Latest Changes
Dec 25, 2018
Operating System
  • Windows 10
  • Windows Edition
    Home
    Version or Build no.
    16299.611
    System type
    64-bit operating system; x64-based processor
    Security Updates
    Manual Updates - User intervention required
    User Access Control
    Always Notify
    Network Security (Firewall)
    3rd-party Firewall app by a trusted vendor
    Device Security
  • Windows Defender SmartScreen (Windows 10)
  • User Account
    Standard
    Sign-in Accounts
    Malware Testing
    I do not participate in downloading malware samples
    Real-time Web & Malware Protection
    Norton Security Online Premium (Heuristics, Boot Time Protection, Block Traffic for Malicious Applications, and SONAR set to Aggressive with some settings disabled for better performance)
    Sandboxie Free
    RTP - Custom security settings
  • Major changes for Increased security
  • Virus and Malware Removal Tools
    EEK, MBAM free, ZAM free
    Browsers and Extensions
    Edge (built-in): Norton Safe Web
    Chrome (default): Malwarebytes Browser Extension, Mailtrack, WebRTC Leak Prevent, NetCraft
    Firefox (performance): Malwarebytes Browser Extension, NetCraft
    Privacy-focused Apps and Extensions
    uBlock Origin (fully based on Evjl's Rain filters and for Edge browser only)
    Private Internet Access VPN
    Whonix
    Quad 9 DNS
    Password Managers
  • Keepass
  • Web Search
  • DuckDuckGo
  • System Utilities
    CCleaner Portable, Wise Disk Cleaner Portable, Auslogics Disk Defrag Portable, Revo Uninstaller Free, Anvi Folder Locker, PrivaZer, VeraCrypt, GNU Privacy Guard, AxCrypt, CCEnhancer
    Data Backup
    Cloud Storage: Google Drive and MEGA
    External Hard Drive: AOMEI Backupper Standard Free
    Frequency of Data backups
    Weekly
    System Backup
    Macrium Reflect Free
    Frequency of System backups
    Occasionally
    Here is my config. I just have two questions. Is it necessary to use NoVirusThanks SysHardener, Andy Ful's HardConfigurator, NoVirusThanks OSArmor, or other anti-malware tools in order to have great malware protection with Norton? Should I use Norton Safe Web instead of Malwarebytes and NetCraft in all of my browsers?
     

    brod56

    Level 15
    Verified
    I would remove most of your Chrome extensions. For example, you have 3 extensions with similar purposes (blocking malicious websites) - uBlock Origin, Netcraft and Malwarebytes. That doesn't make much sense to me, considering that the browser and the AV also have that function. In my opinion, being obsessed with browser protection via filtering is pointless.
    Also, read this.
     

    HarborFront

    Level 47
    Verified
    Content Creator
    I would remove most of your Chrome extensions. For example, you have 3 extensions with similar purposes (blocking malicious websites) - uBlock Origin, Netcraft and Malwarebytes. That doesn't make much sense to me, considering that the browser and the AV also have that function. In my opinion, being obsessed with browser protection via filtering is pointless.
    Also, read this.
    Netcraft is for blocking of XSS and phishing sites (which it excels at) something which uBO and Malwarebytes cannot compare. Malwarebytes can block clickbait sites which uBO cannot
     

    Gandalf_The_Grey

    Level 22
    Verified
    Netcraft is for blocking of XSS and phishing sites (which it excels at) something which uBO and Malwarebytes cannot compare. Malwarebytes can block clickbait sites which uBO cannot
    Those are great extensions, but the question remains do you really need them?
    Myself I have now only the extension of my av (Kaspersky) and uBlock Origin (+Extra) enabled in Google Chrome.
    Google Safe browsing and Kaspersky together blocked all the links in the tests done by @Evjl's Rain .
    So maybe Norton Safe Web combined with uBlock Origin and Google Safe browsing are the only extensions that are really needed for protection?
     
