Reasonable, basic security for a NORMAL PC?

I’d be OK, I think, with a standard account that had admin capability – as was spoken of earlier. I’m just not sure exactly what that means or how I do it…

As for UAC, no, I DON’T turn it off. I DO turn it down one notch so every time I touch something on the system I don’t get that popup that asks if I REALLY want to do what I want to do. If this is a major Bozo-no-no I can turn that back on.

This is yet another important reason why I don't have a standard user account.

Can you elaborate on this? Does it mean you’re using a local account with Admin all the time or you’re not using a local account? Or something else. I’ve been avoiding doing everything with a Microsoft account because it just feels vaguely slimy and intrusive to let MS any further into things than they already are.

See above. As ~80% of malicious code enters the system via the browser, any browser meets the definition of "untrusted", but running a browser in a full fat virtual machine is both tedious/slow and completely unnecessary because Sandboxie-Plus is a much less drastic solution that works, and, I don't have to do anything special for making it work

I haven’t done this. I DID try the Virtual Machine one time a while back and it was dreadful. It was also impossible to get the domestic associate to use it – she passionately hated it and constantly had problems.

Anyhow, I haven’t tried Sandboxie-Plus, but I’ll look at it.

GracieAllen said:

I’d be OK, I think, with a standard account that had admin capability – as was spoken of earlier. I’m just not sure exactly what that means or how I do it…

That was my point: a standard account does NOT have admin capability, even though it is still possible to grant permissions of course.

As for UAC, no, I DON’T turn it off. I DO turn it down one notch so every time I touch something on the system I don’t get that popup that asks if I REALLY want to do what I want to do. If this is a major Bozo-no-no I can turn that back on.

Turning it down a notch doesn't solve the problem I described above. Instead, it just adds an additional new problem...

Can you elaborate on this? Does it mean you’re using a local account with Admin all the time or you’re not using a local account? Or something else. I’ve been avoiding doing everything with a Microsoft account because it just feels vaguely slimy and intrusive to let MS any further into things than they already are.

If they really wanted to slime me, then I don't doubt I would've been slimed like 20 years and a half ago by them. I mean, I already know that they're watching my pr0n as I am typing this. So, I use a Mickeysoft account as admin. And besides, calling them "Mickeysoft" is an old but still effective way of sliming them right back where it annoys them the most.

I haven’t done this. I DID try the Virtual Machine one time a while back and it was dreadful. It was also impossible to get the domestic associate to use it – she passionately hated it and constantly had problems.

Anyhow, I haven’t tried Sandboxie-Plus, but I’ll look at it.

Sandboxie-Plus now also has Privacy Mode, BTW. My default browser is sandboxed Firefox Portable. In the sandbox settings, I have disabled Immediate Recovery because I find it annoying each time when the recovery window pops up. Aside from this, the only setting that I have changed in it is the maximum filesize under file migration, which I have set to 99999999 kilobytes, i.e. the biggest number that it allows you to enter.

Just in case anyone might be interested, here is a .reg file that, assuming that your Firefox Portable folder is C:\FirefoxPortable - sandboxed\FirefoxPortable, registers Firefox Portable as an application named FirefoxPortable. After that, it is possible to use a free tool called SetDefaultBrowser to set FirefoxPortable as the default browser by running a command:
SetDefaultBrowser.exe HKLM FirefoxPortable

Code:

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\RegisteredApplications] "FirefoxPortable"="Software\Clients\StartMenuInternet\FirefoxPortable\Capabilities"

[HKEY_CURRENT_USER\Software\Clients\StartMenuInternet\FirefoxPortable]
@=" Firefox Portable"
 [HKEY_CURRENT_USER\Software\Clients\StartMenuInternet\FirefoxPortable\Capabilities]
"ApplicationDescription"=" Firefox Portable"
"ApplicationIcon"="C:\\FirefoxPortable - sandboxed\\FirefoxPortable\\FirefoxPortable.exe,0"
"ApplicationName"=" Firefox Portable"
 [HKEY_CURRENT_USER\Software\Clients\StartMenuInternet\FirefoxPortable\Capabilities\FileAssociations]
; you can add additional filetypes like .pdf if your browser supports it
".htm"="FirefoxPortableHTM"
".html"="FirefoxPortableHTM"
 [HKEY_CURRENT_USER\Software\Clients\StartMenuInternet\FirefoxPortable\Capabilities\Startmenu]
"StartMenuInternet"="FirefoxPortable"
 [HKEY_CURRENT_USER\Software\Clients\StartMenuInternet\FirefoxPortable\Capabilities\URLAssociations]
; you can add additional protocols like mailto for example
"http"="FirefoxPortableHTM"
"https"="FirefoxPortableHTM"
 [HKEY_CURRENT_USER\Software\Clients\StartMenuInternet\FirefoxPortable\DefaultIcon]
@="C:\\FirefoxPortable - sandboxed\\FirefoxPortable\\FirefoxPortable.exe,0"

