sempitAugust 5, 2016 3:46 PM

I'll be the first one to mention it...

Bad_Eugoogoolizer 12 points 3 days ago
I've heard you stated recently that you think Windows 10, with the bells and whistles, is the most secure OS. Can you expand on the bells and whistles? Are you using it?


[–]BruceSchneierverified 19 points 3 days ago
I need to write an essay about how I harden Windows 10. It's on my to-do list, albeit not very high."

...WTF? Windows 10?!

X-IteAugust 5, 2016 3:50 PM


"But I have long been a strong supporter of Tor, and think we need to continue making the tool more usable and secure."

You mean, like all the requests for a .onion mirror of this site that you keep ignoring?

Shane BekkerAugust 5, 2016 4:24 PM

Is it true that remove the Linux Sudo script makes the linux core system impossible to hack?

Markus OttelaAugust 5, 2016 4:45 PM

@Bruce Schneier

Too bad I missed it. What I really wanted to learn more about is how you manage the hundreds of sources that I saw you list e.g. in Data and Goliath. I'm having trouble keeping track of the massive amount of Snowden documents and related reporting let alone everything else going on in infosec field.

MartinAugust 5, 2016 8:10 PM

The AMA was extremely interesting to me. Thank you, very much, for participating in that forum.

DroneAugust 6, 2016 4:14 AM

Couldn't see it, my ISP in Indonesia (First Media) bans/blocks Reddit (and many other sites). It may be a command from the increasingly conservative government, dunno. VPN's don't work either and they can get you into trouble.

CuriousAugust 6, 2016 5:12 AM

I would have asked:

How would you create your own (ideal) computer operating system?

AlexT August 6, 2016 5:23 AM

Was in announced here? On your twitter stream?

But disappointed to have missed it

DaleAugust 6, 2016 6:04 AM


Windows 10 can be hardened but it's tricky.

A few of the common methods include:

Disabling Cortana
Disabling Telemetry
Using BitlLocker with TPM and PIN (or even TPM + PIN + USB)*
Protecting the UEFI firmware (any changes will kick BitLocker into recovery mode)
Using BitLocker with pre-boot authentication (DMA ports are now locked by default)
Limiting interactive login (too many incorrect attempts will force BitLocker recovery)
Having a strong, separate UAC password
Requiring CTRL + ALT + DEL for login
Disabling update sharing (i.e. receive updates directly from Microsoft)
Using hibernate not sleep
Have a password protected screensaver just in case
Setting the privacy settings to highest
Using a standard/limited user account
Consider EMET mitigations
Keeping it up-to-date (deferred upgrades if necessary; security patches still received)
Using strong anti-virus (perhaps in a default-deny configuration)

*in XTS-AES-256 mode with a 256-bit recovery key (NOT the numeric recovery password which only has 128 bits of entropy!)

There are more but they're the main ones I can think off the top of my head.

O&O ShutUp10 is a great piece of free software, no install required, that allows you to reign back your privacy.

Sometimes Windows is essential for your job so I can't blame Bruce for needing to use Windows 10.

Clive RobinsonAugust 6, 2016 7:42 AM

@ Curious,

How would you create your own (ideal) computer operating system?

That is one of those questions that always brings back to mind a joke from many years past,

A young newlywed couple are driving through the English country side, and have managed to lose themselves. On seeing an old framer leaning on a gate smoking a pipe, the young man pulls the car over, and his pretty wife in a very sweet voice asks the farmer how to get where they are going. The farm nods and thinks for a while, and eaven scratches his cheek with the stem of his pipe a couple of times before finaly saying "If I was you I would not be starting from here".

EvanAugust 6, 2016 8:03 AM


I'd add the application install process, too. There are still some Windows apps/installers that behave badly and require Administrator access, but at this point it's fairly common to be able to install an application just for one user and never need to escalate privileges for anything.

By contrast, most Linux package managers do not work well, if they work at all, without root access, and the alternative is a pretty miserable experience. I'm waiting for the day when someone sneaks an exploit into an install script.

DaleAugust 6, 2016 11:52 AM


I agree.

The benefit of Windows for most users is that the installers are almost always digitally signed nowadays. Putting aside the trust issue of a central certification authority this is a massive step towards usability and security.

Most users don't/can't verify hash signatures or detached GPG signatures - even some new Linux users struggle. The in-built installer signature in Windows is a reliable way for the OS to determine what is genuine and when combined with a good internet security package it makes a malware attack much less likely. Many AV's now check the hash sum in addition to the signature to ensure file integrity.

Using a limited account is a really effective way to mitigate privilege escalation attacks. It's not foolproof but it goes a long way towards reducing the threat.

Even though I dislike Windows I have to agree with Bruce that the OS now integrates some very advanced security features such as Secure Boot, Early Launch Anti-Malware, ASLR etc. that most Linux distros don't come anywhere near to matching.

I use Windows only for work because I need access to Office. Whilst LibreOffice is very good the collaborative features are non-existent, email is atrocious (Thunderbird is nowhere near as good as Outlook) and it suffers from regular crashes with large documents. Then there are the compatibility issues...

Windows BitLocker is also more widely accepted (in industry) as being secure, and therefore 'approved', compared to LUKS. Some industries won't allow non-compliant encryption.

For a hobbyist Linux is great but doing serious work on it is difficult unless you're prepared to expend the time, effort and energy trying to rectify simple problems that have long since been ironed out from Windows.

I use the Current Branch for Business version of Windows which is considered stable because by this stage (having been used by consumers for nearly 4 months on average) it's been tested internally by Microsoft, sent to be tested by Alpha 'fast ring' testers, then used by the Beta 'slow ring' testers and then sent out to consumer Guinea pigs. Only after that do Microsoft certify it as being suitable for business. You still get security updates but the non-essential updates/upgrades are deferred until they're stable.

P MarkAugust 6, 2016 2:11 PM

@Dale, Evan

I guess it boils down to who you want to protect yourself from: script kiddies who could potentially pwn you, or ISPs, e-corporations and TLAs who we know are already definitely trying to pwn all of us through dragnet surveillance. If you don't know your disk partitions from your left butt cheek, sure: go ahead and let Windows 10 take you by the hand. If you care about the second of the scenarios, then Windows 10 is definitely NOT your friend.

JoeJoeAugust 7, 2016 8:15 AM

Tails 2.4 and Tails 2.5 :
My hard drive light is blinking during tails live usb bootup. I don't think this has ever happened before with previous tails versions. It does not blink during tails use, only during bootup, several times. Could this be a sign of compromised tails ??? IMHO there is a need for a more serious tails/tor/guardian project Users Forum to share usage cases and issues and observations such as this. I don't believe the usual Reddit forum(s) are very informative. Thanks for listening.

JaneJaneAugust 7, 2016 1:45 PM

the best way to prevent undesired access to your hard drive is physically disconnect it. Yes, tails developers might be interested in exploring such things, but from the user perspective, physical disconnection is something you definitely want in the center of your palette of common sense tactics.

DanielAugust 7, 2016 4:08 PM

I'm with @P Mark on this question. Windows 10 offers great protection from anyone who isn't Microsoft but I personally wouldn't trust MS with a dollar anymore. One only needs to look at the list put together by @Dale to see that issue in vivid relief. So I understand why business users in particular want Windows 10 but any ordinary user should stay far away from it.

ianfAugust 8, 2016 10:09 AM

Wrote @ Drone

[…] my ISP in Indonesia bans/ blocks Reddit [so couldn't read the AMA]. VPN's don't work either and they can get you into trouble.

Try this very sequence, do not jump ahead:

Set up font size 10p
Text width: 600px
Link destination: full page
Link appearance: underlined

"OK" do not ask, you'll thank me later. You don't need to agree to their cookie, it'll work anyhow.

      Also, in all cases below, sit PATIENTLY and WAIT, it's a huge file, do not expect your usual Instant Browgasm.

Then try

If it works, read this no further. Can not test it myself, because there's a certain gent among us from… Antarctica, who's made it his life's goal to detect where I hail from; can't have that. So, if I tested it, the goo‍.‍gl client (that of late has become finicky about certain URLs), would note my current whereabouts, which HeKnowsHo would then check using his leaky mechanical powers of deduction [cribbed from me, too!]. And ponder: am I pulling his chain by VPN? I'd rather he occupied hisself with that than, I dunno, plot some other plots.

If it doesn't work, perhaps due to too much source redirection, next try this one-less cloak layer URL with the "offending" domain part www-urlencoded [189 characters, 177 prior to obfuscation]:

or, broken up for web transport for manual reassembly at your end:

One of these OUGHT to work. If it doesn't, then the ISP, or whoever, scrapes the output stream to your leaf node for specific strings/ verboten domains). Tell me, I have one more trick up my sleeve.

The originally textised (but not domain-name-obfuscated) URL is also accessible via: (for control: shows what URL it encoded, but the version supplied by me is safer.)

Enjoy. Tell us which one(s) worked. Then complain to the @Moderator for all that SIGNOISE and URL overkill (if Hedwig is still with us, she will assist).

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.