• A Description of My Quite Effective Security Environment (Long)

    Home » Forums » Cyber Security Information and Advisories » Code Red – Security/Privacy advisories » A Description of My Quite Effective Security Environment (Long)


    Here I’m documenting the methods and software I personally use to protect my Windows 7, 8.1, and 10 systems from malware, while also accomplishing good privacy and excellent system stability and performance. I’ll update this thread as I think of things to add to it. It’s a necessarily complex subject, because security in today’s world is just that way.

    Update: I have applied this strategy to Windows 10 Creator’s Update and it works.

    My uses for Windows are primarily for serious computing – content and software development – and business management (I run a small software engineering business). I don’t game. As a software engineer I have always had a strong interest in making Windows into all it can be since its first releases, and that includes improving on the out-of-box security landscape.

    I balance the effort I’m willing to expend against what I do to keep secure. You may not choose the same balance. I do try to minimize the work I have to do to maintain a secure setup.

    In overview:

    • I try to be smart about what I do online.
    • I’m careful about what software I run.
    • I shun cloud integration, preferring local and more “traditional” desktop computing.
    • I have a lot of layers of “watch-my-back” protection implemented, including the following. Some of these are beyond the typical, “traditional” layers:

      • Connecting the systems on my LAN to the Internet through a router
      • Blocking a big list of online servers from being contacted
      • Reconfiguring my web browser to minimize exposure
      • Running a deny-by-default 3rd party firewall package
      • Running updated anti-malware software
      • Doing good backups often
    • I run high reliability hardware.
    • I do daily backups and I could restore to bare metal if need be.

    I’m not here to suggest you do what I do. If you read this and become a little more educated, and maybe do just some of these things if you aren’t already, I believe you may benefit.

    I can assure you that what I do works – markedly better than an out-of-box Windows setup. And it protects even our non-Windows systems. It doesn’t unreasonably limit what I can do, and isn’t difficult to keep up.

    I’ll go into some detail…

    Think First

    First and foremost, always just think about what you’re doing. Avoid doing risky things if the integrity of your computing environment and your data are important to you.

    Treat software from every source with suspicion, and web sites with contempt. The authors all want something from you. In the simplest case they would like you to find value in their software and possibly pay them (donate, buy). In more complex cases they seek to deliver ads or even malware to your system, at your expense.

    If a deal on a piece of software seems to be too good to be true, it probably is. Raise your suspicion even higher.

    Check out the software you’re considering downloading and running. Look online for others’ comments about it. Look at reviews. Read forum posts, and ask on forums with people you respect. Use online services like virustotal.com to check the site or software before downloading or running it.

    Set up a virtual machine (which can be easily discarded or reverted) for first testing software you don’t feel comfortable installing on your critical system. I use VMware Workstation Pro – a commercial product that’s well worth a few hundred bucks. However, there are less expensive alternatives, both from VMware and others.

    Summary: Use common sense. Hoping you don’t get malware is not a strategy.

    A Well-Configured NAT/Home Router

    Having a well-setup “home” router at your connection to the Internet provides a tremendous security boost insofar as Network Address Translation-based routing – i.e., which isolates the systems on your LAN (Local Area Network) from the addressing of the WAN (Wide Area Network) – will block all incoming attempts to connect to your systems (note that this doesn’t account for IPv6 tunneling, which I cover below).

    It’s a bit like putting a one-way valve between your system(s) and the world. Your computer or device on the LAN can connect out (and get responses back), but hackers, bots, etc. can’t connect in to your computer and try to break in. A really good example is that, unless configured to do so, such a router won’t allow an attempt to exploit bugs in the SMB interface (port 445), such as the current NSA-leaked DoublePulsar exploit might try to do.

    I’ve made sure that the following router “features” are tweaked in my Cisco router:

    • I changed the default network name and admin password!
    • Remote administration is disabled – i.e., there is no ability to connect from the WAN and control the router.
    • ICMP responses are blocked, meaning no one can discover my router is even there with ping.
    • Features, such as Dynamic DNS, which I don’t need are disabled.

    The idea is to ensure external systems cannot initiate connections with your systems, and that your presence on the Wide Area Network is as stealthy as possible. Go through every setting, and if you don’t understand what it does, do some research and/or ask questions. Those features are there for your benefit, and it’s not a given that you need every bell and whistle enabled to get the most secure experience out of your gear.

