SECURITY: Complete oldschool's 2020 laptop setup

Last updated
Dec 12, 2020
About
Personal, primary device
Desktop OS
Windows 10
Login security
    • Password (Aa-Zz, 0-9, Symbols)
Primary sign-in
Local account
Primary user
Standard user - Limited permissions
Security updates
Automatic - allow all types of updates
Windows UAC
Maximum - always notify
Real-time protection
AVG Internet Security v. 20.10.3157
Software firewall
Microsoft Defender Firewall
Custom RTP, Firewall and OS settings
Default settings + Hardened Mode
Malware testing
No malware samples
Periodic security scanners
Hitman Pro (paid)
Browsers, Search and Addons
Brave/Brave Nightly --> Brave Shields + ClearURLs + LocalCDN
Edge Chromium --> Strict Tracking Protection + ClearURLs + LocalCDN
Maintenance and Cleaning
Windows built-in
Personal Files & Photos backup
Copy/Paste --> Free Agent drive
Personal backup routine
Device recovery & backup
Aomei Backupper Pro --> image monthly or as needed
System protection --> restore points as needed @ app or data changes
Device backup routine
PC activity
  1. Browsing the web. 
  2. Browsing to unknown sites. 
  3. Working from home. 
  4. Multimedia. 
  5. Streaming. 
Computer specs
Lenovo L340 i3 8145U CPU @ 2.10 GHz 2.300 GHz 8GB DDR4 RAM 1 TB HDD
Personal changelog
5/3/20 --> Removed Bitdefender and back to Windows Defender --> Updated RunBySmartscreen
May 2020 ---> various small changes
3 June, 2020 --> updated to W10 2004
7 June 2020 --> rolled back to 1909
23 August 2020 --> Added LocalCDN to browsers
27 August 2020 --> Removed µBO in Edge
31 August 2020 --> Removed Bitdefender Free
--------------------> Reverted to Windows Defender
--------------------> Removed Trafficlight and added Malwarbytes Browser Guard
7 September 2020 --> Removed Malwarebytes Browser Guard
Later in September --> Enabled Google SafeBrowsing in Brave

blackice

Level 32
Verified
Apr 1, 2019
2,179
With a fresh install of 2004 my boot times are the same or faster. Of course, that comes with the time intensive task of a fresh install. I didn’t have boot slowdown when I updated, and I think the issue I encountered was already present pre-update, just windows store breaking things the way windows store does.
 

oldschool

Level 59
Verified
Mar 29, 2018
4,807
With a fresh install of 2004 my boot times are the same or faster. Of course, that comes with the time intensive task of a fresh install. I didn’t have boot slowdown when I updated, and I think the issue I encountered was already present pre-update, just windows store breaking things the way windows store does.
I changed my power plan back to balanced and will check startup. What's the difference between a clean install and a "Reset this PC + remove everything?"

I still think it's the Intel updates prior to 2004. Once I reverted to 1909 I got those again immediately. My boot time is not horrible, it just seems a tad slower than before those.
 

blackice

Level 32
Verified
Apr 1, 2019
2,179
I changed my power plan back to balanced and will check startup. What's the difference between a clean install and a "Reset this PC + remove everything?"

I still think it's the Intel updates prior to 2004. Once I reverted to 1909 I got those again immediately. My boot time is not horrible, it just seems a tad slower than before those.
Honestly it seemed like the reset and remove everything took longer than a format and install. I did the reset and remove. I couldn't find a lot of information from M$ explaining the true difference. I think with the reset you don't need a boot media, and obviously with a format and reinstall you need a thumbdrive or disk with bootable installer, if I remember it just used the drive for the reset.
 

oldschool

Level 59
Verified
Mar 29, 2018
4,807
I couldn't find a lot of information from M$ explaining the true difference.
I've never found anything definitive either.

BTW I updated BIOS and some Lenovo drivers thanks to @Gandalf_The_Grey's post in my cloning suggestions thread. I haven't noticed any difference. I think Windows simply continues to eat up resources no matter what ...
 

