Win8 system against hacking advanced program

Computer store news: In the age when network technology is so developed, there are already many hackers in the network, they specialize in invading other people's computer systems to steal other people's data files or destroy others' system. In Microsoft's new Win8 system, it is inevitable that they will be invaded, so how to operate against the hacker in the Win8 system?

The following small series teaches you how to defend against hacker in Win8 system:

1. Open “Windows local security policy”-“search"""secpol.msc&rdquo After the carriage return.

2, to prevent hackers or malicious programs from brute force system passwords.

After ensuring that the selected line is "already enabled", you can also set the following line "Anonymous enumeration of SAM accounts and shares is not allowed" is also set to “enabled” status.

In addition, the "local policy" ”—“security option""network access: anonymously accessible share", "network access: remotely accessible registry path & rdquo; & nbsp; network access: remote access to the registry path and sub-paths, ", network access: anonymous access to the named pipe", these four items contain all the values ​​removed, can further enhance the security of the system .

3, Windows comes with a firewall

“Windows firewall” sub-functions belonging to the local security policy, as long as skilled configuration of this function, for personal applications and even enterprise needs, easy to use Sex and safety are superior.

There are two ways to enter:

1. Enter the program interface as shown in the address bar below:

Then click on the left side “Advanced Settings” :

After entering this method, you can browse existing rules and create new ones.

2. Enter the program interface directly in the “Local Security Policy”:

There is a blank on the right side, and the existing rules are not listed, but new rules can be created.

For example, Adobe Photoshop CS is prohibited from accessing the network. Right click on the blank space or click on the “New Rule” button in the right column and select the first item in the “New Outbound Rule Wizard”. "Program" (the rules for controlling program connection), the next step is to select the path where photoshop is located, as shown below:

Next select "Block the connection", then ask "When to apply this" Rules & rdquo;, can be selected according to actual needs, the default is selected "domain, private, public". As shown below:

After the name (arbitrary), the rules are created, and Photoshop.exe will never be able to access the network again. In addition, you can create more advanced rules in the "Connection Security Rules", as shown below:

3, prohibit the program from running through the security policy

can prevent a program from being renamed, Change the path, change the suffix, and then run the shell. This function is called “AppLocker”, which is more strict and powerful than prohibiting a program from running in Group Policy. The program interface is as shown below:

Right-click on the left side of the "executable rules" & mdash; & ldquo; create a new rule & rdquo;, in the wizard interface that appears, not only can limit the user group (such as Guest account) , can also enumerate a variety of qualifications, as shown below:

If you select "publisher", then the disabled program, and all its upgraded versions, revisions will not work ( This condition can be further detailed), such as QQ, Thunder, Cool Dog, etc., their official and customized versions can not run. This feature can also be applied to quarantine virus operations. If there are viruses or Trojans that cannot be cleaned up in the system, no matter whether the infected person is a program, a script, a dynamic link library, or a batch process, it can no longer be done. From this point of view, the current mainstream anti-virus software, in the virus isolation function is generally not detailed. The remaining two are completely easy to understand by literal meaning, especially the third item “File Hash”, which is quite practical.

This function can also be used in conjunction with the "Software Restriction Policy", as shown below: (If the content shown on the right does not appear, right-click on the left sidebar to create a software restriction policy)

In addition, access to the entire or partial registry or even the file system can be restricted by the "global object access audit", as shown in the following figure:

4, can not access the local security policy solution

This problem will generally be displayed as "create a snap-in failure" or CLSID: {8FC0B734-A0E1-11D1-A7D3-0000F87571E3} The reason for this is more common when some software replaces or deletes part of the data during installation or uninstallation. The solution is to ensure that your environment variable path contains: "%systemroot%\\system32;%systemroot%;%systemroot%system32 \\wbem”, if you don't have it, add it yourself.

Then locate HKEY_CURRENT_USER—Software—Policies—Microsoft—MMC in the registry, assign a value of 0 to RestrictToPermittedSnapins, as shown below:

5. Ensure that the IPsec Policy Agent service is enabled.

After following the above small series of methods, basically those hackers can not invade from some system vulnerabilities!