Advanced Plus Security Sampei Nihira Security Config 2026

[Sampei.Nihira]

Added this flag:

• Automatic JS Optimizer Control

Adds an option to the V8 optimizer content setting that disables the JavaScript optimizer on sites that are unfamiliar to the user.

I don't quite understand how the browser distinguishes between familiar and unfamiliar websites.
But it certainly isn't because of browsing history, which I've disabled.
I ran a Speedometer 3.1 test, and the result is the same as always.

 

[Parkinsond]

I don't quite understand how the browser distinguishes between familiar and unfamiliar websites.

Agree; it is not accurate; I found it enabled on X which is familiar and used by me everyday, while disabled on websites I have visited once.

I prefer to enable to all websites, and manually add those I visit daily (especially intensive ones such as X and IMDB) to exclusions.

 

[Sampei.Nihira]

Agree; it is not accurate; I found it enabled on X which is familiar and used by me everyday, while disabled on websites I have visited once.

I prefer to enable to all websites, and manually add those I visit daily (especially intensive ones such as X and IMDB) to exclusions.

You almost convinced me to try this:



But it doesn't work, even though the exception has valid syntax and can be added.
Manually entering all the websites I visit is impossible.

Be careful to enter the websites correctly in the exceptions.

 

[Sampei.Nihira]

I've set up some less strict rules:

||*/opensearch.xml$xmlhttprequest,other
||*/searchplugins/$other
||*/searchplugin/$other
||wikipedia.org^$other
||altadefinizione-01.bar^$other
||youtube.com^$other
||x.com^$other

They work, but not 100%.
It's impossible—at least I haven't been able to do it—to block new search engines from being added to:

• eBay (usually not used)
• GitHub
• Stack Overflow (usually not used)
• Amazon
• Booking.com

 

[Sampei.Nihira]

Taking a cue from @LinuxFan58 , I had ChatGPT 5.3 analyze my PC Setup Configuration.
I asked for an analysis of each notable component and a result expressed as a percentage.
Here are the results:

Spoiler: Estimated Security Contribution by Component

Spoiler: Final Estimated Security Level

I hope my colleagues find this interesting.
If they want to make the same comparison, I recommend asking the AI to perform a detailed line-by-line analysis (This way, you can correct any parts that were overlooked) and provide a final result as a percentage rather than a decimal.

 

[LinuxFan58]

Great idea Maybe you should post your prompt and start a thread "Post your security evaluation by AI" (new version of the long running WS thread post your security setup"

 

[Sampei.Nihira]

Great idea Maybe you should post your prompt and start a thread "Post your security evaluation by AI" (new version of the long running WS thread post your security setup"

I don't think it would work well the way you suggest.
We'd end up with a series of security configurations with fairly similar percentage scores.

Instead, the real power lies in comparing multiple security configurations.

It may happen that a single security configuration scores lower than yours, but has a stronger point.
The AI analyzes this aspect and tells you the difference, compared to yours, in terms of where potential malware can be blocked.
Or it may happen that you compare similar configurations but with different strengths.

I have to admit that the perspective the AI presents to you one you may not have considered properly really opens your mind.

 

[Sampei.Nihira]

My search for how to block search engines in Chrome is over.
Traditional search engines achieve a block rate that approaches 100%.
Although some search engines,which I will never use,are not included in this percentage.
Just one example:

Seznam – najdu tam, co neznám

In addition to the rules above, specialized search engines such as Google Scholar also have their own rules:

Google Scholar

or Baidu.com, which I have never used either.

||scholar.google.com^$other
||baidu.com^$other

Every now and then, I like to venture into unusual research projects that don't have an immediate practical purpose.

P.S.

Every major version update

146.x ----> 147.x

involves a reset of the search engines that Chrome forces you to choose.
Plus, my blocker for new version updates stops working.

 

[Sampei.Nihira]

2 new flags enabled:

• Device Bound Session Credentials (Standard) - Federated Registrations
• Device Bound Session Credentials (Standard) on Google

Google Chrome adds infostealer protection against session cookie theft

Spoiler: DBSC Maximum Security

 

[Parkinsond]

2 new flags enabled:

• Device Bound Session Credentials (Standard) - Federated Registrations
• Device Bound Session Credentials (Standard) on Google

Google Chrome adds infostealer protection against session cookie theft

Some infostealer pieces have the ability to bypass.

Malware News Thread 'A Quiet "Storm": Infostealer Hijacks Sessions, Decrypts Server-Side'

Apr 1, 2026

Meet Storm, a new infostealer that tiptoes around endpoint security tools, remotely decrypts browser credentials, and lets operators restore hijacked sessions.

