What is your security setup these days?

Win11 22H2
Windows Defender Disabled
SysHardener (Home User)
ExpressVPN (Threat Manager)
BlackFog
HitmanPro.Alert
Macrium Reflect 8
GlassWire Elite
Firefox Betterfox (DarkReader, uBlockOrigin)
+ Brave (DarkReader, Rabby)
+ KeePass 2.54
+ Process Lasso
+ privacy.sexy Standard
+ 2nd opinion scanner NPE
+ privaZer
+ sync.com

 

FYI: KeePass v2.55 is already available: https://keepass.info/download.html

 

Win11 22H2
Windows Defender (DefenderUI) Disabled
SysHardener (Home User)
ExpressVPN (Threat Manager)
BlackFog
HitmanPro.Alert
Macrium Reflect 8
GlassWire Elite Removed
Firefox Betterfox (DarkReader, uBlockOrigin)
+ Brave (DarkReader, Rabby)
+ KeePass 2.55
+ Process Lasso
+ privacy.sexy Standard
+ 2nd opinion scanner NPE
+ privaZer
+ sync.com

 

Windows 11 22H2
MS Defender | Block all unknown executables | ASR rules
Smart Application Control | On
Exploit Protection | All system settings On | Custom settings for apps
Firefox | µBO Hard mode | https://search.disroot.org/
Chrome | µBO Hard mode | JShelter | https://search.disroot.org/

 

I'm back for my yearly checkup. Here is what I am running and would like any suggestions or if this is a good enough set up.

Malwarebytes Premium
Hitmanpro
Cyberlock
Proton VPN

Is there anything missing or any suggestions on what would be a better set up. I had Bitdefender but it seemed to react badly to this set up so I trashed it.

 

I would only add something to backup your data and (or) system.

 

16 year old dell inspiron 530 desktop (hard drive still in tip top condition according to my trusty hard disk sentinel)
....
windows 7 SP1 HOME PREMIUM
....
Comodo firewall 12 with cruel sister settings.I also contain the firefox 115.4 browser (even though its not necessasary) because i like the green border.
....
process lasso
....
warpdisk ..cut my boot up time, from 55 secs to 31..
....
Twister antivirus was installed for a while, as its gui is a work of art ...beautiful to look at and practical.It used hardly any cpu ,or memory, so i tolerated it for a while.It can get chatty with FPs though ,so its off again for the minute
....
Biniware Run ,which is great which i found on here the other day.

 

I strong advise you ditch Twister permanently. It was abandoned ten years and doesn't even officially support Windows 10. It's not a good to idea to use an antivirus that no longer receives any product updates. Also, it would be best to upgrade to Windows 10 or 11, due to Windows 7 no longer receiving security updates. They both should run find on your computer despite the age.

 

Hiya Roger..
Twister still updates definitions daily...well.. weekends can be scarce though.I have removed it because of many FPs though,and comodo firewall is more than enough security at present.This pc at the moment, is just used for nostalgia ...running some old programs that still work fine.Used mainly for browsing ,and that's it.At some point all the sites that I like are going to refuse entry to my browser.At that point I,m back on linux.

 

Aside from the false positives, it will provide very poor protection, which is not what you want on an unsecure operating system. So you might want reconsider before using it again.

 

In my humble opinion, out of the 3 security software packages, I would keep only 1 real-time scanner Malwarebytes or HitmanPro.Alert (personally I prefer HitmanPro.Alert which costs less and does the job).
Then i would replace the 2 others with BlackFog.
It all depends on whether you have a lifetime license, I don't know it and that may influence the choice.

 

Win11 23H2 ReviOS (Windows Defender Off and Spectre & Meltdown Mitigation Off => Preserves Cpu power)
BlackFog
ExpressVPN (Lightway & Threat Manager)
HitmanPro.Alert
Macrium Reflect 8
SysHardener (Home User)
Firefox Betterfox (DarkReader, uBlockOrigin)
+ Brave (DarkReader, Rabby)
+ KeePass 2.55
+ Process Lasso
+ 2nd opinion scanner NPE
+ privaZer
+ sync.com

P.S:
i did a test => With ExpressVPN anti ads + BlackFog if i disable UBO i have no ads on youtube lol
I'll just have to find out if there's an alternative to the addon "i still dont care about cookies" (seems abandonware from months) in order to manage cookies notice
and then I'll be able to manage without ad blocker browser UBO.

 

I'm not familiar with BlackFog. How does it work?

I do have a lifetime sub to Malwarebytes but that is the only one.

 

OK so u just have to subscribe to Blackfog and keep Malwarebytes as an alternative AV & scanner and you ll be overpowered with good Vpn ((i dont know proton vpn features) is it free for you ?) Go to premium ExpressVPN for paid ^^
BlackFog is like 3rd Generation Data Security with ADX (operates on layer 3 of the OSI stack and give a bonus licence for smartphone device)
https://www.blackfog.com/why-blackfog/

 

Thanks. I will check it out and probably add that. Thanks again for all the help from you and this forum. I'm not very savvy when it comes to the security of my computer and have always counted on Wilders to help me out. Never been disappointed.

 

Yea Perpetual Evolution.. and i m glad to inform you about my selection for the best value for money
Malwarebytes + BlackFog + ExpressVPN ll be a Rock under Windows (you dont ever need Windows Defender and Ad Blocker)

Unfortunately, you can't activate BlackFog and Expressvpn on your smartphone at the same time like under Windows
Personally, I use Blackfog (to have the Geofence module & ADX) + https-over-dns under Brave on my S23
but ExpressVPN on smarphone is also great with threat manager and anti ads modules activated.

