SECURITY: Complete Lightning_Brian's 2021 Security Configuration

Last updated
Dec 31, 2020
About
Personal, primary device
Additional PC users
Not shared with other users
Desktop OS
Windows 10
OS License Type
Pro
Login security
    • Security key (Hardware)
    • Password (Aa-Zz, 0-9, Symbols)
Primary sign-in
Local account
Primary account rights
Administrator permissions
Security updates
Automatic - allow all types of updates
Windows UAC
Maximum - always notify
Real-time protection
Norton 360 Premium (paid - latest release), VoodooShield Premium (paid - latest release - note: not always 100% on)
Software firewall
Provided by a third-party security vendor. Refer to 'Real-time protection' for details.
Custom RTP, Firewall and OS settings
SONAR set to aggressive

Boot time protection Aggressive

Custom scans set at various times - multiple custom scans

Blocking traffic for malicious applications - set to aggressive
Malware research
Yes - malware samples are downloaded to a Virtual Machine
Periodic scanners
Emsisoft Emergency Kit (EEK), Malwarebytes Anti-Malware (Paid - real time disabled - using as needed)
DNS
None - Will be changing this up in the near future though.
VPN
Windscribe Pro (paid - latest release - lifetime license)
Avira Phantom VPN (secondary VPN not main VPN at all) – BETA TESTING
Password manager
Sticky Password - Lifetime
RoboForm for Business - Enterprise - RoboForm Everywhere
PassCamp - Enterprise Read more about it here: https://www.passcamp.com/enterprise-password-management/ or https://www.passcamp.com/features/
Browsers, Search and Addons
Firefox: HTTPS Everywhere, AdGuard AdBlocker, Windscribe VPN, and NoScript
PC maintenance
Cleaning Utilities:
  • Glary Utilities PRO (paid and latest release)
  • Windows 10 built in tools
Software Removal Tool:
  • Revo Uninstaller v4 (Pro Portable - Paid - Paid for 2 years of updates!)
Windows Repair (Not Always Using Here Folks – Mainly For Some Minor Repairs Before Clean Install)
Personal Files & Photos backup
Backup Software (or similar):
  • AOMEI Backupper Pro (paid - latest release)
    • AOMEI Dynamic Disk Manager Pro Edition (paid - latest stable - lifetime license) – Updating disk information and management
    • AOMEI Parition Assistant Pro Edition (paid - latest stable - lifetime license) – Updating disk information and management
  • Macrium Reflect Free (free - latest release)
    • viBoot from Macrium Reflect (free - latest stable) – Please read more about viBoot here before commenting on it: Macrium viBoot
      • In short (their wording not mine):Macrium viBoot enables you to instantly create, start and manage Microsoft Hyper-V virtual machines using one or more Macrium Reflect image files as the basis of the virtual machine storage sub-system.
      • At a minimum, viBoot enables you to boot into the images you have made using Macrium Reflect, for validation purposes, or to retrieve data from old applications stored on a bootable image. At an enterprise level, you could recover an entire network environment in minutes.
      • Macrium viBoot is now built upon new technology that allows it to instantly present a Macrium Reflect image file as a Microsoft Virtual Disk (.VHDX) file.
  • Acronis True Image 2021 (paid and latest release - perpetual license for v2021)
Yes, I use three different backup tools. No, I do not use all three at the same time, same day, or for exactly the same reason. If you get stung by one backup going bad you will get why I use three. Plus, all three have some very unique and nice features. Check these out! Questions – please read about the tools prior to asking! Thanks!
Personal backup routine
Manual (maintained by self)
Device recovery & backup
Macrium Reflect Free (free - latest stable), AOMEI Backupper Pro (paid and latest stable), Acronis True Image 2021 (paid and latest release)
Device backup routine
Manual (maintained by self)
PC activity
  1. Browsing the web. 
  2. Emails. 
  3. Downloading software. 
  4. Working from home. 
  5. PC and cloud gaming. 
Computer specs
Custom build!

CPU - Intel i7-8700k CPU @ 3.70 GHz
GPU - NVIDIA GeForce GTX 1080 @ 8 GB GDDR5X
RAM - 64 GB DDR4 - 63.8 GB Usable!
SSD - Samsung 970 EVO 500GB - NVMe PCIe M.2 2280 SSD (MZ-V7E500BW)
HDD - WD Black 2TB Performance Desktop Hard Disk Drive - 7200 RPM SATA 6 Gb/s 64MB Cache 3.5 Inch - WD2003FZEX
AIO liquid CPU cooler
Personal changelog
Changes made 12-31-2020

Major Changes:

Changed from Norton Security Premium to Norton 360 Premium

Big change here folks! Time to go into the future with the latest and greatest for 2021.

Upgraded VMware Workstation Pro 15 from v16 to release version 16.1!!

Link: VMware Workstation 16.1.0 Pro Release Notes

Yes, I know I paid a pretty penny on this. I know I will never regret it given my career field and everything that I do.

