Advanced Security R2D2's PC Security Configuration 2022

Last updated
Nov 18, 2019
How it's used?
For home and private use
Operating system
Windows 11
On-device encryption
Log-in security
Security updates
Allow security updates and latest features
User Access Control
Notify me only when programs try to make changes to my computer
Smart App Control
Network firewall
Real-time security
Kaspersky Total Security 2022 21.3.10.391, Snort IDS/IPS + pfBlockerNG on Netgear router/firewall
Firewall security
About custom security
KTS real time scanning at default settings
Periodic malware scanners
KTS 2022
Malware sample testing
I do not participate in malware testing
Browser(s) and extensions
Chrome, Edge Chromium & Firefox
Secure DNS
NextDNS, Cloudflare & Google
Desktop VPN
ProtonVPN, PIA, Torguard
Password manager
Lastpass, Dashlane, 1Password & Bitwarden. Also lifetime subs to Sticky Password and KeepassXC as local backups
Maintenance tools
Manually performed every 10-14 days including a defrag
File and Photo backup
Cloud backups to: Google Drive, OneDrive, Dropbox PCloud (all using Duplicati encrypted backup), plus Mega and Sync.com native apps, Local backups to: 2 NAS systems and external USB hard disk, Reflect incremental images 3 times a day, full backup image once a week
System recovery
Macrium Reflect 8
Risk factors
    • Working from home
    • Browsing to unknown / untrusted / shady sites
    • Buying from online stores, entering banks card details
    • Logging into my bank account
    • Downloading software and files from reputable sites
    • Sharing and receiving files and torrents
    • Streaming audio/video content from trusted sites or paid subscriptions
    • Streaming audio/video content from shady sites
Notable changes
Several changes, previous update is over 3 years old :)
What I'm looking for?

Looking for maximum feedback.

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,506
Interesting config, especially in real-time protection and personal files & photos backup(y)

Now for most critical feedback:
Set UAC to always notify to prevent bypasses:

No need for a local adblocker like uBlock Origin (for cosmetic filtering) with pfBlockerNG ?

For periodic security scanners you should use something other than your realtime AV, like for example Norton Power Eraser.

You mentioned three secure DNS, which one are you currently using?
Same question for VPN.

You use or have used almost all available password managers, which one do you prefer and why?

Why do you use three browsers?
 
Last edited:

R2D2

Level 6
Thread author
Verified
Well-known
Aug 7, 2017
267
Interesting config, especially in real-time protection and personal files & photos backup(y)

Now for most critical feedback:
Set UAC to always notify to prevent bypasses:

No need for a local adblocker like uBlock Origin (for cosmetic filtering) with pfBlockerNG ?

For periodic security scanners you should use something other than your realtime AV, like for example Norton Power Eraser.

You mentioned three secure DNS, which one are you currently using?
Same question for VPN.

You use or have used almost all available password managers, which one do you prefer and why?

Why do you use three browsers?
Hi,

Thanks I was hoping for some feedback from more experienced members on here. Now to your queries:
a) UAC - Point taken, it's just that I have been experimenting, rather messing with my W11 PC config and got bugged with the UAC prompt so reduced it a notch.

b) I use AdGuard on the PCs and laptop, pfBlockerNG keeps the other devices like tabs and mobile phones relatively safe

c) I used MBAM Pro as an alternative scanner till KTS bugged me several times to uninstall it and I eventually did.

d) I normally use Cloudflare, NextDNS & Google in that order in my pfSense box.

e) VPNs - I am always on VPN and select 1 VPN for day. My current fav is ProtonVPN, with Torguard & PIA following closely behind. I also forgot to mention Nord but find the others faster

f) Indeed I have used nearly all well known passwords including Roboform but discontinued their use. I have several hundred logins, scores of notes, IDs, bank credit card info and other information saved in these PMs and TBH I'd be screwed if I couldn't access my PM data for any reason. It takes the burden of having to memorise critical information off my head. Besides, there's no sayin what can happen to a company these days. Hence the other password managers are mostly "cloud" or local backups. My most used PM is Lastpass. Dashlane and 1Password ran an discount offer on Apple's store in my country which was a deal I couldn't refuse. Bitwarden, well, this is a good habit I picked from MalwareTips back in 2017(ish) and I've subscribed to them every year since. At $10/year it's a deal. Why do I prefer Lastpass? Frankly it is the PM I've used continuously for the longest time and and I find it very easy to use. Mind you I am not saying the others are bad but LP is like a favourite flavour of ice cream. :)

g) One browser Firefox is exclusively to access work related sites and the other 2 are for casual/home browsing stuff. And frankly coz I like to monkey around trying different software.
 

Kongo

Level 35
Verified
Top Poster
Well-known
Feb 25, 2017
2,481
d) I normally use Cloudflare, NextDNS & Google in that order in my pfSense box.
Wouldn't it make more sense to use NextDNS and Cloudflare + Google as a fallback? I mean in NextDNS you get additional filtering and if there is a downtime you get a fallback to a stable DNS like Cloudflare or Google.
 

R2D2

Level 6
Thread author
Verified
Well-known
Aug 7, 2017
267
Wouldn't it make more sense to use NextDNS and Cloudflare + Google as a fallback? I mean in NextDNS you get additional filtering and if there is a downtime you get a fallback to a stable DNS like Cloudflare or Google.
Yes that's how it is configured. The router/firewall (dual WAN with load balancing and fail over) uses NextDNS as primary (my bad I thought it was Cloudflare), with Cloudlflare and Google as 1st and 2nd level backups. The router appliance is configured for secure DNS.
 

Kongo

Level 35
Verified
Top Poster
Well-known
Feb 25, 2017
2,481
Yes that's how it is configured. The router/firewall (dual WAN with load balancing and fail over) uses NextDNS as primary, with Cloudlflare and Google as 1st and 2nd level backups. The router appliance is configured for secure DNS.
Oh, got you wrong then. My bad... :)
 

R2D2

Level 6
Thread author
Verified
Well-known
Aug 7, 2017
267
Oh, got you wrong then. My bad... :)
:D not at all. Actually I made a mistake, my pfSense is configured with nextDNS as primary and the other 2 as backups. Ideally, pfSense requires a DNS for each WAN connection and at least 1 each for both IPv4 and IPv6. My ISPs provide dual stack addresses and use both types of addressing systems.

PS - I never use my ISP DNS server because those queries are logged.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top