Recently a friend of mine has been shopping for a new car. Working from home allows him to bring his kids to school, so a new car is deemed necessary. One afternoon, I tapped along and tried to see how car salesperson do their job (another story next time). We visited a Tesla showroom near Wan Chai in Hong Kong.
As a security practitioner, I dutifully asked questions about the Auto Emergency Brakes (AEB) and Collusion avoidance system in Tesla. There was news about how Tesla system and software are able to detect and prevent collisions.
The AEB is enabled automatically out of factory. Driver can disable it temporarily but it will be automatically enabled next time the engine starts. The salesperson did a good job explaining the details.
At that time, I wondered why Windows system does not have the same features. Why all windows systems are shipped with default low security setting, say for example turning on remote desktop control, out of factory? Why the software firewall has so many open rules?
It gets more worrying, unlike car automatic settings, when you disable some security features, Windows will keep it disabled, unless you reset it. Imagine a kid disables firewall for playing games and forgets to enable it afterwards. The PC is forever open for all types of peeking eyes.
The default setting for Windows PC is far from satisfactory and usually is causing security problems. Large corporates know and every bank is required to enforce more secure settings on every desktop and notebook. The process is called system hardening and it’s a must according to ISO 27001, PCI DSS and all types of security audits.
Sadly, for home users without security engineer supports, they have to look after their own computer protections. Our CyberVital is trying to solve this problem and ease the pain of reading security manuals. The software tool installed on Windows scan security settings and offer explanations. Users are able to enable and disable using CyberVital tools. Take a look and try.