Disable insecure protocols
Overview
This category contains privacy scripts for Windows.
These changes use Windows system commands to update your settings.
This category focuses on enhancing user privacy by disabling legacy and insecure communication protocols. It targets protocols that expose users to security vulnerabilities due to their outdated nature.
Retaining obsolete protocols creates a false sense of security because they may seem secure but are vulnerable to exploitation 1.
Authorities like NIST 1 (FIPS 2), NSA (National Security Agency) 1, Office of the Chief Information Security Officer 2, Microsoft 3, Mozilla 4, PCI Security Standards Council 5, the Center for Internet Security 6, and IETF 9 recommend disabling insecure and obsolete protocols.
Most modern operating systems 3 and browsers 4 disable these protocols by default. However, certain protocols remain active on some Windows systems 3 7, posing security risks. It is crucial to disable these protocols to mitigate risks from well-known attacks such as POODLE 5 and BEAST 5.
This category excludes the following protocols:
- DTLS 1.1: DTLS 1.1 does not exist 8 9; its numbering was skipped to align with TLS versioning 8.
- TLS 1.2, and DTLS 1.2 (based on TLS 1.2 8): TLS 1.2 and DTLS 1.2 are enabled by default on Windows 7 and are approved by authorities like NIST 2, and German Federal Office for Information Security 10. Disabling them could affect application functionality, and earlier versions are not widely supported by Windows 7 10.
This may cause compatibility issues with older devices or software.
Be careful running these scripts. This category includes scripts with high impact:
- 🔴 Some not recommended scripts. They should only be used by advanced users. They may break important functionality.
- 🟡 Some recommended scripts only if you understand its implications. Some non-critical or features may no longer function correctly after running this this category.
- 🟢 Some safely recommended scripts. Safe-to use for any user.
Implementation Details
-
Language: batch
-
Scripts Count: 8 scripts
-
Required Privileges: Administrator rights
-
Compatibility: Windows only
-
Reversibility: All changes can be reverted
Apply now
These scripts are written using Batch (batchfile) scripting language.
Choose one of two ways to apply:
- Automatically via privacy.sexy: The easiest and safest option.
- Manually by downloading: Requires downloading a file.
Alternative 1. Apply with Privacy.sexy
privacy.sexy is free and open-source application that lets securely apply this action easily.
It allows selectively choose parts of this action to conduct. You can fully restore this action (revert back to the original behavior) using the application. Additionally, you can apply only the recommended scripts, instead of applying all of the scripts.
privacy.sexy instructions
- Open or download the desktop application
- Search for the category name:
Disable insecure protocols
. - Check the category by clicking on the checkbox of the category.
- Click on Run button at the bottom of the page.
Alternative 2. Download
You can choose to apply only scripts with less impact or also those with higher impact:
Strict
Recommended if you understand its implications. It may cause some non-critical features to no longer function correctly.
All
Not recommended for daily use as it breaks important functionality. It provides military-grade privacy, for special use-cases. Do not run it without having backups and system snapshots.
Consider restarting your computer for all changes to take affect.
This action is completely reversible, you can restore your changes to the initial/default state. The restore/revert methods provided here can help you fix issues.
If something goes wrong, use the Revert script provided above.
Standard
This script includes only Standard recommendation level.
Standard scripts in this category is recommended for all users. They help to improve privacy without affecting stability.
Download only standard scripts by clicking on the button:
Restore these changes if you decide to revert them by downloading the restore script:
Strict
This script includes Standard and Strict recommendation levels.
This script is only recommended if you understand their implications of every single change. Some non-critical or features may no longer function correctly after running this script.
Download Strict scripts:
Restore these changes if you decide to revert them by downloading the restore script:
All
This script includes Standard, Strict recommendation levels along with unrecommended scripts.
This script should only be used by advanced users. Some of these changes are NOT recommended for daily use as it breaks important functionality. Do not run it without having backups and system snapshots.
Download all scripts:
Restore these changes if you decide to revert them by downloading the restore script:
Explore further
This category includes total of 8 scripts but no subcategories.
Explore its 8 scripts:
Disable insecure "SMBv1" protocol
This script improves network security by disabling the outdated SMBv1 protocol. SMBv1, or Server Message Block version 1, is an outdated network protocol developed for file and printer sharing across networks. This protocol is well-known for its vulnerabilities to cyber attacks. Microsoft deprecated SMBv1 in 2014. Since 2007, newer and more secure versions of this protocol have replaced SMBv1 in modern versions of Windows. It is still enabled by default in older Windows versions. Microso...
