> It will help stop the spread quite a bit however (even if it can access user local data).
User's should be running limited user accounts for daily-driver Windows machines.
Having said that, today's attacks are all about the data. It's all about exfil/ransomware/blackmail because there's money to be had there. On an individual home user PC there's no lateral movement or bigger targets to attack.
> You can also run something like applocker and whitelist all the apps you use.
That's a bit overkill for a personal machine and it won't be licensed for AppLocker anyway.
AppLocker is also a gigantic pain-in-the-ass on corporate machines. My experience with configuring AppLocker for anything other than very task-specific computers is that it's a huge and unending ordeal of whitelisting, trying again, whitelisting more, trying again. Wash, rinse, get complaints from end users, repeat.
> Also instead of separate physical boxes why not just use a VM ?
Pragmatism. I have a bunch of extra low-spec laptops laying around. My machines are, for the most part, cast-off Customer garbage. I haven't actually spent money on reasonable machine since about 2015. >smile<
> Also instead of separate physical boxes why not just use a VM ?
>Pragmatism. I have a bunch of extra low-spec laptops laying around. My machines are, for the most part, cast-off Customer garbage. I haven't actually spent money on reasonable machine since about 2015. >smile<
But you either need to setup a secure tunnel on each one, or lose access anytime you are away from home.
> But you either need to setup a secure tunnel on each one, or lose access anytime you are away from home.
Mostly isn't a problem for me. On the off chance I'd need the banking remotely I'd just take it with me. Mostly I don't do the sensitive stuff remotely and I rarely travel anymore.
Like I said in the parent post, I should be using Qubes. I'm just lazy.
User's should be running limited user accounts for daily-driver Windows machines.
Having said that, today's attacks are all about the data. It's all about exfil/ransomware/blackmail because there's money to be had there. On an individual home user PC there's no lateral movement or bigger targets to attack.
I hate to invoke xkcd, but it's true: https://xkcd.com/1200/
> You can also run something like applocker and whitelist all the apps you use.
That's a bit overkill for a personal machine and it won't be licensed for AppLocker anyway.
AppLocker is also a gigantic pain-in-the-ass on corporate machines. My experience with configuring AppLocker for anything other than very task-specific computers is that it's a huge and unending ordeal of whitelisting, trying again, whitelisting more, trying again. Wash, rinse, get complaints from end users, repeat.
> Also instead of separate physical boxes why not just use a VM ?
Pragmatism. I have a bunch of extra low-spec laptops laying around. My machines are, for the most part, cast-off Customer garbage. I haven't actually spent money on reasonable machine since about 2015. >smile<