Advanced Plus Security nefty1029 Personal Laptop Security Config 2020

[nefty1029]

Hello, it has been a while since I have updated my configuration. Recently I have purchased the Adguard Family Plan since I have heard many good things about it. I want to know which addons I should remove in my browsers to prevent redundancy and conflicts. I am also open for other suggestions in improving my configuration.

 

[harlan4096]

Overkill in browser add-ons, thanks for sharing

 

[ForgottenSeer 85179]

Too many browser extensions
replace PiHole with NextDNS if possible at router level
Speedyfox isn't needed for non-Firefox browser

Keep your system program-clean as much as possible

 

[oldschool]

Overkill in browser add-ons

This ...

thanks for sharing

... and this.

 

[Moonhorse]

Main: Vivaldi with the following extensions:

1. Adam:ONE Assistant
2. Bookmarks clean up
3. Certificate Info
4. ClearURLs
5. Decentraleyes
6. HTTPS Everywhere
7. IDN Safe
8. Microsoft Defender Browser Protection
9. Nano Adblocker
10. Nano Defender
11. Netcraft Extension
12. Birdefender TrafficLight

 

[Cortex]

IMO If you have AdGuard Desk, you don't need browser adblockers etc - it's worth spending some time setting AdGuard up.

 

[Gandalf_The_Grey]

Like others said, way too many browser extensions, but to add one, no password manager?
And like @Cortex says not needed with AdGuard properly setup.
If you want to protect your browsers from visiting phishing pages and downloading malware Bitdefender TrafficLight is the one to keep.
Against malware better than Netcraft and doesn't let you download parts of it before blocking like the Microsoft Defender Browser Protection.

 

[nefty1029]

With Adguard Desktop, what other addons can it replace, other than nano adblocker?

 

[nefty1029]

Main: Vivaldi with the following extensions:

1. Adam:ONE Assistant
2. Bookmarks clean up
3. Certificate Info
4. ClearURLs
5. Decentraleyes
6. HTTPS Everywhere
7. IDN Safe
8. Microsoft Defender Browser Protection
9. Nano Adblocker
10. Nano Defender
11. Netcraft Extension
12. Birdefender TrafficLight

Removed most of the extensions from Vivaldi. Is there any reason why HTTPS Everywhere and Bitdefender Trafficlight should be removed?

 

[nefty1029]

Too many browser extensions

I was able to remove some of my browser extensions from Vivaldi.

replace PiHole with NextDNS if possible at router level

What advantages would NextDNS have over Pi-Hole?
Wouldn't adding some Malware Domain lists allow Pi-Hole to block most malwares?

Speedyfox isn't needed for non-Firefox browser

Removed Speedyfox based on your suggestion.
Wouldn't Chromium based browsers benefit from Speedyfox, since Speedyfox supports them?

 

[ForgottenSeer 85179]

What advantages would NextDNS have over Pi-Hole?
Wouldn't adding some Malware Domain lists allow Pi-Hole to block most malwares?

NextDNS use features PiHole can't use like blocking disgusting CNAME tracker by default, better compatibility with CDN's, blocking easy categories like Facebook, and more.
See NextDNS added CNAME Uncloaking support, becomes the first cross-platform solution to the problem

Also PiHole has some security problems like missing HTTPS for web interface, no 2FA, ..

Wouldn't Chromium based browsers benefit from Speedyfox, since Speedyfox supports them?

Don't know but don't think so. Such tools create in worst case data corruption or other problems with required then a browser profile reset.

 

[HarborFront]

With Adguard Desktop, what other addons can it replace, other than nano adblocker?

Add only extensions that Adguard for Desktop not handling like IDN Safe, Keyboard Privacy, LocalCDN, ScriptSafe, CSS Exfil Protection, BP Privacy Block All Font and Glyph Detection etc. Make sure the extensions are supported by your browsers.

HTTPS Everywhere extension is not so useful if you always surf HTTPS sites. Moreover some HTTP sites cannot be changed to HTTPS sites and that makes it even less useful.

