Advanced Plus Security SpiderWeb's Security Config 2020

[SpiderWeb]

Two years ago I switched from Windows to Chrome OS and I have never looked back.

The reasoning was quite easy actually. I spent most of my time in the Chrome browser on Windows 10 and I was trying to figure out if I could spend it all inside that browser. I initially bought a cheap Chromebook just to try out my hypothesis and after a year I realized that I could do it all as long as I have enough RAM so I upgraded to a Pixelbook Go.

Software Level:
I use my VPN's malware/malvertising domain filter, Chrome's built-in Enhanced Protection (safebrowsing), and Google Advanced Protection as my layers. Due to its design all processes are sandboxed at the software level and no malware can escape to cause damage or even execute. Guest mode is disabled.

Hardware Level:
On hardware-level, Google enforces verified boot, and a signed coreboot that checks that all firmware is signed and legit. It has a Titan TPM built-in and I use Titan security keys along with a long password to sign in. Unknown USB devices cannot run until sign on (Device Guard).

 

[oldschool]

It sounds like you've got yourself covered with this setup, and with an OS that's rare on the forum. Thanks for sharing.

Nice user handle too!

 

[Lenny_Fox]

Last year (before Corona) I was on a business trip with a colleague who also has a Chromebook. I was surprised that it only cost him less than 10 euro to get Wifi on the air plane. My biggest concern about Chromebook always needing an online connection does not seem to be a problem at all.

 

[Andy Ful]

Chromebooks and iPads are probably the safest solutions for many people, who use computers for simple tasks. It seems that the area of productivity is bigger each year.
Many Chromebooks allow installing MS Office Mobile applications (Android Apps support):

Sign in - Google Accounts

sites.google.com

Google has also interesting plans to integrate Windows applications to Chromebooks (for enterprises) via Microsoft Project Reunion:

How Google is bringing Windows apps to Chromebooks

Chrome OS will soon run Windows apps alongside Android ones

www.theverge.com

Anyway, Microsoft will push Windows 10X in the next year to compete with Chromebooks. This will be interesting.
There are many articles on the web about Chromebooks vs. Windows machines for people who are not decided, for example:

Chromebook vs. laptop: Buying advice and recommendations

Should you buy a Chromebook or a Windows laptop? They're similar in some ways, but fundamentally different in others. This guide will help you decide.

www.pcworld.com

 

[ForgottenSeer 85179]

Anyway, Microsoft will push Windows 10X in the next year to compete with Chromebooks. This will be interesting

Until that, Windows S mode is good too. Specially on Surface devices which are the only Windows devices with fully SecureBoot / Verified Boot

 

[Soulbound]

I do wonder what computer games you are playing with that OS and Hardware.

 

[Andy Ful]

If he wanted to play games, then he probably did not buy a laptop for that.

 

[Soulbound]

If he wanted to play games, then he probably did not buy a laptop for that.

Ill highlight in Bold the reason why i asked that. Taken from OP security config:


Backup scheduleOnce or more per weekComputer Activity

• Playing computer games
• Online banking
• Browsing the web and checking emails
• Streaming movies, TV shows and music from the Internet
• Downloading files from different websites
• Office and other work-related software (Work from Home)
• Learning computer languages or creating apps

 

[Andy Ful]

Ill highlight in Bold the reason why i asked that. Taken from OP security config:


Backup scheduleOnce or more per weekComputer Activity

• Playing computer games
• Online banking
• Browsing the web and checking emails
• Streaming movies, TV shows and music from the Internet
• Downloading files from different websites
• Office and other work-related software (Work from Home)
• Learning computer languages or creating apps

Ha, ha. Your question was perfectly reasonable. But, the answer is probably very simple: games that can be played via a web browser, android games, many Linux games, etc. (but no serious gaming with Intel UHD Graphics 615).

Best Chromebook games 2024

The best Chromebook games of the year

www.laptopmag.com

 

[ForgottenSeer 78429]

I do wonder what computer games you are playing with that OS and Hardware.

If ChromeOS supports android apps then finding games shouldn't be an issue. It has i7 8th gen and I am sure it can run all mobile games. I play COD Mobile on my mobile and latest update is just awesome (Gunsmith on CODMobile) as they are bringing more COD Warzone features to COD Mobile.

 

[Andy Ful]

@SpiderWeb,
Do you see any difference between gaming on your Chromebook and Windows Laptop?

 

[SpiderWeb]

@SpiderWeb,
Do you see any difference between gaming on your Chromebook and Windows Laptop?

