-{ Quote: "You dont know his real secret setup my good friend--
Lavasoft internet security, mbam pro, keyscrambler premium, spyshelter premium, sandboxie, returnil, appguard, superantispyware, winpatrol plus
and according to J says its light setup..like feather my friend..rofl" }-

Thats the lightest setup ever :P ;D

Added Trusteer Rapport:)

-{ Quote: "Added Trusteer Rapport:)" }-

Good software IMO. ;)

-{ Quote: "Great, I was hoping that was the case. Any idea if they have their own anti-malware, or are they using software from somewhere else?" }-
Their own blacklist I believe.

-{ Quote: "PrivateFirewall + Sbie :thumb:
BTW: The next PF update will have... restriction mode (like Run Safer in OA) :argh:" }-
That is an awesome feature for them to be adding.
Where did you read that, please?
:)

-{ Quote: "I found this at Wikipedia about Chrome security: Chrome periodically retrieves updates of two blacklists (one for phishing and one for malware), and warns users when they attempt to visit a harmful site. This service is also made available for use by others via a free public API called "Google Safe Browsing API"." }-It is available in Firefox too if you enable them under Options/Security.

-{ Quote: "If you were an administrator, you'd see .NET Framework a useful thing. PowerShell makes use of .NET Framework, and it's simply a powerful tool (PowerShell).

I'm enjoying learning PowerShell. You can simply automate so many stuff. I just regret being this late into learning it. ;D But, better late than ever. :argh:" }-

Yeah, but let's face it, that eliminates 99% of end users from the get-go. For the vast majority of us the only thing it does is slow you down with unnecessary bloat. And for Firefox users worse, it poisons your browser with an add-on that is by definition Adware... in that it installs itself without your consent and then is difficult to get rid of (a registry tweak is needed).

I use security software to PREVENT things like that from getting onto my computer.

I hope it is incorporated into Windows7 better than it is XP.

Also it doesn't seem EMET is that useful to XP anyway. Most of the functionality isn't possible, and I have DEP enabled already.

KeePass needs .NET, and that's fine with me. :)

What's wrong with .NET? (http://www.wilderssecurity.com/showthread.php?p=1909758#post1909758)

nice avatar page:thumb:

nice avatar indeed..that snake looks happy;D

-{ Quote: "Added Trusteer Rapport:)" }-
Does it's presence slow your browsing?

Who's giving Eset 5 av a spin when it pops out of the oven? I have a license so figure I might as well.

:thumb: it is a very nice antivirus and now it includes a hips engine:) that is what i like the most in interactive mode it is very informative:) i mean alot of pop ups:)

-{ Quote: "nice avatar indeed..that snake looks happy;D" }-

Don't you miss the snake my good friend? ;D

-{ Quote: "Does it's presence slow your browsing?" }-
No slow downs here..but chrome keeps crashing tho.. no problems with IE9 yet

-{ Quote: "Don't you miss the snake my good friend? ;D" }-
I dont miss it anymore man..panda keeps me entertained;D ;D

-{ Quote: "No slow downs here..but chrome keeps crashing tho.. no problems with IE9 yet" }-

Must be conflicting with something on your setup. Chrome isn't crashing and I'm using it. Are you using it on Win7 32-bit or 64-bit?

-{ Quote: ":thumb: it is a very nice antivirus and now it includes a hips engine:) that is what i like the most in interactive mode it is very informative:) i mean alot of pop ups:)" }-
yes indeed..I think J you missing malware defender..give it a spin man;D you will never wish for popups after you use that I think;D ;D

-{ Quote: "Must be conflicting with something on your setup. Chrome isn't crashing and I'm using it. Are you using it on Win7 32-bit or 64-bit?" }-
I dont have any other extension other than lastpass running in chrome..I dont know maybe need to reinstall rapport maybe..This is a 64bit win7 pro:doubt:

-{ Quote: "I dont have any other extension other than lastpass running in chrome..I dont know maybe need to reinstall rapport maybe..This is a 64bit win7 pro:doubt:" }-

Are you still using Spyshelter on 64-bit?

-{ Quote: "Are you still using Spyshelter on 64-bit?" }-
yes indeed:thumb: I thought you knew it already;D

-{ Quote: "yes indeed:thumb: you knew it I thought;D" }-

That might be your problem. Try disabling that and see if Chrome still crashes with Trusteer Rapport.

-{ Quote: "That might be your problem. Try disabling that and see if Chrome still crashes with Trusteer Rapport." }-
allright will do man..but I really hate to disable it..Its my fav app you know;D ;D

-{ Quote: "allright will do man..but I really hate to disable it..Its my fav app you know;D ;D" }-

Its only temporary, its not like its forever my good friend ;D

same here k my faborite app ever after mbam pro;)

-{ Quote: "same here k my faborite app ever after mbam pro;)" }-

No encouraging him J ;D Whats faborite? A new flavor :P ;D

lol;D

-{ Quote: "lol;D" }-

Well you typed it my friend ;D

-{ Quote: "Who's giving Eset 5 av a spin when it pops out of the oven? I have a license so figure I might as well." }-
I'll be looking forward to reading your thoughts on it.

-{ Quote: "I'll be looking forward to reading your thoughts on it." }-
I expect it to be a good program and will like to see it vs. real time malware. ESET 5 will have lots of reviews I'm sure, really as soon as released. I always liked Eset because it runs so smooth on my computer but kinda switched away because of its detection the last few years. Hopefully the HIPS remedies that. I wonder if it will be a smart HIPS with few pop ups and detailed messages? Hopefully so.

-{ Quote: "same here k my faborite app ever after mbam pro;)" }-
On no way, HitMan Pro is your favourite "HitMan Pro rocks" remember? ::)

-{ Quote: "allright will do man..but I really hate to disable it..Its my fav app you know;D ;D" }-

When you have got Spyshelter Premium, Why dump Spyshelter when having incompatibilities, dump Trusteer ;D

-{ Quote: "When you have got Spyshelter Premium, Why dump Spyshelter when having incompatibilities, dump Trusteer ;D" }-

He wouldn't dump Spyshelter anyways, Its his favorite app well according to him. ;D

My sig8)
+
SUMo
Google chrome

hitman pro rocks but it will expire and no money to renew so mbam pro covers the gap or emptiness:)

-{ Quote: "Its only temporary, its not like its forever my good friend ;D" }-

mwahahaha!:argh:

-{ Quote: "ESET just sells the product with the least weaknesses in my experience. Although, I was also pleased with WRSA. I think when ESET launches version 5.0 final I will just use that and stop all the trialing, in the end I return to ESET anyway." }-
I use WSA right now. And it's the only product that comes close to what ESET is offering. WSA is light on RAM and I/O, easy to use and offers great security just as ESET. But in the end I will always come back to ESET. ;D
But both are very very nice products indeed, that needs to be said. :isay:

-{ Quote: "I use WSA right now. And it's the only product that comes close to what ESET is offering. WSA is light on RAM and I/O, easy to use and offers great security just as ESET. But in the end I will always come back to ESET. ;D
But both are very very nice products indeed, that needs to be said. :isay:" }-

Although your observations of ESET may be spot on. I fear you've missed the parts where WSA provides a more layered type of protection, hence your computer being more safe. :)

-{ Quote: "hitman pro rocks but it will expire and no money to renew so mbam pro covers the gap or emptiness:)" }-
Well that's understandable if you have licenses for all the different software you have been using :P

And MBAM Pro offers great protection indeed :thumb:

-{ Quote: "Although your observations of ESET may be spot on. I fear you've missed the parts where WSA provides a more layered type of protection, hence your computer being more safe. :)" }-
I don't think so. But you can explain anyway. ;)

I know that WSA is stronger on some areas as keyloggers, and the protection safeonline offers etc... if that's what you meant.

Webroot SecureAnywhere BETA
Software Restriction Policy
Sandboxie FREE 3.58

Mbam Pro and SpyShelter Premium;) :thumb:

-{ Quote: "I don't think so. But you can explain anyway. ;)

I know that WSA is stronger on some areas as keyloggers, and the protection safeonline offers etc... if that's what you meant." }-

:thumb: Perhaps the combination between the two would suffice for the both of us! I'm currently testing ESET 5 beta thanks to you, and I'm impressed!

Well since most of my computer security licenses expire on all my machines next month its time for me to start looking at replacements and things to install on them. As of now here is what I have on each of my machines:

Old Desktop (barely alive, wake up to find is BSOD a lot of the time)

Panda Cloud (needs a fresh install) + CounterSpy + Prevx (just because I had a license laying around) +random on demand scanners

Oldish Laptop (running Vista but not very good specs)

Panda Cloud + Winpatrol PRO + CounterSpy + random ondemand Scanners

Personal Netbook (100% awesome! :P )

Panda Cloud + Extreme Common Sense!

My Prevx and CounterSpy licenses expire this month so I have been looking for replacement programs to put on each of my machines. Yeah I have been thinking of doing it for a while but when my license runs out I don't got much of a choice, plus my parents have bought a backup hard drive so I no longer have to worry about them losing data! So for my new setup on each machine I am looking at leaving Winpatrol on the Vista laptop and having each PC run:

Panda Cloud + Kingsoft PC Doctor/Rising PC Doctor

I think either one would work good for them while letting Panda handle all of the malware.

Updated to "Platinum Insane" status ;D :

My security setup
Win 7 x64 Ultimate Desktop:

Using LUA account as default
UAC at highest level
AppLocker with all rules, including DLL, enforced
Windows Firewall with advanced security, inbound and outbound blocked by default, restricting web-facing applications to specific remote ports and in some cases to remote ip addresses.
EMET, with mainly web-facing and MS Office apps configured
MBAM on-demand free (used sparingly)
Routine images of system using ShadowProtect RE disk, saving the images to two separate physical locations.
All sensitive data kept on a TrueCrypt volume on h/drive and USB pendrive, and also a bitlocker encrypted volume.
08/28/2011: Added Sandboxie Paid:

Set up for web browsers Chrome & IE9 with forced folders full qualifying path to iexplore.exe & chrome.exe Restricted Internet access Restricted Start/Run access

The additional security this truly awesome application offers overwhelmed my usual stubbornness against adding 3rd party security software to my already inpenetrable fortress. It is now insanely inpenetrable ;D .

the following services are disabled: Secure Socket Tunneling service IP Helper Remote Access Connection Manager SSDP Discovery service TCP/IP NetBIOS Helper Workstation Function Discovery Resource Publication WinHTTP Web Proxy Auto-Discovery service

SuRun, v1.2.1 B9 – used only for convenience to easily launch some programs and Windows functionality with administrative priviledges.

