SECURITY: Complete Geminis3's Security Config 2020

Last updated
Dec 13, 2020
About
Personal, primary device
Desktop OS
Windows 10
Login security
    • Password (Aa-Zz, 0-9, Symbols)
Primary sign-in
Local account
Primary user
Standard user - Limited permissions
Security updates
Automatic - allow all types of updates
Windows UAC
Default - notify when programs attempt to make changes
Real-time protection
Microsoft Defender
Software firewall
Microsoft Defender Firewall
Custom RTP, Firewall and OS settings
PUP detection
Malware testing
No malware samples
Periodic security scanners
  • MBAM Free
  • EEK
  • Hitman.Pro
  • NPE
Browsers, Search and Addons
Firefox, Chrome and Edge:
  • uBlock Origin
  • Bitwarden
Maintenance and Cleaning
Cleanmgr+
CCleaner portable
Personal Files & Photos backup
Google Drive
Personal backup routine
Automatic (scheduled)
Device recovery & backup
Macrium Reflect
Device backup routine
Manual (maintained by self)
PC activity
  1. Browsing the web. 
  2. Downloading software. 
  3. Browsing to unknown sites. 
  4. Working from home. 
  5. PC and cloud gaming. 
  6. Multimedia. 
  7. Streaming. 
Computer specs
Acer Predator Helios 300 (G3-571-77QK):
  • i7-7700HQ
  • GTX 1060 6GB
  • 16GB DDR4
  • 1TB WD Blue SN550 NVMe
  • 120GB Kingston SSD

geminis3

Level 18
Verified
Sep 10, 2015
859
Finally replaced the low quality 256GB SSD that came with my laptop with a 1TB WD Blue SN550 NVMe, I also applied GC Extreme thermal paste and this thing now feels better than brand new. My CPU and GPU no longer exceed 80 degrees on heavy games and the fans are quieter than ever.

1603422740992.png


Old 256GB M2

1603422621204.png



New 1TB NVMe

1603422570158.png


Now I can say that Windows 10 requires a NVMe to work properly.

PD: I couldn't find a M2 to SATA adapter to replace my HDD with the old SSD and probably install Kubuntu on it.
PD2: Macrium backup refused to boot and gave me BSODs so I had to clean install Windows but fortunately you can access the content of the backup from Reflect and transfer data easily.
 

geminis3

Level 18
Verified
Sep 10, 2015
859
Sucessfully managed to dual boot Windows 10 and Kubuntu using different drives, all I did was disabling on the BIOS the port where the Windows NVMe is attached so the Kubuntu installer will only recognize a single disk and don't mess with the Windows 10 EFI partition.

To boot into Kubuntu with this method I use the F12 key to access the BIOS boot menu (I have Windows as first boot priority).

For this experiment I used my old HDD but I'm going to buy the cheapest 120GB SATA SSD the next week to get the best of both worlds (gaming on Windows and programming on Kubuntu).
 

geminis3

Level 18
Verified
Sep 10, 2015
859
Got my secondary 120GB SSD and installed Kubuntu 20.10 on it, IMO the most elegant and efficient distro as long as you don't install WINE on it (that's why I have Windows on the other drive 😄).

Also mounted my Data/Games partition to share files between both OS (Windows can't read EXT4) but I had to disable Windows 10 fast boot because it locks the entire drive and thus preventing Kubuntu from writing to it.

1604365335700.png
 

geminis3

Level 18
Verified
Sep 10, 2015
859
13/12/2020 Clean installed 20H2 on NVMe
  • Now using a standard user account as per Linux philosophy to avoid logging in as root for everyday computing
  • Removed Brave due to suspicious behavior after uninstall
  • Adobe Reader Touch as default PDF reader as per @Andy Ful recommendation (extra sandboxing)
  • No extra tools to disable services, sticking to gpedit to disable Cortana and OneDrive
  • Removed most UWP apps that can be uninstalled from system settings
  • Dual boot with Arch Linux
 

Gandalf_The_Grey

Level 50
Verified
Trusted
Content Creator
Apr 24, 2016
3,901
13/12/2020 Clean installed 20H2 on NVMe
  • Now using a standard user account as per Linux philosophy to avoid logging in as root for everyday computing
  • Removed Brave due to suspicious behavior after uninstall
  • Adobe Reader Touch as default PDF reader as per @Andy Ful recommendation (extra sandboxing)
  • No extra tools to disable services, sticking to gpedit to disable Cortana and OneDrive
  • Removed most UWP apps that can be uninstalled from system settings
  • Dual boot with Arch Linux
Can you talk more about removed Brave due to suspicious behavior after uninstall?
 
Top