SECURITY: Complete TairikuOkami's Configuration 2021

Last updated
Feb 27, 2021
About
My primary device
Additional PC users
Not shared with other users
Operating system
Windows 10 Insider Preview
Linux distro
Live OS: Kubuntu 20.10 / Linux Mint 20.1
OS license
Home
Login security
    • Passwordless (PIN, Biometric, Face)
Primary sign-in
Microsoft account
Primary account rights
Administrator permissions
Other accounts rights
N/A - Single user account
Security updates
Automatic - allow all types of updates
Windows UAC
Maximum - always notify
Network firewall
Personal router w/ firewall & filtering
Real-time protection
Software firewall
Microsoft Defender Firewall
Custom RTP, Firewall and OS settings
Malware research
No - malware samples are not downloaded
Periodic scanners
Windows Repair Toolbox (Malware removal): Autoruns + HitmanPro + NPE + RogueKiller
DNS
VPN
TOR Browser (occasionally)
Password manager
Bitwarden (browser extension)
Browsers, Search and Addons
Google Chrome Beta with Google Safe Browsing
Allow Ads
Allow Automatic downloads
Allow Cookies
Allow Download PDF
Allow Handlers
Allow Images
Allow JavaScript
Allow Pop-ups and redirects
Allow Protected content
Allow Sound
Block Augmented reality
Block Background sync
Block Camera
Block Clipboard
Block File editing
Block HID devices
Block Insecure content
Block Location
Block Microphone
Block MIDI devices
Block Motion sensors
Block Notifications
Block Serial ports
Block Virtual reality
Block USB devices
Block Your presence
AutoHideDownloadsBar (hides extremely annoying downloads bar)
Bitwarden (a secure and free password manager for all of your devices)
Checker Plus for Gmail (Windows notifications, read or delete emails without opening Gmail)
Cookie AutoDelete (cleans cache, cookies, indexedDB, localstorage, plugindata, service workers)
Enhancer for YouTube (autoplays HD and removes ADs)
Feedly Notifier (reading news from RSS aggregator Feedly)
I don't care about cookies (removes cookie warnings from almost all websites)
Poper Blocker (blocks iframes, thus coinminers and malware: CVE-2020-6519)
Selection Search (use the right-click menu to search for selected text in any search engines)
uBlock Origin (a content blocker for coinminers, cookie notices, porn images, notifications)
Disabled #heavy-ad-privacy-mitigations
Disabled #tab-hover-cards
Enabled #block-insecure-private-network-requests
Enabled #disallow-doc-written-script-loads
Enabled #dns-httpssvc
Enabled #enable-heavy-ad-intervention
Enabled #enable-parallel-downloading
Enabled #enable-quic
Enabled #enable-webrtc-hide-local-ips-with-mdns
Enabled #omnibox-default-typed-navigations-to-https
Enabled #quiet-notification-prompts
Enabled #safe-browsing-enhanced-protection-message-in-interstitials
Enabled #turn-off-streaming-media-caching-always
Enabled #use-sync-sandbox
Disabled Autofill
Disabled Background apps
Disabled Clear cookies and site data
Disabled Enhanced spell check
Disabled Google Drive search suggestions
Disabled Help improve Chrome's features
Disabled Help improve security on the web
Disabled Make searches and browsing better
Disabled Preload pages for faster browsing
Disabled Secure DNS
Disabled Send a "Do No Track" request
Disabled Warn you if passwords are exposed
Enabled Allow Chrome sign-in
Enabled Always show full URLs
Enabled Hardware acceleration
Enabled Standard protection
Enabled Sync
PC maintenance
Personal Files & Photos backup
Personal backup routine
Manual (maintained by self)
Device recovery & backup
Device backup routine
Manual (maintained by self)
PC activity
  1. Browsing the Web
  2. Checking emails
  3. Shopping
  4. Visiting unknown sites
  5. Video games
  6. Streaming content
Computer specs
Personal changelog
31-Dec-20 Replaced Yandex with Edge
03-Jan-21 Reinstated CleanBrowsing
16-Jan-21 Google/Microsoft allowed
23-Jan-21 Microsoft Edge sent to hell
23-Jan-21 Google Chrome/Search comes
31-Jan-21 Removed POPPeeper/MailoJunk
10-Feb-21 Cleanbrowsing went nuts (political)
21-Feb-21 Installed 21H1 Dev to finally get DoH
Feedback Response

General feedback

TairikuOkami

Level 30
Verified
Content Creator
May 13, 2017
1,940
Unfortunately, it still takes about 5 secs when opening a custom image or a random webpage. I can not move it easily to ramdisk, like I did with Yandex. :cautious:

d4ffeac100cc8f8ed66794890a525a3f.gif
 

TairikuOkami

Level 30
Verified
Content Creator
May 13, 2017
1,940
I have decided to use double DNS as before. While Quad9 is unbeatable in blocking malicious content, well that is about it. Edge uses SmartScreen, so it should go well along with Cleanbrowsing, which acts almost as Adguard DNS, but without broken webpages. Energized filter was causing issues anyway and it was even not blocking everything.
 

TairikuOkami

Level 30
Verified
Content Creator
May 13, 2017
1,940
OK. Edge 88 did it, it made me to regret, that I have decided to trust MS once more. Never again. Fool me once, shame on you. Fool me twice, shame on me. Webpages, new tabs and even extension settings, open for 5 secs and more, that is beyond ridiculous. It is probably due some settings, but that the fact remains, that Edge can not handle it. So I have chosen Chrome. I abandoned it because of all the paranoia, but after going around in circles, just to avoid anything from Google, I have sold my soul to the devils (FB, MS, Google). Lets gloat. 😒
 

Arequire

Level 26
Verified
Content Creator
Feb 10, 2017
1,581
No, I click on the link and the imaginary countdown starts 5-4-3-2-1 and then the webpage actually starts loading. Edge 87 loaded them instantly, just like any other browser.
Ah. Strange.
I just updated Edge to 88 and don't experience any difference in delay with page loading. Might just be one of those anomalous issues that crops up one day and disappears at some random point in the future.
 

ESecurity

Level 15
Nov 15, 2017
712
Quad9 at the System Level
CleanBrowsing Adult (DoH)

what is the advantage of having some dns in the router and others in the system. Or do you have them in the browsers? This part of your configuration I did not understand.
 
  • Like
Reactions: Protomartyr

TairikuOkami

Level 30
Verified
Content Creator
May 13, 2017
1,940
what is the advantage of having some dns in the router and others in the system.
Cleanbrowsing is not very good in blocking malware lately. I use mostly for content filtering. Still, it is pretty restrictive, so it could block downloads from gaming servers and etc. Forticlient actually blocked youtube in steam browser, strangely not within Windows, so I could not watch gaming guides while playing. Quad9 has a great malware filter, so it fits perfectly for Windows and apps. It can even block known C&C botnets and malware, that relies on DNS. Known IPs gets blocked fast, so some ransomware relies on DNS as well. 🙃
 

SecurityNightmares

Level 33
Verified
Jan 9, 2020
2,271
Changing your router's DNS forces all devices not using a third-party DNS to use the one specified by the router.
That's not completely true. Devices/ Apps on devices can still use own DNS service if not blocked.
And even then, they still can use direct IP connections to circumvent restrictions.

If I'm not wrong, Google and/or Amazon smart-home devices do this in the past or even still.
 
Top