Basic Security TairikuOkami's Configuration 2020

Last updated
Dec 13, 2020
How it's used?
For home and private use
Operating system
Windows 10
Log-in security
Security updates
Allow security updates
User Access Control
Always notify
Real-time security
Firewall security
Microsoft Defender Firewall
About custom security
Periodic malware scanners
WRT (Malware Removal): Autoruns + FRST + HitmanPro + NPE + RogueKiller + TDSSKiller
Malware sample testing
I do not participate in malware testing
Browser(s) and extensions
Yandex Browser with protected mode (enables a strict check of certificates and disables the extensions) and AV scan.
Browser is allowed to connect only via port 443, port 80 is blocked, that should block most malicious/phishing links.
AdGuard AdBlocker (blocks coinminers, porn images, notifications and cookie noticies)
Bitwarden (a secure and free password manager for all of your devices)
Cookie AutoDelete (cleans cache, cookies, indexedDB, localstorage, plugindata, service workers)
Enhancer for YouTube (AD blocking and Auto HD Quality)
Feedly Notifier (reading news from RSS aggregator Feedly)
HTTPS Everywhere (encrypt all sites, unencrypted requests are blocked)
Netcraft (blocks phishing, malicious javascripts, coinminers and XSS)
Poper Blocker (blocks iframes, thus coinminers and malware: CVE-2020-6519)
Selection Search (use the right-click menu to search for selected text in any search engines)
Maintenance tools
File and Photo backup
Copy/Paste - automatic backups deleted my files, twice, I will not fall for that again.
I backup to the waterproof ADATA UV310, to the Icedrive and to the OneDrive.
System recovery
Risk factors
    • Browsing to popular websites
    • Buying from online stores, entering banks card details
    • Logging into my bank account
    • Working from home
    • Gaming
    • Streaming audio/video content from shady sites
Computer specs
Notable changes
2020-12-12 Switched from Cleanbrowsing to Quad9 + Energized Porn Lite Extension
2020-11-12 Removed Forticlient (randomly kills internet & no youtube in steam)
2020-09-26 Testing Forticlient (signatures only)
2020-08-23 Started using OneDrive (I know ...)
2020-08-22 Clean installed 20H2 (19042.450)
2020-08-08 Back to easier to read DDG Search
2020-08-08 Removed Panda due to slowness
2020-08-01 Changed search engine to Google
2020-08-01 Removed Keepass for good
2020-07-26 Installed Panda Dome Free
2020-07-25 Installed EaseUS Todo Backup
2020-06-06 Switched from Neustar to Quad9
2020-05-31 Switched from the local to MSA
2020-05-12 Yandex Browser updated to 64-bit
2020-03-02 Updated to Windows 10 Version 2004
Footnote - I would never recommend/trust: ESET, Avast/AVG, Avira, Malwarebytes.
Notes by Staff Team
  1. This setup configuration may put you and your device at risk!
    We do not recommend that other members use this setup. We cannot be held responsible for problems that may occur to your device by using this security setup.

  2. This setup configuration does not have a backup plan. We strongly recommend to add a backup solution for your data so that you can restore it in the case of an emergency.
    Backing up allows the recovery of data that has been lost due of a malware attack (eg. ransomware) or a hard disk crash. In such events you might lose family photos, your music collection, documents, or financial data. Backups are fast and simple to perform so it should be done on a regular basis.

TairikuOkami

Level 35
Thread author
Verified
Top Poster
Content Creator
Well-known
May 13, 2017
2,452
Anti-malware tests regularly confirm, that ~99% of infections come via an email (65%) or via a browser (35%).
My browser uses Quad9 (DoH) and Netcfraft blocking malicious links and I open emails in a plain txt only.

Windows Firewall is set to block all traffic except allowed apps, so it is default deny without notifications.
Disabled IPv6, Telemetry, WSH, some vulnerable services, all Windows features, except NET Framework.

I turn off PC with Wise Cleaners + tweaks, to remove startup entries/policies and to restore my settings.
Anti-ransomware - backup partition - denied access to SYSTEM, Users permissions set to read only.

I use PatchMyPC/DriverEasy to keep software/drivers updated + Softpedia's Notifier for the rest.
Windows Repair Toolbox (+Malware Removal) + custom tools, take care of basic necessitates.

Browser with cache, Desktop, Downloads and Temp folders are stored in the RAMDisk, where malware tends to hide.
In case of an emergency (ransomware) I can hit Reset and Windows will boot with all those reset to the previous state.

Disabled #disable-oow-video
Disabled #heavy-ad-privacy-mitigations
Enabled #disable-yandex-extensions
Enabled #dns-httpssvc
Enabled #dns-over-https
Enabled #enable-heavy-ad-intervention
Enabled #enable-quic

EDIT: Since MS is moving Windows towards a scripted nightmare, I had no choice, but to ease down my tweaks, enable store, etc.
EDIT 2: I had to enable DNS Cache in order to use DoH, so I limited svchost.exe (+Windows apps) to connect only to MS servers IPs.
 

Attachments

  • capture_01052019_002256.jpg
    capture_01052019_002256.jpg
    134.2 KB · Views: 407
  • Untitled.jpg
    Untitled.jpg
    430.1 KB · Views: 200
  • capture_08102020_103302.jpg
    capture_08102020_103302.jpg
    174.7 KB · Views: 216
  • capture_12132020_160234.jpg
    capture_12132020_160234.jpg
    323.8 KB · Views: 143
  • capture_12132020_161038.jpg
    capture_12132020_161038.jpg
    503.7 KB · Views: 181
Last edited:

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Anti-malware tests regularly confirms, that ~99% of infections come via an email (65%) or via a browser (35%).
I open emails in txt and the browser is well protected. I can not use AV/smartscreen, since they block my files.

Windows Firewall is set to block inbound/outbound, no Windows processes are allowed, only a few apps.
Removed Powershell. Disabled IPv6, WMI, WSH, almost all services, all Windows features, except NET.

I turn off PC with Wise Cleaners + tweaks, to remove startup entries/IFEO and to restore my settings.
Anti-ransomware - backup partition - denied access to SYSTEM, Users permissions set to read only.

I use PatchMyPC/DriverEasy to keep software/drivers updated + Softpedia's Notifier for the rest.
Windows Repair Toolbox (+Malware Removal) + custom tools, take care of basic necessitates.

Windows has 43 processes running and uses ~1,4 GB at startup (+6GB committed, +4GB used by RAMDisk)
There is zero disk and network activity, but I would still love to disable network store interface and base filtering.
A work of art :)
 

TairikuOkami

Level 35
Thread author
Verified
Top Poster
Content Creator
Well-known
May 13, 2017
2,452
I have switched to Microsoft Account. It will be eventually mandatory anyway, so better to get used to it and accustom my tweaks to be able to handle it.
Like Wininet\CacheTask is needed in order to change the account to MSA and I had to install bitwarden desktop to be able to copy/paste my password.
I like the idea of having 100+ password and using PIN for the login and UAC. 10 takes it well, 50 processes, 1,4GB RAM and no CPU/HDD/NET activity.
 

Attachments

  • 2004.jpg
    2004.jpg
    465.6 KB · Views: 259
  • capture_05312020_125140.jpg
    capture_05312020_125140.jpg
    300.9 KB · Views: 246

TairikuOkami

Level 35
Thread author
Verified
Top Poster
Content Creator
Well-known
May 13, 2017
2,452
OK, I have finally found a working system backup software due to bad Windows Updates. Creating a full system backup takes 1 min and a full restore takes 5 mins, that is acceptable. I was afraid, that it will break symlinks and such, but everything is working perfectly. Now just to reinstall for the last time. 🥰
 

Attachments

  • capture_07252020_174925.jpg
    capture_07252020_174925.jpg
    129 KB · Views: 236

TairikuOkami

Level 35
Thread author
Verified
Top Poster
Content Creator
Well-known
May 13, 2017
2,452
One more little update. Because of recent issues with Windows, I have decided to let go of my prejudice against Microsoft and I gave it a chance.
I have disabled only bare annoyances like telemetry. notifications and vulnerable processes, but MS store and Windows updates are up and running.

Since Windows Defender can not be disabled without causing a meltdown, I have replaced it with Panda. I have disabled its GUI, so it works silently.
Windows with 80 processes takes 1,8GB RAM and uses 16GB of disk space. Panda takes approximately 100MB. I already love this setup overall. 🐺
 

Attachments

  • 0.jpg
    0.jpg
    98.3 KB · Views: 223
  • capture_07262020_221342.jpg
    capture_07262020_221342.jpg
    78 KB · Views: 220
  • capture_07262020_215143.jpg
    capture_07262020_215143.jpg
    37.7 KB · Views: 221
  • capture_07262020_221750.jpg
    capture_07262020_221750.jpg
    374.3 KB · Views: 220
  • capture_07262020_222506.jpg
    capture_07262020_222506.jpg
    227.4 KB · Views: 220

TairikuOkami

Level 35
Thread author
Verified
Top Poster
Content Creator
Well-known
May 13, 2017
2,452
Being less paranoid, I changed DDG back to Google, it gives way better results and it tracks me over social accounts anyway (via targeted ADs). 🤷‍♂️
Not to mention, that I intend to get Android phone to pair it with my Fitbit Charge, so not really a choice anyway. Currently paired with an ancient Lumia.
I have also removed Keepass in favor of Bitwarden, moved passwords there except core ones used for 2FA, they are stored in a password protected xlsx.
 

TairikuOkami

Level 35
Thread author
Verified
Top Poster
Content Creator
Well-known
May 13, 2017
2,452
What is/was your RamDisk "strategy" ?
4GB used for Browser, Discord cache, Temp, Documents (game saves) and Desktop (used for downloads), all in order to save SSD writes as well. I usually have 2-3GB free space left, that is more or less enough. In case I need to download bigger files, I just temporarily move downloads. Of course, every time I restart, 4GB gets saved, so not saving SSD as much, but in case of emergency I can hit hard reset and nothing gets saved, it would act as reboot restore.
 

Attachments

  • capture_08022020_105526.jpg
    capture_08022020_105526.jpg
    240.8 KB · Views: 209
Last edited:

sepik

Level 11
Verified
Well-known
Aug 21, 2018
505
Hello,
I assume you also have %tmp% and %temp% variables set to redirected to your ramdrive too?
Isn't quite risky to have game saves inside the ramdisk? Even it is persistent drive?
Any probs with Windows Updates?
I've tested Softperfect Ramdisk and Primo Ramdisk.

Kind regards,
-sepik
 
  • Like
Reactions: Protomartyr

TairikuOkami

Level 35
Thread author
Verified
Top Poster
Content Creator
Well-known
May 13, 2017
2,452
Any probs with Windows Updates?
None. As far as I can tell, windows update unpacks onto the drive not into temp, but CU has ~800MB, so even after unpacking, that should suffice.
I had a problem installing AMD drivers though, I downloaded 1,2GB onto the desktop and it failed to install, since unpacking took another ~2GB. :cautious:
Isn't quite risky to have game saves inside the ramdisk? Even it is persistent drive?
A little, but that is what backups are for. AMD asks to trust its driver, I previously set it to no and it failed saving the image once, ever since I select yes.
I assume you also have %tmp% and %temp% variables set to redirected to your ramdrive too?
Yes, I have moved them manually, just to be sure.
Code:
reg add "HKCU\Environment" /v "TEMP" /t REG_EXPAND_SZ /d "Z:\TEMP" /f
reg add "HKCU\Environment" /v "TMP" /t REG_SZ /d "Z:\TEMP" /f
 

Attachments

  • capture_08022020_120942.jpg
    capture_08022020_120942.jpg
    45.7 KB · Views: 217

sepik

Level 11
Verified
Well-known
Aug 21, 2018
505
Hello,
Thanks for the tips, appreciated.
But i don't want to make the "registry" tweak route, although it might work to set temp variables. SoftPerfect free "temp variable tool" do the the same.
Anyway, thanks for the tips.

Kind regards,
-sepik
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top