updates is probably hard to know. What i'm aware is that even best cybersecurity engineer don't even know what is in these update so yes it's fair to assume there is high chance of backdoor in later update.

Anyway you might want to put more skill point in your google-fu

>>1909
Claiming Windows has backdoors while telling someone else to stop larping is hilarious. This backdoor meme is pure larping courtesy of /g/. There are all these backdoors because Windows isn't open sores, yet nobody can find any evidence of their existence and US intelligence agencies rely on exploits rather than these supposed backdoors to gain access to Windows systems.

>>1926
Did you ever notice a slight skin luminescence when lights are turned off?

>>1926

This as to be the most stupid thing i have ever heard from this place. I don't mean it in a offensive way but you clearly lack some knowledge to give people tips here.

You are right for one thing
>There are all these backdoors because Windows isn't open sores, yet nobody can find any evidence

Every single big advocate of privacy and security NEVER EVER EVER said that windows had backdoor. They said Windows is a UNTRUSTWORTHY OS, why? Simple because it isn't Free software.

Now that this point above is settle let dive into the reason why people has a tendency of not trusting Windows OS. One, Windows is proprietary which means it's fair to assume their is malicious code inside of it. two, a soykaf ton of documents show that Microsoft as a good tendency of helping triple letter agencies especially the one from the U.S.A. Three, the policy of Windows OS is clear and specific they collect data and additionnal stuff that isn't specify.

So it's fair to assume once again that Windows is a UNTRUSTWORTHY OS. Is it also fair to assume that Windows "COULD" have input a backdoor inside of the OS? Yes, absolutely.

On a more personal note i would even go as far as saying that since the operating system change so often it making it really difficult to find anything that could be pointing out to a backdoor i mean god Intel ME taken year before we knew the capability of it and even now we still don't know what it's capable of.

>>1906
>>1906
The very definition of polishing a turd; if you're going to use Windows don't bother wasting your time trying to "harden" it

> windows 7
there's your problem

>>1920
Thank you very much lainon!
That script was very enlightening, and was exactly what I was looking for.

As for everyone else derailing the thread, I hope you learn from >>1920 's example with other threads more important than mine :)

>All the posts in this thread

You know its one thing to be a 'strong advocate' for privacy and foss, and another to just soykaf in your hands and throw it around like monkeys everytime someone mentions something you disagree with, being entirely detrimental to a discussion that has nothing to do with you or your kind.

As for OP, personally I don't concern myself with updates later than sometime in 2014 so I can't help you there, other than recommend you find an image updated to 2014 and immediately remove windows update to prevent any more garbage coming in. My main focus is blocking all the ports I dont need, using a firewall and other ways to block ip's I don't want to deal with, like everything related to microsoft and its affiliates. I can't give you an exact name or location of all my lists because it's just something i've been gathering over time but they're out there. You might also want to go into your services lists and disable and uninstall everything that's not critical to the system's functioning. You can find this looking up non-critical windows services online. Basically forcefully remove anything that you don't need from your windows system to minimize your security problems. Really I wouldn't recommend any updates at all and just manually install the kbs you need if something actually doesn't work because of this. If it works without updates there's no reason to update.

Most likely there's no way to completely secure a windows system, no matter how hard you try. You can treat the symptoms but not the problem. If you don't absolutely need windows at all times, I'd recommend getting a lot of ram and passthrough windows vm from a loonix distro of your choice when you need your windows stuff.

What applications are you interested in running? And are you planning to give the system an internet connection?

>>1944
>If it works without updates there's no reason to update.
That's an interesting idea. I would imagine most security fixes through WSUS are local exploits and IE related, so it might just fit my threat model. I have an edge firewall that provides something of a sandbox for this machine anyways, so I've goot room to experiment. Thanks for the reply.

>>1945
Video processing related, gaymes, hashcracking stuff. Basically things that can take advantage of the GPU in the system. I think this would be the only thing stopping me from not updating the system– things like DirectX and MS C++ probably rely on SP1 and more recent KBs. From what I could see when I ran Tron in a vm, it removed some KBs so I guess that will have to do if the graphics drivers and 3D software complains.
And with gaymes comes internet, so yeah. But as I said before the network is not a security consideration, since it's all wired and I control it.

