> avoid insecure software like 7-Zip (which e.g. lacks Anti-Exploit and MOTW support), Open/ LibreOffice, Firefox, True/Veracrypt, ...<p>This is such bad advice that I can't take the rest of this guide seriously.<p>Edit: The rest is even worse than I was expecting. E.g.:<p>> execute/ open new files with one-day-delay because after one day, the malware is not 0-day anymore<p>> use the only browser on Windows that natively supports hardware isolation: Edge
I don't like this guide at all. Some of its points are questionable, but the thing is, it doesn't know what it wants to be and aimed at whom. Starting from the most obvious red flag, falling for the baseless boycotting of 7zip like some equally questionable sites and threads have been pushing (and their motives, such as <i>sourceforge bad, all Russian developers bad</i> and the proposed alternatives.. let's not get started). [0] [1]<p>This suggests not to use privacy tools (most of which are FOSS and perfectly safe with proper usage), and to rely on official documentation only. I suppose there's some trouble in people for example disabling (extremely invasive) updates and forgetting about it, the average Joe that is. Some others are a compromise on privacy, I'd never accept cloud-based protection. Veracrypt is perfectly safe software, unlike the claims in this page that goes on to just mention how it breaks the boot trust chain, furthermore I'd trust it more than anything BitLocker does unless it's strictly a pre-boot authentication password with no TPM.<p>Windows cannot be made perfectly safe, accept and move on, this self-flagellation seeking the most hardened possible setup with things such as avoiding Firefox is a waste of time. Microsoft itself distributes what some may define malware, autorunning at startup forever on with a rundll process with Windows Update (see: logitech download assistant if you plug in one of their mice).<p>0. <a href="https://news.ycombinator.com/item?id=31876896" rel="nofollow">https://news.ycombinator.com/item?id=31876896</a><p>1. <a href="https://www.theregister.com/2022/06/27/7zip_compression_tool/" rel="nofollow">https://www.theregister.com/2022/06/27/7zip_compression_tool...</a>
As a long time Linux user, I recently got confronted with the Windows group policy editor.<p>You can use it to disable (blacklist) all the Windows crapware (xbox, etc).
Or in the extreme case, whitelist only specific files.<p>I still prefer a text config file over the GUI, but this thing is insanely powerful.
Interesting list. Any idea of the 'why' behind this?<p>> No "Tuning" tools (not even stuff like Ccleaner!)<p>Also what is a better alternative to 7zip<p>> avoid insecure software like 7-Zip (which e.g. lacks Anti-Exploit and MOTW support)
> create another Admin account and transform your current one to limited/ restricted/ standard user account to reduce the attack surface enormously. Don't use Admin account for your tasks!<p>It's crazy how Windows doesn't have a sane way for users to became administrators temporarily. LAPS is a weird hack and Azure PIM doesn't work for local admin.
The best and simplest way to keep Windows 11 safe is to burn the disk it is installed on with gasoline; buying another and installing a Linux distribution such as Debian, OpenSuse and Fedora.