Unless you surf many HTTP sites and you find the sites changed to HTTPS then it's useful. Another usefulness of HTTPS Everywhere is when you surf HTTPS sites with mixed content i.e. you have HTTP links inside the HTTPS site. There's a feature inside it to handle this.

The combo of Netcraft Extension and Nano Adblocker offers more than what Bitdefender Trafficlight can thus making the latter irrelevant

 

[nefty1029]

NextDNS use features PiHole can't use like blocking disgusting CNAME tracker by default, better compatibility with CDN's, blocking easy categories like Facebook, and more.
See NextDNS added CNAME Uncloaking support, becomes the first cross-platform solution to the problem

I checked NextDNS. It looks nice, however using DNSBench, I seem to get better performance with my Pi-Hole setup.
I will probably stick with my Pi-Hole setup for now, but I will consider using NextDNS soon.
Last time I checked the Pi-Hole news, they are experimenting on CNAME filters as noted here, though
using NextDNS is probably easier.

 

[Moonhorse]

Removed most of the extensions from Vivaldi. Is there any reason why HTTPS Everywhere and Bitdefender Trafficlight should be removed?

You can use either bitdefender trafficlight alone or netcraft + WDBP together

Trafficlight = phishing, malware, scam filter
Netcraft = advanced phishing
WDBP = probably agressive against pup/pua stuff
You have chrome safe browsing also in vivaldi

Its up to you wich you use though

About https everywhere, most sites use https anyways so its kinda redundant, just enable ://flags instead to enforce connection to 1.1 1.0 tls and change treatment for http pages to non secure, its all fine unless you login to unsecure sites

Aswell the https everywhere force all pages to https will still leak mixed images , when with firefox you can enable https only mode that is more advanced than the extension itself

But if you like the extension go with it, i just see it useless unless youre using tor

 

[Brahman]

I checked NextDNS. It looks nice, however using DNSBench, I seem to get better performance with my Pi-Hole setup.
I will probably stick with my Pi-Hole setup for now, but I will consider using NextDNS soon.
Last time I checked the Pi-Hole news, they are experimenting on CNAME filters as noted here, though
using NextDNS is probably easier.

Nextdns offers real-time Threat Intelligence Feeds ( similar to snort IDS rules) and DNS Rebinding Protection which pi-hole can't provide.

 

[nefty1029]

You can use either bitdefender trafficlight alone or netcraft + WDBP together

Trafficlight = phishing, malware, scam filter
Netcraft = advanced phishing
WDBP = probably agressive against pup/pua stuff
You have chrome safe browsing also in vivaldi

Its up to you wich you use though

About https everywhere, most sites use https anyways so its kinda redundant, just enable ://flags instead to enforce connection to 1.1 1.0 tls and change treatment for http pages to non secure, its all fine unless you login to unsecure sites

Aswell the https everywhere force all pages to https will still leak mixed images , when with firefox you can enable https only mode that is more advanced than the extension itself

But if you like the extension go with it, i just see it useless unless youre using tor

Thanks for your reply. I will keep this in mind.

Nextdns offers real-time Threat Intelligence Feeds ( similar to snort IDS rules) and DNS Rebinding Protection which pi-hole can't provide.

I actually like most of the features in NextDNS but I will still use Pi-Hole for now.

 

[Brahman]

Thanks for your reply. I will keep this in mind.


I actually like most of the features in NextDNS but I will still use Pi-Hole for now.

There is a way to keep both your local dns cache and nextdns. You can install adguard home in raspberry pi ( it's better than pi hole). You can install local block lists just like pihole and you can also enable dns over https/ tls. Adguard home supports adding external dns server for dns queries thus you can specify nextdns entry in "dns settings'.

 

[nefty1029]

There is a way to keep both your local dns cache and nextdns. You can install adguard home in raspberry pi ( it's better than pi hole). You can install local block lists just like pihole and you can also enable dns over https/ tls. Adguard home supports adding external dns server for dns queries thus you can specify nextdns entry in "dns settings'.

Thanks for your reply, I will watch the video.