We may get a good answer to your post. As Luke is now back at LMG instead of Floatplane, so he may get one of those tech upgrade videos. That is if they bend the rules, because "upper management" is exempt from those video's i think. But Linus has been known to break the rules when he wants. So we can see if his GF does have another boyfriend.
Firstly: https://kiwifarms.net/threads/suggestion-and-update-thread.3183/page-55#post-15393378
Ah, I figured there was something dumb I was missing. I don't think I was getting the hover text, but the site hasn't been loading well for me lately.
Applocker is great for people that only ever use Chrome, Outlook and Word. I block everything else for those users. Whitelisting by hash or signing stuff that they can use is far too much effort.
Windows by default only allows signed executables to run unless you disable SmartScreen or ignore its warnings.
It's pretty simple, encrypt your chrome passwords and cookies so they can't get stolen by anything running on your computer
Getting passwords out of Chrome is trivial. Nirsoft even has a tool for that.
Don't even use the Chrome extension, use the built-in AutoType feature. That removes the attack vector where the browser is somehow connected to the password database, such as with an extension like that. With the AutoType feature the browser never sees anything like KeePass, it just sees you typing out your credentials in the login fields.
I looked up the Nirsoft, it seems that it retrieves them from your hard drive, it has support for decryption. If your data is encrypted on disk then anyone grabbing them off your disk would need to decrypt them, any passwords stored in memory in the browser is protected by process isolation unless the program has the elevation to access the memory of other processes, which is above Administrator privileges for a program I would imagine. That's also why when you view chrome in the Task Manager it has many processes, it protects you from websites accessing data across your tabs or stored inside your browser's core process.
I only have a Win7 VM to try right now. But there I can open Process Memory of all User Processes from a User Process. I can't access other user's processes or elevated processes. I would guess it's the same on newer Windows unless you are using Containers (Docker). Chrome's sandboxing and isolation only isolates the rendering and javascript of websites/tabs from each other. It does nothing to protect the browser from other windows software. (why even would it)
I admit I have no kernel or security experience but my limited understanding was that there is a large degree of isolation between processes to prevent malicious software from accessing sensitive data stored in RAM, but I really couldn't find too much about how it actually works. I found that there's a technology by Microsoft called Core Isolation that seems to achieve this if you have TPM and Windows 11, but I'm not sure of the exact details of that. I couldn't find much about linux besides this answer that basically says yes, there is full isolation between user processes. Chrome's docs about site-per-process says "This mode provides all sites protection against compromised renderers and Spectre-like attacks, without breaking backwards compatibility.", so site-per-process must have some security benefits? This blog seems to be a good read about this exact thing.
A young 2000's nerd doing any supplements voluntarily? Not a chance. Those tums are 100% to compensate for a diet of fast food and energy drinks.
That is newer and Win7 doesn't have it. I think it needs a Hypervisor, so you can't run other VMs like Virtualbox or VMWare when enabled. But I don't know all the details about it. This should bring Windows 11 to the level of Linux process isolation or even better (might also block admins). It would also disable all drivers that are not compatible. Win10 has an earlier version of that inside Defender. On Win10 it protects not the memory of a process but the code. So you can't inject malware or a cheat for example. You can still read the memory from another process though.
It sure has benefits. Firefox uses a very similar system. It prevents code running in Website A from accessing anything about Website B. That was possible in early browsers or it can happen by using a bug (mostly a new unknown one). Site-per-Process also makes those bugs a lot less scary.
I still have my Dad's old Windows Vista Lenovo. Barely could play Spore though it ran Red Alert 2 pretty well. The military got it for him for college, so it was just a cruddy drone. It couldn't even play Lego Universe. I've written them off since as cheap chink shit. That and they preloaded that Norton Defender, which didn't even prevent a actual hack lol.
