Windows is NOT Safe
# Why Windows Isn't Secure: A Deep Dive into its Vulnerabilities and How to Protect Yourself
## Introduction
Before diving into the technical aspects, the speaker takes a moment to acknowledge the importance of Windows in their career. They mention having 11 professional certifications and earning over a million dollars in the past 20 years, attributing much of this success to Windows. However, they also emphasize that Windows has its vulnerabilities and is not as secure as many users might think. The goal of this article is to educate users on these vulnerabilities and provide actionable steps to make their systems more secure.
---
## Why Internet Security Suites Don't Work
The speaker strongly advises against wasting money on internet security suites, calling them "garbage" that doesn’t significantly improve system security. They argue that no amount of money spent on such software will protect your system from the vulnerabilities they are about to discuss. Instead, they focus on methods that work across any system, even so-called "locked-down" systems.
---
## PowerShell: The Ultimate System Control Tool
PowerShell is described as one of the most powerful tools in Windows, capable of making extensive changes to a system. When run with administrative privileges, it allows almost anything to be done to a system. For example, accessing `assistdm.cpl` (an old-school system properties tool) or modifying registry settings becomes easy with PowerShell.
The speaker warns that once someone has administrative access to PowerShell, the game is over—they can control the system completely. To mitigate this risk, they suggest disabling PowerShell and re-enabling it only when necessary. However, they acknowledge that this might not always be practical, especially for users who need PowerShell for legitimate purposes.
---
## Task Scheduler: A Weak Point in Windows Security
Task Scheduler has been around since the XP era and remains a vulnerability to this day. Users can create numerous tasks, including self-elevating ones, which can execute malicious code or unwanted scripts. The speaker recommends reviewing all scheduled tasks to ensure they are legitimate and disabling any unnecessary ones.
For example, they highlight software like Riva Statistics Tuner (for gaming FPS counters) and MSI Afterburner, noting that some of these tasks might not be necessary and could slow down the system or pose security risks. Disabling unwanted tasks can improve performance and reduce vulnerabilities.
---
## Visual Basic Scripts (VBScripts): A Common Attack Vector
VBScripts are native to Windows and have been historically problematic due to their association with viruses and malicious activities. The speaker warns users to be cautious when encountering files ending in `.vbs`, as these scripts can often lead to security breaches.
They demonstrate an example by saving a generic deployment script from GitHub as `test.vbs` and running it, showing how antivirus software might not catch all threats associated with such scripts. They also mention legitimate business use cases for VBScripts but stress the importance of being cautious when dealing with them.
---
## Group Policy Editor: A Double-Edged Sword
The Group Policy Editor is a powerful tool for configuring system settings, but it can also be misused to bypass security measures like PowerShell restrictions. The speaker explains how attackers might use this tool to run malicious scripts on startup or shutdown, even if PowerShell is locked down at the user level.
They recommend being cautious when modifying Group Policy settings and suggest using tools like `all apps configured` under system settings to review changes and revert them if necessary. This section emphasizes the need for careful handling of such administrative tools.
---
## Registry Editor: The Brain of Windows
The Registry, often referred to as the "brain" of Windows, contains critical system information. Accessing it via Regedit can be risky, as even minor mistakes can render a system unbootable or cause other severe issues. The speaker recommends disabling Regedit for most users unless they have a specific need for it.
They also mention using Regedit for tasks like setting up auto-login but caution against this due to the security risks involved. Overall, they stress that while Regedit is a powerful tool, it should be used sparingly and with extreme care.
---
## Hardening Your System: Recommendations
The speaker introduces a free, open-source tool called "Harden Tools" from GitHub, which helps users harden their systems by disabling potentially dangerous features like Windows Script Host (WSH), Office macros, and Adobe Reader vulnerabilities. They also recommend disabling autoplay for external devices to prevent malicious code execution.
They highlight the importance of being cautious when following online advice about system configurations and stress that running unfamiliar commands can have severe consequences. The tool they mention is a GUI-based solution, making it user-friendly for those who are not comfortable with command-line interfaces.
---
## Final Thoughts
The speaker concludes by acknowledging that while Windows has been their bread and butter, it is far from secure. They criticize Windows for being a "hack job" of various components, making it vulnerable to exploitation. This is why many users opt for more secure alternatives like macOS or Linux.
They encourage readers to share their thoughts and look forward to discussing further security topics in upcoming videos.
