Advanced Security oldschool's surfing laptop configuration

Last updated
Feb 16, 2024
How it's used?
For home and private use
Operating system
Windows 11
Other operating system
Windows Pro
On-device encryption
N/A
Log-in security
    • Biometrics (Windows Hello PIN, TouchID, Face, Iris, Fingerprint)
Security updates
Allow security updates
Update channels
Allow stable updates only
User Access Control
Always notify
Smart App Control
Off
Network firewall
Enabled
About WiFi router
Provided by ISP
Real-time security
Windows Security
VoodooShield
Firewall security
Microsoft Defender Firewall
About custom security
MS Defender - Block all unknown executables | ASR rules | Platform & Engine updates Beta channel
Exploit Protection settings
Firewall Hardening
RunBySmartscreen
Windows Spy Blocker
Periodic malware scanners
KVRT
Malware sample testing
I do not participate in malware testing
Environment for malware testing
N/A
Browser(s) and extensions
Firefox I µBO | Brave Search
Brave | Brave Search
Edge | Privacy Badger | JShelter | Brave Search
Secure DNS
Quad9 DNS
Desktop VPN
None
Password manager
Maintenance tools
Windows built-in
Mem Reduct
DNS Jumper
File and Photo backup
Copy/Paste
Active subscriptions
    • None
System recovery
Wiindows built-in | Aomei Backupper Pro Lifetime
Risk factors
    • Browsing to popular websites
    • Opening email attachments
    • Buying from online stores, entering banks card details
    • Downloading software and files from reputable sites
    • Streaming audio/video content from trusted sites or paid subscriptions
Computer specs
Lenovo L340 Intel(R) Core(TM) i3-8145U CPU @ 2.10GHz 2.30 GHz 8.00 GB RAM 1TB HDD
Notable changes
22-12-5 Reverted to MS Defender.
23-1-21 Refreshed Windows with SAC in evaluation mode.
23-2-2 Clean Windows installation
23-2-18 SAC user-enabled on
27-2-23 Added Chrome for the lack of 'feature' bloat.
28-2-23 Changed default browser to Chrome
What I'm looking for?

Looking for minimum feedback.

oldschool

Level 80
Thread author
Verified
Top Poster
Well-known
Mar 29, 2018
6,962
My current Exploit Protection settings:
Code:
Complete Exploit Protection settings

System settings:

Control flow guard (CFG) - Use default (On)
Data execution prevention (DEP) - Use default (On)
Force randomization for images (Mandatory ASLR) - On by default
Randomize memory allocations (Bottom-up ASLR) - Use default (On)
High entropy ASLR - Use default (On)
Validate exception chains (SEHOP) - Use default (On)
Validate heap integrity - Use default (On)

Chrome:

Block low integrity images - On
Disable extension points - On
Mandatory ASLR (default above) > Do not allow stripped images - Checked
Hardware enforced stack protection - On |  Enforce for all modules ... - Checked
Validate image dependency - On


Firefox:

Block untrusted fonts - On
Disable extension points - On
Validate handle usage - On

Edge:

Block low integrity images - On
Block remote images - On
Validate image dependency integrity - ON
Block untrusted fonts - On
Code integrity guard - On | Also allow images signed by MS Store - Unchecked
Mandatory ASLR (default above) > Do not allow stripped images - Checked
Hardware enforced stack protection - On |  Enforce for all modules ... - Checked
Validate handle usage - On
 
F

ForgottenSeer 97327

I sure do appreciate running an all-Windows Security setup. I see folks around the various forums having all kinds of problems.

Same goes for using Windows 11 in-built settings instead of 3rd party apps.
Well with MD on MAX with SAC enabled there is little to no chance of executables sliping through this defence. The only thing you could consider is adding SWH. The vast majority of successful intrusions from Cruel Sister are script/lolbin based which start by executing a risky file extension. With SWH you simply prevent running dangereous file extensions which normal users probably never would run in user folders. Also when you allow admin's to bypass SRP, there is really nothing that could break or prevent legitimate software.

Besides old-SWH you can also use the new WHH, because WHH disables the WDAC component automatically when it discovers that SAC is enabled.
 
F

ForgottenSeer 103564

Well with MD on MAX with SAC enabled there is little to no chance of executables sliping through this defence. The only thing you could consider is adding SWH. The vast majority of successful intrusions from Cruel Sister are script/lolbin based which start by executing a risky file extension. With SWH you simply prevent running dangereous file extensions which normal users probably never would run in user folders. Also when you allow admin's to bypass SRP, there is really nothing that could break or prevent legitimate software.

Besides old-SWH you can also use the new WHH, because WHH disables the WDAC component automatically when it discovers that SAC is enabled.
You can run scripts and bypass most restrictions on just about any OS. I can fire up a linux container on a Chromebook and run scripts in a text editor and bypass restrictions to run certain elements when desired. I'm sure oldschool knows not to download/ click unfamiliar executable's on his system and to check them before doing so. His keep it simple yet secure method is one of the best as far as using knowledge to leverage, and keeping the best compatibility in doing so.
 

oldschool

Level 80
Thread author
Verified
Top Poster
Well-known
Mar 29, 2018
6,962
The only thing you could consider is adding SWH.
Besides old-SWH you can also use the new WHH, because WHH disables the WDAC component automatically when it discovers that SAC is enabled.
Nope. Never going to happen. Especially when I see WHH and VoodooShield getting way too complicated and the potential for conflicts, problems, etc..
@Ultimate Vision is correct. I prefer to stay safe, not paranoid. :D
 

simmerskool

Level 30
Verified
Top Poster
Well-known
Apr 16, 2017
1,993
Nope. Never going to happen. Especially when I see WHH and VoodooShield getting way too complicated and the potential for conflicts, problems, etc..
@Ultimate Vision is correct. I prefer to stay safe, not paranoid. :D
I like your all windows security approach, but I have not found VS/CL complicated..., yet. (or one of my fav setups is windows security + VS).
 
  • Like
Reactions: Nevi
F

ForgottenSeer 97327

You can run scripts and bypass most restrictions on just about any OS. I can fire up a linux container on a Chromebook and run scripts in a text editor and bypass restrictions to run certain elements when desired. I'm sure oldschool knows not to download/ click unfamiliar executable's on his system and to check them before doing so. His keep it simple yet secure method is one of the best as far as using knowledge to leverage, and keeping the best compatibility in doing so.
Nice that you can bypass Chromebook security and fire up linux a container to run scripts in a text editor, but that has little relevance in regard to blocking risky file extensions (not executable's) in user folders for standard user.
 
  • Like
Reactions: Nevi
F

ForgottenSeer 103564

Nice that you can bypass Chromebook security and fire up a container to run scripts in a text editor, but that has little relevance in regard to blocking risky file extensions (not executable's) in user folders for standard user.
It was a point anyone on their system with admin rights can run what they want. So mentioned scripts in an executable in testing in a system as such had little relevance because it's obvious the user is not a new one or average user lacking the ability to use experience not to randomly click things.

You should use that energy more constructively like helping out in the help needed section.
 
F

ForgottenSeer 97327

So mentioned scripts in an executable in testing in a system as such had little relevance because it's obvious the user is not a new one or average user lacking the ability to use experience not to randomly click things.

You should use that energy more constructively like helping out in the help needed section.
Reading what SWH is about (LINK) is more constructive than starting bickering again
 
F

ForgottenSeer 103564

Reading what SWH is about (LINK) is more constructive than starting bickering again
I don't know, maybe it's just me, when he stated and I quote "nope, never going to happen" that he was not interested in reading or having that thrust in his face.

Oldschools set up is absolutely perfect on a windows machine, if I had one right now that's about how id run it.

Props to @oldschool for finding balance and security which equals pleasurable usability.
 

oldschool

Level 80
Thread author
Verified
Top Poster
Well-known
Mar 29, 2018
6,962
I like your all windows security approach, but I have not found VS/CL complicated
You misunderstand me. The point is that recent developments take VS way beyond what it once was. Even the latest stable saw unaccounted for command-line blocks. Heaven knows what problems this new Beta/Attack Chain development will bring, beyond the confusion that it already presents to beta users, e.g. users report things like "I don't understand what this is..."
 
Last edited:

simmerskool

Level 30
Verified
Top Poster
Well-known
Apr 16, 2017
1,993
You misunderstand me. The point is that recent developments take VS way beyond what it once was. Even the latest stable saw unaccounted for command-line blocks. Heaven knows what problems this new Beta/Attack Chain development will bring, beyond the confusion that it already presents to beta users, e.g. users report things like "I don't understand what this is..."
You're right, I did read about some cmd line irregularities in the current betas, but also Dan said this development will be beneficial in the long run. He is usually right about VS.
 

danb

From VoodooShield
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,613
Hehehe, guys, I am cleaning up the CommandLine code while waiting for enough data to finish writing the rules for the Attack Chain feature. The CommandLine code was the last part of the code that needed to be cleaned up, and I always put it off because I knew it was going to be difficult, and the existing code worked well. Anyway, the CommandLine code is all clean now, so it will be super easy to add new exceptions moving forward. And as far as the Attack Chain feature goes... you do not need to do anything at all with it, or even understand it at all (even though it is super easy to understand), you just let it work its magic and it will drastically reduce unwanted user prompts while also monitoring process execution flow for web and vulnerable apps.
 

silversurfer

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
9,962
Added Smoothfox user.js to Firefox.
Just to inform in case you haven't tried this built-in method via Firefox about:config
Search for this two entries and modify them how do you like a more Smooth-Scrolling
  • general.smoothScroll.mouseWheel.durationMaxMS
  • general.smoothScroll.mouseWheel.durationMinMS
FF#1.png
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top