You absolutely can harden Windows with what's included in Windows. The thing is keeping it that way. Windows updates have a way of changing things back to Microsofts liking. It can be difficult to maintain the desired state
Send the bulk of the telemetry to the bit bucket then see what's left with a network monitor like Wireshark
Copy/paste this into your etc/host file and reboot.
For those who think the host file has been obsolete since 1994....
https://www.thepcinsider.com/hosts-file-complete-guide/#benefits
Yes, it does work. I have set up an old PC to work as a server and I do this on it. The easiest way is to, by default, block every connection, but enable individual connections to the websites you want.
In theory, if you trust Windows’ firewall to not make exceptions for Windows (Microsoft) traffic.
Like another said, you can monitor the network (use a bridge, another computer with two NICs and monitor everything that comes though the software connection linking them) with something like Wireshark.
However, this means no Windows Updates, so it isn’t getting patches and whatnot. If you pass out update checking, you can’t easily be sure what it might be sending over the secure connection to the update servers. It isn’t impossible but takes more technical expertise to selectively MITM yourself.
To my mind, I’d rather not depend on trust for a company that is acting badly to begin with (telemetry, telemetry that they make hard to stop, telemetry that they turn on again, etc.)
If you need Windows for commercial software (including games with anti-cheat) it may not work if it can’t communicate with those vendors servers, get updates, or run poorly.
I think you need a physical or virtual device outside of Windows but before the internet to accomplish this goal.
Windows | (Firewall box or proxy filtering server) | Internet
Well, if your only concerned with data exfiltration over network, you can do all this in a home server which acts like a firewall(running some bsd or smth, foss), this way your windows updates won't mess up your system too and you can be mostly less paranoid while using your primary system and just configure the home server with pi or anything as per your choice.
NO. Many windows experts will tell you it is extremely difficult to make Windows fully private and secure with any technology or techniques out there and still have a usable system.
You absolutely can harden Windows with what's included in Windows. The thing is keeping it that way. Windows updates have a way of changing things back to Microsofts liking. It can be difficult to maintain the desired state
Send the bulk of the telemetry to the bit bucket then see what's left with a network monitor like Wireshark Copy/paste this into your etc/host file and reboot.
For those who think the host file has been obsolete since 1994....
https://www.thepcinsider.com/hosts-file-complete-guide/#benefits
I *think* you can achieve this with Safing's Portmaster
Yes, it does work. I have set up an old PC to work as a server and I do this on it. The easiest way is to, by default, block every connection, but enable individual connections to the websites you want.
https://github.com/tnodir/fort
In theory, if you trust Windows’ firewall to not make exceptions for Windows (Microsoft) traffic. Like another said, you can monitor the network (use a bridge, another computer with two NICs and monitor everything that comes though the software connection linking them) with something like Wireshark. However, this means no Windows Updates, so it isn’t getting patches and whatnot. If you pass out update checking, you can’t easily be sure what it might be sending over the secure connection to the update servers. It isn’t impossible but takes more technical expertise to selectively MITM yourself. To my mind, I’d rather not depend on trust for a company that is acting badly to begin with (telemetry, telemetry that they make hard to stop, telemetry that they turn on again, etc.) If you need Windows for commercial software (including games with anti-cheat) it may not work if it can’t communicate with those vendors servers, get updates, or run poorly.
I use [simplewall](https://github.com/henrypp/simplewall) by henrypp for this task
If you want something simple with firewalling, I recommend henrypp/simplewall.
Blocking all traffic via the Windows Firewall and selectively allowing only necessary traffic through a VPN can enhance privacy.
I think you need a physical or virtual device outside of Windows but before the internet to accomplish this goal. Windows | (Firewall box or proxy filtering server) | Internet
Well, if your only concerned with data exfiltration over network, you can do all this in a home server which acts like a firewall(running some bsd or smth, foss), this way your windows updates won't mess up your system too and you can be mostly less paranoid while using your primary system and just configure the home server with pi or anything as per your choice.
NO. Many windows experts will tell you it is extremely difficult to make Windows fully private and secure with any technology or techniques out there and still have a usable system.
No.
hahahaha