    • Like
    Reactions: InnoScorpio

    HarborFront

    Level 47
    Verified
    Content Creator
    Those are great extensions, but the question remains do you really need them?
    Myself I have now only the extension of my av (Kaspersky) and uBlock Origin (+Extra) enabled in Google Chrome.
    Google Safe browsing and Kaspersky together blocked all the links in the tests done by @Evjl's Rain .
    So maybe Norton Safe Web combined with uBlock Origin and Google Safe browsing are the only extensions that are really needed for protection?
    uBO don't block XSS. Not sure about Kaspersky
     

    brod56

    Level 15
    Verified
    Netcraft is for blocking of XSS and phishing sites (which it excels at) something which uBO and Malwarebytes cannot compare. Malwarebytes can block clickbait sites which uBO cannot
    I've never seen any XSS injection in real life.
    Are you really worried about phishing sites and clickbait sites, though? While the AV and the DNS should already block most of those, I still think it's a waste of time (and resources) to add extensions specifically for them. Just look at the URL, man. You are the main source of protection. I'm pretty sure you're not a happy clicker, you're underestimating yourself.
     

    Andy Ful

    Level 49
    Verified
    Trusted
    Content Creator
    If you are the cautious user - who do not open the spam attachments, do not allow the active content in the unknown documents, etc. - then you do not need SysHardener, HardConfigurator, or OSArmor. The Standard User Account + Norton Security Online Premium is enough.
    If not, or when you have to use the vulnerable applications with unsafe content (documents with macros, scripts, unknown email attachments, etc.) then you may think about some additional protection like SysHardener, OSArmor (system hardening), or Hard_Configurator (system hardening & default deny setup).
     

    HarborFront

    Level 47
    Verified
    Content Creator
    I've never seen any XSS injection in real life.
    Are you really worried about phishing sites and clickbait sites, though? While the AV and the DNS should already block most of those, I still think it's a waste of time (and resources) to add extensions specifically for them. Just look at the URL, man. You are the main source of protection. I'm pretty sure you're not a happy clicker, you're underestimating yourself.
    Tell me your browser, AV and DNS can block all the below

    - ads & ad trackers
    - malicious sites
    - analytics (beacons, pixel etc)
    - browser fingerprinting e.g. mouse wheel/speed, CPU/GPU etc besides those listed(and protected) in ScriptSafe and Trace.
    - social widgets
    - microphone hijack
    - WebRTC leak
    - unwanted cookies (e.g. cookieless cookie (Etags), super HSTS cookies, HTTPS cookie, zombie cookies etc)
    - webbugs
    - clickbait links
    - in-browser cryptojackers
    - browser hijackers
    - browser lockers
    - phishing and online scams
    - PUPs, toolbars and pop ups
    - overlays
    - CSS (Cascading Style Sheets)
    - CDNs (Content Delivery Networks)
    - redirects
    - session replay scripts
    - spoofing/randomizing user-agent/timezone/header(etag and referer)/geolocation
    - clean URL tracking
    - WebGL
    - ultrasonic tracking
    - browser-based rootkits and browser-based botnets
    - DNS rebinding attacks
    - JavaScript-based side-channel attacks against leaks from CPU/RAM
    - other web annoyances

    and if you are not using Chrome/FF see whether your browser has protection against

    - CSRF/XSRF (cross-site request forgery)
    - Reflective XSS (cross-site scripting).
    - Clickjacking (aka UI redressing)
    - Punycode
     
    Last edited:

    brod56

    Level 15
    Verified
    Tell me your browser, AV and DNS can block all the below

