What is your security setup these days?

I know what you mean, I actually didn't use an AV for I believe 10 years, cause they all sucked. But I must say Win Defender is very light on my system, it doesn't make my system any slower, so why not. I also don't get that many false positives so far.

 

W.10 Home x64 21H2
Local Account - Standard user - Limited permissions
UAC maximum - Always notify
Quad9 DNS
Onedrive,Cortana,Advertising ID,Web Search - disabled
Usage of location data for Cortana disabled
Telemetry OFF
Removed some Windows optional features.

Microsoft Defender Firewall hardened with H_C.
Microsoft Defender hardened with Configure Defender (Customized level) - Cloud Block Level

• Ransomware protection - disabled
• No run in a sandbox
• Core Isolation: Memory integrity - disabled
• Some softwares hardened with maximum AE protection
• All Windows Exploit Protection options - enabled

MS Edge --time-zone-for-testing --enable-features="GpuAppContainer,IsolateSandboxedIframes,EnableCsrssLockdown"

• Enabled Security Mitigations - Strict
• Detection Protection - Strict
• Always HTTPS
• Quad9 DOH
• Share browsing data with other Windows features - disabled
• 4 Insecure Cipher Suites - 0x002f,0x0035,0xc013,0x009c - disabled
• TLS_RSA_WITH_AES_256_GCM_SHA384 - enabled
• TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - enabled
• IL AppContainer - enabled
• Audio Service -sandboxed
• Network Service - sandboxed

Edge://flags:

Enabled:

• Block scripts loaded via document.write
• Enables the BrowsingDataLifetimeManager service to run
• Experimental QUIC protocol
• Use DNS https alpn
• Enable Back/Forward Cache
• Project Robin experiment
• Automatic HTTPS
• Strict-Origin-Isolation
• Show block option in autoplay settings
• Experimental Tracking Prevention Features
• Block insecure private network requests
• Enable Digital Signature for PDF
• Partitioned cookies

Disabled:

• Show feature and workflow recommendations
• Allow tab-to-search using Microsoft Search with Bing
• Allow Microsoft Search with Bing for any default search engine
• Allow preloading of pages by other applications
• Enable First-Party Sets
• Consider SameParty cookies to be first-party

Extensions:

• UBO - Hard Mode
• Don't add custom search engines
• JShelter

I decided to remove LocalCDN to make the configuration more like Firefox.

 

Had to update Chrome on one of my 8.1 systems- for some reason i still haven't tracked down yet WHY auto update for Chrome throws me an error. My other 8.1's don't do that and when a Chrome Browser update is available it goes thru just peachy.

The error is this on one single 8.1 system. Update check failed to start (error code 3: 0x80040154). Even after installing the newest just released 105 afresh.

So since i had to uninstall the last version i saved bookmarks and reinstalled it and am also trying JShelter along with uBlock and LocalCDN.

Chrome Stable Updates is sure keeping me busy either remaking Incremental Backups or Full again. Which isn't no problem since i am always customizing 8.1 and find missed system or other folder file icons i change to have 8.1 appear more advanced or dressy along with adding a program or two as well. Best part of Imaging 8.1 is that i get to reclean the $MFT and such then remake a new Custom Refresh Wim image which serves as a double failsafe backup in case of troubles. The ONLY windows O/S which offers such a great reliable backup feature! And have had zero fails, not a one in years.

 

@EASTER

If you use Chrome you have to be careful about the services you can put in sandbox/AppContainer.
If you want to lose a little performance but increase security you can also enable:

Code:

--js-flags=--jitless

https://github.com/dreammjow/ChromiumHardening/blob/main/flags/chrome-command-line.md

in UBO Chrome needs more anti-trackers lists than Edge and Firefox.

With Chrome I would also enable CHIPS - third-party cookies/Off.

 

Well, my newest conclusion why so many companies get hacked is because many tools, think of MFA and EDR, are simply not good enough to block attacks, just look at the latest attack on Twilio where MFA was bypassed by a phishing attack, and not even a sophisticated one like proxy based MITM.

