Advanced Plus Security n8chavez's System Configuration 2022

Last updated
May 20, 2022
Use case
For personal use
Shared with
No one
Desktop OS
Windows 11
Windows OS SKU
Pro
Login Unlock
    • Passwordless PIN or Biometrics
Sign-in with
Microsoft account
Primary user
Administrator rights - Full permissions that can perform harmful changes
OS updates
Automatic updates
Windows UAC
Notify me only when programs try to make changes to my computer
Network firewall
ISP-issued router [Mod: depreciated - please choose another option]
Always-on protection
  1. Sandboxie Plus (via RAM drive)
  2. VoodooShield
  3. Windows Security (hardened)
  4. AdGuard for Windows
Firewall
Microsoft Defender Firewall (Windows 11 & 10)
Custom RT/Firewall security
Binisoft's Windows Firewall Control GUI
Malware testing
No malware samples
Periodic scanning
HitmanPro
Secure DNS
NextDNS
VPN
Mullvad
Password manager
Keepass with Password and keyfile along with Keepass2Android
Browsers and Extensions
Vivaldi
addons: ViolentMonkey, Dark Reader, jshelter
Utilities for Maintenance
Not much needed, other than winget. Everything that has internet connectivity is configured via sandboxie to clean out cache/changes at close.
Files & Photos backup
Changed files are backup up daily via rclone to an encrypted GDrive and Mega.nz; including music, video, documents, installer files, photos, ISOs, ebooks and disk images
Files & Photos backup routine
Automatic
Emergency recovery plan
System images (partitions required for my system to boot) are created daily and automatically via scheduled scripts using Terabyte's Image for Windows. Full images are created weekly, and differential images are created daily.
Integrity of recovery plan
Tasks performed
    • Working from home
    • Browsing the web
    • Receiving, sending and opening email attachments
    • Buying goods from online stores, entering card details and addresses
    • Downloading software from reputable sites
    • Sharing and receiving files and torrents
    • PC games, mods and cloud-based gaming
    • Watching movies and TV series via subscriptions
    • Streaming audio and videos from sites
Computer specs
  • Hardware
    • Motherboard: MSI MS-7A59
    • GPU: MSI GTX 1060 GAMING X
    • Memory: 32 GBytes @ 1499.3 MHz (DDR4-2998 / PC4-23900)
    • Storage: Disk 1 Toshiba Serial ATA 6Gb/s @ 6Gb/s 5TB @ 7200RPM, Disk 2 Toshiba Serial ATA 6Gb/s @ 6Gb/s 8TB @ 5425RPM, Disk 3 Samsung SSD 860 EVO 1TB SSD
    • CPU Brand Name:Intel(R) Core(TM) i7-7700K CPU @ 4.20GHz
      CPU Vendor:GenuineIntel
      CPU Stepping:B0
      CPU Code Name:Kaby Lake-S
      CPU Technology:14 nm
      CPU S-Spec:SR33A
Notable changes
  1. Replaced Waterfox with Vivaldi
    1. Added jshelter
    2. Eliminated uBo
    3. Eliminated Bitwarden
  2. Added VoodooShield
  3. Added AdGuard for Windows
Feedback response

I am partially satisfied. General feedback is greatly appreciated, to make improvements to my overall security / privacy.

n8chavez

Level 11
Thread author
Well-known
Feb 26, 2021
543
Here is my system configuration. I try to automate as much as possible, from imaging my SSD to rcloning data backups to an encrypted GDrive. From a security standpoint, I try to keep things proactive, not reactive. I do not use malware scanners, or any third party anti-malware software.

Let me know what you think!
 

n8chavez

Level 11
Thread author
Well-known
Feb 26, 2021
543
Nice config. Consider setting UAC to "Max" to prevent UAC bypasses. Also consider picking a second additional scanner next to HitmanPro as it can't detect scripting malware for example. :)

Thanks! But that's where VoodooShield comes into play; it detects anything running on my system and prompts me. There's no need for both UAC @ max and VS, since theyr do the same thing.
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top poster
Developer
Well-known
Dec 23, 2014
7,239
Either VoodooShield or something like OSArmor. Both are very good.

Any smart default-deny setup. There are many good choices: SRP, anti-EXE, Comodo auto-sandbox, etc.
Simply, if one blocks/contains something by default then it cannot elevate or it is contained in the sandbox.:)(y)

Edit.
OSArmor might have to be highly tweaked if one would like to skip UAC on MAX.
 
Last edited:
  • Like
Reactions: Gandalf_The_Grey

n8chavez

Level 11
Thread author
Well-known
Feb 26, 2021
543
Any smart default-deny setup. There are many good choices: SRP, anti-EXE, Comodo auto-sandbox, etc.
Simply, if one blocks/contains something by default then it cannot elevate or it is contained in the sandbox.:)(y)

Edit.
OSArmor might have to be highly tweaked if one would like to skip UAC on MAX.

Yuuup. But, after all, we are a community of tweakers! :sneaky:
 
  • Like
Reactions: Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top poster
Developer
Well-known
Dec 23, 2014
7,239
Any of the mentioned solutions (including VS) will be stronger with UAC MAX in the postinfection stage. But, most users who like such solutions will not be probably infected, at all.
 
  • Like
Reactions: harlan4096

n8chavez

Level 11
Thread author
Well-known
Feb 26, 2021
543
Any of the mentioned solutions (including VS) will be stronger with UAC MAX in the postinfection stage. But, most users who like such solutions will not be probably infected, at all.
Any setup has to balance security with usability. If not why don't we all disconnect and turn off our systems? They would be completely secure then!
 
  • Like
Reactions: Andy Ful
Top