Security: from Linux to Windows

[CircleJerk]

I'm looking for a "Windows for Linux users" kinda of guide, any suggestions? I'm not talking about how to use the OS, but how to protect myself from it.

My new job "requires" that I move to Windows ASAP but I'm worried about all the cloud stuff. I'm waiting for the Windows 10 release to start the dual boot pain.

- Is there a "Microsoft Block" list for the hosts files for all the cloud, ads on MS apps (like Skype) and data collection stuff? That would still allow me to receive updates

- I hate everything about Antivirus software. Is there any lightweight solution? Any options besides UAC on max level to increase security?

- For shaddy .exe's, is there a battle tested sandbox solution or I'm gonna need a VM? Is it worth paying for Sandboxie?

- Windows Firewall: good enough?

Feel free to share your experiences about switching to Windows, security related or not.

Thanks!

[LarryMade2]

Setup a limited user account and use that to work and surf from, that keeps bad programs from jacking your access rights.

Never use Internet Explorer (well, only to install another browser - make sure you get it from the official site, there are so many underhanded browser/utility download sites there.)

Install the adblock plugin on Firefox

MS Security essentials is good

use Malware Bytes - it will catch a lot of stuff.

When in doubt (especially on suspicious messages,) do nothing, shut down and reboot.

Be prepared to wait a lot for updates to complete

If you can avoid outlook, go with Thunderbird, otherwise be wary of emails (addresses are hidden)

Turn "on" view all file extensions in folder options.

Be very wary on installer dialogs, some have checkboxes you need to uncheck to not install additional unwanted things, others frontload installers for unwanted apps ahead of the main installer, etc.

Make sure you keep acrobat, flash, office, java, etc. updated.

If you don’t just click on any link you will be fine for the most part, a lot of the traps are crafted to get the rubes, be careful on clickbait.

[higherpurpose]

Create a Standard user account after the default Admin one. Use that.

Use EMET on max settings.

Try to use whitelists if possible (AppLocker). Relevant post: https://community.spiceworks.com/how_to/59664-free-almost-pe...

I would use Avira over Microsoft's default antivirus. Use Malwarebytes.

Always stay up to date.

You can try GlassWire as well for easy monitoring of your traffic: https://www.glasswire.com/

Use Chrome (most secure for now) - uBlock Origin, WOT, HTTPS Everywhere extensions.

Windows 10 should be much better security wise, especially if you only stick to store applications, but I think it will include some security features for older programs, too (app signing, I think some virtualization/isolation stuff, etc). In about a year laptops with fingerprint authentication should come out, too. Unfortunately you'll still have to get the Pro version to get Bitlocker (or you can use one of the Truecrypt forks like Veracrypt).

[CircleJerk]

GlassWire, EMET and AppLocker are new to me but they sound promissing!

Why do you prefer Avira? I find hard to compare since the reviews are usually personal experiences without any real data, and since they are usually closed source it's even harder.

[higherpurpose]

Avira is usually among the top for free antiviruses and Microsoft's antivirus is last. For some reason I can't find the links anymore right now but I saw it on a recent AV comparison chart.

[brudgers]

Microsoft Security Essentials is a free download from Microsoft [I suspect it's not bundled to avoid running the risk of antitrust litigation]. Anecdote is not data, but I've been using it for five years and have had no problem, and unlike commercial antivirus, its business model isn't based on selling your browsing history or recurrent credit card charges.

Windows firewall has a bad wrap because XP shipped without it turned on/installed for years. Since Vista and the new security infrastructure it's about what one would expect as part of an OS. It just took Microsoft a while to overcome the problems of Windows' success in less technical installations.

None of which is to say a person can't easily do something stupid. But the same is true for Linux or a BSD based OS.

[pzxc]

Security Essentials is bundled starting with Windows 8, but it's been renamed to "Windows Defender". Same thing though.

[znpy]

I used to use ZoneAlarm free firewall back in the day I was using Windows.

At first it's annoying because it'll ask every single time a process wants to use the network, but after you train it, you'll get warned and explicitly ask whenever a program outside your regular ones wants to access the internet.

But keep in mind that if, for example, you allow Firefox to access the internet, you won't be protected from code run by Firefox doind nasty networking stuff.