Advanced Plus Security bayasdev's Security Config 2023

[bayasdev]

Hoping you guys had a wonderful holiday, this is my security config for 2022. I have Windows 11 Pro installed along with Fedora Workstation 35.

Windows Defender can become very CPU and I/O consuming specially when copying large folders such as node_modules so I ended up buying an Emsisoft Anti-Malware license because it's the less intrusive solution I found (I don't want SSL MITM or bloated suites just a simple AV to replace WD).



This year I'm going to replace my current laptop but I'm still not sure wheter to go with a MacBook Pro (M1 Pro) or an Alder Lake based laptop (preferably a ThinkPad but as long as the RAM/NVMe is upgradeable and it doesn't has Nvidia nor hardware that doesn't work properly on Linux I'm fine).

Stay safe!

 

[Vitali Ortzi]

just use Linux you will have more control of what takes your IO
anyway since m1 has unlocked boot-loader its really nice and efficiency is unheared of in any other mobile as long as you dont need x86 or certain applications i think mac is a really nice
unforntaly thinkpads are dead im writing this in a t400 and its dam good except ##### speakers ##### screen and slow ass p8700 cpu
if i had this exact laptop with micro led ,arm ,nice speakers and modern ports it would have been my fav laptop
but ibm design is long dead

 

[bayasdev]

Since Linux runs so bad on Nvidia Optimus laptops currently I'm only using Windows 10 LTSC 2021 on this machine, had to ditch Windows 11 since it blocks MSR writes required for CPU undervolting when running VBS (WSL2).

I'm also using EIS since it's more lightweight and doesn't has FP issues unlike EAM (behavior-blocked quarantined my PostgreSQL installation whilst performing a backup routine ).

PD: Now I'm waiting for the M2 powered MBP to come out since development will be moving forward to ARMv9 in the next years.
PD2: Asahi Linux is making eyes at me.

 

[bayasdev]

Webcam protection it's not working since today's update (15.1.12.0), I think I'll need to reinstall EIS.

 

[bayasdev]

I went back to Windows 11 but now I'm using 22H2 (Insiders Beta channel), protection wise I'm sticking to Microsoft Defender on default settings (only PUP and HVCI are enabled).

PD: no MacBook for me (as a software developer I need to work with the customer's legacy technology stack) so I'm getting a Lenovo Legion laptop (Ryzen) in the next months.

 

[SeriousHoax]

I went back to Windows 11 but now I'm using 22H2 (Insiders Beta channel), protection wise I'm sticking to Microsoft Defender on default settings (only PUP and HVCI are enabled).

View attachment 267158

PD: no MacBook for me (as a software developer I need to work with the customer's legacy technology stack) so I'm getting a Lenovo Legion laptop (Ryzen) in the next months.

It's also better not to try third party AVs on this build. ESET and Bitdefender failed to properly turn off Microsoft Defender on this build. These are the only two that I tested so maybe it's an issue for other products too because even using Group Policy to turn off Defender didn't work. Windows Security shows third party AV is active yet Defender service kept running. So it's a bug of this build I guess. So stick to Microsoft Defender.

 

[bayasdev]

Just enabled this on Edge, looks like it enables flow control protection (CFG) on unknown websites.

 

[bayasdev]

I reimaged this PC with W11 22H2 and enabled BitLocker encryption with password (no TPM dependant)

 

[bayasdev]

30/10/2022

• Replaced CCleaner portable with BleachBit

 

[bayasdev]

I haven't logged in to the forums for a while but the old Acer setup is pretty much the same aside from upgrading Ubuntu to 23.04
PD: I'm currently daily driving my M2 Pro MacBook so no antivirus for me :S

 

[MuzzMelbourne]

PD: I'm currently daily driving my M2 Pro MacBook so no antivirus for me :S

Lucky you! I only have the M2 MBP. Next time I'll get the 14"...

I still use Intego AV though.