Windows 11 Slowdown - Inserting USB / Downloading Files

LOL. That is true, but to me it makes a lot more sense to have the firewall and other security measures protecting the network itself rather than trying to have it onboard. And for older devices it's a necessity.

It does make a lot more sense, up until the point that you have guests in your house on the same LAN segment or you are on your mobile device and in a coffee shop connected to their wireless. If no foreign devices are sharing your LAN and your machine never moves, then it is one thing to take the risk. If you have friends, kids, grand kids on the network and you think they won't introduce something nasty. Well, fool you.

If you still have a direct connection via dial-up or USB and you don't have a software firewall... well, fool doesn't begin to cover it.

Since Windows 10 landed, I have left Windows Defender running. I never used to install AV either before that on my own systems and I guess as it comes bundled, I still don't! I turn off things like cloud connectivity, smart screen (spyware to help Microsoft gain telemetry about what you use on your PC) and automatic sample submission though. ALWAYS turn off automatic sample submission!!!!!! It is a privacy disaster.

I would whole-heartedly agree. I would strongly suggest having segregated networks for guests and IOT devices which are also a security nightmare to have on your private network for multiple reasons. If one is serious about security, it's also a good idea to have a virtual network with several VMs running in your DMZ as a honeypot.

Edit: RE: coffee shop/hotel/whatever, device with full firewall etc between the unprotected device and the network is a must.



That is great advice.


Edited by thenzero 2023-01-21 7:09 PM

If I need to email something say to an accountant, lawyer or HMRC. I 'll always send it via traceable means i.e. I have access logs to confirm receipt.

Back in the early 2010's I had to work with an accountant regarding client sensitive financial data and I did my usual thing of sending it with receipt and access tracking. A few days later I checked the access logs. All of the data had been collected by the accountant as expected, but multiple hours later, the data was collected again and then a few hours after that it was collected again. Both times from different IP addresses.

Some research revealed that the IP addresses were in Japan (outside of the European Data Protection community). They were owned by a Japanese anti-virus company Trend Micro.

They had decided to carte blanche help themselves to whatever they wanted off of the accountants firm machine and email. I of course went into orbit. That was confidential, very sensitive mutual client data. I made them turn off automatic sample submission and have advised everyone else to so ever since.
The question is, surely automatic sample submission should occur if there is suspicion of threat. These were zip files of non-macro spreadsheets, but whose content was clearly identifiable as financially sensitive. The local AV client could have made the determination that there was no threat. Instead it found a URL, sent it to its control server and the control servers performed reciprocal access. That is a) inefficient b) unnecessary and c) suspicious.

Automatic sample submission is thus a license for a rogue actor to print money. I am not suggesting at all that our Japanese friends were up to anything, but imagine the gaping security void that this exposes for the opportunity for espionage, breaches of data protection laws, law suits, reputational damage. All under the EULA declared excuse of "just having a look guv'"
A Japanese company trading software in the EU was already in gross violation of the UK Data Protection Act. If the UK regulator had any power or spine, they could have imposed a massive fine on Trend Micro for the same.

Now imagine what other information is being harvested under the highly plausible excuse of "automatic sample collection".

Now imagine if you run a business processing secure data and your anti virus is Kaspersky or Tencent...

I heard one time that in order for anti-virus maker to operate, they must be certified by a certain intelligence agency. That already probably means that there is backdoor to all these anti virus software regardless of which country makes it. They all do basically the same thing. Kaspersky used to be really good, although it is now not sold in most western countries offline.

Related:
https://www.securityweek.com/how-antivirus-software-can-be-perfect-s...

Edited by stingraze 2023-01-22 11:57 AM

@stingraze indeed, but the question is "which" certain intelligence agency and to which master do they (forced or otherwise) pledge fealty.

Operating System browser telemetry are rapidly becoming an equivalent scourge.

Edit: R.O.F.L. I just went to pcworld.co.uk to see if they still sold Kaspersky. A search for kaspersky yielded nothing. So I searched for 'anti virus' to see what came up and they had cloudflare block my IP address. Try it!

Clicky: https://www.currys.co.uk/search?q=anti%20virus

Way to go idiots!

If anyone here is on twitter, will they tweet that link at @currys

Oh my.
Cloudflare is pretty intense.

Cloudflare has web application firewall, so maybe that is why. I tried it myself from Japan, but it didn’t become like you said.

Cloudflare web application firewall:
https://www.cloudflare.com/en-gb/waf/

Edited by stingraze 2023-01-22 12:12 PM

I'm clearly special then (you already knew that though didn't you )

Yes… Since a long time ago.

yaay, recognition

It’s still doing it. I’m honestly at a loss because it’s so irritating. The computer basically slows down and is unusable for about 30 seconds after downloading a file or extracting a zip.

How about scanning the system for possible virus?

Are you certain that you turned off smart screen and reputation checking?

Did you deinstall the defender service rather than just kill the service in the security centre?

If you find a really big file already on the HDD and copy it (like an ISO) does it also hang?