Advanced Plus Security Gandalf_The_Grey's Security Config 2021

[Lenny_Fox]

@Gandalf_The_Grey

I am also switching between uBO and AG, benefits of uBO is the extra insight of what is happening under the hood when visiting a website, benefit of AdGuard is extra privacy features (e.g. cleaning URL's) and extra functionality (e.g. blocking of cookies as falback when blocking requests causes website breakage)

I now am now opting for Edge +AG in strict profile and switch between uMatrix for WDAG-sanboxed browsing (when uMA would not work anymore, I will fallback to uBO).

It is a pitty AG is not adding its pop-up blocker user script to AG extension. That would definitely switch me over to AG

 

[Gandalf_The_Grey]

@Gandalf_The_Grey

I am also switching between uBO and AG, benefits of uBO is the extra insight of what is happening under the hood when visiting a website, benefit of AdGuard is extra privacy features (e.g. cleaning URL's) and extra functionality (e.g. blocking of cookies as falback when blocking requests causes website breakage)

I now am now opting for Edge +AG in strict profile and switch between uMatrix for WDAG-sanboxed browsing (when uMA would not work anymore, I will fallback to uBO).

It is a pitty AG is not adding its pop-up blocker user script to AG extension. That would definitely switch me over to AG

They are both great extensions. uBO has indeed the extra benefit to see more easily what's happening and the extra modes, so more granular control is possible.
AG has extra privacy functions and a more simple way to ask for support for site breakage from within the extension itself.
Like both but prefer the extra insight provided by uBO. Never missed a pop-up blocker script in AG

 

[Gandalf_The_Grey]

The thread SE Labs Report for Oct-Dec 2020 got me thinking about privacy and the best config for me (again)
For the best privacy I believe there are two options: Emsisoft Anti-Malware or F-Secure Safe.

Last time I checked Emsisoft it was not working great on my laptop and I have F-Secure Safe free from my ISP (rebranded as Ziggo Safe Online).

So, after reading the review by @McMcbrad here: User Feedback - F-Secure Quick Review the conclusion there was that the weakest spot in its protection (Java malware) can easily be solved by using Simple Windows Hardening from @Andy Ful or not installing Java at all.
But since I want to use my config for all family members it is good to have some extra protection/hardening.

After making this change to my config I first noticed the speed/performance I gained.
Every program opens quicker and web browsing is quicker. My laptop seems more responsive.

 

[ForgottenSeer 89360]

The thread SE Labs Report for Oct-Dec 2020 got me thinking about privacy and the best config for me (again)
For the best privacy I believe there are two options: Emsisoft Anti-Malware or F-Secure Safe.

Last time I checked Emsisoft it was not working great on my laptop and I have F-Secure Safe free from my ISP (rebranded as Ziggo Safe Online).

So, after reading the review by @McMcbrad here: User Feedback - F-Secure Quick Review the conclusion there was that the weakest spot in its protection (Java malware) can easily be solved by using Simple Windows Hardening from @Andy Ful or not installing Java at all.
But since I want to use my config for all family members it is good to have some extra protection/hardening.

After making this change to my config I first noticed the speed/performance I gained.
Every program opens quicker and web browsing is quicker. My laptop seems more responsive.

That weak spot is not guaranteed to affect all users at all times, it is mentioned as a side note in the context of a website, where people are interested in malware, malware protection principles and capabilities. F-Secure is still great and above all, privacy-conscious product that deserves attention.
I would definitely not pay for this product, but I believe there are reasons for users to like it.

 

[Gandalf_The_Grey]

This made me go back to Microsoft Defender Antivirus.

Thanks to the config of @security123 and the comments of @silversurfer who convinced me to enable the sandbox

it was an interesting morning today when my work laptop got stuck in an upgrade of Windows 10.
I had to reenable Internet Explorer (for one specific program that we use) and install Microsoft Teams on my own laptop to continue working from home.

 

[Divine_Barakah]

This made me go back to Microsoft Defender Antivirus.

Thanks to the config of @security123 and the comments of @silversurfer who convinced me to enable the sandbox

it was an interesting morning today when my work laptop got stuck in an upgrade of Windows 10.
I had to reenable Internet Explorer (for one specific program that we use) and install Microsoft Teams on my own laptop to continue working from home.

F-Secure is very great tbh, but it has always caused some issues, at least for me. I keep revisiting it to see what they have improved.

 

[Deep Layer]

Nice configuration. Simple but effective. Maybe SpywareBlaster is useless, but if you like it, keep it.

 

[harlan4096]

Where is He using SpywareBlaster?

 

[Deep Layer]

Where is He using SpywareBlaster?

RTP & OS hardening settings: SywareBlaster with all protection enabled

is spelled wrong and I thought about SpywareBaster...
Maybe I misunderstood ...

 

[Gandalf_The_Grey]

Where is He using SpywareBlaster?