---
This article provides a detailed breakdown of the vulnerabilities discussed in the video and offers practical advice on how to secure your Windows system. By understanding these risks and taking proactive steps, users can significantly enhance their system's security.
"WEBVTTKind: captionsLanguage: enso before we start i just want to let everyone know that windows has basically made my career a lot of folks think of me as like a linux guy or uh you know maybe even mac os here and there but really windows has been the thing i know the most about i have 11 different professional certifications and i really really know it it is the one thing i've made a career out of so thank you to all the windows users because without you i would not have made well over a million dollars in the past 20 years so let's get on the desktop and go over why windows is not secure how all the attack vectors and things that i would do to affect a windows install and then you can kind of make your system a lot more secure now the big thing here is there's no internet security suite that will help you don't waste your money on these things they will literally just be pouring money down the drain and you're not going to be any more secure these methods i'm about to show work on any system so even the lockdown systems uh to an extent so there's many of these things that cannot be locked down and are readily available on pretty much any system so let's try and harden up your system and also make you aware of all the attack vectors in windows okay so the very first thing you can do and something that you need to make sure you really trust if you're running a script or whatever it might be whenever you open up powershell so windows terminal with admin or you can go into powershell a variety of different ways but as soon as you see admin with powershell it basically means anything can be done to your system things you do in here aren't even accessible to someone that knows like the system inside and out like you go assistdm.cpl and pull up like the old school system properties and start modifying things in here but you give me powershell and powershell any day of the week i can change anything about any windows system so once i have admin access to powershell game over now this can be controlled and there's certain things we can do to disable powershell and re-enable powershell so something i probably recommend folks to do but again we'll address that here in a little bit let's move on to the second way people get taken advantage of or you can easily exploit windows and that's really done through something called task scheduler task scheduler's been around since the pretty much the xp days maybe even before that but if you go into here just type task scheduler and it should pull up this is something where you can't really disable anything in here as far as the use of a task schedule but so many new tasks can be created you can do self-elevating tasks all kinds of things if you go into your task schedule library right here look what's in here because this is places where a lot of applications viruses malicious actors might add things into here and this can slow you down and run certain executables that maybe you don't want to run so i need to probably go through mine it's been a minute like rtss what is that and if we go to actions you can see oh that's riva statistics tuner for like my fps counter when i'm doing gaming msi afterburner same thing and then cnx oh that's an amd process i was like i don't know what that is that's amd but just make sure these things are doing the things you want them to do and if you don't want them to do it like as far as a update task for amd right here probably don't need this so i'm going to just hit disable and then get out now a lot of people recommend deleting these a lot of times applications will repopulate what's here but a little hack here is just to hit disable it can make your system run a little bit faster or if you get in trouble and you disable the task you really need you can just come right back in here and click enable and everything's right with the world again so watch out for task scheduler come through here look at the base one first and just make sure everything in here you can actually identify when you see generic names like modify link update click it okay that's in the amd folder probably something that would be okay but then again if i want to really get the maximum performance for my system i probably would again disable this so moving on from this there's a lot of other ways to take advantage of things probably the biggest thing is like a vps script which is a visual basic script these run natively on windows and i use like some vps grip strips like everything i'm showing today there's an actual use case for using them in a business environment but it just so happens that a lot of home users and other users can get taken advantage of when used improperly so these visual basic scripts more often than not are viruses something that you need to be careful about so anything anytime you see like a dot vbs you should be worried about that so you know just to kind of show this right here i'm going to just highlight all this copy it this is just a generic deployment script from github and i'm going to save this just to show you how this looks so you know hey if you see this file do not run it unless you know exactly what it's doing and we'll just enable it test.vbs and save it to documents just to show you there is an anti-virus working in the background but i can still use all these tools easily to exploit a system but also most of these are used in business to take care of systems so i'll let that scan in the background but you'll notice it doesn't really catch much especially when you're going through here so anytime you look at these types of things let me blow up these views let's go with a large icon this is the icon almost every vbs script has you see this little curvy notepad looking thing that's a visual basic script and there's been so many viruses and different things that have taken this form factor so be very cautious when clicking anything that ends with vbs or has this icon a good chance that you're going to run into problems probably the biggest thing i've done with the vbs script was i transplanted about a thousand users on-prem outlook exchange mailboxes onto an office 365 mailbox and i was able to swap all of their mail so it wasn't downloading a thousand user mail whenever i did the the full conversion so that was a good example of maybe when you might use a really complex vbx script to do something that you really can't do in powershell easily and that was