Advanced Plus Security InnoScorpio's PC Security Config 2019

[notabot]

ChromeZero can block side channel attacks. Unfortunately, you can use it only on Chromium/Chromium-based browsers

IAIK/ChromeZero

Thanks - I just looked at this, looks like the authors are well regarded so I’ll take what they claim at face value.

Still Eg Will it be well maintained ?

I consider side channel attacks outside my threat vector but if they were in it, I’d just use a machine with an OS which has hyper threading switched off to cut the root of the issue - I don’t need that level of security though

 

[Andy Ful]

I may not be the most tech-savvy of people here (far from there obviously) but I deserve to be respected. I'm here to learn and help, not to be attacked.
I will pretend I didn't see that post, because I really like this forum and wouldn't like to leave it just because of disrespectful people like you.

Read my post again, please :emoji_pray:- it is a little ironical towards people (like me) who can care more about securing the Windows against the malware, than about protecting the computer against the thieves.
In fact, I am on your side, do not you see this? Furthermore, the practical point of view like yours, does not mean that someone is not tech-savvy.
I am sorry If my words hurt you, but in fact I liked your post, because it was very reasonable.

 

[brod56]

Read my post again, please :emoji_pray:- it is a little ironical towards people (like me) who can care more about securing the Windows against the malware, than about protecting the computer against the thieves.
In fact, I am on your side, do not you see this? Furthermore, the practical point of view like yours, does not mean that someone is not tech-savvy.
I am sorry If my words hurt you, but in fact I liked your post, because it was very reasonable.

It sounded nothing like ironical to me. Anyway, I believe you. Peace out.

 

[Andy Ful]

It sounded nothing like ironical to me. Anyway, I believe you. Peace out.

Added the note to my post, but I am sure that the irony is visible enough.
Be safe.

 

[Andy Ful]

Using too many extensions in the web browser has some known pros, but also some cons.

1. As it can be seen from the very comprehensive list made by HarborFront, there are many vulnerabilities so the user should install several extensions to cover them.
2. Many extensions would have the negative impact on the browsing performance & web browser stability.
3. Many extensions = proportionally greater attack surface.
4. Installing the popular extensions = greater chances to be exploited.
5. Installing not popular extensions = unknown reliability, unknown support, etc.
6. Sometimes people install many extensions, because they intentionally browse to very unsafe places, and think that those extensions will save them (not recommended).

So, everyone has to find the balance between safe habits and installed extensions. With safe browsing habits and some basic knowledge the user can install fewer extensions to be pretty much safe. When visiting very unsafe places, it is better to use the Virtual Machine.
Yet, either when using many extensions or using only a few, the user cannot be completely safe when browsing.

 

[HarborFront]

Using too many extensions in the web browser has some known pros, but also some cons.

1. As it can be seen from the very comprehensive list made by HarborFront, there are many vulnerabilities so the user should install several extensions to cover them.
2. Many extensions would have the negative impact on the browsing performance & web browser stability.
3. Many extensions = proportionally greater attack surface.
4. Installing the popular extensions = greater chances to be exploited.
5. Installing not popular extensions = unknown reliability, unknown support, etc.
6. Sometimes people install many extensions, because they intentionally browse to very unsafe places, and think that those extensions will save them (not recommended).

So, everyone has to find the balance between safe habits and installed extensions. With safe browsing habits and some basic knowledge the user can install fewer extensions to be pretty much safe. When visiting very unsafe places, it is better to use the Virtual Machine.
Yet, either when using many extensions or using only a few, the user cannot be completely safe when browsing.

Using a VM is not a panacea to all problems.

Like any software it has its own security vulnerabilities

For malware protection the use of a VM is good as long as you don't meet some VM-evasive malware. Similarly, in the use of AV software

VM also cannot protect a user against data exfiltration

And I don't believe it can protect against hardware-based attacks like Spectre and Meltdown

If you'll to ask me how many extensions would be needed to protect against the list I made I would say as many as you can find inclusive of your AV/AM software and browser...... if you want to go around the world on the net

 

[Andy Ful]

Using a VM is not a panacea to all problems.

