Advanced Plus Security Lenny's 2021 intention: keep this setup for a year :-)

Last updated
Jul 11, 2021
How it's used?
For home and private use
Operating system
Windows 10
On-device encryption
Log-in security
    • Biometrics (Windows Hello PIN, TouchID, Face, Iris, Fingerprint)
Security updates
Allow security updates and latest features
User Access Control
Notify me only when programs try to make changes to my computer (do not dim my desktop)
Smart App Control
Network firewall
Real-time security
  1. Software Restriction Policies similar to Hard Configurator recommended settings
  2. Microsoft Defender hardened through GPO similar to ConfigureDefender on MAX
Firewall security
Microsoft Defender Firewall
About custom security
  • NextDNS (Firefox)/Quad9 (Edge)
  • Trend Micro Home Protect in TP-Link AC4000 router
  • GPO hardening (disabling remote stuff and not used features)
  • UAC deny elevation of unsigned programs
  • ACL deny execute for Download Folder and Startup folders
  • Enabled Smartscreen for Explorer (added run-by-smartscreen)
  • Removed System and Admin ACL from quick backup documents folder on old HD (ransomware often goes for max rights)
  • Tweaked exploit protection settings of Microsoft Defender
Periodic malware scanners
Microsoft Malicious Software Removal Tool only combined with periodic Microsoft Defender scan enabled
Malware sample testing
I do not participate in malware testing
Browser(s) and extensions
Edge with hardened profile running inprivate:
- Bruce blank tab (also works incognito)
- AdGuard with only my filters to deal with annoyances and Kees1958

Firefox with hardened user.js running incognito
- Etag Stoppa
- NoScript
... running in Sandboxie
Secure DNS
Next DNS - Firefox
Quad9 - Edge
Desktop VPN
Bullet VPN
Password manager
None
Maintenance tools
Process Explorer & Autoruns64
File and Photo backup
Syncback Free
System recovery
Restore points and Windows Image Backup for software.
Windows Data Backup for Documents only
Syncback for USB and Quick documents backup to old HD
Neushield daily mirrors for Quick documents backup folder
Risk factors
    • Working from home
    • Browsing to popular websites
    • Opening email attachments
    • Buying from online stores, entering banks card details
    • Streaming audio/video content from shady sites
Computer specs
Self build from parts of old PC's from relatives
- Asus motherboard
- Intel i7 950 with 8 GB RAM
- NVidia GT730 fan-less video card
- Samsung 860 SSD (250 GB for OS)
- OCZ Vortex SSD (120 GB for Documents)
- Seagate 2 TB HDD for media files
- Western Digital 1 TB HDD for image backup and windows image & data backup

USB 2TB drive connected to Router to serv as NAS (router also has TrendMicro Home protect).
USB drive is swapped with off-line second off-line backup USB every month
Notable changes
12-2-21
Added Neushield Data Sentinel Free and changed uMatrix for uBlock on Edge WDAG sandbox
16-3-21
Same extensions in Edge and WDAG sandbox: blank tab, uBlockOrigin and PopUpOff
23-3-21
Replaced uB0 with Adguard again :)
1-4-21
Only using Edge anti-tracking and NextDNS as adblocking for Edge (in normal = hardened mode)
2-4-21
Back to Adguard with Quad9 DNS and removed PopUpOff and NextDNS
22-4-21
Back to Next DNS and replaced Adguard with AddBlockPlus, disabled Edge Application Guard (I did not use it anymore).
23-4-21
Kaspersky Cloud Free stopped working for unknown reason, reverted back to Microsoft Defender
26-4-21
Replaced Adguard DNS filter with Next DNS ad & tracking blocklist
27-4-21
Added Adguard DNS filter again as only DNS level blocklist
29-4-21
Replaced AdblockPlus with SmartAdblock (which is also a popup blocker)
4-5-21
Next DNS ad filter blocked a coupon code, so back to no ad-fiters in DNS. Added Kees1958 most commen EU-US, and set Edge anti-tracking to default again
11-7-21
Added Firefox with priivacy hardened user.js an sandboxie
What I'm looking for?

