SECURITY: Risk KonradPL Security Config 2021

Last updated
Jul 1, 2021
About
Personal, primary device
Additional PC users
Not shared with other users
Desktop OS
Operating system is not listed
OS edition
Pro
Login security
    • Password (Aa-Zz, 0-9, Symbols)
Primary sign-in
Microsoft account
Primary user
Admin user - Full permissions
Security updates
Automatic - allow all types of updates
Windows UAC
Maximum - always notify
Network firewall
Third-party router
Real-time protection
ESET IS with tweaked hips and firewall against ransomware
Software firewall
Provided by a third-party security vendor. Refer to 'Real-time protection' for details.
Custom RTP, Firewall and OS settings
WINDOWS 11
Malware testing
No malware samples
Periodic security scanners
MBAM
Secure DNS
Cloudflare set up in router
VPN
none
Password manager
Sticky Password
Browsers, Search and Addons
Edge chromium
Maintenance and Cleaning
by windows
Personal Files & Photos backup
Onedrive, WD My Cloud
Personal backup routine
Automatic (scheduled)
Device recovery & backup
Onedrive, WD My Cloud,SSD
Device backup routine
Automatic (scheduled)
PC activity
  1. Working from home. 
  2. Browsing the web. 
  3. Emails. 
  4. Shopping. 
  5. Banking. 
  6. Downloading software. 
  7. PC and cloud gaming. 
  8. Multimedia. 
Computer specs
Aorus B450 Elit v2, Ryzen 3700x, RAM 16GB, 2x 512GB SSD M.2 , Sapphire Radeon 5500xt
Feedback Response

Most critical feedback

anupritaisno1

Level 2
May 27, 2021
72
They are not security focused, but i assume the security is the same as a stable build of 10, unless they constantly change the security part of the OS. I've honestly never seen MS saying Insider builds are not recommended because it's unsafe, only because it's unstable.
Just because something is not said doesn't mean the opposite case automatically becomes true

Beta builds have bugs, many of these bugs can be security issues and CVEs are NOT assigned to security issues that appear in beta software so the vendor does NOT have to document security fixes at all
 

SecurityNightmares

Level 40
Verified
Jan 9, 2020
2,955
They are not security focused, but i assume the security is the same as a stable build of 10, unless they constantly change the security part of the OS. Honestly I've never seen MS saying Insider builds are not recommended because it's unsafe, only because it's unstable.
Well, Microsoft will never say anything like that but they’re not recommend unstable builds for daily driver
 

anupritaisno1

Level 2
May 27, 2021
72
Only windows backup but i dont like this option. If system is compromised hard by ransomware i`d like a new instalation of windows. But any important files i have in two copies in onedrive and WD MY CLOUD
I don't recommend the windows backup feature as it saves your entire OS without bitlocker carrying over to the backup and during a restore, unencrypted data is written in plain back to the disk

I just boot up my linux installation and use dd to copy the entire thing to a backup drive, including bitlocker encryption and then restore it as a whole when needed
 

upnorth

Moderator
Verified
Staff member
Malware Hunter
Jul 27, 2015
4,368
Even trusting on an AV isn’t good nor recommend . Just harden your system that malware can’t start and you’re done.
That's probably one of the worst general recommendations I seen in a long time. I fully understand the point or view of harden the system for advanced users and for many of the users here on MT, but for the majority tell them that they shouldn't trust AVs, is actually borderline reckless no matter what you personal might think and feel about AVs. Please try be a bit more specific and clear next time.
 

SecurityNightmares

Level 40
Verified
Jan 9, 2020
2,955
That's probably one of the worst general recommendations I seen in a long time. I fully understand the point or view of harden the system for advanced users and for many of the users here on MT, but for the majority tell them that they shouldn't trust AVs, is actually borderline reckless no matter what you personal might think and feel about AVs. Please try be a bit more specific and clear next time.
I don’t saying that MT users shouldn’t use any AV. I say that they’re shouldn’t only trust on that and instead harden the system (beside using AV).

anyway, a secured system is most important and remember that AVs aren’t part of security concept or at least last part of it as they’re increasing attack surface by itself
 

anupritaisno1

Level 2
May 27, 2021
72
That's probably one of the worst general recommendations I seen in a long time. I fully understand the point or view of harden the system for advanced users and for many of the users here on MT, but for the majority tell them that they shouldn't trust AVs, is actually borderline reckless no matter what you personal might think and feel about AVs. Please try be a bit more specific and clear next time.
Trusting AVs is pretty much the worst mistake one could do. Let me just put it in simpler words:

Sasser
Mydoom
Conficker
Wannacry
Hafnium

Then come the exploits, oh boy:
Printnightmare
Hive nightmare


Clearly if antivirus worked then these attacks shouldn't even have been possible. There is an increasing amount of evidence that all antivirus ever manages to do is increase attack surface by running in kernel level instead of providing any actual security. Here's some evidence of just that happening Malwarebytes : Products and vulnerabilities

And this is not just representative of Malwarebytes. Almost every security product out there is backed by companies who themselves don't care about writing correct code. If you trust such code to protect you something is seriously wrong with your security model. If you believe what I say is false, when was the last time an AV vendor tried to rewrite their software in something safe like rust? Almost never, most don't even care about mitigating spectre in their programs
 

upnorth

Moderator
Verified
Staff member
Malware Hunter
Jul 27, 2015
4,368
I don’t saying that MT users shouldn’t use any AV. I say that they’re shouldn’t only trust on that and instead harden the system (beside using AV).

anyway, a secured system is most important and remember that AVs aren’t part of security concept or at least last part of it as they’re increasing attack surface by itself
For some reason you actually do keep saying that users shouldn't use AVs. The part I highlight in the quote makes that too obvious. It basically means the same thing and it then automatic gets confusing.

Again! Telling the majority of users that AVs ( AntiVirus ) aren't part of security concept and even increase the attack surface, when it's a real genuine life boat for most people and extra much for those that also gets infected or risk get infected, is something that by itself is just sad to watch. If I actually for some very weird reason would fully believe that, and I don't btw, people like @struppigel and even developers like @Andy Ful or @danb and more or less the whole security industry don't have a single clue what they do as it's useless anyway.

I personal 100% get the attack surface point of view, but I still don't do everything I know. It simply wouldn't work when I have to do what I do or must do. Everything online is actually not solely about lockdown and throw away the key and that automatic makes it safe and bullet proof, and specially as not one path is the only correct path/way. There's something also called user compatibility and experience and skill. The " harden system " advice is not wrong, but one have to be aware that the majority of users can't grasp it or won't use it, no matter how good we here think it is. AVs is and will be something a majority of users will have on their machines, either we like it or not. Malware is also something that won't just suddenly go * Poof *.
 

Andy Ful

Level 71
Verified
Trusted
Content Creator
Dec 23, 2014
6,017
I agree with @upnorth. For most users, the AV is a must solution. Anyway, I do not think that @SecurityNightmares would propose not using AVs by average users (90% or more of all users). I have read many of his posts on MT and Telegram. His words are rather addressed for advanced users (although sometimes it is not clear enough from his posts). Some of them can rely more on the tight system restrictions (like Windows S mode) and Windows events than on the AV protection.

My opinion slightly differs from @SecurityNightmares. I think that advanced users can harden their machines (but usually as the AV support) if they like, or choose to be more cautious (without any hardening).
The problem of hardening the machines of average users can be solved only in some circumstances (by the Home administrator). (y)
 
Last edited:

SecurityNightmares

Level 40
Verified
Jan 9, 2020
2,955
Thanks Andy for writing it down better than I do :emoji_beer:

Yes, i focus more on „advanced“ and in my opinion that’s more interesting for MT user but sometimes I’m not sure.

@upnorth AndyFul is one of few people I trust (else I wouldn’t use his programs).
i also doesn’t say anything like that about pinged user you listed but I’m focused on securing systems with internal features as much as possible with avoiding using/ trusting external solutions
 

plat1098

Level 24
Verified
Sep 13, 2018
1,383
Konrad, I also run Windows 11 on my daily driver, and you're in a good amt. of company. Yes, it's prudent and "safe" not to, but but but .....you could argue this ad nauseum.

It's a personal choice made after some consideration, a concept that doesn't always get the respect it deserves around here. If it fails at some point, well around here, one might be a little better prepared.

Security Center still has a bug or two so a third party helper comes in handy. By the way, Automatic Sample Submission is now enabled after every machine start/restart. 😍 Must be that magic MS telemetry at work, right?
 

Andy Ful

Level 71
Verified
Trusted
Content Creator
Dec 23, 2014
6,017
I think that the discussion here should be continued in two different scenarios:
  1. Widespread attacks.
  2. Targeted attacks.
The AVs are very efficient (still not perfect) against widespread attacks. So, most MT readers (Home users) should listen to @upnorth.

The AVs are not especially efficient in targeted attacks on institutions, organizations, or Enterprises, and here @anupritaisno1 is probably right - one cannot rely on such protection alone. The professional attacker can usually compromise such protection without a problem.
But, for practical reasons, the AVs are still necessary as a part of the solution even in the second scenario. Their protection can be extended by other security services and other security solutions (like Zero Trust model).
The protection model without an AV is possible in theory. It would be probably stronger for the reasons noted by @anupritaisno1, but hardly possible in practice (for now).

Edit.
@KonradPL, please forgive me for my off-topic posts. :)
 
Last edited:

JoyousBudweiser

Level 12
Verified
Aug 22, 2013
580
Most of windows users not worth to be even considered for "targeted attacks". So a general antivirus would suffice for most. Then there are people like us ( me included)who have a habit of tweaking, tinkering and making a simple security model to utter complex one for the mental satisfaction and for timepass, and for those its advisable to harden the system, experiment a bit here and there and in the end have the ultimate satisfaction of achieving "the most complex system" as a sculptor gets by watching his creation. I couldn't even get to sleep if I have an un-tweaked system in my hand, it had become an obsessive compulsive disorder for me.
 

