SECURITY: Basic CyberDevil's 2021 Security Configuration

Last updated
Apr 6, 2021
About
Personal, primary device
Additional PC users
Not shared with other users
Desktop OS
Windows 10
OS License Type
Pro
Login security
    • Passwordless (PIN, Biometric, Face)
Primary sign-in
Microsoft account
Primary account rights
Administrator permissions
Other accounts rights
N/A - Single user account
Security updates
Automatic - allow all types of updates
Windows UAC
Default - notify when programs attempt to make changes
Network firewall
None
Real-time protection
-> FS-Protect
-> HitmanPro.Alert
Software firewall
Provided by a third-party security vendor. Refer to 'Real-time protection' for details.
Custom RTP, Firewall and OS settings
Windows firewall Hardening by Andy Ful via blocking the Internet access to LOLBins
Force Quad9 DOH and block p2p / direct connection via Portmaster
Malware research
Yes - malware samples are downloaded to a Virtual Machine
Periodic scanners
Emsisoft Emergency Kit
DNS
VPN
Windscribe
Password manager
Bitwarden
Browsers, Search and Addons
Firefox
-> uBlock Origin
-> ClearURLs
-> Browser Protection by F-Secure
-> Netcraft

With some additional settings for strict SSL verification and better privacy:
user_pref("security.ssl.require_safe_negotiation", true);
user_pref("security.tls.version.enable-deprecated", false);
user_pref("security.ssl.enable_ocsp_stapling", true);
user_pref("security.OCSP.enabled", 1);
user_pref("security.cert_pinning.enforcement_level", 2);
user_pref("security.remote_settings.crlite_filters.enabled", true);
user_pref("security.pki.crlite_mode", 2);
user_pref("privacy.resistFingerprinting", true);
user_pref("privacy.purge_trackers.enabled", true);
user_pref("privacy.partition.network_state", true);
user_pref("privacy.partition.network_state.connection_with_proxy", true);
user_pref("fission.autostart", true);

Search engine
: StartPage

uBlock Origin subscriptions:
-> EasyList, EasyList Czech and Slovak, EasyPrivacy
-> AdGuard's Lists (Base, Tracking Protection, Social Media)
-> Web Annoyances Ultralist
-> NoTrack Tracker Blocklist
-> IDN Homograph Attack Protection
-> Dandelion Sprout's Anti-Malware List (for AdGuard)
-> AdGuard URL Tracking filter, Actually Legitimate URL Shortener Tool
PC maintenance
Reg Organizer, Kerish Doctor
Personal Files & Photos backup
OneDrive for documents and external HDD for photos
Personal backup routine
Automatic (scheduled)
Device recovery & backup
I only use Windows restore points. Too lazy to make backups of the entire system.
Device backup routine
None
PC activity
  1. Working from home. 
  2. Browsing the web. 
  3. Browsing to unknown sites. 
  4. Emails. 
  5. Shopping. 
  6. Banking. 
  7. Downloading software. 
  8. File sharing and torrents. 
  9. PC and cloud gaming. 
  10. Multimedia. 
  11. App developer. 
Computer specs

MSI GE75 8SG Raider (i7-8750H, RTX 2080, 32 GB, 1TB SSD)

Personal changelog
2021.06.11 - I gave up on Norton and BlackFog, and reinstalled Windows with a fresh official 21h1 image. Now I use FS-Protection Beta (Beta of F-Secure), HitmanPro. Alert and Portmaster Firewall
Feedback Response

General feedback

CyberDevil

Level 1
Apr 4, 2021
41
Hi guys! I have been testing this configuration for about a week and I am interested in your opinion. The main idea of this config is three levels of network security.
1. Norton provides application-level security by blocking traffic for little-known applications based on its cloud base.
2. NextDNS provides protection at the DNS level, allowing to minimize the chance of connecting to a compromised site.
3. BlackFog Privacy analyzes network traffic at the TCP/IP level and blocks leaks of personal data based on behavior, also, as I understand it, it blocks any direct connections over IP if the IP was not resolved by the DNS server (can someone confirm this?).
In my opinion, this is a very interesting combination of these three security applications and it seems that they do not interfere with each other.
 

harlan4096

Moderator
Verified
Staff member
Malware Hunter
Apr 28, 2015
7,225
@CyberDevil:

You may set UAC to Always Notify.

In Login security, even if not sharing Your system, it would be interesting to set up, at least, a Windows PIN.

In Network firewall, are You using a router? Does it have some kind of firewall feature enabled?

In Device recovery & backup, Windows Restore Points usually get corrupted or tends to fail the restoration, You should use here a Full Image System BackUp: Macrium Free or AOMEI BackUpper are reliable and free.

Thanks for sharing :)
 

CyberDevil

Level 1
Apr 4, 2021
41
In Login security, even if not sharing Your system, it would be interesting to set up, at least, a Windows PIN.
Oh, I didn't pay attention! Of course, I have a small pin code from a set of favorite numbers. :)I also have two-factor authorization installed for all Microsoft services.

On other points: the router is quite old, so I do not attach importance to its firewall, also I think to install macrium in the near future as soon as I finish setting up and installing all the necessary software and as long as Windows is fresh enough, but I am still too lazy to enable UAC to Always Notify, I rely entirely on Hitman in eliminating zero-day threats with library substitution.:cool:
 
Last edited:
Top