Latest Changes
Aug 5, 2019
Windows Edition
Home
Version or Build no.
May 2019 update stable (with all updates)
System type
64-bit operating system; x64-based processor
Security Updates
Automatic Updates (recommended)
User Access Control
Always Notify
Network Security (Firewall)
Windows Defender Firewall
User Account
Standard
Sign-in Accounts
None
Sign-in Options
  • Password
  • Malware Testing
    I do not participate in downloading malware samples
    Real-time Web & Malware Protection
    Desktop: Windows Defender + VoodooShield free
    Laptop: Windows Defender + registry tweaks with syshardener (Windows Script Host off, Autorun off and many more)
    RTP - Custom security settings
  • Major changes for Increased security
  • RTP - Details of Custom security settings
    WD has controlled folders access, self-protection and PUA detection active on on both systems.
    VoodooShield is default (of course)
    Virus and Malware Removal Tools
    Hitman pro and malwarebytes when needed
    Browsers and Extensions
    Desktop: Firefox and Ublock origin
    Laptop: Chrome and Ublock origin
    Privacy-focused Apps and Extensions
    Windscribe (when needed)
    Password Managers
  • None
  • System Utilities
    Windows cleaning and defrag tool
    Data Backup
    Backups on multiple flash drives (I know it's not the safest way, but the data on them is not really valuable)
    Frequency of Data backups
    Weekly
    System Backup
    No system image backup. I have files backup and when needed I would reinstall Windows from scratch and copy back the files
    Frequency of System backups
    None
    Computer Activity
  • Online banking
  • Browsing web and email
  • Watch movies and other entertainment content on the Internet
  • Office and work related tasks
  • Programming
  • Computer Specifications
    .

    TheMalwareMaster

    Level 20
    Verified
    Trusted
    I update my config for 2019 (even if it stayed almost the same).
    I always use a virtual machine for running unknown files and VirusTotal for scanning them.
    Running both machines on SUA (it's cool and reduces attack surface).
    I also ran ShutUp10 on both machines
     
    Last edited:

    TheMalwareMaster

    Level 20
    Verified
    Trusted
    Nice and very lite config :) I would consider using a password manager.
    Hello, never touched a password manager, so I have some doubts related to it. I will enumerate them
    1) I assume you will just remember the master password, so assign to all the other passwords random and long strings that you will never remember... Is this right?
    2) What happens if, for some reason, you forget the master password/lose access to the password manager? Assuming you also set up a long password for your email address, you will not be able to reset the passwords of all your accounts

    I believe one should always remember the password for his email, because it’s crucial to reset all the others...

    3) What do you do if you need to login in your accounts from a different computer? (Install the password manager?)

    4) I have different passwords and don’t do this, but what about this strategy? One sets a password he remembers for the email, and for all other accounts use easy ones, but all his accounts have 2FA. In case of breach, it’s unlikely that the hacker is able to bypass 2FA, if it’s hosted by popular companies (google, Facebook etc). In case he receives a 2FA code he didn’t request via SMS, he will understand the password is being used for credential stuffing and so change it for his services

    Thanks in advance...
     

    The Cog in the Machine

    Level 11
    Verified
    Hello, never touched a password manager, so I have some doubts related to it. I will enumerate them
    1) I assume you will just remember the master password, so assign to all the other passwords random and long strings that you will never remember... Is this right?
    2) What happens if, for some reason, you forget the master password/lose access to the password manager? Assuming you also set up a long password for your email address, you will not be able to reset the passwords of all your accounts

    I believe one should always remember the password for his email, because it’s crucial to reset all the others...

    3) What do you do if you need to login in your accounts from a different computer? (Install the password manager?)

    4) I have different passwords and don’t do this, but what about this strategy? One sets a password he remembers for the email, and for all other accounts use easy ones, but all his accounts have 2FA. In case of breach, it’s unlikely that the hacker is able to bypass 2FA, if it’s hosted by popular companies (google, Facebook etc). In case he receives a 2FA code he didn’t request via SMS, he will understand the password is being used for credential stuffing and so change it for his services

    Thanks in advance...
    1- Some password managers don't require a master password or at least they offer other options to unlock your encrypted vault. Sticky Password for example allows you to unlock your vault if a specified usb device (of your choice) is connected to your device. Sorry I have attached a screenshot of Eset Password manager as I don't have the time to take a screenshot from my other device. Both are the same.

    epwm_settings_security.png

    2- Why should one forget his Master Password? I keep it written down stored safely in a physical place. I do type my Master Password hundreds of times a day, so how can I forget it? Anyway as I mentioned above you can use alternate ways to unlock your vault. Maybe this feature is exclusive to SP, which I really like, I don't know about other password managers.

    3- Password managers offer extensions. All you need is to install the extension on the browser or you can access the online vault (many password managers supports that. Bitwarden, 1Password, Roboform, Kaspersky password manager, Lastpass etc.
    Sticky password does have a portable version which can be created using the main application and stored on a usb device.

    4- What about using an easy-to-remember password for your email account and also store it in a password manager along side all your other passwords? I believe this is the optimal solution.

    If you have any other question I'll be glad to answer them all.
     

    TheMalwareMaster

    Level 20
    Verified
    Trusted
    4- What about using an easy-to-remember password for your email account and also store it in a password manager along side all your other passwords? I believe this is the optimal solution.
    Thank you for all, but then what is the point of a password manager if you use easy passwords and not complex ones?
    In point 2 you are correct, however I was also thinking that if your master password get compromised, an attacker can access all the other passwords.
    In any case, I thought now that I can recover my email password via SMS
     

    The Cog in the Machine

    Level 11
    Verified
    Thank you for all, but then what is the point of a password manager if you use easy passwords and not complex ones?
    In point 2 you are correct, however I was also thinking that if your master password get compromised, an attacker can access all the other passwords.
    In any case, I thought now that I can recover my email password via SMS
    It seems that you misunderstood me. When I said "use a simple password" that was for your email account so that you don't get locked out from your passwords. I don't use simple passwords; I use strong randomly generated passwords. Regarding master password getting compromised, I am using Sticky Password and I have disabled cloud sync; instead, I have enabled local wifi sync which it a lot safer. Another reason that led me to stick to SP is that they offer lifetime license. Some will argue that Bitwarden is free. Well, Bitwarden and other password managers don't let you store your passwords locally.
     

    Robbie

    Level 30
    Verified
    Content Creator
    Malware Tester
    When you push away all your accounts' passwords and you only have to remember ONE (your master password), trust me, you can do it no matter how complex it is. My master password has capital letters, numbers, symbols, everything is random. I kept it written down for one week in my phone and then deleted, I already learnt it. Because it's the only password you'll ever need to remember. Then the password manager will do everything. Auto-fill all sites, auto-remember user&pass whenever you create a new account/change your password, generate strong passwords. It's a life changer.