Latest changes
Aug 11, 2020
Daily driver
My Primary device
Operating system
Windows 10 Home
OS version
Version 2004 (OS Build 19041.423)
System type
64-bit operating system; x64-based processor
Security updates
Automatically allow security updates only
Windows UAC
Always notify
Firewall protection
Microsoft Defender Firewall
Account privileges
Administrator account
Account type
Sign in with associated Microsoft ID
Account log-in
  • Windows Hello PIN
  • Exposure to malware
    No malware samples are downloaded
    Real-time Malware protection
    RTP configuration
    Periodic scanners
    None (I do not have time to spare)
    Browser and Add-ons
    Yandex Browser with Protect, it includes protected mode (enables a strict check of certificates and disables the extensions)
    Browser is allowed to connect only via port 443, port 80 is blocked, that should block most malware/phishing/unsecure links.

    AdGuard AdBlocker (protects your privacy by blocking common third-party tracking systems)
    Bitwarden (a secure and free password manager for all of your devices)
    Cache Killer (clears the browser cache automatically on opening a new tab or refreshing a tab)
    Cookie AutoDelete (auto-delete unused cookies from closed tabs while keeping the ones you want)
    Enhancer for YouTube (AD blocking and Auto HD Quality)
    Poper Blocker (blocking iframes, thus coinminers and malware: CVE-2020-6519)
    Selection Search (use the right-click menu to search for selected text in any search engines)
    Privacy tools and VPN
    Password manager
    Bitwarden (online)
    Search engine
    DuckDuckGo (Moderate)
    Maintenance tools
    Photos and Files backup
    Copy/Paste - automatic backups deleted my files, twice, I will not fall for that again.
    I backup non-essential files to the second PC and to Icedrive, the rest wherever I can.
    File Backup schedule
    Once or multiple times per month
    Backup and Restore
    Backup schedule
    Once or more per month
    Computer Activity
  • Playing computer games
  • Online banking
  • Browsing the web and checking emails
  • Streaming movies, TV shows and music from the Internet
  • Office and other work-related software (Work from Home)
  • Computer Specifications
    Your changelog
    2020-08-08 Back to easier to read DDG Search
    2020-08-08 Removed Panda due to slowness
    2020-08-01 Changed search engine to Google
    2020-08-01 Removed Keepass for good
    2020-07-26 Installed Panda Dome Free
    2020-07-25 Installed EaseUS Todo Backup
    2020-06-06 Switched from Neustar to Quad9
    2020-05-31 Switched from the local to MSA
    2020-05-12 Yandex Browser updated to 64-bit
    2020-03-02 Updated to Windows 10 Version 2004
    Footnote - I would never recommend/trust: ESET, Avast/AVG, Avira, Malwarebytes.
    Staff notes

    This setup configuration may put your device at risk .
    We don't recommend that other members use this security setup. We cannot be held responsible for problems that may occur to your device by using this security setup.

    This setup configuration doesn't have a backup plan. We strongly recommend to add a backup solution for your data so that you can restore it in the case of an emergency.
    Backing up allows the recovery of data that has been lost due of a malware attack (eg. ransomware) or a hard disk crash. In such events you might lose family photos, your music collection, documents, or financial data. Backups are fast and simple to perform so it should be done on a regular basis.

    TairikuOkami

    Level 27
    Verified
    Content Creator
    Anti-malware tests regularly confirm, that ~99% of infections come via an email (65%) or via a browser (35%).
    My browser uses CleanBrowsingDNS blocking malicious/phishing links and I open emails in a plain txt only.

    Windows Firewall is set to block all traffic except allowed apps, so it is default deny without notifications.
    Disabled IPv6, Telemetry, WSH, some vulnerable services, all Windows features, except NET Framework.

    I turn off PC with Wise Cleaners + tweaks, to remove startup entries/policies and to restore my settings.
    Anti-ransomware - backup partition - denied access to SYSTEM, Users permissions set to read only.

    I use PatchMyPC/DriverEasy to keep software/drivers updated + Softpedia's Notifier for the rest.
    Windows Repair Toolbox (+Malware Removal) + custom tools, take care of basic necessitates.

    EDIT: Since MS is moving Windows towards a scripted nightmare, I had no choice, but to ease down my tweaks.
    Windows Defender can not be disabled, thus I have installed a cloud AV, just to prevent it from enabling itself.
     

    Attachments

    Last edited:

    shmu26

    Level 85
    Verified
    Trusted
    Content Creator
    Anti-malware tests regularly confirms, that ~99% of infections come via an email (65%) or via a browser (35%).
    I open emails in txt and the browser is well protected. I can not use AV/smartscreen, since they block my files.

    Windows Firewall is set to block inbound/outbound, no Windows processes are allowed, only a few apps.
    Removed Powershell. Disabled IPv6, WMI, WSH, almost all services, all Windows features, except NET.

    I turn off PC with Wise Cleaners + tweaks, to remove startup entries/IFEO and to restore my settings.
    Anti-ransomware - backup partition - denied access to SYSTEM, Users permissions set to read only.

    I use PatchMyPC/DriverEasy to keep software/drivers updated + Softpedia's Notifier for the rest.
    Windows Repair Toolbox (+Malware Removal) + custom tools, take care of basic necessitates.

    Windows has 43 processes running and uses ~1,4 GB at startup (+6GB committed, +4GB used by RAMDisk)
    There is zero disk and network activity, but I would still love to disable network store interface and base filtering.
    A work of art :)
     

    TairikuOkami

    Level 27
    Verified
    Content Creator
    I have switched to Microsoft Account. It will be eventually mandatory anyway, so better to get used to it and accustom my tweaks to be able to handle it.
    Like Wininet\CacheTask is needed in order to change the account to MSA and I had to install bitwarden desktop to be able to copy/paste my password.
    I like the idea of having 100+ password and using PIN for the login and UAC. 10 takes it well, 50 processes, 1,4GB RAM and no CPU/HDD/NET activity.
     

    Attachments

    TairikuOkami

    Level 27
    Verified
    Content Creator
    One more little update. Because of recent issues with Windows, I have decided to let go of my prejudice against Microsoft and I gave it a chance.
    I have disabled only bare annoyances like telemetry. notifications and vulnerable processes, but MS store and Windows updates are up and running.

    Since Windows Defender can not be disabled without causing a meltdown, I have replaced it with Panda. I have disabled its GUI, so it works silently.
    Windows with 80 processes takes 1,8GB RAM and uses 16GB of disk space. Panda takes approximately 100MB. I already love this setup overall. 🐺
     

    Attachments

    TairikuOkami

    Level 27
    Verified
    Content Creator
    Being less paranoid, I changed DDG back to Google, it gives way better results and it tracks me over social accounts anyway (via targeted ADs). 🤷‍♂️
    Not to mention, that I intend to get Android phone to pair it with my Fitbit Charge, so not really a choice anyway. Currently paired with an ancient Lumia.
    I have also removed Keepass in favor of Bitwarden, moved passwords there except core ones used for 2FA, they are stored in a password protected xlsx.
     

    TairikuOkami

    Level 27
    Verified
    Content Creator
    What is/was your RamDisk "strategy" ?
    4GB used for Browser, Discord cache, Temp, Documents (game saves) and Desktop (used for downloads), all in order to save SSD writes as well. I usually have 2-3GB free space left, that is more or less enough. In case I need to download bigger files, I just temporarily move downloads. Of course, every time I restart, 4GB gets saved, so not saving SSD as much, but in case of emergency I can hit hard reset and nothing gets saved, it would act as reboot restore.
     

    Attachments

    Last edited:

    sepik

    Level 7
    Hello,
    I assume you also have %tmp% and %temp% variables set to redirected to your ramdrive too?
    Isn't quite risky to have game saves inside the ramdisk? Even it is persistent drive?
    Any probs with Windows Updates?
    I've tested Softperfect Ramdisk and Primo Ramdisk.

    Kind regards,
    -sepik
     

    TairikuOkami

    Level 27
    Verified
    Content Creator
    Any probs with Windows Updates?
    None. As far as I can tell, windows update unpacks onto the drive not into temp, but CU has ~800MB, so even after unpacking, that should suffice.
    I had a problem installing AMD drivers though, I downloaded 1,2GB onto the desktop and it failed to install, since unpacking took another ~2GB. :cautious:
    Isn't quite risky to have game saves inside the ramdisk? Even it is persistent drive?
    A little, but that is what backups are for. AMD asks to trust its driver, I previously set it to no and it failed saving the image once, ever since I select yes.
    I assume you also have %tmp% and %temp% variables set to redirected to your ramdrive too?
    Yes, I have moved them manually, just to be sure.
    Code:
    reg add "HKCU\Environment" /v "TEMP" /t REG_EXPAND_SZ /d "Z:\TEMP" /f
    reg add "HKCU\Environment" /v "TMP" /t REG_SZ /d "Z:\TEMP" /f
     

    Attachments

    sepik

    Level 7
    Hello,
    Thanks for the tips, appreciated.
    But i don't want to make the "registry" tweak route, although it might work to set temp variables. SoftPerfect free "temp variable tool" do the the same.
    Anyway, thanks for the tips.

    Kind regards,
    -sepik
     
    Top