Recent changes
Aug 5, 2019
Windows Edition
Home
Sign-in account
Sign in with local account
Log-in security
    • Account password
Account permissions
Standard account
Security updates
Automatically allow security and feature updates
Windows UAC
Always notify
Malware samples
No - Malware samples are not purposely downloaded
Real-time Malware protection
Desktop: Windows Defender + VoodooShield free
Laptop: Windows Defender + registry tweaks with syshardener (Windows Script Host off, Autorun off and many more)
Firewall protection
Microsoft Defender Firewall
RTP configuration
WD has controlled folders access, self-protection and PUA detection active on on both systems.
VoodooShield is default (of course)
Periodic scanners
Hitman pro and malwarebytes when needed
VPN and Privacy
Windscribe (when needed)
Browser(s) and Add-ons
Desktop: Firefox and Ublock origin
Laptop: Chrome and Ublock origin
Maintenance tools
Windows cleaning and defrag tool
Photos and Files backup
Backups on multiple flash drives (I know it's not the safest way, but the data on them is not really valuable)
File backup schedule
Manually managed on a weekly basis
Backup and rollback
No system image backup. I have files backup and when needed I would reinstall Windows from scratch and copy back the files
Backup schedule
None
Activity usage
  1. Financial and sensitive documents
  2. Generic web browsing
  3. Streaming audio and video content from the Internet
  4. Working from home

Computer hardware
.

TheMalwareMaster

Level 20
Verified
Trusted
I update my config for 2019 (even if it stayed almost the same).
I always use a virtual machine for running unknown files and VirusTotal for scanning them.
Running both machines on SUA (it's cool and reduces attack surface).
I also ran ShutUp10 on both machines
 
Last edited:

TheMalwareMaster

Level 20
Verified
Trusted
Nice and very lite config :) I would consider using a password manager.
Hello, never touched a password manager, so I have some doubts related to it. I will enumerate them
1) I assume you will just remember the master password, so assign to all the other passwords random and long strings that you will never remember... Is this right?
2) What happens if, for some reason, you forget the master password/lose access to the password manager? Assuming you also set up a long password for your email address, you will not be able to reset the passwords of all your accounts

I believe one should always remember the password for his email, because it’s crucial to reset all the others...

3) What do you do if you need to login in your accounts from a different computer? (Install the password manager?)

4) I have different passwords and don’t do this, but what about this strategy? One sets a password he remembers for the email, and for all other accounts use easy ones, but all his accounts have 2FA. In case of breach, it’s unlikely that the hacker is able to bypass 2FA, if it’s hosted by popular companies (google, Facebook etc). In case he receives a 2FA code he didn’t request via SMS, he will understand the password is being used for credential stuffing and so change it for his services

Thanks in advance...
 

The Cog in the Machine

Level 23
Verified
Hello, never touched a password manager, so I have some doubts related to it. I will enumerate them
1) I assume you will just remember the master password, so assign to all the other passwords random and long strings that you will never remember... Is this right?
2) What happens if, for some reason, you forget the master password/lose access to the password manager? Assuming you also set up a long password for your email address, you will not be able to reset the passwords of all your accounts

I believe one should always remember the password for his email, because it’s crucial to reset all the others...

3) What do you do if you need to login in your accounts from a different computer? (Install the password manager?)

4) I have different passwords and don’t do this, but what about this strategy? One sets a password he remembers for the email, and for all other accounts use easy ones, but all his accounts have 2FA. In case of breach, it’s unlikely that the hacker is able to bypass 2FA, if it’s hosted by popular companies (google, Facebook etc). In case he receives a 2FA code he didn’t request via SMS, he will understand the password is being used for credential stuffing and so change it for his services

Thanks in advance...

1- Some password managers don't require a master password or at least they offer other options to unlock your encrypted vault. Sticky Password for example allows you to unlock your vault if a specified usb device (of your choice) is connected to your device. Sorry I have attached a screenshot of Eset Password manager as I don't have the time to take a screenshot from my other device. Both are the same.

epwm_settings_security.png

2- Why should one forget his Master Password? I keep it written down stored safely in a physical place. I do type my Master Password hundreds of times a day, so how can I forget it? Anyway as I mentioned above you can use alternate ways to unlock your vault. Maybe this feature is exclusive to SP, which I really like, I don't know about other password managers.

3- Password managers offer extensions. All you need is to install the extension on the browser or you can access the online vault (many password managers supports that. Bitwarden, 1Password, Roboform, Kaspersky password manager, Lastpass etc.
Sticky password does have a portable version which can be created using the main application and stored on a usb device.

4- What about using an easy-to-remember password for your email account and also store it in a password manager along side all your other passwords? I believe this is the optimal solution.

If you have any other question I'll be glad to answer them all.
 

TheMalwareMaster

Level 20
Verified
Trusted
4- What about using an easy-to-remember password for your email account and also store it in a password manager along side all your other passwords? I believe this is the optimal solution.
Thank you for all, but then what is the point of a password manager if you use easy passwords and not complex ones?
In point 2 you are correct, however I was also thinking that if your master password get compromised, an attacker can access all the other passwords.
In any case, I thought now that I can recover my email password via SMS
 

The Cog in the Machine

Level 23
Verified
Thank you for all, but then what is the point of a password manager if you use easy passwords and not complex ones?
In point 2 you are correct, however I was also thinking that if your master password get compromised, an attacker can access all the other passwords.
In any case, I thought now that I can recover my email password via SMS

It seems that you misunderstood me. When I said "use a simple password" that was for your email account so that you don't get locked out from your passwords. I don't use simple passwords; I use strong randomly generated passwords. Regarding master password getting compromised, I am using Sticky Password and I have disabled cloud sync; instead, I have enabled local wifi sync which it a lot safer. Another reason that led me to stick to SP is that they offer lifetime license. Some will argue that Bitwarden is free. Well, Bitwarden and other password managers don't let you store your passwords locally.
 

RoboMan

Level 32
Verified
Content Creator
Malware Tester
When you push away all your accounts' passwords and you only have to remember ONE (your master password), trust me, you can do it no matter how complex it is. My master password has capital letters, numbers, symbols, everything is random. I kept it written down for one week in my phone and then deleted, I already learnt it. Because it's the only password you'll ever need to remember. Then the password manager will do everything. Auto-fill all sites, auto-remember user&pass whenever you create a new account/change your password, generate strong passwords. It's a life changer.
 
Top