Basic Security Nighthax's Security Config 2021

Last updated
Mar 12, 2021
How it's used?
For home and private use
Operating system
Windows 10
Other operating system
Dual boot w/Fedora
On-device encryption
Log-in security
Security updates
Allow security updates and latest features
User Access Control
Always notify
Smart App Control
Network firewall
Real-time security
Comodo Internet Security Premium (Free), Immunet 7, Malwarebytes Anti-Exploit, NoVirusThanks OSArmor
Firewall security
About custom security
NoVirusThanks SysHardener, Hard Configurator, O&O ShutUp10, W10Privacy, Winaero Tweaker (Plus tweaks in gpedit.msc)
Periodic malware scanners
Emsisoft Emergency Kit, HitmanPro, Malwarebytes AdwCleaner, Microsoft Safety Scanner, Norton Power Eraser, Eset Online Scanner
Malware sample testing
Browser(s) and extensions
Browsers: Hardened Firefox, LibreWolf, Ungoogled-Chromium
Addons: uMatrix, uBlock Origin, Privacy Badger, Decentraleyes, Neat URLs, HTTPS Everywhere
Search: Searx & DuckDuckGo
Secure DNS
Always-on VPN DNS
Desktop VPN
AirVPN, NordVPN, Mullvad, ProtonVPN (frequently hop to different providers).
Password manager
KeePassXC (local copy) & Bitwarden
Maintenance tools
BleachBit, Storage Sense, WinDirStat
File and Photo backup
Spare drives
System recovery
None - Reinstall OS if something goes wrong.
Risk factors
    • Browsing to popular websites
    • Opening email attachments
    • Downloading software and files from reputable sites
    • Browsing to unknown / untrusted / shady sites
    • Sharing and receiving files and torrents
    • Working from home
    • Gaming
    • Streaming audio/video content from trusted sites or paid subscriptions
    • Streaming audio/video content from shady sites
    • Downloading malware samples
Computer specs
Previously CyberPowerPC (only remaining parts from them are case and GPU)
MSI B550-A ProSeries AM4 ATX motherboard
AMD Ryzen 3 3100 @ 4.325GHZ 1.15v
AMD XFX Single-fan RX560 2GB @ Slight occasionally used OC (usually @ stock)
Team Group T-Force 16GB 3200MHZ DDR4 ram (2x8gb)
120gb SanDisk SATA 6GBPS SSD (boot drive)
1tb WD Blue 7200RPM (main file drive)
Various spare drives for backup
Notable changes
(3/12/2021)
-Set Windows Update to automatic
-Installed VMWare Player for malware testing in a VM
-Enabled Comodo's web protection
-Removed NoVirusThanks SysHardener
-Set UAC to "Always Notify"
What I'm looking for?

Looking for medium feedback.

Notes by Staff Team
  1. This setup may cause performance issues, system instability or conflicts between programs, and can hinder the effectiveness of the installed antivirus products.

realnighthax

New Member
Thread author
Nov 3, 2018
4
My security config as of today. Recently switched from Eset to this because it's cheaper this way :p. Malware samples are only downloaded to the PC once in a while to extract them from a zip file and see how the setup fares. I do pay attention to not running them unless I'm in a VM. Feedback greatly appreciated, not sure how well these two real-time apps will perform, considering both have signatures that leave something to be desired (but hopefully Comodo's HIPS makes up for it).

It should be noted that I currently have web protection disabled in Comodo for privacy reasons. Any suggestions on decent (and privacy-friendly) ways of blocking malicious and phishing URLs greatly appreciated!
 
Last edited:

harlan4096

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,635
@realnighthax:

You may set UAC to Always Notify.

Comodo Internet Security Premium (Free), Immunet 7, Malwarebytes Anti-Exploit, NoVirusThanks OSArmor
So many products in real-time, looks excessive/overkill...

In Personal Files & Photos backup, consider also cloud services.

In Device recovery & backup, You may add a full Image System BackUp solution: Macrium Reflect Free or AOEMI Backupper, both are free and reliable.

In Malware research, please use a Virtual Machine.

In Browsers, You can avoid some unnecessary add-ons...

A PassWord Manager would be welcome also.

Please kindly reflect Your changes editing Your config, and announcing them here, thanks for sharing :)
 
F

ForgottenSeer 85179

It should be noted that I currently have web protection disabled in Comodo for privacy reasons.
Doesn't make sense. Trust the product or uninstall it.

Any suggestions on decent (and privacy-friendly) ways of blocking malicious and phishing URLs greatly appreciated!
Windows internal Defender.

- Also reduce your browser extensions and take a look at Edge.
- Change also Windows updates to automatically for higher security.
- take a look at Windows VM / Subsystem so you doesn't need dual boot.
- for DNS I recommend NextDNS. I also wrote a guide: Tutorial - NextDNS: a DoH/ DoT guide
- with Hard_Configurator you doesn't need NoVirusThanks SysHardener
- instead of using third-party "Privacy" tools, use Windows internal settings and policies for privacy. With your Enterprise you can control everything
- more recommendations if you want
 

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
The cost of ESET vs Multiple paid VPN. Slimming these down may save you more in the long run. Do you use double-hop feature?

