Skip to main content

Harden Windows PCs with SysHardener

SysHardener is a free program for Microsoft's Windows operating system that system administrators may run to harden the Windows environment and reduce attack vectors.

Windows ships with a default configuration that concentrates on compatibility rather than security. While newer versions of Windows come with more and more security features and tools, it is fair to say that the default state of the operating system after installation is not as secure as it could be.

This is not a problem that is inherent to Windows but one that the majority of operating systems suffer from.

Many security and privacy conscious users harden Windows after setup. This may involve disabling or uninstalling features and programs, setting tighter rules for online activities or file executions, or disabling other unwanted features such as Telemetry collecting.

SysHardener

windows syshardener

SysHarder is a tweaking software that focuses on security almost exclusively. Run it to make dozens of changes to Windows in a matter of minutes.

While you can make all the changes by yourself, you'd spend more time doing so especially if you don't harden systems all day long as part of your job.

The program is provided as a portable version that you don't need to install. You can run it right after you have downloaded it. NoVirusThanks, the developers of the application, state that it is compatible with 32-bit and 64-bit versions of Windows Vista and newer versions of Windows.

It displays a scrolling list of options when you start it. Options are grouped and each is represented by a checkbox that indicates its status.

Some have exclamation mark icons next to them which act as warnings. Hover over the icons to read the warning so that you can better decide whether to enable a feature or leave it at its default state.

The following groups are provided:

  • User Account Control -- Three tweaks to handle UAC, e.g. allow only signed or validated executable files to be executed with elevated rights.
  • Windows Security Tweaks -- Long list of security related features like "turn off the Windows Script Host",  "show hidden and system files", or "Turn on DEP for all programs".
  • File Type Associations -- Options to remove file associations for files that are not used often. This includes files that you may use, such as Registry .reg files, Visual Basic vbs files and others.
  • Disable Unused Windows Services -- Turn off services that you may not require. The list includes the User Experience and Telemetry, Remote Desktop, Bluetooth Support or Print Spooler services.
  • Vulnerable Software Tweaks -- The tweaks modify features of software programs such as Adobe Reader, Foxit Reader or Microsoft Office. Use them to disable JavaScript, Macros and other features that may be used in attacks.
  • Windows Firewall -- Outbound and inbound rules. Outbound rules to block certain programs from connecting to the Internet.

You need to go through the listing one by one to make judgement calls on any of the available options. Some features may disable functionality that you require and going through the listing carefully is the only option that you have to ensure that you won't disable features you require.

Once you have selected the features that you want to harden click on the "apply selected" button to make the changes.

SysHardener comes with a restore button to restore the default values.

Closing Words

SysHardener is a tweaking software for Windows that focuses on securing Windows PCs. The program is designed for advanced users as it requires a bit of knowledge to understand many of the available options. NoVirusThanks should consider adding help texts for all options to improve the program's usability.

Now You: Have you hardened your system?

 

This article was first seen on ComTek's "TekBits" Technology News

HOME