Advanced Plus Security Lenny's 2021 intention: keep this setup for a year :-)

Last updated
Jul 11, 2021
How it's used?
For home and private use
Operating system
Windows 10
On-device encryption
Log-in security
    • Biometrics (Windows Hello PIN, TouchID, Face, Iris, Fingerprint)
Security updates
Allow security updates and latest features
User Access Control
Notify me only when programs try to make changes to my computer (do not dim my desktop)
Smart App Control
Network firewall
Real-time security
  1. Software Restriction Policies similar to Hard Configurator recommended settings
  2. Microsoft Defender hardened through GPO similar to ConfigureDefender on MAX
Firewall security
Microsoft Defender Firewall
About custom security
  • NextDNS (Firefox)/Quad9 (Edge)
  • Trend Micro Home Protect in TP-Link AC4000 router
  • GPO hardening (disabling remote stuff and not used features)
  • UAC deny elevation of unsigned programs
  • ACL deny execute for Download Folder and Startup folders
  • Enabled Smartscreen for Explorer (added run-by-smartscreen)
  • Removed System and Admin ACL from quick backup documents folder on old HD (ransomware often goes for max rights)
  • Tweaked exploit protection settings of Microsoft Defender
Periodic malware scanners
Microsoft Malicious Software Removal Tool only combined with periodic Microsoft Defender scan enabled
Malware sample testing
I do not participate in malware testing
Browser(s) and extensions
Edge with hardened profile running inprivate:
- Bruce blank tab (also works incognito)
- AdGuard with only my filters to deal with annoyances and Kees1958

Firefox with hardened user.js running incognito
- Etag Stoppa
- NoScript
... running in Sandboxie
Secure DNS
Next DNS - Firefox
Quad9 - Edge
Desktop VPN
Bullet VPN
Password manager
None
Maintenance tools
Process Explorer & Autoruns64
File and Photo backup
Syncback Free
System recovery
Restore points and Windows Image Backup for software.
Windows Data Backup for Documents only
Syncback for USB and Quick documents backup to old HD
Neushield daily mirrors for Quick documents backup folder
Risk factors
    • Working from home
    • Browsing to popular websites
    • Opening email attachments
    • Buying from online stores, entering banks card details
    • Streaming audio/video content from shady sites
Computer specs
Self build from parts of old PC's from relatives
- Asus motherboard
- Intel i7 950 with 8 GB RAM
- NVidia GT730 fan-less video card
- Samsung 860 SSD (250 GB for OS)
- OCZ Vortex SSD (120 GB for Documents)
- Seagate 2 TB HDD for media files
- Western Digital 1 TB HDD for image backup and windows image & data backup

USB 2TB drive connected to Router to serv as NAS (router also has TrendMicro Home protect).
USB drive is swapped with off-line second off-line backup USB every month
Notable changes
12-2-21
Added Neushield Data Sentinel Free and changed uMatrix for uBlock on Edge WDAG sandbox
16-3-21
Same extensions in Edge and WDAG sandbox: blank tab, uBlockOrigin and PopUpOff
23-3-21
Replaced uB0 with Adguard again :)
1-4-21
Only using Edge anti-tracking and NextDNS as adblocking for Edge (in normal = hardened mode)
2-4-21
Back to Adguard with Quad9 DNS and removed PopUpOff and NextDNS
22-4-21
Back to Next DNS and replaced Adguard with AddBlockPlus, disabled Edge Application Guard (I did not use it anymore).
23-4-21
Kaspersky Cloud Free stopped working for unknown reason, reverted back to Microsoft Defender
26-4-21
Replaced Adguard DNS filter with Next DNS ad & tracking blocklist
27-4-21
Added Adguard DNS filter again as only DNS level blocklist
29-4-21
Replaced AdblockPlus with SmartAdblock (which is also a popup blocker)
4-5-21
Next DNS ad filter blocked a coupon code, so back to no ad-fiters in DNS. Added Kees1958 most commen EU-US, and set Edge anti-tracking to default again
11-7-21
Added Firefox with priivacy hardened user.js an sandboxie
What I'm looking for?

Looking for maximum feedback.

Lenny_Fox

Lenny_Fox

Level 22
Thread author
Verified
Top Poster
Well-known
Oct 1, 2019
1,120
@Jan Willy

So because steel melts you can use it for a cheese-fondue?, Please do a field test, which uses the mechanism mentioned (blocking javascript in the browser)

Block first prty javascript in your Chromium based browser for nos.nl (add [*.]nos.nl) visit NOS.nl and you will see the Javascript blocked in the taskbar

Next block thord-party javascript for bbc.co.uk (ad [*.]bbc.co.uk) and visit bbc.com, you will NOT see the javascript blocked in the taskbar

Now disable third-party scripts for bbc.co.uk in uBlockOrigin and revisit bbc.com, you will see that the site is broken.

Conclusion: when you set a block javascript site permission for a website in your browser it only works for first-party scripts.
 