A new infostealer called Storm appeared on underground cybercrime networks in early 2026, representing a shift in how credential theft is developing. For under $1,000 a month, operators get a stealer that harvests browser credentials, session cookies, and crypto wallets, then quietly ships everything to the attacker's server for decryption.

To understand why enterprises should care, it helps to know what changed. Stealers used...

• Khushal
• Replies: 2
• Forum: Security News

• 

 

[Sampei.Nihira]

Some infostealer pieces have the ability to bypass.

Malware News Thread 'A Quiet "Storm": Infostealer Hijacks Sessions, Decrypts Server-Side'

Apr 1, 2026

Meet Storm, a new infostealer that tiptoes around endpoint security tools, remotely decrypts browser credentials, and lets operators restore hijacked sessions.

A new infostealer called Storm appeared on underground cybercrime networks in early 2026, representing a shift in how credential theft is developing. For under $1,000 a month, operators get a stealer that harvests browser credentials, session cookies, and crypto wallets, then quietly ships everything to the attacker's server for decryption.

To understand why enterprises should care, it helps to know what changed. Stealers used...

• Khushal
• Replies: 2
• Forum: Security News

• 

As is often the case, the article is rather general.
I enabled 3 DBSC flags after conducting a preliminary security analysis using ChatGPT.

Until yesterday, I had 1 DBSC flag enabled.

I assume that probably 99% of users had 0 DBSC flags enabled until yesterday.
So I’d like to know of any cases where a bypass occurs with three active flags.

 

[Parkinsond]

As is often the case, the article is rather general.
I enabled 3 DBSC flags after conducting a preliminary security analysis using ChatGPT.

Until yesterday, I had 1 DBSC flag enabled.

I assume that probably 99% of users had 0 DBSC flags enabled until yesterday.
So I’d like to know of any cases where a bypass occurs with three active flags.

I think occasions of bypass are rare; there is some decline of browser credentials exfiltration since the release of such a feature in Chrome according to several sources.

 

[Sampei.Nihira]

2 new flags in Chrome:

1. Use explicit-choice dialog confirming new search engine overrides
2. Always show confirmation dialog for new search engine overrides

I enabled the second flag, which is stricter than the first.
Any extension that attempts to change the search engine must be approved.

 

[Sampei.Nihira]

I installed AMD Software Adrenalin Edition to update the graphics drivers on my PC.
I'm having some issues with the old graphics driver, especially with Chrome.

P.S.

The new version of Chrome 147.0.7727.117 and the new graphics drivers have fixed the glitch.

 

[LinuxFan58]

Firefox with uBo hard mode

Why (as a security consious member) do you use Firefox?

 

[Sampei.Nihira]

Why (as a security consious member) do you use Firefox?
View attachment 297405

There are several reasons.

One of them is that the Android version of uBo I use on my smartphone doesn’t have a log feature and is less efficient than the desktop version of uBo for Firefox, so I have to make up for those shortcomings myself.
I’d be happy to give two examples, but unfortunately I don’t think that’s possible because the most problematic sites you can search are either pirated or adult websites.

Another reason is that I like to verify certain features—some of which seem to be exclusive to Chrome (see LNA)—in Firefox as well:

https://www.wilderssecurity.com/thr...ntrusion-into-lan-filter.458225/#post-3252429

I was the one who discovered that Firefox had LNA just like Chrome, and without using Firefox, I would never have written the Sec-GPC rule for uBoL.

Without Firefox, I would never have suspected a problem with hardware acceleration in Chrome.
I submitted a report and they were fixed—obviously, I don’t take all the credit, but I believe there were three GPU-related issues fixed in this latest version.
Although I updated the graphics drivers after noticing increased fan noise and CPU (indirectly) and GPU temperatures on my Lenovo.

Another reason is that I found a website that doesn’t work in Firefox (or vice versa) compared to Chrome, so I’m submitting a report.
And I like using two browsers that aren’t both based on Chromium.

Yet another reason is the analysis of trackers blocked by Firefox + uBo but not blocked by Chrome + uBo, similar to when I ran a month of tests with PB and found three rules to add to Chrome’s AdBlock.

I noticed that your AI wrote something about privacy.
The level of privacy you can achieve in Firefox is greater than what you can get in Brave—obviously, for those who know how to make the most of about:config.

Did that satisfy your curiosity?

 

[Sampei.Nihira]

Uninstalled the default media player and replaced it with:

• VLC

which was added to the WD Anti-Exploit list with only 7 overrides.

 

[Sampei.Nihira]

Added

• Safe Browsing Local Lists use v5 API

flag in Chrome.
@LinuxFan58 tanks.