Advanced Security R2D2's PC Security Configuration 2022

Last updated
Nov 18, 2019
Use case
For personal use
Shared with
Desktop OS
Windows 11
Windows OS SKU
Pro
Login Unlock
Sign-in with
Local account (offline)
Primary user
Standard rights - Restricted permissions that prevent harmful changes
Additional users
Set with Standard user rights
OS updates
Automatic updates
Windows UAC
Notify me only when programs try to make changes to my computer
Network firewall
Always-on protection
Kaspersky Total Security 2022 21.3.10.391, Snort IDS/IPS + pfBlockerNG on Netgear router/firewall
Firewall
Third-party App Firewall. (Details shared below)
Custom RT/Firewall security
KTS real time scanning at default settings
Malware testing
No malware samples
Periodic scanning
KTS 2022
Secure DNS
NextDNS, Cloudflare & Google
VPN
ProtonVPN, PIA, Torguard
Password manager
Lastpass, Dashlane, 1Password & Bitwarden. Also lifetime subs to Sticky Password and KeepassXC as local backups
Browsers and Extensions
Chrome, Edge Chromium & Firefox
Utilities for Maintenance
Manually performed every 10-14 days including a defrag
Files & Photos backup
Cloud backups to: Google Drive, OneDrive, Dropbox PCloud (all using Duplicati encrypted backup), plus Mega and Sync.com native apps, Local backups to: 2 NAS systems and external USB hard disk, Reflect incremental images 3 times a day, full backup image once a week
Files & Photos backup routine
Automatic
Emergency recovery plan
Macrium Reflect 8
Integrity of recovery plan
Tasks performed
    • Working from home
    • Browsing to unknown sites
    • Buying goods from online stores, entering card details and addresses
    • Logging into personal banking to check statements and payments
    • Downloading software from reputable sites
    • Sharing and receiving files and torrents
    • Watching movies and TV series via subscriptions
    • Streaming audio and videos from sites
Notable changes
Several changes, previous update is over 3 years old :)
Feedback response

I am not satisfied. Critical feedback is greatly appreciated, to make drastic changes to my overall security / privacy and it’s settings.

Gandalf_The_Grey

Level 64
Verified
Honorary Member
Top poster
Content Creator
Well-known
Apr 24, 2016
5,377
Interesting config, especially in real-time protection and personal files & photos backup(y)

Now for most critical feedback:
Set UAC to always notify to prevent bypasses:

No need for a local adblocker like uBlock Origin (for cosmetic filtering) with pfBlockerNG ?

For periodic security scanners you should use something other than your realtime AV, like for example Norton Power Eraser.

You mentioned three secure DNS, which one are you currently using?
Same question for VPN.

You use or have used almost all available password managers, which one do you prefer and why?

Why do you use three browsers?
 
Last edited:

R2D2

Level 5
Thread author
Aug 7, 2017
224
Interesting config, especially in real-time protection and personal files & photos backup(y)

Now for most critical feedback:
Set UAC to always notify to prevent bypasses:

No need for a local adblocker like uBlock Origin (for cosmetic filtering) with pfBlockerNG ?

For periodic security scanners you should use something other than your realtime AV, like for example Norton Power Eraser.

You mentioned three secure DNS, which one are you currently using?
Same question for VPN.

You use or have used almost all available password managers, which one do you prefer and why?

Why do you use three browsers?
Hi,

Thanks I was hoping for some feedback from more experienced members on here. Now to your queries:
a) UAC - Point taken, it's just that I have been experimenting, rather messing with my W11 PC config and got bugged with the UAC prompt so reduced it a notch.

b) I use AdGuard on the PCs and laptop, pfBlockerNG keeps the other devices like tabs and mobile phones relatively safe

c) I used MBAM Pro as an alternative scanner till KTS bugged me several times to uninstall it and I eventually did.

d) I normally use Cloudflare, NextDNS & Google in that order in my pfSense box.

e) VPNs - I am always on VPN and select 1 VPN for day. My current fav is ProtonVPN, with Torguard & PIA following closely behind. I also forgot to mention Nord but find the others faster

f) Indeed I have used nearly all well known passwords including Roboform but discontinued their use. I have several hundred logins, scores of notes, IDs, bank credit card info and other information saved in these PMs and TBH I'd be screwed if I couldn't access my PM data for any reason. It takes the burden of having to memorise critical information off my head. Besides, there's no sayin what can happen to a company these days. Hence the other password managers are mostly "cloud" or local backups. My most used PM is Lastpass. Dashlane and 1Password ran an discount offer on Apple's store in my country which was a deal I couldn't refuse. Bitwarden, well, this is a good habit I picked from MalwareTips back in 2017(ish) and I've subscribed to them every year since. At $10/year it's a deal. Why do I prefer Lastpass? Frankly it is the PM I've used continuously for the longest time and and I find it very easy to use. Mind you I am not saying the others are bad but LP is like a favourite flavour of ice cream. :)

g) One browser Firefox is exclusively to access work related sites and the other 2 are for casual/home browsing stuff. And frankly coz I like to monkey around trying different software.
 

Kongo

Level 30
Verified
Top poster
Well-known
Feb 25, 2017
1,987
d) I normally use Cloudflare, NextDNS & Google in that order in my pfSense box.
Wouldn't it make more sense to use NextDNS and Cloudflare + Google as a fallback? I mean in NextDNS you get additional filtering and if there is a downtime you get a fallback to a stable DNS like Cloudflare or Google.
 

R2D2

Level 5
Thread author
Aug 7, 2017
224
Wouldn't it make more sense to use NextDNS and Cloudflare + Google as a fallback? I mean in NextDNS you get additional filtering and if there is a downtime you get a fallback to a stable DNS like Cloudflare or Google.
Yes that's how it is configured. The router/firewall (dual WAN with load balancing and fail over) uses NextDNS as primary (my bad I thought it was Cloudflare), with Cloudlflare and Google as 1st and 2nd level backups. The router appliance is configured for secure DNS.
 

Kongo

Level 30
Verified
Top poster
Well-known
Feb 25, 2017
1,987
Yes that's how it is configured. The router/firewall (dual WAN with load balancing and fail over) uses NextDNS as primary, with Cloudlflare and Google as 1st and 2nd level backups. The router appliance is configured for secure DNS.
Oh, got you wrong then. My bad... :)
 

R2D2

Level 5
Thread author
Aug 7, 2017
224
Oh, got you wrong then. My bad... :)
:D not at all. Actually I made a mistake, my pfSense is configured with nextDNS as primary and the other 2 as backups. Ideally, pfSense requires a DNS for each WAN connection and at least 1 each for both IPv4 and IPv6. My ISPs provide dual stack addresses and use both types of addressing systems.

PS - I never use my ISP DNS server because those queries are logged.
 
Top