Poll [2026] What is the fundamental component of your Security Configuration?

[Sampei.Nihira]

Although the person sitting in front of the PC is crucial, it is not possible to include this choice in the poll.
Single choice.
Enjoy.

 

[Parkinsond]

App control, K app control or SAC/WDAC.
AV can miss zero-day sample easily.
Firewall can by bypassed by process injection into allowed one.
Browser G safesearch or SmartScreen are late behind blocking malicious websites.
DNS misses some malicious websites.
VPN has no role in security, only hides my location; useful when FBI is searching for me.

 

[Sorrento]

In my case I would have to say ME & myself, this being the case & can add or remove & adapt to changes in the world, & as I use most of the options I'm not a slave to any of them & make informed choices. (i rekon) Though imaging & backups are essential always!

 

[Parkinsond]

imaging & backups are essential

but cannot protect against an infostealer.

 

[Sorrento]

I relate online security to the physical word usually - At home I have lights, camera & locks & myself: However all these are precautions, & if a person is really intent on getting into my garage/house he/she will do that, but I can add difficultly & usually another house without these things should be preferable to a burglar, we cannot cover all bases, its not possible.

Edit:
In addition, most valuable information regarding myself has been lost by companies, as in my pension fund that have apologized (thanks a lot) but that makes zero difference, how to protect info others have to have is impossible, & when each & every company, online shop etc, etc saves information about us usually for their own reasons its only going to get worse?

 

[Parkinsond]

if a person is really intent on getting into my garage/house he/she will do that

Freelancer? I don't think so; we are not a precious target; MI-5? may be.

 

[Sorrento]

For example: ten years ago I could walk into a shop & buy almost everything I wanted, I got a receipt, I likely would not have to interact with them again, now if I do that online or physically, I would have to register that product with name, address, blood group etc, then then be plagued for all eternity+ & beyond with what I may like, there isn't a way out of that, even explicitly telling them I don't want to hear from them OR their one billion trusted associates make no difference, SO we can only do our best - I signed for a trial yesterday with Paramount Plus as Netflix (the gits) are removing heaps of stuff I watch & with P+ & their trusted associates (to improve my experience with P+) run in to one hundred, more as I remember, its almost laughable

 

[Parkinsond]

For example: ten years ago I could walk into a shop & buy almost everything I wanted, I got a receipt, I likely would not have to interact with them again, now if I do that online or physically, I would have to register that product with name, address, blood group etc, then then be plagued for all eternity+ & beyond with what I may like, there isn't a way out of that, even explicitly telling them I don't want to hear from them OR their one billion trusted associates make no difference, SO we can only do our best - I signed for a trial yesterday with Paramount Plus as Netflix (the gits) are removing heaps of stuff I watch & with P+ & their trusted associates (to improve my experience with P+) run in to one hundred, more as I remember, its almost laughable

I'm adopting the character of Mel Gibson in "Consipracy Theory"; not using online services or payment, unless obliged to (no alternative method); walking around with sack full of coins.

 

[TairikuOkami]

Definitely DNS, I replaced AV with it. It blocks 95% TLDs, NRDs, known malware domains and C&C, thus it can prevent infection, but it can also break malware from working.

 

[Divergent]

Lately, I’ve been thinking about how much of our threat hunting success actually relies on 'tribal knowledge' versus standardized frameworks. We can follow the MITRE ATT&CK maps all day, but the most interesting catches usually start with a gut feeling, that 'this specific service account shouldn't be touching this endpoint' moment. My brain is the largest part of my security configuration now days.

 

[Victor M]

I would say WDAC whitelist is my second best bet. But it too can be bypassed via process injection into trusted processes. The best bet is blocking known persistence registries, so that they can't register themselves and auto-launch; connect to C2 etc. Together with WDAC whitelist it's a good combination. So they'd have to attack afresh again and again.

 

[Victor M]

this specific service account shouldn't be touching this endpoint

I would say abnormal things is what I watch out for. But it is buried under a mountain of process creations etc.

 

[Halp2001]

My security model is pretty simple: I assume the system has been compromised since 1988, and any sign to the contrary is obviously a false positive. I try to stay hopeful that I’m not the weakest link, although telemetry, statistics, and my click history suggest it’s more of a tie.
My method is straightforward: if something looks suspicious, I close it; if it doesn’t look suspicious, I close it just in case; and if it’s a critical system process, I close it with respect and a quick apology. And if something stops working afterward, I take it as scientific proof that I was poking around where I shouldn’t.
I’m not aiming for usability or convenience, just the spiritual well‑being of the system. As long as the machine boots, doesn’t start speaking in binary, and isn’t mining cryptocurrency at three in the morning, I consider everything to be working as intended.
And of course, none of this should be taken literally: a setup like this only makes sense somewhere between Wonderland and the universe of The Hitchhiker’s Guide to the Galaxy, where the answer to everything is 42.

 

[RoboMan]

App control, K app control or SAC/WDAC.
AV can miss zero-day sample easily.
Firewall can by bypassed by process injection into allowed one.
Browser G safesearch or SmartScreen are late behind blocking malicious websites.
DNS misses some malicious websites.
VPN has no role in security, only hides my location; useful when FBI is searching for me.

This. First line of defense and most important layer: Application Control.

 

[Sampei.Nihira]

I voted for browser, because although some features in my security configuration are entrusted to DNS for various reasons, this is inferior in terms of possibilities compared to a wide-spectrum content blocker + dynamic filtering.

 

[TairikuOkami]

I voted for browser

Well DNS works system wide, but yes, 99.99% infections come through the browser, even if it is a link in an email client or a web app or HTML content.

 

[Victor M]

I voted for browser, because

Can you enlighten me with browser attacks and coutnermeasures, I know very little about that side of things.

 

[Sampei.Nihira]

Can you enlighten me with browser attacks and coutnermeasures, I know very little about that side of things.

Much of my defense is due to the use, as I wrote, of dynamic filtering in extensions such as uBlock Origin or AG browser extension, uBoL.

Obviously, dynamic filtering is more difficult to manage in uBoL, but it is possible:

Dynamic filtering: Benefits of blocking 3rd party iframe tags

In Chrome, I have also hardened the sandbox with various Command Line Switches, among other things + flags.
I have completely eliminated the Insecure Chipher Suites (there are 6) that you can find in the Browserleaks TLS test.
And other personal things such as many personal rules, including DNR, if used in uBoL.

 

[Marko :)]

Why brain isn't an option?

 

[Parkinsond]

Why brain isn't an option?

Because the title is "configuration", not "methods".
Common sense my first and most important method, especially when using only MD.