Basic Security TairikuOkami's Configuration 2019

[TairikuOkami]

Latest: Testing blocking port 80 within the browser. It blocks most malware/phishing links, not to mention ads, privacy and security.

Anti-malware tests regularly confirms, that 99% of infections come via an email (65%) or via a browser (35%).
I open emails in text and the browser is well protected. I can not use smartscreen, since it blocks my files.
AV is out of question. Besides, I test various AVs sometimes and I prefer real system testing over VM.

Windows Defender Firewall is set to block inbound/outbound, no Windows processes are allowed, only during updates.
Removed SearchUI.exe, SystemApps & Powershell. UAC with a password. "ValidateAdminCodeSignatures" is ON.
Disabled IPv6, Task Scheduler, WMI, WSH, almost all services, all Windows features, except NET Framework.

I turn off PC with Wise Cleaners + tweaks, to remove startup entries/IFEO and to restore my settings.
Anti-ransomware - backup partition - denied access to SYSTEM, Users permissions set to read only.
Windows Updates - I update shortly after release, but when I want to, not when Windows decides to.

When I really need to run some unknown exe, I check it via VirusTotal, just like PH does all the time.
I use PatchMyPC/DriverEasy to keep software/drivers updated + Softpedia's Notifier for the rest.
Windows Repair Toolbox (+Malware Removal) + custom tools, take care of basic necessitates.

Windows has 35 processes running and uses ~900MB at startup (+1GB committed, +2GB used by RAMDisk)
There is zero disk and network activity, but I would still love to disable network store interface and base filtering.

I am considering those AVs (in this order):
Panda - virtually no performance impact, but too many processes
Immunet - a nice GUI, working cloud community, only 2 processes

Please do not recommend following products:
Avira, BD, Windows Defender - hardware killers
Avast, AVG, Comodo, ZoneAlarm - cause BSOD
Nano AV, Tencent PC Manager - slow servers/updates
KFA is a junkware with telemetry, KSC is picky about users
CrowdStrike, ESET, Symantec have $$$ and also score well in test labs
Malwarebytes - it is a dead product to me, just like Spybot, SuperAntispyware

 

[Deleted member 178]

I wouldn't name yours "insecure" but "non-advised"

 

[TairikuOkami]

Still can not decide about web protection between: K9 vs Forticlient vs Emsisoft, they all offer the same level of protection.
I chose K9 at the moment, because of web filtering and it works system wide, not sure if Forticlient's web filter does the same?

EDIT: The only problem is privacy, Emsisoft sends hashes, K9 and FC send URLs unencrypted. Then again, I access naughty webpages via TOR.

Thinking about Forticlient, Immunet, Panda, because 3rd party AV can slightly improve performance. It caches/moves file operations from disk to RAM. Cloud AVs are lighter.
Reference: Video - Is Windows Defender actually heavier than other Antivirus? [TPSC]

EDIT: OK, it seems, that 3rd party AV has no measurable performance impact on my system, though BD, Forticlient and WD slow down boot noticeably (BD/WD considerably).

 

[JM Safe]

I agree the best AV is brain.exe, but I would enable OS updates to fix vulnerabilities. I know you don't like on-demand scanners, but if you change idea add EEK and ZAM Free. However you can add exclusions to Smartscreen: How To Whitelist Apps In The SmartScreen On Windows 10

 

[Deleted member 178]

Unfortunately, Brain.exe won't save you against what you don't know.

 

[JM Safe]

Unfortunately, Brain.exe won't save you against what you don't know.

Yes I know, infact I always use SBIE so I cannot get infected.

 

[JM Safe]

The first defense must be the browser, if you use Chrome with the right extensions and SBIE you are 90 % good to go.

 

[TairikuOkami]

However you can add exclusions to Smartscreen: How To Whitelist Apps In The SmartScreen On Windows 10

SmartScreen ignores them. It seems, that it evaluates per command basis, every time the file touches something it should not, it raises an alert.

Besides, I could not get SmartScreen working, even if I wanted too, it demands too much, just like Windows Defender. I prefer standalone apps, like SecureAPlus for a cloud evaluation, since the more dependent they are on the system, the easier they can be disabled by a hacker/malware.

EDIT: I had to abandon K9. It works very well, but it refuses to save config and ignores HTTPS exclusions. Until they update GUI, back to Emsisoft.

EDIT 2: I have also installed Panda and I have decided to keep it, for the time being. It is super light and quiet, I have killed the GUI. I used it before, mostly because I loved the cute systray icon. Yes, I used it for that reason alone, I would buy the paid version, if I could get that icon back.

EDIT 3: I am also testing EaseUS Todo Backup, not sure how to set it up, never really used a backup before. Rollback, Aomei, Macrium failed me.

EDIT 4: Hahaha. When I copy/paste my browser, I can use use it even after a clean install, all logins/extensions, everything is setup. When I restored it using the backup software, nothing worked, extensions were broken, could not be even reinstalled, so much for the all mighty backup.

 

[TairikuOkami]

Unfortunately, Brain.exe won't save you against what you don't know.

OK, with the heavy hearth, I have decided to keep Panda, sort of as a backup. It has zero performance impact (CPU Time is comparable to Setpoint), just the idea of running AV is slightly bothersome to me (after years of no AV), but I have disabled its GUI, so I will not even notice it. An interesting observation, I recall someone mentioning scanning after a download: It blocked some downloaded malware automatically, but not all, after a manual scan, it removed the rest and upon re-download, they were deleted automatically as well. So the could seems to be working well, it should be a fine replacement for broken smartscreen. As for a backup, until I find one working for my customized Windows, I will give it a rest.

 

[Deleted member 178]

With the customization skills you have, I wonder why you dont use any SRP or Anti-exe, they are lighter and more efficient than panda, and won't disturb you if properly set.

 

[TairikuOkami]

I really dislike 3rd party apps, not just because they increase the attack surface. I tried SRP and it gave too much of a headache. Since I use commands to change system settings (like startup entries/Winlogon), they got blocked sometimes and even bricked my system as the result.

EDIT: Testing RollBack Rx Home again. Last time I used version 10 and 11 was recently released, so maybe it will work better, like no BSOD.

 

[TairikuOkami]

Removed Panda - it slowed down running my commands, loading webpages and system felt sluggish overall.
Removed RollBack Rx - I do not like hidden partitions, inability to actually backup backups and it also blocked defrag.

Trying EaseUS Todo again. Automatic backup does not work, I have to remember to keep doing it manually and test its effectiveness eventually.
Changed UltraDNS Threat to UltraDNS Business Secure, it blocks proxy and such, so it should block some malware trying to download a payload.

 

[Lightning_Brian]

@TairikuOkami !

I would suggest using Macrium Reflect friend! Link: Macrium Software | Macrium Reflect Free

If you find you like Macrium Reflect I would suggest looking at viBoot Link: Macrium Software | Macrium viBoot

Those two combined are really cool!

Another good recommendation would be to look at AOMEI Backupper Standard (Free)! Link: Best Free Backup Software for Windows 10, Windows 8.1/8, Windows 7, Vista, XP

I use the professional grade AOMEI Backupper, but I started off with the free version first. Gotta weigh if you want the professional features or not.

Be forewarned: I crashed and burned with EaseUS ToDo a long time ago.... and it has since left a bade taste that I will never ever forget. Hence the reason why I have three backup tools now - got burned once and will never happen again!!

I without a doubt here you on the RollBack Rx. A lot of my friends are having issues with the program right now... I have seen a lot of folks on MT say goodby to the program for now or competently due to various issues as you have described.

Side note: wondered why you weren't called out for a lot of extensions on your web browser?! LOL Mine did... and I didn't think I had even 1/3 of yours. haha!

~Brian

 

[TairikuOkami]

Side note: wondered why you weren't called out for a lot of extensions on your web browser?!

I like to keep extensions to the minimum, but they piled up. I can not imagine parting with any of them.
"Context Menu Search" is outdated and probably malicious (it reads history for no reason), but I need it.

I would suggest using Macrium Reflect friend!
Another good recommendation would be to look at AOMEI Backupper Standard (Free)!

Thanks, I have tried both, but both failed. I would not mind using a backup, but I have yet to find one, that would work on my system (scripting disabled, etc). Thus far it seems, there are only 4 in the world. Maybe there are some less known, but I have not had much luck finding them.

 

[ForgottenSeer 69673]

Just curious as to what you mean by Marcrium failed. In what way?

 

[TairikuOkami]

It just says fail. If a backup software fails to even create a backup, how can I trust it? I have zero patience for such an incompetence.

 

[ForgottenSeer 69673]

This is after you turned off all your security programs? It is unusual for MR to fail unless another factor is involved.

 

[Andy Ful]

...I can not use smartscreen, since it blocks my files.
...

SmartScreen can block the file only once (if bypassed by the user). What is your problem with SmartScreen?

 

[Andy Ful]

However you can add exclusions to Smartscreen: How To Whitelist Apps In The SmartScreen On Windows 10

This method can be useful only when you set SmartScreen for Explorer to Block. Otherwise, you can simply bypass SmartScreen, and next you will not see any SmartScreen alert.

 

[Handsome Recluse]

Thanks, I have tried both, but both failed. I would not mind using a backup, but I have yet to find one, that would work on my system (scripting disabled, etc). Thus far it seems, there are only 4 in the world. Maybe there are some less known, but I have not had much luck finding them.

What programs didn't work?