What is your security setup these days?

or just do the dumb : keep turning on/off the power button several times in a row during the boot , i can guarantee you will end with the recovery mode

 

Hi.
"--disable-reading-from-canvas" will not prevent your:

- Battery Fingerprint.
- Audio Fingerprint.

 

I feel so much better now

Always been a skeptic or old fashioned, I don't know, but I tried 10 with great expectation but just can't pull away from the earlier platform

 

Sampei you might Cent Browser interesting, it is a find of member Liba see https://www.wilderssecurity.com/threads/cent-browser-2-4-2-19.392325/[/QUOTE]

 

Good Evening! WSA Security Plus...and ZAM Premium! Light and Lethal! Sincerely...Securon

 

OS: Windows 10 Pro x64
Tweaks: O&O ShutUp10 / MBRFilter
VPN: Private Internet Access (via OpenVPN)
UAC: Allow signed/Block unsigned
SmartScreen: Enabled
SRP: Enabled (via SSRP)
Firewall: Windows Firewall (via Windows Firewall Control)
Password Manager: Keepass 2.x

RT:

• Sandboxie 5.17.4 Beta (Ungoogled Chromium and IE)
• VoodooShield Pro 3.51 Beta (Smart Mode)
• Windows Defender
• AppCheck Anti-Ransomware

Browser:

• Ungoogled Chromium 55.0.2883.87 (64-bit):
  • uBlock Origin (Default + Disconnect lists)
  • uBlock Extra
  • Canvas and Referer disabled

OD:

• Process Explorer
• Privazer (Donors)
• Emsisoft Emergency Kit

All partitions (data and system) encrypted with Veracrypt.
Weekly backup with Macrium Reflect WinPE Recue Disk and SyncBack
All data uploaded to cloud encrypted with Viivo.

Still testing AppCheck, the Autobackup feature is nice...

 

Thanks, what can be done about that?

 

Nice

 

Just use Scriptsafe.

 

Just use Scriptsafe.

 

Thx (to all of you) for suggestions and solutions.

No I had not enabled fast boot, because I keep setups on Desktop and Laptop as much as posssible the same. I discovered that the Hybrid disk (on the laptop) performed better by disabling hybernation and lowering the virtual memory to 256MB*

I do known I had fast boot enabled in the BIOS but after disabling that Windows10 still would not react to F8 (indeed like guest mentioned by repeatedly restarting). I discovered with Windows 7 that my keyboard did not react during boot when it is on USB3.

I use an ergo line keyboard (without numeric keys) and a trackbal (left) and mouse (right), so I tried it with an old fashioned wide keyboard. As far as I remember I had the keyboard and (either mouse or trackball) in the upper USB2 and the other pointing device in a lower USB3 of teh desktop. When I put trackball besides mouse USB, the cursor/pointer tends to walk around the screen when idling, so that is the reason I put one of them in the lower USB3 and are farly sure the keyboard was in the upper USB2.

Regards Kees

*OT: I also discovered/tested that the hybrid performs better without boot optimization of NV cache, prefetch and superfetch disabled, the NV cache enabled, while not using the NV-cache in SSD mode. So making the OS aware of the hybrid's NV-cache without the OS doing the optimization seems to work best on my Seagate Hybrid (which makes sense since it is only has extra READ cache and applies WRITE-through to disk).

 

Maybe this will stay....

Windows 10/64 bit

SpyShelter Firewall 10.9
AppGuard 5.2.9.1
AdGuard 6.1.314.1628
O&O ShutUp10
Shadow Defender 1.4.0.648
Raxco Instant Recovery Home 2.2.0 Build 314

 

Win 10 Pro - 64 bit

Windows Defender, Voodooshield, Comodo FW set to proactive.

 

So simple yet so effective, similar here but using ESET AV.

 

Sandboxie.

 

That's just enough
I like your minimal approach

 

Windows 10 Home x64
AppGuard 4.4.6.1 (Locked Down)
VoodooShield 3.53 (Autopilot)
Comodo FW 10 (w/ Cruelsister's settings)
AdGuard
Zemana AL (On Demand Scanner)
Macrium Reflect 7
Excubits FIDES (to protect external backup drive)

Shadow Defender and Sandboxie for testing....

 

Wow, that is very redundant. AG alone is enough , by curiosity i wonder which one is acting first when you execute an unknown software?

 

AppGuard has stopped everything in lockdown. If AG is in install mode, either VS will popup or Comodo will sandbox it.

 

OpenWrt / LEDE Project (17.01.0 Stable) at Gateway

• Running local DNS server to force all DNS requests through Adguard DNS (blocklist on router)
  • (https://github.com/openwrt/packages/tree/master/net/adblock/files#main-features)
  • Blocks ads on iPhones, iPads and all other devices on my network
• Additionally pushing all DNS requests through OpenDNS for speed/efficiency plus protection

Excubits Kernel-Mode Drivers

• Bouncer (with parent/child process control, command line scanning, blacklist, etc.)
  • blacklist following developer's suggestions (https://excubits.com/content/files/blacklist.txt)
• MemProtect (memory sandbox protecting Chromium, Adobe Reader, etc.)
• Hoping to add FIDES to my setup soon

Enhanced Mitigation Experience Toolkit (EMET)

• Utilizing System-wide Mitigations (DEP, SEHOP, ASLR, Block Untrusted Fonts)
• Including the hidden Always On option for ASLR (can potentially cause problems)
• Added rules for known Application Whitelisting Bypasses from SHB
  • (https://github.com/iadgov/Secure-Host-Baseline/tree/master/EMET)
• Although EMET may soon die, the process mitigations will live on
  • (https://www.wilderssecurity.com/threads/windows-build-in-sandbox.386322/page-3#post-2656120)

Chromium (from https://chromium.woolyss.com/)

• Built with Control Flow Guard
• No sync • No WebRTC • No Widevine
• Added flag for AppContainer
• Running from RAMDisk

No Anti-Virus!

• This (lack of) antivirus is an important layer of defence in my setups

Additional Details

• Windows 10 Pro 64-bit (latest)
• Standard User Account
• UAC on Maximum
• KeePass
• Adguard For Windows (absolutely worth the money)
• Running LSASS.exe as a protected process
  • (https://technet.microsoft.com/en-us/library/dn408187(v=ws.11).aspx)
• Simple; light & efficient; set & forget; just the way I like it.

* I will edit this or add to this later if there are some more important factors that I have forgotten.

 

Added VoodooShield to my setup in sig. Should I keep it in autopilot or smart mode ?

 

IMO you should try Smart Mode first. If you get too many popups from VoodooShield you can change to Autopilot.
See the VoodooShield User Guide for more info about the different modes:
http://www.voodooshield.com/Download/VoodooShieldUserGuide.pdf

 

I found that if you don't un/install a lot of software very often, SMART mode is very unobtrusive, especially if you take advanced snapshots of your parent apps every now and then. So, I agree with Gandolf_the_Grey.

I find WildByDesign's setup amazing.