Are those on-demand scanners for your VM, or host PC because you download malicious software?
 
Last edited:

realnighthax

New Member
Thread author
Nov 3, 2018
4
(3/12/2021)
-Set Windows Update to automatic
-Installed VMWare Player for malware testing in a VM
-Enabled Comodo's web protection
-Removed NoVirusThanks SysHardener
-Set UAC to "Always Notify"

Which extensions do you recommend I remove? I think Privacy Badger is probably redundant with uMatrix and uBO installed.

Didn't change the DNS since changing the DNS of my VPN would probably be more of a DNS leak than anything else.

I would use backup software for my OS, but either way I do plenty of reinstalls because I don't like keeping the same install for very long. In the event that my install breaks and I need an OS quickly, I just boot into Fedora, since the only thing I'll lose by doing that is the ability to play some video games :p

I changed some wording in the Custom RTP, Firewall and OS settings to clear that up a little.

The cost of ESET vs Multiple paid VPN. Slimming these down may save you more in the long run. Do you use double-hop feature?

Are those on-demand scanners for your VM, or host PC because you download malicious software?
Usually I won't use multiple providers at once to save $. I just hop between them in order to try all of them out.
Those on-demand scanners are for my host PC because I do probably install more sketchy software than I should.
As always, feedback greatly appreciated!
 

Kongo

Level 35
Verified
Top Poster
Well-known
Feb 25, 2017
2,481
(3/12/2021)
-Set Windows Update to automatic
-Installed VMWare Player for malware testing in a VM
-Enabled Comodo's web protection
-Removed NoVirusThanks SysHardener
-Set UAC to "Always Notify"

Which extensions do you recommend I remove? I think Privacy Badger is probably redundant with uMatrix and uBO installed.

Didn't change the DNS since changing the DNS of my VPN would probably be more of a DNS leak than anything else.

I would use backup software for my OS, but either way I do plenty of reinstalls because I don't like keeping the same install for very long. In the event that my install breaks and I need an OS quickly, I just boot into Fedora, since the only thing I'll lose by doing that is the ability to play some video games :p

I changed some wording in the Custom RTP, Firewall and OS settings to clear that up a little.


Usually I won't use multiple providers at once to save $. I just hop between them in order to try all of them out.
Those on-demand scanners are for my host PC because I do probably install more sketchy software than I should.
As always, feedback greatly appreciated!
Still overkill in real-time. Keep Comodo and remove Immunet and Malwarebytes Anti Exploit. OSArmor might be worth keeping.

About Decentraleyes: Browser Add-on - LocalCDN and Decentraleyes are both dead on Firefox

HTTPS Everywhere isn't needed on Firefox, as it has an HTTPS-Only-Mode built in: Firefox 83 introduces HTTPS-Only Mode – Mozilla Security Blog

What settings does Win10Privacy change that ShutUp10 doesn't?

uMatrix doesn't receive updates anymore and Ublock Origin can do pretty much the same in advanced mode:
 

realnighthax

New Member
Thread author
Nov 3, 2018
4
Still overkill in real-time. Keep Comodo and remove Immunet and Malwarebytes Anti Exploit. OSArmor might be worth keeping.

About Decentraleyes: Browser Add-on - LocalCDN and Decentraleyes are both dead on Firefox

HTTPS Everywhere isn't needed on Firefox, as it has an HTTPS-Only-Mode built in: Firefox 83 introduces HTTPS-Only Mode – Mozilla Security Blog

What settings does Win10Privacy change that ShutUp10 doesn't?

uMatrix doesn't receive updates anymore and Ublock Origin can do pretty much the same in advanced mode:
My reasoning for installing Immunet was that I figured Comodo's signatures are usually not as good as others so I'd give it some help with ClamAV + Cisco's engines. Are you sure that I do not need Immunet, even with Comodo's poor signatures?

Will remove Decentraleyes/LocalCDN.
As for W10Privacy and ShutUp10, I've mostly switched to W10Privacy but keep ShutUp10 installed anyways, just in case.
I've kept uMatrix installed because it's just easy to use, and I don't see much of a reason to stop using it just yet. Maybe if it stops working or gets an exploit I'll stop using it but for now I think it works fine.
 
  • Like
Reactions: Kongo

Kongo

Level 35
Verified
Top Poster
Well-known
Feb 25, 2017
2,481
My reasoning for installing Immunet was that I figured Comodo's signatures are usually not as good as others so I'd give it some help with ClamAV + Cisco's engines. Are you sure that I do not need Immunet, even with Comodo's poor signatures?
I think that you shouldn't be using Comodo Internet Security if you just need it's firewall component. Uninstall Comodo Internet Security and install Comodo Firewall.
If you want a combo then I'd recommend using WiseVector StopX which is quite popular in this forum. It's based on AI and doesn't require any signatures. This will be the future approach for many AVs and Immunet can't keep up with WiseVector's protection anyway.
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top