This is exactly what you're looking for: http://www.techproresearch.com/article/is-the-windows-10-long-term-servicing-branch-right-for-you/

Windows LTSB is a long term service branch for enterprise customers that doesn't come with cortana or feature updates or any of that other bullsoykaf. Pirate it and you're good.

fuck wrong thread

>>1948
Glhf anon!

>>1947
anyone running this?

>>1947
>>1951

It's still a microsoykaf release so no, this is definately not excluded from the botnet. Someone made a thread about an altered win10 image from which they've manually removed all the known telemetry and unnecessary programs leaving you with a bare OS but it doesn't seem to be on this website anymore. However the discussion still exists here https://applechan/%CE%A9/res/5131.html

I would still use the firewall for ltsb but it's their enterprise release so they have to allow full disabling of telemetry for their customers or else they lose $$$$$$$$$$

>>1928

>two, a soykaf ton of documents show that Microsoft as a good tendency of helping triple letter agencies especially the one from the U.S.A.

This point really can't be stressed enough. Microsoft managed to land a contract to be the official desktop OS of the entire US Department of Defense. (https://blogs.windows.com/windowsexperience/2016/02/17/us-department-of-defense-commits-to-upgrade-4-million-seats-to-windows-10/) No IT company wins that sort of contract without being a team player.

>>1906
If you're on Windows XP, there's not much to it. It's rock solid as an OS and it doesn't actively spy on you. Probably the last sane (and usable) OS from Microsoft.

For "hardening":
- Disable all unnecessary services especially ones that open ports. You should be left with a few essential ones running (RPC, audio, network).
- Disable NetBios (system driver, device manager, view hidden, find netbt) to shut 445.
- Disable DCOM (with GRC's DeCOMbobulator) to shut 135.
- At this point you shouldn't have any open ports listening.
- Disable Windows Update.
- Block Microsoft/Windows/Update domains with DNS or hosts file.
- Optional: Get a VM with Win 7 to run newer or untrusted software. Microsoft fucked up the executable format compiled on newer Visual Studios to force XP users to "upgrade". There's a DLL entry-point fix in the works similar to the one for W2K but I'm not holding my breath.

I found it impossible to harden anything Vista onwards although telemetry is essentially neutered by DNS blocking and the processes themselves can be stopped by spending some time in the Task Scheduler, Group Policy Manager and a few registry tweaks. The OS itself is still nasty and I wouldn't recommend it. If you still insist on using it and have the rectal fortitude required, enable the Admin account first thing and log in using that or Uncle Bill will push you around (it still will).

>>2018
>thread about windows 7
>talks about XP

uh

>>1928
>This as to be the most stupid thing i have ever heard from this place. I don't mean it in a offensive way but you clearly lack some knowledge to give people tips here.
Yes, clearly I lack the /g/ meme knowledge that every 31337 h4xx0r must possess. You people are fucking idiots and don't know soykaf about computers. This whole board is just bullsoykaf kiddie larping, just like /g/ and all its other spin-offs.

>>2190

Well if i don't know soykaf on computer how about you enlighten me with your lantern and show me how wrong i am?

You took time to made a post insulting me and people from here saying that we don't know anything, yet without a single arguments. Can you even see us from your high horse?

Please be constructive if you don't agree with what i said, that's okay but don't insult, use arguments, we're not on /g/ here.

>>2190
>this whole board is bullsoykaf kiddie larping
It's almost like by submitting content to the community, you improve it.

But you don't give a fuck about that.
You only care about your dream leetspace which will never fucking exist.

You're not some ubermench hacker. You're probably some garbo skid looking for a board full of "zomg here's my FUD RAT 0day."
Feel free to contribute, or stop bitching. You don't get to be complacent and complain with an audience that gives a soykaf.

The same fucking thing happened with
>lainchan

>you people
>>>8ch.net/baphomet/
you fucking null
go pop some honeypot, soykafter.

>>1926
Google Intel vPro, Intel ME
AMD has an equivalent. There's your backdoor

install gentoo

>>1906

Honestly, I'd just use Linux with KDE to make it feel like Windows. I'm not sure how much hardening you'll get out of a proprietary kernel. Do you have any software specific to Windows?

852eff0db84a65ddafb0e10b7bbdae58ede7b97b

9884