SECURITY: Complete SpiderWeb's Security Config 2020

Last updated
Sep 20, 2020
About
Personal, primary device
Desktop OS
Chrome OS
Login security
    • Hardware security key
Primary sign-in
Google account
Primary user
Standard user - Limited permissions
Security updates
Automatic - allow all types of updates
Windows UAC
Real-time protection
Google Advanced Protection
Google Play Protect
Software firewall
Linux built-in and configured
Custom RTP, Firewall and OS settings
Limiting apps from outside Play Store
Scan all unknown sources
Malware testing
No malware samples
Periodic security scanners
Google Advanced Protection
Browsers, Search and Addons
Bitwarden, Pocket, Windscribe, uBlock Origin, HTTPS Everywhere, Stylus, Violentmonkey, The Great Suspender, Pandora, Clip Cloud, LinkPeelr, SponsorBlock, Recorded Future Express, WebRTC Network Limiter, Universal Bypass, Bypass Paywalls
Maintenance and Cleaning
SD Maid Pro (Android)
Personal Files & Photos backup
Google One
Personal backup routine
Automatic (scheduled)
Device recovery & backup
Google One
Device backup routine
Manual (maintained by self)
PC activity
  1. PC and cloud gaming. 
  2. Banking. 
  3. Browsing the web. 
  4. Streaming. 
  5. Browsing to unknown sites. 
  6. Working from home. 
  7. Multimedia. 
Computer specs
Personal changelog
22nd August - Initial, removed Guest mode, updated to 84. Updated screenshots.
20th September - Added & configured Tor browser.

SpiderWeb

Level 6
Aug 21, 2020
256
Two years ago I switched from Windows to Chrome OS and I have never looked back.

The reasoning was quite easy actually. I spent most of my time in the Chrome browser on Windows 10 and I was trying to figure out if I could spend it all inside that browser. I initially bought a cheap Chromebook just to try out my hypothesis and after a year I realized that I could do it all as long as I have enough RAM so I upgraded to a Pixelbook Go.

Software Level:
I use my VPN's malware/malvertising domain filter, Chrome's built-in Enhanced Protection (safebrowsing), and Google Advanced Protection as my layers. Due to its design all processes are sandboxed at the software level and no malware can escape to cause damage or even execute. Guest mode is disabled.

Hardware Level:
On hardware-level, Google enforces verified boot, and a signed coreboot that checks that all firmware is signed and legit. It has a Titan TPM built-in and I use Titan security keys along with a long password to sign in. Unknown USB devices cannot run until sign on (Device Guard).

pixelbook.jpg

screenshot-2020-08-22 - Edited.jpg

screenshot2.jpg


Screenshot 2020-08-21 at 18.38.55.png
 
Last edited:

Lenny_Fox

Level 22
Verified
Oct 1, 2019
1,125
Last year (before Corona) I was on a business trip with a colleague who also has a Chromebook. I was surprised that it only cost him less than 10 euro to get Wifi on the air plane. My biggest concern about Chromebook always needing an online connection does not seem to be a problem at all.
 

Andy Ful

Level 72
Verified
Trusted
Content Creator
Dec 23, 2014
6,128
Chromebooks and iPads are probably the safest solutions for many people, who use computers for simple tasks. It seems that the area of productivity is bigger each year.
Many Chromebooks allow installing MS Office Mobile applications (Android Apps support):

Google has also interesting plans to integrate Windows applications to Chromebooks (for enterprises) via Microsoft Project Reunion:

Anyway, Microsoft will push Windows 10X in the next year to compete with Chromebooks. This will be interesting.:)
There are many articles on the web about Chromebooks vs. Windows machines for people who are not decided, for example:
 

Soulbound

Moderator
Verified
Staff member
Jan 14, 2015
1,770
If he wanted to play games, then he probably did not buy a laptop for that.:)
Ill highlight in Bold the reason why i asked that. Taken from OP security config:


Backup scheduleOnce or more per weekComputer Activity
  • Playing computer games
  • Online banking
  • Browsing the web and checking emails
  • Streaming movies, TV shows and music from the Internet
  • Downloading files from different websites
  • Office and other work-related software (Work from Home)
  • Learning computer languages or creating apps
 

Andy Ful

Level 72
Verified
Trusted
Content Creator
Dec 23, 2014
6,128
Ill highlight in Bold the reason why i asked that. Taken from OP security config:


Backup scheduleOnce or more per weekComputer Activity
  • Playing computer games
  • Online banking
  • Browsing the web and checking emails
  • Streaming movies, TV shows and music from the Internet
  • Downloading files from different websites
  • Office and other work-related software (Work from Home)
  • Learning computer languages or creating apps
Ha, ha. Your question was perfectly reasonable. But, the answer is probably very simple: games that can be played via a web browser, android games, many Linux games, etc. (but no serious gaming with Intel UHD Graphics 615).

 
Last edited:

Upendra19

Level 5
Mar 5, 2019
216
I do wonder what computer games you are playing with that OS and Hardware.
If ChromeOS supports android apps then finding games shouldn't be an issue. It has i7 8th gen and I am sure it can run all mobile games. I play COD Mobile on my mobile and latest update is just awesome (Gunsmith on CODMobile) as they are bringing more COD Warzone features to COD Mobile.
 