one thing i had to really interact and need a little bit more power than powershell but again vbs scripts can be very dangerous and moving on from that i probably would pull up a group policy editor now some people don't have this like if you're on windows home edition you probably don't have this but this is some place that you can actually come in kind of take a look a lot of them if you just go into all settings if you're looking for something like hey what has actually been changed on this system i usually just go all settings sort by state and then look at what was configured and this is a good way to maybe get a better grasp on your updates and also other things but also this can be abused with certain aspects of scripts on startup shutdown so check this to see if anything's maybe pulling up you got powershell scripts that can run as your computer starting and this is the computer configuration so even if you lock down powershell from a user standpoint you can bypass it with group policy editor on startup using something like this so this is something to watch out for and also on shutdown you can run different scripts powershell scripts all these things to manipulate any windows instance to your needs but something to definitely watch out for and there's so many different policies and things you can set in here to really abuse a system so be careful with group policy editor and if you set too many policies always remember you can come into all settings and sort by state and kind of uncheck it if i ever come behind someone that may not have known what they're doing this is a good way for me to fix uh someone that just got policyhappy and then final something that probably should be pretty much disabled on every system is regedit and this is the registry the brain of windows and register regedit is kind of an interesting uh thing because you can do all kinds of different aspects with this i was actually messing with ntfs in here but again everything i've kind of gone over all this can be done in registry which is kind of wild there's so many different aspects in here that you could set so disabling regedit i would probably recommend for most users because more often than not folks will make mistakes in here and cause their system to either become unresponsive not boot all kinds of bad things can happen from registry editor but it is extremely powerful so be very careful with registry regedit um this is something that i'm in quite often uh sometimes if i'm setting up like an auto login i might automatically put it in here because most the gui functionality of auto login and windows systems have been removed but you can still auto log into your system using windows obviously you probably wouldn't want to do that because it makes it very insecure for anybody that has access to your system so that really kind of brings us to the point of how to protect yourself and something that i'd recommend it's a free tool it's a public open source on github it's been updated for years i've used this probably for four or five years now but before we get into that one thing i would mention about group policy if you are on home and you want group policy this right here will actually enable group policy just using a simple dism command from your elevated power shell so these things have purposes and you can do a lot of cool things with them but just be very careful following some guy on the internet's advice about running a command if you really don't know what it does you probably shouldn't run it so with that said let's click over to here to github and look at harden tools these are things that you might run on your system to make it a little bit more secure now this is just the base fundamentals from microsoft there's many other things that happen in your windows system that can also make it weak to security even if you do have all the the fancy internet security suites and all that garbage uh yeah let's just go and download this so i can actually show you the cli that means command line interface you're gonna want probably just the gui version of this and we're gonna run this executable and it should prompt for elevation say yes and there we go all right i think i got some some other things going on uh i think that let me let me shut off my fps counter real fast so this is the base thing it's just set by default to harden it all you have to do is click harden however i like to see exactly what it's doing so let's click expert settings and kind of see what the defaults are it disables windows script host that's all those vbs files we talked about earlier that's a good thing there's a lot of office exploits so when you use microsoft office there's plenty of different attack vectors that happen there this kind of disables macros activex controls so many malicious things can come through email all through office same goes for adobe reader adobe does a terrible job of securing their product uh it's happened ever since flash and that's the reason why flash disappeared was because of so many uh problems with with it so adobe reader is an excellent a one that should be hardened and this kind of helps harden adobe reader auto run auto play i didn't even mention that but this basically means when you insert a cd-rom or a thumb drive some of them have automatic executables that run when you plug them in disable this because if let's say that thumb drive is infected with a virus it wouldn't run it automatically with that disabled power shell we already talked about you could even disable command prompt i probably would leave this enabled by default they have it left enabled just so you can re-enable some of this stuff without running this tool if you needed user account control that just sets it to always notify you whenever something's asking for administrative privileges because these can make massive system changes to you file associations it always shows like that dot vbs that i talked about earlier and then windows asr rules i have to look into that i'm not actually sure and then pua protection that's extending windows defender it looks like so this would actually harden your system up i'm not going to run this because i do a lot of stuff for for my job that might need these tools active so i know not to do these things that when i do use them i i use them responsibly but i don't want windows users to ever feel safe because you're not that's one thing about windows it's not a secure system it never has been it was never intended to be maybe back in the nt days when it had proper elevation stuff but it's just such a hack job of different things that can happen to your system that's why a lot of people use mac or linux