Advanced Plus Security blackice's 2021 Security Configuration

Last updated
Feb 17, 2021
How it's used?
For home and private use
Operating system
Windows 11
On-device encryption
Log-in security
    • Biometrics (Windows Hello PIN, TouchID, Face, Iris, Fingerprint)
Security updates
Allow security updates and latest features
User Access Control
Always notify
Smart App Control
Network firewall
Real-time security
Microsoft Defender
NoVirusThanks OSArmor
Firewall security
Microsoft Defender Firewall
About custom security
Configure Defender - High
OS Armor - a few additional items ticked in the settings
Periodic malware scanners
Malwarebytes, EEK, ESET online scanner, HitmanPro
Malware sample testing
I do not participate in malware testing
Browser(s) and extensions
Chrome -
AdGuard
1Password
Malwarebytes Browser Guard

Edge Chromium -
AdGuard
1Password

Firefox -
AdGuard
1Password
Malwarebytes Browser Guard
Secure DNS
ISP / Quad9
Desktop VPN
IVPN
Password manager
1Password
Maintenance tools
HWiNFO
Process Explorer
Everything
Bandizip
File and Photo backup
File History
System recovery
Macrium Reflect
Risk factors
    • Browsing to popular websites
    • Buying from online stores, entering banks card details
    • Logging into my bank account
    • Gaming
    • Streaming audio/video content from shady sites
Computer specs
Ryzen 7 5800X
ASUS TUF Gaming X570-Pro Wifi
32GB G.Skill Trident Neo 3600 cl16
RTX 3070 DUAL OC
500GB WD SN550 NVME
1TB WD SN550 NVME
500GB WD Blue SSD
1TB WD Blue HDD
Notable changes
DNS: Cloudflare->Quad9
2/17/21 - AVG Internet Security
2/20/21 - Removed Brave, updated PC Maintenance section
3/3/21 - Removed AVG
Added Microsoft Defender
3/22/21 - Keeping NextDNS so added it
Added Bitdefender Internet Security
4/15/21 - Removed Bitdefender IS
Added Microsoft Defender
4/19/21 - Added Malwarebyte Premium just kidding it’s broken, Defender still.
4/29/21 - Changed DNS to ControlD (by WIndscribe)
Removed adblockers in browsers, Added HitmanPro
5/10/21 - Back to NextDNS
6/14/21 - Currently using ISP DNS
7/9/21 - NextDNS DoT, RT-AX86U (Merlin Firmware)
10/14/21 - Windows 11
What I'm looking for?

Looking for medium feedback.

TairikuOkami

Level 35
Verified
Top Poster
Content Creator
Well-known
May 13, 2017
2,452
I’ll wait until Windows update to natively support encrypted DNS in stable release.
Windows currently supports only 3 encrypted DNS (Google, Quad9, Cloudflare), I do not expect it to be updated very fast, so no adguard or nextdns anytime soon.
While that's true in theory, remember that malware can just use direct IP connections without using any DNS.
But they prefer DNS, especially botnets, because IPs get blocked very fast, so they need to renew IPs.
 

SeriousHoax

Level 47
Well-known
Mar 16, 2019
3,630
Windows currently supports only 3 encrypted DNS (Google, Quad9, Cloudflare), I do not expect it to be updated very fast, so no adguard or nextdns anytime soon.
It's possible to use other DNS providers like NextDNS as encrypted by following this method in insider editions. I tested it and it works.
But as @blackice said, those of us who are on stable build needs to wait for it to be released (or use YogaDNS).
 

TairikuOkami

Level 35
Verified
Top Poster
Content Creator
Well-known
May 13, 2017
2,452
It's possible to use other DNS providers like NextDNS as encrypted by following this method in insider editions. I tested it and it works.
Thanks, that definitely something to watch out for, malware could easily add its own DNS server making it look as an official one.
 

Attachments

  • capture_05112021_190029.jpg
    capture_05112021_190029.jpg
    166.1 KB · Views: 280

blackice

Level 38
Thread author
Verified
Top Poster
Well-known
Apr 1, 2019
2,731
As your screen confirm, this change needs admin rights. If malware get these, bigger problems exists.
I was just thinking if malware hits your system and is trying to phone home with DOH you already have problems. Yes some mitigations can save you, but I don't need to worry about every single threat and vector. I mean how many enthusiasts on this forum even ever run into malware? It happens, but I'm too tired to be paranoid.
 

blackice

Level 38
Thread author
Verified
Top Poster
Well-known
Apr 1, 2019
2,731
Went back to AdGuard for my desktop browsers and use NextDNS filtering for my phone. I like their service, but DNS filtering for ads takes a bit more tweaking than I'd like. May go back to it eventually.

Mostly using Firefox these days. Seems just as fast as Chromium with my Desktop, plus it forces Picture in Picture on videos that are blocking it in Chrome.
 

blackice

Level 38
Thread author
Verified
Top Poster
Well-known
Apr 1, 2019
2,731
Got my hands on an RT-AX86U and put the most recent Merlin firmware on it with NextDNS DoT.
It turns out NextDNS is tremendously broken with DoT on this router. From what I hear their (NextDNS) DoT implementation has issues with a lot of devices/code. I have gone back and forth between Quad9 DoT (for filtering) and using the ISP (for functionality and getting the closest edge CDN resolved on the ISP's services). The ISP already has all my connections logged anyway if they want to, so I don't really care. Probably will land with using the ISP for the router and Quad9 on specific browsers as preferred.
 
Last edited:

blackice

Level 38
Thread author
Verified
Top Poster
Well-known
Apr 1, 2019
2,731
What is the problem actually? Connection drop?
Certain devices would suddenly not resolve some addresses, but my phone and pc would resolve the same address. My wife’s phone was one of them, so a deal breaker around here. Also, and there’s a super long thread about this on their forum, the dns leaks to Cloudflare, google, and who knows what others when using DoT on ASUS routers. No other DoT implementation does that with this firmware, so I have no clue.
 

blackice

Level 38
Thread author
Verified
Top Poster
Well-known
Apr 1, 2019
2,731
Giving NextDNS DoT on the router another shot. So far it seems to be working correctly now. May be a keeper. I like their solution for EDNS Subclient Privacy. Helps with getting close CDNs. If this fails then back to the ISP, because it's the only one that consistently provides the best CDNs.
 

blackice

Level 38
Thread author
Verified
Top Poster
Well-known
Apr 1, 2019
2,731
Giving NextDNS DoT on the router another shot. So far it seems to be working correctly now. May be a keeper. I like their solution for EDNS Subclient Privacy. Helps with getting close CDNs. If this fails then back to the ISP, because it's the only one that consistently provides the best CDNs.
Ugh, just kidding. Internet completely disconnected, change DNS and instantly reconnected. These two just don’t play well. Oh well. $2 more a month for me.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top