- Jan 30, 2023
- 113
Here is my security configuration for 2023
SpyNetGirl security config 2023
- Thread starter SpyNetGirl
- Start date
- May 4, 2018
- 2,261
My little tips, questions & other bits:
- As you actively partake in malware testing, I highly recommend a VPN
- Add some 2nd opinion scanners such as Kaspersky Virus Removal Tool, MBAM & Norton Power Eraser
- Maybe look at adding a software manual backup option such as Macrium Reflect as one example
- I noticed a risk factor "Browsing the Internet without an ad-blocker", then noticed you have uBO, do you use another browser to surf the web with?
- How good is that Windows Hardening script?
- Also as an option to look at via a VM, have you thought about using HardConfigure & other free tools by @Andy Ful?
- Decent config. Very interested in the Window Script you're running from Github.
- Jan 30, 2023
- 113
Oh Thank you ^^
sorry for the confusion, I thought it said With adblocker, yes I do use ublock origin, removed that option from my post.
If I say so myself? the script I made is the best there is, but I want to know why it isn't so I could improve it ^^
some of the questions you asked are also Interesting and want to talk more about it with the community here, because I already wrote about them on GitHub and wanna know different opinions and different arguments
hopefully I'll be able to post it here soon
for testing, I use Hyper-V VM that has no Internet connection mostly, but yes if I need to expose it to the Internet with malware inside, I will make sure to use a VPN.
for backup, my OneDrive has 1TB storage and the stuff that I need to be kept in sync/backed up aren't bigger than that amount yet, if they get larger I can always add another TB to the storage.
Last edited:
Tarkin
New Member
- Jan 27, 2023
- 4
I am also Very interested in that Windows Script.
- Mar 29, 2018
- 7,599
Nice, simple configuration making use of Windows built-in security. Also a nice job on your GitHub page. Very thorough.
- Apr 19, 2017
- 249
I recommend taking a look at hardeningkitty: GitHub - scipag/HardeningKitty: HardeningKitty - Checks and hardens your Windows configuration
My PC does not meet11 requirements but i still run 11 enterprises. 2. pOwerschelL NEVER allowed to run on this pc
- Oct 3, 2022
- 576
Hey SpyNetGirl, very pleased to meet a fellow publisher on hardening. Your site is well organized.
Take a look at this: Windows 11 Hardening Guide . This guy earns top spot when you google for "harden windows 11" The very top most recommendation he makes won't even run the way he explains it. Yet he gets top spot because he has screen shots. But that's how Google decides it to be.
Take a look at this: Windows 11 Hardening Guide . This guy earns top spot when you google for "harden windows 11" The very top most recommendation he makes won't even run the way he explains it. Yet he gets top spot because he has screen shots. But that's how Google decides it to be.
Last edited:
- Apr 4, 2021
- 358
Harden-Windows-Security/Harden-Windows-Security.ps1 at main · HotCakeX/Harden-Windows-Security
Harden Windows 11 safely, securely using Official Supported methods with proper explanation | Always up-to-date and works with the latest build of Windows - Harden-Windows-Security/Harden-Windows-S...github.com
Interesting script, I need to take the time and adapt it a bit, for example, I don't need bitlocker, built-in defender settings and everything related to built-in security since I use Norton, but geo-blocking terrorist sponsor countries and disabling old encryption protocols is great!
To be honest, the project description on the githab page is not the most clear. There is a description of how to run the script, but poorly described exactly what I get. Usually there are a billion problems afterwards when it turns out that your system has become TOO safe.
- Jan 30, 2023
- 113
Hey SpyNetGirl, very pleased to meet a fellow publisher on hardening. Your site is well organized.
Take a look at this: Windows 11 Hardening Guide . This guy earns top spot when you google for "harden windows 11" The very top most recommendation he makes won't even run the way he explains it. Yet he gets top spot because he has screen shots. But that's how Google decides it to be.
Hi, pleased to meet you too, thank you :3
That site seems like the typical 3rd party blog post like hundreds of others on the Internet, first time seeing this one though.
my GitHub repo basically indexes everything that Microsoft already made publicly available, links to them, uses PowerShell to automate applying them. absolutely no 3rd party or bias or bad info. I almost use no screenshot because UI elements change from time to time and I don't want to keep track of every image I upload in there and update them or risk having out of date info.
what I do however is keeping the actual info always up to date and fully tested, on both insider and stable Windows builds.
So I'd suggest using Bing instead like I do ^^
Interesting script, I need to take the time and adapt it a bit, for example, I don't need bitlocker, built-in defender settings and everything related to built-in security since I use Norton, but geo-blocking terrorist sponsor countries and disabling old encryption protocols is great!
Thank you ^^
Yes of course, there are lots of info to read and took me a lot of time to gather them too, so I understand, and I totally respect your decision of using Norton, but I believe you could save money by, as you said, taking your time, read through the repository and adapt the security measures already provided for free to us Windows users. after all, 3rd party AV vendors all want us to believe we need their products otherwise we are in a constant danger
Bitlocker, when set up using the script in the repository, can make it impossible for someone who has extended physical access to your device and has lots of skills, to access your data. if you believe your threat model doesn't include that and there isn't any possibility of someone stealing your device at all, then you can skip it ^^
Last edited:
- Apr 4, 2021
- 358
Agree with you, which is why I never buy just protection in packages with classic antivirus and nothing else. I bought Norton very inexpensively and got it bundled with a VPN, data leak monitor, and performance optimizer for gaming (on my computer it makes sense, given the type of processor and what I do) - it's worth it. Also, Norton itself is lighter than the defender, so I get both performance gains, which makes me happy. The money pays for itselfbut I believe you could save money by, as you said, taking your time, read through the repository and adapt the security measures already provided for free to us Windows users. after all, 3rd party AV vendors all want us to believe we need their products otherwise we are in a constant danger
I do understand about bitlocker, but if my laptop gets stolen I'll be heartbroken, even with encrypted data. )) I don't have too important documents here. The main value on it is the bitwarden database, the others are not that critical. But this is just my case, I don't want to lose even 1% in system performance.
