Basic Security Nighthax's Security Config 2021

Last updated
Mar 12, 2021
About
Personal, primary device
Additional PC users
Not shared with other users
Desktop OS
Windows 10
Linux distro
Dual boot w/Fedora
OS edition
Enterprise
Login security
    • Password (Aa-Zz, 0-9, Symbols)
Primary sign-in
Local account
Primary user
Admin user - Full permissions
Other users
Security updates
Automatic - allow all types of updates
Windows UAC
Maximum - always notify
Network firewall
ISP-issued router
Real-time protection
Comodo Internet Security Premium (Free), Immunet 7, Malwarebytes Anti-Exploit, NoVirusThanks OSArmor
Software firewall
Provided by a third-party security vendor. Refer to 'Real-time protection' for details.
Custom RTP, Firewall and OS settings
NoVirusThanks SysHardener, Hard Configurator, O&O ShutUp10, W10Privacy, Winaero Tweaker (Plus tweaks in gpedit.msc)
Malware testing
Periodic security scanners
Emsisoft Emergency Kit, HitmanPro, Malwarebytes AdwCleaner, Microsoft Safety Scanner, Norton Power Eraser, Eset Online Scanner
Secure DNS
Always-on VPN DNS
VPN
AirVPN, NordVPN, Mullvad, ProtonVPN (frequently hop to different providers).
Password manager
KeePassXC (local copy) & Bitwarden
Browsers, Search and Addons
Browsers: Hardened Firefox, LibreWolf, Ungoogled-Chromium
Addons: uMatrix, uBlock Origin, Privacy Badger, Decentraleyes, Neat URLs, HTTPS Everywhere
Search: Searx & DuckDuckGo
Maintenance and Cleaning
BleachBit, Storage Sense, WinDirStat
Personal Files & Photos backup
Spare drives
Personal backup routine
Manual (maintained by self)
Device recovery & backup
None - Reinstall OS if something goes wrong.
Device backup routine
None
PC activity
  1. Browsing the web. 
  2. Emails. 
  3. Downloading software. 
  4. Browsing to unknown sites. 
  5. File sharing and torrents. 
  6. Working from home. 
  7. PC and cloud gaming. 
  8. Multimedia. 
  9. Streaming. 
  10. Malware samples. 
Computer specs
Previously CyberPowerPC (only remaining parts from them are case and GPU)
MSI B550-A ProSeries AM4 ATX motherboard
AMD Ryzen 3 3100 @ 4.325GHZ 1.15v
AMD XFX Single-fan RX560 2GB @ Slight occasionally used OC (usually @ stock)
Team Group T-Force 16GB 3200MHZ DDR4 ram (2x8gb)
120gb SanDisk SATA 6GBPS SSD (boot drive)
1tb WD Blue 7200RPM (main file drive)
Various spare drives for backup
Personal changelog
(3/12/2021)
-Set Windows Update to automatic
-Installed VMWare Player for malware testing in a VM
-Enabled Comodo's web protection
-Removed NoVirusThanks SysHardener
-Set UAC to "Always Notify"
Feedback Response

General feedback

Staff Notes
  1. This setup may cause performance issues, system instability or conflicts between programs, and can hinder the effectiveness of the installed antivirus products.

realnighthax

New Member
Thread author
Nov 3, 2018
4
My security config as of today. Recently switched from Eset to this because it's cheaper this way :p. Malware samples are only downloaded to the PC once in a while to extract them from a zip file and see how the setup fares. I do pay attention to not running them unless I'm in a VM. Feedback greatly appreciated, not sure how well these two real-time apps will perform, considering both have signatures that leave something to be desired (but hopefully Comodo's HIPS makes up for it).

It should be noted that I currently have web protection disabled in Comodo for privacy reasons. Any suggestions on decent (and privacy-friendly) ways of blocking malicious and phishing URLs greatly appreciated!
 
Last edited:

harlan4096

Moderator
Verified
Staff member
Malware Hunter
Well-known
Apr 28, 2015
7,912
@realnighthax:

You may set UAC to Always Notify.

Comodo Internet Security Premium (Free), Immunet 7, Malwarebytes Anti-Exploit, NoVirusThanks OSArmor
So many products in real-time, looks excessive/overkill...

In Personal Files & Photos backup, consider also cloud services.

In Device recovery & backup, You may add a full Image System BackUp solution: Macrium Reflect Free or AOEMI Backupper, both are free and reliable.

In Malware research, please use a Virtual Machine.

In Browsers, You can avoid some unnecessary add-ons...

A PassWord Manager would be welcome also.

Please kindly reflect Your changes editing Your config, and announcing them here, thanks for sharing :)
 
F

ForgottenSeer 85179

It should be noted that I currently have web protection disabled in Comodo for privacy reasons.
Doesn't make sense. Trust the product or uninstall it.

Any suggestions on decent (and privacy-friendly) ways of blocking malicious and phishing URLs greatly appreciated!
Windows internal Defender.

