SECURITY: Complete Divine Barakah's Laptop Security Config 2021

Last updated
May 2, 2021
About
Personal, primary device
Additional PC users
Not shared with other users
Desktop OS
Windows 10
OS License Type
Pro
Login security
    • Passwordless (PIN, Biometric, Face)
Primary sign-in
Microsoft account
Primary account rights
Administrator permissions
Other accounts rights
N/A - Single user account
Security updates
Default - allow security updates only
Windows UAC
Maximum - always notify
Network firewall
ISP-issued router w/ firewall & filtering
Real-time protection
Kaspersky Total Security 21.3.10.391(b)
Software firewall
Provided by a third-party security vendor. Refer to 'Real-time protection' for details.
Custom RTP, Firewall and OS settings
- Trust group for applications that could not be added to existing groups (Untrusted).
- Trust group for applications started before startup of Kaspersky Total Security (High restricted).
- Trust digitally signed applications (unticked).
- Disabled Anti Banner.
Malware research
No - malware samples are not downloaded
Periodic scanners
ADW Cleaner
DNS
Cloudflare DNS over HTTPS using Adguard Desktop.
VPN
BULLETVPN
Password manager
Kaspersky Password Manager.
Browsers, Search and Addons
Browsers
  • Microsoft Edge
  • Firefox
  • Vivaldi
Extensions
IDM
  • Mendeley
PC maintenance
Revo Uninstaller Pro Portable
Personal Files & Photos backup
Koofr & Microsoft One Drive
Personal backup routine
Automatic (scheduled)
Device recovery & backup
AOMEI Backupper Pro
Device backup routine
Manual (maintained by self)
PC activity
  1. Working from home. 
  2. Browsing the web. 
  3. Emails. 
  4. Shopping. 
  5. Banking. 
  6. Downloading software. 
  7. Streaming. 
Computer specs
  • Acer Aspire ES1-572-586C
  • Intel Core i5-7200U
  • Intel HD graphics 620
  • Adata 8 GBs RAM
  • Adata Ultimate SU630 480 GBs SSD
Feedback Response

Most critical feedback

Divine_Barakah

Level 27
Verified
May 10, 2019
1,618
Honestly, I am fed up with all the nonsense of using third-party security products. I started to feel that my computer usage is devoted to installing, trying and fixing issues caused by the security products installed on my devices. I swear to God that I prefer getting infected rather than WASTING money on security product that will cause my nothing but headache. I know MD can cause problem sometimes, but it is preinstalled and it is pretty good, and that is why I am using it now.

MD is light but I have seen it using some CPU for some reason. This continues for some seconds and then it winds down. I am using Configure Defender set to high, and I am not planning to add any second-opinion scanners. I might start using Bitdefender Traffic Light, but still not sure about it. I have thought of installing F-Secure, for which I have over 800 days remaining, but decided not to because I do not see any added security in using it (maybe under certain circumstances it might outperform MD, but I see it as very unlikely to happen due to my browsing habits). Bitdefender, as light as it might be, is not very light as they market it. I could hear my laptop's fan noise during Windows startup and during installing new software, which drove me crazy. Enabling Automatic Profiles did help, but not very much. Bitdefender's main service consumes huge amount of CPU during startup and RAM usage is very high (I know RAM is to be used, but BD's usage is unreasonable). One more thing is the silly update process of BD which is very resources-hungry. But here I am using MD which is free, so that I will never regret I paid a penny on when it fails me.

Adguard Desktop, along with its DNS, is doing a very decent job in filtering ads. Browsing is smooth and ad-free, and it is really a pleasant experience. Of course I had to manually import Adguard's certificate into Waterfox (which I like btw), but other than that everything seems to be working just fine.

I have ditched Microsoft Office and now I am using Softmaker Office NX Universal. It is really great and the pricing is great too. 2021 version comes with Zotero integration (the lack of Zotero integration was the only reason that prevented me from using SM).
 

Divine_Barakah

Level 27
Verified
May 10, 2019
1,618
With MD you mean WD doesn't you?


This is only needed if you want a custom error page for blocked HTTPS site.
Also why Waterfox ?
I received endless error message from Waterfox, so I had to either disable HTTPS filtering in Adguard, or to manually import Adguard's certificate. Regarding your question, I have tried both Firefox and Waterfox, and I find that browsing in Waterfox is much smoother.
 