SpiderWeb

Level 6
Aug 21, 2020
256
@SpiderWeb,
Do you see any difference between gaming on your Chromebook and Windows Laptop?
The Linux environment in Chrome OS is a virtual machine so gaming feels like that. It is easier to think of it as an emulator. Integrated graphics + emulation through VM is taxing on both platforms and suboptimal although Chrome OS/Intel have done a great job to make people barely notice that you are essentially running an emulator. If I had a dedicated GPU I could tell you more on whether the sluggishness I experience in bigger 3D games is due to the iGPU or input lag. Game peripherals are easier to install and use on Chromebook. I'm primarily streaming modern 3D games through xCloud, Stadia and GeForce Now since I have Gigabit Internet. I only play lighter and older games directly on my Chromebook hardware
 

Spawn

Administrator
Verified
Staff member
Jan 8, 2011
21,053
I'm primarily streaming modern 3D games through xCloud, Stadia and GeForce Now since I have Gigabit Internet. I only play lighter and older games directly on my Chromebook hardware
Between the three, which is your preferred? Any Pro's/Con's you've experienced? Which controllers are compatible? Can you connect an external "gaming" Keyboard/Mouse to the device?

@Soulbound

NVIDIA GeForce Now
Microsoft xCloud + Xbox Game Pass Ultimate (Cloud Gaming) - Includes XBL Gold.
Google Stadia + Controller or Premiere Edition Bundle (for TV)
 

Soulbound

Moderator
Verified
Staff member
Jan 14, 2015
1,770
Between the three, which is your preferred? Any Pro's/Con's you've experienced? Which controllers are compatible? Can you connect an external "gaming" Keyboard/Mouse to the device?

@Soulbound

NVIDIA GeForce Now
Microsoft xCloud + Xbox Game Pass Ultimate (Cloud Gaming) - Includes XBL Gold.
Google Stadia + Controller or Premiere Edition Bundle (for TV)
Im a user of NVIDIA but didnt reallize it would work on chromebook.

Google Stadia is the most expensive option and it was not what initially was supposed to be delivered, including severe lag etc. I tried Google Stadia since my friend bought it. I rather use NVIDIA over Stadia.

MS service is something I never followed, only briefly heard about it.
 

SpiderWeb

Level 6
Aug 21, 2020
256
@Spawn GeForce Now because of the pricing and Steam integration. It just works and you don't have to buy from their library. $5 per month is a steal. It's the most resilient connection and the only one that cooperates with a VPN. It doesn't drop you out when you're having connectivity hiccups. Stadia and xCloud kick you off the server right away and you have to restart the game in xCloud which is annoying. GeForce Now just works the way you think it should work. No demands from the user. Pain tolerance is a function of price and to me the price/pain ratio is too high for xCloud and Stadia so once my Game Pass Ultimate runs out I will drop it for GeForce Now. There are other great providers like Shadow but at that price point? No. :D

Also your other question. People who are happy clickers, this is the real time malware protection in action. I think this tar.gz has an encryption script in it for a custom WireGuard config. Google did not like that. In general Google will block and delete any unknown program that can encrypt files, probably assuming they are ransomware. It will block almost all unknown or malicious files, folders, compressed or not. Password protected zip files get flagged immediately, it does not trust those by default.
 

Attachments

  • Screenshot 2020-08-22 at 14.25.00.png
    Screenshot 2020-08-22 at 14.25.00.png
    68.4 KB · Views: 95
Last edited:

SpiderWeb

Level 6
Aug 21, 2020
256
For some reason neither uBlock Origin nor Windscribe are sufficient to block WebRTC if you go to Connection check | Mullvad VPN and What is my IP Address
So I added a WebRTC Network Limiter (set to Proxy) and a few extensions to really cover my bases. I also rediscovered LocalCDN which has been vastly reworked. It's now a fork off Decentraleyes and frequently updated.

Added:
-WebRTC Network Limiter
-Universal Bypass
-Bypass Paywalls
-LocalCDN

Removed:
-Link to Text Fragment
-Pass Protect
 

Attachments

  • Screenshot 2020-08-26 at 20.10.16.png
    Screenshot 2020-08-26 at 20.10.16.png
    74.5 KB · Views: 101
  • Screenshot 2020-08-26 at 20.05.51.png
    Screenshot 2020-08-26 at 20.05.51.png
    297.1 KB · Views: 88
Last edited:

SpiderWeb

Level 6
Aug 21, 2020
256
Not sure if I would trust Mullvad's connection check. Are they just trying to upsell a product?
True. But regardless of what they are trying to upsell, WebRTC shouldn't be leaking in any way to anyone so I always check websites for the most advanced WebRTC leak tests to see if my double hop was truly holding up. Both the Windscribe extension and the uBlock Origin extension failed even though I have it set in both. Even though neither revealed my true ISP IP, they leaked the IPs of both VPN servers that I was connected to in double hop. WebRTC Network Limiter by Google (irony) is the only one that enforces that all browser traffic goes through the proxy/VPN.
 
Top