- Jan 30, 2023
- 113
Agree with you, which is why I never buy just protection in packages with classic antivirus and nothing else. I bought Norton very inexpensively and got it bundled with a VPN, data leak monitor, and performance optimizer for gaming (on my computer it makes sense, given the type of processor and what I do) - it's worth it. Also, Norton itself is lighter than the defender, so I get both performance gains, which makes me happy. The money pays for itself
I do understand about bitlocker, but if my laptop gets stolen I'll be heartbroken, even with encrypted data. )) I don't have too important documents here. The main value on it is the bitwarden database, the others are not that critical. But this is just my case, I don't want to lose even 1% in system performance.
I have 2 different complete PCs, one equipped with Intel i7 7700k from 6+ years ago (16GB DDR4 RAM with m.2 SSD) and one with Intel i7 12700k (32GB DDR5 RAM with m.2 SSD)
I use the script I made on both of them. I do lots of tests on each and what I've seen show absolutely no decrease in performance.
imagine in 2023, using 6+ years old hardware, with iGPU (no discrete GPU) and still play games from game pass. I've played Steam games like Resident Evil 3 with mods on it! (screenshots are on my Steam profile), on the same machine, I run latest Windows 11 insider dev builds, Hyper-V VMs, Windows subsystem for Android and whatnot. all of these while everything is XTS-AEX-256 encrypted and all Windows Security (Defender) features and Device Guard features turned on.
I really think it's all just a myth that those things decrease performance, just old info that got copy pasted form website to website or blog to blog, even if they do, it's nothing compared to the security benefits they provide.
also, I don't think any 3rd party company can ever create a security solution better than people who built the OS themselves and know it inside out.
data leak monitor already exists if you use Edge password manager or Microsoft Authenticator on PC or phones. we keep hearing all the time that 3rd party password managers are getting hacked, their data base stolen, user data leaked. there is a post from few hours ago on this forum. I honestly don't see how 3rd party password manager can be safer or better than 1st party solution from a company bigger and better at security.
about VPN, I suggest reading the security recommendation on GitHub, you're probably compromising yourself by using one, if it's not a trusted one. and I don't mean having the text "we're a trustworthy VPN" on the website. there is sooo much misinformation spread by VPN providers and advertisers etc. that it's really awful.
If your laptop or device gets stolen (which I hope it NEVER happen), it's not just the data you saved on your disks that are in danger. there is also shadow of the data you previously deleted, they can be recovered and your browser data, among other things.
Last edited:
- Apr 4, 2021
- 358
It was enough to install Oracle and MySQL with some developer tools and I already felt that my fps is less stable
I also don't have the newest SSD and it's obvious to me that encryption can't be costless, it's logic clear as day, you need to take data, encrypt, write, then read, decrypt - unnecessary operations. For me, it's not the information from the sites, it's how I feel that with the Defender and all the security features, I can no longer run Ghostwire Tokyo for example on ultra-settings, I'm literally missing 5 fps, but its enough. Maybe you have some special skills to keep the system in good condition. I only need to reinstall it every six months to see how any unnecessary background operations affect my user experience.Excuse me, are you talking about a company that recently has a problem with launching its own applications that integrate with Office 365 because of an integration error?
I think it's a huge myth that Microsoft is better at security just because they know the system better. Specialists in a specific area will always be better than departments in large companies that work all at once. Also, Microsoft's opportunities for innovation are simply destroyed by internal bureaucracy. They've been testing tabs for explorer for years. The redesign of Windows in general took 3 years and it's still pretty minimal.It's still just a belief in the authority of Microsoft. Microsoft regularly has zero-day vulnerabilities in the system. Yes, there has not been an incident with their password manager yet. But there are plenty of other examples. How many zero-day vulnerabilities did major antivirus vendors have in recent years? Hear about them literally once a year. Yes, they are there, but compared to Windows ... And after all, Bitwarden has also never been hacked yet too, and its open source code is much more trustworthy to me than the black box in Edge.
I don't think the Norton VPN can be operated by Iranian terrorists, but since I must use open Wi-Fi, I need it.
In terms of VPN I have confidence only in very old and trusted companies with a long history in the market and preferably a third-party audit with jurisdiction in Western countries (absolute privacy does not bother me). For example the VPN from your GitHub I had never even heard of, which turned out to be associated with terrorists.As long as it's not my credit card information, let the hackers enjoy my Facebook conversations with mom and photos of our beautiful cats (we have 12 of them at home).
-------------------------
I agree that your approach is possibly safer than mine. Just don't like too much faith in Microsoft, I don't see how anyone can trust that company and think they can do anything better than someone who makes money specifically on security and not on everything at once.
Sorry for this discussion, I hope this exchange of views doesn't bother anyone.
Similar threads
