Advanced Plus Security LDoggs Security Setup

[LDogg]

Sounds good

Well ice dragon might be best alternative for firefox, due comodo security enchanments and constant updates. Its also bit lighter.

Also superior sll certificates are nice feature.

Actually i moved to quantum because you said quantum is nice and few other comments from people...but now im feeling going back to ice dragon because it brings more features over firefox. Im gonna install ice dragon back and have deep insight to see hows performance against firefox

IceDragon is a light light mainly on CPU and RAM usage, plus loads pages a bit faster too as well. Looks like the best version of the FF fork out there.

Only down side is that the normal On protection for VoodooShield doesn't activate with it.

~LDogg

 

[Moonhorse]

IceDragon is a light light mainly on CPU and RAM usage, plus loads pages a bit faster too as well. Looks like the best version of the FF fork out there.

Only down side is that the normal On protection for VoodooShield doesn't activate with it.

~LDogg

Smart does?

 

[LDogg]

Smart does?

What do you mean by smart does @Moonhorse ?

~LDogg

 

[Moonhorse]

What do you mean by smart does @Moonhorse ?

~LDogg

I mean voodooshield has protection for ice dragon too, you can see it as highlighted right?

 

[LDogg]

Only protection for Dragon, not IceDragon. I looked in at the settings.

~LDogg

 

[LDogg]

However I'm probably going to have VDS with the "ALWAYS ON" setting.

~LDogg

 

[Moonhorse]

Only protection for Dragon, not IceDragon. I looked in at the settings.

~LDogg

Thats weird, you should see firefox as highlighted then. When i ran centbrowser it got highlighted as chrome

 

[LDogg]

Thats weird, you should see firefox as highlighted then. When i ran centbrowser it got highlighted as chrome

It's very weird. Just gonna keep VDS to ALWAYS ON.

~LDogg

 

[HarborFront]

FYI, FF 57 and onward has XSS protections

Firefox 57 to Get New XSS Protections | SecurityWeek.Com

So, if you have some phishing filters in uBO you can remove Netcraft for Netcraft's strengths are the phishing and XSS protections

 

[oldschool]

It's very weird. Just gonna keep VDS to ALWAYS ON.

~LDogg

That’s what I do.

 

[LDogg]

Updated: 31/07/18

Hardened Comodo Ice Dragon, stopped all Telemetry settings using about:config.

Also stopped webgl, GeoLocation, Fingerprinting, TLS domains, media peer connection to false & a lot more.

Hardening links:
- Guide: Hardening Mozilla Firefox For Privacy & Security 2016 | Cyber Security Wiki | Viking VPN Service
- Privacy Tools | Encryption against global mass surveillance

@Gandalf_The_Grey @Moonhorse hope you like my settiings

Edit: removed Netcraft on Comodo Ice Dragon due to update of XSS & Phishing per @HarborFront reply.

Scriptsafe now at LDogg settings (Privacy/Fingerprint/General) screenshots:

 

[Gandalf_The_Grey]

Updated: 31/07/18

Hardened Comodo Ice Dragon, stopped all Telemetry settings using about:config.

Hardening links:
- Guide: Hardening Mozilla Firefox For Privacy & Security 2016 | Cyber Security Wiki | Viking VPN Service
- Privacy Tools | Encryption against global mass surveillance

@Gandalf_The_Grey @Moonhorse hope you like my settiings

Scriptsafe now at LDogg settings (Privacy/Fingerprint/General) screenshots:

You block a lot. Thank you and @Moonhorse for the screenshots and some ideas/settings to play with
I think i will use @Moonhorse more relaxed settings because I share this computer with other family members.
Also I want to test the combo of AdGuard/uBlock and ScriptSafe against @Evjl's Rain s links for testing the protection of extensions.

 

[LDogg]

I block a lot due to testing, the ones I've left unticked failed in tests. I'm glad I could help you out! Also as an additional side note, Scriptsafe hasn't broken any websites for me whatsoever. Only thing that break is if you tick to block <IMG> this breaks Thumbnails for YouTube when testing, so I've left unticked.

My pleasure @Gandalf_The_Grey hope this helps you going forward!

Edit: Also not ticked "Client Rectangles" breaks Facebook when you try to message someone & "Clipboard Interference" stop you copying & pasting from sites when testing.

~LDogg

 

[Moonhorse]

if you have time to tweak every site you visit and manage to build blocked/allowed domains list, you will control/dominate internet for sure ( default mode: block)

if you share computer / browser, it would be smartest to have default mode on allowed...you can still benefit alot from it without affecting in browsing experience at all

Default mode: block; you dont benefit from having decentraleyes if you have that still installed @LDogg , since you dont allow google domains.

Sadly i have seen few sites using captcha, and i cant complete them without enabling few domains from google, but i can allow them just temporary

Isnt it bit overkill to have voodooshield + comodo firewall?

You can run exe.files on virustotal online and comodo has anti-exploit for browser already?

I have installed comodo dragon as my main browser, i give it a go with blocking everything by default and tweaking browser same way as you do

 

[LDogg]

if you have time to tweak every site you visit and manage to build blocked/allowed domains list, you will control/dominate internet for sure ( default mode: block)

if you share computer / browser, it would be smartest to have default mode on allowed...you can still benefit alot from it without affecting in browsing experience at all

Default mode: block; you dont benefit from having decentraleyes if you have that still installed @LDogg , since you dont allow google domains.

Sadly i have seen few sites using captcha, and i cant complete them without enabling few domains from google, but i can allow them just temporary

Isnt it bit overkill to have voodooshield + comodo firewall?

You can run exe.files on virustotal online and comodo has anti-exploit for browser already?

You can benefit from Decentraleyes, I made a .txt file that needs to go into uBlock Origins rules section. If you wish to have the .txt file for your ruleset that's fine. It makes Decentraleyes be able to block Unwanted CDN Networks, JQuery from Google Search Libraries and more. Then Enable the "block requests for missing resources" setting inside Decentraleyes.

VDS + CFW isn't overkill. Avast + CFW + OSArmor + VDS would be the very definition of overkill. VDS is a white listing anti-exe, CFW is a self explanatory Firewall w/ sandbox capabilities, both cover various attack surface vectors which is why I have them installed. It's the reason I need no AV, as this setup is light, adding an AV would make my config very much overkill.

On websites that still use jQuery 1.91 it's beneficial to use, when testing Decentraleyes does block Google Hosted Libraries.

~LDogg

 

[LDogg]

Decentraleyes blocking Google Hosted Libraries @Moonhorse

 

[Moonhorse]

Always allow current site, dont trust entire domain

 

[LDogg]

Works for me just fine:

~LDogg

 

[Moonhorse]

Works for me just fine:

~LDogg

because decentraleyes is replacing ''ajax.googleapis.com (1)'' , since you have allowed it to run. I deny those domains so i have no need for decentraleyes

 

[LDogg]

Mainly helps for YouTube, here as well, xat, Decentraleyes would stop the jQuery files being linked. Anything else from Google I block by default such as UTM, googletagmanager, googletagservices etc etc.

Some sites can break if googleapis.com is blocked outright.

~LDogg