Protomartyr

Level 7
Verified
Sep 23, 2019
322
Nope. All built-in configuration options equivalent to ConfigureDefender High. No 3rd party security apps.
I plan on doing this down the road as well. Once 2004 becomes stable, I'll upgrade from Home to Pro, then clean install and do everything manually using built-in settings.
Do you have a list of what group policy settings you have configured?

For now, I'll just play around with them in a VM to test and eventually transfer everything over to my main system.
 

Protomartyr

Level 7
Verified
Sep 23, 2019
322
I'd definitely love to see a list. I was digging through the ConfigureDefender manual to see if there were any mentions of what each setting in CD translates to group policy but sadly there doesn't seem to be any references. The only thing I could find was the following:
The tabs: MAPS, MpEngine, Real-time Protection, Reporting, Scan, Spynet, and Windows Defender Exploit Guard, should be inspected before using the utility, if some settings are switched ensure they are set back to the defaults.
So at least I know where to look.
 

oldschool

Level 59
Verified
Mar 29, 2018
4,807
Back to the Romanian Wolf-dragon
BD2015_Wallpaper_2560x1600-V2.png
due to Windows Defender issues with Network Inspection Service.
 

oldschool

Level 59
Verified
Mar 29, 2018
4,807
Re-enabled µBO in medium mode and added Trace to Brave.

Trace settings --> configured to supplement Brave built-in privacy protection.
  • All Main Protections enabled
  • All Advanced Protections enabled except Cookie Eater and Google Header Removal
  • URL Tracking Cleaner enabled
  • All 3 Web Request Settings disabled as these are handled by µBO and ClearURLs
I find Trace's Web Request Settings are poorly executed, and I doubt that I would like them any more in the paid version. My 2 cents.
 
Last edited:

oldschool

Level 59
Verified
Mar 29, 2018
4,807
After some trial and error I've reconfigured Trace settings for set-and-forget use. No whitelisting or per-site configuration required. This setup is primarily for fingerprinting protection and should work well on Chromium browsers with any adblocker. YMMV.
  • All Main Protections Enabled
  • E-Tag Tracking Protection Enabled All other Main Protections Disabled
  • All Web Request Settings Disabled as these are handled by µBO and ClearURLs
Edit/Update: I removed this from Brave since it's duplicative/overkill, and have it installed only in Ungoogled Chromium
 
Last edited:

klepto

Level 1
Jun 14, 2020
47
Re-enabled µBO in medium mode and added Trace to Brave.

Trace settings --> configured to supplement Brave built-in privacy protection.
  • All Main Protections enabled
  • All Advanced Protections enabled except Cookie Eater and Google Header Removal
  • URL Tracking Cleaner enabled
  • All 3 Web Request Settings disabled as these are handled by µBO and ClearURLs
I find Trace's Web Request Settings are poorly executed, and I doubt that I would like them any more in the paid version. My 2 cents.

I didn't know about trace, very interesting. I'm curious about which browser you use the most. I have yet to use Edge because I'm sure disabling the privacy eroding telemetry would be a chore.
 

oldschool

Level 59
Verified
Mar 29, 2018
4,807
I didn't know about trace,
It covers fingerprinting pretty thorougly but I don't know about it Web Request antitracking feature as I haven't enabled it. I've already quit using it in Brave because it overlaps with built-in protections and ClearURLs. It would be great for Edge, but it's incompatible with the latest version.

I'm curious about which browser you use the most.
Brave/Brave Nightly (y)
 

blackice

Level 32
Verified
Apr 1, 2019
2,179
Actually, I started using µBO again mostly for cookie notices - and today I discovered Easlylist-Cookie List filter in Brave Adblock. So now I'm back to built-in adblocking. I'm embarassed to admit it. Too much time on my hands, testing this and that. 😵🤯
We’ve all been there these days. I’m glad you shared the cookie notice. I’ll be ticking that box next time I’m on my machines.
 
Top