At-Risk geminis3's Security Config 2022

Last updated
Jun 1, 2022
Use case
For personal use
Shared with
No one
Desktop OS
Windows 11
Windows OS SKU
Pro
Login Unlock
    • Passwordless PIN or Biometrics
Sign-in with
Local account (offline)
Primary user
Administrator rights - Full permissions that can perform harmful changes
OS updates
Automatic updates
Windows UAC
Always notify
Network firewall
Third-party router [Mod: depreciated - please choose another option]
Always-on protection
Microsoft Defender
Firewall
Firewall (user-choice). See details below.
Custom RT/Firewall security
  • PUP detection
  • Memory Integrity (HVCI)
Malware testing
No malware samples
Periodic scanning
MBAM, NPE and HitmanPro
Secure DNS
Cloudflare, Adguard (unfiltered) and NextDNS (unfiltered) on Adguard Home (malware protection enabled) at my RPi 4 (network-wide)
VPN
Windscribe and ProtonVPN
Password manager
Bitwarden
Browsers and Extensions
Microsoft Edge, Google Chrome and Firefox with uBO and Bitwarden
Utilities for Maintenance
CCleaner and Cleanmgr+
Files & Photos backup
Google Drive and local backups on external drives
Files & Photos backup routine
Manual
Emergency recovery plan
Macrium Reflect Free
Integrity of recovery plan
Tasks performed
    • Working from home
    • Browsing the web
    • Receiving, sending and opening email attachments
    • Buying goods from online stores, entering card details and addresses
    • Logging into personal banking to check statements and payments
    • PC games, mods and cloud-based gaming
    • Developer tools
Computer specs
  • Acer Predator G3-571
  • i7-7700HQ
  • GTX 1060
  • 16GB DDR4
  • 1TB NVMe
Notable changes
Windows 11 22H2 (Insiders)
Microsoft Defender only
Feedback response

I am partially satisfied. General feedback is greatly appreciated, to make improvements to my overall security / privacy.

geminis3

Level 19
Thread author
Verified
Top poster
Well-known
Sep 10, 2015
898
Hoping you guys had a wonderful holiday, this is my security config for 2022. I have Windows 11 Pro installed along with Fedora Workstation 35.

Windows Defender can become very CPU and I/O consuming specially when copying large folders such as node_modules so I ended up buying an Emsisoft Anti-Malware license because it's the less intrusive solution I found (I don't want SSL MITM or bloated suites just a simple AV to replace WD).

1641246297253.png

This year I'm going to replace my current laptop but I'm still not sure wheter to go with a MacBook Pro (M1 Pro) or an Alder Lake based laptop (preferably a ThinkPad but as long as the RAM/NVMe is upgradeable and it doesn't has Nvidia nor hardware that doesn't work properly on Linux I'm fine).

Stay safe!
 
Last edited by a moderator:

Vitali Ortzi

Level 22
Verified
Top poster
Well-known
Dec 12, 2016
1,115
just use Linux you will have more control of what takes your IO
anyway since m1 has unlocked boot-loader its really nice and efficiency is unheared of in any other mobile as long as you dont need x86 or certain applications i think mac is a really nice
unforntaly thinkpads are dead im writing this in a t400 and its dam good except ##### speakers ##### screen and slow ass p8700 cpu
if i had this exact laptop with micro led ,arm ,nice speakers and modern ports it would have been my fav laptop
but ibm design is long dead :(
 

geminis3

Level 19
Thread author
Verified
Top poster
Well-known
Sep 10, 2015
898
Since Linux runs so bad on Nvidia Optimus laptops currently I'm only using Windows 10 LTSC 2021 on this machine, had to ditch Windows 11 since it blocks MSR writes required for CPU undervolting when running VBS (WSL2).

I'm also using EIS since it's more lightweight and doesn't has FP issues unlike EAM (behavior-blocked quarantined my PostgreSQL installation whilst performing a backup routine 🤣).

1648515919841.png


PD: Now I'm waiting for the M2 powered MBP to come out since development will be moving forward to ARMv9 in the next years.
PD2: Asahi Linux is making eyes at me.
 

geminis3

Level 19
Thread author
Verified
Top poster
Well-known
Sep 10, 2015
898
I went back to Windows 11 but now I'm using 22H2 (Insiders Beta channel), protection wise I'm sticking to Microsoft Defender on default settings (only PUP and HVCI are enabled).

1654093354166.png


PD: no MacBook for me (as a software developer I need to work with the customer's legacy technology stack) so I'm getting a Lenovo Legion laptop (Ryzen) in the next months.
 

SeriousHoax

Level 43
Verified
Top poster
Well-known
Mar 16, 2019
3,160
I went back to Windows 11 but now I'm using 22H2 (Insiders Beta channel), protection wise I'm sticking to Microsoft Defender on default settings (only PUP and HVCI are enabled).

View attachment 267158

PD: no MacBook for me (as a software developer I need to work with the customer's legacy technology stack) so I'm getting a Lenovo Legion laptop (Ryzen) in the next months.
It's also better not to try third party AVs on this build. ESET and Bitdefender failed to properly turn off Microsoft Defender on this build. These are the only two that I tested so maybe it's an issue for other products too because even using Group Policy to turn off Defender didn't work. Windows Security shows third party AV is active yet Defender service kept running. So it's a bug of this build I guess. So stick to Microsoft Defender.