I can concur that everything is nice and snappy on v16 and the improvements are easily noticeable. I know I recently added RAM, but things are flying in the new version. Some things are eh'. I think those are widely known that I don't need to repeat that stuff here. As noted in the release notes above I am noticing the same thing here:

Performance Improvements
  • Improved file transfer speeds (Drag and Drop, Copy and Paste)
  • Improved virtual machine shutdown time.
  • Improved virtual NVMe storage performance.
Other notable changes:

Upgraded AOMEI Backupper from v6.1 to v6.3

New features/changes of AOMEI Backupper v6.3 can be found here:

Link: Changelog – AOMEI Backupper

Upgraded AOMEI Partition Assistant from v9.0 to v9.1

New features/changes of AOMEI Partition Assistant can be found here:

Link: AOMEI Partition Assistant Changelog

Upgraded Macrium Reflect v7 to the latest edition (free - latest release)

New features/changes of Macrium Reflect v7 can be found here:

Link: Macrium Reflect Patch Details

Upgraded GlassWire ELITE to the latest stable release which is v2.2.268

New features/changes of GlassWire v2.2.268 can be found here:

Link: GlassWire Software Version Changes List

Upgraded Revo Uninstaller Pro Portable from v4.3.8 to v4.4

New features/changes of Revo Uninstaller Pro Portable Pro v4.4 can be found here:

Link: Revo Uninstaller Pro - History

Adguard Premium (paid - latest release - lifetime license) upgraded from v7.5.2 to latest build which is v7.5.3

New features/changes of Adguard Premium v7.5.3 can be found here:

Link: Versions history | AdGuard

Upgraded RoboForm for Windows RoboForm for Business (highly secure and locked down) from v8.9.5 to latest release which is v9.1.0.

New features/changes of RoboForm for Windows RoboForm for Business v9.1.0 can be found here:

Link: RoboForm for Windows Version News

Upgraded Sticky Password for Windows from v8.2.8.6 to latest release which is v8.2.8.7

New features/changes of Sticky Password for Windows v8.2.8.7 can be found here:

Link: Windows release notes | Sticky Password

Acronis True Image 2021 upgraded to Build35860

New features/changes of Acronis True Image Build 35860 can be found here:

Link: Release notes - List of Changes - 42226
Feedback Response

Most critical feedback

Staff Notes
  1. This setup may cause performance issues, system instability or conflicts between programs, and can hinder the effectiveness of the installed antivirus products.

Lightning_Brian

Level 15
Verified
Content Creator
Sep 1, 2017
729
Hello MT Friends!

Happy New Year! Hard to believe we are closing out another year here.

I have made some good changes as of late and I wanted to post this in my 2021 build.

***DNS changes will be coming in the near future. For now I'm listing this as 'none' with the note that I will be changing this up soon.***

I know many of you might be thinking "man this guy pays some serious cash for some serious software" and I do agree. Some software I have on lifetime licenses while others I do pay a yearly fee for. I aim for the maximum security to ensure a nice and tight setup.

I will highlight some changes in the change log section so you can see what I am changing or upgrading/updating my software to.

Let me know your thoughts of my setup!

Thanks!
Brian
 

Gandalf_The_Grey

Level 46
Verified
Trusted
Content Creator
Apr 24, 2016
3,536
Great config as always (y)

A suggestion for a DNS is Quad9 based on this review here: Malicious site filters on DNS in 2020 – Skadligkod.se
But that also depends how fast or slow it is where you live.

What you think about changing browsers?
Google Chrome and/or Microsoft Edge are in theory much more secure than Firefox.
Privacy wise Brave seems to be the best one right now.
 

SecurityNightmares

Level 36
Verified
Jan 9, 2020
2,551
Of course, but what is the change that he gets infected while using Firefox with AdGuard and NoScript and Norton 360 as real time protection?
That makes it theoretical again. 🤔
If the malware is known or detected then yes you're right.
Anyway sandboxing browser / reducing attack surface is always a good idea
 

Lightning_Brian

Level 15
Verified
Content Creator
Sep 1, 2017
729
Hello!

@Gandalf_The_Grey and @security123 ! Great points here! I'll have to look into maybe using Brave here. I don't do anything "risky" outside of my isolated VM setup that I explained in my 2019 configuration. However, I do agree that Chrome based browsers do have some good hardening involved. I like Firefox for privacy as its not data mining everything like the folks at Google is doing with their browser. @Gandalf_The_Grey you are right Brave may be my go to solution here. More to come on that side!

Thanks for the DNS recommendation @Gandalf_The_Grey ! I will look into it.

CloudFlare at 1.1.1.1 seems interesting too. Any thoughts about this DNS provider for the side of security/privacy etc. etc. ?

~Brian
 

Lightning_Brian

Level 15
Verified
Content Creator
Sep 1, 2017
729
This isn't right. Firefox use telemetry by default and some even can't disable in normal UI.
Firefox does mine data and isn't so good for privacy as you think. You read more at my posted link.
Humbling saying: Matter of opinion for some things for data mining. If we really don't want any data mined we are left with very few and far between for browsers.

If you know Google like I do you never want to use them for data protection. However, I don't want to jump down that rabbit hole with my friends at MT. =) Lets just say if you ever manage a website and use Google Analytics you will know in two seconds Google isn't the best choice for privacy rights. With this being said, what is your go to web browser of choice? Do you like Brave or which web browser do you like?

Brian
 

SecurityNightmares

Level 36
Verified
Jan 9, 2020
2,551
With this being said, what is your go to web browser of choice? Do you like Brave or which web browser do you like?
I only use Edge on Desktop as it's from Microsoft and i trust them. Obviously, else i wouldn't use Windows.
I don't like Brave because of their suspicious Ad system. Yes i know it's Opt-In but that doesn't matter for me.
 

Gandalf_The_Grey

Level 46
Verified
Trusted
Content Creator
Apr 24, 2016
3,536
Hello!

@Gandalf_The_Grey and @security123 ! Great points here! I'll have to look into maybe using Brave here. I don't do anything "risky" outside of my isolated VM setup that I explained in my 2019 configuration. However, I do agree that Chrome based browsers do have some good hardening involved. I like Firefox for privacy as its not data mining everything like the folks at Google is doing with their browser. @Gandalf_The_Grey you are right Brave may be my go to solution here. More to come on that side!

Thanks for the DNS recommendation @Gandalf_The_Grey ! I will look into it.

CloudFlare at 1.1.1.1 seems interesting too. Any thoughts about this DNS provider for the side of security/privacy etc. etc. ?

~Brian
CloudfFlare is good for speed and innovation but not for security or privacy. They don't seem to block anything.
 

Gandalf_The_Grey

Level 46
Verified
Trusted
Content Creator
Apr 24, 2016
3,536
Not even with their blocking version? Because they provide a non-blocking and blocking version.
The last test done are not good for Cloudflare:
2020-05-03: Malicious site filters on DNS in 2020 – Skadligkod.se
Domains connected to the following categories has been selected:
  • 12 phishing links
  • 12 malware links
The DNS providers included in the test are:
  • Quad9 – 9.9.9.9
  • Cloudflare family – 1.1.1.2
  • OpenDNS – 208.67.222.222
  • CleanBrowsing – 185.228.168.9
  • Adguard DNS – 176.103.130.130
In comparison I did a check on Cloudflare’s default DNS 1.1.1.1 and Googles DNS 8.8.8.8 as well, also when it is known that those are not blocking any content.

The blocking is been done in two different ways depending on the DNS provider.
  • not resolving the domain with NIXDOMAIN (Quad9 + CleanBrowsing) or by answering with IP 0.0.0.0 (Cloudflare).
  • Answering with an IP of the DNS provider blockpage. (Adguard DNS + OpenDNS)
Total percentage of blocked domains:
  • Quad9 = 96 % (23/24)
  • CleanBrowsing = 75 % (18/24)
  • AdGuard DNS = 54 % (13/24)
  • OpenDNS = 46 % (11/24)
  • Cloudflare families 13 % (3/24)
Blocked Phishing domains:
  • Quad9 = 100%
  • CleanBrowsing = 100 %
  • OpenDNS = 92 %
  • Adguard DNS = 42 %
Non other DNS services blocked any phishing domain tested.

Blocked Malware domains:
  • Quad9 = 92 %
  • Adguard DNS = 67 %
  • CleanBrowsing = 50 %
  • Cloudlare family = 25 %
Non other DNS services blocked any malware domain tested.
2020-08-06: Q&A - [Updated 29/12/2018] Browser extension comparison: Malwares and Phishings
15 links from urlhaus. No time for phishing
Extensions:
Chrome's safebrowsing: block 12/15 + warn: 3/15 = 15/15
Bitdefender: 14/15
Malwarebytes: 10/15
Avira: 8/15
Norton: 7/15
Emsisoft: 5/15
Microsoft WDBP: 5/15 (tested a few times, same result)

DNS:
neustar (Threat Protection): 14/15
nextDNS: 14/15
quad9: 9/15
adguard family: malware 2/15 | adult 4/15 = 6/15
cleanbrowsing secure: 5/15
cloudflare malwares+adults: 2/15
openDNS family: 2/15
 

silversurfer

Level 71
Verified
Trusted
Content Creator
Malware Hunter
Aug 17, 2014
6,026
Confirmed here on my personal testing recently some days ago:
Cloudflare's "Malware and Adult Content Blocking" blocks almost none URL delivering fresh malware!

Beside NextDNS, Quad9 seems to be the best DNS service to block malware, 3rd place for CleanBrowsing.
 
Top