Advanced Plus Security Kongo's Computer Security Config 2024

Last updated
Jul 17, 2024
How it's used?
For home and private use
Operating system
macOS 15 Sequoia
On-device encryption
BitLocker Device Encryption for Windows
Log-in security
    • Hardware security key
Security updates
Allow security updates and latest features
Update channels
Allow stable updates only
User Access Control
Always notify
Smart App Control
Off
Network firewall
Enabled
About WiFi router
- Speedport Smart 4
- Firewalla Blue +
Real-time security
Deep Instinct Endpoint Protection
WhitelistCloud
Firewall security
Microsoft Defender Firewall with Advanced Security
About custom security

Hardening tools:
- Firewall Hardening (blocking outbound connections of LOLBins)
- Run by SmartScreen (forces SmartScreen to scan files of choice)
- STOP/DJVU Ransomware Vaccine (immunizes system against this type of ransomware)
- O&O ShutUp10 (recommended settings)
- O&O AppBuster (removed unecessary Windows 11 apps)
- Windows Sandbox


System settings:
- Microsoft Defender running in sandbox (inactive)
- Reputation Based Protections (all modules enabled)
- Smart App Control enabled
- Data Execution Prevention set to AlwaysOn
- Core Isolation: Memory Integrity enabled
- Kernel-mode Hardware-enforced Stack Protection enabled
- Secure Boot enabled
- Drives encrypted via TPM (BitLocker)
- Windows Update Delivery Optimization disabled
- AutoPlay disabled
- Network Discovery disabled (Public Firewall profile)
- PowerShell --> Constrained Language Mode
- Hide extensions for known file types --> disabled
- Show hidden files --> enabled
- Virtualization enabled (allows Application Sandboxing)
- Custom Exploit Protection Settings for Firefox:
Code: 
Block low integrity images - ON
Block remote images - ON
Block untrusted fonts - ON
Control flow guard (CFG) - ON
Data execution prevention (DEP) - ON + Enable thunk emulation - CHECKED
Disable extension points - ON
Force randomization for images (Mandatory ASLR) - ON + Do not allow stripped images - CHECKED
Randomize memory allocations (Bottom-up ASLR) - ON
Validate exception chains (SEHOP) - ON
Validate handle usage - ON
Validate heap integrity - ON
Validate image dependency integrity - ON

Thanks to @oldschool for sharing! :)

ㅤㅤㅤHardware Firewall (Firewalla Blue Plus):
- Active Protect (Strict)
- Ad Block (Strict)
- OISD blocklist enabled in Firewalla
- New Device Quarantine (restricted internet access for newly connected devices)
- Geo-IP Filtering (blocking connections from and to Russian + Chinese IPs)
- Unbound DNS enabled for all devices
‎‎‎ㅤ‎ ‎ ‎ ‎
Periodic malware scanners
Norton Power Eraser, X-Sec and AdwCleaner
Malware sample testing
I do participate in malware testing. See details about my testing environment below.
Environment for malware testing
‎‎‎ㅤㅤㅤ
VMware Workstation Player + Mullvad VPN on host machine while connected to the guest network.

Online Malware Analysis Platforms that I use:

- FileScan.iO
- Intenzer Analyze
- Hybrid Analysis
- VirusTotal
- Sophos Intelix
- ANY.RUN
- Triage
- Kaspersky Threat Intelligence Portal
- Neiki.Dev
- ThreatZone
- UnpacMe

--> Currently I am barely testing
Browser(s) and extensions

Mozilla Firefox v. 132.0.2

Extensions:
- Ghostery
- SafeToOpen
- Bitwarden


Browser privacy and security settings:
- Tracking protection: Strict (enables Total Cookie Protection)
- Enable secure DNS using: Max Protection
- HTTPS-only-mode enabled
- DuckDuckGo set as search engine
- Pocket disabled
- Sending DNT-requests disabled (enabling makes you more identifiable and barely gives any advantage on most sites.)
- Clearing browsing data on exit
- Search suggestions disabled
- Websites overview disabled
- Blocking incoming location, camera and microphone requests
- AutoPlay for audio and video disabled
- Firefox telemetry disabled (also in about:config)
- Blocking pop-ups
- Warn when websites try to install addons enabled
- Protection against fraudulent content and dangerous software enabled


about:config tweaks:
- network.dns.echconfig.enabled = true
- network.dns.use_https_rr_as_altsvc = true
- fission.autostart = true
- pdfjs.enableScripting = false
- network.IDN_show_punycode = true
- security.ssl.require_safe_negotiation = true
- geo.enabled = false
- webgl.disabled = true
- network.trr.mode = 3 (NextDNS)
ㅤㅤ
Secure DNS

- NextDNS with DoH + OISD blocklist (Firefox exclusively)
- Unbound DNS (Network-wide)


Desktop VPN
Proton VPN with Secure Core, NetShield and Permanent Kill Switch
Password manager
Bitwarden Premium
Maintenance tools
PatchMyPC, RuckZuck, UpdateHub, HiBit Uninstaller and Windows built in tools for cleaning and optimization
File and Photo backup
backup to external drive when necessary
Subscriptions
    • Google One Standard 200GB
System recovery
Aomei Backupper
Risk factors
    • Browsing to popular websites
    • Browsing to unknown / untrusted / shady sites
    • Opening email attachments
    • Buying from online stores, entering banks card details
    • Downloading software and files from reputable sites
    • Gaming
    • Streaming audio/video content from shady sites
    • Downloading malware samples
Computer specs
GPU: Nvidia Geforce RTX 360 TI
CPU: Intel I5 12600K
RAM: 16 GB DDR4-3200 Crucial
Hard disks: 500 GB Samsung 970 EVO Plus + 1 TB Western Digital Blue
Notable changes
- Updated for year 2024
What I'm looking for?

Looking for minimum feedback.

silversurfer

silversurfer

Super Moderator
Verified
Top Poster
Staff Member
Malware Hunter
Aug 17, 2014
11,256
simmerskool said:

RuckZuck Software Package Manager for Windows

free open source package manager for windows with public software repository
ruckzuck.tools ruckzuck.tools

first I've heard of it... :unsure:
Click to expand...

Highly recommended, I am using RuckZuck since two years after @harlan4096 suggested this software to me (y)
malwaretips.com

Discuss/Update Thread - RuckZuck - Software Package Manager for Windows

Homepage: RuckZuck Software Package Manager for Windows GitHub: GitHub - rzander/ruckzuck: software package manager for windows Version 1.7.3.1 unused references removed update references fix: sponsor URL fix: hanging jobs https://github.com/rzander/ruckzuck/releases/tag/1.7.3.1
malwaretips.com malwaretips.com
 
  • Like
  • Thanks
Reactions: Nevi, [correlate], plat and 5 others
P

plat

Level 29
Top Poster
Sep 13, 2018
1,793
silversurfer said:
Highly recommended, I am using RuckZuck since two years after @harlan4096 suggested this software to me
Click to expand...

Thank you so much! I was curious about it, so I d/l the portable and it actually found an update to an obscure software used to find bulky useless files. Installed it also, a big plus. And that would be WinDirStat! Good job, RuckZuck!

Sorry Kongo, hope it's OK that I comment on your thread.
 
  • Like
  • Applause
Reactions: Nevi, Trident, [correlate] and 7 others
Kongo

Kongo

Level 36
Thread author
Verified
Top Poster
Well-known
Feb 25, 2017
2,597
Gandalf_The_Grey said:
What was your reason for doing so?
While it is a good and useful extension I am not sure if it is really needed.
Less is more in regards of the number of installed extensions.
Click to expand...
I am really satisfied with my config at the moment, but I just felt like my web-protection could be slightly better. I was only relying on NextDNS for web-protection, and it truly doesn't offer the best phishing protection out there. But you know me, I will probably remove it in a couple of days again anyway. 😄
 
  • Like
  • HaHa
  • Applause
Reactions: Trident, Nevi, [correlate] and 7 others
piquiteco

piquiteco

Level 14
Verified
Top Poster
Well-known
Oct 16, 2022
624
Kongo said:
I am really satisfied with my config at the moment, but I just felt like my web-protection could be slightly better.
Click to expand...
I'm like you and sometimes install even unnecessary extensions, now recently I did a cleanup, left only the necessary but I kept the netcraft for a reason when I receive an email phishing I report and them and they check and responded quickly. Many people do not like Netcraft, because they say that privacy is a little murky, but the protection against site phishing is excellent followed by Bitdefender (TrafficLight) and Malwarebytes Browser Guard. (y)
 
  • Like
  • Applause
Reactions: Nevi, Trident, [correlate] and 7 others
simmerskool

simmerskool

Level 38
Verified
Top Poster
Well-known
Apr 16, 2017
2,779
Kongo said:
- set Firefox Secure DNS level to "Max"
+ added PolySwarm to Malware Analysis platforms
Click to expand...

Incentivized Threat Detection​

Unlike in any other multiscanner, in PolySwarm there is money at stake: threat detection engines back their opinions with money, at the artifact level (file, URL, etc.), and are economically rewarded and penalized based on the accuracy of their determinations. The following process is automated and is executed by software (engines) in near real time.
 
  • Like
Reactions: Trident, Nevi, [correlate] and 3 others

Similar threads

Divine_Barakah
    • Like
    • Applause
Advanced Security Divine Barakah's PC Security Config 2024
Replies
97
Views
4,607
PC Setup Configuration Help & Showcase
Divine_Barakah
Divine_Barakah
Smoke
    • Like
Advanced Plus Security Smoke's Security Config 2024
Replies
3
Views
415
PC Setup Configuration Help & Showcase
harlan4096
harlan4096
DJ Stylbator
    • Like
Basic Security DJ Stylbator Security Config 2024
Replies
7
Views
752
PC Setup Configuration Help & Showcase
harlan4096
harlan4096

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top