Skip to main content

Disable insecure protocols

Overview

About this category

This category contains privacy scripts for Windows.

These changes use Windows system commands to update your settings.

This category focuses on enhancing user privacy by disabling legacy and insecure communication protocols. It targets protocols that expose users to security vulnerabilities due to their outdated nature.

Retaining obsolete protocols creates a false sense of security because they may seem secure but are vulnerable to exploitation 1.

Authorities like NIST 1 (FIPS 2), NSA (National Security Agency) 1, Office of the Chief Information Security Officer 2, Microsoft 3, Mozilla 4, PCI Security Standards Council 5, the Center for Internet Security 6, and IETF 9 recommend disabling insecure and obsolete protocols.

Most modern operating systems 3 and browsers 4 disable these protocols by default. However, certain protocols remain active on some Windows systems 3 7, posing security risks. It is crucial to disable these protocols to mitigate risks from well-known attacks such as POODLE 5 and BEAST 5.

This category excludes the following protocols:

  • DTLS 1.1: DTLS 1.1 does not exist 8 9; its numbering was skipped to align with TLS versioning 8.
  • TLS 1.2, and DTLS 1.2 (based on TLS 1.2 8): TLS 1.2 and DTLS 1.2 are enabled by default on Windows 7 and are approved by authorities like NIST 2, and German Federal Office for Information Security 10. Disabling them could affect application functionality, and earlier versions are not widely supported by Windows 7 10.
Caution

This may cause compatibility issues with older devices or software.

Caution: Mixed Risk Levels

Be careful running these scripts. This category includes scripts with high impact:

  • 🔴 Some not recommended scripts. They should only be used by advanced users. They may break important functionality.
  • 🟡 Some recommended scripts only if you understand its implications. Some non-critical or features may no longer function correctly after running this this category.
  • 🟢 Some safely recommended scripts. Safe-to use for any user.
Implementation Details
  • Language: batch

  • Scripts Count: 8 scripts

  • Required Privileges: Administrator rights

  • Compatibility: Windows only

  • Reversibility: All changes can be reverted

Apply now

These scripts are written using Batch (batchfile) scripting language.

Choose one of two ways to apply:

  1. Automatically via privacy.sexy: The easiest and safest option.
  2. Manually by downloading: Requires downloading a file.

Alternative 1. Apply with Privacy.sexy

privacy.sexy is free and open-source application that lets securely apply this action easily.

Open privacy.sexy

It allows selectively choose parts of this action to conduct. You can fully restore this action (revert back to the original behavior) using the application. Additionally, you can apply only the recommended scripts, instead of applying all of the scripts.

privacy.sexy instructions
  1. Open or download the desktop application
  2. Search for the category name: Disable insecure protocols.
  3. Check the category by clicking on the checkbox of the category.
  4. Click on Run button at the bottom of the page.

Alternative 2. Download

You can choose to apply only scripts with less impact or also those with higher impact:

Standard

Recommended for all users. It helps to improve privacy without affecting stability.

Scroll

Strict

Recommended if you understand its implications. It may cause some non-critical features to no longer function correctly.

Scroll

All

Not recommended for daily use as it breaks important functionality. It provides military-grade privacy, for special use-cases. Do not run it without having backups and system snapshots.

Scroll

Consider restarting your computer for all changes to take affect.

Reversible

This action is completely reversible, you can restore your changes to the initial/default state. The restore/revert methods provided here can help you fix issues.

If something goes wrong, use the Revert script provided above.

Standard

This script includes only Standard recommendation level.

Safe for General Use

Standard scripts in this category is recommended for all users. They help to improve privacy without affecting stability.

Download only standard scripts by clicking on the button:

Download script

Restore these changes if you decide to revert them by downloading the restore script:

Download restore script

Strict

This script includes Standard and Strict recommendation levels.

Use with Caution

This script is only recommended if you understand their implications of every single change. Some non-critical or features may no longer function correctly after running this script.

Download Strict scripts:

Download script

Restore these changes if you decide to revert them by downloading the restore script:

Download restore script

All

This script includes Standard, Strict recommendation levels along with unrecommended scripts.

Not Advised

This script should only be used by advanced users. Some of these changes are NOT recommended for daily use as it breaks important functionality. Do not run it without having backups and system snapshots.

Download all scripts:

Download script

Restore these changes if you decide to revert them by downloading the restore script:

Download restore script

Explore further

This category includes total of 8 scripts but no subcategories.

