Advanced Plus Security Numeriku's Security Configuration 2022

Last updated
Aug 9, 2022
Use case
For personal use
Shared with
No one
Desktop OS
Windows 10
Windows OS SKU
Home
Login Unlock
    • Passwordless PIN or Biometrics
Sign-in with
Microsoft account
Primary user
Administrator rights - Full permissions that can perform harmful changes
OS updates
Automatic updates
Windows UAC
Always notify
Network firewall
Always-on protection
Avast Premium Security (Hardened Mode)
ISP - Issued router flashed with dd-wrt with wifi disabled & connected using an ethernet cable to the pc.
Firewall
Third-party App Firewall. (Details shared below)
Custom RT/Firewall security
Firewall Hardening by Andyful (lolbins)
O&O ShutUp10++ - All on recommended set.
Simple Windows Hardening.
Memory Integrity is turned on.
Malware testing
No malware samples
Periodic scanning
Norton Power Eraser
Emsisoft Emergency Kit
Secure DNS
Real Site by Avast
VPN
Avast Secureline VPN
Password manager
Bitwarden
Browsers and Extensions
Chrome with ublock origin.
Search - duckduckgo
Utilities for Maintenance
Hibit Uninstaller Tools to clean pc monthly.
Files & Photos backup
Google Drive
Files & Photos backup routine
Manual
Emergency recovery plan
Create a bi-monthly backup using macrium reflect free uploaded to hetzner storage box so if my machine ever gets infected and unusable, I won't lose everything.
Integrity of recovery plan
Tasks performed
    • Browsing the web
    • Receiving, sending and opening email attachments
    • Buying goods from online stores, entering card details and addresses
    • Logging into personal banking to check statements and payments
    • Downloading software from reputable sites
    • Sharing and receiving files and torrents
    • Watching movies and TV series via subscriptions
    • Streaming audio and videos from sites
Computer specs
  • Acer Predator G3-710
  • Intel Core i7 6700 @ 3.40GHz
  • NVIDIA GeForce GTX 970
  • 32.0GB Dual-Channel DDR4
  • 238GB LITEON CV1-8B256 (SATA (SSD))
    1863GB Seagate ST2000DM008-2FR102 (SATA (SSD))
Notable changes
  1. Added simple windows hardening (thank you securekongo)
  2. Downgraded back to windows 10
  3. Removed winaero tweaker.
  4. Switched to next DNS from cloudflare dns
  5. Added Checkmal's Appcheck
  6. Switched search from google to duckduckgo
  7. Switched back again to cloudflare dns.
  8. Switched back search to google
  9. Removed appcheck anti ransomware.
  10. Added NeuShield Data Sentinel
  11. Replaced NeuShield Data Sentinel with Kaspersky's anti ransomware tool
  12. Removed KART and F-Secure, replaced with Avast Premium Security.
Feedback response

I am partially satisfied. General feedback is greatly appreciated, to make improvements to my overall security / privacy.

Numeriku

Level 2
Thread author
Mar 13, 2022
59
Consider adding Simple Windows Hardening for additional malicious scrip protection. Also, you chose the wrong option in the category "Software Firewall" :)
Fixed that, i assume that windows defender firewall is the correct option. Thanks.

Yeah, I've been reading about Simple windows hardening, my primary concern is that I have to whitelist programs manually but is that worth it to have in a daily use PC?
 

Numeriku

Level 2
Thread author
Mar 13, 2022
59
Added Simple Windows Hardening (thanks to @SecureKongo & @Back3 for convincing me)

1660070923435.png
 

Numeriku

Level 2
Thread author
Mar 13, 2022
59
absolutely not. It won't provide any security and it will make browsing extremely slow as it is huge. You should not use any security filter in block origin.
I tried like you said on ublock and it does slow down browsing, also tried it through nextdns and it's working great with no noticeable slowdown, will keep testing for a couple of days to see if I will keep using it.
 
F

ForgottenSeer 94943

Decided to revert my windows 11 due to the fact my hardware is unsupported, tried it out but saw no major differences, and now back to windows 10.
Good decision. Usually people rush to upgrade because they always want the latest and "greatest". In Windows 11 case, it is not the greatest. Windows 10 is more mature and is capable of doing everything so why upgrade?
 

Kongo

Level 30
Verified
Top poster
Well-known
Feb 25, 2017
1,987
Moved back to Cloudflare DNS, I think with the existing filters in ublock and O&O ShutUp10++, it is just adding redundant layers of blocking.
I mean if you set up NextDNS on your router or system-wide it even blocks ads and trackers within applications. Cloudflare DNS doesn't have that option. Furthermore one of the strenghts of NextDNS are the security filter lists. But if you prefer Cloudflare then that's okay too. Never had any problems with Cloudflare either.
 
F

ForgottenSeer 94943

I mean if you set up NextDNS on your router or system-wide it even blocks ads and trackers within applications. Cloudflare DNS doesn't have that option. Furthermore one of the strenghts of NextDNS are the security filter lists. But if you prefer Cloudflare then that's okay too. Never had any problems with Cloudflare either.
I do agree that NextDNS is a great option. Unfortunately, my ISP provided router does not support changing the DNS. Thus, add NextDNS manually to secure DNS settings in my browsers. The windows client had DNS leak issues for me. Apparently, my ISP is so aggressive against changing DNS.

NextDNS with Osid filter is superb.
 

Numeriku

Level 2
Thread author
Mar 13, 2022
59
I mean if you set up NextDNS on your router or system-wide it even blocks ads and trackers within applications. Cloudflare DNS doesn't have that option. Furthermore one of the strenghts of NextDNS are the security filter lists. But if you prefer Cloudflare then that's okay too. Never had any problems with Cloudflare either.
Yeah, it is nice to use, but 99.9% of my time is on the browser and DNS-based adblocker doesn't block certain sites that have video ads like youtube, as for security, already have f-secure browser protection and some filters from browser-based AdBlock unlock origin. Didn't really abandon it though, on my other router for phones, smart tv & console, I switched it to next dns as I think it would be better for those kinds of devices.
 
  • Like
Reactions: Back3 and Kongo
Top