    Site and Domain Blacklisting

    Central to my philosophy of “an ounce of prevention is worth a pound of cure”, I have taken steps to prevent my systems from ever contacting online servers known to deliver bad things.

    You might ask: Known how? You’d be surprised how much good information on that subject is available freely online.

    Allowing online software to be brought into your system and run without your vetting it first is a risky thing. Blacklisting seeks to prevent your system from ever loading software from sites known to serve ads or malware, or which seek to track you – it’s as simple as that. And it’s very effective! Benefits include a faster browsing experience and protection against software other than a browser contacting a bad site.

    I do blacklisting several ways:

    1. I use the system’s hosts file to resolve a list of sites to, which essentially aborts communications attempts with the blacklisted systems immediately, without your system ever going to the network.
    2. I run DNS proxy server software package called “Dual DHCP DNS Server” with a local database of sites that are not to be resolved. Only those DNS requests not resolved by the blacklist are sent on to an online OpenDNS server.
    3. I use a well-managed online DNS server (OpenDNS), which itself refuses to resolve bad site names into addresses. DNS server addresses: and
    4. For general browsing, I’ve switched to a not-quite-mainstream browser, Pale Moon. I have installed only two (great) add-ons: uBlock Origin, which I have set to use a large set of online blacklists, and uMatrix, which by default disallows many web components (like scripts) from being run from sites other than the one actually being visited. It’s amazing how many things web designers try to get your browser to do that you don’t want it doing.

    Key to items 1 and 2 above is that I run a scheduled process that every day gathers blacklist data from a number of very good online sources and compiles it into lists suitable for use as a hosts file and input to the DNS proxy server. The online sources I have chosen manage their blacklists very well, with goals that align well with mine, and get this: The lists are free for personal use. My blacklist strategy keeps itself up to date daily. New sites are added and sites that are no longer threatening are removed almost every day.

    For item 1 I have a script that updates the local PC’s hosts file per the online sources called HostsCompiler.bat. It and all attendant command line filters it needs from the GnuWin32 toolkit can be found here.

    For item 2 I use a software package called Dual DHCP DNS Server (just the DNS part) running on a Windows 7 system I have on my LAN, which is on 24/7. It’s an open source package, which I have modified to expand the wildcard list capacity and built for 64 bits. I have my router supply its LAN address to every system on the LAN via DHCP, so every system gets my blacklist’s protection. My PCs all avoid visiting sites that deliver ads and malware or seek to track, as do iPad, Apple TV, Android phone, etc. devices that connect to our wifi.

    I wrote a script that updates two configuration files (individual servers and wildcarded specs) for the Dual Server package called DNSListCompiler.bat. It and all attendant command line filters can be found here.

    Why have both a hosts file and DNS blacklisting? Each of the files has a section at the beginning that you can manage manually. It’s not hard to imagine wanting to block more specific things in a given hosts file than are blacklisted LAN-wide with the DNS proxy software. And it never hurts to have multiple layers of protection.

    I can’t stress enough how well-managed the free online lists are, and yet they are resources fairly few folks know about.

    Communications Blocking via Firewall

    Beyond the blacklisting listed above, what if a program has a built-in IP address, or a program you don’t want communicating online tries to contact a known server (*cough* telemetry *cough* privacy invasion)?

    This is where good firewall software comes into play. In my case I use the 3rd party Sphinx Windows Firewall Control package Network/Cloud Edition. Why not use the Windows Firewall? Beyond the user interface being poor for developing and managing a complex configuration, I avoid it because Microsoft inserts secret, hidden rules into it. No thanks. And the Sphinx firewall in particular has one extraordinary feature: It works by name in an ongoing way, meaning that if you want to block xyzzy.com you need not worry about what addresses that site resolves into now or in the future. The firewall software takes care of name to address management for you.

    Sphinx is a fully rigorous and capable commercial firewall package that uses the underlying Windows Base Filtering Engine, and can be set up to match a philosophical goal of mine: Allow no communications that have not been previously approved. To this end, I’ve developed custom configurations that I would call deny-by-default, but with rich sets of exceptions to allow some things that one expects to communicate online, like web browsing and security certificate management.