I have added it since I was forced to reenable Internet Explorer (needed for one site when working at home).
Internet Explorer is also used by Microsoft Outlook 365 to render web content (even when you have uninstalled IE).
You can see that when cleaning cookies with (for example) CCleaner.
SpywareBlaster nowadays also supports the new Microsoft Edge and adds a blocklist for some cookies.
Maybe it helps a little bit and because it is not running in real time it poses no risk.

 

[harlan4096]

Ah now I see it also in config

 

[Gandalf_The_Grey]

Ah now I see it also in config

I have now added it to the changelog:

2021.01.04 back to Microsoft Defender with Hard_Configurator and added SpywareBlaster

 

[Gandalf_The_Grey]

RTP & OS hardening settings: SywareBlaster with all protection enabled

is spelled wrong and I thought about SpywareBaster...
Maybe I misunderstood ...

Thanks, fixed the typo

 

[Gandalf_The_Grey]

More about SpywareBlaster: it has cookie and script blocking for Edge:

Result:

 

[Lenny_Fox]

@Gandalf_The_Grey very interesting, thanks for posting screenshots

Some time ago (when I was still using Chrome), I once used uBlock-scope and added trackers to the cookie and script blocklist. For what I remember the cookie blocklists blocks cookies when they are set as first and third-party. When I recall correctly the script blocking feature only was applied to first party scripts. This was the reason why I added a content blocker (to get a grip on data set by third-party javascript, iframes and xmlhttprequest/fetches and websocket communication)..

Unless things have changed do you really think chromium script blocking indeed blocks third-party java script (most trackers are third-party)? I will do a field-test also with Edge (disabling tracking protection and running uMatrix without blocklists). I will report back.

EDIT: NOPE blocking amazon adsystem does not block third-party scripts, see image

 

[Gandalf_The_Grey]

@Gandalf_The_Grey very interesting, thanks for posting screenshots

Some time ago (when I was still using Chrome), I once used uBlock-scope and added trackers to the cookie and script blocklist. For what I remember the cookie blocklists blocks cookies when they are set as first and third-party. When I recall correctly the script blocking feature only was applied to first party scripts. This was the reason why I added a content blocker (to get a grip on data set by third-party javascript, iframes and xmlhttprequest/fetches and websocket communication.

Unless things have changed do you really think chromium script blocking indeed blocks third-party java script (most trackers are third-party)? I will do a field-test also with Edge (disabling tracking protection and running uBo without blocklists). I will report back.

I'm not sure, but first or third-party should make no difference.
EDIT: damn that it doesn't block third party scripts is a major letdown.
Thanks for testing

 

[Lenny_Fox]

@Gandalf_The_Grey

On the other side when they have curated their cookie block list (any idea how many domains it blocks), it is a nice combo to use in Edge in combination with strict blocking in Edge.

 

[Gandalf_The_Grey]

@Gandalf_The_Grey

On the other side when they have curated their cookie block list (any idea how many domains it blocks), it is a nice combo to use in Edge in combination with strict blocking in Edge.

They block 232 cookies:

Spoiler: Cookies

[*.]e-plus.cc
[*.]100hot.com
[*.]101webstats.com
[*.]123count.com
[*.]123counts.com
[*.]247media.com
[*.]247realmedia.com
[*.]7adpower.com
[*.]7search.com
[*.]8ad.com
[*.]911promotion.com
[*.]acecounter.com
[*.]activemeter.com
[*.]ad-flow.com
[*.]ad-logics.com
[*.]adbrite.com
[*.]adbureau.com
[*.]adbutler.com
[*.]addynamix.com
[*.]adengage.com
[*.]adforce.com
[*.]adhostingsolutions.com
[*.]adinterax.com
[*.]adjuggler.com
[*.]adlegend.com
[*.]adminder.com
[*.]admodus.com
[*.]admonitor.com
[*.]adorigin.com
[*.]adrevolver.com
[*.]ads360.com
[*.]adserver.com
[*.]adservingcentral.com
[*.]advertising.com
[*.]advertserve.com
[*.]adviva.com
[*.]affiliatefuel.com
[*.]aggregateknowledge.com
[*.]atdmt.com
[*.]aureate.com
[*.]bankads.com
[*.]bfast.com
[*.]bluestreak.com
[*.]bpath.com
[*.]bridgetrack.com
[*.]brilliantdigital.com
[*.]burstmedia.com
[*.]burstnet.com
[*.]casalemedia.com
[*.]centrport.com
[*.]cj.com
[*.]click2net.com
[*.]clickagents.com
[*.]clickfinders.com
[*.]comclick.com
[*.]cometcursor.com
[*.]cometcursors.com
[*.]commission-junction.com
[*.]commissionpartner.com
[*.]coremetrics.com
[*.]counted.com
[*.]cpxinteractive.com
[*.]dbbsrv.com
[*.]directnetadvertising.com
[*.]directtrack.com
[*.]doubleclick.com
[*.]ebch.com
[*.]ebdv.com
[*.]ebdw.com
[*.]ebjp.com
[*.]ebkn.com
[*.]ebky.com
[*.]eblv.com
[*.]ebvr.com
[*.]ecwz.com
[*.]ecyb.com
[*.]eduy.com
[*.]eeev.com
[*.]engage.com
[*.]ads.enliven.com
[*.]epilot.com
[*.]euniverseads.com
[*.]ezhits4u.com
[*.]falkag.com
[*.]fastadvert.com
[*.]fastclick.com
[*.]findwhat.com
[*.]flycast.com
[*.]flyswat.com
[*.]focalink.com
[*.]gator.com
[*.]gatoradvertisinginformationnetwork.com
[*.]goclick.com
[*.]hightrafficads.com
[*.]hitbox.com
[*.]hitboxcentral.com
[*.]hitslink.com
[*.]hotnaughtywives.com
[*.]ibmx.com
[*.]icwb.com
[*.]icwo.com
[*.]icwp.com
[*.]iddh.com
[*.]idhh.com
[*.]ifiz.com
[*.]iguu.com
[*.]infinite-ads.com
[*.]internetfuel.com
[*.]link4ads.com
[*.]linkbuddies.com
[*.]linksynergy.com
[*.]lop.com
[*.]mainentrypoint.com
[*.]marketscore.com
[*.]matchcraft.com
[*.]mediaplex.com
[*.]narrowcastmedia.com
[*.]offshoreclicks.com
[*.]opentracker.com
[*.]overture.com
[*.]oxcash.com
[*.]paycounter.com
[*.]paypopup.com
[*.]pointroll.com
[*.]popupsponsor.com
[*.]popuptraffic.com
[*.]porntrack.com
[*.]porntracker.com
[*.]preferences.com
[*.]pstats.com
[*.]qksrv.com
[*.]questionmarket.com
[*.]radiate.com
[*.]realtracker.com
[*.]res99.com
[*.]roispy.com
[*.]ru4.com
[*.]s005-01-4-11-234545-68181.com
[*.]samz.com
[*.]saoe.com
[*.]sbjr.com
[*.]sbnl.com
[*.]sbnt.com
[*.]sbvr.com
[*.]scbm.com
[*.]sckr.com
[*.]scrk.com
[*.]sdry.com
[*.]seld.com
[*.]sex-in-www.com
[*.]sexlist.com
[*.]sextracker.com
[*.]sfux.com
[*.]sheat.com
[*.]sipo.com
[*.]smartadserver.com
[*.]smartclicks.com
[*.]smds.com
[*.]specificpop.com
[*.]spermatrix.com
[*.]spylog.com
[*.]srib.com
[*.]srox.com
[*.]srsf.com
[*.]ssaw.com
[*.]ssby.com
[*.]surj.com
[*.]targetnet.com
[*.]tbvg.com
[*.]tdak.com
[*.]tdko.com
[*.]tefs.com
[*.]tfil.com
[*.]thko.com
[*.]torc.com
[*.]track-star.com
[*.]tradedoubler.com
[*.]trafficmarketplace.com
[*.]trafficmp.com
[*.]trafficsupport.com
[*.]tribalfusion.com
[*.]utopiad.com
[*.]valuead.com
[*.]valueclick.com
[*.]wbkb.com
[*.]webads.com
[*.]webtrendslive.com
[*.]wegcash.com
[*.]wfix.com
[*.]wflu.com
[*.]xxxcounter.com
[*.]xxxtoolbar.com
[*.]yieldmanager.com
[*.]zedo.com
[*.]adbutler.de
[*.]adtech.de
[*.]falkag.de
[*.]partnercash.de
[*.]realmedia.fr
[*.]valueclick.ne.jp
[*.]2o7.net
[*.]adbutler.net
[*.]admonitor.net
[*.]ads360.net
[*.]adtrak.net
[*.]adviva.net
[*.]bannerbank.net
[*.]centrport.net
[*.]cometcursor.net
[*.]cometcursors.net
[*.]commission-junction.net
[*.]coremetrics.net
[*.]directnetadvertising.net
[*.]doubleclick.net
[*.]fastclick.net
[*.]hyperbanner.net
[*.]mainentrypoint.net
[*.]marketscore.net
[*.]opentracker.net
[*.]qksrv.net
[*.]realtracker.net
[*.]revenue.net
[*.]smartclicks.net
[*.]specificclick.net
[*.]targetnet.net
[*.]trafficvenue.net
[*.]trakkerd.net
[*.]valueclick.net
[*.]wegcash.net
[*.]falkag.org
[*.]hotlog.ru
[*.]doubleclick.co.uk

 

[SeriousHoax]

Doesn't Edge have a feature to automatically delete cookies when the browser is closed?

 

[Gandalf_The_Grey]

Doesn't Edge have a feature to automatically delete cookies when the browser is closed?

It does have that feature.