SECURITY: Complete TairikuOkami's Configuration 2021

Last updated
Feb 27, 2021
About
My primary device
Additional PC users
Not shared with other users
Operating system
Windows 10 Insider Preview
Linux distro
Live OS: Kubuntu 20.10 / Linux Mint 20.1
OS license
Home
Login security
    • Passwordless (PIN, Biometric, Face)
Primary sign-in
Microsoft account
Primary account rights
Administrator permissions
Other accounts rights
N/A - Single user account
Security updates
Automatic - allow all types of updates
Windows UAC
Maximum - always notify
Network firewall
Personal router w/ firewall & filtering
Real-time protection
Software firewall
Microsoft Defender Firewall
Custom RTP, Firewall and OS settings
Malware research
No - malware samples are not downloaded
Periodic scanners
Windows Repair Toolbox (Malware removal): Autoruns + HitmanPro + NPE + RogueKiller
DNS
VPN
TOR Browser (occasionally)
Password manager
Bitwarden (browser extension)
Browsers, Search and Addons
Google Chrome Beta with Google Safe Browsing
Allow Ads
Allow Automatic downloads
Allow Cookies
Allow Download PDF
Allow Handlers
Allow Images
Allow JavaScript
Allow Pop-ups and redirects
Allow Protected content
Allow Sound
Block Augmented reality
Block Background sync
Block Camera
Block Clipboard
Block File editing
Block HID devices
Block Insecure content
Block Location
Block Microphone
Block MIDI devices
Block Motion sensors
Block Notifications
Block Serial ports
Block Virtual reality
Block USB devices
Block Your presence
AutoHideDownloadsBar (hides extremely annoying downloads bar)
Bitwarden (a secure and free password manager for all of your devices)
Checker Plus for Gmail (Windows notifications, read or delete emails without opening Gmail)
Cookie AutoDelete (cleans cache, cookies, indexedDB, localstorage, plugindata, service workers)
Enhancer for YouTube (autoplays HD and removes ADs)
Feedly Notifier (reading news from RSS aggregator Feedly)
I don't care about cookies (removes cookie warnings from almost all websites)
Poper Blocker (blocks iframes, thus coinminers and malware: CVE-2020-6519)
Selection Search (use the right-click menu to search for selected text in any search engines)
uBlock Origin (a content blocker for coinminers, cookie notices, porn images, notifications)
Disabled #heavy-ad-privacy-mitigations
Disabled #tab-hover-cards
Enabled #block-insecure-private-network-requests
Enabled #disallow-doc-written-script-loads
Enabled #dns-httpssvc
Enabled #enable-heavy-ad-intervention
Enabled #enable-parallel-downloading
Enabled #enable-quic
Enabled #enable-webrtc-hide-local-ips-with-mdns
Enabled #omnibox-default-typed-navigations-to-https
Enabled #quiet-notification-prompts
Enabled #safe-browsing-enhanced-protection-message-in-interstitials
Enabled #turn-off-streaming-media-caching-always
Enabled #use-sync-sandbox
Disabled Autofill
Disabled Background apps
Disabled Clear cookies and site data
Disabled Enhanced spell check
Disabled Google Drive search suggestions
Disabled Help improve Chrome's features
Disabled Help improve security on the web
Disabled Make searches and browsing better
Disabled Preload pages for faster browsing
Disabled Secure DNS
Disabled Send a "Do No Track" request
Disabled Warn you if passwords are exposed
Enabled Allow Chrome sign-in
Enabled Always show full URLs
Enabled Hardware acceleration
Enabled Standard protection
Enabled Sync
PC maintenance
Personal Files & Photos backup
Personal backup routine
Manual (maintained by self)
Device recovery & backup
Device backup routine
Manual (maintained by self)
PC activity
  1. Browsing the Web
  2. Checking emails
  3. Shopping
  4. Visiting unknown sites
  5. Video games
  6. Streaming content
Computer specs
Personal changelog
31-Dec-20 Replaced Yandex with Edge
03-Jan-21 Reinstated CleanBrowsing
16-Jan-21 Google/Microsoft allowed
23-Jan-21 Microsoft Edge sent to hell
23-Jan-21 Google Chrome/Search comes
31-Jan-21 Removed POPPeeper/MailoJunk
10-Feb-21 Cleanbrowsing went nuts (political)
21-Feb-21 Installed 21H1 Dev to finally get DoH
Feedback Response

General feedback

TairikuOkami

Level 30
Verified
Content Creator
May 13, 2017
1,940
Disabled IPv6, Telemetry, WSH, some services. Removed Powershell, Windows features except NET Framework.
I limited apps to connect only to their retrospective IPs to avoid malicious redirects, like in the CCleaner's case.
So svchost and store can only connect to their IPs, the same goes for AV, discord, cloud, email, steam, etc.
Browser is allowed to connect via HTTPS/QUIC, Steam is forced to use HTTPS, emails are in plain txt.

I use PatchMyPC/DriverEasy to keep software/drivers updated + Softpedia's Notifier for the rest.
Anti-ransomware - backup folder - denied access to SYSTEM, Users permissions are set to read only.
I turn off PC with Wise Cleaners + tweaks, to remove startup entries/policies and to restore my settings.
Browser's cache, Desktop, Downloads and Temp folders are stored in the RAMDisk, where malware likes to hide.
In case of an emergency (ransomware) I can hit Reset and Windows will boot with all those reset to the previous state.

uBlock Origin Filters
capture_02212021_193341.jpg

Windows Firewall Rules
capture_02212021_165948.jpg

Windows Services Running
capture_12312020_235704.jpg

Windows Calm Edition :sleep:
Untitled.jpg
 
Last edited:

TairikuOkami

Level 30
Verified
Content Creator
May 13, 2017
1,940
Why WD disabled?
It causes a terrible slow down, system feels sluggish overall, icons in explorer are loading one by one, it is like when I had my first PC with Windows 95. Whenever I enable it, it is the same. I would not mind running a realtime AV, but I have yet to find one, that would not bother me, Fortinet came close though. Hopefully a new cloud AV will emerge soon.

P.S. Not to mention AVs removing "normal" files like Nirsoft, Process Hacker and my tweaks. Exceptions do not exactly work, especially when you keep updating those files.
 
Last edited:

TairikuOkami

Level 30
Verified
Content Creator
May 13, 2017
1,940
I have just tried out some AVs: BD blocked everything as mentioned, Sophos wanted me to restart (forever and ever), Kaspersky crashed my browser, same old same old. 😅

I really like Kaspersky's icon, it reminds me of Panda AV's icon, it used to have. I would use it for that reason alone, but it just does not like me either.

capture_12252020_154315.jpg


tenor.gif

EDIT: Comodo AV was the worst so far, it brought browsing to the crawl and I could not download nor save anything, not even screenshots, lol.
 
Last edited:

TairikuOkami

Level 30
Verified
Content Creator
May 13, 2017
1,940
Are You sure is it because Kaspersky? :unsure:
Yes, I visited paypal, tried to open certificates and crash, even with the web protection and SSL injection disabled, once uninstalled, all went back to normal.
I have not seen BSOD nor apps crash for years, I suppose, that is what AVs are good, one of the reason I stopped using them, it solved tons of random problems.
 

TairikuOkami

Level 30
Verified
Content Creator
May 13, 2017
1,940
You have probably heavily tweaked system and browsers, maybe with too many restrictions...
Indeed, missing powershell causes confusion to some apps and I could not even restore backup, because SYSTEM was not allowed to access the file. 😇
 

Attachments

  • capture_12252020_200341.jpg
    capture_12252020_200341.jpg
    45.4 KB · Views: 103
  • capture_12252020_201905.jpg
    capture_12252020_201905.jpg
    38.7 KB · Views: 81

TairikuOkami

Level 30
Verified
Content Creator
May 13, 2017
1,940
OK, after going through almost all free AVs, I am back with Panda Cloud. I almost got stuck with Adaware, but there are a few issues with it. For once, it does not report everything it does. It disabled showing hidden/system files and it blocked reverting the change (via tweaks), it has to be done manually to confirm it, so who knows, what else it hides?! But the most disturbing are definition updates. Roughly 500MB gets written per each update, that resulted in about 6GB written to my SSD in 6 hours, that is just insane. I stopped using Panda previously, because it slowed down browsing, but maybe the culprit was CleanbrowsingDNS. Either way it works with DoH and Quad9. 🐼 ✔️
 

Attachments

  • capture_12262020_024605.jpg
    capture_12262020_024605.jpg
    40.4 KB · Views: 76

Vitali Ortzi

Level 21
Verified
Dec 12, 2016
998
It causes a terrible slow down, system feels sluggish overall, icons in explorer are loading one by one, it is like when I had my first PC with Windows 95. Whenever I enable it, it is the same. I would not mind running a realtime AV, but I have yet to find one, that would not bother me, Fortinet came close though. Hopefully a new cloud AV will emerge soon.

P.S. Not to mention AVs removing "normal" files like Nirsoft, Process Hacker and my tweaks. Exceptions do not exactly work, especially when you keep updating those files.
if you want an av you could use something like kaspersky and if you have false positive maybe eset
But both slow down the system a bit
Or you can use a whitelisting default deny security posture like comodo and voodoo But it can be a pain to manage if you're using scripts / unknown files in general
 

TairikuOkami

Level 30
Verified
Content Creator
May 13, 2017
1,940
I really really love your config but I want to ask why not just use a hardened Linux operation system at this stage ?
Games. Maybe when SteamOS gets a better hardware support I will reconsider, but thus far, it is not really a choice. Besides, I do not think, I could handle linux, I am BFU, when it comes to computers, I like to copy/paste and that is about it. I just want to use a computer, I do not want to think about settings, software, hardware, just install and forget. 😌
 

Lenny_Fox

Level 19
Verified
Oct 1, 2019
911
@TairikuOkami

I tried Panda Cloud free, but I can't even download txt files because the security scan invoked by Windows gets an error. I guess a Panda program is blocked in user folders. It is the only AV which has this problem on my PC (tried Kasperskt Free, Bitdefender Free, Panda Free, Avira Free, AVG Free, Avast, Sophos Free and Symantec semi legal managed free)
 

TairikuOkami

Level 30
Verified
Content Creator
May 13, 2017
1,940
I tried Panda Cloud free, but I can't even download txt files because the security scan invoked by Windows gets an error.
I have the opposite problem, it does not detect .txt. When I download eicar.com, it gets blocked, but eicar.txt can be downloaded/opened, it gets detected only when scanned.
 

Attachments

  • capture_12302020_204317.jpg
    capture_12302020_204317.jpg
    51.6 KB · Views: 57

TairikuOkami

Level 30
Verified
Content Creator
May 13, 2017
1,940
Time to start the new year with something new, so I have switched to Edge. There are several annoyances (like it ignores removed interests), but overall it seems OK.

I like Yandex's GUI, but that is about it. It is a month behind in security updates. Spell check gets disabled at every launch, its protected mode is no use with password manager disabled. I used it mainly for dnscrypt, I switched to DoH and Yandex has removed it from flags, so it can not be even setup, like other hidden settings, eg the new anti-tracking.

By the way, anyone knows, what domain to allow to store cookies to get rid of this warning? It is probably causing an extremely slow browser's launch.
 

Attachments

  • capture_12312020_204402.jpg
    capture_12312020_204402.jpg
    135.3 KB · Views: 71

Gandalf_The_Grey

Level 43
Verified
Trusted
Content Creator
Apr 24, 2016
3,231
Time to start the new year with something new, so I have switched to Edge. There are several annoyances (like it ignores removed interests), but overall it seems OK.

I like Yandex's GUI, but that is about it. It is a month behind in security updates. Spell check gets disabled at every launch, its protected mode is no use with password manager disabled. I used it mainly for dnscrypt, I switched to DoH and Yandex has removed it from flags, so it can not be even setup, like other hidden settings, eg the new anti-tracking.

By the way, anyone knows, what domain to allow to store cookies to get rid of this warning? It is probably causing an extremely slow browser's launch.
I believe it is: ntp.msn.com
Mentioned here: How to speed up Edge and make it load faster
 
Top