What is your security setup these days?

I would only add something to backup the system and personal data.

 

+1. but you might consider adding a vm to that setup.

 

Forgot to mention, I have Macrium Reflect paid.

 

Great setup using the "less is more" approach. I doubt you need to add anything to it.

 

After years of having 8 million programs going on, decided to keep it simple. Was just curious if I need to do anything else. Thanks man.

 

People are really hard to convince that malware for average users is basically not worth coding for. Why? There is no money in it. A reliable backup program and MS Defender are more than enough, but I don't have to preach to the choir...

 

I agree. I don't have hardly anything to take on my computer lol.

 

Xubuntu 21.10 (PC my daughter)
Strong password enabled
Quad9 DNS
UFW Firewall - enabled

Google Chrome --disable-webgl --cipher-suite-blacklist=0x0035,0x002f,0xc014,0xc013

• Javascript blocked for HTTP://*
• Privacy Sandbox + FLoc disabled
• Clears cookies and data from sites when you close
• Search Engine and Home web-page DuckDuckGo
• Always HTTPS
• DNT enabled

Chrome://flags - Enabled:

• Block scripts loaded via document.write
• Strict Extension Isolation
• Strict-Origin-Isolation
• Parallel downloading
• Reduce User-Agent request header
• Enable CSS Container Queries
• Disable subframe process reuse

Extensions:

• UBO - Hard Mode - with TLD by Kees1958
• Decentraleyes
• Stream Recorder
• VideoDownloadHelper

 

My current setup:

OS: Windows 10 21H2
Backup: Macrium Reflect and IceDrive
Updates: SUMo and Windows and Office update
Antimalware: Emsisoft Anti-Malware
Content blocker: uBlock Origin in Firefox
On demand scanners: HitmanPro, Norton Power Eraser, Eset Online scanner

 

Got a free 3 year subscription for F Secure Safe so running it now alongside Simple Windows Hardening. So far I really like it, fast, bloat free and simple.

 

Nice man. Always wondered how good F Secure was.

 

My Setup:

Hard_Configurator: Windows_10_Avast_Hardened_Mode_Aggressive Profile, Firewall Hardening: LOLBins, Adobe
SAP Essentials: Lockdown Mode, Registered as Antivirus, App Whitelisting: Name & Thumbprint in Trusted Certificate List
VoodooShield Pro: Always On/Aggressive
GlassWire Elite: Ask to Connect, VirusTotal (Auto Analyze All Apps with network activity)
Firefox: Enhance Tracking Protection: Strict, Disable Data Collection, Extensions: uBlock Origin & Bitwarden
DNS: Quad9 (Enabled in Router)
OneDrive, Other Data backup to other HDDs

 

Very nice security setup, @1chaoticadult. It looks like you've got all bases covered

 

Microsoft Defender with customized exploit protection plus adblockers on browsers. Simple protection for my uses.

 

That I do . Its a very light setup for me. I plan on sticking with it for a while.

 

W.10 Home x64 21H1
Local Account - Standard user - Limited permissions
UAC maximum - Always notify
Quad9 DNS
Onedrive,Cortana,Advertising ID,Web Search - disabled
Usage of location data for Cortana disabled
Telemetry OFF
Removed some Windows optional features.

Microsoft Defender Firewall hardened with H_C.
Microsoft Defender hardened with Configure Defender (Customized level)

• Ransomware protection - disabled
• No run in a sandbox
• Core Isolation: Memory integrity - disabled
• Some softwares hardened with maximum AE protection
• All Windows Exploit Protection options - enabled

MS Edge --disable-webgl

• Enabled Security Mitigations - Strict
• Detection Protection - Strict
• All Insecure Cipher Suites - 0x002f,0x0035,0xc013,0xc014,0x009c,0x009d - disabled

Edge://flags:

Enabled:

• Block scripts loaded via document.write
• Automatic HTTPS
• Experimental Tracking Prevention Features
• Strict-Origin-Isolation
• Strict Extension Isolation
• Enable Digital Signature for PDF
• Show block option in autoplay settings
• GPU rasterization
• Zero-copy rasterizer
• Block insecure private network requests

Disabled:

• Show feature and workflow recommendations
• Allow tab-to-search using Microsoft Search with Bing
• Allow Microsoft Search with Bing for any default search engine
• Allow preloading of pages by other applications

Extensions:

• (MS Store) - Decentraleyes
• (Chrome Store) - UBO - Hard Mode

 

Just added these two to Edge @Sampei Nihira

• GPU rasterization
• Zero-copy rasterizer

Do you feel a performance difference by chance?

 

The benefits are many:

https://www.gpudrive.com/gpu-rasterization/

 

Thank you for that article. Makes sense. I will use it oh my home desktop since my work laptop does not have a dedicated GPU. Cheers!

 

https://doh.cleanbrowsing.org/doh/security-filter/ and UBO is all i need.

 

Hello to Wilders Security Forum,

This is my first post, I have tweaked Windows and the aforementioned apps to my preferences.

Win10 Setup:

DNS: Quad9
Firewall: simplewall
Antivirus: Windows Defender
Browser: Firefox ESR + Quad9 DoH + Arkenfox + uBlockO + Sandboxie
Hardentools
CTT's win10script

Tools for Inspection: Autoruns, ProcessExplorer, TCPView
Tools for Removal/Update: Bleachbit, BCUninstaller, SDI Origin, Patch My PC

 

Always up to date W10 21H2 Local account

System: Ahnlab V3free (ransomeware off to avoid redundancy), Wisevector, Simplewall, Comodo Internet Security Essentials (freeware version), Simple Dnscrypt with Quad9, Hostsman (Steve Black), Hard_Configurator (with fw rules), Extraneous services, features, etc disabled or uninstalled, Macrium Reflect free

Browser: Firefox Portable with UBO, Netcraft, HTTPS Everywhere, I Don't Care About Cookies

 

The changes are in bold

 

True to some extent. With more people working remotely, there is a new focus on targeting them as the soft underbelly of extended corporate networks potentially.

Users can be exploited and may never know it, if there is no carrot at the end of the line or may just be kept in the back pocket for other nefarious means.

 

W.10 Home x64 21H1
Local Account - Standard user - Limited permissions
UAC maximum - Always notify
Quad9 DNS
Onedrive,Cortana,Advertising ID,Web Search - disabled
Usage of location data for Cortana disabled
Telemetry OFF
Removed some Windows optional features.

Microsoft Defender Firewall hardened with H_C.
Microsoft Defender hardened with Configure Defender (Customized level)

• Ransomware protection - disabled
• No run in a sandbox
• Core Isolation: Memory integrity - disabled
• Some softwares hardened with maximum AE protection
• All Windows Exploit Protection options - enabled

MS Edge --disable-webgl

• Enabled Security Mitigations - Strict
• Detection Protection - Strict
• 5 Insecure Cipher Suites - 0x002f,0x0035,0xc013,0xc014,0x009c - disabled
• TLS_RSA_WITH_AES_256_GCM_SHA384 - ON *****

Edge://flags:

Enabled:

• Block scripts loaded via document.write
• Automatic HTTPS
• Experimental Tracking Prevention Features
• Strict-Origin-Isolation
• Strict Extension Isolation
• Enable Digital Signature for PDF
• Show block option in autoplay settings
• GPU rasterization
• Zero-copy rasterizer
• Block insecure private network requests

Disabled:

• Show feature and workflow recommendations
• Allow tab-to-search using Microsoft Search with Bing
• Allow Microsoft Search with Bing for any default search engine
• Allow preloading of pages by other applications

Extensions:

• (MS Store) - Decentraleyes
• (Chrome Store) - UBO - Hard Mode

***** If you turn off some Microsoft websites are unreachable.
Example:

https://support.microsoft.com/