SECURITY: Complete Lightning_Brian's 2021 Security Configuration

Last updated
Dec 31, 2020
About
Personal, primary device
Additional PC users
Not shared with other users
Desktop OS
Windows 10
OS edition
Pro
Login security
    • Hardware security key
    • Password (Aa-Zz, 0-9, Symbols)
Primary sign-in
Local account
Primary user
Admin user - Full permissions
Security updates
Automatic - allow all types of updates
Windows UAC
Maximum - always notify
Real-time protection
Norton 360 Premium (paid - latest release), VoodooShield Premium (paid - latest release - note: not always 100% on)
Software firewall
Provided by a third-party security vendor. Refer to 'Real-time protection' for details.
Custom RTP, Firewall and OS settings
SONAR set to aggressive

Boot time protection Aggressive

Custom scans set at various times - multiple custom scans

Blocking traffic for malicious applications - set to aggressive
Malware testing
Periodic security scanners
Emsisoft Emergency Kit (EEK), Malwarebytes Anti-Malware (Paid - real time disabled - using as needed)
Secure DNS
None - Will be changing this up in the near future though.
VPN
Windscribe Pro (paid - latest release - lifetime license)
Avira Phantom VPN (secondary VPN not main VPN at all) – BETA TESTING
Password manager
Sticky Password - Lifetime
RoboForm for Business - Enterprise - RoboForm Everywhere
PassCamp - Enterprise Read more about it here: https://www.passcamp.com/enterprise-password-management/ or https://www.passcamp.com/features/
Browsers, Search and Addons
Firefox: HTTPS Everywhere, AdGuard AdBlocker, Windscribe VPN, and NoScript
Maintenance and Cleaning
Cleaning Utilities:
  • Glary Utilities PRO (paid and latest release)
  • Windows 10 built in tools
Software Removal Tool:
  • Revo Uninstaller v4 (Pro Portable - Paid - Paid for 2 years of updates!)
Windows Repair (Not Always Using Here Folks – Mainly For Some Minor Repairs Before Clean Install)
Personal Files & Photos backup
Backup Software (or similar):
  • AOMEI Backupper Pro (paid - latest release)
    • AOMEI Dynamic Disk Manager Pro Edition (paid - latest stable - lifetime license) – Updating disk information and management
    • AOMEI Parition Assistant Pro Edition (paid - latest stable - lifetime license) – Updating disk information and management
  • Macrium Reflect Free (free - latest release)
    • viBoot from Macrium Reflect (free - latest stable) – Please read more about viBoot here before commenting on it: Macrium viBoot
      • In short (their wording not mine):Macrium viBoot enables you to instantly create, start and manage Microsoft Hyper-V virtual machines using one or more Macrium Reflect image files as the basis of the virtual machine storage sub-system.
      • At a minimum, viBoot enables you to boot into the images you have made using Macrium Reflect, for validation purposes, or to retrieve data from old applications stored on a bootable image. At an enterprise level, you could recover an entire network environment in minutes.
      • Macrium viBoot is now built upon new technology that allows it to instantly present a Macrium Reflect image file as a Microsoft Virtual Disk (.VHDX) file.
  • Acronis True Image 2021 (paid and latest release - perpetual license for v2021)
Yes, I use three different backup tools. No, I do not use all three at the same time, same day, or for exactly the same reason. If you get stung by one backup going bad you will get why I use three. Plus, all three have some very unique and nice features. Check these out! Questions – please read about the tools prior to asking! Thanks!
Personal backup routine
Manual (maintained by self)
Device recovery & backup
Macrium Reflect Free (free - latest stable), AOMEI Backupper Pro (paid and latest stable), Acronis True Image 2021 (paid and latest release)
Device backup routine
Manual (maintained by self)
PC activity
  1. Browsing the web. 
  2. Emails. 
  3. Downloading software. 
  4. Working from home. 
  5. PC and cloud gaming. 
Computer specs
Custom build!

CPU - Intel i7-8700k CPU @ 3.70 GHz
GPU - NVIDIA GeForce GTX 1080 @ 8 GB GDDR5X
RAM - 64 GB DDR4 - 63.8 GB Usable!
SSD - Samsung 970 EVO 500GB - NVMe PCIe M.2 2280 SSD (MZ-V7E500BW)
HDD - WD Black 2TB Performance Desktop Hard Disk Drive - 7200 RPM SATA 6 Gb/s 64MB Cache 3.5 Inch - WD2003FZEX
AIO liquid CPU cooler
Personal changelog
Changes made 12-31-2020

Major Changes:

Changed from Norton Security Premium to Norton 360 Premium

Big change here folks! Time to go into the future with the latest and greatest for 2021.

Upgraded VMware Workstation Pro 15 from v16 to release version 16.1!!

Link: VMware Workstation 16.1.0 Pro Release Notes

Yes, I know I paid a pretty penny on this. I know I will never regret it given my career field and everything that I do.

I can concur that everything is nice and snappy on v16 and the improvements are easily noticeable. I know I recently added RAM, but things are flying in the new version. Some things are eh'. I think those are widely known that I don't need to repeat that stuff here. As noted in the release notes above I am noticing the same thing here:

Performance Improvements
  • Improved file transfer speeds (Drag and Drop, Copy and Paste)
  • Improved virtual machine shutdown time.
  • Improved virtual NVMe storage performance.
Other notable changes:

Upgraded AOMEI Backupper from v6.1 to v6.3

New features/changes of AOMEI Backupper v6.3 can be found here:

Link: Changelog – AOMEI Backupper

Upgraded AOMEI Partition Assistant from v9.0 to v9.1

New features/changes of AOMEI Partition Assistant can be found here:

Link: AOMEI Partition Assistant Changelog

Upgraded Macrium Reflect v7 to the latest edition (free - latest release)

New features/changes of Macrium Reflect v7 can be found here:

Link: Macrium Reflect Patch Details

Upgraded GlassWire ELITE to the latest stable release which is v2.2.268

New features/changes of GlassWire v2.2.268 can be found here:

Link: GlassWire Software Version Changes List

Upgraded Revo Uninstaller Pro Portable from v4.3.8 to v4.4

New features/changes of Revo Uninstaller Pro Portable Pro v4.4 can be found here:

Link: Revo Uninstaller Pro - History

Adguard Premium (paid - latest release - lifetime license) upgraded from v7.5.2 to latest build which is v7.5.3

New features/changes of Adguard Premium v7.5.3 can be found here:

Link: Versions history | AdGuard

Upgraded RoboForm for Windows RoboForm for Business (highly secure and locked down) from v8.9.5 to latest release which is v9.1.0.

New features/changes of RoboForm for Windows RoboForm for Business v9.1.0 can be found here:

Link: RoboForm for Windows Version News

Upgraded Sticky Password for Windows from v8.2.8.6 to latest release which is v8.2.8.7

New features/changes of Sticky Password for Windows v8.2.8.7 can be found here:

Link: Windows release notes | Sticky Password

Acronis True Image 2021 upgraded to Build35860

New features/changes of Acronis True Image Build 35860 can be found here:

Link: Release notes - List of Changes - 42226
Feedback Response

Most critical feedback

Staff Notes
  1. This setup may cause performance issues, system instability or conflicts between programs, and can hinder the effectiveness of the installed antivirus products.

Lightning_Brian

Level 15
Verified
Content Creator
Sep 1, 2017
731
Why do you also have multiple password managers?

@Handsome Recluse Happy new year friend! Great question!

Answer:

I use different password managers for the following reasons:
  1. Company I have
  2. Personal Use
  3. Backup use
  4. Company I work for
I will not say which one I use for personal use, but I do recommend all of them in their highly locked down and secure state. I encourage you and everyone at MT to research their cool and innovative ways. FYI before someone goes all crazy and says "Brian you should use Bitwarden or LastPass" I will say that I have used those password managers and those are nice as well. I just so happen to like the ones I'm using for my own use cases.

Confirmed here on my personal testing recently some days ago:
Cloudflare's "Malware and Adult Content Blocking" blocks almost none URL delivering fresh malware!

Beside NextDNS, Quad9 seems to be the best DNS service to block malware, 3rd place for CleanBrowsing.

@silversurfer Happy New Year! Great points here. If I had to choose a DNS provider Quad9 would be my go to for usage. However, I think I failed to go deeper into my security setup to say that I use Windscribe on just about everything. My phone, computers, my network gear etc. is all set up to run through Windscribe in multiple hops. No I do not experience any slowdowns nor any issues by doing this. The hop locations are actually very close to me and my speed actually is a little bit better compared to what my ISP provides - yes my network gear helps a bit on this side too. Long story short so no one goes into loopy land the speed is just a few Mbps better not some crazy high number.

Some folks may not be aware they can set up their network gear to run on Windscribe. Here is the link to some setup guides: Windscribe

Norton 360 will be very hard to bypass in real-life situations. It’s possible to bypass it if you are a malware hunter, but under normal circumstances, it provides great protection.
VS might not be so beneficial.

@McMcbrad You are very correct about this! Highly unlikely that Norton 360 in the out of the box setup can be bypassed in real-life situations much less in my current configuration.

As per my note in my security configuration I don't always have VS turned on 24/7/365; however, in use cases I find it still very beneficial. I worked with Norton to confirm out a few things. @danb I'm sure you know Norton works well with VS. Hats off to your hard work there @danb !

Perhaps you @McMcbrad and others are correct that VS may not be fully needed. However, in use cases I can and do see a great want/need for VS still present on the system. As some would say - to each his own! I do not foresee VS going anywhere any time from my systems.

As you said in one of your postings @danb
VS has always been about making application whitelisting user-friendly for the masses.
I couldn't agree more! VS is very user-friendly for the masses. @danb Keep up the great work you are doing! You are helping the cyber security community and making a big impact too.

My question for all friends of MT:

Given the little more info about my network setup with Windscribe - do I need the DNS settings? I'm not a uber duber expert in all things VPN; however, my IT experence and saying 'no DNS setup isn't needed with Windscribe'. However, could it help??! Thoughts!?

Thanks!
Brian
 

danb

From VoodooShield
Verified
Developer
May 31, 2017
962
Norton 360 will be very hard to bypass in real-life situations. It’s possible to bypass it if you are a malware hunter, but under normal circumstances, it provides great protection.
VS might not be so beneficial.
I promise you, anyone who has ran VS for a while and has decided to uninstall it for one reason or another, will ultimately find themselves in a situation where they wish their computer was locked when they are about to click on something they are unsure of.

Automatically allowing unknown arbitrary code is foolish.
 

Lightning_Brian

Level 15
Verified
Content Creator
Sep 1, 2017
731
What's yall' thoughts about uBlock Origin + Adguard for extensions for Firefox? I know the two compete and deal with the same things. Been a long time user of both, but mainly one at a time not together. Does anyone have any thoughts on this?

On the topic of web browser add-ons any other recommendations beyond what I am using today?

What I am using today:

Firefox: HTTPS Everywhere, AdGuard AdBlocker, Windscribe VPN, and NoScript

Thanks in advance for your thoughts!
~Brian
 

Gandalf_The_Grey

Level 50
Verified
Trusted
Content Creator
Apr 24, 2016
3,908
First with Firefox HTTPS Everywhere is redundant see HTTPS-Only Mode in Firefox below:

uBlock Origin and AdGuard together is a waste of resources IMO, they both try to do the same (and like you I like them both).

uBlock Origin is lighter on resources and its real plus are the advanced modes, but since you are also using NoScript I don't think the advanced modes add something for you.
About advanced blocking modes: gorhill/uBlock

AdGuard is a good AdBlocker and IMO parses the cosmetic filters a little better, so you have a cleaner filtered webpage. Its plus comes from the stealth mode.
About stealth mode: In-depth features overview: AdGuard Browser extension

So, IMO loose HTTPS Everywhere and turn its functionality on in Firefox. Choose for yourself between AdGuard and uBlock Origin and use one of them together with NoScript.
Or use uBlock Origin in medium mode and you can even loose NoSctipt... it's up to you :D
 

Cortex

Level 26
Verified
Aug 4, 2016
1,500
I promise you, anyone who has ran VS for a while and has decided to uninstall it for one reason or another, will ultimately find themselves in a situation where they wish their computer was locked when they are about to click on something they are unsure of.

Automatically allowing unknown arbitrary code is foolish.
With full & total respect to you and your opinions, I have never found myself in that scenario you have described - I found VS a pain in the posterior & don't miss it at all - Maybe I don't click on things I'm unsure of?
 

danb

From VoodooShield
Verified
Developer
May 31, 2017
962
With full & total respect to you and your opinions, I have never found myself in that scenario you have described - I found VS a pain in the posterior & don't miss it at all - Maybe I don't click on things I'm unsure of?
It's cool, thank you for letting me know! How long ago did you try VS? Do you install a lot of new software? Do you change a lot of settings from the default? Do you remember what kind of blocks you were encountering? The vast majority of users (mainly novice and intermediate) do not install a lot of new programs, so they rarely encounter a VS block. The reason I know this is because I still service a lot of endpoints for local clients, most that are running VS, and I like to review the logs to see what was blocked.

If you ever get a chance to try VS again, please let me know what blocks you encounter. There might be a chance that we can further reduce unwanted blocks. Obviously, we want to reduce the unwanted blocks as much as possible, but also ensure the computer is secure by blocking items that need to be blocked.
 

Lightning_Brian

Level 15
Verified
Content Creator
Sep 1, 2017
731
First with Firefox HTTPS Everywhere is redundant see HTTPS-Only Mode in Firefox below:

uBlock Origin and AdGuard together is a waste of resources IMO, they both try to do the same (and like you I like them both).

uBlock Origin is lighter on resources and its real plus are the advanced modes, but since you are also using NoScript I don't think the advanced modes add something for you.
About advanced blocking modes: gorhill/uBlock

AdGuard is a good AdBlocker and IMO parses the cosmetic filters a little better, so you have a cleaner filtered webpage. Its plus comes from the stealth mode.
About stealth mode: In-depth features overview: AdGuard Browser extension

So, IMO loose HTTPS Everywhere and turn its functionality on in Firefox. Choose for yourself between AdGuard and uBlock Origin and use one of them together with NoScript.
Or use uBlock Origin in medium mode and you can even loose NoSctipt... it's up to you :D

Thanks @Gandalf_The_Grey ! Good recommendations that helped solidify what I was thinking too after playing around with some stuff today!

Any other recommendations for extensions for the world of Firefox and or otherwise?

Thanks again,
Brian
 

Gandalf_The_Grey

Level 50
Verified
Trusted
Content Creator
Apr 24, 2016
3,908
Thanks @Gandalf_The_Grey ! Good recommendations that helped solidify what I was thinking too after playing around with some stuff today!

Any other recommendations for extensions for the world of Firefox and or otherwise?

Thanks again,
Brian
Any time (y)
No not really any other recommendations, I try (but sometimes fail) to keep it simple and light.
Does Norton 360 add an extension to your browsers, and do you use or deinstall them?
IMO and adblocker and a password manager are the most important.
I also use (but in Edge) Microsoft Editor (spelling and grammar check) and the extension installed by the AV I use or if there is none installed Bitdefender TrafficLight.
 

Lightning_Brian

Level 15
Verified
Content Creator
Sep 1, 2017
731
Any time (y)
No not really any other recommendations, I try (but sometimes fail) to keep it simple and light.
Does Norton 360 add an extension to your browsers, and do you use or deinstall them?
IMO and adblocker and a password manager are the most important.
I also use (but in Edge) Microsoft Editor (spelling and grammar check) and the extension installed by the AV I use or if there is none installed Bitdefender TrafficLight.
Norton has its 'bloat' that I don't install or use at all. My password managers - I don't even install those for various reasons (call me paranoid). I use the secure copy and erase from clipboard functionalities.

Any other recommendations that you'd like to recommend?

Anyone have any other thoughts for my setup?

Thanks for all of the help!

~Brian
 
Top