And make sure to read about how easy it is to bypass certain EDR's, see link. Just some general info, EDR is what they use in most big companies in case AV's fail to block malware, then behavior blockers should still be able to spot malicious behavior on endpoints. Think of Microsoft Defender ATP and CrowdStrike Falcon.

https://www.wilderssecurity.com/thr...-malware-defense-thats-easy-to-bypass.447186/

 

Then it sounds a bit like crap to me, a smart AV would never thow up so many false positives.

 

Formatted all and installed Zorin OS as main and only OS. Updates turned on and set to daily checking.
Firewall turned on and set to "deny" for inbound connections.
Google chrome browser with enhanced protection turned on, forced https everywhere turned on, avira extension, mbam extension, cyberghost extension, ubo extension, lastpass extension.
Google account syncronized with Zorin's apps- mail, calendar, to do's.
DNS changend to Google's DNS (8.8.8.8, 8.8.4.4)
Backup when needed on external HDD.
Everything clean, beautiful, secure and lightining fast!

 

It's your call, when Chinese backdoored security softwares actually "bombs".

 

Agree!!!
~~~~~~~~~~~~~~~~~~~~~
My real-time security:
EXE Radar Pro (Italy)
SpyShelter Premium (HIPS, anti-Keylogger) (Poland)
OSArmor (Behavior Blocker) (Italy)
K7 Antivirus Premium (includes a firewall) (India)

I'm still running Win7 so SpyShelter & OSArmor are set at their highest security levels.

 

Mine's 'nilla US antivirus--Microsoft though my helper software is mostly from the European area.

Although maybe my machine is "armored" seeing as Micro recently scored a contract with the US Army for combat goggles. Maybe, maybe not.

Don't forsake us, Microsoft.

 

Hi,
Why use all those extensions in a Linux OS?

 

They're synced by chrome through gmail account. Those were the extensions used in chrome when I used windows. It doesn't bother me at all, they're working all together as a team. Plus some safety measures, even on linux, don't think will do any harm. At the end of the day I must admit it's still the chrome browser that I am using.

 

W.10 Home x64 21H2
Local Account - Standard user - Limited permissions
UAC maximum - Always notify
Quad9 DNS
Onedrive,Cortana,Advertising ID,Web Search - disabled
Usage of location data for Cortana disabled
Telemetry OFF
Removed some Windows optional features.

Microsoft Defender Firewall hardened with H_C.
Microsoft Defender hardened with Configure Defender (Customized level) - Cloud Block Level

• Ransomware protection - disabled
• No run in a sandbox
• Core Isolation: Memory integrity - disabled
• Some softwares hardened with maximum AE protection
• All Windows Exploit Protection options - enabled

MS Edge --time-zone-for-testing --enable-features="GpuAppContainer,IsolateSandboxedIframes,EnableCsrssLockdown"

• Enabled Security Mitigations - Strict
• Detection Protection - Strict
• Always HTTPS
• Next DNS DOH
• Share browsing data with other Windows features - disabled
• 4 Insecure Cipher Suites - 0x002f,0x0035,0xc013,0x009c - disabled
• TLS_RSA_WITH_AES_256_GCM_SHA384 - enabled
• TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - enabled
• IL AppContainer - enabled
• Audio Service -sandboxed
• Network Service - sandboxed

Edge://flags:

Enabled:

• Block scripts loaded via document.write
• Enables the BrowsingDataLifetimeManager service to run
• Experimental QUIC protocol
• Use DNS https alpn
• Support for HTTPS records in DNS - DNS-over-HTTPS only
• Enable Back/Forward Cache
• Project Robin experiment
• Automatic HTTPS
• Strict-Origin-Isolation
• Show block option in autoplay settings
• Experimental Tracking Prevention Features
