[steeples]

Windows 10 and previous versions are known to be SIGINT enabled either by design, or by accident. It would be very cloak and dagger to say by design, but certainly more plausible to say by accident. There are numerous ways to harden Windows however, and depending on how much time and money you're willing to invest; you can get a pretty robust setup. Personally I use Zemana Antilogger (try to get an older copy - the new one is possibly backdoored). Download this: http://hardenwindows8forsecurity.com/ (Some of the settings still apply on Win10 I think). And buy the new version of Glasswire: https://www.glasswire.com/ (Super handy utility that stops all the phone behavior of Win10 that can get quite intrusive/invasive). There are many other hacks to harden Windows but I won't go into them here. But you can have those ones for free...

Here's Antilogger: https://www.zemana.com/AntiLoggerFree Please avoid the new version, as it's probably weakened by ICs. I'm sure an older copy is lying around the net somewhere.

[mattdotc]

I have a hard time trusting either Glasswire and Antilogger without seeing the source (especially since you mentioned possible backdoors in the same breath as your recommendation).

Your first link looks like it's just a pack of local policies, so I suppose there's some value, if that's the case, for people who don't want to go through with learning how to set that up.

[steeples]

It might be closed source, but that does not equate to 'bad'. It doesn't contain too many smaller parts it is easy to analyze what the binary is doing. It does attempt to update, but this behavior can be blocked. Binary blobs do not have to be a black box, and it is trivial to open up Antilogger in OllyDBG and see what it is doing under the hood. It might sound like I'm fumbling around in the dark here, and I admit I am; but Antilogger is one of the first ten programs I install on a fresh Windows install.

Regular electronics consumers are not going to buy a Thinkpad with FreeBSD on it, and then house the laptop in a Faraday cage to airgap it. It. Does. Not. Happen.

[emodendroket]

> Regular electronics consumers are not going to buy a Thinkpad with FreeBSD on it, and then house the laptop in a Faraday cage to airgap it. It. Does. Not. Happen.

Nobody said it would but "regular electronics consumers" also aren't reading this thread and don't have much to do with the post you're replying to.

[mosselman]

Oh now I can finally install the OS that will try everything to unearth what I do on my computer... Oh wait, of course I wont.

This is such nonsense. It is like saying 'Hey, there is no problem with living in a glass house where everyone can see you go to the bathroom, you can just put up some curtains.'

[steeples]

I'm not defending M$ here at all. I'm just saying if people are going to use WinAll, there are rudimentary and basic things to install before using it. Otherwise it's like sex without a condom...

[emodendroket]

Why should I trust Zemana more than Microsoft? You're already suggesting at least the latest version is compromised. Then the other question becomes how I know the older copy I get is genuine and not also compromised.

[steeples]

The older version is blacklisted by the NSA. They don't like people using it. Leaked Snowden documents prove this.