Who Needs the Optional Features in Microsoft Windows

Minimizing the applications and services on your computer can help to reduce the hacker attack service. If an app or service does not exist and can not be started, then it can not be exploited. The consumer desktop version of Microsoft Windows is good at keeping backward compatibility. This unfortunately leads to increasing hacker attack service and bloated installations.

Microsoft Windows 10 can remove some of the unneeded software. In this example, we will remove the .Net Framework.

The command prompt command "systeminfo" shows the following:

OS Name:                   Microsoft Windows 10 Home
OS Version:                10.0.19045 N/A Build 19045

Before starting, please create a restoration point in case you want to undo the changes. Press Start button, type "restore", choose Create A Restore Point.

On the desktop, press the Start button then press the Settings icon (the gear).

In the Windows Settings, choose Apps and click Optional Features. This may request the administrator prompt, which is required to continue.

Click on Optional Features.

Scroll down and click More Windows Features. 

This will display the Windows Features box. 

Deselect .NET Framework. 

Press OK and apply the changes.

Reboot to finish the changes.

Hide Icons On Microsoft Windows Desktop

Anyone updating applications may notice that links to start the app often appear on the desktop. While these can often be easily deleted, if they are instead hidden then the next time the app is updated the link is likely to remain and stay hidden.

Microsoft has been pushing icons and shortcuts to the desktop. A recent Windows 10 patch rollup put a Microsoft Edge icon on the desktop, and it requires administrator privilege to remove it. 

Regular users can hide the icon with a quick command window. Bring up the command prompt by pressing Start button, type cmd, and press the Command Prompt app.

In the command prompt window, go to the desktop folder by typing:
cd desktop

Look for the file with the directory command and a flag:
dir /A

If the file does not exist, it may be in the Windows public profile. On the desktop, right-click on the icon, choose Properties, press the Details tab, and look where the actual link is located. If it is in the public profile you will need an administrator to help you.

If the file exists in your profile, you may set the hidden attribute on the filename for the icon to make it disappear:
attrib +h Microsoft*.lnk

The desktop should now be less cluttered with the icon hidden.

If the lnk file is in the Windows public profile and you can become adminstrator, then start the command prompt as administrator. Go to the directory and set the hidden flag:
C:\Users\Public\Desktop> attrib +h Microsoft*.lnk

DNS For Malware Blocking

The Domain Name System protocol maps a human-readable hostname to an IP number. The DNS protocol can be leveraged to filter these lookups. While an application can use a hard-coded IP number, hostname lookups can have any logic or filtering applied by the DNS resolver.

People have effectively self-hosted the Pi-hole solution at home. Typically it is configured to reduce ads which can improve website performance and reduce tracking. For those with some desire to configure a small device, pi-hole is a straightforward and lightweight method to take some control of your network.

There are also hosted DNS solutions which can provide varying levels of filtering and blocking.

Using a phone over a mobile network or public wifi, you may want to have some DNS filtering while not using the Pi-hole solution at home. For an Android phone, there is a setting to allow use of "Private DNS". Go to settings, Network & Internet, Private DNS. If you want to use the Cloudflare DNS offering of 1.1.1.1, Android will require an actual hostname instead of the 1.1.1.1 number scheme. In the settings prompt for Private DNS, enter the hostname 1dot1dot1dot1.cloudflare-dns.com and press save. Your Android phone should then use the Cloudflare DNS filtering. Using one.one.one.one as the hostname seems to have unreliable effects as it does not always properly resolve that name.

Android Private DNS setting:

Look up 1dot1dot1dot1.cloudflare-dns.com which resolves to 1.1.1.1:

Cloudflare's 1.1.1.1 is fast and convenient. For additional levels of filtering, look into using their family filtering at 1.1.1.3. For family filtering, also consider using OpenDNS.