• Block insecure private network requests
• Enable Digital Signature for PDF
• Partitioned cookies

Disabled:

• Show feature and workflow recommendations
• Allow tab-to-search using Microsoft Search with Bing
• Allow Microsoft Search with Bing for any default search engine
• Allow preloading of pages by other applications
• Enable First-Party Sets
• Consider SameParty cookies to be first-party

Extensions:

• UBO - Hard Mode
• Don't add custom search engines
• JShelter

 

Samsung Laptop
Windows 10

Sphinx Firewall Plus
AppGuard Solo
OSArmor
Spyshelter Silent
DeepFreeze
Instant Recovery
Mullvad VPN
AdGuard

Not sure if OSArmor is really needed but better to have two bouncers at the door then one.
I'll see how it goes.

 

F Secure Safe
Simple Windows Hardening

 

Microsoft Defender with ASR rules
µBO

 

W.10 Home x64 21H2
Local Account - Standard user - Limited permissions
UAC maximum - Always notify
Quad9 DNS
Onedrive,Cortana,Advertising ID,Web Search - disabled
Usage of location data for Cortana disabled
Telemetry OFF
Removed some Windows optional features.

Microsoft Defender Firewall hardened with H_C.
Microsoft Defender hardened with Configure Defender (Customized level) - Cloud Block Level

• Ransomware protection - disabled
• No run in a sandbox
• Core Isolation: Memory integrity - disabled
• Some softwares hardened with maximum AE protection
• All Windows Exploit Protection options - enabled

MS Edge --no-pings --time-zone-for-testing --enable-features="GpuAppContainer,IsolateSandboxedIframes,EnableCsrssLockdown,EncryptedClientHello"

• Enabled Security Mitigations - Strict
• Detection Protection - Strict
• Always HTTPS
• Next DNS DOH *****
• Share browsing data with other Windows features - disabled
• 4 Insecure Cipher Suites - 0x002f,0x0035,0xc013,0x009c - disabled
• TLS_RSA_WITH_AES_256_GCM_SHA384 - enabled
• TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - enabled
• IL AppContainer - enabled
• Audio Service -sandboxed
• Network Service - sandboxed

Edge://flags:

Enabled:

• Block scripts loaded via document.write
• Enables the BrowsingDataLifetimeManager service to run
• Experimental QUIC protocol
• Use DNS https alpn
• Support for HTTPS records in DNS - DNS-over-HTTPS only
• Enable Back/Forward Cache
• Project Robin experiment
• Automatic HTTPS
• Strict-Origin-Isolation
• Show block option in autoplay settings
• Experimental Tracking Prevention Features
• Block insecure private network requests
• Enable Digital Signature for PDF
• Partitioned cookies

Disabled:

• Show feature and workflow recommendations
• Allow tab-to-search using Microsoft Search with Bing
• Allow Microsoft Search with Bing for any default search engine
• Allow preloading of pages by other applications
• Enable First-Party Sets
• Consider SameParty cookies to be first-party

Extensions:

• UBO - Hard Mode
• AdGuard MV3 (enabled when necessary)
• Don't add custom search engines
• JShelter

Mozilla Firefox - Arkenfox.user.js

• Tracking protection: Strict (enables Total Cookie Protection)
• HTTPS-only-mode enabled
• Clearing browsing data on exit
• AutoPlay for audio and video disabled
• DDG Search Engine
• Hardware acceleration enabled
• Quad 9 DNS (DOH)

Extensions:

• UBO - Hard Mode

***** = I changed the lists used in Next DNS to maximize blocking/tracking performance in anticipation of MV3.
I want to use as few rules as possible in AdGuard MV3,to have the ability to also use other MV3 extensions that will compete with AdGuard MV3.
I only included a custom Italian language list (minified) because this language is not available in the default lists.

My MV3 adblocker feature extension right now is AdGuard,but I may change my choice if the progress of UBO Lite is to my liking.

 

W.10 Home x64 21H2
Local Account - Standard user - Limited permissions
UAC maximum - Always notify
Quad9 DNS
Onedrive,Cortana,Advertising ID,Web Search - disabled
Usage of location data for Cortana disabled
Telemetry OFF
Removed some Windows optional features.

Microsoft Defender Firewall hardened with H_C.
Microsoft Defender hardened with Configure Defender (Customized level) - Cloud Block Level

• Ransomware protection - disabled
• No run in a sandbox
• Core Isolation: Memory integrity - disabled
• Some softwares hardened with maximum AE protection
• All Windows Exploit Protection options - enabled

MS Edge --no-pings --time-zone-for-testing --enable-features="GpuAppContainer,IsolateSandboxedIframes,EnableCsrssLockdown,EncryptedClientHello"

• Enabled Security Mitigations - Strict
• Detection Protection - Strict
• Always HTTPS
• Next DNS DOH - (oisd + Easy Privacy)
• Share browsing data with other Windows features - disabled
• 4 Insecure Cipher Suites - 0x002f,0x0035,0xc013,0x009c - disabled
• TLS_RSA_WITH_AES_256_GCM_SHA384 - enabled
• TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - enabled
• IL AppContainer - enabled
• Audio Service -sandboxed
• Network Service - sandboxed

Edge://flags:

Enabled:

• Block scripts loaded via document.write
• Enables the BrowsingDataLifetimeManager service to run
• Experimental QUIC protocol
• Use DNS https alpn
• Support for HTTPS records in DNS - DNS-over-HTTPS only
• Enable Back/Forward Cache
• Project Robin experiment
• Automatic HTTPS
• Strict-Origin-Isolation
• Show block option in autoplay settings
• Experimental Tracking Prevention Features
• Block insecure private network requests
• Enable Digital Signature for PDF
• Partitioned cookies

Disabled:

• Show feature and workflow recommendations
• Allow tab-to-search using Microsoft Search with Bing
• Allow Microsoft Search with Bing for any default search engine
• Allow preloading of pages by other applications
• Enable First-Party Sets
• Consider SameParty cookies to be first-party

Extensions:

• UBO - Hard Mode
• JShelter
• Don't add custom search engines
• AdGuard MV3 (Off/On)

Restored everything to move MV3 to the year 2024.

Mozilla Firefox - Arkenfox.user.js

• Tracking protection: Strict (enables Total Cookie Protection)
• HTTPS-only-mode enabled
• Clearing browsing data on exit
• AutoPlay for audio and video disabled
• DDG Search Engine
• Hardware acceleration enabled
• Next DNS DOH (oisd + Easy Privacy)

Extensions:

• UBO - Hard Mode

 

I had no idea, this could be enabled, huge thanks.

I need to check out https://github.com/dreammjow/ChromiumHardening/blob/main/flags/chrome-command-line.md

Enabled? I myself do not like QUIC, it is made by Google, it uses faster, but less secure UDP instead of TCP. I keep QUIC enabled for Brave though, since I use it for Youtube/Google.

 

Nortonware

 

Current Setup:

Win11 21H2 (+Core Isolation Off)
BitLocker On
DefenderUI (Recommended Profile)
VoodooShield CyberLock
AdGuard for Windows (DNS-over-QUIC) +ETags +Protect from DPI
Glasswire Elite
Macrium Reflect
Process Lasso
Kerish Doctor (+Apps Live Optimization Off +PC Protection Off)
KeePass 2.52
+ 2nd opinion scanner Malwarebytes/NPE
+ some tweaking/hardening Windows (Optimizer 14.0/Privacy.Sexy/WindowsSpyBlocker/RazerCortex system-booster) & Firefox (standard +privacy.resistFingerprinting & Addons => AdguardAssistant, Flagfox, DarkReader)

 

Not much changes on my system.

OS: Windows 11 21H2
Backup: Macrium Reflect
Updates: SUMo
Anti-Malware: Eset Internet Security
Content blocker: uBlock Origin
On-demand scanners: HitmanPro, Norton Power Eraser

 

Windows 11 Pro 22H2
MS Defender
Edge with µBO Lite