Divine_Barakah

Level 27
Verified
May 10, 2019
1,618
Thanks for the link. Waterfox is a better version of FF; it run smoother and it does not send much telemetry. I am playing with Ungoogled Chromium, but I am planning to install Brave but still have not made up my mind. There is no way I would ever touch Opera, and I find Vivaldi concerning. I would be happy to pay a monthly subscription for a browser that truly respects my privacy, but it seems that monthly subscriptions would not quench the thirsty companies.
 

oldschool

Level 59
Verified
Mar 29, 2018
4,807

SeriousHoax

Level 35
Verified
Mar 16, 2019
2,380
I agree with harlan. Add a second opinion scanner and EEK would be my main choice.
Last week I scanned an old USB drive of a friend of mine, and it contained some 2-3 years old malware. It had some important files so formatting wasn't an immediate option. My WD was unable to fully clean it and left some malware behind as we know WD is more or less cloud dependent in many cases. If I had executed those then it would have been detected with internet connection on, so the user would remain protected. But you don't execute threats when you want to clean USB drives.
So, I think it's useful to keep a second opinion scanner that can detect threats with static scans while using heavy cloud dependent product like WD as the AV.
 

Divine_Barakah

Level 27
Verified
May 10, 2019
1,618
I agree with harlan. Add a second opinion scanner and EEK would be my main choice.
Last week I scanned an old USB drive of a friend of mine, and it contained some 2-3 years old malware. It had some important files so formatting wasn't an immediate option. My WD was unable to fully clean it and left some malware behind as we know WD is more or less cloud dependent in many cases. If I had executed those then it would have been detected with internet connection on, so the user would remain protected. But you don't execute threats when you want to clean USB drives.
So, I think it's useful to keep a second opinion scanner that can detect threats with static scans while using heavy cloud dependent product like WD as the AV.
Thank you very much for pointing this out. I am currently experimenting with MD, but it is likely to either replace it with AVG or less likely with F-Secure. For now, everything is fine for I am very careful while browsing. I am downloading EEK now.
 

SeriousHoax

Level 35
Verified
Mar 16, 2019
2,380
Thank you very much for pointing this out. I am currently experimenting with MD, but it is likely to either replace it with AVG or less likely with F-Secure. For now, everything is fine for I am very careful while browsing. I am downloading EEK now.
F-Secure is a very good product. Light and problem free most of the time. But after @McMcbrad pointed out in his review that it doesn't have system wide web protection (only in browsers), I was disappointed. Even WD has some basic system wide network protection if you enable that. So keep that in mind in case you were not aware of this. But it's very good anyway. DeepGuard is very strong.
 

Divine_Barakah

Level 27
Verified
May 10, 2019
1,618
F-Secure is a very good product. Light and problem free most of the time. But after @McMcbrad pointed out in his review that it doesn't have system wide web protection (only in browsers), I was disappointed. Even WD has some basic system wide network protection if you enable that. So keep that in mind in case you were not aware of this. But it's very good anyway. DeepGuard is very strong.
This is exactly why I said F-Secure is not going to add anything which MD does not offer.
 

Gandalf_The_Grey

Level 46
Verified
Trusted
Content Creator
Apr 24, 2016
3,547
Good config and great responses from fellow members (y)

@SeriousHoax has a good point for using a second opinion scanner.

My only concern is Waterfox that has no browsing protection at all because they removed (the they believe spying) Google Safe browsing.
AdGuard has, but it's not very good as seen in the extension testing thread by @Evjl's Rain.
So, for the whole Microsoft (Defender and SmartScreen) experience you should be using Edge.
But if you don't want that and I can understand your reasons for that, see if you can add Bitdefender TrafficLight to Waterfox.
 

silversurfer

Level 71
Verified
Trusted
Content Creator
Malware Hunter
Aug 17, 2014
6,036
This is exactly why I said F-Secure is not going to add anything which MD does not offer.
Just to makes things more clear to anyone who may didn't know before:
We should mention that MD/WD doesn't includes a certain module like Behavior Blocker, MD/WD uploads suspicious files to own cloud-behavior-analysis by Microsoft, that's a different way to check files compared to a local module like DeepGuard by F-Secure.
 

Gandalf_The_Grey

Level 46
Verified
Trusted
Content Creator
Apr 24, 2016
3,547
Just to makes things more clear to anyone who may didn't know before:
We should mention that MD/WD doesn't includes a certain module like Behavior Blocker, MD/WD uploads suspicious files to own cloud-behavior-analysis by Microsoft, that's a different way to check files compared to a local module like DeepGuard by F-Secure.
Yes, you need an internet connection for Microsoft Defender to perform, but that's the case for almost all Antivirus software nowadays.
 
Top