Note the use of free MBAM for on-demand only. I despise realtime antivirus programs. They are, for the most part, an antiquated, resource-sucking leech on the system.

-{ Quote: "Well since most of my computer security licenses expire on all my machines next month its time for me to start looking at replacements and things to install on them. As of now here is what I have on each of my machines:

Old Desktop (barely alive, wake up to find is BSOD a lot of the time)

Panda Cloud (needs a fresh install) + CounterSpy + Prevx (just because I had a license laying around) +random on demand scanners

Oldish Laptop (running Vista but not very good specs)

Panda Cloud + Winpatrol PRO + CounterSpy + random ondemand Scanners

Personal Netbook (100% awesome! :P )

Panda Cloud + Extreme Common Sense!

My Prevx and CounterSpy licenses expire this month so I have been looking for replacement programs to put on each of my machines. Yeah I have been thinking of doing it for a while but when my license runs out I don't got much of a choice, plus my parents have bought a backup hard drive so I no longer have to worry about them losing data! So for my new setup on each machine I am looking at leaving Winpatrol on the Vista laptop and having each PC run:

Panda Cloud + Kingsoft PC Doctor/Rising PC Doctor

I think either one would work good for them while letting Panda handle all of the malware." }-

Are you bound to using Panda products? There are some other alternatives which may be worth looking into.

PCA is not really a true cloud antivirus in my opinion. It's too hoggy and too large. I'd consider WSA för that.

-{ Quote: ":thumb: Perhaps the combination between the two would suffice for the both of us! I'm currently testing ESET 5 beta thanks to you, and I'm impressed!" }-
Haha great. But my vision is to use only one security software in RT. That includes protection in a balanced way so it's good at many things.

Perhaps you could try ESET V5 against your huge malware sample set.
To see how it stands up against WSA. *puppy*

Edit: With V5 don't take the RAM usage so serious I know that YOU know why it uses little more. But some users complain and say that it's "heavy" even though it runs light.

wat0114:thumb: :thumb:

Yeah I am pretty set on them, I have tried most of the other free AV programs (except Avast, never got around to trying that) and every time I have came back to Panda.

I will admit though WSA has became a pretty impressive security product, I had beta tested it and the only problem I have with it is that it does not work with Panda Cloud. When both are installed the computer will not shut down. Also if you try to install Panda as WSA is installed you may crash the system but I only got that to happen once.

Panda just seems to work on my machines, and I like programs that just work whenever I install them.

Thanks jmonge :)

-{ Quote: "Haha great. But my vision is to use only one security software in RT. That includes protection in a balanced way so it's good at many things.

Perhaps you could try ESET V5 against your huge malware sample set.
To see how it stands up against WSA. *puppy*

Edit: With V5 don't take the RAM usage so serious I know that YOU know why it uses little more. But some users complain and say that it's "heavy" even though it runs light." }-

WSA was mediocre in detection rates around 80% of tested 0-day samples each day... but two-three days ago it suddenly improved a lot. It seems to me that A LOT of _great_ generic signature were introduced making WSA hit about 95% detection rates.

ESET is currently around 91% with about 50k samples tested.

These are just on-demad tests for the latest malware over the 5-days though. Not sure which one would provide the highest REAL protection, as some of the malware I'm testing hardly will ever get spread.

-{ Quote: "Updated to "Platinum Insane" status ;D :

My security setup
Win 7 x64 Ultimate Desktop:

Using LUA account as default
UAC at highest level
AppLocker with all rules, including DLL, enforced
Windows Firewall with advanced security, inbound and outbound blocked by default, restricting web-facing applications to specific remote ports and in some cases to remote ip addresses.
EMET, with mainly web-facing and MS Office apps configured
MBAM on-demand free (used sparingly)
Routine images of system using ShadowProtect RE disk, saving the images to two separate physical locations.
All sensitive data kept on a TrueCrypt volume on h/drive and USB pendrive, and also a bitlocker encrypted volume.
08/28/2011: Added Sandboxie Paid:

Set up for web browsers Chrome & IE9 with forced folders full qualifying path to iexplore.exe & chrome.exe Restricted Internet access Restricted Start/Run access

The additional security this truly awesome application offers overwhelmed my usual stubbornness against adding 3rd party security software to my already inpenetrable fortress. It is now insanely inpenetrable ;D .

the following services are disabled: Secure Socket Tunneling service IP Helper Remote Access Connection Manager SSDP Discovery service TCP/IP NetBIOS Helper Workstation Function Discovery Resource Publication WinHTTP Web Proxy Auto-Discovery service

SuRun, v1.2.1 B9 – used only for convenience to easily launch some programs and Windows functionality with administrative priviledges.

Note the use of free MBAM for on-demand only. I despise realtime antivirus programs. They are, for the most part, an antiquated, resource-sucking leech on the system." }-
LUA AND UAC?

What's the point?

Get rid of LUA, it's gross =p UAC handles all of your elevating needs without having to switch between accounts all the time.

@Hungry Man,

you do have a point, but I like to follow what MS (I'm not an M$ Shill ;D ) and any other responsible enterprise environment would recommend:

-{ Quote: "The recommended and more secure method of running Windows 7 is to make your primary user account a standard user account. Running as a standard user helps to maximize security for a managed environment." }-

-http://technet.microsoft.com/en-us/library/dd835561(WS.10).aspx

There is really nothing wrong with LUA, and SuRun affords me the ability to easily elevate trusted processes from within the standard account without entering credentials. Keep in mind, also, that the Administrator account provides two tokens: one user and one administrative, while the user account only provides a user token. I simply see this as extra separation from the potentially dangerous administrator account.

Yeah but you have to use another program (SuRun) just to do some every day tasks.

Just doesn't seem worth it. It is for enterprise level security where you need to manage hundreds if not thousands of computers but for a personal user you get the same effects with UAC.

-{ Quote: "hitman pro rocks but it will expire and no money to renew so mbam pro covers the gap or emptiness:)" }-

What happened to SpyShelter? Only MBAM PRO again?

-{ Quote: "Yeah but you have to use another program (SuRun) just to do some every day tasks.

Just doesn't seem worth it. It is for enterprise level security where you need to manage hundreds if not thousands of computers but for a personal user you get the same effects with UAC." }-

I still have to figure out what you folks do that require administrative rights all the time.

I run in a standard user account, and the only administrative tasks I need to perform are some application upgrades, once in a while.

And, don't be mistaken. UAC is no silver bullet, and specially not bullet proof. It has been bypassed in the past, meaning open path for the administrator account.

As an example (and I'll see if I can find the source, as it has been a long time), I remember that it existed a bug in IE that would allow malware to bypass UAC or Protected Mode... something like that. You may figure out the rest.

But, unless one truly knows his/her way, an administrator account + UAC is by no means the same as a standard user account.

You tell wat0114 to ditch standard user account, still he's got a very solid setup, and 99% of it is built-in security.

When comparing his setup to yours, it makes perfect sense to use a standard user account, due to the extra comfort it provides to the user.

It's interesting that you're running Mamutu in Paranoid Mode and Defense+.

If an administrator account plus UAC is enough... you got a very interesting approach there.

Just an observation, nothing else really. :)

How long does it take Avast to add signatures for new malware? I submitted a sample through the avast "chest" 4 days ago and it's still not detecting. It was adware (adsubscribe). The md5 hash is 6B2C32DADD55648B322C5FB7FBC8C4C7 if you want to check on VT.

Outpost Pro Security Suite 7.5.1 (From latest giveaway)
Sandboxie 3.58
Shadow Defender 1.1.0.325

Macrium Reflect Complete Edition 4.2 / 3775

Open DNS
Opera 11.50

I'm only occasionally performing administrative tasks including but not limited to:

modifying Windows firewall w/advanced security rules
modifying AppLocker rules
viewing Event Viewer entries
Disk management for partition work
Occasionally elevating explorer.exe to access my administrator directories
elevating Snagit only when I need to to take a screenshot of a scrolling windoww, which only works properly when it's elevated.

I can easily and conveniently achieve this with a very small resource footprint from my more secure user account with Surun. When I'm not requiring administrative elevation, which is most of the time, I'm running from the more secure user account

Whatever works for you. I just know I'd hate it =p and I feel that the security benefits of LUA over an admin account with UAC are not worth it for my usage.

Remember that with Surun you can right-click->elevate with consent only (no credentials needed) just as is done in the administrator account.

Removed Windows XP. Although still a good OS (I'd use it over Vista), I feel Windows 7 is superior in pretty much every way. The reason I had installed XP again is I was playing around with BootIt BM after buying the bundle over at TeraByte (http://www.terabyteunlimited.com/index.htm).

I've not re-added WinPatrol PLUS yet as I want to wait and see how and if it develops new features which I feel are essential.

The same-Avira free (it works great on my machine and it saved my butt few days ago from a TDSS rootkit :thumb: )
The same-Sandboxie
Not the same Rising FW,replaced with Comodo FW D+ enabled.

-{ Quote: "Outpost Pro Security Suite 7.5.1 (From latest giveaway)
Sandboxie 3.58
Shadow Defender 1.1.0.325

Macrium Reflect Complete Edition 4.2 / 3775

Open DNS
Opera 11.50" }-
Good Setup!

-{ Quote: "Good Setup!" }-

I thought so till Outpost started to freeze up and crash :thumbd: , can't have that with a security program.
Back to what works well for me till I get bored with it and decide to try something new again. ;D

-{ Quote: "I thought so till Outpost started to freeze up and crash :thumbd: , can't have that with a security program.
Back to what works well for me till I get bored with it and decide to try something new again. ;D" }-

Same thing happened to me with Outpost. Thats why I haven't used it since.

avast internet security,malwarebytes antimalware(on demand),superantispyware(on demand),hitman pro,easeus todo,kingsoft pc doctor.

Just moved to Chrome dev 15. Now using the proof-of-concept adblocking that uses the WebRequest API.

I'll move back to beta when 15 hits beta.