    It’s the first firewall package I’ve run across that can provide the sophisticated level of control over communications that I want (“deny by default”) without bringing on a monstrous maintenance headache. Once set up I’ve got it to be almost “set it and forget it”. Pretty much, changes are only needed when I install new software.

    One key thing I do is to have the firewall normally set up to block communications with Windows Update servers. That way even if the Windows Update process gets started it cannot get data to update the system. I absolutely require that to be under my control, and to allow my system to get updates I have to reconfigure the zone I have assigned to the svchost.exe process to allow updates. Then when I’m done checking or installing updates I configure it back. In practice this doesn’t take very long.

    The firewall comes with a reasonable default configuration. However, I did it over completely (call me a control aficionado). Some time ago I published my preferred configurations for Windows 7, 8.1, and 10 online. I haven’t changed them much since. These could serve as examples for others to build upon when customizing their own Sphinx firewall configurations.

    Or you could start from scratch, as I did. There’s some trial and error, but if you’re not impatient you could learn a lot about what software is communicating with what servers.

    I’ve published more here on AskWoody about my use of the Sphinx firewall here:

    Browser Reconfiguration to Make It More Restrictive

    In my opinion, Internet Explorer has one of the most configurable and powerful security models. Incredibly, it’s set up by Microsoft to be overly permissive! For that reason it has gotten a bad name, but actually can be well locked-down so that it won’t run dangerous active content from just any old site online in the Internet Zone.

    This ability to lock it down is central to my browsing strategy.

    And yes, I know IE is destined to be deprecated. However, it’ll be supported through the life of my chosen Win 8.1 OS, which should be good until 2023 or so.

    I have specifically configured Internet Explorer to disallow almost everything active from the Internet Zone, which is where sites you haven’t chosen to be in another zone reside. This includes NOT allowing ActiveX controls to run, NOT allowing scripts to do fancy things (but it does allow minimal scripting), and disabling many of the dozens of other features. I’ve published a list of screen grabs showing my preferred settings here:


    I also run almost no Add-ons, and I even disable most of the ones set up by Microsoft out of the box.

    All this blacklisting and browser de-configuration and you’d think my browsing experience would be stunted, right? But no, I can get to the content I want – just without the ads and malware. I am able to watch videos on YouTube, download software, read forums and articles, search for things with Google…

    You may choose to use a different browser. That’s fine; most of the others can also be set up to avoid running software from sites online either by settings or plug-ins (e.g., that block Flash from running without specific approval).

    What is the result of all of the above in combination on my browsing experience? No ads, no malware, no tracking, and faster loading of just the content from web pages I really want to see!

    Leveraging the above-mentioned constantly-being-updated lists can be done several ways, and possibly the easiest is to use a browser add-on that simply blocks attempts to surf to servers and sites that serve ads, do tracking, and attempt to download malware. I prefer Pale Moon – a FireFox derivative that cares about your privacy – and the uBlock Origin add-on, which stops browsing to many, many sites. I don’t see ads, I don’t get malware, yet I DO virtually always see the site content.

    If you don’t block ads, you really should.

    Windows Networking Reconfiguration

    I think I’ve mentioned that Windows comes configured in some ways not the most secure… The things I’ve done to reconfigure Windows Networking to improve my own security picture are:

    • Remove “HomeGroup” networking.
    • Deconfigure SMB1 support, needed only for compatibility with ancient operating systems, which I do not have on my network.
    • Deconfigure IPv6 tunneling: Teredo, ISATAP, and 6to4 via these commands:
        netsh interface teredo set state disabled
        netsh int ipv6 isatap set state disabled
        netsh int ipv6 6to4 set state state=disabled undoonstop=disabled

    Executable blocking

    There are some executables I simply don’t allow to run.

    It’s often possible to identify executables whose sole job is to send telemetry or otherwise make unwanted online contacts.

    I always, for example, remove OneDrive system integration. I also remove executable permissions from such executables as LogTransport.exe, SkypeBrowserHost.exe, VSHub.exe, and others that I’ve identified don’t offer me any direct value but are responsible for sending data abroad. And I’ve disabled a number of scheduled jobs and services. In some cases I’ve even had to tweak registry entries to keep the system from even trying to start unwanted programs.