Looking for maximum feedback.

Lenny_Fox

Level 22
Thread author
Verified
Top Poster
Well-known
Oct 1, 2019
1,120
@SecurityNightmares

Half a million block rules is a bit over the top, my Chinese and Russian is limited to cheers and hello, so I will pass on this one. Thanks for helping me out

/L
 
  • Like
Reactions: Nevi

Lenny_Fox

Level 22
Thread author
Verified
Top Poster
Well-known
Oct 1, 2019
1,120
@blackice and @SecurityNightmares

I tried the oisd blocklist with NextDNS ad&trackibg protection. This is what uB0 reports

1615570930014.png

Now without NextDNS fllters and only Kees1958 most prevalent EU-US (+/- 3550).

1615571191877.png

I will stick to my "less is more" :) NextDNS only blocks 11 (29-18) with nearly 600K rules, while Kees1958 with 3.5 K rules blocks 20 (29-9)
 
Last edited by a moderator:

Jan Willy

Level 11
Verified
Top Poster
Well-known
Jul 5, 2019
544
@blackice and @SecurityNightmares

I tried the oisd blocklist with NextDNS ad&trackibg protection. This is what uB0 reports
View attachment 255373


Now without NextDNS fllters and only Kees1958 most prevalent EU-US (+/- 3550).

View attachment 255374



I will stick to my "less is more" :) NextDNS only blocks 11 (29-18) with nearly 600K rules, while Kees1958 with 3.5 K rules blocks 20 (29-9)
According to the NextDNS log, OISD blocks on CNN International - Breaking News, US News, World News and Video (only) these items:

1615572542550.jpeg
 
F

ForgottenSeer 85179

@blackice and @SecurityNightmares

I tried the oisd blocklist with NextDNS ad&trackibg protection. This is what uB0 reports

View attachment 255373

Now without NextDNS fllters and only Kees1958 most prevalent EU-US (+/- 3550).

View attachment 255374

I will stick to my "less is more" :) NextDNS only blocks 11 (29-18) with nearly 600K rules, while Kees1958 with 3.5 K rules blocks 20 (29-9)
Your comparison doesn't work.
NextDNS is only DNS based while Kees' list is for browser adblock extension which can block website elements and third-party only on-site X but not site Y.
 

Lenny_Fox

Level 22
Thread author
Verified
Top Poster
Well-known
Oct 1, 2019
1,120
Y Kees' list is for browser adblock extension which can block website elements and third-party only on-site X but not site Y.

Now I am lost, I use the ABP format which has @third-party, so tracker.com should be blocked on site X and site Y?

(that is why I added Adguard Cname blocklist and first-party servers to blok (cloaked) first party adservers)
 
  • Like
Reactions: Nevi
F

ForgottenSeer 85179

Now I am lost, I use the ABP format which has @third-party, so tracker.com should be blocked on site X and site Y?

(that is why I added Adguard Cname blocklist and first-party servers to blok (cloaked) first party adservers)
First: what want you archive?

The third-party rules block the respective domain only on the respective page, instead of everywhere - to avoid false positives. however, the effort of such maintenance is usually too great / too error prone.

AdGuard use bigger CNAME list because they don't handle that in same effective way NextDNS does.
 

Lenny_Fox

Level 22
Thread author
Verified
Top Poster
Well-known
Oct 1, 2019
1,120
Mhh I am very happy with the performance of Kees1958 most common list.

On for instance CNN and a Dutch news websites NU.nl and RTL nieuws, this small list performs as well as uBO default.

So I let my real world results prefer over theoretical benfits (as blocking ads and trackers on Russian, Hungariian, Letvian, Chinese websites and all other languages I don't speak :) )
 
  • Like
Reactions: Nevi and Jan Willy

Lenny_Fox

Level 22
Thread author
Verified
Top Poster
Well-known
Oct 1, 2019
1,120
Update: I found a way to measure the effectiveness of blocklist. I experimented today with it and it seems to work.

