- Feb 25, 2017
- 2,585
Probably won't be using DeepArmor for long as it's quite expensive. Just thought I might try out their 30 days money back guarantee.
Kongo's Computer Security Config 2024
- Thread starter Kongo
- Start date
- Last updated
- Jul 17, 2024
- How it's used?
- For home and private use
- Operating system
- macOS 15 Sequoia
- On-device encryption
- BitLocker Device Encryption for Windows
- Log-in security
-
- Hardware security key
- Security updates
- Allow security updates and latest features
- Update channels
- Allow stable updates only
- User Access Control
- Always notify
- Smart App Control
- Off
- Network firewall
- Enabled
- About WiFi router
-
- Speedport Smart 4
- Firewalla Blue +
- Real-time security
-
Deep Instinct Endpoint Protection
WhitelistCloud
- Firewall security
- Microsoft Defender Firewall with Advanced Security
- About custom security
-
Hardening tools:
- Firewall Hardening (blocking outbound connections of LOLBins)
- Run by SmartScreen (forces SmartScreen to scan files of choice)
- STOP/DJVU Ransomware Vaccine (immunizes system against this type of ransomware)
- O&O ShutUp10 (recommended settings)
- O&O AppBuster (removed unecessary Windows 11 apps)
- Windows Sandbox
System settings:
- Microsoft Defender running in sandbox (inactive)
- Reputation Based Protections (all modules enabled)
- Smart App Control enabled
- Data Execution Prevention set to AlwaysOn
- Core Isolation: Memory Integrity enabled
- Kernel-mode Hardware-enforced Stack Protection enabled
- Secure Boot enabled
- Drives encrypted via TPM (BitLocker)
- Windows Update Delivery Optimization disabled
- AutoPlay disabled
- Network Discovery disabled (Public Firewall profile)
- PowerShell --> Constrained Language Mode
- Hide extensions for known file types --> disabled
- Show hidden files --> enabled
- Virtualization enabled (allows Application Sandboxing)
- Custom Exploit Protection Settings for Firefox:
Code:Block low integrity images - ON Block remote images - ON Block untrusted fonts - ON Control flow guard (CFG) - ON Data execution prevention (DEP) - ON + Enable thunk emulation - CHECKED Disable extension points - ON Force randomization for images (Mandatory ASLR) - ON + Do not allow stripped images - CHECKED Randomize memory allocations (Bottom-up ASLR) - ON Validate exception chains (SEHOP) - ON Validate handle usage - ON Validate heap integrity - ON Validate image dependency integrity - ON
Thanks to @oldschool for sharing!
ㅤㅤㅤHardware Firewall (Firewalla Blue Plus):
- Active Protect (Strict)
- Ad Block (Strict)
- OISD blocklist enabled in Firewalla
- New Device Quarantine (restricted internet access for newly connected devices)
- Geo-IP Filtering (blocking connections from and to Russian + Chinese IPs)
- Unbound DNS enabled for all devices
ㅤ
- Periodic malware scanners
-
Norton Power Eraser, X-Sec and AdwCleaner
- Malware sample testing
- I do participate in malware testing. See details about my testing environment below.
- Environment for malware testing
-
ㅤㅤㅤ
VMware Workstation Player + Mullvad VPN on host machine while connected to the guest network.
Online Malware Analysis Platforms that I use:
- FileScan.iO
- Intenzer Analyze
- Hybrid Analysis
- VirusTotal
- Sophos Intelix
- ANY.RUN
- Triage
- Kaspersky Threat Intelligence Portal
- Neiki.Dev
- ThreatZone
- UnpacMe
--> Currently I am barely testing
- Browser(s) and extensions
-
ㅤ
Mozilla Firefox v. 132.0.0
Extensions:
- Ghostery
- SafeToOpen
- Bitwarden
Browser privacy and security settings:
- Tracking protection: Strict (enables Total Cookie Protection)
- Enable secure DNS using: Max Protection
- HTTPS-only-mode enabled
- DuckDuckGo set as search engine
- Pocket disabled
- Sending DNT-requests disabled (enabling makes you more identifiable and barely gives any advantage on most sites.)
