Advanced Security oldschool's surfing laptop configuration

Last updated
Nov 20, 2024
How it's used?
For home and private use
Operating system
Windows 11
Other operating system
Windows Pro
On-device encryption
N/A
Log-in security
    • Biometrics (Windows Hello PIN, TouchID, Face, Iris, Fingerprint)
Security updates
Allow security updates
Update channels
Allow stable updates only
User Access Control
Always notify
Smart App Control
Off
Network firewall
Enabled
About WiFi router
Provided by ISP
Real-time security
Windows Security
Firewall security
Microsoft Defender Firewall
About custom security
MS Defender - Default | ASR rules | Platform & Engine Beta channel updates
All system-wide Exploit Protections enabled, plus these for Edge & Chrome.
Firewall Hardening
RunBySmartscreen
Windows Spy Blocker
Periodic malware scanners
NPE
Malware sample testing
I do not participate in malware testing
Environment for malware testing
N/A
Browser(s) and extensions
Chrome | Privacy Badger | Brave Search
Edge | Privacy Badger | Brave Search | Surf profile & secure profile
Chrome flags | Edge flags
Secure DNS
Quad9 DNS
Desktop VPN
None
Password manager
Maintenance tools
Windows built-in
File and Photo backup
Copy/Paste
Subscriptions
    • None
System recovery
Aomei Backupper Pro Lifetime - Primary
Wiindows Backup & Restore- Secondary image backup
Risk factors
    • Browsing to popular websites
    • Opening email attachments
    • Buying from online stores, entering banks card details
    • Downloading software and files from reputable sites
    • Streaming audio/video content from trusted sites or paid subscriptions
Computer specs
Lenovo L340 Intel(R) Core(TM) i3-8145U CPU @ 2.10GHz 2.30 GHz 16GB RAM 500GB SSD 1TB HDD
Notable changes
22-12-5 Reverted to MS Defender.
23-1-21 Refreshed Windows with SAC in evaluation mode.
23-2-2 Clean Windows installation
23-2-18 SAC user-enabled on
27-2-23 Added Chrome for the lack of 'feature' bloat.
28-2-23 Changed default browser to Chrome
24.2.24 Refreshed Windows and re-enabled Smart App Control
5.7.24 Performed a repair installation via Windows Update. Nice & easy!
6.10.24 Updated to 24H2 OS build 26100.1882
10.10.24 Rolled back to 23H2 due to bugs & performance
16.10.24 Added Chrome browser. Privacy Badger listed as main extension, but I also keep µBO, JShelter and Local CDN installed, not enabled.
What I'm looking for?

Looking for minimum feedback.

oldschool

Level 85
Thread author
Verified
Top Poster
Well-known
Mar 29, 2018
7,674
New year. Same simple setup.

Edge flags:
1641081536065.png
Exploit protection (thanks to @Umbra). These haven't broken anything yet, e.g. extensions crashing.
Code:
- for Brave, Edge and Firefox:

Block low integrity images - ON
Block remote images - ON
Block untrusted fonts - ON
Control flow guard (CFG) - ON
Data execution prevention (DEP) - ON + Enable thunk emulation - CHECKED
Disable extension points - ON
Force randomization for images (Mandatory ASLR) - ON + Do not allow stripped images - CHECKED
Randomize memory allocations (Bottom-up ASLR) - ON
Validate exception chains (SEHOP) - ON
Validate handle usage - ON
Validate heap integrity - ON
Validate image dependency integrity - ON

ADD for Edge Chromium only:

Code integrity guard - ON (with or without Also allow images signed by M$ Store CHECKED)
 
Last edited:

Gandalf_The_Grey

Level 83
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,366
I had printer issues after making exceptions. I uninstall when I encounter issues like this. Windows built-in = less problems.
Yes, a good decision (y)
Keeping things simple is lost art, but I can understand that on a security forum.
We hear of all those threats and there are so many toys to play with...
 

cliffspab

Level 4
Verified
Well-known
Oct 4, 2019
175
It's just like every Windows before it. It does all the same stuff in pretty much the same way, but you'll tell yourself it's a solid step in the right direction as ultimately everyone will have to upgrade and it's stupid to be the last man standing if you're interested in technology, right?
 

oldschool

Level 85
Thread author
Verified
Top Poster
Well-known
Mar 29, 2018
7,674

oldschool

Level 85
Thread author
Verified
Top Poster
Well-known
Mar 29, 2018
7,674
Upgraded to W11. I'm happy with it and see no reason to go back to 10.

And I was one of those put off by the early reports, thinking "W10 till '25"! ;)
There is a principle which is a bar against all information, which is proof against all arguments and which cannot fail to keep a man in everlasting ignorance - that principle is contempt prior to investigation.
- Herbert Spencer
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top