I have enabled domain logging in Next DNS keeping the logs for a month. I Imported the report to Excel spreadsheet. Strip out all unnecessary stuff with find+replace manually. Sort the domains and add a counter for how many times this domains is present (comparing it with the next row, when same add one to counter). In an extra column I will check whether the occurrence number of the next row is higher, when true the reference number will be updated (will ne done in a loop until next value is not greater any more). Next step is to remove double values.

This list of domains is matched with the stripped domains of a blocklist. By adding them to log-list I can find the double values. This gives me insight on how efective a blocklist was for me. This analysis made me drop the AdGuard first-party tracking lists for ad-servers and trackers. Incredible how such a small blocklist as Kees198 is so effective (in combination with Next DNS blocking cname trackers).

I noticed that the Kees1958 blocklist is updated a lot last weeks, many domains dropped, but there were also domains added (@SecurityNightmares is this due to the cleanup you mentioned earlier due to using a faulted source)?

I know I have enough HTML, CSS, Javascript knowledge to write rules for my own (I always search for rules on domain name in easylist and adguard list before writing own rules) 95% of my own rules are copied from Easylist and/or Adguard. Just click on the eye icon in UB0 and search for the domain you are having problems with.
 

Attachments

  • mijn-ublock-statische-filters_2021-03-14_16.19.09.txt
    4.3 KB · Views: 311
Last edited:
F

ForgottenSeer 85179

I noticed that the Kees1958 blocklist is updated a lot last weeks, many domains dropped, but there were also domains added (@SecurityNightmares is this due to the cleanup you mentioned earlier due to using a faulted source)?
Right.
I don't know if Kees' is already done with cleaning through.
 

Lenny_Fox

Level 22
Thread author
Verified
Top Poster
Well-known
Oct 1, 2019
1,120
Okay streamlined my setup again.

The combination Kaspersky Cloud Free and Neushield Data Sentinel Free is a keeper. They both got a thumbs up from @cruelsister (Kaspersky's system watcher and Neushield Data Sentinel) and work so differently that any incompatibility is very unlikely. Impact of Neushield on system performance is not noticeable.

I use SyncBack Free for ad hoc backups of my Documents and Mail (documents, mail and media files are backed up to offline USB disk periodically). Neushield only protects my quick backup drive (and old spare harddisk). Neushield's mirror shielding works well with file-change based backups like Syncback. @Gandalf_The_Grey reported Neushield does not play with concatenated-incremental-backup type applications because it probably considers the backup-archive as a gigantic file which has to be mirrored.

I used two Edge profiles. A default profile and a hardened profile. Nowadays I only use the hardened profile (with most site permissions on block). Even with anti-tracking on strict online buying, boooking and banking works well. I use only two extensions Blank Tab and PopUpOff. Blank Tab is only enabled on New Tab and PopUpOff is only enabled on web sites for which I need the pop-up blocker (e.g. Google search, maps and Youtube) or the anti-paid feature (Volkskrant). Because both New Tab and PopUpOff are disabled for websites I use for buying & banking I dropped the default profile (without extensions).

I followed the advise of @SecurityNightmares (and @Jan Willy and @blackice ) to enable the oisd.nl blocklist in NextDNS. I added some websites to NextDNS blocklist (e.g. Ster.nl) to compensate for Edge anti-tracking limited configurability. I use the hardened Edge profile with NextDNS and the Edge Application Guard with BulletVPN. This is the reason I still use AdGuardd extension with Edge build in on default and Smartscreen disabled (I have AdGuard malware protection eneabled). AdGuard's malware protection (even the extension version) uses a privacy respecting URL check (unlike Smartscreen which sends the URL).

Reason for moving from uBO to Adguard (again) is that I am not using an adblocking extensions anymore for daily browsing (Edge anti-tracking plus NextDNS do the job). Thanks to @RomanistHere excellent PopUpOff extension, I don't need an adblocking extension to deal with Google annoyances. I use BulletVPN with Edge Application Guard, so I prefer AdGuard's stealth mode and phishing protection for better privacy over BlockOrigin (and smartscreen).