KonradPL

Level 4
May 1, 2018
179
I don’t saying that MT users shouldn’t use any AV. I say that they’re shouldn’t only trust on that and instead harden the system (beside using AV).

anyway, a secured system is most important and remember that AVs aren’t part of security concept or at least last part of it as they’re increasing attack surface by itself
I want to say i have a pretty good knowlege about cyber threats. My Windows is hardened not only by eset but in os settings too.
I have a good surf web habbits, don't use any cracks etc.
I like eset more than MD and have a multi device eset licence to protect my family.
Eset is a additional line of defence for me.
I dont know why you think i rely only on hardening by eset?
 

anupritaisno1

Level 2
May 27, 2021
72
For some reason you actually do keep saying that users shouldn't use AVs. The part I highlight in the quote makes that too obvious. It basically means the same thing and it then automatic gets confusing.

Again! Telling the majority of users that AVs ( AntiVirus ) aren't part of security concept and even increase the attack surface, when it's a real genuine life boat for most people and extra much for those that also gets infected or risk get infected, is something that by itself is just sad to watch. If I actually for some very weird reason would fully believe that, and I don't btw, people like @struppigel and even developers like @Andy Ful or @danb and more or less the whole security industry don't have a single clue what they do as it's useless anyway.

I personal 100% get the attack surface point of view, but I still don't do everything I know. It simply wouldn't work when I have to do what I do or must do. Everything online is actually not solely about lockdown and throw away the key and that automatic makes it safe and bullet proof, and specially as not one path is the only correct path/way. There's something also called user compatibility and experience and skill. The " harden system " advice is not wrong, but one have to be aware that the majority of users can't grasp it or won't use it, no matter how good we here think it is. AVs is and will be something a majority of users will have on their machines, either we like it or not. Malware is also something that won't just suddenly go * Poof *.
If antivirus really worked, it would have worked by now. There would be no malware at all today

Sadly this hasn't happened. Not only has antivirus failed in eradicating malware, the amount of malware clearly is increasing day by day. Open up your AV's definition folder and it would probably know a billion things that can harm you. If you don't think this is foolish, the average user's keeps around, say 60 programs on their computer, uses 10 frequently and the rest infrequently. Observe how AV overcomplicates the entire thing by tracking a billion pieces of everything that's wrong in the world when even a human can track 60 pieces of everything that is right. In fact in this scenario if a user just allowed those 60 programs to run and nothing else, they would have immediately solved all of these issues:

Malware
RATs
Ransomware

System security happens with systematic improvements to system security, not loading a dangerous kernel driver into your OS and pretending that you are safe. I've already said before that AVs don't care about security but here's an even more serious problem: most AV vendors don't even spend time into getting their high privileged glorified rootkits certified by Microsoft. And if a single driver causes a memory corruption on a monolithic kernel, do remember that it corrupts the entire OS (this is why updating drivers requires rebooting on windows and Linux anyway). You cannot rule out memory corruption on a driver not certified by Microsoft and most AV vendors simply do not care enough

The entire concept of antivirus came around because computers executed anything they were told to without user consent. Hence the term "default allow". The moment you switch to a default deny policy like H_C lets you, antivirus is entirely redundant and does nothing. Antivirus was always a scam and remains one to this day
 

JoyousBudweiser

Level 12
Verified
Aug 22, 2013
580
If antivirus really worked, it would have worked by now. There would be no malware at all today

Sadly this hasn't happened. Not only has antivirus failed in eradicating malware, the amount of malware clearly is increasing day by day. Open up your AV's definition folder and it would probably know a billion things that can harm you. If you don't think this is foolish, the average user's keeps around, say 60 programs on their computer, uses 10 frequently and the rest infrequently. Observe how AV overcomplicates the entire thing by tracking a billion pieces of everything that's wrong in the world when even a human can track 60 pieces of everything that is right. In fact in this scenario if a user just allowed those 60 programs to run and nothing else, they would have immediately solved all of these issues:

Malware
RATs
Ransomware

System security happens with systematic improvements to system security, not loading a dangerous kernel driver into your OS and pretending that you are safe. I've already said before that AVs don't care about security but here's an even more serious problem: most AV vendors don't even spend time into getting their high privileged glorified rootkits certified by Microsoft. And if a single driver causes a memory corruption on a monolithic kernel, do remember that it corrupts the entire OS (this is why updating drivers requires rebooting on windows and Linux anyway). You cannot rule out memory corruption on a driver not certified by Microsoft and most AV vendors simply do not care enough

The entire concept of antivirus came around because computers executed anything they were told to without user consent. Hence the term "default allow". The moment you switch to a default deny policy like H_C lets you, antivirus is entirely redundant and does nothing. Antivirus was always a scam and remains one to this day
I accept your argument, but is there a 100% effective solution to the issue? I use a locked down default deny system, but it has its own demerits, like no one except me can install anything on my system, even if I want to install something I must also go through the pain of adding the digital signature to the allow list. Its a pain in the a## for most and most wouldn't even consider this kind of locked down or hardened system, ease of use is paramount for most if am not wrong? That brings us to the question I asked in the beginning, "is there a 100% effective solution to the issue without annoying the average user?"
 
Top