Tutorial Ultimate Security/Privacy Guide

Bear

Member
Messages
2,824
Reaction score
1,315
Operating System
Windows


Hello everyone! I am not very active on this Se7enSins anymore, but I check in every now and then. I decided to create this small guide for those who want to keep their computer safe. Please note that in no way am I an expert in this field. I just enjoy the topic of cybersecurity and like to participate in cybersecurity message boards and subreddits. Do your own research and feel free to discuss, private message me, or even post your own security setup.

*DISCLAIMER
Everyone’s threat model is different. Just because EXAMPLE VPN or EXAMPLE email service complied with law enforcement or is located in EXAMPLE country, doesn’t mean it's unsafe for you to use. This guide does not guarantee 100% anonymity or make you unhackable. Use common sense and do your own research. (LAST UPDATED 17FEBRUARY2020)


Antivirus
Your antivirus program is your first line of defense against viruses, malware, and other malicious attacks on your device.

Use:
Windows Security - Installed by default on Windows 10 devices. Scores high in testing. (AV-Test, AV Comparatives, MalwareTips) It’s also free and light on system resources. Less complications when updating Windows 10.

*Beef up Windows Security with ConfigureDefender. ([Click here to view this link])

Kaspersky - Ignore the Kaspersky is bad/Russian collusion narrative. See Kaspersky transparency initiative. (Kaspersky Transparency) Scores very well in testing. (AV-Test, MalwareTips)

ESET - Performs great in testing. (AV Comparatives, MalwareTips) Very light on system resources.

Emsisoft - Scores great in testing. (MalwareTips) Very good privacy policy. (Emsisoft Privacy Policy)

Avoid:
Avast/AVG - Collect & sell user data (PCMag).

IObit - Stole competitors (Malwarebytes) database. (ComputerWorld)

360 Security - Cheated on antivirus testing and banned from future testing. (PCMag) Privacy policy is also shady. (360 Security Privacy Policy)

Alternatives:
Bitdefender
F-Secure

Other:
VirusTotal - Upload suspicious files or URLs.
Any.Run - Utilize a cloud-based machine to run unknown files.

Antivirus 2nd Opinion Scanner
Not completely necessary, but highly recommended. No antivirus software is perfect; a second opinion scanner will catch the 1% that may have gotten through.

Use:
HitmanPro
Malwarebytes
Emsisoft Emergency Kit

Firewall
Windows firewall is sufficient enough to protect you from most threats. Most of the antivirus’ vendors listed above offer firewall modules which are not necessary, but offer additional protection for the buck.

Use:
Glasswire - Not a traditional firewall, but a network monitoring program. Visualizes everything that happens on your network into beautiful graphs. Cross references each program that connects to the internet with the VirusTotal database.

VPN
Not completely necessary, but highly recommended. A VPN will encrypt all of your network traffic, keeping it hidden from your ISP, hackers, or anyone else. Can also be used to circumvent censorship in specific countries. Browser VPN extensions/add-ons will suffice unless you want ALL network traffic to be encrypted.

Use:
Mullvad
ProtonVPN
IVPN

All these VPN’s are listed on PrivacyTools.io and pass the criteria to be listed. (PrivacyTool.io) They all consist of being open-source, publicly available audits, and a good track record.

Avoid:
Private Internet Access, CyberGhost, Zenmate - All owned by Kape Technologies. Kape, formerly known as Crossrider, previously developed malware. (Malwarebytes Labs)

All the VPN’s toward the bottom of this spreadsheet. (thebestVPN)

Alternatives:
ExpressVPN
NordVPN
Windscribe

Email
The email services listed here are directed towards those who want to increase their privacy. Gmail, Outlook, and iCloud email services are all great in terms of security and privacy, but fall short in some aspects. Check out Gmail’s privacy controversy. (ProtonMail Blog)

Use:
ProtonMail - Switzerland based company with strong privacy laws. (ProtonMail Blog) Primary datacenter is located in a bunker within Switzerland which can withstand a nuclear attack. All data and is end-to-end encrypted which means not even ProtonMail themselves have the ability to snoop on your emails. (ProtonMail Security) ProtonMail is also open-source ([Click here to view this link]) and has a warrant canary posted on their website. (ProtonMail Transparency Report)

Tutanota - German based company with great privacy laws. (Tutanota Blog) Very small team of 6 employees, open-source ([Click here to view this link]), and end-to-end encrypted. Warrant canary publicly available. (Tutanota Transparency Report) Pricing is also less expensive compared to ProtonMail.

Fastmail - Australian based company. Entails great features (Fastmail Features) that you see in Gmail and Outlook and promises great security and sufficient privacy. (Fastmail Privacy & Security)

Gmail - Great of you prefer the Google ecosystem of applications and products.

Outlook - Great of you prefer the Microsoft ecosystem of applications and products.

iCloud - Great of you prefer the Apple ecosystem of applications and products.

Avoid:
Yahoo - Breached multiple times (Wikipedia) and horrendous privacy policy. (Yahoo Privacy Policy)

Alternatives:
Mailbox
Mailfence
CTemplar

Other:
Namecheap - Host your own domain and create custom email addresses. ([email protected])

Password Managers
Forget about remembering a million passwords or reusing the same password for every website. Store all your passwords in one place and create ONE strong master password to access your vault and login to any website with ease.

Use:
Bitwarden
1Password

Both Bitwarden and 1Password are open-source, have publicly available audits, and have a great track record.

Alternatives:
Dashlane
Keeper

2FA:
Give your accounts and extra layer of protection with Multi-Factor Authentication.

Use:
Authy
Google Authenticator
Microsoft Authenticator

Avoid:
SMS based 2FA - Although better than no 2FA at all, SMS is the weakest of 2FA options. (How-To Geek)

Web Browsers
Google Chrome accounts for more than half of all web browser usage share and rightfully so. (Wikipedia) Chrome is a great brower, but faults in terms of respecting user privacy and focusing on the Google ecosystem. Here are some other web browsers you should consider using.

Use:
Brave - Built on open-source Chromium which means it has the same look and feel of Google Chrome. Brave is also open source itself. ([Click here to view this link]) Blocks ads and trackers using its built-in blocker. (Brave Help Center) Ability to use Tor within Brave. (Brave Help Center) You can also earn rewards/cryptocurrency (Brave Rewards) just for browsing. (CoinMarketCap $BAT)

FireFox - Open-source ([Click here to view this link]), bocks ads and trackers using its built-in blocker (Mozilla Support), and is great in terms of privacy. (FireFox Privacy)

Google Chrome - Great of you prefer the Google ecosystem of applications and products.

Microsoft Edge (Chromium) - Great of you prefer the Microsoft ecosystem of applications and products.

Safari - Great of you prefer the Apple ecosystem of applications and products. MacOS only.

[Click here to view this link] - Chrome without Google

Avoid:
Firefox Forks - Delayed security updates which leave you vulnerable. (How-To Geek)

Opera - Sold to a Chinese consortium in 2016. (Engadget) Participated in predatory loan services. (Hindenburg Research)

Alternatives:
Tor - For the privacy focused folks

Search Engines

Use:
DuckDuckGo
OneSearch
StartPage

Other

Use:
Adguard - Block ads and trackers system wide.
Cryptomator - Encrypt files and store them on supported cloud services.
Bitlocker - Encrypt your device *Windows 10 Pro, Enterprise, Education editions only
Veracrypt - Encrypt your device


Closing Words
Hope you all enjoyed this security/privacy guide! There is more to come! Peace :thumbsup:
- B Bear

Credits:
MalwareTips
ThatOnePrivacySite
privacytools.io
r/privacytoolsIO
 
Last edited:

Unbound 7s

0x50676f573
Messages
1,440
Reaction score
583
Interesting topic you have here. I noticed that you mentioned password managers. I have never used one as I remember all mine or just reset them occasionally incase of hijacks or "hits", though I question just how safe is a password managers? As bad privacy can be intrusioned now a days, is it really safe having all the passwords in one area?
 

afterjo

Enthusiast
Messages
609
Reaction score
80
Web browser:

Cliqz, Brave, Tor.

Cliqz and Tor is firefox based, Brave is chome based. Both Cliqz and Breave include everything you need (adblock, privacy tools, etc.)

For everyday pleb, cliqz and brave are good. Brave is still requires improvements, but cliqz is very good.

VPN:
For regular internet use, not downloading, you can use Tor browser with adblock installed. So it's always free.

Antivirus:
Eset32 antivirus. you can get unlimited amount of demo keys, there are many websites, a bit of inconvenience, but antivirus is worth. Never had a virus in about 8 years of use.
 

Bear

Member
Messages
2,824
Reaction score
1,315
Interesting topic you have here. I noticed that you mentioned password managers. I have never used one as I remember all mine or just reset them occasionally incase of hijacks or "hits", though I question just how safe is a password managers? As bad privacy can be intrusioned now a days, is it really safe having all the passwords in one area?
Yes, it is completely safe to have all your passwords in one place! However, it depends on the password manager and several other factors. All you have to do is create one master password which gives you access to your vault. As long as your master password is strong and your account has 2-factor authentication, you should be safe! Like it said before, it also depends on which password manager you use. Bitwarden for example is the password manager I use. It is open source, all your data is encrypted and stored on the Microsoft Azure Cloud, and it just had a third-party security audit with no major issues found. I recommend password managers as it makes life do much easier and its more secure.

Web browser:

Cliqz, Brave, Tor.

Cliqz and Tor is firefox based, Brave is chome based. Both Cliqz and Breave include everything you need (adblock, privacy tools, etc.)

For everyday pleb, cliqz and brave are good. Brave is still requires improvements, but cliqz is very good.

