SECURITY: Complete nefty1029 Personal Laptop Security Config 2020

Last updated
Aug 12, 2020
About device
Primary device
Operating system
Windows 10
Sign-in identity
Sign-in with Microsoft account
Log-in security
Permissions
Administrator user account
Security updates
Automatic - allow security updates only
Windows UAC
Maximum - always notify
Malware samples
No - malware is not downloaded
Firewall protection
Microsoft Defender Firewall
Real-time malware protection
Microsoft Defender
RTP & OS hardening settings
Configure Defender at High Settings
Periodic scanning
Malwarebytes Free
Hitman Pro
Browsers
Adguard Desktop has been installed in this PC.

Main: Vivaldi with the following extensions:
  1. ClearURLs
  2. Microsoft Defender Browser Protection
  3. Adguard Extension
  4. Netcraft Extension
  5. Birdefender TrafficLight
Backup: Edge Browser with Flags enabled based on this Thread:
  1. Birdefender TrafficLight
  2. Netcraft Extension
  3. Adguard extension
Optimisation apps
  • Windows Disk Cleaner
  • HD Sentinel Pro Portable
  • PatchmyPC
  • Process Lasso
  • USB Safely Remove
  • Revo Uninstaller Pro
My Files & Photos backup
Online: Dropbox, OneDive
Local: Bvckup 2, FreeFileSync through NAS
My Files backup schedule
Manual - specific days to the cloud, or local attached storage
Device recovery & settings
Aomei Backupper
Device backup schedule
Computer specifications
ASUS ROG Zephyrus G15 GA502IU AZ077T
  • AMD Ryzen™ 7 4800HS
  • NVIDIA® GeForce® GTX 1660 Ti 6GB
  • 512GB SSD PCIE NVMe
  • 8GB DDR4
Device activity usage
  1. Computer games
  2. Financial and sensitive documents
  3. Generic web browsing
  4. Downloading files from unfamiliar sites
  5. Video and photo editing
Your changelog
17 August -
Also . SpeedyFox has also been removed. Repl
  • Made some corrections.
  • Added Password Manager, since I did not see this field when creating this thread.
  • Removed some extensions based on Moonhorse suggestion.
  • SpeedyFox has been removed.
  • Replaced Nano Adblocker with Adguard extension, with Adguard Desktop installed in this PC

nefty1029

Level 1
Mar 13, 2018
24
Hello, it has been a while since I have updated my configuration. Recently I have purchased the Adguard Family Plan since I have heard many good things about it. I want to know which addons I should remove in my browsers to prevent redundancy and conflicts. I am also open for other suggestions in improving my configuration.
 
Last edited:

Moonhorse

Level 29
Verified
Content Creator
May 29, 2018
1,853
Main: Vivaldi with the following extensions:
  1. Adam:ONE Assistant
  2. Bookmarks clean up
  3. Certificate Info
  4. ClearURLs
  5. Decentraleyes
  6. HTTPS Everywhere
  7. IDN Safe
  8. Microsoft Defender Browser Protection
  9. Nano Adblocker
  10. Nano Defender
  11. Netcraft Extension
  12. Birdefender TrafficLight
 

Gandalf_The_Grey

Level 42
Verified
Trusted
Content Creator
Apr 24, 2016
3,111
Like others said, way too many browser extensions, but to add one, no password manager?
And like @Cortex says not needed with AdGuard properly setup.
If you want to protect your browsers from visiting phishing pages and downloading malware Bitdefender TrafficLight is the one to keep.
Against malware better than Netcraft and doesn't let you download parts of it before blocking like the Microsoft Defender Browser Protection.
 

nefty1029

Level 1
Mar 13, 2018
24
Main: Vivaldi with the following extensions:
  1. Adam:ONE Assistant
  2. Bookmarks clean up
  3. Certificate Info
  4. ClearURLs
  5. Decentraleyes
  6. HTTPS Everywhere
  7. IDN Safe
  8. Microsoft Defender Browser Protection
  9. Nano Adblocker
  10. Nano Defender
  11. Netcraft Extension
  12. Birdefender TrafficLight
Removed most of the extensions from Vivaldi. Is there any reason why HTTPS Everywhere and Bitdefender Trafficlight should be removed?
 

nefty1029

Level 1
Mar 13, 2018
24
Too many browser extensions
I was able to remove some of my browser extensions from Vivaldi.

replace PiHole with NextDNS if possible at router level
What advantages would NextDNS have over Pi-Hole?
Wouldn't adding some Malware Domain lists allow Pi-Hole to block most malwares?

Speedyfox isn't needed for non-Firefox browser

Removed Speedyfox based on your suggestion.
Wouldn't Chromium based browsers benefit from Speedyfox, since Speedyfox supports them?
 

SecurityNightmares

Level 31
Verified
Jan 9, 2020
2,064
What advantages would NextDNS have over Pi-Hole?
Wouldn't adding some Malware Domain lists allow Pi-Hole to block most malwares?
NextDNS use features PiHole can't use like blocking disgusting CNAME tracker by default, better compatibility with CDN's, blocking easy categories like Facebook, and more.
See NextDNS added CNAME Uncloaking support, becomes the first cross-platform solution to the problem

Also PiHole has some security problems like missing HTTPS for web interface, no 2FA, ..


Wouldn't Chromium based browsers benefit from Speedyfox, since Speedyfox supports them?
Don't know but don't think so. Such tools create in worst case data corruption or other problems with required then a browser profile reset.
 

HarborFront

Level 57
Verified
Content Creator
Oct 9, 2016
4,607
With Adguard Desktop, what other addons can it replace, other than nano adblocker?
Add only extensions that Adguard for Desktop not handling like IDN Safe, Keyboard Privacy, LocalCDN, ScriptSafe, CSS Exfil Protection, BP Privacy Block All Font and Glyph Detection etc. Make sure the extensions are supported by your browsers.

HTTPS Everywhere extension is not so useful if you always surf HTTPS sites. Moreover some HTTP sites cannot be changed to HTTPS sites and that makes it even less useful.

Unless you surf many HTTP sites and you find the sites changed to HTTPS then it's useful. Another usefulness of HTTPS Everywhere is when you surf HTTPS sites with mixed content i.e. you have HTTP links inside the HTTPS site. There's a feature inside it to handle this.

The combo of Netcraft Extension and Nano Adblocker offers more than what Bitdefender Trafficlight can thus making the latter irrelevant
 
Last edited:

nefty1029

Level 1
Mar 13, 2018
24
NextDNS use features PiHole can't use like blocking disgusting CNAME tracker by default, better compatibility with CDN's, blocking easy categories like Facebook, and more.
See NextDNS added CNAME Uncloaking support, becomes the first cross-platform solution to the problem
I checked NextDNS. It looks nice, however using DNSBench, I seem to get better performance with my Pi-Hole setup.
I will probably stick with my Pi-Hole setup for now, but I will consider using NextDNS soon.
Last time I checked the Pi-Hole news, they are experimenting on CNAME filters as noted here, though
using NextDNS is probably easier.
 

Moonhorse

Level 29
Verified
Content Creator
May 29, 2018
1,853
Removed most of the extensions from Vivaldi. Is there any reason why HTTPS Everywhere and Bitdefender Trafficlight should be removed?
You can use either bitdefender trafficlight alone or netcraft + WDBP together

Trafficlight = phishing, malware, scam filter
Netcraft = advanced phishing
WDBP = probably agressive against pup/pua stuff
You have chrome safe browsing also in vivaldi

Its up to you wich you use though

About https everywhere, most sites use https anyways so its kinda redundant, just enable ://flags instead to enforce connection to 1.1 1.0 tls and change treatment for http pages to non secure, its all fine unless you login to unsecure sites

Aswell the https everywhere force all pages to https will still leak mixed images , when with firefox you can enable https only mode that is more advanced than the extension itself

But if you like the extension go with it, i just see it useless unless youre using tor
 

JoyousBudweiser

Level 10
Verified
Aug 22, 2013
471
I checked NextDNS. It looks nice, however using DNSBench, I seem to get better performance with my Pi-Hole setup.
I will probably stick with my Pi-Hole setup for now, but I will consider using NextDNS soon.
Last time I checked the Pi-Hole news, they are experimenting on CNAME filters as noted here, though
using NextDNS is probably easier.
Nextdns offers real-time Threat Intelligence Feeds ( similar to snort IDS rules) and DNS Rebinding Protection which pi-hole can't provide.
 

nefty1029

Level 1
Mar 13, 2018
24
You can use either bitdefender trafficlight alone or netcraft + WDBP together

Trafficlight = phishing, malware, scam filter
Netcraft = advanced phishing
WDBP = probably agressive against pup/pua stuff
You have chrome safe browsing also in vivaldi

Its up to you wich you use though

About https everywhere, most sites use https anyways so its kinda redundant, just enable ://flags instead to enforce connection to 1.1 1.0 tls and change treatment for http pages to non secure, its all fine unless you login to unsecure sites

Aswell the https everywhere force all pages to https will still leak mixed images , when with firefox you can enable https only mode that is more advanced than the extension itself

But if you like the extension go with it, i just see it useless unless youre using tor
Thanks for your reply. I will keep this in mind.

Nextdns offers real-time Threat Intelligence Feeds ( similar to snort IDS rules) and DNS Rebinding Protection which pi-hole can't provide.
I actually like most of the features in NextDNS but I will still use Pi-Hole for now.
 

JoyousBudweiser

Level 10
Verified
Aug 22, 2013
471
Thanks for your reply. I will keep this in mind.


I actually like most of the features in NextDNS but I will still use Pi-Hole for now.
There is a way to keep both your local dns cache and nextdns. You can install adguard home in raspberry pi ( it's better than pi hole). You can install local block lists just like pihole and you can also enable dns over https/ tls. Adguard home supports adding external dns server for dns queries thus you can specify nextdns entry in "dns settings'.
 

nefty1029

Level 1
Mar 13, 2018
24
There is a way to keep both your local dns cache and nextdns. You can install adguard home in raspberry pi ( it's better than pi hole). You can install local block lists just like pihole and you can also enable dns over https/ tls. Adguard home supports adding external dns server for dns queries thus you can specify nextdns entry in "dns settings'.
Thanks for your reply, I will watch the video.
 
  • Like
Reactions: Cortex and Nevi
Top