Latest changes
Dec 25, 2018
Windows Edition
Home
OS build or version
16299.611
System type
64-bit operating system; x64-based processor
Update and Security
Manual check for updates
User Access Control
Always notify
Firewall and Network protection
Provided by a third-party security vendor
User permissions
Standard account
User account
Malware exposure
No malware samples are downloaded
Real-time Malware protection
Norton Security Online Premium (Heuristics, Boot Time Protection, Block Traffic for Malicious Applications, and SONAR set to Aggressive with some settings disabled for better performance)
Sandboxie Free
Periodic scanners
EEK, MBAM free, ZAM free
Browser and Extensions
Edge (built-in): Norton Safe Web
Chrome (default): Malwarebytes Browser Extension, Mailtrack, WebRTC Leak Prevent, NetCraft
Firefox (performance): Malwarebytes Browser Extension, NetCraft
Privacy tools and VPN
uBlock Origin (fully based on Evjl's Rain filters and for Edge browser only)
Private Internet Access VPN
Whonix
Quad 9 DNS
Password manager
Keepass
Search engine
DuckDuckGo
Maintenance tools
CCleaner Portable, Wise Disk Cleaner Portable, Auslogics Disk Defrag Portable, Revo Uninstaller Free, Anvi Folder Locker, PrivaZer, VeraCrypt, GNU Privacy Guard, AxCrypt, CCEnhancer
Photos and Documents backup
Cloud Storage: Google Drive and MEGA
External Hard Drive: AOMEI Backupper Standard Free
Data Backup Schedule
Once or multiple times per week
Backup and Restore
Macrium Reflect Free
Backup Schedule
Once or more per month
Here is my config. I just have two questions. Is it necessary to use NoVirusThanks SysHardener, Andy Ful's HardConfigurator, NoVirusThanks OSArmor, or other anti-malware tools in order to have great malware protection with Norton? Should I use Norton Safe Web instead of Malwarebytes and NetCraft in all of my browsers?
 

brod56

Level 15
Verified
I would remove most of your Chrome extensions. For example, you have 3 extensions with similar purposes (blocking malicious websites) - uBlock Origin, Netcraft and Malwarebytes. That doesn't make much sense to me, considering that the browser and the AV also have that function. In my opinion, being obsessed with browser protection via filtering is pointless.
Also, read this.
 

HarborFront

Level 52
Verified
Content Creator
I would remove most of your Chrome extensions. For example, you have 3 extensions with similar purposes (blocking malicious websites) - uBlock Origin, Netcraft and Malwarebytes. That doesn't make much sense to me, considering that the browser and the AV also have that function. In my opinion, being obsessed with browser protection via filtering is pointless.
Also, read this.
Netcraft is for blocking of XSS and phishing sites (which it excels at) something which uBO and Malwarebytes cannot compare. Malwarebytes can block clickbait sites which uBO cannot
 

Gandalf_The_Grey

Level 30
Verified
Netcraft is for blocking of XSS and phishing sites (which it excels at) something which uBO and Malwarebytes cannot compare. Malwarebytes can block clickbait sites which uBO cannot
Those are great extensions, but the question remains do you really need them?
Myself I have now only the extension of my av (Kaspersky) and uBlock Origin (+Extra) enabled in Google Chrome.
Google Safe browsing and Kaspersky together blocked all the links in the tests done by @Evjl's Rain .
So maybe Norton Safe Web combined with uBlock Origin and Google Safe browsing are the only extensions that are really needed for protection?
 

HarborFront

Level 52
Verified
Content Creator
Those are great extensions, but the question remains do you really need them?
Myself I have now only the extension of my av (Kaspersky) and uBlock Origin (+Extra) enabled in Google Chrome.
Google Safe browsing and Kaspersky together blocked all the links in the tests done by @Evjl's Rain .
So maybe Norton Safe Web combined with uBlock Origin and Google Safe browsing are the only extensions that are really needed for protection?
uBO don't block XSS. Not sure about Kaspersky
 

brod56

Level 15
Verified
Netcraft is for blocking of XSS and phishing sites (which it excels at) something which uBO and Malwarebytes cannot compare. Malwarebytes can block clickbait sites which uBO cannot
I've never seen any XSS injection in real life.
Are you really worried about phishing sites and clickbait sites, though? While the AV and the DNS should already block most of those, I still think it's a waste of time (and resources) to add extensions specifically for them. Just look at the URL, man. You are the main source of protection. I'm pretty sure you're not a happy clicker, you're underestimating yourself.
 

Andy Ful

Level 59
Verified
Trusted
Content Creator
If you are the cautious user - who do not open the spam attachments, do not allow the active content in the unknown documents, etc. - then you do not need SysHardener, HardConfigurator, or OSArmor. The Standard User Account + Norton Security Online Premium is enough.
If not, or when you have to use the vulnerable applications with unsafe content (documents with macros, scripts, unknown email attachments, etc.) then you may think about some additional protection like SysHardener, OSArmor (system hardening), or Hard_Configurator (system hardening & default deny setup).
 

HarborFront

Level 52
Verified
Content Creator
I've never seen any XSS injection in real life.
Are you really worried about phishing sites and clickbait sites, though? While the AV and the DNS should already block most of those, I still think it's a waste of time (and resources) to add extensions specifically for them. Just look at the URL, man. You are the main source of protection. I'm pretty sure you're not a happy clicker, you're underestimating yourself.
Tell me your browser, AV and DNS can block all the below

- ads & ad trackers
- malicious sites
- analytics (beacons, pixel etc)
- browser fingerprinting e.g. mouse wheel/speed, CPU/GPU etc besides those listed(and protected) in ScriptSafe and Trace.
- social widgets
- microphone hijack
- WebRTC leak
- unwanted cookies (e.g. cookieless cookie (Etags), super HSTS cookies, HTTPS cookie, zombie cookies etc)
- webbugs
- clickbait links
- in-browser cryptojackers
- browser hijackers
- browser lockers
- phishing and online scams
- PUPs, toolbars and pop ups
- overlays
- CSS (Cascading Style Sheets)
- CDNs (Content Delivery Networks)
- redirects
- session replay scripts
- spoofing/randomizing user-agent/timezone/header(etag and referer)/geolocation
- clean URL tracking
- WebGL
- ultrasonic tracking
- browser-based rootkits and browser-based botnets
- DNS rebinding attacks
- JavaScript-based side-channel attacks against leaks from CPU/RAM
- other web annoyances

and if you are not using Chrome/FF see whether your browser has protection against

- CSRF/XSRF (cross-site request forgery)
- Reflective XSS (cross-site scripting).
- Clickjacking (aka UI redressing)
- Punycode
 
Last edited:

brod56

Level 15
Verified
Tell me your browser, AV and DNS can block all the below

- ads & ad trackers
- malicious sites
- analytics (beacons, pixel etc)
- browser fingerprinting e.g. mouse wheel/speed, CPU/GPU etc besides those listed(and protected) in ScriptSafe and Trace.
- social widgets
- microphone hijack
- WebRTC leak
- unwanted cookies (e.g. cookieless cookie (Etags), super HSTS cookies, HTTPS cookie, zombie cookies etc)
- webbugs
- clickbait links
- in-browser cryptojackers
- browser hijackers
- browser lockers
- phishing and online scams
- PUPs, toolbars and pop ups
- overlays
- CSS (Cascading Style Sheets)
- CDNs (Content Delivery Networks)
- redirects
- session replay scripts
- spoofing/randomizing user-agent/timezone/header(etag and referer)/geolocation
- clean URL tracking
- WebGL
- ultrasonic tracking
- browser-based rootkits and browser-based botnets
- JavaScript-based side-channel attacks against leaks from CPU/RAM
- other web annoyances
That's just paranoia. I browse only with Neustar DNS and Adguard/uBlock Origin on the browser. It's very pleasant and I've never been infected in years.
 

HarborFront

Level 52
Verified
Content Creator
That's just paranoia. I browse only with Neustar DNS and Adguard/uBlock Origin on the browser. It's very pleasant and I've never been infected in years.
Wait till you add 500+ preference settings in FF Quantum using user.js file for security/privacy/speed then you'll know what paranoid is about
 

notabot

Level 15
Tell me your browser, AV and DNS can block all the below

- ads & ad trackers
- malicious sites
- analytics (beacons, pixel etc)
- browser fingerprinting e.g. mouse wheel/speed, CPU/GPU etc besides those listed(and protected) in ScriptSafe and Trace.
- social widgets
- microphone hijack
- WebRTC leak
- unwanted cookies (e.g. cookieless cookie (Etags), super HSTS cookies, HTTPS cookie, zombie cookies etc)
- webbugs
- clickbait links
- in-browser cryptojackers
- browser hijackers
- browser lockers
- phishing and online scams
- PUPs, toolbars and pop ups
- overlays
- CSS (Cascading Style Sheets)
- CDNs (Content Delivery Networks)
- redirects
- session replay scripts
- spoofing/randomizing user-agent/timezone/header(etag and referer)/geolocation
- clean URL tracking
- WebGL
- ultrasonic tracking
- browser-based rootkits and browser-based botnets
- JavaScript-based side-channel attacks against leaks from CPU/RAM
- other web annoyances

and if you are not using Chrome/FF see whether your browser has protection against

- CSRF/XSRF (cross-site request forgery)
- Reflective XSS (cross-site scripting).
- Clickjacking (aka UI redressing)
- Punycode
No addon blocks side channel attacks unless you block JavaScript entirely which makes most of the websites unusable .

Even Linus didn’t disable this at kernel level due to the performance hit.

If you want that high level of security - install openbsd on a separate machine and do your banking/business/anything sensitive from there

I find something like this to be above my needs but each person has their own security needs
 

Andy Ful

Level 59
Verified
Trusted
Content Creator
Tell me your browser, AV and DNS can block all the below

- ads & ad trackers
- malicious sites
- analytics (beacons, pixel etc)
- browser fingerprinting e.g. mouse wheel/speed, CPU/GPU etc besides those listed(and protected) in ScriptSafe and Trace.
- social widgets
- microphone hijack
- WebRTC leak
- unwanted cookies (e.g. cookieless cookie (Etags), super HSTS cookies, HTTPS cookie, zombie cookies etc)
- webbugs
- clickbait links
- in-browser cryptojackers
- browser hijackers
- browser lockers
- phishing and online scams
- PUPs, toolbars and pop ups
- overlays
- CSS (Cascading Style Sheets)
- CDNs (Content Delivery Networks)
- redirects
- session replay scripts
- spoofing/randomizing user-agent/timezone/header(etag and referer)/geolocation
- clean URL tracking
- WebGL
- ultrasonic tracking
- browser-based rootkits and browser-based botnets
- JavaScript-based side-channel attacks against leaks from CPU/RAM
- other web annoyances

and if you are not using Chrome/FF see whether your browser has protection against

- CSRF/XSRF (cross-site request forgery)
- Reflective XSS (cross-site scripting).
- Clickjacking (aka UI redressing)
- Punycode
That is a very comprehensive list.(y)
I think that brod56 had in mind that there are many other possible dangerous things like:
- lighting in the rainy day
- flu disease
- steps in the stairway
- walking in the evening
- eating in the restaurants
- crossing the street
- driving the car
- rock concerts
- blowing-up batteries
- sitting for many hours (especially in the front of the computer monitor)
- using the computer mouse (for many hours)
- getting married
- divorcing
- skiing
- flying
- swimming
- diving
- sunbathing
- stealing the computer
and many others:giggle:

Our problem on MT is trying to keep our computers maximally secured, against the threats that are as probable, as being hurt via the above events. And it's funny, most of us (me too) do not care to secure ourselves against those events as much. So let's be understanding for people like brod56.:giggle:(y)

Edit.
brod56 accidentally felt hurt by my words. He should not, because his post looks very reasonable to me. I am sure that some irony in my post (not directed to him, but to the other side) is visible enough to the readers.
 
Last edited:

notabot

Level 15
If you are the cautious user - who do not open the spam attachments, do not allow the active content in the unknown documents, etc. - then you do not need SysHardener, HardConfigurator, or OSArmor. The Standard User Account + Norton Security Online Premium is enough.
If not, or when you have to use the vulnerable applications with unsafe content (documents with macros, scripts, unknown email attachments, etc.) then you may think about some additional protection like SysHardener, OSArmor (system hardening), or Hard_Configurator (system hardening & default deny setup).
This - these are all protection of the user from themselves, someone I know in their 70s, not tech savvy at all but always calls to see if indeed I sent her that doc has never been infected, old school due diligence rocks. These tools are very handy though as not all people are that diligent
 

notabot

Level 15
No addon blocks side channel attacks unless you block JavaScript entirely which makes most of the websites unusable .

Even Linus didn’t disable this at kernel level due to the performance hit.

If you want that high level of security - install openbsd on a separate machine and do your banking/business/anything sensitive from there

I find something like this to be above my needs but each person has their own security needs
I’m not judging btw, I know people who had been victims of targeted attacks and this level of security became necessary but unless this is the case it sounds excessive to include side channels in your threat vector
 

HarborFront

Level 52
Verified
Content Creator
No addon blocks side channel attacks unless you block JavaScript entirely which makes most of the websites unusable .

Even Linus didn’t disable this at kernel level due to the performance hit.

If you want that high level of security - install openbsd on a separate machine and do your banking/business/anything sensitive from there

I find something like this to be above my needs but each person has their own security needs
ChromeZero can block side channel attacks. Unfortunately, you can use it only on Chromium/Chromium-based browsers

IAIK/ChromeZero
 

brod56

Level 15
Verified
That is a very comprehensive list.(y)
I think that brod56 had in mind that there are many other possible dangerous things like:
- lighting in the rainy day
- flu disease
- steps in the stairway
- walking in the evening
- eating in the restaurants
- crossing the street
- driving the car
- rock concerts
- blowing-up batteries
- sitting for many hours (especially in the front of the computer monitor)
- using the computer mouse (for many hours)
- getting married
- divorcing
- skiing
- flying
- swimming
- diving
- sunbathing
- stealing the computer
and many others:giggle:

Our problem on MT is trying to keep our computers maximally secured, against the threats that are as probable, as being hurt via the above events. And it's funny, most of us (me too) do not care to secure ourselves against those events as much. So let's be understanding for people like brod56.:giggle:(y)
I may not be the most tech-savvy of people here (far from there obviously) but I deserve to be respected. I'm here to learn and help, not to be attacked.
I will pretend I didn't see that post, because I really like this forum and wouldn't like to leave it just because of disrespectful people like you.
 
Top