Basic Security TheMalwareMaster's 2019 light and simple security config

Last updated
Aug 5, 2019
Windows Edition
Home
Log-in security
Security updates
Allow security updates and latest features
User Access Control
Always notify
Real-time security
Desktop: Windows Defender + VoodooShield free
Laptop: Windows Defender + registry tweaks with syshardener (Windows Script Host off, Autorun off and many more)
Firewall security
Microsoft Defender Firewall
About custom security
WD has controlled folders access, self-protection and PUA detection active on on both systems.
VoodooShield is default (of course)
Periodic malware scanners
Hitman pro and malwarebytes when needed
Malware sample testing
I do not participate in malware testing
Browser(s) and extensions
Desktop: Firefox and Ublock origin
Laptop: Chrome and Ublock origin
Maintenance tools
Windows cleaning and defrag tool
File and Photo backup
Backups on multiple flash drives (I know it's not the safest way, but the data on them is not really valuable)
System recovery
No system image backup. I have files backup and when needed I would reinstall Windows from scratch and copy back the files
Risk factors
    • Logging into my bank account
    • Browsing to popular websites
    • Streaming audio/video content from shady sites
    • Working from home
Computer specs
.
TheMalwareMaster

TheMalwareMaster

Level 21
Thread author
Verified
Honorary Member
Top Poster
Well-known
Forum Veteran
Jan 4, 2016
1,066
5,727
1,978
Europe
I update my config for 2019 (even if it stayed almost the same).
I always use a virtual machine for running unknown files and VirusTotal for scanning them.
Running both machines on SUA (it's cool and reduces attack surface).
I also ran ShutUp10 on both machines
 
Last edited:
  • Like
  • +Reputation
Reactions: oldschool, RoboMan, brambedkar59 and 5 others
Seyyed Akram said:
Nice and very lite config :) I would consider using a password manager.
Click to expand...
Hello, never touched a password manager, so I have some doubts related to it. I will enumerate them
1) I assume you will just remember the master password, so assign to all the other passwords random and long strings that you will never remember... Is this right?
2) What happens if, for some reason, you forget the master password/lose access to the password manager? Assuming you also set up a long password for your email address, you will not be able to reset the passwords of all your accounts

I believe one should always remember the password for his email, because it’s crucial to reset all the others...

3) What do you do if you need to login in your accounts from a different computer? (Install the password manager?)

4) I have different passwords and don’t do this, but what about this strategy? One sets a password he remembers for the email, and for all other accounts use easy ones, but all his accounts have 2FA. In case of breach, it’s unlikely that the hacker is able to bypass 2FA, if it’s hosted by popular companies (google, Facebook etc). In case he receives a 2FA code he didn’t request via SMS, he will understand the password is being used for credential stuffing and so change it for his services

Thanks in advance...
 
  • Like
Reactions: oldschool, Divine_Barakah, harlan4096 and 1 other person
TheMalwareMaster said:
Hello, never touched a password manager, so I have some doubts related to it. I will enumerate them
1) I assume you will just remember the master password, so assign to all the other passwords random and long strings that you will never remember... Is this right?
2) What happens if, for some reason, you forget the master password/lose access to the password manager? Assuming you also set up a long password for your email address, you will not be able to reset the passwords of all your accounts

I believe one should always remember the password for his email, because it’s crucial to reset all the others...

3) What do you do if you need to login in your accounts from a different computer? (Install the password manager?)

4) I have different passwords and don’t do this, but what about this strategy? One sets a password he remembers for the email, and for all other accounts use easy ones, but all his accounts have 2FA. In case of breach, it’s unlikely that the hacker is able to bypass 2FA, if it’s hosted by popular companies (google, Facebook etc). In case he receives a 2FA code he didn’t request via SMS, he will understand the password is being used for credential stuffing and so change it for his services

Thanks in advance...
Click to expand...

1- Some password managers don't require a master password or at least they offer other options to unlock your encrypted vault. Sticky Password for example allows you to unlock your vault if a specified usb device (of your choice) is connected to your device. Sorry I have attached a screenshot of Eset Password manager as I don't have the time to take a screenshot from my other device. Both are the same.

epwm_settings_security.png

2- Why should one forget his Master Password? I keep it written down stored safely in a physical place. I do type my Master Password hundreds of times a day, so how can I forget it? Anyway as I mentioned above you can use alternate ways to unlock your vault. Maybe this feature is exclusive to SP, which I really like, I don't know about other password managers.

3- Password managers offer extensions. All you need is to install the extension on the browser or you can access the online vault (many password managers supports that. Bitwarden, 1Password, Roboform, Kaspersky password manager, Lastpass etc.
Sticky password does have a portable version which can be created using the main application and stored on a usb device.

4- What about using an easy-to-remember password for your email account and also store it in a password manager along side all your other passwords? I believe this is the optimal solution.

If you have any other question I'll be glad to answer them all.
 
  • Like
Reactions: harlan4096 and oldschool
Seyyed Akram said:
4- What about using an easy-to-remember password for your email account and also store it in a password manager along side all your other passwords? I believe this is the optimal solution.
Click to expand...
Thank you for all, but then what is the point of a password manager if you use easy passwords and not complex ones?
In point 2 you are correct, however I was also thinking that if your master password get compromised, an attacker can access all the other passwords.
In any case, I thought now that I can recover my email password via SMS
 
  • Like
Reactions: harlan4096, oldschool and Divine_Barakah
TheMalwareMaster said:
Thank you for all, but then what is the point of a password manager if you use easy passwords and not complex ones?
In point 2 you are correct, however I was also thinking that if your master password get compromised, an attacker can access all the other passwords.
In any case, I thought now that I can recover my email password via SMS
Click to expand...

It seems that you misunderstood me. When I said "use a simple password" that was for your email account so that you don't get locked out from your passwords. I don't use simple passwords; I use strong randomly generated passwords. Regarding master password getting compromised, I am using Sticky Password and I have disabled cloud sync; instead, I have enabled local wifi sync which it a lot safer. Another reason that led me to stick to SP is that they offer lifetime license. Some will argue that Bitwarden is free. Well, Bitwarden and other password managers don't let you store your passwords locally.
 
  • Like
  • +Reputation
Reactions: oldschool and harlan4096
When you push away all your accounts' passwords and you only have to remember ONE (your master password), trust me, you can do it no matter how complex it is. My master password has capital letters, numbers, symbols, everything is random. I kept it written down for one week in my phone and then deleted, I already learnt it. Because it's the only password you'll ever need to remember. Then the password manager will do everything. Auto-fill all sites, auto-remember user&pass whenever you create a new account/change your password, generate strong passwords. It's a life changer.
 
  • Like
  • +Reputation
Reactions: oldschool and harlan4096
In case I choose to use an offline password manager (keypass), how can I transfer my password to iPhone?
 
  • Like
Reactions: oldschool
Great and light setup you have here.


~LDogg
 
You must log in or register to reply here.

You may also like...