Disable insecure "NetBios" protocol
This script enhances your network's security by turning off NetBIOS over TCP/IP for all network interfaces. NetBIOS is a protocol primarily used for backward compatibility with older Windows systems. NetBIOS and LLMNR are susceptible to hacking techniques like spoofing and man-in-the-middle attacks, risking your credentials and unauthorized network access. NetBIOS was initially created for communication between applications in small networks. Its lack of authentication makes it easy for attacker...
Disable insecure "SSL 2.0" protocol
This script disables the SSL 2.0 protocol. This protocol is identified as "SSL 2.0" on Windows, and also known as SSL2. Modern Windows systems no longer include SSL 2.0 due to its security flaws. It was previously enabled by default, posing significant security risks from well-known vulnerabilities. Authorities like NIST (FIPS), NSA (National Security Agency), PCI Security Standards Council, IETF, and Federal Office for Information Security (BSI) recommend disabling this insecure and obsolete ...
Disable insecure "SSL 3.0" protocol
This script disables the SSL 3.0. This protocol is identified as "SSL 3.0" on Windows, and also known as SSL3 or SSLv3. Modern Windows systems disable SSL 3.0 by default due to its security flaws. It was previously enabled by default, posing significant security risks from well-known vulnerabilities, including the POODLE and BEAST attacks. Authorities like NIST (FIPS), IETF, Apple, PCI Security Standards Council, Federal Office for Information Security (BSI), Office of the Chief Information ...
Disable insecure "TLS 1.0" protocol
This script disables the TLS 1.0 protocol. This protocol is identified as "TLS 1.0" on Windows. Although deprecated and unsupported in newer Windows versions, it remains enabled by default in older versions. This protocol has well-documented security vulnerabilities, including security attacks such as BEAST and Klima. Major browsers, including Safari, Firefox, Chrome and Edge, now disable this protocol by default. Authorities like NIST (FIPS), IETF, NSA (National Security Agency), Apple, Mozilla...
Disable insecure "TLS 1.1" protocol
This protocol is identified as "TLS 1.1" on Windows. Although deprecated and unsupported in newer Windows versions, it remains enabled by default in older versions. This protocol contains fundamental well-documented security vulnerabilities. Major browsers, including Safari, Firefox, Chrome and Edge, now disable this protocol by default. Authorities like NIST (FIPS), IETF, NSA (National Security Agency), Apple, Mozilla, Microsoft, Google, PCI Security Standards Council, Federal Office for Inform...
Disable insecure "DTLS 1.0" protocol
This script disables the DTLS 1.0 protocol. This protocol is identified as "DTLS 1.0" on Windows. It is enabled by default. DTLS (Datagram Transport Layer Security) provides secure communication over the UDP protocol. Based on the TLS protocol, DTLS offers equivalent security measures. Common uses include online gaming, DNS lookups, and VPN services. It is considered insecure and has been deprecated by Microsoft due to its vulnerabilities. It's based on TLS 1.1, which is also deprecated and in...
Disable insecure "LM & NTLM" protocols
This script improves security by setting the LanMan authentication level to send NTLMv2 responses only, refusing LM and NTLM, which are older and less secure methods. While Kerberos v5 is the default authentication protocol for domain accounts, NTLM is still used for compatibility with older systems and for authenticating logons to standalone computers. The script modifies the "HKLM\\System\\CurrentControlSet\\Control\\Lsa!LmCompatibilityLevel" registry key to enforce this security measure.
Explore Categories
- Disable insecure connections
- Improve network security
- Security improvements
This action belongs to Disable insecure connections category. This category includes scripts designed to enhance users' security and privacy by disabling outdated or vulnerable connections across the system. It safeguards data against interception, unauthorized access, and attacks that exploit outdated technology vulnerabilities, including... Read more on category page ▶
This action belongs to Improve network security category. This category is dedicated to improving network security. It aims to minimize vulnerabilities by offering various settings that improve the integrity and confidentiality of data transmitted over the network. It features a range of measures to protect data transmission from unauthorized access,... Read more on category page ▶
This action belongs to Security improvements category. This category encompasses a range of scripts designed to improve the security of your system by enforcing security best practices. These scripts help protect your system against various types of cyber threats and unauthorized access. Read more on category page ▶
Support
This website relies on your support.
Your donation helps keep the project alive and improves its content ❤️.
Share this page: