diff --git a/security/Kconfig b/security/Kconfig
index ddf60c64f4d0..0f8733a25cd4 100644
--- a/security/Kconfig
+++ b/security/Kconfig
@@ -44,7 +44,7 @@ config SECURITY_TIOCSTI_RESTRICT
 
 config SECURITY_MODHARDEN
 	bool "Harden module auto-loading"
-	default y
+	default n
 	depends on MODULES
 	help
 	  If you say Y here, module auto-loading in response to use of some
@@ -59,10 +59,10 @@ config SECURITY_MODHARDEN
 	  Alternatively, the administrator can add the module to the list
 	  of modules loaded at boot by modifying init scripts.
 
-	  Modification of init scripts will most likely be needed on
-	  Ubuntu servers with encrypted home directory support enabled,
-	  as the first non-root user logging in will cause the ecb(aes),
-	  ecb(aes)-all, cbc(aes), and cbc(aes)-all  modules to be loaded.
+	  This setting can be overridden at runtime via the
+	  kernel.modharden sysctl.
+
+	  If unsure say N.
 
 config SECURITY
 	bool "Enable different security models"