- Also reduce your browser extensions and take a look at Edge.
- Change also Windows updates to automatically for higher security.
- take a look at Windows VM / Subsystem so you doesn't need dual boot.
- for DNS I recommend NextDNS. I also wrote a guide: Tutorial - NextDNS: a DoH/ DoT guide
- with Hard_Configurator you doesn't need NoVirusThanks SysHardener
- instead of using third-party "Privacy" tools, use Windows internal settings and policies for privacy. With your Enterprise you can control everything
- more recommendations if you want
 

Spawn

Administrator
Verified
Staff Member
Jan 8, 2011
21,060
The cost of ESET vs Multiple paid VPN. Slimming these down may save you more in the long run. Do you use double-hop feature?

Are those on-demand scanners for your VM, or host PC because you download malicious software?
 
Last edited:

realnighthax

New Member
Thread author
Nov 3, 2018
4
(3/12/2021)
-Set Windows Update to automatic
-Installed VMWare Player for malware testing in a VM
-Enabled Comodo's web protection
-Removed NoVirusThanks SysHardener
-Set UAC to "Always Notify"

Which extensions do you recommend I remove? I think Privacy Badger is probably redundant with uMatrix and uBO installed.

Didn't change the DNS since changing the DNS of my VPN would probably be more of a DNS leak than anything else.

I would use backup software for my OS, but either way I do plenty of reinstalls because I don't like keeping the same install for very long. In the event that my install breaks and I need an OS quickly, I just boot into Fedora, since the only thing I'll lose by doing that is the ability to play some video games :p

I changed some wording in the Custom RTP, Firewall and OS settings to clear that up a little.

The cost of ESET vs Multiple paid VPN. Slimming these down may save you more in the long run. Do you use double-hop feature?

Are those on-demand scanners for your VM, or host PC because you download malicious software?
Usually I won't use multiple providers at once to save $. I just hop between them in order to try all of them out.
Those on-demand scanners are for my host PC because I do probably install more sketchy software than I should.
As always, feedback greatly appreciated!
 

SecureKongo

Level 28
Verified
Top poster
Well-known
Feb 25, 2017
1,728
(3/12/2021)
-Set Windows Update to automatic
-Installed VMWare Player for malware testing in a VM
-Enabled Comodo's web protection
-Removed NoVirusThanks SysHardener
-Set UAC to "Always Notify"

Which extensions do you recommend I remove? I think Privacy Badger is probably redundant with uMatrix and uBO installed.

Didn't change the DNS since changing the DNS of my VPN would probably be more of a DNS leak than anything else.

I would use backup software for my OS, but either way I do plenty of reinstalls because I don't like keeping the same install for very long. In the event that my install breaks and I need an OS quickly, I just boot into Fedora, since the only thing I'll lose by doing that is the ability to play some video games :p

I changed some wording in the Custom RTP, Firewall and OS settings to clear that up a little.


Usually I won't use multiple providers at once to save $. I just hop between them in order to try all of them out.
Those on-demand scanners are for my host PC because I do probably install more sketchy software than I should.
As always, feedback greatly appreciated!
Still overkill in real-time. Keep Comodo and remove Immunet and Malwarebytes Anti Exploit. OSArmor might be worth keeping.

About Decentraleyes: Browser Add-on - LocalCDN and Decentraleyes are both dead on Firefox

HTTPS Everywhere isn't needed on Firefox, as it has an HTTPS-Only-Mode built in: Firefox 83 introduces HTTPS-Only Mode – Mozilla Security Blog

What settings does Win10Privacy change that ShutUp10 doesn't?

uMatrix doesn't receive updates anymore and Ublock Origin can do pretty much the same in advanced mode:
 

realnighthax

New Member
Thread author
Nov 3, 2018
4
Still overkill in real-time. Keep Comodo and remove Immunet and Malwarebytes Anti Exploit. OSArmor might be worth keeping.

About Decentraleyes: Browser Add-on - LocalCDN and Decentraleyes are both dead on Firefox

HTTPS Everywhere isn't needed on Firefox, as it has an HTTPS-Only-Mode built in: Firefox 83 introduces HTTPS-Only Mode – Mozilla Security Blog

What settings does Win10Privacy change that ShutUp10 doesn't?

uMatrix doesn't receive updates anymore and Ublock Origin can do pretty much the same in advanced mode:
My reasoning for installing Immunet was that I figured Comodo's signatures are usually not as good as others so I'd give it some help with ClamAV + Cisco's engines. Are you sure that I do not need Immunet, even with Comodo's poor signatures?

Will remove Decentraleyes/LocalCDN.
As for W10Privacy and ShutUp10, I've mostly switched to W10Privacy but keep ShutUp10 installed anyways, just in case.
I've kept uMatrix installed because it's just easy to use, and I don't see much of a reason to stop using it just yet. Maybe if it stops working or gets an exploit I'll stop using it but for now I think it works fine.
 
  • Like
Reactions: SecureKongo

SecureKongo

Level 28
Verified
Top poster
Well-known
Feb 25, 2017
1,728
My reasoning for installing Immunet was that I figured Comodo's signatures are usually not as good as others so I'd give it some help with ClamAV + Cisco's engines. Are you sure that I do not need Immunet, even with Comodo's poor signatures?
I think that you shouldn't be using Comodo Internet Security if you just need it's firewall component. Uninstall Comodo Internet Security and install Comodo Firewall.
If you want a combo then I'd recommend using WiseVector StopX which is quite popular in this forum. It's based on AI and doesn't require any signatures. This will be the future approach for many AVs and Immunet can't keep up with WiseVector's protection anyway.
 
Last edited: