Advanced Security SpyNetGirl security config 2023

Last updated
Jan 30, 2023
How it's used?
For home and private use
Operating system
Windows 11
Other operating system
Pro for Workstation
On-device encryption
BitLocker Device Encryption for Windows
Log-in security
    • Biometrics (Windows Hello PIN, TouchID, Face, Iris, Fingerprint)
Security updates
Allow security updates and latest features
User Access Control
Always notify
Smart App Control
On
Network firewall
Real-time security
Windows Security (Defender)
Firewall security
Microsoft Defender Firewall
About custom security
Periodic malware scanners
Windows Security (Defender) automatic scan
Malware sample testing
I do participate in malware testing. See details about my testing environment below.
Browser(s) and extensions
Microsoft Edge
Secure DNS
Cloudflare
Desktop VPN
No
Password manager
Microsoft Authenticator on phone, Edge password manager on PC/Xbox
File and Photo backup
OneDrive
System recovery
External SSD
Risk factors
    • Browsing to popular websites
    • Browsing to unknown / untrusted / shady sites
    • Browsing the dark web
    • Working from home
    • Making audio/video calls
    • Opening email attachments
    • Buying from online stores, entering banks card details
    • Logging into my bank account
    • Downloading software and files from reputable sites
    • Downloading software and files from unknown / untrusted / shady sites
    • Sharing and receiving files and torrents
    • Requesting and accepting remote access
    • Gaming
    • Gaming with third-party mods
    • Streaming audio/video content from trusted sites or paid subscriptions
    • Streaming audio/video content from shady sites
    • Coding and development
    • Downloading malware samples
What I'm looking for?

Looking for minimum feedback.

LDogg

Level 33
Verified
Top Poster
Well-known
May 4, 2018
2,261
My little tips, questions & other bits:

  1. As you actively partake in malware testing, I highly recommend a VPN
  2. Add some 2nd opinion scanners such as Kaspersky Virus Removal Tool, MBAM & Norton Power Eraser
  3. Maybe look at adding a software manual backup option such as Macrium Reflect as one example
  4. I noticed a risk factor "Browsing the Internet without an ad-blocker", then noticed you have uBO, do you use another browser to surf the web with?
  5. How good is that Windows Hardening script?
  6. Also as an option to look at via a VM, have you thought about using HardConfigure & other free tools by @Andy Ful?
  7. Decent config. Very interested in the Window Script you're running from Github.
~LDogg
 

SpyNetGirl

Level 3
Thread author
Jan 30, 2023
96
My little tips, questions & other bits:

  1. As you actively partake in malware testing, I highly recommend a VPN
  2. Add some 2nd opinion scanners such as Kaspersky Virus Removal Tool, MBAM & Norton Power Eraser
  3. Maybe look at adding a software manual backup option such as Macrium Reflect as one example
  4. I noticed a risk factor "Browsing the Internet without an ad-blocker", then noticed you have uBO, do you use another browser to surf the web with?
  5. How good is that Windows Hardening script?
  6. Also as an option to look at via a VM, have you thought about using HardConfigure & other free tools by @Andy Ful?
  7. Decent config. Very interested in the Window Script you're running from Github.
~LDogg

Oh Thank you ^^
sorry for the confusion, I thought it said With adblocker, yes I do use ublock origin, removed that option from my post.
If I say so myself? the script I made is the best there is, but I want to know why it isn't so I could improve it ^^
some of the questions you asked are also Interesting and want to talk more about it with the community here, because I already wrote about them on GitHub and wanna know different opinions and different arguments :)
hopefully I'll be able to post it here soon
for testing, I use Hyper-V VM that has no Internet connection mostly, but yes if I need to expose it to the Internet with malware inside, I will make sure to use a VPN.
for backup, my OneDrive has 1TB storage and the stuff that I need to be kept in sync/backed up aren't bigger than that amount yet, if they get larger I can always add another TB to the storage.
 
Last edited:

Tarkin

New Member
Jan 27, 2023
4
My little tips, questions & other bits:

  1. As you actively partake in malware testing, I highly recommend a VPN
  2. Add some 2nd opinion scanners such as Kaspersky Virus Removal Tool, MBAM & Norton Power Eraser
  3. Maybe look at adding a software manual backup option such as Macrium Reflect as one example
  4. I noticed a risk factor "Browsing the Internet without an ad-blocker", then noticed you have uBO, do you use another browser to surf the web with?
  5. How good is that Windows Hardening script?
  6. Also as an option to look at via a VM, have you thought about using HardConfigure & other free tools by @Andy Ful?
  7. Decent config. Very interested in the Window Script you're running from Github.
~LDogg
I am also Very interested in that Windows Script.
 

Victor M

Level 7
Verified
Well-known
Oct 3, 2022
316
Hey SpyNetGirl, very pleased to meet a fellow publisher on hardening. Your site is well organized.

Take a look at this: Windows 11 Hardening Guide . This guy earns top spot when you google for "harden windows 11" The very top most recommendation he makes won't even run the way he explains it. Yet he gets top spot because he has screen shots. But that's how Google decides it to be. :(
 
Last edited:

CyberDevil

Level 6
Verified
Well-known
Apr 4, 2021
247

Interesting script, I need to take the time and adapt it a bit, for example, I don't need bitlocker, built-in defender settings and everything related to built-in security since I use Norton, but geo-blocking terrorist sponsor countries and disabling old encryption protocols is great! :)

To be honest, the project description on the githab page is not the most clear. There is a description of how to run the script, but poorly described exactly what I get. Usually there are a billion problems afterwards when it turns out that your system has become TOO safe. 😶
 

SpyNetGirl

Level 3
Thread author
Jan 30, 2023
96
Hey SpyNetGirl, very pleased to meet a fellow publisher on hardening. Your site is well organized.

Take a look at this: Windows 11 Hardening Guide . This guy earns top spot when you google for "harden windows 11" The very top most recommendation he makes won't even run the way he explains it. Yet he gets top spot because he has screen shots. But that's how Google decides it to be. :(

Hi, pleased to meet you too, thank you :3

That site seems like the typical 3rd party blog post like hundreds of others on the Internet, first time seeing this one though.
my GitHub repo basically indexes everything that Microsoft already made publicly available, links to them, uses PowerShell to automate applying them. absolutely no 3rd party or bias or bad info. I almost use no screenshot because UI elements change from time to time and I don't want to keep track of every image I upload in there and update them or risk having out of date info.

what I do however is keeping the actual info always up to date and fully tested, on both insider and stable Windows builds.

So I'd suggest using Bing instead like I do ^^

Interesting script, I need to take the time and adapt it a bit, for example, I don't need bitlocker, built-in defender settings and everything related to built-in security since I use Norton, but geo-blocking terrorist sponsor countries and disabling old encryption protocols is great! :)

Thank you ^^

Yes of course, there are lots of info to read and took me a lot of time to gather them too, so I understand, and I totally respect your decision of using Norton, but I believe you could save money by, as you said, taking your time, read through the repository and adapt the security measures already provided for free to us Windows users. after all, 3rd party AV vendors all want us to believe we need their products otherwise we are in a constant danger :)

Bitlocker, when set up using the script in the repository, can make it impossible for someone who has extended physical access to your device and has lots of skills, to access your data. if you believe your threat model doesn't include that and there isn't any possibility of someone stealing your device at all, then you can skip it ^^
 
Last edited:

CyberDevil

Level 6
Verified
Well-known
Apr 4, 2021
247
but I believe you could save money by, as you said, taking your time, read through the repository and adapt the security measures already provided for free to us Windows users. after all, 3rd party AV vendors all want us to believe we need their products otherwise we are in a constant danger :)
Agree with you, which is why I never buy just protection in packages with classic antivirus and nothing else. I bought Norton very inexpensively and got it bundled with a VPN, data leak monitor, and performance optimizer for gaming (on my computer it makes sense, given the type of processor and what I do) - it's worth it. Also, Norton itself is lighter than the defender, so I get both performance gains, which makes me happy. The money pays for itself :)

I do understand about bitlocker, but if my laptop gets stolen I'll be heartbroken, even with encrypted data. )) I don't have too important documents here. The main value on it is the bitwarden database, the others are not that critical. But this is just my case, I don't want to lose even 1% in system performance.
 
  • Like
Reactions: SpyNetGirl

SpyNetGirl

Level 3
Thread author
Jan 30, 2023
96
Agree with you, which is why I never buy just protection in packages with classic antivirus and nothing else. I bought Norton very inexpensively and got it bundled with a VPN, data leak monitor, and performance optimizer for gaming (on my computer it makes sense, given the type of processor and what I do) - it's worth it. Also, Norton itself is lighter than the defender, so I get both performance gains, which makes me happy. The money pays for itself :)

I do understand about bitlocker, but if my laptop gets stolen I'll be heartbroken, even with encrypted data. )) I don't have too important documents here. The main value on it is the bitwarden database, the others are not that critical. But this is just my case, I don't want to lose even 1% in system performance.

I have 2 different complete PCs, one equipped with Intel i7 7700k from 6+ years ago (16GB DDR4 RAM with m.2 SSD) and one with Intel i7 12700k (32GB DDR5 RAM with m.2 SSD)
I use the script I made on both of them. I do lots of tests on each and what I've seen show absolutely no decrease in performance.

imagine in 2023, using 6+ years old hardware, with iGPU (no discrete GPU) and still play games from game pass. I've played Steam games like Resident Evil 3 with mods on it! (screenshots are on my Steam profile), on the same machine, I run latest Windows 11 insider dev builds, Hyper-V VMs, Windows subsystem for Android and whatnot. all of these while everything is XTS-AEX-256 encrypted and all Windows Security (Defender) features and Device Guard features turned on.

I really think it's all just a myth that those things decrease performance, just old info that got copy pasted form website to website or blog to blog, even if they do, it's nothing compared to the security benefits they provide.

also, I don't think any 3rd party company can ever create a security solution better than people who built the OS themselves and know it inside out.

data leak monitor already exists if you use Edge password manager or Microsoft Authenticator on PC or phones. we keep hearing all the time that 3rd party password managers are getting hacked, their data base stolen, user data leaked. there is a post from few hours ago on this forum. I honestly don't see how 3rd party password manager can be safer or better than 1st party solution from a company bigger and better at security.

about VPN, I suggest reading the security recommendation on GitHub, you're probably compromising yourself by using one, if it's not a trusted one. and I don't mean having the text "we're a trustworthy VPN" on the website. there is sooo much misinformation spread by VPN providers and advertisers etc. that it's really awful.

If your laptop or device gets stolen (which I hope it NEVER happen), it's not just the data you saved on your disks that are in danger. there is also shadow of the data you previously deleted, they can be recovered and your browser data, among other things.
 
Last edited:

CyberDevil

Level 6
Verified
Well-known
Apr 4, 2021
247
imagine in 2023, using 6+ years old hardware, with iGPU (no discrete GPU) and still play games from game pass. I've played Steam games like Resident Evil 3 with mods on it! (screenshots are on my Steam profile), on the same machine, I run latest Windows 11 insider dev builds, Hyper-V VMs, Windows subsystem for Android and whatnot. all of these while everything is XTS-AEX-256 encrypted and all Windows Security (Defender) features and Device Guard features turned on.
It was enough to install Oracle and MySQL with some developer tools and I already felt that my fps is less stable :) I also don't have the newest SSD and it's obvious to me that encryption can't be costless, it's logic clear as day, you need to take data, encrypt, write, then read, decrypt - unnecessary operations. For me, it's not the information from the sites, it's how I feel that with the Defender and all the security features, I can no longer run Ghostwire Tokyo for example on ultra-settings, I'm literally missing 5 fps, but its enough. Maybe you have some special skills to keep the system in good condition. I only need to reinstall it every six months to see how any unnecessary background operations affect my user experience.

also, I don't think any 3rd party company can ever create a security solution better than people who built the OS themselves and know it inside out.
Excuse me, are you talking about a company that recently has a problem with launching its own applications that integrate with Office 365 because of an integration error? :D I think it's a huge myth that Microsoft is better at security just because they know the system better. Specialists in a specific area will always be better than departments in large companies that work all at once. Also, Microsoft's opportunities for innovation are simply destroyed by internal bureaucracy. They've been testing tabs for explorer for years. The redesign of Windows in general took 3 years and it's still pretty minimal.

data leak monitor already exists if you use Edge password manager or Microsoft Authenticator on PC or phones. we keep hearing all the time that 3rd party password managers are getting hacked, their data base stolen, user data leaked. there is a post from few hours ago on this forum. I honestly don't see how 3rd party password manager can be safer or better than 1st party solution from a company bigger and better at security.
It's still just a belief in the authority of Microsoft. Microsoft regularly has zero-day vulnerabilities in the system. Yes, there has not been an incident with their password manager yet. But there are plenty of other examples. How many zero-day vulnerabilities did major antivirus vendors have in recent years? Hear about them literally once a year. Yes, they are there, but compared to Windows ... And after all, Bitwarden has also never been hacked yet too, and its open source code is much more trustworthy to me than the black box in Edge.

about VPN, I suggest reading the security recommendation on GitHub, you're probably compromising yourself by using one, if it's not a trusted one. and I don't mean having the text "we're a trustworthy VPN" on the website. there is sooo much misinformation spread by VPN providers and advertisers etc. that it's really awful.
I don't think the Norton VPN can be operated by Iranian terrorists, but since I must use open Wi-Fi, I need it. :) In terms of VPN I have confidence only in very old and trusted companies with a long history in the market and preferably a third-party audit with jurisdiction in Western countries (absolute privacy does not bother me). For example the VPN from your GitHub I had never even heard of, which turned out to be associated with terrorists.
If your laptop or device gets stolen (which I hope it NEVER happen), it's not just the data you saved on your disks that are in danger. there is also shadow of the data you previously deleted, they can be recovered and your browser data, among other things.
As long as it's not my credit card information, let the hackers enjoy my Facebook conversations with mom and photos of our beautiful cats (we have 12 of them at home). :ROFLMAO:

-------------------------

I agree that your approach is possibly safer than mine. Just don't like too much faith in Microsoft, I don't see how anyone can trust that company and think they can do anything better than someone who makes money specifically on security and not on everything at once. :rolleyes:

Sorry for this discussion, I hope this exchange of views doesn't bother anyone. 😁
 
  • Like
  • HaHa
Reactions: kylprq and cryogent

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top