[HKEY_CURRENT_USER\Software\Clients\StartMenuInternet\FirefoxPortable\shell]

[HKEY_CURRENT_USER\Software\Clients\StartMenuInternet\FirefoxPortable\shell\open]

[HKEY_CURRENT_USER\Software\Clients\StartMenuInternet\FirefoxPortable\shell\open\command]
@="\"C:\\FirefoxPortable - sandboxed\\FirefoxPortable\\FirefoxPortable.exe\""

[HKEY_CURRENT_USER\Software\Classes\FirefoxPortableHTM]
@="FirefoxPortable Handler"
"AppUserModelId"="FirefoxPortable"

[HKEY_CURRENT_USER\Software\Classes\FirefoxPortableHTM\Application]
"AppUserModelId"="FirefoxPortable"
"ApplicationIcon"="C:\\FirefoxPortable - sandboxed\\FirefoxPortable\\FirefoxPortable.exe,0"
"ApplicationName"="FirefoxPortable"
"ApplicationDescription"="Browse the web"
"ApplicationCompany"=" Firefox Portable"

[HKEY_CURRENT_USER\Software\Classes\FirefoxPortableHTM\DefaultIcon]
@="C:\\FirefoxPortable - sandboxed\\FirefoxPortable\\FirefoxPortable.exe,0"
[HKEY_CURRENT_USER\Software\Classes\FirefoxPortableHTM\shell]
[HKEY_CURRENT_USER\Software\Classes\FirefoxPortableHTM\shell\open]
[HKEY_CURRENT_USER\Software\Classes\FirefoxPortableHTM\shell\open\command]
; your browser might offer different arguments here - %1 opens just the argument given
@="\"C:\\FirefoxPortable - sandboxed\\FirefoxPortable\\FirefoxPortable.exe\" \"%1\""

In my C:\FirefoxPortable - sandboxed\FirefoxPortable folder, I have put a file FirefoxPortable.ini with AllowMultipleInstances=true to solve the problem of getting the "Another instance of Firefox is already running" error message.

One minor caveat is that starting Firefox Portable sandboxed in an empty sandbox causes the browser's addons to not load, if regular Firefox is installed or there are leftovers of regular Firefox. These leftovers are the HKCU\Software\Mozilla key in the registry and the Mozilla folder under %APPDATA%, %LOCALAPPDATA% and %PROGRAMDATA%. This particular problem can also be worked around, by simply starting/restarting Firefox Portable sandboxed in the same sandbox, which is a very easy workaround, but I still found it annoying enough that I decided to just uninstall regular Firefox from my system and zap these aforementioned leftovers.

Long story made short, I can just copy my FirefoxPortable folder to anywhere, as many times as I like, and replace the one in my C:\FirefoxPortable - sandboxed with any one of these copies (that can also be modified copies if necessary). Next, I can download as much ransomware from teh interwebz as there's room on my 2TB Samsung 980 Pro (there's still a bit of room left on it, I haven't completely filled it with pr0n yet, you can ask Mickeysoft if you don't believe), then immediately as soon as I choose to empty the sandbox, it'll all be gone, with just a few simple mouseclicks.

Finally, to force Firefox Portable to run in the sandbox each time when it is started from within the C:\FirefoxPortable - sandboxed folder, all I had to do was add C:\FirefoxPortable - sandboxed to the Forced Folders list that can be found in the sandbox settings.

So from what I took from this thread, for basic security for a standard PC, stick with Windows Defender (and maybe malwarebytes for some extra help) instead of bitdefender or mcafee or whatever other total comprehensive anti-virus package subscription setup there is, right?

Only confirming because after a long while of dealing with mcafee's BS, and the path its been taking function and look wise, maybe we (my dad, my brother, and myself) need to think about getting rid of it and finding a just as comprehensive and yet not CPU eating method of fighting the bad stuff and keeping it away

Installing Windows and initial setup:


Adding applications, updates and patches:


After blocking installations and updates:

Windows defender has been one of the worst products ever to come out. Most security issues target it specifically when they infect a system and use it to aid them. A physical dog is better at cyber security