Advanced Security oldschool's surfing laptop configuration

Last updated
Jul 11, 2024
How it's used?
For home and private use
Operating system
Windows 11
Other operating system
Windows Pro
On-device encryption
N/A
Log-in security
    • Biometrics (Windows Hello PIN, TouchID, Face, Iris, Fingerprint)
Security updates
Allow security updates
Update channels
Allow stable updates only
User Access Control
Always notify
Smart App Control
On
Network firewall
Enabled
About WiFi router
Provided by ISP
Real-time security
Windows Security | Configured via GPO
Firewall security
Microsoft Defender Firewall
About custom security
MS Defender - Block all unknown executables | ASR rules | Platform & Engine Beta channel updates
Smart App Control
Exploit Protection settings
Firewall Hardening
RunBySmartscreen
Windows Spy Blocker
Periodic malware scanners
KVRT
Malware sample testing
I do not participate in malware testing
Environment for malware testing
N/A
Browser(s) and extensions
Firefox I µBO | Brave Search
Brave | Brave Search | My settings
Edge | Privacy Badger | JShelter | Brave Search | 2 Profiles
Secure DNS
Quad9 DNS
Desktop VPN
None
Password manager
Maintenance tools
Windows built-in
File and Photo backup
Copy/Paste
Subscriptions
    • None
System recovery
Wiindows built-in | Aomei Backupper Pro Lifetime
Risk factors
    • Browsing to popular websites
    • Opening email attachments
    • Buying from online stores, entering banks card details
    • Downloading software and files from reputable sites
    • Streaming audio/video content from trusted sites or paid subscriptions
Computer specs
Lenovo L340 Intel(R) Core(TM) i3-8145U CPU @ 2.10GHz 2.30 GHz 8.00 GB RAM 1TB HDD
Notable changes
22-12-5 Reverted to MS Defender.
23-1-21 Refreshed Windows with SAC in evaluation mode.
23-2-2 Clean Windows installation
23-2-18 SAC user-enabled on
27-2-23 Added Chrome for the lack of 'feature' bloat.
28-2-23 Changed default browser to Chrome
24.2.24 Refreshed Windows and re-enabled Smart App Control
7.5.24 Performed a repair installation via Windows Update. Nice & easy!
What I'm looking for?

Looking for minimum feedback.

F

ForgottenSeer 107474

Privacy Badger used to apply the three strikes is out approach for triggering the heuristics.

Because privacy badger uses a granular approach, it tries to pinpoint this mechanism to subdomain/page level/link source

Websites can misuse this by generating a series of blocks (three strikes is out) of a unique webpage or link source location (e.g. Domain/trackers/1234567890)

Whenever that user returned to that website, by querring the existing tracker locations a returning visitor could be uniquely indentified (because Privacy Badger blocked the unique source link Domain/trackers/1234567890). Downside of this approach is that it is a rather heavy/ineffective method (for each visitor you have to sequentially query all the trackers stored to generate that unique block).

That is why it is turned off by default. Everyone who has installed JShelter extension will know only a limited number of websites use advanced fingerprinting techniques. Not many main stream websites use advanced tracking, IKEA being the exception (because there are easier ways to track returning visitors). Since it is a rare (and heavy) fingerprint method used for only one specifc webextension which is used by people not open to personalized offerings the business benefit of such a specific fingerprint is minimal IMO.

Bottom line: when you are not paranoid, you can enable this feature again without the fear of surfing the web with a big tracking X-mark on your forehead.
 
Last edited by a moderator:

Arequire

Level 29
Verified
Top Poster
Content Creator
Feb 10, 2017
1,821
Maybe someone should tell them that, since it is PB's selling point. It definitely does not fill me with confidence. :D
It is weird that years after changing how the extension works, most of the documentation still references local learning as if it were still the default behaviour.

Bottom line: when you are not paranoid, you can enable this feature again.
Yeah, I should've mentioned in my reply that the ability to fingerprint or exfill data from users was purely PoC, as per EFF's blog post:
To be clear: the disclosures Google’s team shared with us are purely proof-of-concept, and we have seen no evidence that any Privacy Badger users have had these techniques used against them in the wild. But as a precaution, we have decided to turn off Privacy Badger’s local learning feature by default.
 

oldschool

Level 83
Thread author
Verified
Top Poster
Well-known
Mar 29, 2018
7,275
It is weird that years after changing how the extension works, most of the documentation still references local learning as if it were still the default behaviour.
@TairikuOkami - Learning is performed by Badger Sett and Badger Swarm crawling the web, though not all documentation has been updated to reflect this.

