search

crazy-max / WindowsSpyBlocker

Block spying and tracking on Windows
https://crazymax.dev/WindowsSpyBlocker/
MIT License
4.59k stars 355 forks source link

A preventive question for a healthy Windows 10 LTSC 2019. #156

Closed leeuwtjex closed 5 years ago

leeuwtjex commented 5 years ago

Max,

I am very interested in trying this out. I have very much respect for this project which seems in development already for many years. However, due to its popularity, I see on different forums people claiming to have problems with windows components after using the script. In some cases people do not even realise it was the script they ran a long time ago.

So, before using it, I would ask you, what is the safest way to use this? Yes, I understand I always am responsible when I decide to use it, and I am free to read and modify the script in anyway I like. But reasonably, there is no point to attempt and analyse all scripts you and the github network members have developed in the evolution of the the last years to understand what it exactly does. How could I ever bypass a group of sharp minds in knowledge after all effort and skills they have put into it?

Your goal was high, you are supporting all recent micro$oft user desktop oss'es... So, I like to trust you for it and be happy afterwards.

My main needs:

I like to use windows 10 enterprise LTSC with your script to have my privacy back. How would I use your script and have no malfunctioning windows elements afterwards? For example, I like to have real, not spying security updates still have a change to get installed.... Blocking skype ok, what video telephone tool can I use to get out of my digital spyblocker sandbox afterwards?

Main question: How to achieve a balance between purist perfection and the weaknesses of people daily life needs using Windowsspyblocker 4.22.3? Please a step by step procedure for stupid people like me....

Kind regards,

Dirk.

crazy-max commented 5 years ago

Hi @leeuwtjex,

How would I use your script and have no malfunctioning windows elements afterwards?

I have talked about this here. As I was saying, WindowsSpyBlocker is not planned to interact deeply with the Windows system by deleting KBs or modifying the registry. I found the workload compared to its added value too high while the implementation of network rules will hardly change the user's system. This largely avoids regression and user frustration.

For example, I like to have real, not spying security updates still have a change to get installed....

Like I said I do not touch KBs. The only purpose of WindowsSpyBlocker is to provide network rules (firewall/hosts) to block spy traffic. That's why there are continuous updates (approx each month) when new Windows updates are released.

Blocking skype ok, what video telephone tool can I use to get out of my digital spyblocker sandbox afterwards?

Skype, Bing, Live, Outlook, NCSI, etc. are not blocked by spy rules, only extra. See README for more info about categories of rules.

How to achieve a balance between purist perfection and the weaknesses of people daily life needs using Windowsspyblocker 4.22.3?

I suggest most of the time to use the WindowsSpyBlocker spy rules at router level. A tool like Pi-hole to block DNS queries (hosts) will do very well. Just add a new block list in Pi-hole poiting to data/hosts/spy.txt. If you have a router with a firewall (OpenWRT, pfSense, OPNsense) you can also add the IP addresses available in data/firewall/spy.txt. At that time your entire local network will be protected by WindowsSpyBlocker rules.

If you do not master this kind of procedure then this is where the WindowsSpyBlocker executable comes in. You can add Windows Firewall rules (spy) or you can also install simplewall which is a third-party project embedding WindowsSpyBlocker rules. You can also block NCSI.

Other information are available on the Wiki.

dnmTX commented 5 years ago

I suggest most of the time to use the WindowsSpyBlocker spy rules at router level.

Right on my friend 👍 👍 👍

If you have a router with a firewall (OpenWRT, pfSense, OPNsense)....

No love for DD-WRT ???? 😉

leeuwtjex commented 5 years ago

Thanks guys, but Seen the kind answers I have received, I am forced to start asking detailed questions...

  1. I didn't understand pihole. Why use a tool for dns if you can add an opensource dns server ip directly in your router? What does pihole improve exactly? Probably I don't understand yet.

  2. Router firewall: Interesting, unfortunately, I have no opensource based firmware router here. So, that's an option for later. I still would need a manual in chronological steps, to use the firewall scripts (there are many of them in the spyblocker project) and insert them in my new routers' firewall. Is there a powershell or linux console way to do this automatically for the whole list? I noticed there is a firewall.user script in the project that has iptable rules. Is it possible just give a command that reads all iptables -I FORWARD -j DROP rules form this script and import them in the routers' firewall?
    (I assume an opensource router firmware runs linux....) Enter them manually one by one in a router takes too much time. Or is there a simple ip list uploader function in any of those firmwares you've mentioned: (OpenWRT, pfSense, OPNsense, or Dnmtx 's suggestion: DD-WRT)?

3: This router thing works if you spend all day at your attic, but I am frequently working on public networks as well. So I would like protection on my pc using your .exe .for local modification. Your application, Does the executable work stand alone? Or do I need all project folders from github to run it?

  1. Back to the original question, I started this topic with a focus on windows 10 enterprise LTSC. Other forums claim that this version of windows 10 is the only version where it actually works to use the procedure of addding the regedit key to switch telemetry off like is shown here: https://winaero.com/blog/wp-content/uploads/2015/07/Windows-10-AllowTelemetry-registry-key-624x449.png

Is this true? Would a combination of spyblocker firewall rules , LTSC version and the telemetry off regedit key even improve our desired result?

  1. About the host file, there are rumours that microminded$oft is programmed lately to ignore certain ip's and dns forwards, even is the host file is succefully modfied and saved by an admin. It simply passes spy server ip's. Is this true? If so, did you found a solution for that?

  2. If I run the exe, is there a backup function? It doesn't seem so. Could I have a step by step instruction how to remove all modifications at the firewall, host file, etc whatever, after using the executable? (I ask this just to be able to control, I trust your script is the most perfect. :) ) -Maybe this question is silly, but is the application based on firewall settings only?

Please give me the menu options in chonological steps to perform for spying proof my local windows 10 pc. For a beginner is is a sort of confusing. Sorry for bullying you with questions. Thanks!

Dirk

leeuwtjex commented 5 years ago

update:

This is helpful: https://www.raspberrypi.org/blog/pi-hole-raspberry-pi/ But still I don't see the point of using a dedicated device running pi-hole on a users LAN in a private network, if this pi-hole dns advert filtering and blocking service, could be running on the public internet somewhere. Than, you would only need to adjust any routers' manual dns settings to forward to the ip of that pihole public server? It saves messing with rasperry pi devices, virtualbox linux sessions to be booted or messing with a linux router no? Why setting op your own dns server on a private network? There is a principle of open dns servers, why are there no open pihole servers? It is stated the app is "low resource requirements software"

p.s. If you would choose for a local solution llike you suggest, would it be possible to direct pihole reading the newest advert ip's automatically from "https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/spy.txt" So after configuring it on a pi device or whatever, it doesn't need attention and updates?

crazy-max commented 5 years ago

I didn't understand pihole. Why use a tool for dns if you can add an opensource dns server ip directly in your router? What does pihole improve exactly? Probably I don't understand yet.

If your router can handle DNS blocklist you don't need pihole indeed.

I still would need a manual in chronological steps, to use the firewall scripts (there are many of them in the spyblocker project)

You can apply firewall rules on your local computer by following this Wiki page.

and insert them in my new routers' firewall. Is there a powershell or linux console way to do this automatically for the whole list? I noticed there is a firewall.user script in the project that has iptable rules. Is it possible just give a command that reads all iptables -I FORWARD -j DROP rules form this script and import them in the routers' firewall? (I assume an opensource router firmware runs linux....) Enter them manually one by one in a router takes too much time. Or is there a simple ip list uploader function in any of those firmwares you've mentioned: (OpenWRT, pfSense, OPNsense, or Dnmtx 's suggestion: DD-WRT)?

This depends on your router and is not the subject for WindowsSpyBlocker which only provides blocking lists available in data. I therefore advise you to look for support according to your equipment / software used. Again read the Wiki about all different data formats.

So I would like protection on my pc using your .exe .for local modification. Your application, Does the executable work stand alone? Or do I need all project folders from github to run it?

Everything is embedded in WindowsSpyBlocker.exe.

Back to the original question, I started this topic with a focus on windows 10 enterprise LTSC. Other forums claim that this version of windows 10 is the only version where it actually works to use the procedure of addding the regedit key to switch telemetry off like is shown here: https://winaero.com/blog/wp-content/uploads/2015/07/Windows-10-AllowTelemetry-registry-key-624x449.png

I haven't tested this version. I focus on the one delivered to the general public as explained in the README.

Would a combination of spyblocker firewall rules , LTSC version and the telemetry off regedit key even improve our desired result?

Can't say, but I don't think it'll make it any worse.

About the host file, there are rumours that microminded$oft is programmed lately to ignore certain ip's and dns forwards, even is the host file is succefully modfied and saved by an admin. It simply passes spy server ip's. Is this true? If so, did you found a solution for that?

No. That's why I suggest most of the time to use the WindowsSpyBlocker spy rules at router level.

If I run the exe, is there a backup function? It doesn't seem so. Could I have a step by step instruction how to remove all modifications at the firewall, host file, etc whatever, after using the executable? (I ask this just to be able to control, I trust your script is the most perfect. :) ) -Maybe this question is silly, but is the application based on firewall settings only?

WindowsSpyBlocker executable only affects Windows firewall. To remove firewall rules, again, read the Wiki.