    I tend to use the facilities that Windows provides to prevent executables from running, but there are good software packages out there that can help less technical users accomplish the desired effects. Some good ones that come to mind to help you know why programs are running are Autoruns by SysInternals, and ShellExView by Nir Sofer.

    Above all, know what’s running on your computer, and try to understand whether it really needs to be there.

    Anti-Malware Software and Scans

    With all of the above in place, an active anti-malware scanner isn’t really particularly necessary. Incredible as it may seem, I don’t ever see Windows Defender block anything and MalwareBytes scans are always clean.

    However, that doesn’t mean you should do without an active line of defense. I recommend Microsoft Security Essentials for Windows 7, and the default Windows Defender for Windows 8 and 10. I’ve found that even if you block Windows Updates, the MpCmdRun.exe component goes out and gets updates on its own. That’s a separate executable from the Windows Update service, so it’s easy to allow it to do its thing through the firewall while maintaining protection against unwanted system updates.

    One good aspect of using Microsoft’s in-built protection is that it virtually never spits out false positives.

    Even with Windows Defender on duty, I also choose to regularly scan my systems for malware that might have gotten through using MalwareBytes AntiMalware free edition. It never hurts to check for malware against a second well-managed database. I have a script scheduled to pop the MalwareBytes UI up first thing in the morning and I just initiate a scan and move the window off to the side. I have terabytes of data yet it updates itself and finishes in under 10 minutes. With SSD storage, the scan isn’t terribly intrusive so I can get on with my work.

    Physical Security and Backup

    It goes without saying that you want to keep your system secure, you need physical security. In my home office, I am “Secured by Beretta”. But beyond that for my critical data I have chosen high reliability hardware (e.g., workstation class machines with ECC RAM, high MTBF disks). I have a high quality HVAC system, good UPS power backup, and high quality wiring.

    Even with all that, I have multiple backups that run regularly, some every 3 hours, some nightly.

    I’m particularly fond of Western Digital MyBook external USB drives for backup. Each computer has several of them attached, and I have several I swap in occasionally, do full system image backups, and remove to a secure location.

    With Win 8.1 there’s not an easy way to schedule a System Image backup like there was with Windows 7, so I schedule the following command:

    wbadmin start backup -allCritical -vssFull -quiet -backupTarget:G:

    That is, by the use of the -vssFull switch, integrated with the Volume Snapshot Subsystem, which means that the nightly backup is actually incremental, and with a large 8 TB MyBook I actually accumulate enough snapshots that I could restore my system from any of a month’s or more prior night’s backups.

    I can also access individual files from those snapshots through 3rd party Z-VSScopy software.

    Even with that capability, I’ve scheduled a number of other file backups based on Robocopy with a ton of switches to make them either mirror the source or accumulate files from the source without deletion (e.g., for protection against my deleting files accidentally).

    Also, I make sure the System Protection feature is enabled. This affords the opportunity to do a System Restore operation if needed, and this usually works if invoked from the bootup WinREcovery environment. Possibly not well-known is that the VSS-integrated wbadmin backups show up as Restore Points, so I not only have the ability to do a full restoral if I have a hardware failure, but I can also choose from all the accumulated incremental snapshot backups to do a System Restore if I were to need to do so.


    I’ll update this post as I think of other things, and I welcome your comments and questions.


    Viewing 3 reply threads
    • #104755


      Thanks for sharing all this. It is quite inspiring.

      You are doing a lot of things in a kind of ideal way for backups that people think usually is so difficult to do, but is in fact quite easy when you know about it using the built-in Windows tool. I never took the time to dig much into this as I manually did my backups and use other means like LTO at work, but I wanted to do it soon so I can prepare easy tools for people I help.

      For doing a one-time image backup of initial installation, after reading what you wrote I used the command you suggested and adapted it so it backups every system partition and not in an incremental way:

      wbadmin start backup -allcritical -backupTarget:e:

      which shows a prompt for confirmation and all partitions to be backed up. If I run an SSD plus 2 drives for DATA in mirror REFS or RAID, I like to just issue this command and put the backup out on external HD so it will only contain the OS and associated critical partitions and I separate that image from the data backups. Is this wbadmin command the equivalent of using the GUI to make a system image backup?