With Edge Application Guard I use AdGuard and PopUpOff. The blocklists I use in Adguard are Kees1958 most prevalent EU-US (link), Easylist adservers (link), AdGuard disguised trackers (link) & first-party ads (link) & first-party trackers (link). I don't need annoyances and popup filters because I also use PopUpOff in moderate mode-strict.

May be I will be keeping this combo (Kaspersky Cloud Free and Neushield Data Sentinel) in 2022 also, first lets see whether I can resists changing extensions for a month ;)
 
Last edited:

Lenny_Fox

Level 22
Thread author
Verified
Top Poster
Well-known
Oct 1, 2019
1,120
Okay streamlined my setup again.

I used two Edge profiles. A default profile and a hardened profile. Nowadays I only use the hardened profile (with most site permissions on block). Even with anti-tracking on strict online buying, boooking and banking works well. I use only two extensions Blank Tab and PopUpOff. Blank Tab is only enabled on New Tab and PopUpOff is only enabled on web sites for which I need the pop-up blocker (e.g. Google search, maps and Youtube) or the anti-paid feature (Volkskrant). Because both New Tab and PopUpOff are disabled for websites I use for buying & banking I dropped the default profile (without extensions).

I followed the advise of @SecurityNightmares (and @Jan Willy and @blackice ) to enable the oisd.nl blocklist in NextDNS. I added some websites to NextDNS blocklist (e.g. Ster.nl) to compensate for Edge anti-tracking limited configurability. I use the hardened Edge profile with NextDNS and the Edge Application Guard with BulletVPN. This is the reason I still use AdGuardd extension with Edge build in on default and Smartscreen disabled (I have AdGuard malware protection eneabled). AdGuard's malware protection (even the extension version) uses a privacy respecting URL check (unlike Smartscreen which sends the URL).

Reason for moving from uBO to Adguard (again) is that I am not using an adblocking extensions anymore for daily browsing (Edge anti-tracking plus NextDNS do the job). Thanks to @RomanistHere excellent PopUpOff extension, I don't need an adblocking extension to deal with Google annoyances. I use BulletVPN with Edge Application Guard, so I prefer AdGuard's stealth mode and phishing protection for better privacy over BlockOrigin (and smartscreen).

With Edge Application Guard I use AdGuard and PopUpOff. The blocklists I use in Adguard are Kees1958 most prevalent EU-US (link), Easylist adservers (link), AdGuard disguised trackers (link) & first-party ads (link) & first-party trackers (link). I don't need annoyances and popup filters because I also use PopUpOff in moderate mode-strict.


May be I will be keeping this combo (Kaspersky Cloud Free and Neushield Data Sentinel) in 2022 also, first lets see whether I can resists changing extensions for a month ;)
:):):) just when i thought I had figured it all out :unsure::unsure::unsure:
Google updated its annoyances policy with a new consent prompt (which PopUpOff misses) and NextDNS lagged terribly this evening, so back to Adguard and Quad9 DNS BlankTab (removed PopUpOff and replaced NextDNS). Edge hardened and Edge Application Guard now have same extensions and settings (except for smartscreen)

Note: I have kept Kaspersky Cloud Free and Neushield Data Sentinel Free, so back bone of my security setup remains the same and has been stable since december 2020 (only extensions and DNS changed),
 

Attachments

  • Adguard own rules.txt
    4.5 KB · Views: 255
Last edited:

blackice

Level 38
Verified
Top Poster
Well-known
Apr 1, 2019
2,730
@SecurityNightmares thanks for the info, but I am not changing back again.
Understandable, I really liked Cloudflare until my work VPN would sometimes just not resolve the IP out of the blue. A big problem when working from home. I mostly like the ability to check logs for my household’s queries and the service seems reliable for me. The filtering is a bonus, especially on mobile. I’m not worried about privacy anymore, sick of the cat and mouse game. They will always find ways to track, and I’m not worried about being advertised to (outside of malvertising). I view the internet as a public place, and do my best to blend in.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top