Protect Your Privacy On Windows 10 With ShutUp10
Shay Silvertooth
I've seen a few people online talking about Windows 10 privacy settings and other odd choices by Microsoft such as automatically downloading games. These are all the types of settings that should be controlled in a testing environment. When someone mentions these issues I usually reply with a tool called ShutUp10 that I've used for years. It is a pretty simple tool for turning off various telemetry data, among other things.
The first thing I did was run the tool on a Windows 10 machine and turn off all the things I don't care about. Then I'd export the settings as a .cfg file. This file can be used in a command line call like this:
This will import the config on the current machine. One other optional thing I do is take a System Restore snapshot before apply thing. I do this with a Powershell script I found online. And lastly I made this into an InnoSetup installer so all you have to do is run an EXE and all of this gets done for you.
Attached you'll find the InnoSetup config, along with everything else needed that I've mentioned here. In the output folder is an installer that can be run. Just know the settings it will apply are the ones I like and use, and you may want to replace the cfg file with your own settings, then make a new installer. The version of ShutUp10 in this installer is also a little old, but I didn't want to update it not knowing if it worked.
Just out of curiosity, can this control the Windows updates settings? I've had pretty good luck going into the group policy editor and setting it so that Windows updates do not auto-install, but a one-click solution sounds pretty nice.
IT doesn't like this, but during long-term tests (or even something I just want to run overnight), Windows update has often interrupted and I come in in the morning to a freshly updated PC with nothing running.
After making this post I realized I this might be more helpful in a blog series with a bunch of stuff that I do to an environment to make things good. One topic could be on Windows Updates. Personally we have tests running on remote RT controllers and so installing Windows Updates and restarting doesn't affect our tests. But before then we would go about doing this by changing the Task Scheduler.
In the Task Scheduler there is an entry for for the UpdateOrchestrator (under Microsoft >> Windows). Here there are a few entries that force Windows to reboot. I backed up these tasks, then editing them to not reboot, then set them to read-only for all user accounts. This meant Windows would still try to run the reboot task after downloading and installing an update, but it wouldn't do anything. And if Windows does an update that attempts to replace the task it shouldn't be allowed to due to file permissions.
I don't know if this is still the right way to go about this or not. But when we were doing this it would still cause updates to be downloaded and installed, but the computers wouldn't reboot until we manually rebooted them. I don't have an InnoSetup demonstrating this.
Other installer I have can adds My Computer to the desktop, enables RDP, adds the mapped network drives, removes all UWP Apps, restores the old Windows Photo Viewer, configures the lock screen, sets the local admin passwords, configures the secondary user, sets the wall paper with updating text using BGInfo, installs 7-zip, Notepad++, SVN, Chrome, NoSleep, OpenShell with a normal theme, properly removes OneDrive, and sets normal environment settings like showing extension on unknown file types.
So I tried going that route and often times our group policy, or some other factor, would change these settings back and it would go back to sleep. That's why one of the programs I mentioned was NoSleep. A simple AutoIt Script turned into an EXE that just turns on and off scroll lock every 50 seconds or so to keep the computer from sleeping or turning off a monitor. These computers are in a badge protected lab, and only users that should have access have access.
Windows 10 lets you manage some of the available privacy settings in a new easier to use dashboard. Unfortunately, it does not give you full control over your privacy on your very own PC. Without a deep understanding of Windows 10, it is very difficult to protect your privacy.
Jim Harrison has a very broad sales and account management background, having previously been employed by various international companies in both senior sales and customer service roles. He joined O&O Software in March, 2006 in a sales and localization capacity, and having quickly recognized the potential for O&O Software worldwide, he was appointed Director of Sales International in 2008. Jim and his team focus on developing long-term, strategic partnerships in order to bring the O&O brand and product range to more and more international markets. Developing primarily the European, North American and Asian markets, his aim is quite clear: to have an O&O product installed on every computer, worldwide!