VPN:
For regular internet use, not downloading, you can use Tor browser with adblock installed. So it's always free.

Antivirus:
Eset32 antivirus. you can get unlimited amount of demo keys, there are many websites, a bit of inconvenience, but antivirus is worth. Never had a virus in about 8 years of use.
I was planning on including Brave and Tor for the web browser section! I do not know much of Cliqz, but thanks for showing me it. As for ESET, I was planning on including it as one of the alternatives; but I decided not to as I haven't heard much about it recently. Cheers!
 

markophillips

Newbie
Messages
1
Reaction score
0
Thanks for sharing this guide, I have seen that online privacy guide is also mentioned, Actually, I have fount pretty similar guide:
 

Nokia

[[email protected] ~]$
Lifetime
Messages
2,374
Reaction score
2,786
Your anti-virus program is what makes or breaks your security setup. It is your first line of defense against viruses, malware, and other malicious attacks on your system.
Well, you've almost got it. Speaking from experience in the security field, this really isn't true. Your anti-virus program should be the last line of defence from an attack.
Your first is simple, you. Human error is always the weakest link in security. Could possibly be you clicking the wrong link, maybe it was an accident, maybe it wasn't a link or download at all, maybe you got duped by a social engineering scheme. Regardless, anti-virus is only as good as the people who made it and the exploits that have already been made public and added to a database for it to detect; and while the best anti-virus software might be great at picking up these known exploits, new exploits are discovered every day and used by people like me against people I get paid to do recon and assessments on.
Check here for what's new on the CVE list today for example.
It's pretty easy to throw some shellcode into a polymorphic host file and fool just about every anti-virus on the market 99.9% of the time, and it will never know what hit it. Top that off with some privilege escalation exploits and your anti-virus is absolutely useless once I or any other PT targets you. All I have to do is find a way for you to take the bait. It's always best to practice good opsec as your first line of defense against any malicious sources.
Not trying to knock your post down at all, just throwing some additional information in the thread.
 

sarahjo

Enthusiast
Messages
40
Reaction score
1
Very nice thread and I would say the role of a VPN has become really important in today's scenario, given how our data is not secure anymore. Although you are not protected 100% but prevention is better than cure. Now I am a VPN user for a long time now and it has served me well because of features like tunneling and kills switch. They really do protect your online activities but not every VPN should be your go-to choice. I am using Nord after reading the PCMags Best VPN review but made my final decision after reading the full review here.
So, I would strongly recommend the use of a VPN, however, be smart in choosing the right service.
 

afterjo

Enthusiast
Messages
609
Reaction score
80
Very nice thread and I would say the role of a VPN has become really important in today's scenario, given how our data is not secure anymore. Although you are not protected 100% but prevention is better than cure. Now I am a VPN user for a long time now and it has served me well because of features like tunneling and kills switch. They really do protect your online activities but not every VPN should be your go-to choice. I am using Nord after reading the PCMags Best VPN review but made my final decision after reading the full review here.
So, I would strongly recommend the use of a VPN, however, be smart in choosing the right service.
VPN don't guarantee privacy. It o ly makes connection encrypted.
 

Biggarantuan

Enthusiast
Messages
204
Reaction score
71
man this thread is like a relic. I dont recommend a "password Manager" because these are easily accessed from remote or domestic system attacks. If you do need one, there is one that i have encountered that scrambles and encrypts the password so if snatched it isnt easily pieced together.
 

Bear

Member
Messages
2,824
Reaction score
1,315
man this thread is like a relic. I dont recommend a "password Manager" because these are easily accessed from remote or domestic system attacks. If you do need one, there is one that i have encountered that scrambles and encrypts the password so if snatched it isnt easily pieced together.
If a users computer is successfully hacked via a remote or system attack, password manager or not; they'll be in trouble either way.

If you're talking about the password manager itself or the company behind the password manager; your claims do not apply to the ones listed in this guide. Bitwarden is hosted on the Microsoft Azure Cloud which is secure if not the most secure cloud service in the world. It can also be hosted yourself. Bitwarden and 1Password are also open-source which allow anyone to review the code and find vulnerabilities themselves. Both have also been audited by reputable independent auditors and offer bug-bounty programs. Check out the security from Keeper Password Manager.

Penetration Testing
Keeper performs periodic pen testing with 3rd party experts including Secarma, Rhino Security, Cybertest and independent security researchers against all of our products and systems. Keeper has also partnered with Bugcrowd to manage its vulnerability disclosure program (VDP).

Third-Party Security Scanning & Penetration Tests
KSI is tested daily by McAfee Secure to ensure that the Keeper web application and KSI's Cloud Security Vault are secure from known remote exploits, vulnerabilities and denial-of-service attacks. McAfee Secure badges may be found on the Keeper website to verify daily testing of the Keeper website, Web application, and Cloud Security Vault.
(Keeper Security)
 
Last edited:
Top Bottom