- Clearing browsing data on exit
- Search suggestions disabled
- Websites overview disabled
- Blocking incoming location, camera and microphone requests
- AutoPlay for audio and video disabled
- Firefox telemetry disabled (also in about:config)
- Blocking pop-ups
- Warn when websites try to install addons enabled
- Protection against fraudulent content and dangerous software enabled
about:config tweaks:
- network.dns.echconfig.enabled = true
- network.dns.use_https_rr_as_altsvc = true
- fission.autostart = true
- pdfjs.enableScripting = false
- network.IDN_show_punycode = true
- security.ssl.require_safe_negotiation = true
- geo.enabled = false
- webgl.disabled = true
- network.trr.mode = 3 (NextDNS)
ㅤㅤ
- Secure DNS
-
ㅤ
- NextDNS with DoH + OISD blocklist (Firefox exclusively)
- Unbound DNS (Network-wide)
ㅤ
- Desktop VPN
-
Proton VPN with Secure Core, NetShield and Permanent Kill Switch
- Password manager
-
ㅤBitwarden Premium
- Maintenance tools
-
PatchMyPC, RuckZuck, UpdateHub, HiBit Uninstaller and Windows built in tools for cleaning and optimization
- File and Photo backup
-
ㅤbackup to external drive when necessary
- Subscriptions
-
- Google One Standard 200GB
- System recovery
-
Aomei Backupper
- Risk factors
-
- Browsing to popular websites
- Browsing to unknown / untrusted / shady sites
- Opening email attachments
- Buying from online stores, entering banks card details
- Downloading software and files from reputable sites
- Gaming
- Streaming audio/video content from shady sites
- Downloading malware samples
- Computer specs
-
GPU: Nvidia Geforce RTX 360 TI
CPU: Intel I5 12600K
RAM: 16 GB DDR4-3200 Crucial
Hard disks: 500 GB Samsung 970 EVO Plus + 1 TB Western Digital Blue
- Notable changes
-
- Updated for year 2024
- What I'm looking for?
-
Looking for minimum feedback.
- Feb 25, 2017
- 2,585
+ replaced DeepArmor with WiseVector StopX + KeyScrambler
Last edited:
- Feb 25, 2017
- 2,585
- replaced KeyScrambler with HitmanPro.Alert
- Feb 25, 2017
- 2,585
- switched from WiseVector and HMPA to Norton Antivirus Trial
- switched from DNS-over-HTTPS to DNS-over-TLS within YogaDNS
- switched from DNS-over-HTTPS to DNS-over-TLS within YogaDNS
- Mar 29, 2018
- 7,613
- Feb 25, 2017
- 2,585
I change my config more than my socks... Do I need help?I changed my socks today!
- Mar 29, 2018
- 7,613
Geeks Anonymous may be able to help you!I change my config more than my socks... Do I need help?
- Feb 25, 2017
- 2,585
Phew...Geeks Anonymous may be able to help you!
- Feb 25, 2017
- 2,585
- back to MD configured via ConfigureDefender
- back to Adguard, LocalCDN andTrocker
- back to Adguard, LocalCDN and
Last edited:
- Aug 2, 2020
- 549
I just cut down my extensions in FF from 7 to 4 and then you post this Trocker thingy.
I hope you are happy my extensions are up to 5 now!
- Feb 25, 2017
- 2,585
See it positively... 5 are still less than 7I just cut down my extensions in FF from 7 to 4 and then you post this Trocker thingy.
I hope you are happy my extensions are up to 5 now!
Which extensions are you using tho?
- Aug 2, 2020
- 549
uBOSee it positively... 5 are still less than 7
Which extensions are you using tho?
Trafficlight
Clearurl
LocalCDN
- Feb 25, 2017
- 2,585
You could get rid of ClearURLs if you enabled AdGuard URL tracking filter list in uBlock Origin I guess.
- Sep 2, 2021
- 2,586
- Feb 25, 2017
- 2,585
As second opinion scanner or alongside Microsoft Defender?
- Aug 2, 2020
- 549
I was thinking the same thing. However when I tested tracking links only ClearlURL seems to be working correctly.
Use this link as an example Adguard URL tracker does not seem to work
- Feb 25, 2017
- 2,585
I think the AdGuard filter is much smaller compared to ClearURLs so that might be a reason. After all ClearURLs didn't receive updates for months so I personally wouldn't use it anymore.
- Sep 2, 2021
- 2,586
- Aug 17, 2014
- 11,108
I'm using another filter together with Adguard URL Tracking Protection for the same purpose but more advanced: 'Actually Legitimate URL Shortener Tool'
Code:
https://raw.githubusercontent.com/DandelionSprout/adfilt/master/LegitimateURLShortener.txtGitHub - DandelionSprout/adfilt: The place where I, DandelionSprout, store my web filter lists for countless topics, including my Nordic adblock list. As simple as that, really.
The place where I, DandelionSprout, store my web filter lists for countless topics, including my Nordic adblock list. As simple as that, really. - DandelionSprout/adfilt
github.com
- Feb 25, 2017
- 2,585
Totally forgot about this one. I am using it in AdGuard too currently.I'm using another filter together with Adguard URL Tracking Protection for the same purpose but more advanced: 'Actually Legitimate URL Shortener Tool'
Code:https://raw.githubusercontent.com/DandelionSprout/adfilt/master/LegitimateURLShortener.txt
GitHub - DandelionSprout/adfilt: The place where I, DandelionSprout, store my web filter lists for countless topics, including my Nordic adblock list. As simple as that, really.
The place where I, DandelionSprout, store my web filter lists for countless topics, including my Nordic adblock list. As simple as that, really. - DandelionSprout/adfilt
Here are my filers for the people who care:
Similar threads