I find Glasswire very difficult to understand and use. When I go to settings/privacy etc. on my windows 10 piece of junk there is NO OPTION to stop sending activity to Microsoft as all the articles say there is. There are only options to clear history ie. my email.
For now though, can someone say exactly and simply, like talking to a moronic 3 year old , the precise way to get Glasswire to disallow any outgoing stuff to of any type to that giant evil corporation?
Time to move on to another application, even though their pages states you can control all traffic, it was a lie. I will be seeking refunds due to poor/false ads and no longer recommending it to anyone. You should as well.
Click on your Firewall icon at the top of your screen, then look over to the left and it will say Click to Block, click on it and it will bring down a menu with choices, click on the one that says Block All! Hope that helps!
I understand that whining is not so much about spying as far as Microsoft is concerned. Yes you have direct links to MS but most of them are necessary to provide good service and do not understand that there are people who try to stop the updates. Why want to be safe, stop updates is only unsafe.
This is all just touching the ice berg. With Microsoft being an NSA partner, I am willing to bet everything I have that they do not disclose known zero-day exploits and allow the NSA to use them for implanting networks and people of interest.
I guess for this article I will be again hanged, burned at the stake and executed by firing squad at the same time, but fortunately comments are disabled, so all ugly words and curses will not affect me directly. Also, please, do not think this is a step-by-step guide to make your system secure. It is just a general overview of what to do, and where to start, to make Windows 11 more secure. Windows and privacy sounds like an oxymoron. Unfortunately, with each new release of this system it is getting more and more chatty, and not just with Microsoft anymore, but with servers from different companies.
No matter if you are a Linux or Windows user, you are a user of any asset, with the system, and connection to the Internet. You store on that system data which is important for you. Make it secure, like you secure your house, car and life.
There is no golden rule and one guide for everyone to make Windows (or any) system secure. This is why, each user should perform the own security plan. Based on that, make hardening of the system. Different people have different needs, do different things, and store different data.
The lazy solution is to install (and trust it) one of the apps dedicated to helping users secure the system. On Windows machines where I do not store too much sensitive data, or I do not hack the world, I use O&O, but there are a few of them (all apps work with Windows 10 and 11):
Which one is the best? I have no idea. Does all cover the same options? No. Is using all of them at once is ok? No. The cool thing is that most of them have an option to save configuration, and for example, after each Windows update you can reload configuration from the file to make sure that when something was changed during the update, it is again configured in your way.
Yes, you have read it correctly, it is not the rule, but confirmed information, that each bigger Windows Update can change your system settings, or add software or functionality you never wanted to. So you can spend a week tweaking your system, and then someday in the future some of the changes will be overwritten by a system update. Sadly, there is no question like in the Linux during the update: Do you want to replace or to keep your configurations files?
Also, as you can see, most of the scripts are dedicated for some special system builds, as with every build you can get new stuff, and script may not work with the older or newer one. As some of them might not be very well documented, you need to go line by line and verify what it is doing.
Open it and find that you need to read 1257 pages to audit your system and make it secure :) Why does the responsibility for privacy and security lie with the user and not with the supplier? We are the ones who have to spend hours configuring the product to meet the privacy and security requirements, which can be destroyed by a single system update.
And again, you can spend hours days weeks to set up everything and with the next Windows update everything can be changed, I personally used scripts to remove unwanted components (uninstall from PowerShell examples) and O&O with saved configuration. Then I always after each update recover the saved config, to make sure nothing has changed.
I am using CIS Benchmark for Windows 11 and I am curious if it is possible that changes implemented by me, based on CIS Benchmark can be overwritten by any updates from Windows Updates during the system update?
Yes, it is possible that changes you make to your system based on the CIS (Center for Internet Security) benchmark for Windows 11 can be overwritten by updates from Windows Updates during a system update. When you apply updates to your operating system, they often include patches, bug fixes, security updates, and sometimes even changes to the system settings or configurations.
7fc3f7cf58