What is your security setup these days?

Benvenuto Alexai

 

@Alexai

It sounds like a difficult configuration, but it is quite simple.

 

W.10 Home x64 22H2
Local Account - Standard user - Limited permissions
UAC maximum - Always notify
Cloudflare DNS
Onedrive,Cortana,Advertising ID,Web Search - disabled
Usage of location data for Cortana disabled
Telemetry OFF
Removed some Windows optional features.

Microsoft Defender Firewall hardened with H_C.
Microsoft Defender hardened with Configure Defender (Customized level) - Cloud Block Level

• Ransomware protection - disabled
• No run in a sandbox
• Core Isolation: Memory integrity - disabled
• Some softwares hardened with maximum AE protection
• All Windows Exploit Protection options - enabled

MS Edge --disable-webgl --no-pings --time-zone-for-testing --enable-features="IsolateSandboxedIframes,EnableCsrssLockdown,EncryptedClientHello"

• DDG - Home page and deafult search engine
• Enabled Security Mitigations - Strict
• Detection Protection - Strict
• Always HTTPS
• Next DNS DOH - (oisd + Easy Privacy)
• Share browsing data with other Windows features - disabled
• 4 Insecure Cipher Suites - 0x002f,0x0035,0xc013,0x009c - disabled
• TLS_RSA_WITH_AES_256_GCM_SHA384 - enabled
• TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - enabled
• IL AppContainer - enabled
• HubsSidebarEnabled - 0
• SyncDisabled - 1
• Audio Service -sandboxed
• Network Service - sandboxed
• Clipboard permissions - blocked

Edge://flags:

Enabled:

• Block scripts loaded via document.write
• Enables the BrowsingDataLifetimeManager service to run
• Experimental QUIC protocol
• Block insecure downloads
• Use DNS https alpn
• Support for HTTPS records in DNS - DNS-over-HTTPS only
• Enable Back/Forward Cache
• Back-forward cache - Enabled force caching all pages (experimental)
• Project Robin experiment
• Automatic HTTPS
• Strict-Origin-Isolation
• Show block option in autoplay settings
• Experimental Tracking Prevention Features
• Block insecure private network requests
• Enable Digital Signature for PDF
• Partitioned cookies
• Microsoft Edge tracking prevention
• Experimental third-party storage partitioning - Third party cookies blocker enabled

Disabled:

• Show feature and workflow recommendations
• Enable system notifications
• Combine sync consent and sign in
• Allow tab-to-search using Microsoft Search with Bing
• Allow Microsoft Search with Bing for any default search engine
• Allow preloading of pages by other applications
• Enable First-Party Sets
• Consider SameParty cookies to be first-party

Extensions:

Chrome Web Store:

• UBO - Hard Mode with TLD's
• Don't add custom search engines
• ( on/off) - AdGuard MV3 - Hard Mode with TLD's + UBO Lite - only AdGuard URL Tracking Protection List

 

My new machine came with McAfee preinstalled and valid for a year. As soon as I uninstalled it the system got faster unsurprisingly... Nowadays I keep it simple, I rely on Windows own security, UAC at maximum, uBlock Origin to filter the internet. If I want to surf dangerously, I will activate Shadow Defender to create a virtual system and use Tor Browser against tracking.

But my most important passive security remains backing up my system every other day. Ever since I've been using MS Defender (more than 3 years) I've had no notifications of any malware threat and of course no malware interference. Apart from ransomware threatening big companies, I think that all the malware scare tactics are just FUD to get users to spend money on security.

 

Simple yet excellent no nonsense security approach

Mostly I agree.

 

A small change: added JShelter to Chrome.

Windows 11 22H2
MS Defender | Block all unknown executables | ASR rules
Smart Application Control | On
Exploit Protection | All system setting On | Custom settings for apps
Firefox | µBO Medium mode | https://search.disroot.org/
Chrome | µBO Medium mode | JShelter | https://search.disroot.org/

 

I am now on Linux exlusively. Security:

Clam AV (on-demand scanner only)
Internal Firewall (default-deny incoming||allow outgoing)
Timeshift (back-up system files & data files daily - to external SSD -- retain 30 most recent days)
For internet: Ublock Origin, AVG Online Security

 

Prediction: Clam AV will never even once find an infected file while you are running Linux

 

FSecure Safe
Voodoo Shield
UBO
Malwarebytes Browser Guard ( ad blocking shut off)

 

Likely true. Is that a bad thing?

 

I guess you have removed GpuAppContainer, because Edge 111 is crashing with it? It is shame that MS has crippled GPU sandbox.

 

The browser to me opens with a blank page and then closes.

 

In my world, no

 

Is there any downside of using this? Does anything break?

 

Not on the websites I frequent.
The advantage over ping blocking done with UBO is that if you have to, on some problematic website,disable even momentarily the adblocker you can always count on this feature being active in the browser.

 

On both main computers :

Adguard - Kaspersky Plus

On third computer :

Adguard - Eset premium security

On all computers (Windows 11) : Aomei Backupper - UCheck and Kerish doctor

On the last laptop used by the children : Lubuntu

 

GlassWire Elite, AppGuard Solo, Spyshelter Premium, 1Password, CylancePROTECT, Macrium Reflect Home Edition, Heimdal Threat Prevention Home, Deep Freeze Standard, AdBlocker Ultimate for Windows, O&O ShutUp10++

 

Wow, you're not taking any chances, but isn't this a bit of overkill? And keep in mind, this is coming from me, who also uses about 5 realtime protection tools.

 

Deep Freeze Standard is only on demand

 

It might if he accidentally downloads some Windows software.

 

I think everyone is entitled to have the security that gives them a certain peace of mind. The only problem I can foresee, too many security programs might interfere with Windows Updates/Upgrades and/or the normal operation of Windows. When something doesn’t work properly, it becomes time consuming to check which program might be interfering.

 

Like when Windows Security recently deleted all of the shortcuts on my system? Sorry, had to say it. I do agree with what you said, but the greatest problem I have had with security programs causing problems is false positives. I do prefer to limit myself to 1 solution to avoid conflicts and then daily disk images in case something does manage to get through.

 

I think you could get rid of either CylancePROTECT or Heimdal, I believe they will do the same. And SpyShelter will do about the same as GlassWire. I personally try to avoid redundancy, I use 5 realtime tools but they all bring something else to the table, know what I mean?

 

OS: Windows 11

Backup: Macrium Reflect
Updates: SUMo
Anti-malware: Eset Nod32 Antivirus
Content blocker: uBlock Origin
On-demand scanners: Norton Power Eraser, HitmanPro