BTW: PB will loose it's Google and Facebook link tracking protection with its MV3 version.
I should've mentioned in my reply that the ability to fingerprint or exfill data from users was purely PoC, as per EFF's blog post:
Indeed.
 

oldschool

Level 83
Thread author
Verified
Top Poster
Well-known
Mar 29, 2018
7,275
Can you share the how u managed to do so? The online tutorials don't seem to work for me
I reset Windows with the "keep your files and some settings" option. A bit of a hassle setting it up to my liking, but not a big deal. Nothing like a full clean install. You must allow optional diagnostic data, make sure all updates are installed, and then switch SAC on. You may turn off optional diagnostic data when you're done. Set up apps afterwards, or prior to enabling SAC.

@Andy Ful does not advise using the registry hack method to enable SAC because its protection will remain disabled anyway.
New Update - Smart App Control - Windows 11 22H2 feature promises significant protection from malware
 

Kongo

Level 36
Verified
Top Poster
Well-known
Feb 25, 2017
2,561
I reset Windows with the "keep your files and some settings" option. A bit of a hassle setting it up to my liking, but not a big deal. Nothing like a full clean install. You must allow optional diagnostic data, make sure all updates are installed, and then switch SAC on. You may turn off optional diagnostic data when you're done. Set up apps afterwards, or prior to enabling SAC.

@Andy Ful does not advise using the registry hack method to enable SAC because its protection will remain disabled anyway.
New Update - Smart App Control - Windows 11 22H2 feature promises significant protection from malware
Then I won't even think about switching it on again. Too annoying to configure my Windows again the way I need it. :rolleyes:
 

oldschool

Level 83
Thread author
Verified
Top Poster
Well-known
Mar 29, 2018
7,275
Removed VoodooShield because I experienced the GUI not auto starting in administrator account system tray. When I tried to manually start it I encountered a Windows error message "Unable to access the file, etc. ...". When I went back to my standard user account the VS GUI was opened up. Very strange. o_O:rolleyes:

BTW: this happened on a newly-refreshed Windows 11.
 
Last edited:

simmerskool

Level 32
Verified
Top Poster
Well-known
Apr 16, 2017
2,172
Removed VoodooShield because I experienced the GUI not auto starting in administrator account system tray. When I tried to manually start it I encountered a Windows error message "Unable to access the file, etc. ...". When I went back to my standard user account the VS GUI was opened up. Very strange. o_O:rolleyes:

BTW: this happened on a newly-refreshed Windows 11.
FWIW I have not seen that on win10 -- errr well maybe once or twice over the years as an isolated instance. My guess Dan would like your log
 
F

ForgottenSeer 107474

I reset Windows with the "keep your files and some settings" option. A bit of a hassle setting it up to my liking, but not a big deal. Nothing like a full clean install. You must allow optional diagnostic data, make sure all updates are installed, and then switch SAC on. You may turn off optional diagnostic data when you're done. Set up apps afterwards, or prior to enabling SAC.

@Andy Ful does not advise using the registry hack method to enable SAC because its protection will remain disabled anyway.
New Update - Smart App Control - Windows 11 22H2 feature promises significant protection from malware

I have not yet (ever) used the reset Windows option, but to me it seemed to much hassle to configure mail and your apps again (and slimming down Windows11's telemetry and bloat again).

I always felt a bit punished by Microsoft, having moved to Windows11 as one of the first and being rewarded by being excluded of SAC. Luckily @Andy Ful (y) made WHHL and changed his mind to enable ISG so all early WIndows11 users can enjoy something similar to SAC (WDAC-ISG) but with the added bonus of being able to manage exclusions and blocking execution of risky file extensions (the Software Restriction Policies part of WHHL). The latter ('harmless' rich content files with embedded code/scripts triggering Lolbins) are the achilles heel of many antivirus solutions (as often showed by @cruelsister).

IMO there are only two whitelisting strategies: blocking non-whitelisted in user space (e.g. WHHL) or containing them in a sandbox (e.g. Comodo Firewall with CS rules). There are of course more implementations possible (e.g. Cyberlock and Sandboxie with forced folders). To me blocking makes more sense than allowing them in a sandbox (with the risk of breaking out of the sandbox). Blocking is easier than containing for PC users with a simple software setup like I have (browser, office, media player)
 
Last edited by a moderator:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top