I had Cyberlock VoodooShield before, it is great but i prefer BlackFog 100% (fully automated & more layers)
DefenderUI + NextDNS are great for free but if you have some money BlackFog + ExpressVPN are better

 

Sphinx Firewall Plus
AppGuard Solo
OSArmor
Spyshelter Silent
DeepFreeze

IVPN
AdGuard
Raxco InstantRecovery

Process Lasso
1Password

Emsisoft Emergency Kit
Eset Online Scanner

 

I'm currently using a minimalistic security setup:

OS: Windows 11 Pro, version 23H2
Kaspersky Premium
Norton Power Eraser and AdwCleaner as on-demand scanners
Firefox with uBO
Mullvad VPN
O&O ShutUp10++ (only used for some minor privacy tweaks)
Macrium Reflect Home (just to be on the safe side)

Is there anything else I should add?

 

New Laptop, ASUS VivoBook Go 14/15, 256G SSD, with Win 11 Home current and updated.

Kaspersky Plus
Hard Configurator with recommended settings. (not sure it's necessary with Kaspersky aboard).
Hasleo Backup to external HDD

 

You already have DNS Secure with Mullvad so it ok
I dont know you filterlist under uBO
but you can add Hagezi's Personal DNS Blocklist if not already in use
https://subscribe.adblockplus.org/?location=https://raw.githubusercontent.com/hagezi/dns-blocklists/main/adblock/personal.txt&title=Hagezi Personal DNS Blocklist
and user.js from Betterfox
https://raw.githubusercontent.com/yokoffing/Betterfox/main/user.js

 

Thanks for your suggestions, @acid king I'm currently using uBO standard filter lists and my own filter list. I have so far not felt the need to use additional filter lists, but maybe I will give some other lists a try sooner or later.

 

W.10 Home x64 22H2
Local Account - Standard user - Limited permissions
UAC maximum - Always notify
Cloudflare DNS
Onedrive,Cortana,Advertising ID,Web Search - disabled
Usage of location data for Cortana disabled
Telemetry OFF
Removed some Windows optional features.

Microsoft Defender Firewall hardened with H_C.
Microsoft Defender hardened with Configure Defender (Customized level) - Cloud Block Level

• Ransomware protection - disabled
• No run in a sandbox
• Core Isolation: Memory integrity - disabled
• Some softwares hardened with maximum AE protection
• All Windows Exploit Protection options - enabled

MS Edge --no-pings --enable-features="IsolateSandboxedIframes,EnableCsrssLockdown,EncryptedClientHello"

• DDG - Home page and deafult search engine
• Enabled Security Mitigations - Strict
• Detection Protection - Strict
• Clipboard permissions - blocked
• Next DNS DOH - OISD Full + EasyPrivacy
• Share browsing data with other Windows features - disabled
• TLS_RSA_WITH_AES_256_GCM_SHA384 - enabled
• TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - enabled

Policies:

• AutomaticHttpsDefault = 2
• DnsOverHttpsMode = secure
• DnsOverHttpsTemplates = Next DNS
• TLSCipherSuiteDenyList = "0x002f","0x0035","0xc013","0x009c"
• HubsSidebarEnabled - false
• CryptoWalletEnabled - false
• SyncDisabled - true
• AudioSandboxEnabled - true
• NetworkServiceSandboxEnabled - true
• RendererAppContainerEnabled - true
• SandboxExternalProtocolBlocked - true
• Edge3PSerpTelemetryEnabled= 0
• ExtensionManifestV2Availability= 2
• WebWidgetAllowed - false

Edge://flags:

Enabled:

• Block scripts loaded via document.write
• Block insecure private network requests
• Parallel downloading
• Enable experimental cookie features
• Experimental QUIC protocol
• Use DNS https alpn
• Enable Back/Forward Cache
• Back-forward cache - Enabled force caching all page
• Project Robin experiment
• Automatic HTTPS
• Disable opening mhtml in IE mode from web
• Strict-Origin-Isolation
• Show block option in autoplay settings
• Experimental Tracking Prevention Features
• Enable Digital Signature for PDF
• Microsoft Edge tracking prevention
• Third-party Storage Partitioning
• New PDF Viewer
• Origin-keyed Agent Clusters by default
• Origin-keyed Processes by default

Disabled:

• Show feature and workflow recommendations
• Enable system notifications
• Combine sync consent and sign in
• Allow Microsoft Search with Bing for any default search engine
• Allow preloading of pages by other applications
• Enable First-Party Sets
• Enable Drop's custom notification

Extensions:

Edge Store:

• UBO - Hard Mode with TLD's
• Video DownloadHelper

Chrome Web Store:

• JShelter
• SwiftDial
• Stream Recorder - download HLS as MP4
• Don't add custom search engines
• (Off) - AdGuard MV3 - Hard Mode with TLD's

 

• Falcon by Crowdstrike – NGAV-EDR, antimalware + endpoint detection and response
• Global Protect by Palo Alto Networks – SASE, security access service
• AnyConnect by Cisco – NAC, network access control to allow access to Wi-Fi and wired
• EPM by Cyberark – PAM, privileged access management tool for management of privilege elevation on PC’s
• Digital Guardian by Fortra – DLP, data loss prevention for intellectual property protection
• Information Protection by Microsoft – DRM, data classification and digital rights management
• MBAM by Microsoft – Bitlocker management agent, bitlocker key escrow on a central database – all PC’s (excluding China, because of technology limitations)

 

Would not it be better to have it disabled, since the purpose of QUIC is to use UDP instead of TCP to make browsing faster, not safer.