How to lock down Windows 10

New windows 10 installation.
I’ve uninstalled Cortana, Onedrive, etc. Have disabled lots of services including updates. Disabled lots of scheduled tasks. Ran various scripts (like DisableWin10tracking). And use good Norton firewall to block pretty much every program except Svchost and Firefox.

Thought all good now.
Then I installed Wireshark and was amazed on the amount of traffic, just after booting up.
So much still going on, including downloading mysterious images from Akamai addresses which do not work going through a browser! That freaked me out, images of what exactly are they downloading on my computer!

I installed Glasswire and now I can see a list of the sites visited.

Some questions, if anyone knows and can help:

  1. Has anyone successfully secured Windows 10, so it doesn’t communicate to Microsoft/etc? (Actually on Wireshark not just like me switching off 100 settings and thinking all is good).

  2. Do you know of any external hardware firewall that you can recommend? I don’t trust any firewall running on windows, I read that even the hosts file is circumvented/ignored by Microsoft, and that Microsoft goes straight to IP addresses not necessarily using domains.

Kind Regards,
Michael.

Here is an older article on how to lock down Windows 10.
https://blog.glasswire.com/2015/09/15/165/

With the Pro version of Windows 10 there are some settings you can change. Since we wrote this blog post the GDPR came into effect and Microsoft made privacy improvements.

Here is an article I found that is pretty up to date https://docs.microsoft.com/en-us/windows/privacy/gdpr-it-guidance. Scroll down to find recommended settings to disable telemetry.

I hope it helps!

Be careful not to disable Windows Defender so it can’t update.

Hi " Servo_GlassWire"

Thank you, but I have done 10 times more than that already.
And of course I disabled “Defender”, Windows Search, Cortana, ec, etc.
I don’t think you actually read what I wrote, just the subject.

I read your post. The GDPR is very strict on data usage rules so I thought perhaps the article would be useful for you on ways to restrict your data. Sorry if I misunderstood.

I do not recommend disabling Windows Defender unless you are using another separate antivirus.

Agree with Servo. You should never disable any Microsoft services. True IT experts would know this. Also, leave Windows Defender enabled; it was recently one of the top antivirus products. You don’t need to disable it when using another anti-malware solution as that should automatically be handled on installation. Norton is also a software to avoid, as they have a well known history of being a poorly optimized product, just like McAfee.

In the long run you’re simply crippling your Windows install and contributing to problems further down the road. This is also why many “Lite” softwares that modify your Windows installation media are frowned upon. The hosts file is not meant to block websites, the purpose is to redirect when there are problems. This is sadly a common misconception thanks to several websites who falsely advertise custom hosts files as “protection” when all they really do is slow your connection.

If you are so concerned about data being “leaked” to Microsoft - anonymous telemetry is a good thing in actuality and is opt-in - then perhaps you should try Ubuntu or another Linux distro.

2 Likes

I was hoping to find knowledgeable security people on here, not being told “telemetry is a good thing” and to “never disable Microsoft services” hehehe
I have half of them disabled for 10+ years, on many computers. Lots of websites list which services you should or could disable.
I obviously wrote in the wrong place, I should have seen it coming, as Glasswire is advertising itself as a firewall but then there is no firewall, just using Window’s joke firewall.

That is a petty response. You didn’t get the sort of answer you wanted so you make unreliable statements.

The main reason you didn’t get what you want is that you’re asking in the wrong forum but not for the reason you give. Instead, it is because, GlassWire provides an interactive method to block hosts. That is different to using a block list for your hosts file. Despite this, the GlassWire team made an effort to help you anyway.

It didn’t help that you too easily believed unreliable complaints that Windows ignores the host file. All the problems I’ve seen are either wrong configurations or user errors. Here’s one example of users corrupting a hosts file:

Someone summarised the many possible causes in this topic:

1 Like
  1. No

Bottom line is that Windows 10 cannot be completely locked down, short of disabling networking completely. It is built into this OS to connect to Microsoft servers.

I run Windows 10 Pro, and have minimized as much as possible, without breaking Windows. It is still quite chatty.

It is what it is.

I have decided that my only options are to either trust Microsoft, or switch to Linux full time.

2 Likes

I agree with you. Akamai, Google, Apple etc… the list just goes on and on.

1 Like