Advanced Security oldschool's surfing laptop configuration

Last updated
Apr 10, 2024
How it's used?
For home and private use
Operating system
Windows 11
Other operating system
Windows Pro
On-device encryption
N/A
Log-in security
    • Biometrics (Windows Hello PIN, TouchID, Face, Iris, Fingerprint)
Security updates
Allow security updates
Update channels
Allow stable updates only
User Access Control
Always notify
Smart App Control
On
Network firewall
Enabled
About WiFi router
Provided by ISP
Real-time security
Windows Security | Configured via GPO
Firewall security
Microsoft Defender Firewall
About custom security
MS Defender - Block all unknown executables | ASR rules | Platform & Engine Beta channel updates
Smart App Control
Exploit Protection settings
SRP - basic disallowed setup
Firewall Hardening
RunBySmartscreen
Windows Spy Blocker
Periodic malware scanners
KVRT
Malware sample testing
I do not participate in malware testing
Environment for malware testing
N/A
Browser(s) and extensions
Firefox I µBO | Brave Search
Brave | Brave Search | My settings
Edge | Privacy Badger | JShelter | Brave
Secure DNS
Cloudfare Malware DNS
Desktop VPN
None
Password manager
Maintenance tools
Windows built-in
Mem Reduct
File and Photo backup
Copy/Paste
Active subscriptions
    • None
System recovery
Wiindows built-in | Aomei Backupper Pro Lifetime
Risk factors
    • Browsing to popular websites
    • Opening email attachments
    • Buying from online stores, entering banks card details
    • Downloading software and files from reputable sites
    • Streaming audio/video content from trusted sites or paid subscriptions
Computer specs
Lenovo L340 Intel(R) Core(TM) i3-8145U CPU @ 2.10GHz 2.30 GHz 8.00 GB RAM 1TB HDD
Notable changes
22-12-5 Reverted to MS Defender.
23-1-21 Refreshed Windows with SAC in evaluation mode.
23-2-2 Clean Windows installation
23-2-18 SAC user-enabled on
27-2-23 Added Chrome for the lack of 'feature' bloat.
28-2-23 Changed default browser to Chrome
What I'm looking for?

Looking for minimum feedback.

F

ForgottenSeer 97327

@oldschool,

Since you are using two cloud whitelists (SAC and AVG hardened), the risk of being infected by an executable is near zero IMO 👍👍👍

The only addition you might want to consider is Hard_Configurator with the Avast hardened mode profile (similar to SWH for protection against scripted content) and additionally blocking the enhanced selection of sponsors (protection against LolBins).

Because you use SAC, you would use the H_C beta or wait for the updated H_C (reenabling SRP with SAC enabled). But think twice before you do: having a fort-knox hardened security is boring (not much left to tweak or optimize) 😄
 
Last edited by a moderator:

SeriousHoax

Level 47
Verified
Top Poster
Well-known
Mar 16, 2019
3,633
Switched µBO to Adguard in Chrome/Edge after the mention by @SeriousHoax.
Nice. I think I should clarify why I prefer Adguard on Chromium browsers.
Speed wise, Adguard and uBO both performs the same in my tests in terms of page loading, while uBO in Firefox is slightly faster. I retested yesterday.
Adguard is better at cosmetic filtering, and they fix any reported issues much quickly. Most of them within 24 hours while on EasyList I have months old unfixed issues. Some filters written in Adguard syntax are not supported by uBO. Adgaurd can block Facebook sponsored posts on Facebook, but most of the time can't do it in Firefox. I knew the reason behind it, but forgot.
 

piquiteco

Level 14
Oct 16, 2022
626
Adguard is better at cosmetic filtering, and they fix any reported issues much quickly. Most of them within 24 hours while on EasyList I have months old unfixed issues. Some filters written in Adguard syntax are not supported by uBO. Adgaurd can block Facebook sponsored posts on Facebook, but most of the time can't do it in Firefox. I knew the reason behind it, but forgot.
Thanks! for the tip, I had noticed that in Adguard that the updates were more frequent than uBO. Thanks for sharing (y)
 
F

ForgottenSeer 97327

uB0 was the fsstest, but since AdGuard developed CoreLibs, a cross platform filtering engine and a dedicated TSUrlFilter engine for more advanced content filtering, the performance is on par with uBlockOrigin.

When you use only AdGuard filters, AG probably beats uB0 in terms of performance (I could not measure difference any more, but AG used a little bit less, not much, CPU time than uB0).

That said: it was a miracle how a one man operation managed to beat larger development teams for such a long time (ghostery, disconnect, ABP, Brave, Opera, Vivaldi).
 
Last edited by a moderator:

Jan Willy

Level 12
Verified
Top Poster
Well-known
Jul 5, 2019
552
Some filters written in Adguard syntax are not supported by uBO.

AG has developed filterlists especially for uBO. No need to switch to AG extension.

AdGuard Base filter + EasyList

AdGuard Base filter + EasyList (Optimized)

AdGuard Tracking Protection filter

AdGuard Tracking Protection filter (Optimized)

AdGuard Social Media filter

AdGuard Social Media filter (Optimized)

AdGuard Annoyances filter

AdGuard Annoyances filter (Optimized)

AdGuard DNS filter

AdGuard DNS filter (Optimized)

AdGuard URL Tracking filter

AdGuard URL Tracking filter (Optimized)
 
Last edited:

SeriousHoax

Level 47
Verified
Top Poster
Well-known
Mar 16, 2019
3,633
That said: it was a miracle how a one man operation managed to beat larger development teams for such a long time (ghostery, disconnect, ABP, Brave, Opera, Vivaldi).
Agree. Gorhill is a genius. Huge respect to him.
AG has developed filterlists especially for uBO. No need to switch to AG extension.
I'm aware of this. I was mainly talking about things like Adguard specific scriptlets which doesn't work in uBO. Adguard can auto click on cookie notices for us which is something Gorhill considers a security risk, so uBO will never have them according to him. Adguard also use things like these for other cosmetic filtering.
An example of cookie notice fix that uBO can't do.
Here's one more made by Yuki for me which clicks on "continue reading" button on MSN articles. It's not possible with uBO.
msn.com#%#AG_onLoad(function(){if(window.location.href.includes("/en-xl/")){var g=new MutationObserver(function(){var b=document.querySelector('button[id^="continue-reading"]');b&&b.click();});g.observe(document,{childList:!0,subtree:!0});setTimeout(function(){g.disconnect()},1E4)}});
 
F

ForgottenSeer 97327

Back to Windows Security only. (y)

After uninstalling AVG Firewall, I uninstalled AVG completely because it completely borked Windows Security. o_O Problems like this are a big "No no" for me.
What happened? No problem here (replaced Avast Free with AVG Free using all shields), because Avast Free will probably be moving to Avast One, I thought it made sense that new AVG Free is moving to Avast old free.

I noticed when you silence Avast, after an update of Avast, the ms Defender icon is missing. Allowing notifications once with a reboot solves the problem.
 
Last edited by a moderator:

Trident

Level 28
Verified
Top Poster
Well-known
Feb 7, 2023
1,715
Changed DNS to https://security.cloudflare-dns.com/dns-query . I hadn't used it in a long time. It's much faster for me than Quad9 or NextDNS.
I’d love to be using Cloudflare but that leaves ads and trackers to be blocked locally which in most cases slows down browsing to a degree. So the speed up from the faster DNS is cancelled and you waste battery and cpu time as well. So I’ve settled for NextDNS… why can’t we just have it all ever… 😒
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top