      I also saw that wbadmin can be used to do incremental backups of a folder using the -vssfull argument, which I find could be useful too if not doing the full incremental backup every day to an external HD like you. Suppose I don’t want to spin the DATA HDs when not needed when they sleep. I could schedule a daily backup where Thunberbird and Firefox running on the SSD all day gets backed up on the DATA HD partition at the end of the day. So if I am browsing and emailing without touching my data much, I need no HDs spinning all day. I could also set up a temp work area on the SSD and move the stuff to the mirrored data HDs at the end of the day. However, I guess just using a full incremental backup everyday like you do is good enough to fill this need without manually choosing folders anyway.

      I find your incremental image backup interesting as a complement to the initial full image backup as it protects from updates gone bad, but I also like the idea of the initial clean backup done once to restore to if your system gets bloated over time. I don’t suffer from this particular problem myself much as I am more like you to set a good system and keep it lean and mean for a long time (I never reinstalled the Vista I will retire in April), but I find that for normal folks I help, it is a good idea to have an “unspoiled” initial backup in case you want to go back to square one for them but not for you (as in you don’t have to retweak everything that you have done initially prior to handling them control).

      Maybe there is one thing to warn users about I found looking up the wbadmin command you told us about. If you use the -vssfull option, you need to be careful as it could interfere with a third-party backup program that would use the same mechanism to know if it needs to backup a file or not when you do incremental backups. If you are thinking about using multiple commands like that in incremental backups, you also need to consider if they could overlap and both uses the same mechanism to mark a file as already backed up. So maybe the advice is to not mix an external backup solution for incremental backups in addition to built-in tools that use -vssfull if you are not sure how the backup solution works.

      Because for them I don’t care much about having the latest image of the OS, I also want to help people at home automate some DATA only backup tasks so they just have to plug a disk, click a shortcut and have the backup done, then remove the disk and store it somewhere safe. This kind of occasional non-incremental full data backup is important to prevent disasters like if you delete your files by mistake, your house catches on fire or you get infected for a few months without noticing and your files are altered or you fall victim to a ransomware. This is the kind of backup I would retire completely at least once a year and keep in a safe out of main location to always have an up to date full backup at the end of the year. This is need 1.

      I also like the idea to supplement (not replace) the occasional full DATA backup with an incremental always plugged second hard disk. This is of course not immune to malware, lightning or other disasters, but for a quick resolution to some problems, it can be very useful, like if you accidentally delete a file you backed up yesterday and you want to recover it. This is need 2.

      For the first need (occasional non incremental data backup), I was thinking I would use robocopy. Would you mind sharing the way you use robocopy and the parameters you use plus in which case you think it is the best option vs wbadmin? Do you think it is better to use that or wbadmin even if only for data backups? I guess for the second need, if I have an always plugged in drive, I might as well do like you and just do an incremental full image backup since it won’t take up too much space anyway. Or, I would maybe do a weekly incremental backup on a non-always plugged in external HD if the risk of infection of the user is not low enough. In a setup where I use an SSD + 2 HDs in mirror, I already could cover the day to day backup scenario for data and system protection, but of course, like with an always plugged in HD, it doesn’t prevent against accidental deletion or ransomware. So the weekly incremental backup to a non always plugged in HD makes sense in this scenario.

      For the less technical minded people here, I am sorry if this all sounds so complicated. I don’t think it is for a particular singular use case, but it is just there are so many different possible scenarios depending on the user, it is a good idea to have many ways to do backups that can fit each scenario properly and I wanted to ask our expert here his opinion on a few things. Then, if any of you need specific advice for your particular needs, it will be easy to give you the required built-in tools you need to have a free simple backup solution that fits your needs best.


      3 users thanked author for this post.
      • #104802

        Would you mind sharing the way you use robocopy and the parameters you use plus in which case you think it is the best option vs wbadmin? Do you think it is better to use that or wbadmin even if only for data backups?

        I like having lots of options. Robocopy ensures the files are just there on a disk so they can be dragged and dropped, etc. If you want to do a data backup in addition to making a system image with wbadmin, go for it! More backup is better, as long as the jobs can finish.

        Here’s an excerpt from one of my working backup scripts. I hope this site doesn’t mangle it too badly.