EDIT: Removed host file... not gonna bother editing my setup in sig since I'd have to repost now =p

Shared Network:
Actiontec Modem with SPI Firewall
Norton DNS (+ Advertising, Scam Sites) [Comodo Secure DNS alternate]

Real-time Protection:
Avast! Free Antivirus (only Network, WebRep, Web Shield) [Password Protected]
Comodo Firewall Pro (no Antivirus) [Password Protected]
Malwarebytes' Anti-Malware Pro (+ Website Blocking)
Panda Cloud Antivirus Pro (no Security Toolbar) [Denied UI from others]
WinPatrol PLUS Cloud Edition

System (Windows 7 Pro 64-bit SP1):
Enabled DEP, SEHOP, ASLR, Default-Deny SRP, UAC elevate without prompting, Integrity Levels
Disabled Windows Firewall, System Restore, Internet Explorer, Autorun/Autoplay
Enhanced Mitigation Experience Toolkit
Spybot - Search & Destroy Immunize

Firefox:
Adblock Plus (Malware Domains subscription)
BitDefender TrafficLight
LastPass
LinkExtend
SandBoxie Free (+ DropRights, Experimental Protection, Internet Access Restrictions) [Lock Configuration]

On-demand Scanning:
AVG Rescue CD
Avira Free (no Guard)
Comodo Cleaning Essentials
Hitman Pro
Kingsoft PC Doctor (prohibited auto-start)
Microsoft Standalone System Sweeper
Trend Micro HouseCall

Analyzers:
Comodo Instant Malware Analysis
Comodo File Verdict Service "Valkyrie"
Sysinternals Autoruns
URLVoid
VirusTotalUploader

Updates:
Freeware Files RSS, Freeware Guide
KC Softwares SUMo

Backup:
Paragon Backup & Recovery Home Special Edition


Ubuntu Natty Netbook:
Firefox (AppArmor Default, Adblock Plus, LastPass, TrafficLight, WOT)
BitDefender Free, ClamAV, Rootkit Hunter
Regularly updated. Sudo only, no root. Prey active.

-{ Quote: "Shared Network:
Actiontec Modem with SPI Firewall
Norton DNS (+ Advertising, Scam Sites) [Sunbelt ClearCloud DNS alternate]

Real-time Protection:
Avast! Free Antivirus (only Network, WebRep, Web Shield) [Password Protected]
Comodo Firewall Pro (no Antivirus) [Password Protected]
Malwarebytes' Anti-Malware Pro (+ Website Blocking)
Panda Cloud Antivirus Pro (no Security Toolbar) [Denied UI from others]
WinPatrol PLUS Cloud Edition

System (Windows 7 Pro 64-bit SP1):
Enabled DEP, SEHOP, ASLR, Default-Deny SRP, UAC elevate without prompting, Integrity Levels
Disabled Windows Firewall, System Restore, Internet Explorer, Autorun/Autoplay
Enhanced Mitigation Experience Toolkit
Spybot - Search & Destroy Immunize

Firefox:
Adblock Plus (Malware Domains subscription)
BitDefender TrafficLight
LastPass
LinkExtend
SandBoxie Free (+ DropRights, Experimental Protection, Internet Access Restrictions) [Lock Configuration]

On-demand Scanning:
AVG Rescue CD
Avira Free (no Guard)
Comodo Cleaning Essentials
Hitman Pro
Kingsoft PC Doctor (prohibited auto-start)
Microsoft Standalone System Sweeper
Trend Micro HouseCall

Analyzers:
Comodo Instant Malware Analysis
Comodo File Verdict Service "Valkyrie"
Sysinternals Autoruns
URLVoid
VirusTotalUploader

Updates:
Freeware Files RSS, Freeware Guide
KC Softwares SUMo

Backup:
Paragon Backup & Recovery Home Special Edition


Ubuntu Natty Netbook:
Firefox: AppArmor Default, Adblock Plus, LastPass, TrafficLight, WOT
BitDefender Free, ClamAV, Rootkit Hunter
Regularly updated. Sudo only, no root. Prey active." }-
awesome setup J_L:thumb:

-Running avast! Free, MBAM Pro, and PCAV Pro (even with your Configuration) is still too much.

-Since you have CIS, the incremental security offered by WinPatrol PLUS Cloud Edition is minimal.

But it is your Setup after all...:-X

@SweX and shadek:

In my eyes EAV/ESS version 5 and WRSA are by far the most interesting and best antivirus products available in the near future.
At the start of the year I had great hopes for some more products next to ESET 5 and Prevx 4, which seemed to have great potential. However they all disappointed me. Panda Cloud Antivirus 1.5 and Microsoft Security Essentials 2 didn't bring the improvements I was hoping for. Kaspersky 2012 improved a lot, but a week later it stabbed me in my back by slow scanning times and 100% CPU usage. And, most surprisingly, Avira 12 just nominated itself for the "Most epic fail of the year award."

I feel the same as SweX, I only want one realtime security product. But I am very curious to see how WRSA and EAV/ESS run together.

EDIT: I forgot about a product I also was very curious about 8 months ago, Hitman Pro 4 (with realtime protection). I thought we would have seen a beta by now, but I guess it has been delayed.

-{ Quote: "
Firefox:
Adblock Plus (Malware Domains subscription)
BitDefender TrafficLight
LastPass
LinkExtend
SandBoxie Free (+ DropRights, Experimental Protection, Internet Access Restrictions) [Lock Configuration]
...

...
Updates:
Freeware Files RSS, Freeware Guide
KC Softwares SUMo
...
" }-

1. Could you specify what's that Experimental Protection in Sandboxie Free?

2. Why you don't use Secunia for updates?

Thank you.

My setup: NOD32 Antivirus 4.2 + Outpost Firewall Pro + Sandboxie.
I've just switch to Outpost FP from Comodo FW, Could anyone tell me about Oupost FP HIPS ? It's efficient?

-{ Quote: "WSA was mediocre in detection rates around 80% of tested 0-day samples each day... but two-three days ago it suddenly improved a lot. It seems to me that A LOT of _great_ generic signature were introduced making WSA hit about 95% detection rates.

ESET is currently around 91% with about 50k samples tested.

These are just on-demad tests for the latest malware over the 5-days though. Not sure which one would provide the highest REAL protection, as some of the malware I'm testing hardly will ever get spread." }-
Thanks for testing, and not too bad :P

Yes as you say on-demand is always on-demand, so if the products would encounter the malware via an URL in Real-time it surely would act differently, using other modules etc...

I know for a fact that ESET's URL blocker and HTTP scanner will prevent a lot of the malware before it can even be downloaded.

But on-demand gives you a hint anyway, so it's better than nothing.
And for sure both products are very good, and will be very interesting to follow ahead. And at the moment I got no interest in other vendors products :)

-{ Quote: "@SweX and shadek:

In my eyes EAV/ESS version 5 and WRSA are by far the most interesting and best antivirus products available in the near future.
At the start of the year I had great hopes for some more products next to ESET 5 and Prevx 4, which seemed to have great potential. However they all disappointed me. Panda Cloud Antivirus 1.5 and Microsoft Security Essentials 2 didn't bring the improvements I was hoping for. Kaspersky 2012 improved a lot, but a week later it stabbed me in my back by slow scanning times and 100% CPU usage. And, most surprisingly, Avira 12 just nominated itself for the "Most epic fail of the year award."

I feel the same as SweX, I only want one realtime security product. But I am very curious to see how WRSA and EAV/ESS run together.

EDIT: I forgot about a product I also was very curious about 8 months ago, Hitman Pro 4 (with realtime protection). I thought we would have seen a beta by now, but I guess it has been delayed." }-

I agree with you. And about an real-time version of Hitman Pro it can't be anything but very interesting. But it will require a lot of server power so they would likely need to invest some money in a global server network to make it work without slowdowns etc..

-{ Quote: "
SuRun, v1.2.1 B9 – used only for convenience to easily launch some programs and Windows functionality with administrative priviledges.
" }-

where did you download SuRun, v.1.2.1 B9? ???

EDIT: nvm, found it ;D

Changes constantly!!!;D ;D I read the boards and become convinced by someones suggestions and reasoning and think I'll try that.....a few days later I see another string of posts and think...'nah, that's the way to do it!!!'


Currently for the next 24-48 hrs at any-rate:

Appguard

Spyshelter...set...medium security\system protection (basic HIPS?)

Look 'n' Stop (this stays...I bought this!)

In part based on kees1958 'Safe Admin For Xp' thread.

-{ Quote: "Shared Network:
Actiontec Modem with SPI Firewall
Norton DNS (+ Advertising, Scam Sites) [Sunbelt ClearCloud DNS alternate]

Real-time Protection:
Avast! Free Antivirus (only Network, WebRep, Web Shield) [Password Protected]
Comodo Firewall Pro (no Antivirus) [Password Protected]
Malwarebytes' Anti-Malware Pro (+ Website Blocking)
Panda Cloud Antivirus Pro (no Security Toolbar) [Denied UI from others]
WinPatrol PLUS Cloud Edition

System (Windows 7 Pro 64-bit SP1):
Enabled DEP, SEHOP, ASLR, Default-Deny SRP, UAC elevate without prompting, Integrity Levels
Disabled Windows Firewall, System Restore, Internet Explorer, Autorun/Autoplay
Enhanced Mitigation Experience Toolkit
Spybot - Search & Destroy Immunize

Firefox:
Adblock Plus (Malware Domains subscription)
BitDefender TrafficLight
LastPass
LinkExtend
SandBoxie Free (+ DropRights, Experimental Protection, Internet Access Restrictions) [Lock Configuration]

On-demand Scanning:
AVG Rescue CD
Avira Free (no Guard)
Comodo Cleaning Essentials
Hitman Pro
Kingsoft PC Doctor (prohibited auto-start)
Microsoft Standalone System Sweeper
Trend Micro HouseCall

Analyzers:
Comodo Instant Malware Analysis
Comodo File Verdict Service "Valkyrie"
Sysinternals Autoruns
URLVoid
VirusTotalUploader

Updates:
Freeware Files RSS, Freeware Guide
KC Softwares SUMo

Backup:
Paragon Backup & Recovery Home Special Edition


Ubuntu Natty Netbook:
Firefox: AppArmor Default, Adblock Plus, LastPass, TrafficLight, WOT
BitDefender Free, ClamAV, Rootkit Hunter
Regularly updated. Sudo only, no root. Prey active." }-

Fast and simple :thumb: ;D

-{ Quote: "Changes constantly!!!;D ;D I read the boards and become convinced by someones suggestions and reasoning and think I'll try that.....a few days later I see another string of posts and think...'nah, that's the way to do it!!!'" }-
Yep, with so many here sharing and so interested in the topics, it is a great place to get ideas on what to use. It can take a long time to figure out exactly what you need. Often, IMO, as one tries this and tries that, they learn along the way more about security in general, but even more about what thier personal habits are, and how that affects the whole picture.

I personally think that a lot of folks around here are always changing because of how their knowledge advances, and they see different needs and thus try different tools to fulfill thier needs. Of course some are just software junkies, and need thier fix :argh:

Sul.

-{ Quote: "Yep, with so many here sharing and so interested in the topics, it is a great place to get ideas on what to use. It can take a long time to figure out exactly what you need. Often, IMO, as one tries this and tries that, they learn along the way more about security in general, but even more about what thier personal habits are, and how that affects the whole picture.

I personally think that a lot of folks around here are always changing because of how their knowledge advances, and they see different needs and thus try different tools to fulfill thier needs. Of course some are just software junkies, and need thier fix :argh:

Sul." }-

Wilders wouldn't be Wilders without the software junkies needing their fix ;D

I am on safe-admin for over a year now, recently added PoweBroker free and GeSWall Pro (added only 0.01% CPU load), think this will last as long I am on Windows7 32 ultimate :'(

-{ Quote: "I am on safe-admin for over a year now, recently added PoweBroker free and GeSWall Pro (added only 0.01% CPU load), think this will last as long I am on Windows7 32 ultimate :'(" }-

Sounds like you are moving to Windows7 64-bit soon? New computer? :doubt:

-{ Quote: " think this will last as long I am on Windows7 32 ultimate :'(" }-
I just ordered new parts, will be switching to x64 within 2 months to utilize 16gb of ram for various reasons. Will be interesting to see what sort of security implementation I bake this time :blink:

Sul.

-{ Quote: "I just ordered new parts, will be switching to x64 within 2 months to utilize 16gb of ram for various reasons. Will be interesting to see what sort of security implementation I bake this time :blink:

Sul." }-

Should be interesting, you probably give me a few new ideas ;)

building up my new setup... (not done yet)

hint: LUA/UAC/SRP/SuRun/EMET/Sandboxie FREE/GesWall/MbAM Free ;D

-{ Quote: "Sounds like you are moving to Windows7 64-bit soon? New computer? :doubt:" }-

No x32 Win7 Ultimate desktop (simple E5200 dual core @ 3Ghz with 2GB RAM and 1 TB Disk/5570 GPU) is blazing fast with Safe-Admin/PowerBroker/GeSWall setup.

Laptop (dual core celeron @ 2Ghz with 4 GB RAM, intel HD graphics and 250 GB Hybride harddisk) I use for work when going to clients had Winx64 home, but I changed it for a Win7 x32 Ultimate (was € 100 rebate deal for business users). This laptop runs same setup (only GeSWall free in stead of Pro, just copied the GeSWall dat file ;D ). Don't mind using only 2.95 GB of RAM when x32 is so much faster on cheap celeron P4600 CPU (has less secondary cache, so less memory usage of 32 bits clearly has an advantage on cheaper CPU's).

Staying on these PC's for at least two years :)

-{ Quote: "No x32 Win7 Ultimate desktop (simple E5200 dual core @ 3Ghz with 2GB RAM and 1 TB Disk/5570 GPU) is blazing fast with Safe-Admin/PowerBroker/GeSWall setup.

Laptop (dual core celeron @ 2Ghz with 4 GB RAM, intel HD graphics and 250 GB Hybride harddisk) I use for work when going to clients had Winx64 home, but I changed it for a Win7 x32 Ultimate (was € 100 rebate deal for business users). This laptop runs same setup (only GeSWall free in stead of Pro, just copied the GeSWall dat file ;D ). Don't mind using only 2.95 GB of RAM when x32 is so much faster on cheap celeron P4600 CPU (has less secondary cache, so less memory usage of 32 bits clearly has an advantage on cheaper CPU's).

Staying on these PC's for at least two years :)" }-

Ahh gotcha Kees. :)

-{ Quote: "building up my new setup... (not done yet)

hint: LUA/UAC/SRP/SuRun/EMET/Sandboxie FREE/GesWall/MbAM Free ;D" }-

If that means you are ditching Returnil, then good idea :thumb: Your current setup in your sig is already, for all intents and purposes, nearly invincible even without Returnil, the latter of which which must have forced some challenging setup scenarios for you, just getting it to co-exist in harmony with your other security apps, especially Sandboxie by the looks of things.


Consider that with:

-{ Quote: "Microsoft Baseline Security Templates, Software Restriction Policy (SRP), UAC set to highest, EMET and 1806 trick (3)" }-

You have system hardening with anti-executable (SRP)

-{ Quote: "disabled unnecesary services (ie. print spooler, windows search, windows defender)" }-

More system hardening.

-{ Quote: "Sandboxie FREE (3.57.02)" }-

Sandboxing to isolate potentially malicious web-borne activity from the real system.

-{ Quote: "Mozilla Firefox (5.0.1)
Noscript
Adblock Plus
" }-

Blocking of potentially malicious web-borne activity.

-{ Quote: "OpenDNS/ OpenDNS FamilyShield
MVPSHOST
Trusteer Rapport
" }-

Minimizing the risks of surfing/re-directs to malicious web sites.

-{ Quote: "Hitman PRO (on-demand scanning)" }-

Second opinion on unknown files.

-{ Quote: "Windows Backup and Restore (system image backup)" }-

Maybe the most important of all, a fail safe if something does somehow breech (not likely) your defences :)

One can see you've not only covered all bases, but there's even some overlap as well. If you include LUA as your recent post suggests, that's even better. You could easily ditch Returnil and have nothing to worry about. Just my annoying 2¢ ;)

BTW, you do have a most excellent award winning ;D setup,

Avast free
Comodo firewall

and common sence :)

Toss out common sense - it's overkill.

alright no common sence ;)

That's the way it should always be!

Let your security software worry about security =p you can relax

-{ Quote: "That's the way it should always be!

Let your security software worry about security =p you can relax" }-

Actually I worry more about hardware failure than security ;D

-{ Quote: "
One can see you've not only covered all bases, but there's even some overlap as well. If you include LUA as your recent post suggests, that's even better. You could easily ditch Returnil and have nothing to worry about. Just my annoying 2¢ ;)" }-

yep ditching returnil for now because of a bug in its antiexecutable.

-{ Quote: "
BTW, you do have a most excellent award winning ;D setup," }-

lol Thanks. I'm trying LUA and SuRun again because of your setup. This is my first time using SuRun in Win7... I always had it on my XP before. :)

btw, can you install in Sandboxie under LUA with SuRun (not UAC) to elevate the installation? I can't :'(


-{ Quote: "Actually I worry more about hardware failure than security ;D" }-
+1
and those mysterious windows software errors and BSODs

-{ Quote: "and those mysterious windows software errors and BSODs" }-

Yea those as well, although I haven't had a BSOD since Windows 7 launch *knock on wood*

-{ Quote: "Yea those as well, although I haven't had a BSOD since Windows 7 launch *knock on wood*" }-
dont you find BSOD's informative and sometimes entertaining as well my friend?;D

-{ Quote: "
btw, can you install in Sandboxie under LUA with SuRun (not UAC) to elevate the installation? I can't :'(
" }-

I don't know, and it's something I wouldn't try, although I'm curious enough to probably try it :) If I want to test software, I usually use the vm.

-{ Quote: "dont you find BSOD's informative and sometimes entertaining as well my friend?;D" }-

Of course I do. I just love trying to fix those and find out why they happen ;D

Testing my new setup for Comodo. It isn't as secure but it's not as invasive either.

-{ Quote: "Testing my new setup for Comodo. It isn't as secure but it's not as invasive either." }-

Why would you make you setup less secure?

By disabling autosandboxing I'm making my life a lot easier. That was the main change here.

-{ Quote: "By disabling autosandboxing I'm making my life a lot easier. That was the main change here." }-

Oh. I thought you already did that a while ago.

I did. Never got around to testing.

ohhhh boy did my VM get ruined LOL

Well... basically, it only outright blocked one and then the rest it sorta just warned me about them. But warnings aren't really good enough.

Manually sandboxing would probably work though.

-{ Quote: "I did. Never got around to testing.

ohhhh boy did my VM get ruined LOL" }-

LOL I bet it did. I turned off autosandboxing a while back and like it off

@ Hungry Man,

and for any other Comodo fans, if you haven't already done so, you might want to check out a tutorial created by and linked to by Wilders member MrBrian (http://www.wilderssecurity.com/showthread.php?t=279205) that modifies Comodo IS as an anti-executable.

Thanks. I'm not into anti-exe's though =p

removed easeus todo, superantispyware and kingsoft pc doctor :gack:
my setup-avast internet security, malwarebytes anitmalware and hitman pro:thumb:

So basically, I'm back to avast! Internet Security with MBAM, SAS and Hitman Pro as on-demand scanners. Sandboxed Chrome, FF and IE.

-{ Quote: "@ Hungry Man,

and for any other Comodo fans, if you haven't already done so, you might want to check out a tutorial created by and linked to by Wilders member MrBrian (http://www.wilderssecurity.com/showthread.php?t=279205) that modifies Comodo IS as an anti-executable." }-

Already seen this, thanks for the info, but I'm good with Comodo as is..

on my signature

I am now mainly using Ubuntu Linux :)

Emsisoft + Sandboxie, and next I'll try Novirusthanks...

A good anti exe, but the name are too long to remember.
But then again the product is great :thumb:

Right now I'm busy with my second hand mac ;D

DefenseWall Personal FW
Windows 7 FW
Webroot SecureAnywhere Beta
Sandboxie Free
Returnil SystemSafe Pro (Virus Guard Disabled) Virtual Mode is in :thumb:
EMET 2.1
UAC High
LUA

Thanks for Kees1958 and Triple Helix for great hints :D

-{ Quote: "DefenseWall Personal FW
" }-

How's your progs esp office ones like word go with DW?

Mine got three times longer loaded then without DW.

-{ Quote: "How's your progs esp office ones like word go with DW?

Mine got three times longer loaded then without DW." }-

Really? I havent had eny trouble with word, open office etc.

Tried to find solution with Ilya already?

Currently running DefenseWall as Ilya and I are trying to sort out a Chrome sync problem. If I can get DefenseWall running how I like, I feel it matched with MBAM PRO would be a nigh on perfect security setup.

agree the seeker

DefenseWall on its own is a fairly perfect setup =p

I'm jealous you get to run it.

trying out StormShield Personal Edition ,it has registry protection;)

Currently having Avast free + MBAM (ondemand) + Hitman Pro + Online armor Free + Winpatrol plus + sandboxie + FF with noscript, Adblock plus, cookie monster, keyscrambler + norton dns.

Windows defender and UAC disabled.

This setup is working for me no slowdown and had not seen a virus in a long time. :)

-{ Quote: "trying out StormShield Personal Edition ,it has registry protection;)" }-

LOL J. Trying StormShield again huh? How's that going? ;D

-{ Quote: "DefenseWall on its own is a fairly perfect setup =p

I'm jealous you get to run it." }-

I'm not.

Well I obviously wouldn't give up 64bit and I wouldn't pay for it, but it's a great program. It would do well on your own system.

-{ Quote: "Really? I havent had eny trouble with word, open office etc.

Tried to find solution with Ilya already?" }-

Good for you that you have no problems with DW.

I really love DWPF but on one my comp it makes progs and internet slow. I discussed that with Ilya some month ago but there were no solution. I tried DW recently and again - slowing down.

I measured time of opening and closing several word documents and found that the total time with DW is 2.7 times large then without DW (Comodo instead of DW). One 2.6 Mb word file was opening about a minute! I don't want to discuss it with the developer again, though I have a license. I unsuccessfully tried to use DW several times that other users of the comp become enraged when they see DW there.

so far is good

-{ Quote: "Well I obviously wouldn't give up 64bit and I wouldn't pay for it, but it's a great program. It would do well on your own system." }-

I already tried it on my system (I actually installed Windows 7 32-bit) to see whats so great about it and had problems with a few apps I use frequently. So meaning it didn't do well on my system from my test run. I would prefer to stick to what I have.

-{ Quote: "Good for you that you have no problems with DW.

I really love DWPF but on one my comp it makes progs and internet slow. I discussed that with Ilya some month ago but there were no solution. I tried DW recently and again - slowing down.

I measured time of opening and closing several word documents and found that the total time with DW is 2.7 times large then without DW (Comodo instead of DW). One 2.6 Mb word file was opening about a minute! I don't want to discuss it with the developer again, though I have a license. I unsuccessfully tried to use DW several times that other users of the comp become enraged when they see DW there." }-

Hmm.. It's shame it aint working as it should. If you dont find eny solution maybe try GesWall. It's not same as DefenseWall but it works :) And remember that you can use the Pro versions app list for free version after Pro has expired (15-days trial). Better ask this from someone more experienced than me about this ;)

-{ Quote: "so far is good" }-
J I thought you were using exe radar pro..:wacko:

k i want the 64bit service;)

-{ Quote: "k i want the 64bit service;)" }-
for 64 bit spyshelter man:thumb:

you know you slap my face my friend;D

Changed over to Emsisoft Anti-Malware 6.0 Beta.

-{ Quote: "you know you slap my face my friend;D" }-
J what are you using with MBAM pro for your 64 bit?:)

-{ Quote: "awesome setup J_L:thumb:" }-
-{ Quote: "Fast and simple :thumb: ;D" }-
Thanks, I never knew I could get such thumbs up (even sarcasm) in KISS-friendly Wilders.

-{ Quote: "1. Could you specify what's that Experimental Protection in Sandboxie Free?

2. Why you don't use Secunia for updates?

Thank you." }-
http://www.sandboxie.com/index.php?ExperimentalProtection

I like to get performance, stability, compatibility updates as well. Also, I prefer doing things manually.

k i have Mbam Pro and Spyshelter Premium;) :thumb:

RT/OA
Avast! Internet Security 6.0.1203
WinPatrol Plus 20.5.2011

OD
Malwarebytes' Anti-Malware Free
Hitman Pro 3.5.9 Build 129 (Paid)
SUPERAntiSpyware 5 Free

NW
TP TL-WR340G 54M Wireless G Router (SPI Firewall)
Mozilla Firefox 6.0 (NoScript, AdBlock Plus, Avast! WebRep)
Google Chrome (AdBlock Plus, Avast! WebRep)

OSH
Disabled autorun/autoplay
Disabled Windows Firewall
Disabled Windows Defender
Disabled Windows System Restore
Blocked unsigned drivers (tweak)
Disabled detection of application installations (tweak)
User Account Control (set to always notify)
EMET 2.1 (maximum settings, Internet-facing apps covered)

R/SR/B
Rollback Rx

-{ Quote: "k i have Mbam Pro and Spyshelter Premium;) :thumb:" }-
thats good J..

-{ Quote: "Hmm.. It's shame it aint working as it should. If you dont find eny solution maybe try GesWall. It's not same as DefenseWall but it works :) " }-
Yeah, GW isn't any like DW. Nothing can be as strong as DW.


-{ Quote: "And remember that you can use the Pro versions app list for free version after Pro has expired (15-days trial)." }-
Interesting, I didn't know that.
I tried GW a year ago it caused BSOD in my XP3. Now I have Win7 maybe I'll try it.

-{ Quote: "RT/OA
Avast! Internet Security 6.0.1203
WinPatrol Plus 20.5.2011

OD
Malwarebytes' Anti-Malware Free
Hitman Pro 3.5.9 Build 129 (Paid)
SUPERAntiSpyware 5 Free

NW
TP TL-WR340G 54M Wireless G Router (SPI Firewall)
Mozilla Firefox 6.0 (NoScript, AdBlock Plus, Avast! WebRep)
Google Chrome (AdBlock Plus, Avast! WebRep)

OSH
Disabled autorun/autoplay
Disabled Windows Firewall
Disabled Windows Defender
Disabled Windows System Restore
Blocked unsigned drivers (tweak)
Disabled detection of application installations (tweak)
User Account Control (set to always notify)
EMET 2.1 (maximum settings, Internet-facing apps covered)

R/SR/B
Rollback Rx" }-
Why did you choose for using avast's firewall included in the internet security suite, and not just using avast! Pro Antivirus together with Windows Firewall?

-{ Quote: "Yeah, GW isn't any like DW. Nothing can be as strong as DW.



Interesting, I didn't know that.
I tried GW a year ago it caused BSOD in my XP3. Now I have Win7 maybe I'll try it." }-


Heh, true. But the free version with Pro version rules comes close ;D

There is a trick to copy the rules for applications, from pro version to free. You install the trial, go to the installation folder and copy Geswall.dat to a safe place in your hard drive. After 15 days when the trial expires and reverts to the free version you just paste back the Geswall.dat. And so you have the rules of pro version for free and you don' have to make rules yourself.

Did you have other security apps installed (realtime) with GesWall? When it BSOD'd.

I had problem with GesWall that it cut internet whenever i tried to use chrome/chromium to access net. Internet Explorer worked fine tho but i got enough :D Problem was probably my setup with GesWall. Sandboxie Free, Webroot SecureAnywhere, Returnil and GesWall. Was no go :P

-{ Quote: "Why did you choose for using avast's firewall included in the internet security suite, and not just using avast! Pro Antivirus together with Windows Firewall?" }-

Because avast!'s firewall is better than Windows FW? ???

Got my 1 year license for Vipre :thumb:

Back to avast! Free. Thinking of actually running from a LUA and ditching AV.

-{ Quote: "
There is a trick to copy the rules for applications, from pro version to free. You install the trial, go to the installation folder and copy Geswall.dat to a safe place in your hard drive. After 15 days when the trial expires and reverts to the free version you just paste back the Geswall.dat. And so you have the rules of pro version for free and you don' have to make rules yourself." }-

Thank you. If I give GW a try then I'll use the trick.

-{ Quote: "
Did you have other security apps installed (realtime) with GesWall? When it BSOD'd.
" }-

I had Comodo Internet Security and Comodo Time Machine. The latter helped me to rollback. It always helps.

When I studied GW it wasn't so strong in security as the Sandboxie. Is it the same now?

Well, I've done it - no AV. Switched to a standard user account, so am now relying on MBAM PRO and common sense.

Installed Vipre Antivirus. It seems to be lite so far.. :)

(But I'll be back, Panda! :argh: )

same here and mbam pro updates daily and they work hard to removed malware that the antiviruses normally missed from day to day and i also tweak my registry-1806;)

-{ Quote: "same here and mbam pro updates daily and they work hard to removed malware that the antiviruses normally missed from day to day and i also tweak my registry-1806;)" }-
I thought you used bluecoat k9 protection J?

-{ Quote: "Well, I've done it - no AV. Switched to a standard user account, so am now relying on MBAM PRO and common sense." }-

been going without a real-time AV for over a year.
hell, look at my sig, im practically 'naked'. ;)

for what it's worth, i think the threat of malware is greatly exaggerated. :dry:

k in my kids pc i have k-9 ;) i think you made k-9 ;D for the k thing

-{ Quote: "for what it's worth, i think the threat of malware is greatly exaggerated. :dry:" }-
I certainly agree with you here. Employing safe surfing and computing habits is by far the most efficient and effective protection. I haven't been infected for years, the last time I encountered an infection was three years ago on my parents pc (just running AVG Anti-Virus Free back then). The only thing my antivirus product, ESET, did in all that time was blocking some dodgy URL's (so I had to disable ESET to be able to visit them ;D).

if you are the only person using your machine, then protection is a no-brainer.

but if you have relatives using your machine you better be prepared. ;)

Knos Demo at last i had a chance to try it

so far so Good it Look like a trimmed down Linux

Good interface :thumb:

Well, running as a standard user turned out to be quite a ball ache. Back to running as admin with avast! Free.

-{ Quote: "Well, running as a standard user turned out to be quite a ball ache. Back to running as admin with avast! Free." }-

same experience here.
why not run admin with UAC?

i set UAC on high;)

-{ Quote: "i set UAC on high;)" }-

Yep me too...

-{ Quote: "same experience here.
why not run admin with UAC?" }-
Isn't it funny that we know being an admin brings with it risks, but that we (for our own reasons) choose to remain there? Its not like being a user only is really "hard" or anything. I would label it, for myself anyway, very annoying. I suppose it depends on what you use a computer for maybe.

Sul.

UAC on max. Couldn't stand being LUA. Almost as bad as having no-script on firefox.

UAC on max + DWPF. Nothing more.

:thumb: :thumb:

-{ Quote: "Thank you. If I give GW a try then I'll use the trick.



I had Comodo Internet Security and Comodo Time Machine. The latter helped me to rollback. It always helps.

When I studied GW it wasn't so strong in security as the Sandboxie. Is it the same now?" }-

Good combo :)

Well,cant really say. If i could i would use geswall, im bit fond of it ;D Still the development is very slow, that gives quite big picture. You might want to ask Kees i believe he uses geswall and hes expert, im not :)

-{ Quote: "Isn't it funny that we know being an admin brings with it risks, but that we (for our own reasons) choose to remain there? Its not like being a user only is really "hard" or anything. I would label it, for myself anyway, very annoying. I suppose it depends on what you use a computer for maybe.

Sul." }-

i find running admin with UAC at maximum is less inconvenient than running a LUA.

and from what i've read here in Wilders, almost as good security-wise.

-{ Quote: "UAC on max. Couldn't stand being LUA. Almost as bad as having no-script on firefox." }-

and we know how painful that can be! ;D

Oh boy. I tried no script once. Once. That was more than enough. I think it lasted for about 5 min. Fastest uninstall ever.

-{ Quote: "Oh boy. I tried no script once. Once. That was more than enough. I think it lasted for about 5 min. Fastest uninstall ever." }-
oh boy ..here too..;D fastest uninstall indeed:argh:

-{ Quote: "oh boy ..here too..;D fastest uninstall indeed:argh:" }-

How's Trusteer Rapport running my good friend ;D

-{ Quote: "How's Trusteer Rapport running my good friend ;D" }-
Trusteer is pretty good actually.. and I found my bank also recommending it so yea..good looking out my good friend:thumb: :)

-{ Quote: "How's Trusteer Rapport running my good friend ;D" }-
I see you back with your bazooka emsi again..rofl:argh:

-{ Quote: "Trusteer is pretty good actually.. and I found my bank also recommending it so yea..good looking out my good friend:thumb: :)" }-

Always glad to help :thumb:


-{ Quote: "I see you back with your bazooka emsi again..rofl:argh:" }-

I have license for it remember? A bazooka, now thats being a little harsh don't you think ;D If I showed you my memory usage for it, you wouldn't think it was a bazooka at all.

oh I forgot u had the license:argh: darn..I meant effective and destructive(on malware of course not system though) as bazooka my dear ole good friend;D ;D

Mbam Pro is a bazooka or even tnt explosive againts malware;)

Tactical nuke even.

-{ Quote: "Mbam Pro is a bazooka or even tnt explosive againts malware;)" }-
-{ Quote: " Tactical nuke even." }-

ya'll must really love to fry those poor malwares:argh: :argh:

you bet my friend;)

-{ Quote: "you bet my friend;)" }-
I can smell the burn all day my good friend:thumb:

;D ;)

Vipre antivirus [ from tom's giveaway ]

trying out SUPERAntiSpyware Pro ;) :thumb:

-{ Quote: "trying out SUPERAntiSpyware Pro ;) :thumb:" }-
mbam pro with sas pro and a good HIPS ..and you are set my friend;D

thanks;D

added SpyShelter Premium ;) now this is my gold unlimited permanent trio security set up even stronger than dynamite:)

Bought Ad Muncher Premium on 50% discount today.
Trying it out now.
Love that it blocks video commercials. ;)

good my friend:thumb:

-{ Quote: "Mbam Pro is a bazooka or even tnt explosive againts malware;)" }-

You crack me up J ;D

-{ Quote: " oh I forgot u had the license darn..I meant effective and destructive(on malware of course not system though) as bazooka my dear ole good friend " }-

Yea remember J hooked me up :thumb: Its all good, its all good kidding around as usual my good friend ;D


-{ Quote: "added SpyShelter Premium ;) now this is my gold unlimited permanent trio security set up even stronger than dynamite:)" }-

Are you gonna keep that setup my friend ;D :P

ZenOK Antivirus.

SUPERAntiSpyware Pro:thumb:
start up quick scan

-{ Quote: "SUPERAntiSpyware Pro:thumb:
start up quick scan" }-

Are you running it with real-time protection on?

ofcourse my friend and my system feels light;)

i have couple of licences for panda cloud pro to use maybe i can zquesse it in if i can without making my systems slow down:) any advise?;D

-{ Quote: "ofcourse my friend and my system feels light;)" }-

Oh ok just figured I would ask ;D

this one has some potential;)
Emsisoft antimalware

-{ Quote: "this one has some potential;)
Emsisoft antimalware" }-

can't agree more my Friend ;D

i am waiting for the new version of OA++ to install it just alone;)

-{ Quote: "this one has some potential;)
Emsisoft antimalware" }-

Of course it does ;D

-{ Quote: "i have couple of licences for panda cloud pro to use maybe i can zquesse it in if i can without making my systems slow down:) any advise?;D" }-

First tell me what zquesse is then I can help you ;D I would remove SAS and then put Panda Cloud Pro in and see what happens. ;)

i may try to add PcPro;)

-{ Quote: "i may try to add PcPro;)" }-

Ok J. See what happens ;D

Buffer zone pro :thumb:
Norton DNS
LooknStop
Rollback RX
Hitman pro
SUMo

-{ Quote: "same experience here.
why not run admin with UAC?" }-

Oh I do run with UAC, always have. Only difference now is I've set it to max since going back to an admin account.

Got rid of my AV once again as Ilya has managed to sort out the problem I was having with DefenseWall stopping Google Chrome from syncing bookmarks etc. The man's a legend.

Eset Antivirus
Windows Firewall
and Hitman Pro on demand.

-{ Quote: "Buffer zone pro :thumb:
Norton DNS
LooknStop
Rollback RX
Hitman pro
SUMo" }-
Nice setup. :thumb:

trjam good choice man:thumb:

finally got a nice setup::) gonna keep it for some months:thumb:

Avast internet security
Malwarebytes antimalware
Hitman pro
keriver 1-click restore free

-{ Quote: "finally got a nice setup::) gonna keep it for some months:thumb:

Avast internet security
Malwarebytes antimalware
Hitman pro
keriver 1-click restore free" }-

:thumb:

The setup looks nice and lite on resources...

-{ Quote: ":thumb:

The setup looks nice and lite on resources..." }-
thanks buddy:) it sure is very light on resources

-{ Quote: "thanks buddy:) it sure is very light on resources" }-

Thats the way it should be :thumb: :)

-{ Quote: "Thats the way it should be :thumb: :)" }-
:D ;)

http://www.youtube.com/watch?v=iHEFmg1Cr0Q
http://www.youtube.com/watch?v=iHEFmg1Cr0Q
Kaspersky is good:thumb:
i may try it

Standard User Account :
deny users UAC elevation request - UAC set to highest and SRP-disallowed + 1806 trick : for Default-deny approach.
SuRun: to elevate apps automatic/manual

GesWall: system-wide automatic isolation for applications that are in the rules database.
Sandboxie FREE: to manually contain/test untrusted "tempting" files.
Spyshelter FREE: to inspect bad behaviours :D

Windows Image Backup: just in case

UAC + DW + HitmanPro/MBAM (monthly)

-{ Quote: "http://www.youtube.com/watch?v=iHEFmg1Cr0Q
http://www.youtube.com/watch?v=iHEFmg1Cr0Q
Kaspersky is good:thumb:
i may try it" }-

Don't do it J, jk ;D

i am learning kunfu;D

-{ Quote: "Standard User Account :
deny users UAC elevation request - UAC set to highest and SRP-disallowed + 1806 trick : for Default-deny approach.
SuRun: to elevate apps automatic/manual

GesWall: system-wide automatic isolation for applications that are in the rules database.
Sandboxie FREE: to manually contain/test untrusted "tempting" files.
Spyshelter FREE: to inspect bad behaviours :D

Windows Image Backup: just in case" }-
nice setup konata :thumb:

-{ Quote: "i am learning kunfu;D" }-
good for you ;)

-{ Quote: "nice setup konata :thumb:" }-

thank you.

now for the browser:

I picked Firefox 6.0.1 and decided not to run it inside Sandboxie but instead I added it to EMET protection and isolated it with GesWall.
Installed NoScript, Adblock Plus and HTTPS Everywhere addon right away. :)

-{ Quote: "Standard User Account :
deny users UAC elevation request - UAC set to highest and SRP-disallowed + 1806 trick : for Default-deny approach.
SuRun: to elevate apps automatic/manual

GesWall: system-wide automatic isolation for applications that are in the rules database.
Sandboxie FREE: to manually contain/test untrusted "tempting" files.
Spyshelter FREE: to inspect bad behaviours :D

Windows Image Backup: just in case" }-
lua plus geswall or spyshelter plus sandboxie would satisfy my surfing habits. What dark cornes of the web are you frequenting to double stack a system wide plus threatgate protection?

Reverted to Platinum status ;D :

My security setup
Win 7 x64 Ultimate Desktop:

Using LUA account as default
UAC at highest level
AppLocker with all rules, including DLL, enforced
Windows Firewall with advanced security, inbound and outbound blocked by default, restricting web-facing applications to specific remote ports and in some cases to remote ip addresses.
EMET, with mainly web-facing and MS Office apps configured
MBAM on-demand free (used sparingly)
Routine images of system using ShadowProtect RE disk, saving the images to two separate physical locations.
All sensitive data kept on a TrueCrypt volume on h/drive and USB pendrive, and also a bitlocker encrypted volume.
09/01/2011: Added Sandboxie Paid:

Set up for web browsers Chrome & IE9 with forced folders full qualifying path to iexplore.exe & chrome.exe Restricted Internet access Restricted Start/Run access

I've decided I really don't need Sandboxie after all. Nothing against it; it's just that it's additional 3rd party overhead I can do without. Even tzuk has said the more 3rd party apps added increases the attack surface (or something to that effect).

the following services are disabled: Secure Socket Tunneling service IP Helper Remote Access Connection Manager SSDP Discovery service TCP/IP NetBIOS Helper Workstation Function Discovery Resource Publication WinHTTP Web Proxy Auto-Discovery service

SuRun, v1.2.1 B9 – used only for convenience to easily launch some programs and Windows functionality with administrative priviledges.

Note the use of free MBAM for on-demand only. I despise realtime antivirus programs. They are, for the most part, an antiquated, resource-sucking leech on the system.

Literally any application on your computer increases the attack surface (which is why I don't like EMET and have constantly said it should be built into the OS.)

Sandboxie was the best part of your setup. Looking at your setup I see a lot of system hardening (which is wonderful) and default-deny.

The problem with default-deny is that every decision goes through you first. Do you honestly trust yourself to always make the right decisions?

The nice thing about sandboxie is that you don't HAVE to make the right decisions, you can run malware if you like just make sure it's sandboxed, and then it doesn't matter if you default deny or default allow.

-{ Quote: "[...]
I've decided I really don't need Sandboxie after all. Nothing against it; it's just that it's additional 3rd party overhead I can do without. Even tzuk has said the more 3rd party apps added increases the attack surface (or something to that effect).[...]" }-

Damn... Short life... :o :argh:

-{ Quote: "lua plus geswall or spyshelter plus sandboxie would satisfy my surfing habits. What dark cornes of the web are you frequenting to double stack a system wide plus threatgate protection?" }-

lol. I don't worry too much about what comes in to my PC, I worry what goes out from my PC these days.

:lurking:

EDIT: Oh wow I just had a BSOD with my current setup... happened during ccleaner cleanup... :blink:
BSOD only happening when I have other realtime app running with geswall (like spyshelter/pandacloud/rapport)

probably harddrive cant handle the I/O.. my harddrive is dying :(

Sandboxie Experimental

MBAM real-time

Mamutu Paranoid

I've had paranoid on for so long. I almost never get Mamutu popups. I guess I just haven't introduced anything to my system in a long time.

-{ Quote: "Damn... Short life... :o :argh:" }-

Yep, I came to my senses ;D

-{ Quote: "Literally any application on your computer increases the attack surface (which is why I don't like EMET and have constantly said it should be built into the OS.)" }-

You don't have to worry about EMET. It's an MS product so it no doubt co-exists splendidly with Windows.

-{ Quote: "Sandboxie was the best part of your setup. Looking at your setup I see a lot of system hardening (which is wonderful) and default-deny." }-

Again, nothing against SB or tzuk (a genius, really) but it's still 3rd party software so problems with O/S conflicts are inevitable. If you don't believe me, just check out the SB forum and behold the trouble reports (where have I said this befiore? :D ). I had a few issues myself, not really worth mentioning here, but they were real issues.

-{ Quote: "The problem with default-deny is that every decision goes through you first." }-

How often do you think I need to make decisions in my day-to-day home computing? I can tell you it's not very often, but for the few I do need to make, it does me no harm, and probably helps stimulate my ageing and weary brain, at least somewhat ;D Also, how would it be any different using Sandboxie? One still needs to decide whether or not allow something out of the sanbox on to the real environment.

-{ Quote: "Do you honestly trust yourself to always make the right decisions?" }-

Close to 100%, which is close enough to rationalize the use of the security I've decided upon. If I do go wrong I've got enough moxie to detect it right away and apply my trusty fail safe image/restore plan. It's a peice of cake, really :)

-{ Quote: "The nice thing about sandboxie is that you don't HAVE to make the right decisions, you can run malware if you like just make sure it's sandboxed, and then it doesn't matter if you default deny or default allow." }-

I don't have to worry about that with my current setup, either. Malware will be blocked if I do try to run it, and then again I tend not to get in to situations where I have to make these type of decisions. If i somehow navigate to a site that requires a "codec" or "plugin" to view a video (not pr0n of course :P ), I navigate away from it. Again, rather easy.

No matter who EMET is developed by it still increases attack surface just by being installed to userspace. Not only that but I am against any security being handled outside of kernelspace.

My issue with 3rd party security is not that it can cause incompatibilities but because that's just poor security.
-{ Quote: "
How often do you think I need to make decisions in my day-to-day home computing? I can tell you it's not very often, but for the few I do need to make, it does me no harm, and probably helps stimulate my ageing and weary brain, at least somewhat Also, how would it be any different using Sandboxie? One still needs to decide whether or not allow something out of the sanbox on to the real environment." }-
You probably only make decisions very rarely. But it's not about how often. IT's about the decision. If malware finds its way onto your computer and you think it's a legitimate application you'll let it run.

How does sandboxie mitigate this? It lets you run it in a sandbox and stops it from touching the system.

-{ Quote: "
Close to 100%, which is close enough to rationalize the use of the security I've decided upon. If I do go wrong I've got enough moxie to detect it right away and apply my trusty fail safe image/restore plan. It's a peice of cake, really " }-
Yes, a backup is nice I guess. Still I am always going to advocate prevention over cleanup.

-{ Quote: "
I don't have to worry about that with my current setup, either. Malware will be blocked if I do try to run it, and then again I tend not to get in to situations where I have to make these type of decisions. If i somehow navigate to a site that requires a "codec" or "plugin" to view a video (not pr0n of course ), I navigate away from it. Again, rather easy." }-
Yes, it will be blocked... until you allow it.

I'm not trying to knock the security but I think that security should never be handled by the user. One time you might download a crack for software (just an example, I'm not saying you do, there are other methods of socially engineered malware =p) or some pr00n or whatever and it'll ask to run and, naturally, you will allow it.

And there's the layer of defense. All of that default deny stuff gets bypassed immediately.

-{ Quote: " One time you might download a crack for software (just an example, I'm not saying you do, there are other methods of socially engineered malware =p) or some pr00n or whatever and it'll ask to run and, naturally, you will allow it." }-

If I download something I can't be sure about, even after the on-demand av clears it as legit, I can test in the vm. If it runs fine or not at all (suspected vm-aware) then it's ditched. This never seems to happen to me, probably because I tend to download from known, legit sources.

-{ Quote: "And there's the layer of defense. All of that default deny stuff gets bypassed immediately." }-

Default-deny employing already built-in mechanisms no less (AppLocker), performs its intended duties with almost self-effacing perfection. My decision-making process comes in to play when necessary, but I can do so with utmost confidence that it will be done so responsibly and without detrimental consequence.

I can't understand your stance users making decisions for themselves, nor your objections to the employment of common sense.

-{ Quote: "I've had paranoid on for so long. I almost never get Mamutu popups. I guess I just haven't introduced anything to my system in a long time." }-

Hardly any pop-ups for me either.

-{ Quote: "
My issue with 3rd party security is not that it can cause incompatibilities but because that's just poor security.
" }-

You scare the hell out of me!! :argh:

What would you think of anyone else if they said that, and then they post a security setup where they have third-party security, while having Windows 7 Ultimate?

You could ditch Comodo Firewall and Defense+. According to you it's poor security, isn't it? ;) The same for Mamutu.

Why don't you deploy AppLocker? It operates at kernel level. Why not Windows Firewall with Advanced Security?

You seem to say one thing, but do the opposite. ;D I don't know... it's just that you seem to have a lot against third-party security software, yet you use them. And, the irony is that you actually have a Windows 7 version that allows you to deploy AppLocker.

Vista32 SP2 (UAC on, Firewall on, WD off)

Real Time:
Look'n'Stop (Application Filtering enabled only)
Sandboxie (Restrictions /Internet/Start/Run access/Drop Rights)

On Demand Scanners:
Avira Premium
MBAM Pro
HitmanPro

Virtualizers and Backup
ShadowDefender V 325
ShadowProtect Desktop (Cold Images, 3 USB Hard Drives)

Browser: Chrome + Ad Muncher

-{ Quote: "You scare the hell out of me!! :argh:

What would you think of anyone else if they said that, and then they post a security setup where they have third-party security, while having Windows 7 Ultimate?

You could ditch Comodo Firewall and Defense+. According to you it's poor security, isn't it? ;) The same for Mamutu.

Why don't you deploy AppLocker? It operates at kernel level. Why not Windows Firewall with Advanced Security?

You seem to say one thing, but do the opposite. ;D I don't know... it's just that you seem to have a lot against third-party security software, yet you use them. And, the irony is that you actually have a Windows 7 version that allows you to deploy AppLocker." }-
I don't see your point. Yes, I believe all security should be built into the kernel. Yes, 3rd party applications DO increase the attack surface. These ideas are fairly accepted by everyone I've talked to in the industry.

Does that mean I'm going to rely on Windows? No. That would be silly at this point in time. However, if Windows and Comodo both had literally the same software but Windows had it built into the kernel I'd use Windows' built in security.

Security should only ever be handled the operating system, it just happens to be that modern operating systems don't have enough security and I am forced to look elsewhere.


-{ Quote: "If I download something I can't be sure about, even after the on-demand av clears it as legit, I can test in the vm. If it runs fine or not at all (suspected vm-aware) then it's ditched. This never seems to happen to me, probably because I tend to download from known, legit sources.



Default-deny employing already built-in mechanisms no less (AppLocker), performs its intended duties with almost self-effacing perfection. My decision-making process comes in to play when necessary, but I can do so with utmost confidence that it will be done so responsibly and without detrimental consequence.

I can't understand your stance users making decisions for themselves, nor your objections to the employment of common sense." }-
I'm not saying you should switch your setup. It works for you.

But I don't think that common sense should ever come into play when it comes to security; furthermore the User themselves should never come into play when it comes to security.

TL;DR : The best way to secure a computer is to have the security built in at the lowest possible point, the lower it's built the harder it is to circumvent. If something goes wrong the system crashes rather than allowing a successful attack.

Furthermore: I don't like any of the security software on my computer. I mean... I feel it protects me, but I don't think it's the best way to be protected.

1) It DOES add to the attack surface. Literally anything that executes code adds to your attack surface.

2) It's all closed source. I really don't care about licensing or "free and open" whatever, the fact is that being open has security benefits.

But I use it anyway because the alternatives are the (in my opinion) not so great security implementations of Windows 7, which are far too limiting.

-{ Quote: "Furthermore: I don't like any of the security software on my computer. I mean... I feel it protects me, but I don't think it's the best way to be protected." }-
So why don't you use what you think is the best ? :)

-{ Quote: "So why don't you use what you think is the best ? :)" }-

Maybe he is still searching for the best :P

-{ Quote: "I don't see your point.[...]" }-

The point is: You consider third-party security software to be poor security. If they are poor security, then why have something that provides poor security, in the first place?

-{ Quote: "
Security should only ever be handled the operating system, it just happens to be that modern operating systems don't have enough security and I am forced to look elsewhere.
" }-

Wouldn't you say that AppLocker and Windows Firewall with Advanced Security provide strong security, considering that they belong to Windows, in opposition to a third-party application/third-party applications?

Don't take me wrong, but what I don't understand is why you say what you say about third-party security software, regardless of These ideas are fairly accepted by everyone I've talked to in the industry., and yet you don't use AppLocker. AppLocker operates at kernel level.

So, you already got something provided by the operating system. You complain about third-party security software, which are poor security, yet you use them, and ditch AppLocker.

Question: So, why do you say one thing and act differently?

Using your own thoughts, if you were to use AppLocker, you'd have built-in security, operating at kernel level, without increasing the attack surface. Yet, there you go using third-party security software.

