SECURITY: Complete Geminis3's Security Config 2020

Last updated
Dec 13, 2020
About device
Primary device
Operating system
Windows 10
Sign-in identity
Sign-in with Local account
Log-in security
    • Account password
Permissions
Standard user account
Security updates
Automatic - allow all types of updates
Windows UAC
Default - notify when programs attempt to make changes
Malware samples
No - malware is not downloaded
Firewall protection
Microsoft Defender Firewall
Real-time malware protection
Microsoft Defender
RTP & OS hardening settings
PUP detection
Periodic scanning
[LIST]
[*]MBAM Free
[*]EEK
[*]Hitman.Pro
[*]NPE
[/LIST]
Browsers
Firefox, Chrome and Edge:
  • uBlock Origin
  • Bitwarden
Optimisation apps
Cleanmgr+
CCleaner portable
My Files & Photos backup
Google Drive
My Files backup schedule
Automatic - sync to a trusted cloud provider, or local attached storage
Device recovery & settings
Macrium Reflect
Device backup schedule
Manual - backups are made in my own time to local attached storage
Computer specifications
Acer Predator Helios 300 (G3-571-77QK):
  • i7-7700HQ
  • GTX 1060 6GB
  • 16GB DDR4
  • 1TB WD Blue SN550 NVMe
  • 120GB Kingston SSD
Device activity usage
  1. Generic web browsing
  2. Downloading and installing new software(s)
  3. Downloading files from unfamiliar sites
  4. Working from home
  5. Office software and video conferencing
  6. Computer games
  7. Video and photo editing
  8. Streaming audio and video content from the Internet

geminis3

Level 18
Verified
Malware Tester
Sep 10, 2015
853
Finally replaced the low quality 256GB SSD that came with my laptop with a 1TB WD Blue SN550 NVMe, I also applied GC Extreme thermal paste and this thing now feels better than brand new. My CPU and GPU no longer exceed 80 degrees on heavy games and the fans are quieter than ever.

1603422740992.png


Old 256GB M2

1603422621204.png



New 1TB NVMe

1603422570158.png


Now I can say that Windows 10 requires a NVMe to work properly.

PD: I couldn't find a M2 to SATA adapter to replace my HDD with the old SSD and probably install Kubuntu on it.
PD2: Macrium backup refused to boot and gave me BSODs so I had to clean install Windows but fortunately you can access the content of the backup from Reflect and transfer data easily.
 

geminis3

Level 18
Verified
Malware Tester
Sep 10, 2015
853
Sucessfully managed to dual boot Windows 10 and Kubuntu using different drives, all I did was disabling on the BIOS the port where the Windows NVMe is attached so the Kubuntu installer will only recognize a single disk and don't mess with the Windows 10 EFI partition.

To boot into Kubuntu with this method I use the F12 key to access the BIOS boot menu (I have Windows as first boot priority).

For this experiment I used my old HDD but I'm going to buy the cheapest 120GB SATA SSD the next week to get the best of both worlds (gaming on Windows and programming on Kubuntu).
 

geminis3

Level 18
Verified
Malware Tester
Sep 10, 2015
853
Got my secondary 120GB SSD and installed Kubuntu 20.10 on it, IMO the most elegant and efficient distro as long as you don't install WINE on it (that's why I have Windows on the other drive 😄).

Also mounted my Data/Games partition to share files between both OS (Windows can't read EXT4) but I had to disable Windows 10 fast boot because it locks the entire drive and thus preventing Kubuntu from writing to it.

1604365335700.png
 

geminis3

Level 18
Verified
Malware Tester
Sep 10, 2015
853
13/12/2020 Clean installed 20H2 on NVMe
  • Now using a standard user account as per Linux philosophy to avoid logging in as root for everyday computing
  • Removed Brave due to suspicious behavior after uninstall
  • Adobe Reader Touch as default PDF reader as per @Andy Ful recommendation (extra sandboxing)
  • No extra tools to disable services, sticking to gpedit to disable Cortana and OneDrive
  • Removed most UWP apps that can be uninstalled from system settings
  • Dual boot with Arch Linux
 

Gandalf_The_Grey

Level 42
Verified
Trusted
Content Creator
Apr 24, 2016
3,112
13/12/2020 Clean installed 20H2 on NVMe
  • Now using a standard user account as per Linux philosophy to avoid logging in as root for everyday computing
  • Removed Brave due to suspicious behavior after uninstall
  • Adobe Reader Touch as default PDF reader as per @Andy Ful recommendation (extra sandboxing)
  • No extra tools to disable services, sticking to gpedit to disable Cortana and OneDrive
  • Removed most UWP apps that can be uninstalled from system settings
  • Dual boot with Arch Linux
Can you talk more about removed Brave due to suspicious behavior after uninstall?
 
Top