Basic Security TheMalwareMaster's 2019 light and simple security config

Last updated
Aug 5, 2019
Windows Edition
Home
Log-in security
Security updates
Allow security updates and latest features
User Access Control
Always notify
Real-time security
Desktop: Windows Defender + VoodooShield free
Laptop: Windows Defender + registry tweaks with syshardener (Windows Script Host off, Autorun off and many more)
Firewall security
Microsoft Defender Firewall
About custom security
WD has controlled folders access, self-protection and PUA detection active on on both systems.
VoodooShield is default (of course)
Periodic malware scanners
Hitman pro and malwarebytes when needed
Malware sample testing
I do not participate in malware testing
Browser(s) and extensions
Desktop: Firefox and Ublock origin
Laptop: Chrome and Ublock origin
Maintenance tools
Windows cleaning and defrag tool
File and Photo backup
Backups on multiple flash drives (I know it's not the safest way, but the data on them is not really valuable)
System recovery
No system image backup. I have files backup and when needed I would reinstall Windows from scratch and copy back the files
Risk factors
    • Logging into my bank account
    • Browsing to popular websites
    • Streaming audio/video content from shady sites
    • Working from home
Computer specs
.

TheMalwareMaster

Level 21
Thread author
Verified
Honorary Member
Top Poster
Well-known
Jan 4, 2016
1,022
I update my config for 2019 (even if it stayed almost the same).
I always use a virtual machine for running unknown files and VirusTotal for scanning them.
Running both machines on SUA (it's cool and reduces attack surface).
I also ran ShutUp10 on both machines
 
Last edited:

TheMalwareMaster

Level 21
Thread author
Verified
Honorary Member
Top Poster
Well-known
Jan 4, 2016
1,022
Nice and very lite config :) I would consider using a password manager.
Hello, never touched a password manager, so I have some doubts related to it. I will enumerate them
1) I assume you will just remember the master password, so assign to all the other passwords random and long strings that you will never remember... Is this right?
2) What happens if, for some reason, you forget the master password/lose access to the password manager? Assuming you also set up a long password for your email address, you will not be able to reset the passwords of all your accounts

I believe one should always remember the password for his email, because it’s crucial to reset all the others...

3) What do you do if you need to login in your accounts from a different computer? (Install the password manager?)

4) I have different passwords and don’t do this, but what about this strategy? One sets a password he remembers for the email, and for all other accounts use easy ones, but all his accounts have 2FA. In case of breach, it’s unlikely that the hacker is able to bypass 2FA, if it’s hosted by popular companies (google, Facebook etc). In case he receives a 2FA code he didn’t request via SMS, he will understand the password is being used for credential stuffing and so change it for his services

Thanks in advance...
 

Divine_Barakah

Level 29
Verified
Top Poster
Well-known
May 10, 2019
1,854
Hello, never touched a password manager, so I have some doubts related to it. I will enumerate them
1) I assume you will just remember the master password, so assign to all the other passwords random and long strings that you will never remember... Is this right?
2) What happens if, for some reason, you forget the master password/lose access to the password manager? Assuming you also set up a long password for your email address, you will not be able to reset the passwords of all your accounts

I believe one should always remember the password for his email, because it’s crucial to reset all the others...

3) What do you do if you need to login in your accounts from a different computer? (Install the password manager?)

4) I have different passwords and don’t do this, but what about this strategy? One sets a password he remembers for the email, and for all other accounts use easy ones, but all his accounts have 2FA. In case of breach, it’s unlikely that the hacker is able to bypass 2FA, if it’s hosted by popular companies (google, Facebook etc). In case he receives a 2FA code he didn’t request via SMS, he will understand the password is being used for credential stuffing and so change it for his services

Thanks in advance...

1- Some password managers don't require a master password or at least they offer other options to unlock your encrypted vault. Sticky Password for example allows you to unlock your vault if a specified usb device (of your choice) is connected to your device. Sorry I have attached a screenshot of Eset Password manager as I don't have the time to take a screenshot from my other device. Both are the same.

epwm_settings_security.png

2- Why should one forget his Master Password? I keep it written down stored safely in a physical place. I do type my Master Password hundreds of times a day, so how can I forget it? Anyway as I mentioned above you can use alternate ways to unlock your vault. Maybe this feature is exclusive to SP, which I really like, I don't know about other password managers.

3- Password managers offer extensions. All you need is to install the extension on the browser or you can access the online vault (many password managers supports that. Bitwarden, 1Password, Roboform, Kaspersky password manager, Lastpass etc.
Sticky password does have a portable version which can be created using the main application and stored on a usb device.

4- What about using an easy-to-remember password for your email account and also store it in a password manager along side all your other passwords? I believe this is the optimal solution.

If you have any other question I'll be glad to answer them all.
 

TheMalwareMaster

Level 21
Thread author
Verified
Honorary Member
Top Poster
Well-known
Jan 4, 2016
1,022
4- What about using an easy-to-remember password for your email account and also store it in a password manager along side all your other passwords? I believe this is the optimal solution.
Thank you for all, but then what is the point of a password manager if you use easy passwords and not complex ones?
In point 2 you are correct, however I was also thinking that if your master password get compromised, an attacker can access all the other passwords.
In any case, I thought now that I can recover my email password via SMS
 

Divine_Barakah

Level 29
Verified
Top Poster
Well-known
May 10, 2019
1,854
Thank you for all, but then what is the point of a password manager if you use easy passwords and not complex ones?
In point 2 you are correct, however I was also thinking that if your master password get compromised, an attacker can access all the other passwords.
In any case, I thought now that I can recover my email password via SMS

It seems that you misunderstood me. When I said "use a simple password" that was for your email account so that you don't get locked out from your passwords. I don't use simple passwords; I use strong randomly generated passwords. Regarding master password getting compromised, I am using Sticky Password and I have disabled cloud sync; instead, I have enabled local wifi sync which it a lot safer. Another reason that led me to stick to SP is that they offer lifetime license. Some will argue that Bitwarden is free. Well, Bitwarden and other password managers don't let you store your passwords locally.
 

RoboMan

Level 34
Verified
Top Poster
Content Creator
Well-known
Jun 24, 2016
2,399
When you push away all your accounts' passwords and you only have to remember ONE (your master password), trust me, you can do it no matter how complex it is. My master password has capital letters, numbers, symbols, everything is random. I kept it written down for one week in my phone and then deleted, I already learnt it. Because it's the only password you'll ever need to remember. Then the password manager will do everything. Auto-fill all sites, auto-remember user&pass whenever you create a new account/change your password, generate strong passwords. It's a life changer.
 

TheMalwareMaster

Level 21
Thread author
Verified
Honorary Member
Top Poster
Well-known
Jan 4, 2016
1,022
In case I choose to use an offline password manager (keypass), how can I transfer my password to iPhone?
 
  • Like
Reactions: oldschool

LDogg

Level 33
Verified
Top Poster
Well-known
May 4, 2018
2,261
Great and light setup you have here.


~LDogg
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top