The Linux environment in Chrome OS is a virtual machine so gaming feels like that. It is easier to think of it as an emulator. Integrated graphics + emulation through VM is taxing on both platforms and suboptimal although Chrome OS/Intel have done a great job to make people barely notice that you are essentially running an emulator. If I had a dedicated GPU I could tell you more on whether the sluggishness I experience in bigger 3D games is due to the iGPU or input lag. Game peripherals are easier to install and use on Chromebook. I'm primarily streaming modern 3D games through xCloud, Stadia and GeForce Now since I have Gigabit Internet. I only play lighter and older games directly on my Chromebook hardware

 

[Ink]

I'm primarily streaming modern 3D games through xCloud, Stadia and GeForce Now since I have Gigabit Internet. I only play lighter and older games directly on my Chromebook hardware

Between the three, which is your preferred? Any Pro's/Con's you've experienced? Which controllers are compatible? Can you connect an external "gaming" Keyboard/Mouse to the device?

@Soulbound

NVIDIA GeForce Now

• GeForce NOW on Chromebook: Bring Your Games with You | NVIDIA Blog
• Nvidia’s GeForce Now cloud gaming service is available on Chromebooks

Microsoft xCloud + Xbox Game Pass Ultimate (Cloud Gaming) - Includes XBL Gold.

• Cloud gaming (Beta) with Xbox Game Pass | Xbox
• Project xCloud (Preview) | Xbox

Google Stadia + Controller or Premiere Edition Bundle (for TV)

• https://store.google.com/product/stadia
• Stadia - Play for Free across your favorite devices

 

[Andy Ful]

Also, Liquid Sky, Shadow, and Parsec game-streaming services can work well on the top Chromebooks. But, the Internet connection must be really fast. The performance seems OK:

 

[Soulbound]

Between the three, which is your preferred? Any Pro's/Con's you've experienced? Which controllers are compatible? Can you connect an external "gaming" Keyboard/Mouse to the device?

@Soulbound

NVIDIA GeForce Now

• GeForce NOW on Chromebook: Bring Your Games with You | NVIDIA Blog
• Nvidia’s GeForce Now cloud gaming service is available on Chromebooks

Microsoft xCloud + Xbox Game Pass Ultimate (Cloud Gaming) - Includes XBL Gold.

• Cloud gaming (Beta) with Xbox Game Pass | Xbox
• Project xCloud (Preview) | Xbox

Google Stadia + Controller or Premiere Edition Bundle (for TV)

• https://store.google.com/product/stadia
• Stadia - Play for Free across your favorite devices

Im a user of NVIDIA but didnt reallize it would work on chromebook.

Google Stadia is the most expensive option and it was not what initially was supposed to be delivered, including severe lag etc. I tried Google Stadia since my friend bought it. I rather use NVIDIA over Stadia.

MS service is something I never followed, only briefly heard about it.

 

[SpiderWeb]

@Spawn GeForce Now because of the pricing and Steam integration. It just works and you don't have to buy from their library. $5 per month is a steal. It's the most resilient connection and the only one that cooperates with a VPN. It doesn't drop you out when you're having connectivity hiccups. Stadia and xCloud kick you off the server right away and you have to restart the game in xCloud which is annoying. GeForce Now just works the way you think it should work. No demands from the user. Pain tolerance is a function of price and to me the price/pain ratio is too high for xCloud and Stadia so once my Game Pass Ultimate runs out I will drop it for GeForce Now. There are other great providers like Shadow but at that price point? No.

Also your other question. People who are happy clickers, this is the real time malware protection in action. I think this tar.gz has an encryption script in it for a custom WireGuard config. Google did not like that. In general Google will block and delete any unknown program that can encrypt files, probably assuming they are ransomware. It will block almost all unknown or malicious files, folders, compressed or not. Password protected zip files get flagged immediately, it does not trust those by default.

 

[SpiderWeb]

For some reason neither uBlock Origin nor Windscribe are sufficient to block WebRTC if you go to Connection check | Mullvad VPN and What is my IP Address
So I added a WebRTC Network Limiter (set to Proxy) and a few extensions to really cover my bases. I also rediscovered LocalCDN which has been vastly reworked. It's now a fork off Decentraleyes and frequently updated.

Added:
-WebRTC Network Limiter
-Universal Bypass
-Bypass Paywalls
-LocalCDN

Removed:
-Link to Text Fragment
-Pass Protect

 

[Digmor Crusher]

Not sure if I would trust Mullvad's connection check. Are they just trying to upsell a product?

 

[SpiderWeb]

Not sure if I would trust Mullvad's connection check. Are they just trying to upsell a product?

True. But regardless of what they are trying to upsell, WebRTC shouldn't be leaking in any way to anyone so I always check websites for the most advanced WebRTC leak tests to see if my double hop was truly holding up. Both the Windscribe extension and the uBlock Origin extension failed even though I have it set in both. Even though neither revealed my true ISP IP, they leaked the IPs of both VPN servers that I was connected to in double hop. WebRTC Network Limiter by Google (irony) is the only one that enforces that all browser traffic goes through the proxy/VPN.

 

[SpiderWeb]

Chrome OS 85 has improved Linux performance dramatically so I'm using and enjoying my Linux based browsers a lot.