Hardentools is a collection of simple utilities designed to disable a number of "features" exposed by operating systems (Microsoft Windows, for now), and primary consumer applications. These features, commonly thought for Enterprise customers, are generally useless to regular users and rather pose as dangers as they are very commonly abused by attackers to execute malicious code on a victim's computer. The intent of this tool is to simply reduce the attack surface by disabling the low-hanging fruit. Hardentools is intended for individuals at risk, who might want an extra level of security at the price of some usability. It is not intended for corporate environments.
WARNING: This tool disables a number of features, including of Microsoft Office, Adobe Reader, and Windows, that might cause malfunctions to certain applications. Use this at your own risk.
Bear in mind, after running Hardentools you won't be able, for example, to do complex calculations with Microsoft Office Excel or use the Command-line terminal, but those are pretty much the only considerable "downsides" of having a slightly safer Windows environment. Before deciding to use it, make sure you read this document thoroughly and understand that yes, something might break. In case you experience malfunctions as a result of the modifications implemented by this tool, please do let us know.
What this tool does not
Before getting into it, it is important to be clear about what this tool isn't and doesn't actually do:
- It is not a guarantee of security!
- It does not prevent software vulnerabilities from being exploited.
- It does not prevent the abuse of every existing risky feature, just of some we are aware of.
- It is not an Antivirus. It does not protect your computer. It doesn't identify, block, or remove any malware.
- It does not prevent the changes it implements from being reverted. If malicious code runs on the system and it is able to restore them, the premise of the tool is defeated, isn't it?
How to use it
Firstly, Windows' SmartScreen might block its execution, and you will need to explicitly allow Hardentools to run. Hardentools will then try to determine whether it was launched with Administrator privileges, and if not, ask you to elevate. This is required in order to perform certain changes that only Administrators can.
Then, you will see the main Hardentools window. It's very simple, you just click on the "Harden" button, and the tool will make the changes to your Windows configuration to disable a set of features that are risky. Once completed, you will be asked to restart your computer for all the changes to have full effect.
By checking "Show Expert Settings" you are able to select and deselect which the changes Hardentools is going to perform. You shouldn't do this unless you are sure of what you are doing.
In case you wish to restore the original settings and revert the changes Hardentools made (for example, if you need to use cmd.exe), you can simply re-run the tool and instead of an "Harden" button you will be prompted with a "Restore" button. Similarly, click it and wait for the modifications to be reverted.
If you feel confident in doing so, you can also choose which particular changes you want enabled or disabled. Please refer to our GitHub to learn more about all the different options.Please note: the modifications made by Hardentools are exclusively contextual to the Windows user account used to run the tool from. In case you want Hardentools to change settings for other Windows users as well, you will have to run it from each one of them logged in.