Basic Security Thenightmare's laptop configuration 2021

Last updated
Feb 20, 2021
How it's used?
For home and private use
Operating system
Windows 10
On-device encryption
Log-in security
    • Biometrics (Windows Hello PIN, TouchID, Face, Iris, Fingerprint)
Security updates
Allow security updates and latest features
User Access Control
Notify me only when programs try to make changes to my computer
Smart App Control
Network firewall
Real-time security
Configuredefender: High
Firewall security
Microsoft Defender Firewall
About custom security
firewall hardening, simple hardening
Periodic malware scanners
None
Malware sample testing
I do not participate in malware testing
Browser(s) and extensions
Edge with ublock origin, clearurls and cookie auto delete
Secure DNS
Nextdns with OISD
Desktop VPN
windscribe vpn(using sometime)
Password manager
bitwarden
Maintenance tools
Hibit uninstaller
File and Photo backup
Google Photo
System recovery
Macruim Backup(free). manually once a month.
Risk factors
    • Browsing to popular websites
    • Opening email attachments
    • Buying from online stores, entering banks card details
    • Logging into my bank account
    • Downloading software and files from reputable sites
    • Coding and development
Computer specs
Lenovo Y700
CPU: i5-6300HQ
GPU: Nvidia 960m
Ram: 8 GB
Storage: ssd:100 GB, HDD: 1000 GB
Notable changes
Changing UAC to maximum
Changing Nextdns to OISD filter
**updated false information(network firewall to ISP)
What I'm looking for?

Looking for medium feedback.

As you are using Microsoft Defender you don't need to use the hardening tools like Simple Windows Hardening and FirewallHardening seperately, just take Hard_Configurator which has all those tools included. You also might want to set UAC to always notify to prevent some UAC bypass methods.

No network firewall at all? Most routers come with a firewall built in. Last but not least you might want to use the oisd blocklist in NextDNS, it can basically replace all the blocklists that you have enabled. :)

Unbenannt.PNG
 
Last edited by a moderator:
  • Like
  • +Reputation
Reactions: Protomartyr, thenightmare, Cortex and 8 others
Good config (y)

I would set UAC to always notify to prevent bypasses.

Example:
www.bleepingcomputer.com

Bypassing Windows 10 UAC with mock folders and DLL hijacking

A new technique uses a simplified process of DLL hijacking and mock directories to bypass Windows 10's UAC security feature and run elevated commands without alerting a user.
www.bleepingcomputer.com www.bleepingcomputer.com

Are clearurls and cookie auto delete really needed?

Every browser can delete cookies on exit.

If you don't use the advanced features of uBlock Origin the AdGuard extension is a good replacement with its stealth mode for clearurls and cookie deleting.

adguard.com

In-depth features review: AdGuard Browser extension

One of the most popular AdGuard products is a free browser extension. If you want to protect yourself online and fight ads and trackers in your browser, then AdGuard browser extension is exactly what you need. In this article we’ll reveal to you all its features and useful options.
adguard.com adguard.com
 
Last edited by a moderator:
  • Like
  • +Reputation
Reactions: Protomartyr, thenightmare, Cortex and 8 others
Nice setup so far.

For NextDNS configuration please take a look at Tutorial - NextDNS: a DoH/ DoT guide

Also, instead of password for Windows, you can increase your security with Windows Hello:
docs.microsoft.com

Windows Hello for Business overview

Learn how Windows Hello for Business replaces passwords with strong two-factor authentication on Windows devices.
docs.microsoft.com

read why a PIN is more secure than password (thanks and only related to Windows Hello):
docs.microsoft.com

Windows Hello for Business overview

Learn how Windows Hello for Business replaces passwords with strong two-factor authentication on Windows devices.
docs.microsoft.com
 
  • Like
  • Applause
  • +Reputation
Reactions: Protomartyr, thenightmare, Gandalf_The_Grey and 7 others
SecureKongo said:
As you are using Microsoft Defender you don't need to use the hardening tools like Simple Windows Hardening and FirewallHardening seperately, just take Hard_Configurator which has all those tools included.
Click to expand...
I use 3 of them instead of Hard_configurator, because both 3 are portables and I intend to use recommended setting. Andy_ful mentioned that the different in recommended setting is only forced smart screen. This one caused problem to me such as I used foxit reader and it's blocked and also yoga dns that use for connecting to NextDNS.
 
  • Like
  • Wow
Reactions: Protomartyr, Gandalf_The_Grey, Kongo and 4 others
Back on topic, though. I think ESET Online Scanner and Emsisoft Emergency Kit are great tools, though recently I had issues with Defender detecting Emsisoft's signatures as threats. So for now I'd recommend Malwarebytes and ESET.
 
  • Like
Reactions: Protomartyr, Venustus, Ville and 3 others
blackice said:
Back on topic, though. I think ESET Online Scanner and Emsisoft Emergency Kit are great tools, though recently I had issues with Defender detecting Emsisoft's signatures as threats. So for now I'd recommend Malwarebytes and ESET.
Click to expand...
ESET is very accurate in their detections and is therefore safe to use. For advanced users, ESET usually names threats right, so you may do a search and perform additional actions, such as changing passwords, etc. ESET also removes ransomware notes (something I like a lot).
 
Last edited by a moderator:
  • Like
Reactions: Protomartyr, Venustus, blackice and 2 others
You must log in or register to reply here.

You may also like...