Hardentools is a free open source program for the Microsoft Windows operating system that will harden the system by disabling features.
The Windows operating system ships with a broad range of features. Some of these features are enabled for compatibility reasons on all editions of Windows.
While these features have their uses in certain environments, Enterprise for instance, they may not be used by the majority of home users.
The main idea behind Hardentools is to turn off these features to make Windows more secure in the process.
Note: You need to make sure that you don’t require the features that Hardentools disables on Windows, as you won’t be able to use them afterwards anymore. Read on to find out which features get disabled when you run the tool.
Hardentools is a simple program. While it does ship with a graphical user interface, it does not provide users with many options however. In fact, the interface has only one button — harden — that users can click on to initiate the process. A restart is required to finalize the changes made to the operating system.
Note: The program features a restore option. You get it after you have applied the changes to the operating system, restarted the PC, and ran the tool again. This enables you to restore the features that the first run of the tool disabled.
It needs to be noted that the tool is not meant for public distribution yet according to the developers.
The developers plan to add a selection menu to the program in the future. For now, that one button is all you get.
Here is the list of features that Hardentools disables when you press that button:
- Disables Windows Scripting Host.
- Disables AutoRun and AutoPlay.
- Disables powershell.exe, powershell_ise,exe, and cmd.exe execution via Windows Explorer.
- Disables Microsoft Office Macros.
- Disables Microsoft Office OLE object execution.
- Disables Microsoft Office ActiveX.
- Disables the execution of objects embedded in PDF documents.
As you can see, the changes can have wide reaching consequences. Especially the disabling of PowerShell and Cmd need to be mentioned in the context.
This is obviously not a big issue for users who never run PowerShell or Cmd. All users who do however cannot use Hardentools right now because of the missing selection options.
Hardentools main feature currently is that it is dead easy to use. Users who want more control over the process can make individual changes manually instead.
While this requires a bit of research, it is usually not that hard, and it gives you more flexibility when it comes to hardening the operating system.
The biggest issue right now for home users is to determine whether a feature is needed or not. While you can simply go ahead and apply the changes, and see where that takes you after the restart, it is usually better to know beforehand.
Hardentools is an interesting project that may already be useful in certain situations and environments. Most users may want to hold off for now though because of the program’s all or nothing approach to things right now.
This will change over time according to the developers, and that will certainly increase the application’s reach significantly.
Now You: Have you hardened your operating system?