RVS2 Security Config

[RVS2]

I keep a casual security config. I don't keep a bullet proof security setup because it is cumbersome.
Also my device is slow and weak which further discourages anything elaborate.
After reading other configs, I decided to get a strong AV ie Kaspersky, changed my dns to Norton, maxed my Adguard settings and do monthly scans.

 

[FrFc1908]

If you have a slow device than kaspersky should not be your security program of choice. It runs heavy! Especially if you have a laptop ; it sucks the lifeblood out of your battery. You would be better of with win defender , emsisoft anti malware or eset. Ad kb ssl enforcer to your browser as an extra security meassure. Also think about getting a backup program like aomei backupper standard , better safe than sorry Thanks for sharing your config!

 

[ForgottenSeer 55474]

Nice Configuration,thanks for sharing

 

[_CyberGhosT_]

Good idea keeping it light, I run a totally Sig free setup on my windows HDD
One thing you need to do is enable this --> OS File Reputation: Disabled

 

[koko]

Thanks for sharing

But it would be a good idea to have a bit of a backup solution, like Synckback free or aomei backup.

 

[Dirk41]

Yeah: copy and past ( to backup) does not make the OS heavy

UAC max

Standard account

 

[koko]

Yeah: copy and past ( to backup) does not make the OS heavy

UAC max

Standard account

Why standard account ?

 

[Jake Miguel]

Bravo man! It helped. Thanks for sharing the config!

 

[Dirk41]

Why standard account ?

MS Reccommend to not use an account with high privilege . Linux does not let you use an admin account by default,Unless you want

With a standard account you can make the OS to ask you for a pw when you launch at least some exe .
And a malware that can access high privileges can do more damage

 

[Wave]

With a standard account you can make the OS to ask you for a pw when you launch at least some exe .

I am placing down my bets that you're referring to running programs with administrative privileges from a standard account, which will provide additional security from Windows by requesting the account password to an administrator account prior to it running the program with the higher privileges (much more secure than just showing the buttons - especially in the case of a Trojan.Backdoor, the attacker would need to know the password).

And a malware that can access high privileges can do more damage

This is very true; using a standard account will definitely keep you less vulnerable to the actions of malware however it depends on the situation. If malicious software wants to access/modify the Master Boot Record, the malicious process will require administrative privileges (from Windows Vista and on-wards - on Windows XP it won't require administrator privileges however Windows XP isn't even supported anymore and it's very vulnerable) as long as User Account Control is enabled.

Unless you have a specific reason to be using an administrator account at all times, it is definitely a wise decision to just work from a standard account and keep User Account Control enabled, providing the admin password on the notifications when necessary - the problem is that many people are uneducated about how the accounts/process privileges work on Windows and/or want full control at all times, even if they don't necessarily need it, which can then be abused by malicious software should they end up infected.

 

[Dirk41]

Yes, to create a standard user follow this guide for example How to Create Standard and Administrator Accounts in Windows - Tom's Guide

If in your PC you are the only account ( admin ) , you can't switch to standard. You have to create another account that will be the admin first . Then switch yours to standard

 

[jamescv7]

Does the OP change already the suggestions mentioned? Yes his configuration is strong already but lacks on having Smartscreen turn on.

So it should be in yellow rating rather green unless it will update in immediate matter.

Anyway, I suggest to increase a little bit on the sensitive level of UAC, so that you have control to access certain programs.

 

[Wave]

@RVS2 I recommend you enable SmartScreen and increase the UAC level as well; that being said I highly suggest you create a system backup you can revert too in case of infection.

 

[aragornnnn]

No backups?

I suggest Macrium Reflect for this.

 

[JM Safe]

Please follow backups suggestion by @aragornnnn , and install Disconnect and HTTPS Everywhere.

Thanks for sharing.

 

[Exterminator]

Please edit your config to reflect "3rd party Firewall" since you are using KIS 2017.
Kaspersky 2016 & now 2017 are much lighter than their predecessors.I have KIS 2017 installed on an older machine and it runs fine.
I agree with enabling UAC to the max but I never used Smartscreen myself on Windows 7(IE 8 or later)
A data and system back up solution is definitely something you want to consider.
Your config looks good! Thanks for sharing it with us

 

[DardiM]

Thanks for sharing your security config

Why standard account ?

UAC max on a standard account : the best combo to prevent virus / malware bypassing UAC .

 

[Daniel Hidalgo]

I only suggest enabling Windows smartscreen and you have a backup solution. Thanks for sharing your config