  • Like
Reactions: Nevi and Venustus
Jan Willy

Jan Willy

Level 12
Verified
Top Poster
Well-known
Jul 5, 2019
565
Lenny_Fox said:
@Jan Willy

So because steel melts you can use it for a cheese-fondue?, Please do a field test, which uses the mechanism mentioned (blocking javascript in the browser)

Block first prty javascript in your Chromium based browser for nos.nl (add [*.]nos.nl) visit NOS.nl and you will see the Javascript blocked in the taskbar

Next block thord-party javascript for bbc.co.uk (ad [*.]bbc.co.uk) and visit bbc.com, you will NOT see the javascript blocked in the taskbar

Now disable third-party scripts for bbc.co.uk in uBlockOrigin and revisit bbc.com, you will see that the site is broken.

Conclusion: when you set a block javascript site permission for a website in your browser it only works for first-party scripts.
Click to expand...

We were talking about HTTP-content in HTTPS-sites. I haven't seen such elements in your examples. So we shouldn't mix apples and oranges. Based on the testsite I referred to in my earlier post, I may assume that MS Edge at default does the right thing. It blocks HTTP-content in HTTPS-sites regardless of the type of content.

Edit: Look at Site Permissions.

1619269662388.png
 
Last edited:
  • Like
Reactions: Nevi, Venustus, ForgottenSeer 85179 and 1 other person
Lenny_Fox

Lenny_Fox

Level 22
Thread author
Verified
Top Poster
Well-known
Oct 1, 2019
1,120
Jan Willy said:
We were talking about HTTP-content in HTTPS-sites. I haven't seen such elements in your examples. So we shouldn't mix apples and oranges. Based on the testside I referred to in my earlier post, I may assume that MS Edge at default does the right thing. It blocks HTTP-content in HTTPS-sites regardless of the type of content.

Edit: Look at Site Permissions.

View attachment 257331
Click to expand...
Just do the test I explained. It proofs that first party content is blocked, not third-party
 
  • Like
Reactions: Nevi
F

ForgottenSeer 85179

Lenny_Fox said:
This only blocks first party scripts. When you are on a HTTPS website which uses HTTP scripts as third-party those insecure scripts will be executed. The HTTP://* rule in blocking scripts does not protect you against that.
Click to expand...
Are you sure? Edge should display an info in URL bar in that case because of "insecure content". This can be configured in Edge permissions.

Lenny_Fox said:
I don't get your responses. Frst you are posting that blocking third-party scipts hardly has any advantage, now you are advising to block all http-scripts.
Click to expand...
Crippling websites isn't recommended. But blocking insecure HTTP scripts (websites still *works* without scripts) is best practice.
Anyway, for normal user's this doesn't matter much.

Lenny_Fox said:
Are you just responding to have a discussion/making fun? I dont understand why you are posting wrong information.
Click to expand...
Don't know what you mean but if you want, i can stop posting here.
 
  • Like
Reactions: Nevi, Jan Willy, Venustus and 1 other person
Lenny_Fox

Lenny_Fox

Level 22
Thread author
Verified
Top Poster
Well-known
Oct 1, 2019
1,120
SecurityNightmares said:
Are you sure? Edge should display an info in URL bar in that case because of "insecure content". This can be configured in Edge permissions.


Crippling websites isn't recommended. But blocking insecure HTTP scripts (websites still *works* without scripts) is best practice.
Anyway, for normal user's this doesn't matter much.


Don't know what you mean but if you want, i can stop posting here.
Click to expand...
As with @JanWilly lets agree to disagree (and you are free to post anywhere like all other members)
 
  • Like
Reactions: Venustus, ForgottenSeer 85179 and Nevi
Lenny_Fox

Lenny_Fox

Level 22
Thread author
Verified
Top Poster
Well-known
Oct 1, 2019
1,120
After finding out my CPU was to old for Windows11, I played with some sandbox programs (Comodo, ReHips and Sandboxie). Settled for Sandboxie to secure my privacy hardened firefox (which I use as secondary browser).
 
  • Sad
  • Like
Reactions: Venustus, oldschool, ErzCrz and 3 others
ErzCrz

ErzCrz

Level 21
Verified
Top Poster
Well-known
Aug 19, 2019
1,023
Lenny_Fox said:
After finding out my CPU was to old for Windows11, I played with some sandbox programs (Comodo, ReHips and Sandboxie). Settled for Sandboxie to secure my privacy hardened firefox (which I use as secondary browser).
Click to expand...
I can't be certain that mine is new enough either with an i3-4005U but I've got 12 gig ram. The compatabiliy tool is mean to be relaunched soon which will make that more straight forward. We'll just have to wait and see I guess...
 
  • Like
Reactions: Lenny_Fox, Venustus, oldschool and 1 other person
You must log in or register to reply here.

Similar threads

Brownie2019
    • Like
    • Thanks
On Sale! F-Secure Internet Security for all devices | 1 Year | 3 Devices | 23.31€
Replies
0
Views
459
Discounts and Deals
Brownie2019
Brownie2019
Brownie2019
    • Like
    • +Reputation
On Sale! MultCloud 500GB Lifetime for free
Replies
0
Views
245
Discounts and Deals
Brownie2019
Brownie2019
silversurfer
    • Like
    • +Reputation
    • Applause
Mozilla increased Revenue Significantly in 2021
Replies
3
Views
816
News Archive
Ink
Ink

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top