Explore its 8 scripts:

Disable insecure "SMBv1" protocol

This script improves network security by disabling the outdated SMBv1 protocol. SMBv1, or Server Message Block version 1, is an outdated network protocol developed for file and printer sharing across networks. This protocol is well-known for its vulnerabilities to cyber attacks. Microsoft deprecated SMBv1 in 2014. Since 2007, newer and more secure versions of this protocol have replaced SMBv1 in modern versions of Windows. It is still enabled by default in older Windows versions. Microso...

Disable insecure "NetBios" protocol

This script enhances your network's security by turning off NetBIOS over TCP/IP for all network interfaces. NetBIOS is a protocol primarily used for backward compatibility with older Windows systems. NetBIOS and LLMNR are susceptible to hacking techniques like spoofing and man-in-the-middle attacks, risking your credentials and unauthorized network access. NetBIOS was initially created for communication between applications in small networks. Its lack of authentication makes it easy for attacker...

Disable insecure "SSL 2.0" protocol

This script disables the SSL 2.0 protocol. This protocol is identified as "SSL 2.0" on Windows, and also known as SSL2. Modern Windows systems no longer include SSL 2.0 due to its security flaws. It was previously enabled by default, posing significant security risks from well-known vulnerabilities. Authorities like NIST (FIPS), NSA (National Security Agency), PCI Security Standards Council, IETF, and Federal Office for Information Security (BSI) recommend disabling this insecure and obsolete ...

Disable insecure "SSL 3.0" protocol

This script disables the SSL 3.0. This protocol is identified as "SSL 3.0" on Windows, and also known as SSL3 or SSLv3. Modern Windows systems disable SSL 3.0 by default due to its security flaws. It was previously enabled by default, posing significant security risks from well-known vulnerabilities, including the POODLE and BEAST attacks. Authorities like NIST (FIPS), IETF, Apple, PCI Security Standards Council, Federal Office for Information Security (BSI), Office of the Chief Information ...

Disable insecure "TLS 1.0" protocol

This script disables the TLS 1.0 protocol. This protocol is identified as "TLS 1.0" on Windows. Although deprecated and unsupported in newer Windows versions, it remains enabled by default in older versions. This protocol has well-documented security vulnerabilities, including security attacks such as BEAST and Klima. Major browsers, including Safari, Firefox, Chrome and Edge, now disable this protocol by default. Authorities like NIST (FIPS), IETF, NSA (National Security Agency), Apple, Mozilla...

Disable insecure "TLS 1.1" protocol

This protocol is identified as "TLS 1.1" on Windows. Although deprecated and unsupported in newer Windows versions, it remains enabled by default in older versions. This protocol contains fundamental well-documented security vulnerabilities. Major browsers, including Safari, Firefox, Chrome and Edge, now disable this protocol by default. Authorities like NIST (FIPS), IETF, NSA (National Security Agency), Apple, Mozilla, Microsoft, Google, PCI Security Standards Council, Federal Office for Inform...

Disable insecure "DTLS 1.0" protocol

This script disables the DTLS 1.0 protocol. This protocol is identified as "DTLS 1.0" on Windows. It is enabled by default. DTLS (Datagram Transport Layer Security) provides secure communication over the UDP protocol. Based on the TLS protocol, DTLS offers equivalent security measures. Common uses include online gaming, DNS lookups, and VPN services. It is considered insecure and has been deprecated by Microsoft due to its vulnerabilities. It's based on TLS 1.1, which is also deprecated and in...

Disable insecure "LM & NTLM" protocols

This script improves security by setting the LanMan authentication level to send NTLMv2 responses only, refusing LM and NTLM, which are older and less secure methods. While Kerberos v5 is the default authentication protocol for domain accounts, NTLM is still used for compatibility with older systems and for authenticating logons to standalone computers. The script modifies the "HKLM\\System\\CurrentControlSet\\Control\\Lsa!LmCompatibilityLevel" registry key to enforce this security measure.

Explore Categories

This action belongs to Disable insecure connections category. This category includes scripts designed to enhance users' security and privacy by disabling outdated or vulnerable connections across the system. It safeguards data against interception, unauthorized access, and attacks that exploit outdated technology vulnerabilities, including... Read more on category page ▶

Support

This website relies on your support.

Support now

Your donation helps keep the project alive and improves its content ❤️.

Share this page: