Harden Windows PCs with SysHardener - gHacks Tech News

Harden Windows PCs with SysHardener

SysHardener is a free program for Microsoft's Windows operating system that system administrators may run to harden the Windows environment and reduce attack vectors.

Windows ships with a default configuration that concentrates on compatibility rather than security. While newer versions of Windows come with more and more security features and tools, it is fair to say that the default state of the operating system after installation is not as secure as it could be.

This is not a problem that is inherent to Windows but one that the majority of operating systems suffer from.

Many security and privacy conscious users harden Windows after setup. This may involve disabling or uninstalling features and programs, setting tighter rules for online activities or file executions, or disabling other unwanted features such as Telemetry collecting.

SysHardener

windows syshardener

SysHarder is a tweaking software that focuses on security almost exclusively. Run it to make dozens of changes to Windows in a matter of minutes.

While you can make all the changes by yourself, you'd spend more time doing so especially if you don't harden systems all day long as part of your job.

The program is provided as a portable version that you don't need to install. You can run it right after you have downloaded it. NoVirusThanks, the developers of the application, state that it is compatible with 32-bit and 64-bit versions of Windows Vista and newer versions of Windows.

It displays a scrolling list of options when you start it. Options are grouped and each is represented by a checkbox that indicates its status.

Some have exclamation mark icons next to them which act as warnings. Hover over the icons to read the warning so that you can better decide whether to enable a feature or leave it at its default state.

The following groups are provided:

  • User Account Control -- Three tweaks to handle UAC, e.g. allow only signed or validated executable files to be executed with elevated rights.
  • Windows Security Tweaks -- Long list of security related features like "turn off the Windows Script Host",  "show hidden and system files", or "Turn on DEP for all programs".
  • File Type Associations -- Options to remove file associations for files that are not used often. This includes files that you may use, such as Registry .reg files, Visual Basic vbs files and others.
  • Disable Unused Windows Services -- Turn off services that you may not require. The list includes the User Experience and Telemetry, Remote Desktop, Bluetooth Support or Print Spooler services.
  • Vulnerable Software Tweaks -- The tweaks modify features of software programs such as Adobe Reader, Foxit Reader or Microsoft Office. Use them to disable JavaScript, Macros and other features that may be used in attacks.
  • Windows Firewall -- Outbound and inbound rules. Outbound rules to block certain programs from connecting to the Internet.

You need to go through the listing one by one to make judgement calls on any of the available options. Some features may disable functionality that you require and going through the listing carefully is the only option that you have to ensure that you won't disable features you require.

Once you have selected the features that you want to harden click on the "apply selected" button to make the changes.

SysHardener comes with a restore button to restore the default values.

Closing Words

SysHardener is a tweaking software for Windows that focuses on securing Windows PCs. The program is designed for advanced users as it requires a bit of knowledge to understand many of the available options. NoVirusThanks should consider adding help texts for all options to improve the program's usability.

Now You: Have you hardened your system?

Related articles

Summary
software image
Author Rating
1star1star1star1stargray
3.5 based on 3 votes
Software Name
SysHardener
Operating System
Windows
Software Category
Security
Landing Page
Advertisement

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:


Previous Post: «
Next Post: »

Comments

  1. سعيد said on February 26, 2018 at 9:12 pm
    Reply

    Thank you so much
    Great app

  2. jake said on February 27, 2018 at 9:58 am
    Reply

    No longer a Windows user but these kinds of programs were always among my favorites. Reminds me of XP-Antispy. I still maintain a very shortlist of must-have Windows programs – in case I’m ever forced back into Windows (kicking and screaming) for some reason. SysHardener just made the list.

    1. Uncle Iroh said on February 27, 2018 at 2:06 pm
      Reply

      May you please share that list with me kind sir? Maybe you can upload a text file to pastebin or something? Here is my current must have (doesn’t include registry hacks):

      http://www.evernote.com/l/AM_K8avJLQVCfIMtT9kRM55ypOSL4UuNllo/

    2. Straspey said on February 27, 2018 at 3:02 pm
      Reply

      XP-Antispy was one of my all-tame favorite programs.

      Simple, effective and very user-friendly. I wonder if it’s still available and will it run on Windows 7, because I’d use it in a flash (no pun intended).

      The XP-Antispy website is still up and apparently the last version is from 2015.

      The home page is in German, but other pages on the site are available in English, as well as versions of the program.

      http://xp-antispy.org/en/

  3. Stefan said on February 27, 2018 at 11:25 am
    Reply

    UAC is the worst piece of BS i ever stumbled in to. The first thing i disable.

  4. Tom Hawack said on February 27, 2018 at 2:36 pm
    Reply

    I’m not convinced that this Syshardener suits my requirement about system settings applications.

    First, I appreciate settings illustrated with their corresponding Registry entries (and files if applicable).

    Secondly, Syshardener doesn’t explain clearly how their app runs exactly. There is a txt help file but it doesn’t explain,

    – What checked/unchecked corresponds to : is it the actual values or the proposed ones? One would intuitively believe that it corresponds to actual values, but then why is the ‘Turn on User Account Control (UAC)’ checked here when I’ve totally disabled UAC? Does the application refer to another Registry key? Unclear.

    – Exclamation pointed entries, some on a red background, others on a red one. What does this mean, what difference? Unclear.

    I won’t use Syshardener in these conditions. I remember of a comparable application back in the old days of XP: ‘xqdc XSPStart’ was it, great tool where all settings would show exactly what was concerned, a popup with corresponding registry key(s). That was the right way to proceed, opposed to these other applications which just propose to check/uncheck! Not for me.

  5. dark said on February 27, 2018 at 4:03 pm
    Reply

    Use standard account on top of it and you have mostly secure Windows, minus the telemetry you can’t completely opt-out of.

    https://www.ghacks.net/2017/02/23/non-admin-accounts-mitigate-94-of-critical-windows-vulnerabilities/

    Be sure to enable Administrator account first from compmgmt.msc and set password for it before you set your user account to standard.

  6. dark said on February 27, 2018 at 4:19 pm
    Reply

    Also check OSArmor.

    1. jasray said on February 27, 2018 at 5:27 pm
      Reply

      Yes, I’m somewhat puzzled why there’s no mention of OSArmor, a program by the same NoVirusThanks. Chris Wiles on BetaNews provides a much more enlightened review of SysHardner that prompted me to download the portable version to better understand the program.

      A quick install of OS Armour shows great promise in actually increasing security.

      @Stefan–Doesn’t sound like you use Linux too often; UAC tends to replicate a standard install of a Linux system; Linux constantly requires a password for a myriad of minor functions.

  7. Taomyn said on February 27, 2018 at 5:01 pm
    Reply

    VirusTotal reports the portable version with a few alerts which is worrying, hopefully just false alarms

    1. dark said on February 27, 2018 at 5:12 pm
      Reply

      Likely false positive. Only 32-bit portable version reports Trojan/Win32.Pincav.C1768474 from AhnLab-V3, never of this company. 64-bit portable version reports clean on VirusTotal.

      virustotal.com/en/file/b98c005855be3fd4e1cd5ccf99cf27a4e817aea2157907a306a54170a251f648/analysis/1519747685/

    2. dark said on February 27, 2018 at 5:14 pm
      Reply

      32-bit portable.
      virustotal.com/#/file/b0dcb8f517f6eca7d55fa0ee5b1082b63710664f0016f1a164a4bed39346d7a6/detection

  8. KeZa_BE said on February 28, 2018 at 5:26 pm
    Reply

    They have good apps but not al working here on Xp but they have promised me to fix DRP, SOB and ERP 4.0.

    OSArmor, file extension monitor and PE dropper monitor works great for extra security on Xp and they have more but that I see more of running them once in a while…

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.