-edit-

AppLocker by no means is a lousy implementation. It simply cannot defeat user stupidity... but what can? lol

-{ Quote: "
The point is: You consider third-party security software to be poor security. If they are poor security, they why have something that provides poor security, in the first place?" }-
Better than none. Windows has no methods for doing what I want to do.

-{ Quote: "
Wouldn't you say that AppLocker and Windows Firewall with Advanced Security provide strong security, considering that they belong to Windows, in opposition to a third-party application/third-party applications?" }-
No. Applocker may be built into windows but that doesn't mean it's better. It just means it's designed better. (EDIT: This isn't very clear. I don't mean that it's somehow programmed better - just that it fits into the overall scheme better.)

Security should be built into the OS. The fact that it isn't means I have to look elsewhere. Applocker is, unfortunately, not a replacement for other security methods that are not in the OS.

"Security" is not a thing. Applocker may be an application aimed at securing the OS but that does not make it the same as Comodo or Mamutu just beacuse their end-goals are the same. If Windows had a "Security" application that spat out the DVD drive every 5 minutes it wouldn't be better for being kernel level.

My point is that the security just isn't there; it should be but it isn't.

-{ Quote: "
Applocker may be an application aimed at securing the OS but that does not make it the same as Comodo or Mamutu just beacuse their end-goals are the same.
" }-

I totally agree on that one!

Having been an old COMODO user, I for sure can say with 100% certainty that Defense+ and AppLocker are totally different. ;)

But, I can tell you I can achieve, and do achieve, a way better and silent security, without increasing my attack surface, using built-in stuff. It goes from AppLocker to integrity levels, messing with the registry... You just need to find your way. Could it be better? Yes, it could. Is that bad? No, it isn't. Even if you got no AppLocker, user Kees1958 posted some excellent threads about the Safe-admin concept/project, using built-in stuff. Very rock solid, without increasing the attack surface.

One has to use what one considers to be the "best", I suppose. :)

Ugh I typed up a response and hit "back" by accident.

Anyways, I'll cut out the fluff. I don't know your security setup so I really have no idea if what you're saying is true.

Kees1958 has the right idea. I am not saying "Stop using 3rd party software" at all. I'm just saying that security should, in an idea world, only come from the kernel level and only run in kernel space.

-{ Quote: "Ugh I typed up a response and hit "back" by accident.

Anyways, I'll cut out the fluff. I don't know your security setup so I really have no idea if what you're saying is true.
" }-

;D

-{ Quote: "
Kees1958 has the right idea. I am not saying "Stop using 3rd party software" at all. I'm just saying that security should, in an idea world, only come from the kernel level and only run in kernel space." }-

The thing is, I agree with you. Security should be built-in. Microsoft has done a lot of progress, from sandboxing Internet Explorer (others can take advantage of the same security measures, of course), providing isolation to a certain degree, AppLocker, etc.

What surprises me is that you DO have AppLocker at your disposal, yet you don't consider of even using it... considering that you consider third-party security software poor security.

I just find it odd, that's all.

If I had your thought, and I do have it, I'd rather use AppLocker, and I do use it... It does its work, silently. I can check the logs whenever I want. It operates at kernel level. It won't increase the attack surface. And, it actually works great. :)

-{ Quote: "Microsoft has done a lot of progress, from sandboxing Internet Explorer (others can take advantage of the same security measures, of course), providing isolation to a certain degree, AppLocker, etc.
" }-
I agree.

-{ Quote: "
What surprises me is that you DO have AppLocker at your disposal, yet you don't consider of even using it... considering that you consider third-party security software poor security." }-
Applocker provides nothing that I need - a poor security measure is not made better by being implemented in the kernel. If windows somehow had an AV built into the kernel I wouldn't choose to use that because AV's are a poor security method (in my opinion.)

From what I understand of AppLocker it's basically a default deny that lets you either block a program or run it. How is that helpful? If I put a program on my system I want it to run and if I'm suspicious about it I learn nothing by blocking it.

Perhaps there's more to applocker than what I know? Is it more fine tuned than simply blocking or allowing things?

-{ Quote: "I agree.


Applocker provides nothing that I need - a poor security measure is not made better by being implemented in the kernel. If windows somehow had an AV built into the kernel I wouldn't choose to use that because AV's are a poor security method (in my opinion.)

From what I understand of AppLocker it's basically a default deny that lets you either block a program or run it. How is that helpful? If I put a program on my system I want it to run and if I'm suspicious about it I learn nothing by blocking it.

Perhaps there's more to applocker than what I know? Is it more fine tuned than simply blocking or allowing things?" }-

Well I know when I was using applocker I auto-generated rules for directories I wanted which added them to rule lists. Once that happen, I enforced those rules. Anything not allowed in those rules, are not allowed to run. I hope I explained that right :P

And if you add something to your system, what do you do?

You either allow it to run or you block it. No middle ground. Not very strong in my opinion.

-{ Quote: "And if you add something to your system, what do you do?

You either allow it to run or you block it. No middle ground. Not very strong in my opinion." }-

When you say adding something, do you mean for example you want to try new software? The way I used it is just one example. I just did this one because it seemed the easier way to try applocker at the time ;D You can create broader rules than what I did. I'm no expert at applocker so maybe someone else can explain it better :P Whatever knowledge I have about applocker, I gained by looking thru the applocker thread ;D To me an applocker setup is good only if you don't make frequent changes to your system otherwise it can be a pain IMO.

Yes, new software or a new file or a new anything.

My point about applocker not being very helpful is that it is a "yes or no" kinda deal. It's a very small layer and the user bypasses it easily. Once bypassed it offers no protection whereas there are other security methods that are not just "yes or no" and allow you to run malware without hurting your system, or detect that it's malware at least.

-{ Quote: "Yes, new software or a new file or a new anything.

My point about applocker not being very helpful is that it is a "yes or no" kinda deal. It's a very small layer and the user bypasses it easily. Once bypassed it offers no protection whereas there are other security methods that are not just "yes or no" and allow you to run malware without hurting your system, or detect that it's malware at least." }-

Well I will let someone else respond to that. I can't really respond much to applocker seeing I only used it very short time.

Fair enough.

If I thought that my system was never going to change... I'd use applocker. But I download new portable applications, games, etc quite often. And I honestly would not feel all that secure with applocker.

-{ Quote: "Fair enough.

If I thought that my system was never going to change... I'd use applocker. But I download new portable applications, games, etc quite often. And I honestly would not feel all that secure with applocker." }-

I understand what you mean.

There already is near perfect security in the computing world.. it is called the USER group. Some versions are better than others, or really you could say some services running with high rights are not as vulnerable. Some OS's are better, whether that is due to better code or just not being as targeted might be up for debate ;)

The problem is not can you use a computer and be secure, the problem is can you use your computer, and do admin tasks, and still be safe. If I were to be your admin, and you were only a user, I would wager a months worth of pay that you would never get infected, and in general never have a problem. You would also never be allowed to make your own decisions ;D

It is those who like being admin, and those users who must at some point perform admin functions that see the breakdown of security. And now with user accounts becoming more common, we see social engineering becoming the preferred tool, some being able to operate in user space where admin rights don't come into play.

It all boils down to something really simple IMO. If you are going to use a computer online, and are going to be an admin or perform admin tasks, you are going to have to learn some basics. The more you know, the less likely you are to have issues. It doesn't matter whether you use all inbuild OS tools or choose to use lots of 3rd party tools, if you don't know how to stay problem free, you won't. If you do know how, then you can really use any tool you like, and it doesn't have to match anyone elses prescription, you just need to know how to use it effectively.

I don't see how there will ever be an OS that is super secure yet also does not require user knowledge. Not if the user wants to do whatever they want, such as installing new programs or surfing with thier choise of browser to thier choise of websites. You know that spiderman quote "with great power comes great responsibility"? Sounds like it was made for anyone who performs admin tasks. If you get a super secure OS, but you can't make any decisions yourself so that you remain safe, would you really buy it? Kind of like working for "the man" lol.

Sul.

Well said Sul. Despite all the changes I went thru with my security setup, I have not been infected in awhile while the rest of my family and friends have been. Then they call me to play cleanup man ;D

-{ Quote: "There already is near perfect security in the computing world.. it is called the USER group. Some versions are better than others, or really you could say some services running with high rights are not as vulnerable. Some OS's are better, whether that is due to better code or just not being as targeted might be up for debate ;)

The problem is not can you use a computer and be secure, the problem is can you use your computer, and do admin tasks, and still be safe. If I were to be your admin, and you were only a user, I would wager a months worth of pay that you would never get infected, and in general never have a problem. You would also never be allowed to make your own decisions ;D

It is those who like being admin, and those users who must at some point perform admin functions that see the breakdown of security. And now with user accounts becoming more common, we see social engineering becoming the preferred tool, some being able to operate in user space where admin rights don't come into play.

It all boils down to something really simple IMO. If you are going to use a computer online, and are going to be an admin or perform admin tasks, you are going to have to learn some basics. The more you know, the less likely you are to have issues. It doesn't matter whether you use all inbuild OS tools or choose to use lots of 3rd party tools, if you don't know how to stay problem free, you won't. If you do know how, then you can really use any tool you like, and it doesn't have to match anyone elses prescription, you just need to know how to use it effectively.

I don't see how there will ever be an OS that is super secure yet also does not require user knowledge. Not if the user wants to do whatever they want, such as installing new programs or surfing with thier choise of browser to thier choise of websites. You know that spiderman quote "with great power comes great responsibility"? Sounds like it was made for anyone who performs admin tasks. If you get a super secure OS, but you can't make any decisions yourself so that you remain safe, would you really buy it? Kind of like working for "the man" lol.

Sul." }-

Well said Sully. Nice to see someone around here with a good head on his shoulders as these forums are waaaay too tiring / boring anymore otherwise. :thumb:

-{ Quote: "Well said Sully. Nice to see someone around here with a good head on his shoulders,these forums are waaaay too tiring / boring anymore otherwise. :thumb:" }-

Well security is boring and can be tiring ;D

-{ Quote: "Well said Sul. Despite all the changes I went thru with my security setup, I have not been infected in awhile while the rest of my family and friends have been. Then they call me to play cleanup man ;D" }-
And what would you say the reason is?

A. you used the right combination of tools that save your bacon

B. you know enough now to utilize the best tool for you to stay problem free

C. the force was with you, you shall live long and prosper

D. you keep forgetting what day it is, and we cannot trust your memory, so you very likely had infections like your family, and in fact, you probably still do ;)

Sul.