    - ads & ad trackers
    - malicious sites
    - analytics (beacons, pixel etc)
    - browser fingerprinting e.g. mouse wheel/speed, CPU/GPU etc besides those listed(and protected) in ScriptSafe and Trace.
    - social widgets
    - microphone hijack
    - WebRTC leak
    - unwanted cookies (e.g. cookieless cookie (Etags), super HSTS cookies, HTTPS cookie, zombie cookies etc)
    - webbugs
    - clickbait links
    - in-browser cryptojackers
    - browser hijackers
    - browser lockers
    - phishing and online scams
    - PUPs, toolbars and pop ups
    - overlays
    - CSS (Cascading Style Sheets)
    - CDNs (Content Delivery Networks)
    - redirects
    - session replay scripts
    - spoofing/randomizing user-agent/timezone/header(etag and referer)/geolocation
    - clean URL tracking
    - WebGL
    - ultrasonic tracking
    - browser-based rootkits and browser-based botnets
    - JavaScript-based side-channel attacks against leaks from CPU/RAM
    - other web annoyances
    That's just paranoia. I browse only with Neustar DNS and Adguard/uBlock Origin on the browser. It's very pleasant and I've never been infected in years.
     

    HarborFront

    Level 47
    Verified
    Content Creator
    That's just paranoia. I browse only with Neustar DNS and Adguard/uBlock Origin on the browser. It's very pleasant and I've never been infected in years.
    Wait till you add 500+ preference settings in FF Quantum using user.js file for security/privacy/speed then you'll know what paranoid is about
     

    notabot

    Level 15
    Tell me your browser, AV and DNS can block all the below

    - ads & ad trackers
    - malicious sites
    - analytics (beacons, pixel etc)
    - browser fingerprinting e.g. mouse wheel/speed, CPU/GPU etc besides those listed(and protected) in ScriptSafe and Trace.
    - social widgets
    - microphone hijack
    - WebRTC leak
    - unwanted cookies (e.g. cookieless cookie (Etags), super HSTS cookies, HTTPS cookie, zombie cookies etc)
    - webbugs
    - clickbait links
    - in-browser cryptojackers
    - browser hijackers
    - browser lockers
    - phishing and online scams
    - PUPs, toolbars and pop ups
    - overlays
    - CSS (Cascading Style Sheets)
    - CDNs (Content Delivery Networks)
    - redirects
    - session replay scripts
    - spoofing/randomizing user-agent/timezone/header(etag and referer)/geolocation
    - clean URL tracking
    - WebGL
    - ultrasonic tracking
    - browser-based rootkits and browser-based botnets
    - JavaScript-based side-channel attacks against leaks from CPU/RAM
    - other web annoyances

    and if you are not using Chrome/FF see whether your browser has protection against

    - CSRF/XSRF (cross-site request forgery)
    - Reflective XSS (cross-site scripting).
    - Clickjacking (aka UI redressing)
    - Punycode
    No addon blocks side channel attacks unless you block JavaScript entirely which makes most of the websites unusable .

    Even Linus didn’t disable this at kernel level due to the performance hit.

    If you want that high level of security - install openbsd on a separate machine and do your banking/business/anything sensitive from there

    I find something like this to be above my needs but each person has their own security needs
     

    Andy Ful

    Level 49
    Verified
    Trusted
    Content Creator
    Tell me your browser, AV and DNS can block all the below

    - ads & ad trackers
    - malicious sites
    - analytics (beacons, pixel etc)
    - browser fingerprinting e.g. mouse wheel/speed, CPU/GPU etc besides those listed(and protected) in ScriptSafe and Trace.
    - social widgets
    - microphone hijack
    - WebRTC leak
    - unwanted cookies (e.g. cookieless cookie (Etags), super HSTS cookies, HTTPS cookie, zombie cookies etc)
    - webbugs
    - clickbait links
    - in-browser cryptojackers
    - browser hijackers
    - browser lockers
    - phishing and online scams
    - PUPs, toolbars and pop ups
    - overlays
    - CSS (Cascading Style Sheets)
    - CDNs (Content Delivery Networks)
    - redirects
    - session replay scripts
    - spoofing/randomizing user-agent/timezone/header(etag and referer)/geolocation
    - clean URL tracking
    - WebGL
    - ultrasonic tracking
    - browser-based rootkits and browser-based botnets
    - JavaScript-based side-channel attacks against leaks from CPU/RAM
    - other web annoyances

    and if you are not using Chrome/FF see whether your browser has protection against

    - CSRF/XSRF (cross-site request forgery)
    - Reflective XSS (cross-site scripting).
    - Clickjacking (aka UI redressing)
    - Punycode
    That is a very comprehensive list.(y)
    I think that brod56 had in mind that there are many other possible dangerous things like:
    - lighting in the rainy day
    - flu disease
    - steps in the stairway
    - walking in the evening
    - eating in the restaurants
    - crossing the street
    - driving the car
    - rock concerts
    - blowing-up batteries
    - sitting for many hours (especially in the front of the computer monitor)
    - using the computer mouse (for many hours)
    - getting married
    - divorcing
    - skiing
    - flying
    - swimming
    - diving
    - sunbathing
    - stealing the computer
    and many others:giggle:

    Our problem on MT is trying to keep our computers maximally secured, against the threats that are as probable, as being hurt via the above events. And it's funny, most of us (me too) do not care to secure ourselves against those events as much. So let's be understanding for people like brod56.:giggle:(y)

    Edit.
    brod56 accidentally felt hurt by my words. He should not, because his post looks very reasonable to me. I am sure that some irony in my post (not directed to him, but to the other side) is visible enough to the readers.
     
    Last edited:

    notabot

    Level 15
    If you are the cautious user - who do not open the spam attachments, do not allow the active content in the unknown documents, etc. - then you do not need SysHardener, HardConfigurator, or OSArmor. The Standard User Account + Norton Security Online Premium is enough.
    If not, or when you have to use the vulnerable applications with unsafe content (documents with macros, scripts, unknown email attachments, etc.) then you may think about some additional protection like SysHardener, OSArmor (system hardening), or Hard_Configurator (system hardening & default deny setup).
    This - these are all protection of the user from themselves, someone I know in their 70s, not tech savvy at all but always calls to see if indeed I sent her that doc has never been infected, old school due diligence rocks. These tools are very handy though as not all people are that diligent
     

    notabot

    Level 15
    No addon blocks side channel attacks unless you block JavaScript entirely which makes most of the websites unusable .

    Even Linus didn’t disable this at kernel level due to the performance hit.

    If you want that high level of security - install openbsd on a separate machine and do your banking/business/anything sensitive from there

    I find something like this to be above my needs but each person has their own security needs
    I’m not judging btw, I know people who had been victims of targeted attacks and this level of security became necessary but unless this is the case it sounds excessive to include side channels in your threat vector
     
    • Like
    Reactions: Andy Ful

    HarborFront

    Level 47
    Verified
    Content Creator
    No addon blocks side channel attacks unless you block JavaScript entirely which makes most of the websites unusable .

    Even Linus didn’t disable this at kernel level due to the performance hit.

    If you want that high level of security - install openbsd on a separate machine and do your banking/business/anything sensitive from there

    I find something like this to be above my needs but each person has their own security needs
    ChromeZero can block side channel attacks. Unfortunately, you can use it only on Chromium/Chromium-based browsers

    IAIK/ChromeZero
     

    brod56

    Level 15
    Verified
    That is a very comprehensive list.(y)
    I think that brod56 had in mind that there are many other possible dangerous things like:
    - lighting in the rainy day
    - flu disease
    - steps in the stairway
    - walking in the evening
    - eating in the restaurants
    - crossing the street
    - driving the car
    - rock concerts
    - blowing-up batteries
    - sitting for many hours (especially in the front of the computer monitor)
    - using the computer mouse (for many hours)
    - getting married
    - divorcing
    - skiing
    - flying
    - swimming
    - diving
    - sunbathing
    - stealing the computer
    and many others:giggle:

    Our problem on MT is trying to keep our computers maximally secured, against the threats that are as probable, as being hurt via the above events. And it's funny, most of us (me too) do not care to secure ourselves against those events as much. So let's be understanding for people like brod56.:giggle:(y)
    I may not be the most tech-savvy of people here (far from there obviously) but I deserve to be respected. I'm here to learn and help, not to be attacked.
    I will pretend I didn't see that post, because I really like this forum and wouldn't like to leave it just because of disrespectful people like you.