Like any software it has its own security vulnerabilities

For malware protection the use of a VM is good as long as you don't meet some VM-evasive malware. Similarly, in the use of AV

VM also cannot protect a user against data exfiltration

And I don't believe it can protect the user against a hardware-based attacks like Spectre and Meltdown

You are right. Nothing is perfect.

 

[notabot]

And I don't believe it can protect against hardware-based attacks like Spectre and Meltdown

It can’t, to the best of my knowledge only disabling SMT can - with the caveat that the addon you linked before claims it’s possible without switching smt off

 

[notabot]

For malware protection the use of a VM is good as long as you don't meet some VM-evasive malware. Similarly, in the use of AV software

I asked this on another thread and the response I had was that apparently it doesn’t happen.

Probably the target market for this ( people running desktop software in VMs) is too small for the malware writers to target it. But in principle this is doable

 

[notabot]

Ultimately it comes down to what threat vector one is protecting against.

If one wants to hedge against a wider vector though I wonder, is a complicated setup with many addons & lots of software worth the maintainance effort ? Perhaps it simpler to have a dedicated machine for activities they want to keep safe. Eg have one machine with smt switched off (eg openbsd), hardened OS kernel, on each use launch one off browser images via Docker - it’s still a pita type of setup but probably has fewer tabs to track as everything would be updated from the os vendor’s repo. The only risk remaining would effectively be kernel level exploits which cannot be hedged anyhow

 

[InnoScorpio]

After realizing all the advice that everyone provided to me in this thread.

REMOVED THE FOLLOWING

• The Great Suspender -- Remove this since I realized I could implement flags in Chrome and find ways to speed up Firefox so adding the extension would be counterproductive to my browser performance.
• uMatrix - Do not need this after realizing Malwarebytes has reliable adblocking. Also, adding a bunch of filters for different types of malware yield less effect than using Malwarebytes.
• Glary Utilities Portable - Do not need this after adding CCEnhancer along with CCleaner Portable.
• Wise Care 365 - The entire suite of components not needed.
• Exfil CSS Protection - Remove this since the Site Report feature provides information on the Web Targeting features that a site uses to possibly mitigate CSS Exfil attacks.
• Correction: Mailtrack is not available in Firefox.

ADDITIONS OR CLARIFYING SOFTWARE I WAS SUPPOSED TO USE ORIGINALLY

• CCEnhancer
• Sandboxie Free
• Wise Disk Cleaner Portable

Fields are updated. Replies to some posts that were mentioned in this thread:

For example, you have 3 extensions with similar purposes (blocking malicious websites) - uBlock Origin, Netcraft and Malwarebytes. That doesn't make much sense to me, considering that the browser and the AV also have that function. In my opinion, being obsessed with browser protection via filtering is pointless.
Also, read this.

After realizing how realizing how reliable the adblocking and tracking protection that Malwarebytes Browser Extension provides. I realize I do not need uMatrix in Chrome and Firefox. I did some testing with Malwarebytes and found Malwarebytes to be a better addon. The malicious website filtering from Norton is nonexistent. Norton Safe Web is only good for antiphishing. Google Safe Browsing and Microsoft SmartScreen will pick up the rest of what Norton missed alone.

- ads & ad trackers
- malicious sites
- analytics (beacons, pixel etc)
- browser fingerprinting e.g. mouse wheel/speed, CPU/GPU etc besides those listed(and protected) in ScriptSafe and Trace...

This is why you can only set up your web browser, AV, DNS, or other security layers to protect against the most important attacks associated with security and privacy. You have to implement the ones that can avoid significant damage on your computer, can be used for financial or commercial gain, espionage, data leaking of sensitive and personal information.

If you are the cautious user - who do not open the spam attachments, do not allow the active content in the unknown documents, etc... The Standard User Account + Norton Security Online Premium is enough.
If not, or when you have to use the vulnerable applications with unsafe content (documents with macros, scripts, unknown email attachments, etc.) then you may think about some additional protection like SysHardener, OSArmor (system hardening), or Hard_Configurator (system hardening & default deny setup).

I am actually a cautious user when it comes to avoiding email attachments, documents with macros, and scripts so I do not usually need some other tool with it most likely.