Advanced Security oldschool's 2023 surfing laptop configuration

Last updated
May 23, 2023
How it's used?
For home and private use
OS (desktop)
Windows 11
Other OS (desktop)
Home
On-device encryption
None
Log-in security
    • Biometrics (Windows Hello PIN, Apple TouchID)
Security updates
Automatic - allow security updates
Windows UAC
Always notify
Windows 11 SAC
On
WiFi network firewall
Router firewall is On
Real-time security
Windows Security
Firewall security
Microsoft Defender Firewall
About custom security
MS Defender set to Max
Platform & Engine update Beta channel
Smart App Control enabled manually
Custom exploit protection | All system settings ON
Firewall Hardening rules applied
RunBySmartscreen
Windows Spy Blocker rules applied
Periodic malware scanners
EEK | KVRT
Malware sample testing
I do not participate in malware testing
Environment for malware testing
N/A
Browser(s) and extensions
Chrome | Adguard | Chrome flags | Startpage
Firefox I µBO | Startpage
Secure DNS
Cloudfare DNS
VPN & Protocol used
None
Password manager
Maintenance tools
Windows built-in
File and Photo backup
Copy/Paste
System recovery
Wiindows built-in | Aomei Backupper Pro Lifetime
Risk factors
    • Browsing to popular websites
    • Opening email attachments
    • Buying from online stores, entering banks card details
    • Downloading software and files from reputable sites
    • Streaming audio/video content from trusted sites or paid subscriptions
    • Streaming audio/video content from shady sites
Computer specs
Lenovo L340 Intel(R) Core(TM) i3-8145U CPU @ 2.10GHz 2.30 GHz 8.00 GB RAM 1TB HDD
Notable changes
22-12-5 Reverted to MS Defender.
23-1-21 Refreshed Windows with SAC in evaluation mode.
23-2-2 Clean Windows installation
23-2-18 SAC user-enabled on
27-2-23 Added Chrome for the lack of 'feature' bloat.
28-2-23 Changed default browser to Chrome
21-3-23 Changed Quad9 to NextDNS
What I'm looking for?

Looking for minimum feedback.

oldschool

Level 76
Thread author
Top Poster
Well-known
Mar 29, 2018
6,505
New year. Same simple setup.

Edge flags:
1641081536065.png
Exploit protection (thanks to @Umbra). These haven't broken anything yet, e.g. extensions crashing.
Code:
- for Brave, Edge and Firefox:

Block low integrity images - ON
Block remote images - ON
Block untrusted fonts - ON
Control flow guard (CFG) - ON
Data execution prevention (DEP) - ON + Enable thunk emulation - CHECKED
Disable extension points - ON
Force randomization for images (Mandatory ASLR) - ON + Do not allow stripped images - CHECKED
Randomize memory allocations (Bottom-up ASLR) - ON
Validate exception chains (SEHOP) - ON
Validate handle usage - ON
Validate heap integrity - ON
Validate image dependency integrity - ON

ADD for Edge Chromium only:

Code integrity guard - ON (with or without Also allow images signed by M$ Store CHECKED)
 
Last edited:

Gandalf_The_Grey

Level 71
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
5,933
I had printer issues after making exceptions. I uninstall when I encounter issues like this. Windows built-in = less problems.
Yes, a good decision (y)
Keeping things simple is lost art, but I can understand that on a security forum.
We hear of all those threats and there are so many toys to play with...
 

cliffspab

Level 4
Verified
Well-known
Oct 4, 2019
174
It's just like every Windows before it. It does all the same stuff in pretty much the same way, but you'll tell yourself it's a solid step in the right direction as ultimately everyone will have to upgrade and it's stupid to be the last man standing if you're interested in technology, right?
 

Antimalware18

Level 10
Verified
Well-known
Jan 17, 2014
485
If you dont mind me asking, I've noticed your using Emsisoft's browser protection, I was wondering why as opposed to something like Malwarebytes?
In my admitted limited testing Emsisoft's was good but not quite on the level as Malwarebyte's
But great setup either way (y)(y)
 

oldschool

Level 76
Thread author
Top Poster
Well-known
Mar 29, 2018
6,505
Upgraded to W11. I'm happy with it and see no reason to go back to 10.

And I was one of those put off by the early reports, thinking "W10 till '25"! ;)
There is a principle which is a bar against all information, which is proof against all arguments and which cannot fail to keep a man in everlasting ignorance - that principle is contempt prior to investigation.
- Herbert Spencer
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top