Nheo_Linkin's Security Config 2017

[Nheo_Linkin]

This is my 2017's config. Not a highly security protection but it's good for performance (just a bit slow down on boot caused by Comodo)

- Reason for disabling UAC and Smartscreen Filter is for performance and privacy.
- Comodo Firewall is setup with Firewall and File Rating only.
- Any file downloaded is scanned with VT Hash before execute.

I also use OOShutup10 for other privacy problems.

 

[Parsh]

It's important to have a system backup s/w in case of corruptions or when all security measures fail. EaseUS Todo, Macrium Reflect or Veeam Endpoint are nice free tools to support that. You can automate backups.
Protection setup looks great. If you constantly deal with unknown/risky files, you can benefit from the Auto-sandbox feature of Comodo FW, or just manually sandboxing risky applications. If not, enabling OS file reputation (SmartScreen) is crucial as warning.
Consider adding 'HTTPS Everywhere' addon for Chrome/Opera and Zemana AntiMalware as on-demand scanner. It has a good cloud detection.

 

[Nheo_Linkin]

It's important to have a system backup s/w in case of corruptions or when all security measures fail. EaseUS Todo, Macrium Reflect or Veeam Endpoint are nice free tools to support that. You can automate backups.
Protection setup looks great. If you constantly deal with unknown/risky files, you can benefit from the Auto-sandbox feature of Comodo FW, or just manually sandboxing risky applications. If not, enabling OS file reputation (SmartScreen) is crucial as warning.
Consider adding 'HTTPS Everywhere' addon for Chrome/Opera and Zemana AntiMalware as on-demand scanner. It has a good cloud detection.

I am considering to use Macrium Reflect actually.
HTTPS Everywhere make my browsing time slower a lot. That's why I can not use even know how good it is.
And about "Zemana AM", I've never used it before. Does it have good offline signature? I don't trust "cloud detection" very much.

 

[Parsh]

HTTPS Everywhere make my browsing time slower a lot. That's why I can not use even know how good it is.
And about "Zemana AM", I've never used it before. Does it have good offline signature? I don't trust "cloud detection" very much.

I didn't notice a considerable delay by HTTPS Everywhere myself. Are you sure it is the one causing slowdowns in loading pages?
Well, its time to change your mind regarding cloud protection. Multi-engine Zemana works on cloud only and has good detection ratios, specially for trojans, adware, spyware and other riskware that AVs generally miss. In fact, its paid real-time protection uses Pandora Technology that offers enhanced protection, but at the cost of some FPs.

 

[Exterminator]

First and foremost you should seriously consider some type of system & data backup solution.
Consider elevating UAC to max.
Consider turning on Smartscreen.
I would remove System Mechanic and then install CCleaner.
Other than the backup issue you have a nice config! Thanks for sharing it

 

[Nheo_Linkin]

First and foremost you should seriously consider some type of system & data backup solution.
Consider elevating UAC to max.
Consider turning on Smartscreen.

I will consider those.

I would remove System Mechanic and then install CCleaner.

Could you give me reason? I've used SM since windows 7 and have no problem with it.

 

[Exterminator]

Could you give me reason? I've used SM since windows 7 and have no problem with it.

Yes because IMO CCleaner is more than enough,it is very safe(registry editor),has essential tools and is free.
However I said "I would" so this is only my opinion and nothing against System Mechanic or your use of the product.

 

[Nheo_Linkin]

Yes because IMO CCleaner is more than enough,it is very safe(registry editor),has essential tools and is free.

Thanks for your advice. But I think I should stick with SM after quite happy long time with it.

 

[Winter Soldier]

Good realtime combo and on demand scanner tools.
I don't want to emphasize what is already said about the backup policy, but it is really necessary, if all of us had a good backup plan, the ransomware would have no reason to exist.
Thanks for sharing, nice setup

 

[DracusNarcrym]

You're fine as far as real-time protection is concerned.

It is advisable, however, that you use some sort of system imaging software to create backup images of your system.
System images can be used to restore your system to its exact state, as it was when you created the backup image. That can save you a lot of time, plus, since it's a full backup, it also backs up all installed applications/updates and even configuration/registry changes, which means you can get your computer up and running again within ~20 minutes.
Combined with data backups for your files (which you already have in your configuration), you are very well protected from nearly any malware attack (or software malfunction).

I recommend one of the following backup methods/software (Windows Backup and Restore is usually enough, unless you want extra options):

• Windows Backup and Restore

OR

• Macrium Reflect Free

OR

• Paracon Backup & Recovery Free Edition

 

[Rolo]

I never ran UAC at all with Win7; I hated the unnecessary prompts. However, it isn't the hassle it used to be and since using Win10 and UAC on max, I've gotten used to it. For things your run frequently, you can always bypass it with Task Scheduler (I do that with MyDefrag).

Without a bare-metal restore capability, you have to be comfortable with the idea of either going without your PC until you can rebuild it or be prepared to drop everything in order to rebuild it without notice. I have a desktop and a laptop, so I'm OK with losing one until I rebuild it; after a year or so, I want to reformat/reinstall rather than do a bare-metal restore anyway.

Like you, I use the cloud for irreplaceable files. You want some type of versioning, however, for if the files get scrambled/corrupted, they'll just synch to the cloud. I use MEGA manually for archives but pCloud and Windows File History for real-time versioning backups. (I've actually used that to recover from corrupted game saves).

I don't understand why almost nobody uses Windows' backup tools. They require next to zero effort but provide precisely what one needs and they're already paid for.

SmartScreen: why not?

 

[Nheo_Linkin]

I don't understand why almost nobody uses Windows' backup tools

The third- party app can manage what to be backup easier than windows back in my opinion.

SmartScreen: why not?

I set CF to block and isolate any unrecognized file already and also the 2 browsers I use are Chrome and Opera. Can Smartscreen do anything with them? I think not.
Do I underestimate Smartscreen too much?

 

[Rolo]

Can Smartscreen do anything with them? I think not.
Do I underestimate Smartscreen too much?

I thought the same thing until recently. SS works at the filesystem level as well as with IE & Edge. Even if we don't use IE/Edge, SS will still work on files upon access rather than upon download.

Additionally, there are programs (and I would expect malicious ones especially) that use IE/Edge components or will launch IE specifically, irrespective of default browser settings. This is why I have AdBlockPlusIE installed even though I don't use IE.

 

[Nheo_Linkin]

Additionally, there are programs (and I would expect malicious ones especially) that use IE/Edge components or will launch IE specifically, irrespective of default browser settings. This is why I have AdBlockPlusIE installed even though I don't use IE.

And Smartscreen can stop those kinds of program? There is a fact that if Smartscreen can block them, then AdblockPlusIE has nothing to do.

 

[Rolo]

And Smartscreen can stop those kinds of program? There is a fact that if Smartscreen can block them, then AdblockPlusIE has nothing to do.

You're mixing two different things: AdBlockPlus blocks ads. SmartScreen prompts/blocks unknown/malicious files from being executed.

 

[Nheo_Linkin]

You're mixing two different things: AdBlockPlus blocks ads. SmartScreen prompts/blocks unknown/malicious files from being executed.

No, I'm not. You mentioned about some programs (expecially malicious ones) will launch IE, etc right? Is that why you use Adblock to block them from openning mallious websites?
That's why I said if Smartscreen could block those programs then Adblock had nothing to deal with.

 

[Rolo]

No, I'm not. You mentioned about some programs (expecially malicious ones) will launch IE, etc right? Is that why you use Adblock to block them from openning mallious websites?
That's why I said if Smartscreen could block those programs then Adblock had nothing to deal with.

No. AdblockPlusIE is to....block....ads...in.....IE.

Too many people treat adblockers as anti-malware solutions; they are not. The do block SOME malicious sites but by not means an anti-anything solution. For clients, I use it more for a "don't click on stuff" measure. (As in, don't click on stuff you aren't visiting that site for.)

Let's say, for the sake of argument, that there is a lot of overlap: it isn't 100%, so having both isn't completely redundant. It's not like you install uBlock Origin (et. al.) and then decide that you don't need any other security software since nothing unwanted will get through.

This is called "fortress mentality" and it is a vulnerability that, when exploited, guarantees the keys to the castle.

 

[JM Safe]

Please enable SmartScreen, it is very important to avoid infections. Add HTTPS Everywhere, Disconnect.

Follow suggestions about CCleaner and backups.

Thanks for sharing.

 

[Nheo_Linkin]

25/2/2017 UPDATED

Thanks for your suggestions. Really appreciated!

 

[JM Safe]

25/2/2017 UPDATED

Thanks for your suggestions. Really appreciated!

Please update your "Content Blocker" field, because you use uBlock Origin.