SECURITY: Complete Divine Barakah's Laptop Security Config 2021

Last updated
May 2, 2021
About
Personal, primary device
Additional PC users
Not shared with other users
Desktop OS
Windows 10
OS edition
Pro
Login security
    • Password-less (PIN, Biometric, Face)
Primary sign-in
Microsoft account
Primary user
Admin user - Full permissions
Other users
Security updates
Default - allow security updates
Windows UAC
Maximum - always notify
Network firewall
ISP-issued router
Real-time protection
Kaspersky Total Security 21.3.10.391(b)
Software firewall
Provided by a third-party security vendor. Refer to 'Real-time protection' for details.
Custom RTP, Firewall and OS settings
- Trust group for applications that could not be added to existing groups (Untrusted).
- Trust group for applications started before startup of Kaspersky Total Security (High restricted).
- Trust digitally signed applications (unticked).
- Disabled Anti Banner.
Malware testing
No malware samples
Periodic security scanners
ADW Cleaner
Secure DNS
Cloudflare DNS over HTTPS using Adguard Desktop.
VPN
BULLETVPN
Password manager
Kaspersky Password Manager.
Browsers, Search and Addons
Browsers
  • Microsoft Edge
  • Firefox
  • Vivaldi
Extensions
IDM
  • Mendeley
Maintenance and Cleaning
Revo Uninstaller Pro Portable
Personal Files & Photos backup
Koofr & Microsoft One Drive
Personal backup routine
Automatic (scheduled)
Device recovery & backup
AOMEI Backupper Pro
Device backup routine
Manual (maintained by self)
PC activity
  1. Working from home. 
  2. Browsing the web. 
  3. Emails. 
  4. Shopping. 
  5. Banking. 
  6. Downloading software. 
  7. Streaming. 
Computer specs
  • Acer Aspire ES1-572-586C
  • Intel Core i5-7200U
  • Intel HD graphics 620
  • Adata 8 GBs RAM
  • Adata Ultimate SU630 480 GBs SSD
Feedback Response

Most critical feedback

DDE_Server

Level 22
Verified
Sep 5, 2017
1,095
Unfortunately I forgot to turn off Kaspersky cloud telemetry whilst writing custom ransomware, my executable was uploaded and was detected the next day (I was just finishing the file iterator), so I couldn't test it against truly unseen ransomware :D
I had to change the whole key generator logic + the note writer module and it's too much hassle.

The ransomware I discovered was all detected by heuristics set to max. It could be stopped by Application Control as well.
i did not consider Application control as real time protection as it is considered as default deny one " whitelist and then block" if you used solid core in mcafee ePO or vodooshiled it would mostly act the same
but as behavior blocker the differences appears
sorry for your ransomware baby hope you give birth to another one xd :p:p:D:D:LOL::LOL:
 
F

ForgottenSeer 89360

i did not consider Application control as real time protection as it is considered as default deny one " whitelist and then block" if you used solid core in mcafee ePO or vodooshiled it would mostly act the same
but as behavior blocker the differences appears
sorry for your ransomware baby hope you give birth to another one xd :p:p:D:D:LOL::LOL:
Well regardless of what you call it, it is a module that works in favour of your protection.

This one was a collection of unusual third-party frameworks... It will take time for me to find more of them, but I am sure I will.
 
Last edited by a moderator:

Gandalf_The_Grey

Level 50
Verified
Trusted
Content Creator
Apr 24, 2016
3,908
Yes, I know. But I'm talking about the browser security option in Adguard Desktop. See How malware protection works
So, what I said before, in that way Google Safe Browsing also can be used.
I know that blog, it nicely sums up how they work, but it's still not good enough.
It's the same for every product that uses Google Safe Browsing and is not from Google, they seemingly don't get access to the full power of Google Safe Browsing.
It's AdGuard, but also Firefox. Safe Browsing there is inferior to Safe Browsing on Google Chrome.
 
F

ForgottenSeer 85179

I know that blog, it nicely sums up how they work, but it's still not good enough.
It's the same for every product that uses Google Safe Browsing and is not from Google, they seemingly don't get access to the full power of Google Safe Browsing.
It's AdGuard, but also Firefox. Safe Browsing there is inferior to Safe Browsing on Google Chrome.
And NextDNS? As they provide Safe Browsing too
 

Jan Willy

Level 7
Jul 5, 2019
286
I know that blog, it nicely sums up how they work, but it's still not good enough.
It's the same for every product that uses Google Safe Browsing and is not from Google, they seemingly don't get access to the full power of Google Safe Browsing.
It's AdGuard, but also Firefox. Safe Browsing there is inferior to Safe Browsing on Google Chrome.
What's your source?
 

Gandalf_The_Grey

Level 50
Verified
Trusted
Content Creator
Apr 24, 2016
3,908
And NextDNS? As they provide Safe Browsing too
I don't know because I haven't tested it.
But I suspect the same, they will not get acces to the latest and greatest Google Safe Browsing.
What's your source?
Testing done here: Q&A - [Updated 29/12/2018] Browser extension comparison: Malwares and Phishings
And my own testing.

You can and should test it yourself like this: Malware and phishing links: 10 malc0de, 10 vxvault, 10 openphish, 10 verified phishtank, 10 unverified phishtank
See how much get blocked in Google Chrome without AdGuard and how much get blocked by AdGuard when using Google Chrome with Safe Browsing disabled.

The same for with and without NextDNS.

Please let us know the results.
 

silversurfer

Level 74
Verified
Trusted
Content Creator
Malware Hunter
Aug 17, 2014
6,312
I don't know because I haven't tested it.
But I suspect the same, they will not get acces to the latest and greatest Google Safe Browsing.

Testing done here: Q&A - [Updated 29/12/2018] Browser extension comparison: Malwares and Phishings
And my own testing.

You can and should test it yourself like this: Malware and phishing links: 10 malc0de, 10 vxvault, 10 openphish, 10 verified phishtank, 10 unverified phishtank
See how much get blocked in Google Chrome without AdGuard and how much get blocked by AdGuard when using Google Chrome with Safe Browsing disabled.

The same for with and without NextDNS.

Please let us know the results.
I can confirm from my testing, Google Safe Browsing is on Chrome more powerful than on any other chromium-based browsers, there is a difference for about 30 minutes delay to check on the latest database instead Google Chrome itself has always the fastest access in real-time!

I have noticed similar for Smart-Screen on Edge-Chromium and Microsoft Defender Browser Protection (from Chrome Web Store), the browser extension available only for chromium-based browser has a similar delay to access the database for web-protection by Microsoft.
 

Jan Willy

Level 7
Jul 5, 2019
286
I don't know because I haven't tested it.
But I suspect the same, they will not get acces to the latest and greatest Google Safe Browsing.

Testing done here: Q&A - [Updated 29/12/2018] Browser extension comparison: Malwares and Phishings
And my own testing.

You can and should test it yourself like this: Malware and phishing links: 10 malc0de, 10 vxvault, 10 openphish, 10 verified phishtank, 10 unverified phishtank
See how much get blocked in Google Chrome without AdGuard and how much get blocked by AdGuard when using Google Chrome with Safe Browsing disabled.

The same for with and without NextDNS.

Please let us know the results.
A rather staggering conclusion. You and silversurfer have convinced me. Thanks. I will not test it. I don't use Chrome and neither the Adguard extension. Adguard Desktop serves me well in many ways. It comforts me that this app not only relies upon Google Safe Browsing. In NextDNS I've never activated this option.
 

Divine_Barakah

Level 27
Verified
May 10, 2019
1,616
I have just installed AVG Internet Security with Hardened Mode enabled and Ransomware Protection set to Strict. I have also installed Password Protection component though I do not store any passwords in browsers (I am using Enpass). Will reflect all the changes to this thread once I finish configuring my device.

@oldschool I have decided to install Brave browser. Is it OK if I do not give Brave admin privileges during installation? Will contribute in anyway to my security?
 

Divine_Barakah

Level 27
Verified
May 10, 2019
1,616
I would add HitManPro Free and EEK in Periodic scanners...
I have downloaded EEK just in case, but I am too careful when it comes to browsing habits. But a monthly scan with EEK won't harm me.
F-Secure is a very good product. Light and problem free most of the time.
F-Secure, at least on my devices, is one of the lightest product if not the lightest. Unfortunately I have to disagree that it is problem-free (even if you said most of the time) because F-Secure caused me many issue: it did not allow me to update IDM, it did not allow me to install IceDrive Windows client and it did not allow me to upload any files to my IceDrive cloud and I had to contact support which said that IceDrive was not blocked on their side and after a day or two the issue was fixed. I am not bashing F-Secure and I do like it tbh, but the absence of firewall is one of the reason that prevents me from sticking with it.
My only concern is Waterfox that has no browsing protection at all because they removed (the they believe spying) Google Safe browsing.
AdGuard has, but it's not very good as seen in the extension testing thread by @Evjl's Rain.
I have restored a system image after experimenting, and now I will be using Edge, Firefox and Brave. Still not sure if I am going to install Adguard along with AVG because I am not sure if they will play nicely together.
So, for the whole Microsoft (Defender and SmartScreen) experience you should be using Edge.
But if you don't want that and I can understand your reasons for that, see if you can add Bitdefender TrafficLight to Waterfox.
I did not like the fact that I need to use Edge to get the best of MD protection. Now I do not need to worry about that because I am covered with AVG web protection now which is quite effective.
Regarding Waterfox, for some reason it works smoother than Firefox on my device and that is why I like it and I was planning to either install BDTL or MBBG, but now I have decided to use Brave and installed Firefox (just for the sake of using sth which is not chromium-based)
but it's wrong to claim that F-Secure has no advantage compared to MD/WD
I totally agree with you, but I was talking about my case. F-Secure does not come with a firewall or any other "fancy" components, so both MD and F-secure provide essential protection. But let us not forget that MD comes preinstalled in Windows, so I did not find myself missing anything in F-Secure but the fact that it is much lighter than MD.
I can confirm from my testing, Google Safe Browsing is on Chrome more powerful than on any other chromium-based browsers, there is a difference for about 30 minutes delay to check on the latest database instead Google Chrome itself has always the fastest access in real-time!
Google does not allow me to purchase extra storage (for Palestine is not supported) and I am not using Android, so I am not going to install Chrome. Is the 30-minute delay in Safe Browsing in Chromium-based browsers a security risk? What are my chances of coming across a malware or a phishing site that was just blocked in Chrome, but not yet in Brave? Pardon my ignorance, but I see it very unlikely.
 

Jan Willy

Level 7
Jul 5, 2019
286
A rather staggering conclusion. You and silversurfer have convinced me. Thanks. I will not test it. I don't use Chrome and neither the Adguard extension. Adguard Desktop serves me well in many ways. It comforts me that this app not only relies upon Google Safe Browsing. In NextDNS I've never activated this option.
Regarding NextDNS I like to point out that they also not only depend of Google Safe Browsing. Effective options are the blocking of newly registered domains (especially phishing-sites) and the threat intelligence feeds. See metadata/threat-intelligence-feeds.json at master · nextdns/metadata · GitHub
And to whom it concerns, Microsoft Defender does also very well in blocking malicious sites (not only in MS Edge).
 

silversurfer

Level 74
Verified
Trusted
Content Creator
Malware Hunter
Aug 17, 2014
6,312
Google does not allow me to purchase extra storage (for Palestine is not supported) and I am not using Android, so I am not going to install Chrome. Is the 30-minute delay in Safe Browsing in Chromium-based browsers a security risk? What are my chances of coming across a malware or a phishing site that was just blocked in Chrome, but not yet in Brave? Pardon my ignorance, but I see it very unlikely.
Phishing is easier to avoid as we just need safe habits while browsing and common sense ;)
For the chance of malware, when we downloading files it will be always checked on database (Google Safe Browsing) for known file hash, especially unknown files as .exe (rarely seen before) will be blocked as "dangerous" even on Brave the same than on Chrome. The difference (delay) seems to be how often the database of Google Safe Browsing is updated by Brave, Firefox, Vivaldi, etc.
Chrome has always access to own updated database in real-time.
The same is the case for Microsoft Edge to access the own database of "SmartScreen".

Finally, the most secure choice: Google Chrome or Microsoft Edge
 
F

ForgottenSeer 85179

Phishing is easier to avoid as we just need safe habits while browsing and common sense ;)
For the chance of malware, when we downloading files it will be always checked on database (Google Safe Browsing) for known file hash, especially unknown files as .exe (rarely seen before) will be blocked as "dangerous" even on Brave the same than on Chrome. The difference (delay) seems to be how often the database of Google Safe Browsing is updated by Brave, Firefox, Vivaldi, etc.
Chrome has always access to own updated database in real-time.
The same is the case for Microsoft Edge to access the own database of "SmartScreen".

Finally, the most secure choice: Google Chrome or Microsoft Edge
Even the delay isn't a problem if BAFS and/ or ASR rule " block executable unless they meet a prevalence, age, or trusted criteria" or using Andy's

Q&A - Windows Defender Delay Protection. | MalwareTips Community

 

silversurfer

Level 74
Verified
Trusted
Content Creator
Malware Hunter
Aug 17, 2014
6,312
Even the delay isn't a problem if BAFS and/ or ASR rule " block executable unless they meet a prevalence, age, or trusted criteria" or using Andy's

Q&A - Windows Defender Delay Protection. | MalwareTips Community

Of course, it's true, but we should always mention that both BAFS & ASR rules aren't enabled by default on MD/WD, as you said just using tools by @Andy Ful or tweaking manually related settings via Group-Policy.

Anyway, the "question" before was about web-protection on browser level for chromium-based browsers, that's a different context in this case than protection features by Microsoft Defender.
 

oldschool

Level 61
Verified
Mar 29, 2018
5,031
hmmm. I completely missed this point. Maybe some other members give us more info?
C://Programs and C://Programs (86x) are protected by native Windows protection, but AppData isn't.

OTOH, I don't believe installing a browser with Admin priviledges is the same as running it in Adminstrator mode, e.g. like the bug in early versions of Edge Chromium, but someone will correct me if I'm wrong. 🤔
 
Top