ChrisTitusTech / website

My HUGO Website that I use for Videos, Blogs, and Redirects
89 stars 45 forks source link

not-safe-windows/ #162

Open utterances-bot opened 1 year ago

utterances-bot commented 1 year ago

You are NOT safe in Windows

Having Fun with Technology

https://christitus.com/not-safe-windows/

simeononsecurity commented 1 year ago

I have some disagreements with the statements presented here. It's worth noting that the potential vulnerabilities mentioned would generally require users to elevate software with administrative permissions to pose any significant threat. While these concerns may be valid under very specific circumstances, it's important to acknowledge that the likelihood of encountering all these "vulnerabilities" is quite low. Out-of-the-box configurations are largely comparable to Linux, and Windows often offers more granular configuration options than Linux. Furthermore, Linux has its own equivalents to many of these issues.

PowerShell

PowerShell is indeed a powerful tool, but one could argue that Python, readily available on most Linux distributions, offers even greater versatility. Additionally, some Linux distributions still include Python 2.X, which has numerous CVEs. PowerShell can be disabled if needed, although outright disabling it may not be recommended. Instead, consider blocking non-administrative access to PowerShell using AppLocker. Achieving a similar level of control on Linux without disrupting dependencies can be challenging on many major Linux distributions.

Task Scheduler

Task Scheduler, often compared to Linux's cron jobs, is not inherently problematic. Disabling unwanted tasks is usually straightforward, and issues arise more from the software choices made than from Windows itself. While some Windows software may come with bloatware, users typically have the freedom to choose. Task Scheduler is easier to use and secure than cron jobs in many cases.

Visual Basic

I mostly agree with the concerns about VBS scripts having extensive system access. However, VBS is becoming legacy and is rarely used today. It can be easily disabled or managed through a simple registry change or group policy. While it may not be perfectly configured out of the box, this is often a non-issue, as anything significant still requires administrative privileges.

Registry

It's important to understand the role of the Windows Registry, especially when coming from a Linux background. The Registry functions as a database for configuration options. While it can be exploited, doing so typically requires administrative privileges. Any competent Windows administrator can secure the Registry by enabling User Account Control (UAC) and avoiding administrative account usage. Comparatively, the Registry is not vastly different from scattered configuration files in Linux. However, Windows allows for more granular permissions, even at the line-item level, whereas Linux controls permissions at the file and folder level.

When claiming that Windows is "insecure" compared to Linux, it's crucial to make valid comparisons rather than absolute claims. It's easy to overlook how software on Windows can manipulate the Registry, but this still necessitates admin privileges. Therefore, any Registry issues are often the result of user actions, not Windows itself. Windows' more extensive control over permissions in the Registry gives it an advantage over Linux in this aspect.