tr0910 Posted May 30, 2017 Share Posted May 30, 2017 @gridrunner in his latest excellent video for Windows 10 VM creation is recommending SpyBot Anti Beacon install as part of the Windows install process. I am presently running none of these tools, however a search of the internet shows that this is a controversial topic. I had turned off all the normal things that are recommended to stop Windows from phoning home. Who is running a Windows 10 blocking tool to keep it from phoning home to Microsoft?? These guys suggest not installing these types of tools https://www.howtogeek.com/273513/why-you-shouldnt-use-anti-spying-tools-for-windows-10/ Review Anti Beacon https://www.wilderssecurity.com/threads/ditching-anti-beacon-for-shutup10.386150/ http://www.dslreports.com/forum/r30534607-Anti-Beacon-worth-installing Not keeping up with the latest Windows changes https://www.bleepingcomputer.com/forums/t/631658/spybot-anti-beacon-donotspy10-o-o-shutup10/ But this video suggests that I have still been sending a lot of stuff to MS even though I did turn everything off. Is Barnacles trustworthy, or someone with an attitude? Quote Link to comment
cpshoemake Posted June 1, 2017 Share Posted June 1, 2017 If the US government and most major corporations are running Windows without worrying about data leakage, then I'm not going to worry about it either. If you really want to monitor/block unwanted traffic leaving your network, do it from the gateway with a UTM appliance like pfSense, Sophos, etc. That's the only way to be sure. Quote Link to comment
JonathanM Posted June 1, 2017 Share Posted June 1, 2017 5 minutes ago, cpshoemake said: US government and most major corporations are running Windows without worrying about data leakage Which both use heavy duty traffic control, and typically use the enterprise versions which allow more granular control of privacy and update settings. For the home user, I would definitely be worried about data leakage. MS is much more interested in marketing the average home user's profile than they are a workstation in a business / government environment. Quote Link to comment
tr0910 Posted June 1, 2017 Author Share Posted June 1, 2017 I have been using dd-wrt for almost 20 years on various router hardware and have appreciated the extra functionality, the stability and the ease of use. But this sounds like it might be time to consider other options. I'm no network engineer, but willing to create strategic foundations for the home and business that make good sense. I just am not ready to muck around and fix something that isn't broken. Fixing the router only helps when we are at home. When outside Windows would still be phoning home. I assume that the benefits for implementing pfSense or Sophos are above and beyond just the use case described above. Just worried that I may not have the time to properly administer a more complex routing solution.... Quote Link to comment
JonathanM Posted June 1, 2017 Share Posted June 1, 2017 8 hours ago, tr0910 said: I assume that the benefits for implementing pfSense or Sophos are above and beyond just the use case described above. Just worried that I may not have the time to properly administer a more complex routing solution.... pfsense is no more complex to set up initially than dd-wrt, it's just WAY more capable if you need it. The main difference for the average user that I see is the hardware you run it on. dd-wrt is set up for existing router hardware, pfsense is aimed at much more powerful hardware, a real pc instead of an embedded router board. That way you have the CPU necessary for extra services like properly servicing a high speed vpn, real QOS and traffic shaping. The difference between a vpn connected to a consumer router and a pc running pfsense is unreal, at least in my experience. Quote Link to comment
tr0910 Posted June 6, 2017 Author Share Posted June 6, 2017 On 6/1/2017 at 9:36 PM, jonathanm said: pfsense is no more complex to set up initially than dd-wrt, it's just WAY more capable if you need it. The main difference for the average user that I see is the hardware you run it on. dd-wrt is set up for existing router hardware, pfsense is aimed at much more powerful hardware, a real pc instead of an embedded router board. That way you have the CPU necessary for extra services like properly servicing a high speed vpn, real QOS and traffic shaping. The difference between a vpn connected to a consumer router and a pc running pfsense is unreal, at least in my experience. What hardware are you running it on? I would like to run it on my unRaid server, but that is a bit risky.... I have a spare i5 2500k that could be put into service and a 4 port card. That would be a dedicated box.... But I have google fiber and getting rid of the network box that GF calls a router is not so easy. Those who have done it have had to jump through flaming hoops to get GF to work without the GF box. Right now my VPN is running on my unRaid (peter's plugin), so likely the pfsense wouldn't improve much there. unRaid is a 2670 Xeon based system so lots of power to run the VPN. What I am missing is the power to log and analyze the traffic. And the flexibility to bolt the network down tightly. Quote Link to comment
JonathanM Posted June 6, 2017 Share Posted June 6, 2017 6 hours ago, tr0910 said: What hardware are you running it on? At one location I've got a very low power VIA chip with 1GB DDR2, it's barely passable as a PC, but it runs pfsense fairly well. At my office I've got an older Pentium E5200 with 4GB, it's rarely breathing hard. Your i5 won't ever break a sweat in typical use. 6 hours ago, tr0910 said: But I have google fiber and getting rid of the network box that GF calls a router is not so easy. Instead of getting rid of it, can you not designate a device (your pfsense box) to passthrough your public IP and DMZ it? Or do you not have any management control over the box at all? Quote Link to comment
tr0910 Posted June 6, 2017 Author Share Posted June 6, 2017 (edited) 2 hours ago, jonathanm said: At one location I've got a very low power VIA chip with 1GB DDR2, it's barely passable as a PC, but it runs pfsense fairly well. At my office I've got an older Pentium E5200 with 4GB, it's rarely breathing hard. Your i5 won't ever break a sweat in typical use. Instead of getting rid of it, can you not designate a device (your pfsense box) to passthrough your public IP and DMZ it? Or do you not have any management control over the box at all? Now there is actually a Google support page for bypassing the network box (GF router) https://support.google.com/fiber/answer/6032607?hl=en But in the early days.... http://flyovercountry.org/2014/02/google-fiber-gigabit-speeds-your-router-part-1-vlans/ And finally, you have to remember that we want full gbit speeds over whatever solution we go with. Edited June 6, 2017 by tr0910 Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.