because those alternative operating systems do offer a lot more privacy and secure so with that let me know your thoughts and i'll see you in the next oneso before we start i just want to let everyone know that windows has basically made my career a lot of folks think of me as like a linux guy or uh you know maybe even mac os here and there but really windows has been the thing i know the most about i have 11 different professional certifications and i really really know it it is the one thing i've made a career out of so thank you to all the windows users because without you i would not have made well over a million dollars in the past 20 years so let's get on the desktop and go over why windows is not secure how all the attack vectors and things that i would do to affect a windows install and then you can kind of make your system a lot more secure now the big thing here is there's no internet security suite that will help you don't waste your money on these things they will literally just be pouring money down the drain and you're not going to be any more secure these methods i'm about to show work on any system so even the lockdown systems uh to an extent so there's many of these things that cannot be locked down and are readily available on pretty much any system so let's try and harden up your system and also make you aware of all the attack vectors in windows okay so the very first thing you can do and something that you need to make sure you really trust if you're running a script or whatever it might be whenever you open up powershell so windows terminal with admin or you can go into powershell a variety of different ways but as soon as you see admin with powershell it basically means anything can be done to your system things you do in here aren't even accessible to someone that knows like the system inside and out like you go assistdm.cpl and pull up like the old school system properties and start modifying things in here but you give me powershell and powershell any day of the week i can change anything about any windows system so once i have admin access to powershell game over now this can be controlled and there's certain things we can do to disable powershell and re-enable powershell so something i probably recommend folks to do but again we'll address that here in a little bit let's move on to the second way people get taken advantage of or you can easily exploit windows and that's really done through something called task scheduler task scheduler's been around since the pretty much the xp days maybe even before that but if you go into here just type task scheduler and it should pull up this is something where you can't really disable anything in here as far as the use of a task schedule but so many new tasks can be created you can do self-elevating tasks all kinds of things if you go into your task schedule library right here look what's in here because this is places where a lot of applications viruses malicious actors might add things into here and this can slow you down and run certain executables that maybe you don't want to run so i need to probably go through mine it's been a minute like rtss what is that and if we go to actions you can see oh that's riva statistics tuner for like my fps counter when i'm doing gaming msi afterburner same thing and then cnx oh that's an amd process i was like i don't know what that is that's amd but just make sure these things are doing the things you want them to do and if you don't want them to do it like as far as a update task for amd right here probably don't need this so i'm going to just hit disable and then get out now a lot of people recommend deleting these a lot of times applications will repopulate what's here but a little hack here is just to hit disable it can make your system run a little bit faster or if you get in trouble and you disable the task you really need you can just come right back in here and click enable and everything's right with the world again so watch out for task scheduler come through here look at the base one first and just make sure everything in here you can actually identify when you see generic names like modify link update click it okay that's in the amd folder probably something that would be okay but then again if i want to really get the maximum performance for my system i probably would again disable this so moving on from this there's a lot of other ways to take advantage of things probably the biggest thing is like a vps script which is a visual basic script these run natively on windows and i use like some vps grip strips like everything i'm showing today there's an actual use case for using them in a business environment but it just so happens that a lot of home users and other users can get taken advantage of when used improperly so these visual basic scripts more often than not are viruses something that you need to be careful about so anything anytime you see like a dot vbs you should be worried about that so you know just to kind of show this right here i'm going to just highlight all this copy it this is just a generic deployment script from github and i'm going to save this just to show you how this looks so you know hey if you see this file do not run it unless you know exactly what it's doing and we'll just enable it test.vbs and save it to documents just to show you there is an anti-virus working in the background but i can still use all these tools easily to exploit a system but also most of these are used in business to take care of systems so i'll let that scan in the background but you'll notice it doesn't really catch much especially when you're going through here so anytime you look at these types of things let me blow up these views let's go with a large icon this is the icon almost every vbs script has you see this little curvy notepad looking thing that's a visual basic script and there's been so many viruses and different things that have taken this form factor so be very cautious when clicking anything that ends with vbs or has this icon a good chance that you're going to run into problems probably the biggest thing i've done with the vbs script was i transplanted about a thousand users on-prem outlook exchange mailboxes onto an office 365 mailbox and i was able to swap all of their mail so it wasn't downloading a thousand user mail whenever i did the the full conversion so that was a good example of maybe when you might use a really complex vbx script to do something that you really can't do in powershell easily and that was one thing i had to really interact and need a little bit more power than powershell but again vbs scripts can be very dangerous and moving on from that i probably would pull up a group policy editor now some people don't have this like if you're on windows home edition you probably don't have this but this is some place that you can actually come in kind of take a look a lot of them if you just go into all settings if you're looking for something like hey what has actually been changed on this system i usually just go all settings sort by state and then look at what was configured and this is a good way to maybe get a better grasp on your updates and also other things but also this can be abused with certain aspects of scripts on startup shutdown so check this to see if anything's maybe pulling up you got powershell scripts that can run as your computer starting and this is the computer configuration so even if you lock down powershell from a user standpoint you can bypass it with group policy editor on startup using something like this so this is something to watch out for and also on shutdown you can run different scripts powershell scripts all these things to manipulate any windows instance to your needs but something to definitely watch out for and there's so many different policies and things you can set in here to really abuse a system so be careful with group policy editor and if you set too many policies always remember you can come into all settings and sort by state and kind of uncheck it if i ever come behind someone that may not have known what they're doing this is a good way for me to fix uh someone that just got policyhappy and then final something that probably should be pretty much disabled on every system is regedit and this is the registry the brain of windows and register regedit is kind of an interesting uh thing because you can do all kinds of different aspects with this i was actually messing with ntfs in here but again everything i've kind of gone over all this can be done in registry which is kind of wild there's so many different aspects in here that you could set so disabling regedit i would probably recommend for most users because more often than not folks will make mistakes in here and cause their system to either become unresponsive not boot all kinds of bad things can happen from registry editor but it is extremely powerful so be very careful with registry regedit um this is something that i'm in quite often uh sometimes if i'm setting up like an auto login i might automatically put it in here because most the gui functionality of auto login and windows systems have been removed but you can still auto log into your system using windows obviously you probably wouldn't want to do that because it makes it very insecure for anybody that has access to your system so that really kind of brings us to the point of how to protect yourself and something that i'd recommend it's a free tool it's a public open source on github it's been updated for years i've used this probably for four or five years now but before we get into that one thing i would mention about group policy if you are on home and you want group policy this right here will actually enable group policy just using a simple dism command from your elevated power shell so these things have purposes and you can do a lot of cool things with them but just be very careful following some guy on the internet's advice about running a command if you really don't know what it does you probably shouldn't run it so with that said let's click over to here to github and look at harden tools these are things that you might run on your system to make it a little bit more secure now this is just the base fundamentals from microsoft there's many other things that happen in your windows system that can also make it weak to security even if you do have all the the fancy internet security suites and all that garbage uh yeah let's just go and download this so i can actually show you the cli that means command line interface you're gonna want probably just the gui version of this and we're gonna run this executable and it should prompt for elevation say yes and there we go all right i think i got some some other things going on uh i think that let me let me shut off my fps counter real fast so this is the base thing it's just set by default to harden it all you have to do is click harden however i like to see exactly what it's doing so let's click expert settings and kind of see what the defaults are it disables windows script host that's all those vbs files we talked about earlier that's a good thing there's a lot of office exploits so when you use microsoft office there's plenty of different attack vectors that happen there this kind of disables macros activex controls so many malicious things can come through email all through office same goes for adobe reader adobe does a terrible job of securing their product uh it's happened ever since flash and that's the reason why flash disappeared was because of so many uh problems with with it so adobe reader is an excellent a one that should be hardened and this kind of helps harden adobe reader auto run auto play i didn't even mention that but this basically means when you insert a cd-rom or a thumb drive some of them have automatic executables that run when you plug them in disable this because if let's say that thumb drive is infected with a virus it wouldn't run it automatically with that disabled power shell we already talked about you could even disable command prompt i probably would leave this enabled by default they have it left enabled just so you can re-enable some of this stuff without running this tool if you needed user account control that just sets it to always notify you whenever something's asking for administrative privileges because these can make massive system changes to you file associations it always shows like that dot vbs that i talked about earlier and then windows asr rules i have to look into that i'm not actually sure and then pua protection that's extending windows defender it looks like so this would actually harden your system up i'm not going to run this because i do a lot of stuff for for my job that might need these tools active so i know not to do these things that when i do use them i i use them responsibly but i don't want windows users to ever feel safe because you're not that's one thing about windows it's not a secure system it never has been it was never intended to be maybe back in the nt days when it had proper elevation stuff but it's just such a hack job of different things that can happen to your system that's why a lot of people use mac or linux because those alternative operating systems do offer a lot more privacy and secure so with that let me know your thoughts and i'll see you in the next one\n"