Advanced Plus Security n8chavez's System Configuration 2022

Last updated
May 20, 2022
How it's used?
For home and private use
Operating system
Windows 11
On-device encryption
Log-in security
    • Biometrics (Windows Hello PIN, TouchID, Face, Iris, Fingerprint)
Security updates
Allow security updates and latest features
User Access Control
Notify me only when programs try to make changes to my computer
Smart App Control
Network firewall
Real-time security
  1. Sandboxie Plus (via RAM drive)
  2. VoodooShield
  3. Windows Security (hardened)
  4. AdGuard for Windows
Firewall security
Microsoft Defender Firewall
About custom security
Binisoft's Windows Firewall Control GUI
Periodic malware scanners
HitmanPro
Malware sample testing
I do not participate in malware testing
Browser(s) and extensions
Vivaldi
addons: ViolentMonkey, Dark Reader, jshelter
Secure DNS
NextDNS
Desktop VPN
Mullvad
Password manager
Keepass with Password and keyfile along with Keepass2Android
Maintenance tools
Not much needed, other than winget. Everything that has internet connectivity is configured via sandboxie to clean out cache/changes at close.
File and Photo backup
Changed files are backup up daily via rclone to an encrypted GDrive and Mega.nz; including music, video, documents, installer files, photos, ISOs, ebooks and disk images
System recovery
System images (partitions required for my system to boot) are created daily and automatically via scheduled scripts using Terabyte's Image for Windows. Full images are created weekly, and differential images are created daily.
Risk factors
    • Working from home
    • Browsing to popular websites
    • Opening email attachments
    • Buying from online stores, entering banks card details
    • Downloading software and files from reputable sites
    • Sharing and receiving files and torrents
    • Gaming
    • Streaming audio/video content from trusted sites or paid subscriptions
    • Streaming audio/video content from shady sites
Computer specs
  • Hardware
    • Motherboard: MSI MS-7A59
    • GPU: MSI GTX 1060 GAMING X
    • Memory: 32 GBytes @ 1499.3 MHz (DDR4-2998 / PC4-23900)
    • Storage: Disk 1 Toshiba Serial ATA 6Gb/s @ 6Gb/s 5TB @ 7200RPM, Disk 2 Toshiba Serial ATA 6Gb/s @ 6Gb/s 8TB @ 5425RPM, Disk 3 Samsung SSD 860 EVO 1TB SSD
    • CPU Brand Name:Intel(R) Core(TM) i7-7700K CPU @ 4.20GHz
      CPU Vendor:GenuineIntel
      CPU Stepping:B0
      CPU Code Name:Kaby Lake-S
      CPU Technology:14 nm
      CPU S-Spec:SR33A
Notable changes
  1. Replaced Waterfox with Vivaldi
    1. Added jshelter
    2. Eliminated uBo
    3. Eliminated Bitwarden
  2. Added VoodooShield
  3. Added AdGuard for Windows
What I'm looking for?

Looking for medium feedback.

n8chavez

Level 16
Thread author
Well-known
Feb 26, 2021
785
Here is my system configuration. I try to automate as much as possible, from imaging my SSD to rcloning data backups to an encrypted GDrive. From a security standpoint, I try to keep things proactive, not reactive. I do not use malware scanners, or any third party anti-malware software.

Let me know what you think!
 

n8chavez

Level 16
Thread author
Well-known
Feb 26, 2021
785
Nice config. Consider setting UAC to "Max" to prevent UAC bypasses. Also consider picking a second additional scanner next to HitmanPro as it can't detect scripting malware for example. :)

Thanks! But that's where VoodooShield comes into play; it detects anything running on my system and prompts me. There's no need for both UAC @ max and VS, since theyr do the same thing.
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
Either VoodooShield or something like OSArmor. Both are very good.

Any smart default-deny setup. There are many good choices: SRP, anti-EXE, Comodo auto-sandbox, etc.
Simply, if one blocks/contains something by default then it cannot elevate or it is contained in the sandbox.:)(y)

Edit.
OSArmor might have to be highly tweaked if one would like to skip UAC on MAX.
 
Last edited:
  • Like
Reactions: Gandalf_The_Grey

n8chavez

Level 16
Thread author
Well-known
Feb 26, 2021
785
Any smart default-deny setup. There are many good choices: SRP, anti-EXE, Comodo auto-sandbox, etc.
Simply, if one blocks/contains something by default then it cannot elevate or it is contained in the sandbox.:)(y)

Edit.
OSArmor might have to be highly tweaked if one would like to skip UAC on MAX.

Yuuup. But, after all, we are a community of tweakers! :sneaky:
 
  • Like
Reactions: Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
Any of the mentioned solutions (including VS) will be stronger with UAC MAX in the postinfection stage. But, most users who like such solutions will not be probably infected, at all.
 
  • Like
Reactions: harlan4096

n8chavez

Level 16
Thread author
Well-known
Feb 26, 2021
785
Any of the mentioned solutions (including VS) will be stronger with UAC MAX in the postinfection stage. But, most users who like such solutions will not be probably infected, at all.
Any setup has to balance security with usability. If not why don't we all disconnect and turn off our systems? They would be completely secure then!
 
  • Like
Reactions: Andy Ful

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top