        ::  DoBackup.bat - scheduled to run every night.
        ::  Back up some critical files on NoelC4 to secondary and external storage.
        @ECHO OFF
        ECHO ---------------------------------------------------------------------------------------------------------------------------------------------------------
        SHOWTIME "Starting Nightly Backup on %%s"
        SET BACKUP_AREA_COPY_SWITCHES=/B /DST /Z /NP /NFL /NDL /R:1 /W:2 /NJH /NJS /XF Old_DoBackup*.*
        ECHO = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
        SHOWTIME "Backups to the local internal hard drive array on %%s"
        ROBOCOPY "V:\Virtual Machines"          "D:\Virtual Machines"                           %COPY_TREE_SWITCHES%
        ROBOCOPY C:\Backup                      D:\Backup\NoelC4                                %BACKUP_AREA_COPY_SWITCHES%
        ECHO = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
        SHOWTIME "Backups to the main local external USB backup drive on %%s"
        ROBOCOPY C:\EMail                       G:\Backup\NoelC4\EMail                          %MIRROR_TREE_SWITCHES%
        ROBOCOPY C:\ProgramData                 G:\Backup\NoelC4\ProgramData                    %MIRROR_TREE_SWITCHES% /XJ
        ROBOCOPY C:\Users                       G:\Backup\NoelC4\Users                          %MIRROR_TREE_SWITCHES% /XJ


        2 users thanked author for this post.
    • #106210

      FYI, I have successfully brought Windows 10 version 1703 build 15063.11 (the “Creator’s Update”), installed as an in-place upgrade, up to my preferred level of security.

      What it took was removing ALL App packages (except what is required to support Settings), removing all cloud integration such as OneDrive, a bunch of tweaks – some through overt settings and some through registry changes, blocking a number of sites through DNS blacklisting, and disabling a number of services and scheduled tasks.


      I even have Windows Defender working without the App interface…


      Given that version 1703 is only a few days old and my tweaked setup is only hours old of course I have most certainly NOT subjected it to sufficient testing to know whether I have achieved a solid and reliable configuration yet. However, it’s looking hopeful at this point, and I will follow-up here to say how it goes.


      1 user thanked author for this post.
      • #130430

        Given that version 1703 is only a few days old and my tweaked setup is only hours old of course I have most certainly NOT subjected it to sufficient testing to know whether I have achieved a solid and reliable configuration yet. However, it’s looking hopeful at this point, and I will follow-up here to say how it goes.

        Well, here we are quite a few months later, and I can report some of what I’ve found…

        1. I was able to tweak Windows 10 “Creator’s Update” v1703 into being fully private, and with all the security attributes I listed above. It will run for days without contacting any servers online.

        2. At one point, around 15063.200something, it just stopped taking Windows updates. It would get to 98% complete, then fail and revert back. Since I had before and after snapshots to work with, I worked VERY hard for a while to try to isolate why it had happened. It boiled down to this: Remove all the Apps, stop being able to update it.

        3. As an exercise I ended up reinstalling the whole thing over again, afresh, from the released ISO image. I re-tweaked it, but this time the only difference was that I didn’t remove the Apps. I was able to continue updating it to July, around 15063.500something. Then I got bold and removed all the Apps again. Lo and behold it is still taking updates successfully. It’s now on 15063.540 and running fine.

        4. The author of the desktop tweaking tool I use finally released a version that’s compatible with v1703, so I have a fully up to date system that actually looks decent and has good desktop usability. But note that it took him until a month AFTER the promotion to CBB (or whatever the heck they call that now) to release it. That’s significant – it underscores the fact that most of the time a particular Windows 10 build is “current” people are still struggling to adapt their software to it.

        What I WASN’T able to do was to discover ANYTHING about Windows 10 v1703 that made it a “must have” for me, so while I got most of the kinks worked out to turn it into a “to work” system, it remains a denizen of my virtualization software (VMware Workstation). Just a curiosity for testing and dabbling, while my host computer hardware still runs Windows 8.1 Pro/MCE x64.



        3 users thanked author for this post.
    • #110679

      I’ve just added some info on router and Windows Networking configuration to my original post in this thread.


      1 user thanked author for this post.
    • #110711

      @Noel: Thank you for taking the time to post this info :).

      For file-based backup, you may wish to try Areca Backup (free), which I personally use.

      2 users thanked author for this post.
    Viewing 3 reply threads
    Reply To: A Description of My Quite Effective Security Environment (Long)

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information: