-{ Quote: "
From what I understand of AppLocker it's basically a default deny that lets you either block a program or run it. How is that helpful?" }-

Microsoft can explain it best here (http://technet.microsoft.com/en-us/library/dd548340(WS.10).aspx) in the Executive Overview.

-{ Quote: "If I put a program on my system I want it to run and if I'm suspicious about it I learn nothing by blocking it." }-

That is why you would probably scan it first before installing it. Realistically I can tell you from my own experience is that if you obtain a program from a trusted source, scan it even once with an updated av, and it comes out clean, it is 99.999% clean. Very sweet odds. Remember, if you keep recent images, you simply restore if you don't like what's happening after you install a new program, or you remove it, but I like to restore an image because that way there's no potential crud leftover from an removal.

LUA is not a silver bullet. You can still get infected without admin rights. And just as much you can still get hacked - exploits still exist.

I am not saying that a computer running 3rd party applications is less secure than a computer not running 3rd party applications. I am saying that in an ideal world all security would be handled by an OS.

And yes, I do believe that a user should not need knowledge of their computer in order to stay safe on it. I also don't know if I believe in perfect security - I don't know enough and I'm not going to even guess right now because, frankly, I'm a freshman and I'm a terrible programmer at this point in time and I don't think I can really talk about something so in depth without knowledge like how programs work way low down.

But I think that if you had the ideas of things like sandboxie, defensewall, chrome, and windows attached to the OS by default you'd see a lot fewer infections. The methods implemented are based around restrictions, which is very similar to LUA. If enough restrictions are implemented OS wide as well as to specific applications we'd have a lot less to worry about.

But that's another converseation I think.

No, no one has to make their security setup conform to any one elses notions. No one should. I'm just saying that I think security needs to start at the lowest level possible. And I really do believe that users should have very little part (if not no part at all) in security, but I think I'm one of the few people who believes that (pretty much everyone I've talked to doesn't haha.)

-{ Quote: "And what would you say the reason is?

A. you used the right combination of tools that save your bacon

B. you know enough now to utilize the best tool for you to stay problem free

C. the force was with you, you shall live long and prosper

D. you keep forgetting what day it is, and we cannot trust your memory, so you very likely had infections like your family, and in fact, you probably still do ;)

Sul." }-


I would say a combination of A & B. A earlier in my security setup search and more B now.

A few responses since I started typing haha

wat, I'm not saying your setup is ineffective. I think you actually have a very keen sight on what is and is not effective. But your merit isn't even being called into question here =p your setup works for you and that's all that matters.

Thank you for the link.

-{ Quote: "A few responses since I started typing haha

wat, I'm not saying your setup is ineffective. I think you actually have a very keen sight on what is and is not effective. But your merit isn't even being called into question here =p your setup works for you and that's all that matters.

Thank you for the link." }-

Oh wow I know this is offtopic but I just reached 1,000 posts. Just noticed it ;D Back on topic, actually I was following alot of wat's tutorials per say in applocker thread when I was using it. So I say thanks wat without you knowing you did ;D

omg I'm nearly at 2000 >_>

-{ Quote: "omg I'm nearly at 2000 >_>" }-

Too much typing there Mr. ;D

Yeahhhhh apparently.

-{ Quote: "Yeahhhhh apparently." }-

Oh well and the search continues...LOL ;D

@Hungry Man

IMO there are two ways to look at security and being a user.

1. there are weaknesses in things of the OS that you have no control over, and those are exploited without you having to do anything but visit the wrong website or execute the wrong program. Users normally have no idea at all. It is a weakness of the OS/program, and being user or admin makes no difference.

2. what you do and what you use are relatively safe (not targeted or worth targeting). Only the actions you perform as admin will bring you problems.

As such, being a user is only as good as the admin of the system. There must be an admin at some point. And if the user is the one to perform the admin functions, you are right back to either needing some security tool to scan and tell you something bad might happen, or you need knowledge.

I just don't see how a person is ever going to use a computer "freely", the way they want, without having to have some knowledge. Only if someone/something else is making decisions for them could this happen.

If one were to imagine a "cloud admin", which you gave your desires to (I want a new .pdf viewer), and it decided which was best for you and your system (it must know a lot about you and your system to make such decisions), it could then install the program for you. But, what if the "cloud admin" installed a program that was malicious and it did not know of it? Or what if the "cloud admin" itself became compromised?

I get what you are meaning, and I see why you would say that. I just don't really think that will ever come to pass. Someone has to make decisions, and for home users, it isn't a well trained IT guy usually.

Sul.

-{ Quote: "omg I'm nearly at 2000 >_>" }-

LOL! hot on our heels. I just topped 3000 and now branded a "Massive Poster" :o

-{ Quote: "LOL! hot on our heels. I just topped 3000 and now branded a "Massive Poster" :o" }-

OMG does you fingers hurt? ;D I guess I'm way behind and need to catch up :P

The idea is not to make the right decision or to stop vulnerabilities, it's to assume that someone made the wrong decision to assume there are vulnerabilities. There are multiple programs that exist based on this. The entire basis of DefenseWall (that program that keeps scoringso high in tests =p ) is that if something isn't explicitly trusted it is untrusted and restricted. Same with Comodo.

Users can do a hell of a lot to mess up their system and there's plenty of malware that will install and function on a user account. It may not be able to mess with the OS and it may be a lot easier to deal with but it can install.

Integrity levels are the start of Windows assuming an exploit will happen or assuming that malware will exist and taking precautions against it.

Honestly, I must be crazy or something. I've been arguing for a long time that security should not involve the user and that a proper security setup (for the average user, not necessarily for Wilders or even for myself) should have a basis of assuming the user knows nothing. No one I know seems to agree with me on the details. =p

-{ Quote: "OMG does you fingers hurt? " }-

Not as much as my brain :P

-{ Quote: "
I just don't see how a person is ever going to use a computer "freely", the way they want, without having to have some knowledge." }-

So very important and why a user with some decent knowledge can make sound decisions rather than rely on their security products to completely hand-hold them through the process.

-{ Quote: "
So very important and why a user with some decent knowledge can make sound decisions rather than rely on their security products to completely hand-hold them through the process." }-
Users are unreliable and often easily tricked. Security setups should account for this in my opinion.

-{ Quote: "Not as much as my brain :P
" }-

Ha I bet. :P

-{ Quote: " my harddrive is dying :(" }-
Oh! no:( RIP hard-drive:'(

SPI router
Sandboxie - paid
Comodo Firewall (only)
iVPN OpenVPN
TrueCrypt
ShadowProtect

On demand scanners:

Hitman Pro
MalwareBytes Free
Superantispyware Free

Ditched my AV and HIPS. For 5 years now I've had a real-time AV hogging resources only to find nothing. With my safe browsing habits, FF with NoScript & other security add-ons, and now Sandboxie... it's just not worth it. And it's not like I can't restore an image if something goes wrong. And the HIPS does nothing. I won't put something on my computer unless I trust it in the first place. And I find even less use for it with Sandboxie now.

Computer is running even snappier now, and on an old XP box with 1GB of RAM I need all the juice I can get. I think this is all I need along with wat's method of "use what's built into the OS", i.e.: Local/Group Policy tweaks, SRP, LUA, folder permissions, and nasty services like Remote Registry disabled.

+1 for ditching the AV. Waste of resources and they're just horribly inefficient.

Why no Defense+/ HIPS?

-{ Quote: "+1 for ditching the AV. Waste of resources and they're just horribly inefficient.
" }-

What? AVs rule. LOL.... ;D :P

-{ Quote: "What? AVs rule. LOL.... ;D :P" }-
+1 :thumb:

-{ Quote: "+1 for ditching the AV. Waste of resources and they're just horribly inefficient.

Why no Defense+/ HIPS?" }-

Because it isn't really doing anything for me. I know I can trust all the apps I have on my PC after years of having D+ monitor their behavior, and I run a very static setup. So I figured why not just free up the resources... not that it used much to begin with, but with 1 gig of RAM every bit helps. Also Sandboxie makes it less useful.

I was considering trying Private FW in place of Comodo because I'd heard it was light, but didn't feel like going through a learning curve, and Comodo FW is very light as it is. I can't imagine there's much difference. And I heard that PFW is not friendly with full screen gaming, which would be a deal-breaker for me.

Are you using Comodo to manually sandbox anything? Plugins or other applications?

-{ Quote: "Are you using Comodo to manually sandbox anything? Plugins or other applications?" }-

Wouldn't need Comodo to sandbox anything. He has sandboxie paid just force applications with sandboxie instead. Don't know you have Sandboxie paid lucid?

Yup, I have the paid version. Best $43 I've ever spent.

-{ Quote: "Yup, I have the paid version. Best $43 I've ever spent." }-

I thought you did.

Ah, I see. No real point manually sandboxing. I suppose if you sandboxed twice it would likely conflict.

I actually manually sandbox with Sandboxie most of the time. I only have VLC & Sumatra PDF forced. Sometimes I need to run Firefox outside the sandbox to update or tweak settings. And UTorrent to change the port, which I do every session. I know you can do that thing where you set the timer for a forced program to run outside of the sandbox, but I've always been a right-click > open kinda guy anyway, as opposed to a double-clicker, so I prefer it this way. More granular control for me. Plus I have 2 different sandboxes for Firefox: one for normal browsing where I make some concessions for ease of use (i.e. direct access to bookmarks)... and another for secure browsing that is locked down, if I want to do online purchasing.

The real draw to me for the paid version wasn't forcing programs/folders, but running multiple sandboxes at once. It's not unusual for me to be running 3 at the same time (Firefox, UTorrent, VLC).

Yeah, I couldn't live with the free version.

-{ Quote: "Yeah, I couldn't live with the free version." }-

I agree with you there.

Finally got around to installing Panda Cloud 1.51 Free on my netbook like I promised I would a while ago. I also have MBAM on demand as well as WOT and Windows firewall on there. Oh Yes, I almost forgot to uninstall the toolbar.;)

-{ Quote: "Finally got around to installing Panda Cloud 1.51 Free on my netbook like I promised I would a while ago. I also have MBAM on demand as well as WOT and Windows firewall on there. Oh Yes, I almost forgot to uninstall the toolbar.;)" }-
is it light? I also have a 1gb netbook and would sure love to know how it's doing in yours:)

-{ Quote: "is it light? I also have a 1gb netbook and would sure love to know how it's doing in yours:)" }-
See my post #499 here. http://www.wilderssecurity.com/showthread.php?p=1930018#post1930018

-{ Quote: "See my post #499 here. http://www.wilderssecurity.com/showthread.php?p=1930018#post1930018" }-
gotcha:thumb:

Ditched DefenseWall and have implemented AppLocker. Also, I've added my backup program of choice to my signature - Image for Windows. I don't know how I ever lived without an imaging app.

Reading the discussion a couple of pages back regarding system hardening and LUAs made me think of a question I asked Mark Russinovich a couple of days ago on Twitter, when I was thinking of running as a standard user. This (https://twitter.com/#!/markrussinovich/status/108958027108974593) was his response. (I've decided to keep running as admin as I'm not an average user, as I suspect none of us are here.)

Comodo trusts alot (almost everything) in my PC while I, myself trust only a few files on my PC...
does that mean I'm tighter than COMODO? ;D

I don't trust Google Chrome but COMODO does, so it doesn't alert me when Chrome tries to capture my keystrokes.
Spyshelter told me Chrome is trying to capture my keystrokes when typing in password field so I blocked the behaviour. :D

-{ Quote: "Comodo trusts alot (almost everything) in my PC while I, myself trust only a few files on my PC...
does that mean I'm tighter than COMODO? ;D

I don't trust Google Chrome but COMODO does, so it doesn't alert me when Chrome tries to capture my keystrokes.
Spyshelter told me Chrome is trying to capture my keystrokes when typing in password field so I blocked the behaviour. :D" }-
lol konata you are fine my good friend:argh:

-{ Quote: "Finally got around to installing Panda Cloud 1.51 Free on my netbook like I promised I would a while ago. I also have MBAM on demand as well as WOT and Windows firewall on there. Oh Yes, I almost forgot to uninstall the toolbar.;)" }-
you can install panda cloud without the toolbar.,::)

Replaced Panda Cloud with MSE..everything else including paranoia remains untouched;D

Why MSE over Panda? Panda tends to get better results in benchmarks and it's lighter.

-{ Quote: "Why MSE over Panda? Panda tends to get better results in benchmarks and it's lighter." }-

Maybe because he doesn't like the cloud and wants a native 64-bit AV ;D :P

-{ Quote: "Why MSE over Panda? Panda tends to get better results in benchmarks and it's lighter." }-

Don't know about lighter. Last time I used Panda, it slowed down my system more than MSE.

-{ Quote: "Maybe because he doesn't like the cloud and wants a native 64-bit AV ;D :P
" }-
;D :thumb: thats the reason;D

-{ Quote: "Why MSE over Panda? Panda tends to get better results in benchmarks and it's lighter." }-
Hungry I used panda for a long time man.. It was time to change a lil..might go back again soon tho;D

I am currently having a look at AVG Anti-Virus Free Edition 2012. In my eyes, all major free antivirus products (avast!, AVG, Avira, Microsoft and Panda) really have a raison d'etre.

k lol8)

-{ Quote: "k lol8)" }-
I know J.. How you liking your ashampoo and lavasoft suites my friend?:argh: :argh: rofl

SpyShelter Premium
is my champ;) i tested and blocked alot of malware when it is in restricted mode

-{ Quote: "SpyShelter Premium
is my champ;) i tested and blocked alot of malware when it is in restricted mode" }-

As usual you love restricted mode. Hehe but I understand why my friend ;D

-{ Quote: "Hungry I used panda for a long time man.. It was time to change a lil..might go back again soon tho;D" }-
Hey not fair. I just went to Panda on my netbook and now you've trjamed me.;D

-{ Quote: "you can install panda cloud without the toolbar.,::)" }-
You install the Av with the toolbar and then uninstall the toolbar separately afterward. Don't take my word for it though ask around.

I'm getting avatar-whiplash viewing this thread today. 8)

-{ Quote: "I'm getting avatar-whiplash viewing this thread today. 8)" }-

Get that sunglasses ready ;D

i want to try Emsisoft Anti-Malware 6.0 public beta

-{ Quote: "i want to try Emsisoft Anti-Malware 6.0 public beta" }-

Well try it whats stopping you? :P

but i may not need it as i have mbam pro:)

Emsisoft and mbam together's gonna be fairly heavy. I'd just stick to one or the other.

-{ Quote: "Emsisoft and mbam together's gonna be fairly heavy. I'd just stick to one or the other." }-

How is it heavy if you use MBAM on-demand? Even with MBAM with real time protection its not necessarily heavy but not light either. Also heavy is subjective anyways my friend. It might be heavy for some, not so heavy for others.

-{ Quote: "but i may not need it as i have mbam pro:)" }-

Shouldn't matter if you are only trying it ;D

actually MBAM realtime got alot lighter a couple of updates ago. I tried it and was pleasantly surprised.

-{ Quote: "actually MBAM realtime got alot lighter a couple of updates ago. I tried it and was pleasantly surprised." }-

I agree with you there. It did improve.

it feels light:):thumb:

this one will be promising with the new change:)
· Spyware Terminator now supports 64bit OS (Windows Vista, Windows 7)

Runs great in real time with CIS.

my friend you are ready to destroy malware;)

-{ Quote: "How is it heavy if you use MBAM on-demand? Even with MBAM with real time protection its not necessarily heavy but not light either. Also heavy is subjective anyways my friend. It might be heavy for some, not so heavy for others.



Shouldn't matter if you are only trying it ;D" }-
MBAM installed on-demand only uses no resources I don't think.

I wouldn't call MBAM heavy but MBAM + other programs might considered such. Just my opinion of course.


Using AppGuard now. Going to have to try to figure some thigngs out with the settings.

hey hungry dont forget to read the help file:thumb:
it is long you may need alot of reading;D

Hmm. AppGuard is confusing >_< trying to figure this out. It seems to break Java even though I don't have Java guarded.

Thoughts? Tips?

edit: reading help now

Thinking more about what Mark Russinovich said to me on Twitter, I've decided to give running as a standard user on Windows 7 another go. This will allow me to rely solely on inbuilt security and MBAM PRO.

-{ Quote: "Hey not fair. I just went to Panda on my netbook and now you've trjamed me.;D" }-
lol man..I might be back but I am really surprised with MSE's performance. I have been following the lab tests and all but I am liking it..I tried eset antivirus and I must say performance and resource usage wise MSE is not far behind.. and it doesnt feel heavy or anything and trust me the system I am running got all kind of things running..its development system with adobe design premium, office, report builder and visual studio enterprise.. I didnt expect MSE to be running so smooth ;D ;D

OK so it seems that it's blocking scripts in Medium and above. Any way I can stop it from doing that on, say, high? Or allow java to run scripts?

EDIT: OK, well, it seems that if I want to run Java I have to run AppGuard at "Install" but I can manually set programs to be guarded.

Hm. But MemoryGuard is off at Install.

-{ Quote: "lol man..I might be back but I am really surprised with MSE's performance. I have been following the lab tests and all but I am liking it..I tried eset antivirus and I must say performance and resource usage wise MSE is not far behind.. and it doesnt feel heavy or anything and trust me the system I am running got all kind of things running..its development system with adobe design premium, office, report builder and visual studio enterprise.. I didnt expect MSE to be running so smooth ;D ;D" }-

I told ya MSE has improved, you finally listened ;D

-{ Quote: "MBAM installed on-demand only uses no resources I don't think.

I wouldn't call MBAM heavy but MBAM + other programs might considered such. Just my opinion of course.


Using AppGuard now. Going to have to try to figure some thigngs out with the settings." }-

Yea I know Hungry no problem. Hmm AppGuard no comment.

-{ Quote: "I tried to tell ya my friend, you finally listened ;D



Hmm AppGuard no comment." }-
You were not lying my good friend..Its amazing dude;D Trusteer rapport is working gr8 with MSE too no issues no slowdowns..:thumb:

-{ Quote: "You were not lying my good friend..Its amazing dude;D Trusteer rapport is working gr8 with MSE too no issues no slowdowns..:thumb:" }-

Hehe good to hear my good friend. I had problems with Trusteer lately trying to figure out whats wrong.

-{ Quote: "Hehe good to hear my good friend. I had problems with Trusteer lately trying to figure out whats wrong." }-
chrome crashing?:doubt:

-{ Quote: "chrome crashing?:doubt:" }-

More like freezing. Buts its just not Chrome, IE as well. But that was on my with another security setup. I will probably test to see what happens with my current security setup (restored from a backup).

-{ Quote: "More like freezing. Buts its just not Chrome, IE as well. But that was on my with another security setup. I will probably test to see what happens with my current security setup (restored from a backup)." }-
ah ok.. I am using the latest firefox and haven't noticed any problem but had issues with chrome..IE9 is great with trusteer so far..:)

-{ Quote: "ah ok.. I am using the latest firefox and haven't noticed any problem but had issues with chrome..IE9 is great with trusteer so far..:)" }-

It was working fine before with Chrome and IE9. I'm about to test in a few so I will see.

Just added Sandboxie pro to my setup :D :D

:thumb: :thumb:

Configured Chrome's sandbox. Now to work on some others. I'm going to have fun with this haha

-{ Quote: "ah ok.. I am using the latest firefox and haven't noticed any problem but had issues with chrome..IE9 is great with trusteer so far..:)" }-

Same result ugh. Trusteer causes Chrome and IE9 to freeze and crash. I uninstalled but I submitted a report to Trusteer. I will see what they say.

Network
DDWRT Router running recommended build
DDWRT firewall turned on
Google DNS

Realtime Protection

Comodo Firewall and Defense+ 5.8 Beta
(Password Protected)

Comodo Firewall: Custom Policy, Alert Settings Low
-- Ports Stealthed
-- Enable IPv6 filtering
-- Do Protocol Analysis
-- Block Fragmented IP datagrams
-- no monitoring NDIS protocols other than TCP/IP

Comodo Defense+: Safe Mode
-- Autosandbox disabled
-- Force Vaio Event Service/ Battery Manager into Partially Limited sandboxes

Sandboxie Pro
Experimental 64bit Protection
Beta

I won't go into too many details but all of the following are forced, have drop rights, have start/run restrictions, have internet access restrictions, leader program to force stop sandbox, and their own specific file access settings as well:
--Chrome/Java sandbox
--Digsby sandbox
--Mipony sandbox
--Minecraft sandbox
--Skype sandbox
--CCCP sandbox

System Hardening -- Windows 7 64bit Ultimate
UAC on Max
EMET: DEP Always On, SEHOP Opt Out, ASLR Opt In. All internet facing applications forced to run with EMET.dll and a few others as well.
Downloads folder and all contents forced at Low Integrity
NiNite for updating
Disabled some services
As few programs installed as possible. Only what I need and when I'm done with something it gets uninstalled and I make sure that everything is gone.
Digsby and MiPony's .exe's set to LowIL.

Browser -- Chrome Dev
Block 3rd Party Cookies
Built in malware protection/ download scans
Default PDF reader -- no adobe necessary
Proof of concept ad-blocking

Backup Browser -- None, IE9 is removed

Portable On Demand Scanners/ Tools -- USB Drive
TDSS Killer
JavaRa
RKILL.com
AVZ4
Dr Web Cureit
SuperAntiSpyware Portable
Hitman Pro
Emsisoft Emergency
Ninite for updating

This is the setup I've wanted for a while =p I'm happy with it. I was worried about Comodo's sandboxing and Sandboxie's together... but I actually like how it's turned out.

For one thing, Chrome launches Java within the Chrome Sandboxie sandbox, which I feel is somewhat insecure (if Java ended up being malicious it could then have access to whatever the Chrome Sandboxie sandbox has access to) but by further sandboxing Java with Comodo I've further restricted it and it no longer has access to Chrome's sandboxie sandbox - only the other way around. At least hta't show it seems.

And then with Digsby - normally digsby needs direct access to part of the file system. The way I have it set now is so that digsby instead accesses the virtualized file system from Comodo's sandbox.

Whoa, it's even longer than mine (albeit with far more details)

Yeah I could very easily cut mine down if I didn't add the details - I like to be specific about my setup... though if I added the specifics to my Sandboxie sandboxies it would get reallllly long.

I may add details about how Comodo and Sandboxie work together for something like Digsby and Java.

Hungry thats one heck of a setup dude..:thumb: rock solid IMHO

@ Hungry Man

Hi, are these correct in your setup ?

-{ Quote: "Allow program if 90% of community members allowed it.
Deny program if 90% of community members allowed it." }-

They "appear" to cancel each other out !

If 90% of the community allows a behavior 10% blocks it I auto-allow it.

If 90% of the community blocks a behavior and 10% allows it I auto-block it.

If there's overlap I don't see it. A program would have to both be allowed by 90% and blocked by 90%

@Kernel: Yeah, no need to test this one. I'm confident enough.

-{ Quote: "Just added Sandboxie pro to my setup :D :D" }-

Props :thumb: You will not regret it.

Oh I don't think I will! Haha, it's what I've been waiting for =p There were issues with manually sandboxing with Comodo but now I can use both. I think this will work very well =p

-{ Quote: "It was working fine before with Chrome and IE9. I'm about to test in a few so I will see." }-
Plz let me know your findings man

-{ Quote: "Plz let me know your findings man" }-

Already did, read post #18215

-{ Quote: "Already did, read post #18215" }-
Thank you my friend.. I missed it ..am getting old

-{ Quote: "Thank you my friend.. I missed it ..am getting old" }-

Its ok old man, I forgive you for missing it ;D

Looks like I'm done configuring Sandboxie... for now =p

Chrome, Digsby, Minecraft, Mipony, Skype -- all are now sandboxed.

-{ Quote: "Looks like I'm done configuring Sandboxie... for now =p

Chrome, Digsby, Minecraft, Mipony, Skype -- all are now sandboxed." }-
Hungry what is mipony man?

Mipony is a download manager. Very helpful for downloading large files/ many files. I can stop and start downloads partway through, which is very convenient since my connection stops sometimes.

Securing it's kinda a priority since it's internet facing. I've restricted it except from my downloads folder, which I've set to low integrity.

-{ Quote: "Mipony is a download manager. Very helpful for downloading large files/ many files. I can stop and start downloads partway through, which is very convenient since my connection stops sometimes.

Securing it's kinda a priority since it's internet facing. I've restricted it except from my downloads folder, which I've set to low integrity." }-
gr8 will give it a try;D thanks man

my forum friends pray for us we are going to the hospital, my wife is having a baby;) :thumb:

I will pray for your wife, but if you are having a baby, well then, Houston, we got a problem.

Hope all goes well:thumb:

some possible names: MBAM, Spyshelter, Eset etc.etc..;D

it has to be a boy so it maybe as strong as Defesewall or Mbam Pro;) :thumb:

Update:

PC:

Realtime: DefenseWall Personal Firewall + SpyShelter Premium
Web browser: Nightly 9.0a1 PL
BackUp: Keriver 1-Click Restore Free
Password Manager: S10 Password Vault PL

Notebook:

Realtime: Norton Internet Security 2012 + SpyShelter Premium + WinPatrol PLUS
Web browser: Google Chrome
Password Manager: S10 Password Vault PL

-{ Quote: "I will pray for your wife, but if you are having a baby, well then, Houston, we got a problem.
" }-
lol.....it's killing me...........ha...ha..ha.....:argh: ....:argh:

-{ Quote: "it has to be a boy so it maybe as strong as Defesewall or Mbam Pro;) :thumb:" }-

The name "Mamutu" has a certain ring to it...:o ;D

-{ Quote: "it has to be a boy so it maybe as strong as Defesewall or Mbam Pro;) :thumb:" }-

Where's SuperAntiSpyware Pro jmonge? ;D

I'm happy for you. I hope everything goes smoothly! :thumb: :)

-{ Quote: "The name "Mamutu" has a certain ring to it...:o ;D" }-

Indeed ;D

wish you all the best J :thumb:

-{ Quote: "my forum friends pray for us we are going to the hospital, my wife is having a baby;) :thumb:" }-

Let us know, fingers crossed for a healthy baby and mother.

:) look at the bright side, J will be swapping dipers in stead of security setups for the time being ;D

All the best J .. good luck ...

all the best J:thumb: you'll have a cute baby:D

-{ Quote: "my forum friends pray for us we are going to the hospital, my wife is having a baby;) :thumb:" }-

Wish you the best my friend.

-{ Quote: "Let us know, fingers crossed for a healthy baby and mother.

:) look at the bright side, J will be swapping dipers in stead of security setups for the time being ;D" }-

Good one Kees ;D

-{ Quote: "my forum friends pray for us we are going to the hospital, my wife is having a baby;) :thumb:" }-
That's great! ;D Grats.

Congrats jose and I wish you the best.

I just installed Webroot SecureAnywhere again. Also, I can see the padlock icon on the tray icon when surfing HTTPS websites now. With earlier builds this wasn't working for me somehow.
I think I am going to stick with WRSA until the final Dutch language release of ESET version 5.

-{ Quote: "my forum friends pray for us we are going to the hospital, my wife is having a baby;) :thumb:" }-
jmonge keep us informed. and God bless you both and keep them safe:thumb: :thumb: :thumb: :thumb: :thumb: :thumb: :thumb:

Currently:

CIS with HIPS enabled
EMET 2.1 (all internet apps added)
UAC max lvl with password protection
NortonDNS

But I guess I will repleace the CIS-AV with Avast free AV. And maybe the complete suite... I know that CIS should be on of the best security products (especially as it is free) but I ran a lot of leak tests and it really doesn't seem to be that good. Have the recommend configuration :/

Leak tests?

http://www.nsaneforums.com/topic/85950-test-your-computers-security-how-well-are-you-protected/

@ jmonge

Very good news :thumb: All the best to you & yours :)

@ Hungry Man

Re -
-{ Quote: "
Allow program if 90% of community members allowed it.
Deny program if 90% of community members allowed it." }-

It's the "it" that threw me ! To me "IT" means the File/Program etc being allowed or not. So if "it" is allowed it runs. Now i see that the "it" in your case means Comodo

Congrats J :thumb:

-{ Quote: "my forum friends pray for us we are going to the hospital, my wife is having a baby;) :thumb:" }-
This is exciting news! I wanted to remain on topic and make a joke about HIPS, but maybe that's better left unsaid...
Happy Birth Day to your new child! ;D

-{ Quote: "@ jmonge

Very good news :thumb: All the best to you & yours :)

@ Hungry Man

Re -


It's the "it" that threw me ! To me "IT" means the File/Program etc being allowed or not. So if "it" is allowed it runs. Now i see that the "it" in your case means Comodo" }-
I don't understand >_> it does mean the file/program. This is Mamutu.

@ Hungry Man

Yeah sorry i meant Mamutu not Comodo ;)

Still, i think the wording is confusing -

-{ Quote: "Allow program if 90% of community members allowed it." }-

Allowed "it" = File/Program Does run

-{ Quote: "Deny program if 90% of community members allowed it. " }-

Allowed "it" = File/Program does Not run

Allowed "it" is used in both cases as it is !

It would be more clear if it said,

Dissallowed "it"

As you say

-{ Quote: ""it" does mean the file/program. " }-

I hope you see what i'm saying :thumb:

Oh, I see now. I meant that if 90% of the community "Agree" on it. I'll change that. Thanks.

@ Hungry Man

Very good :thumb: Pleasure :)

Removed Ad Muncher.
Back to Chrome extension AdBlock.

-{ Quote: "Removed Ad Muncher.
Back to Chrome extension AdBlock." }-

I thought you were liking Ad Muncher why you remove?

-{ Quote: "Removed Ad Muncher.
Back to Chrome extension AdBlock." }-

What problems are you having with Ad Muncher? Perhaps I can help.

I think Ad Muncher is a good software and the developers seem responsive, but it just wasn't doing it for me.
I received nice offers to assist from fellow Wilders members, which I really appreciate.
Ultimately, it slowed my system down (despite turning off Logs and reducing the Routing buffer size from 16KB to 4KB), and
I didn't like that it is not integrated into Chrome's right-click menu.
The lag time was probably due to my older computer, so I am not hanging that on the software.
Just comes down to personal preference.
:)

-{ Quote: "I think Ad Muncher is a good software and the developers seem responsive, but it just wasn't doing it for me.
I received nice offers to assist from fellow Wilders members, which I really appreciate.
Ultimately, it slowed my system down (despite turning off Logs and reducing the Routing buffer size from 16KB to 4KB), and
I didn't like that it is not integrated into Chrome's right-click menu.
The lag time was probably due to my older computer, so I am not hanging that on the software.
Just comes down to personal preference.
:)" }-

Understood Page.

my usual system hardening applied and tweaks applied.
Standard User Account - UAC deny elevation for users + SRP: for default-deny security
SuRun: to elevate apps
Sandboxie FREE: for testing softwares
Malwarebytes FREE: for manual scanning.
Spyshelter FREE: to auto-block suspicious behaviour.

Windows Image Backup: self-explanatory


-{ Quote: "I think Ad Muncher is a good software and the developers seem responsive, but it just wasn't doing it for me.
I received nice offers to assist from fellow Wilders members, which I really appreciate.
Ultimately, it slowed my system down (despite turning off Logs and reducing the Routing buffer size from 16KB to 4KB), and
I didn't like that it is not integrated into Chrome's right-click menu.
The lag time was probably due to my older computer, so I am not hanging that on the software.
Just comes down to personal preference.
:)" }-


uhh maybe I can lend your ad muncher license :shifty:

-{ Quote: "my forum friends pray for us we are going to the hospital, my wife is having a baby;) :thumb:" }-
Thats great news J. wish you all the best my good friend:thumb: God Bless you

-{ Quote: "I think Ad Muncher is a good software and the developers seem responsive, but it just wasn't doing it for me.
I received nice offers to assist from fellow Wilders members, which I really appreciate.
Ultimately, it slowed my system down (despite turning off Logs and reducing the Routing buffer size from 16KB to 4KB), and
I didn't like that it is not integrated into Chrome's right-click menu.
The lag time was probably due to my older computer, so I am not hanging that on the software.
Just comes down to personal preference.
:)" }-
IMO Ad Muncher is simple and effective for my needs. They have been called into question in the past, mainly because of incompatibility with other 3rd party software which they have a usual policy of ignoring and their prior policy of forcing licensed users to use beta products or not receive daily updates. The forced beta policy does not seem to be the case for now but at the time it was being enforced it was pretty sleezy IMO. I didn't purchase a product to end up as a laboratory rat for their beta projects. As long as AM continues to operate as a decent company then their product will be good for most users. If AM decides to pull another sleezy policy such as the previous forced beta use then they will be nothing but a pain and should be avoided.

there's a new game just out and i think it'd be perfect for J.

it's called "The Baconing"! :argh: ;D

-http://www.thebaconing.com/-

-{ Quote: "there's a new game just out and i think it'd be perfect for J.

it's called "The Baconing"! :argh: ;D

-http://www.thebaconing.com/-" }-
moontan awesome find man:thumb: :argh:

-{ Quote: "Standard User Account" }-

Good to see another SUA ;)

-{ Quote: "
Ultimately, it slowed my system down (despite turning off Logs and reducing the Routing buffer size from 16KB to 4KB), and
" }-

For this very reason is why I gave up on Admuncher several years ago.

Thinking about trying AppGuard as a compromise for getting rid of my AV & HIPS. Anybody know anything about it? Is it light? Real-time components?

I'm wondering, is this something that could supplement my setup with Sandboxie and fill that gap I left, lighter, or would I be better off simply keeping Avira than using this?

I'm going to give it a test run myself, but would still like to hear opinions. I did post this in the appropriate AppGuard thread first, but figured it'd get more attention here.

-{ Quote: "my forum friends pray for us we are going to the hospital, my wife is having a baby;) :thumb:" }-

If this is your first baby, call on me for advice since I'm a veteran on that matter. Your wife will be alright, God willing.

P.S.: Ask the doctor what kind of endpoint security software they are currently using at the hospital and let us know later, ok. ;).

Thanks

-{ Quote: "
Ultimately, it slowed my system down (despite turning off Logs and reducing the Routing buffer size from 16KB to 4KB)...
:)" }-
I'm also concerned about this problem, which has appeared lately (I've always thought it was my antivirus (although I use it most of the time on demand) but I'm now quite certain that AM is somewhat slowing down my system.

Installing FreeBSD - anyone know of ways to secure it? Not interested in AV's and I'm looking for sandboxing type methods and other various OS-based methods.

-{ Quote: "my forum friends pray for us we are going to the hospital, my wife is having a baby;) :thumb:" }-
All the best for this wonderful event!

-{ Quote: "For this very reason is why I gave up on Admuncher several years ago." }-
-{ Quote: "I'm also concerned about this problem, which has appeared lately (I've always thought it was my antivirus (although I use it most of the time on demand) but I'm now quite certain that AM is somewhat slowing down my system." }-
And yet, I have no doubt that many more of us could post here and say that AM is not slowing their systems.
Because of this I want to be very careful, and very clear, that I am only saying that on my XP, SP3 systems (and I tried AM on them both to be sure), the slowdown was noticeable, and it went away when the software was removed.
And still, it is very likely that it all comes down to not only operating system, but also security setup, and probably a few other variables that I am overlooking.
A knowledgeable user was giving me valued advice via PM on how to overcome the slowdown, but it wasn't helping.
Hopefully I've made it crystal clear that I am not bashing AM.
:)

A few changes:)

-{ Quote: "And yet, I have no doubt that many more of us could post here and say that AM is not slowing their systems.
Because of this I want to be very careful, and very clear, that I am only saying that on my XP, SP3 systems (and I tried AM on them both to be sure), the slowdown was noticeable, and it went away when the software was removed.
And still, it is very likely that it all comes down to not only operating system, but also security setup, and probably a few other variables that I am overlooking.
A knowledgeable user was giving me valued advice via PM on how to overcome the slowdown, but it wasn't helping.
Hopefully I've made it crystal clear that I am not bashing AM.
:)" }-

I understood what you meant Page. It didn't see like bashing at all. From what I read, you had issue and couldn't be solved so you removed the software, nothing wrong with in my eyes. Slowdown is definitely not something you when adding a new app to your security setup. I've shifted my setup many times because of the same reason.

J did you're son named spyshelter? :argh:

Spyshelter is very solid, too bad it won't work well with sandboxie.

it's a boy;D ;) yay:)
i am running my browser in restricted mode

-{ Quote: "it's a boy;D ;) yay:)
i am running my browser in restricted mode" }-

Congrats my friend. ;D

-{ Quote: "it's a boy;D ;) yay:)
" }-
wow...that's wonderful J:D congrats;)
is he stronger than mbam and spyshelter?;D

-{ Quote: "it's a boy;D ;) yay:)" }-
Fantastic news, congratulations indeed. I am so happy for you man :D
Give your little Son a :-* from all the members of Wilders :thumb:

-{ Quote: "it's a boy;D ;) yay:)
i am running my browser in restricted mode" }-
Congratulation..very happy for you:)

-{ Quote: "it's a boy;D ;) yay:)
" }-

Congratulations jmonge :)

-{ Quote: "it's a boy;D ;) yay:)
i am running my browser in restricted mode" }-
Congratulations. Now you'll be running your life in restricted mode too (in a good way).

-{ Quote: "it's a boy;D ;) yay:)
i am running my browser in restricted mode" }-

Congratulations jmonge and good job :thumb: :) It didn't happen to take place at the Foothills hospital did it (we had our son there in 2002)?

-{ Quote: "it's a boy;D ;) yay:)
i am running my browser in restricted mode" }-
J I am so happy for you my good friend.. All the best.. I hope ya'll have a great experience seeing him grow;D have unrestricted fun being with your family my friend:thumb:

well I decided to give AVG 2012 Pro a spin and thus far it seems to run much heavier on my system than Avast Pro. I'm still needing to do an initial scan. Going from web page to web page across the internet really seems to labor my system much more than Avast. Well if AVG doesn't work out I'm headed to Nod32.

Yikes. FreeBSD install went wrong - attempting to fix my Windows now... looks like I'm reformatting.

congrats J! :)

-{ Quote: "it's a boy;D ;) yay:)
i am running my browser in restricted mode" }-

Omg congratz! :)
And another security wizard is born ;) :thumb:

-{ Quote: "it's a boy;D ;) yay:)
i am running my browser in restricted mode" }-
Congratulations jmonge!!! :thumb:

@jmonge congrats man ..... bless your little one. how many kids already?

@jmonge lol Congratz, sir. :)

went back to panda cloud..:thumb: added mamutu;D

-{ Quote: "went back to panda cloud..:thumb: added mamutu;D" }-

That sounds interesting...Mamutu with Panda Cloud. I may blow the dust off my Mamutu license and add that on too. Might as well get the mileage out of the 4 months I have left on it and it is light as a feather...:thumb:

-{ Quote: "That sounds interesting...Mamutu with Panda Cloud. I may blow the dust off my Mamutu license and add that on too. Might as well get the mileage out of the 4 months I have left on it and it is light as a feather...:thumb:" }-
Yep indeed.. its light man they both running very light..there was no need to add mamutu but trusteer was crashing chrome so I had to replace it with something;D I thought about safeonline but was not sure:-\

-{ Quote: "it's a boy;D ;) yay:)
i am running my browser in restricted mode" }-
Congratulations jmonge!

I've settled my "the ultimate" setup down on to my notebook.
I'm very satisfied with it but that doesn't mean it's for ever;D
What do you think about it?
sig:

-{ Quote: "but trusteer was crashing chrome so I had to replace it with something" }-
I like how you didn't change Chrome, you changed security programs. :thumb:

-{ Quote: "I've settled my "the ultimate" setup down on to my notebook.
I'm very satisfied with it but that doesn't mean it's for ever;D
What do you think about it?
sig:" }-
Excellent your configuration, you use excellent programs, though I do not like much of the OA.

If you're happy, is what matters!

What bothers me is the fact that AdMuncher is lacking from right-click menu in Chrome.

Amen to that, stevan4.

-{ Quote: "What bothers me is the fact that AdMuncher is lacking from right-click menu in Chrome." }-
I can not tell you anything about it, I use Mozilla Firefox 6. :)

@Page42: Thanks for answering my PM, soon I'll give you more news about KeyScrambler. :thumb:

@ExtremeGamerBR ... excellent. And you're definitely welcome. :)

-{ Quote: "@ExtremeGamerBR ... excellent. And you're definitely welcome. :)" }-
Thanks! :thumb: :thumb: :thumb:

-{ Quote: "Yep indeed.. its light man they both running very light..there was no need to add mamutu but trusteer was crashing chrome so I had to replace it with something;D I thought about safeonline but was not sure:-\" }-

See you had the same issue I had, thats why I abandoned Trusteer Rapport. This is third time in the last few months that I have had it crash a browser. I'm done using it.

-{ Quote: "I like how you didn't change Chrome, you changed security programs. :thumb:" }-

Chrome wasn't the problem, it is Rapport.

-{ Quote: "went back to panda cloud..:thumb: added mamutu;D" }-

LOL I know you would go back to the dancing Panda.

-{ Quote: "Yikes. FreeBSD install went wrong - attempting to fix my Windows now... looks like I'm reformatting." }-

Rut oh, bad bad Hungry Man lol. Good luck with the reformatting. I just did that myself. Windows is squeaky clean ;D

-{ Quote: "See you had the same issue I had, thats why I abandoned Trusteer Rapport. This is third time in the last few months that I have had it crash a browser. I'm done using it.
" }-
I am looking for something to substitute with..not sure if I wanna try SOL..what are you using for browser protection against loggers..tried scrambler it doesn't work like Trusteer:doubt:

-{ Quote: "I am looking for something to substitute with..not sure if I wanna try SOL..what are you using for browser protection against loggers..tried scrambler it doesn't work like Trusteer:doubt:" }-

Of course Keyscrambler doesn't work like Trusteer, it just scrambles keystrokes but its inferior to Trusteer as well. But at least Keyscrambler isn't crashing my browser. I just have TrafficLight running in my browser. I'm still going to figure out what I'm going to do.

already tired of avg 2012 and went straight to eset av alongside mbam pro and ad muncher and online armor firewall only.

To borrow from wat a little bit, here is my Platinum Status Security Setup :

System Hardening/Network Security:
UAC - Always Notify
EMET - DEP Opt Out, SEHOP Opt Out, ASLR Opt In. Browsers, Media Players, MS Office, PDF Reader and few others forced to run with EMET.
Applocker - EXE, MSI, Script and DLL rules configured and enforced.
Windows Firewall with advanced security, inbound and outbound blocked by default, restricting web-facing applications to specific remote ports
Norton DNS enabled

Browser:
Chrome Stable
Built in malware protection/download scans
BitDefender TrafficLight extension
Adblock Plus extension: EasyList, Fanboy's List

Backup Browser:
Internet Explorer 9
Using Recommend settings by IE9
Tracking Protection: Fanboy Adblock List

On Demand Scanner(s):
Hitman Pro
Emsisoft Emergency Kit

Imaging/Backup:
Active@ Disk Image

-{ Quote: "To borrow from wat a little bit, here is my Platinum Status Security Setup ;D :P:

Comodo Firewall: Safe Mode, Alert Settings Low
-- Ports Stealthed
-- Enable IPv6 filtering
-- Protect the ARP Cache
-- Block Gratuitous ARP Frames
-- Block Fragmented IP datagrams
-- Do Protocol Analysis
-- monitoring NDIS protocols other than TCP/IP unchecked
-- This computer is an internet connection gateway unchecked

Comodo Defense+: Safe Mode
-- Autosandbox disabled (Until v6 ;D)

System Hardening:
UAC - Always Notify
EMET - DEP Opt Out, SEHOP Opt Out, ASLR Opt In. Browsers, Media Players, MS Office, PDF Reader and few others forced to run with EMET.
Applocker - EXE, MSI, Script and DLL rules are configured and enforced.

Browser:
Chrome Stable
Built in malware protection/ download scans
BitDefender TrafficLight extension
Adblock Plus extension: EasyList, Fanboy's List

Backup Browser:
Internet Explorer 9
Using Recommend settings by IE9
Fanboy Adblock List added

On Demand Scanner:
Hitman Pro

Imaging/Backup:
Active@ Disk Image" }-
solid setup man:thumb: just throw in a dash of on-demand MBAM to it for that extra flavor:argh:

Changed a few sandboxing settings - moved some thigns from Direct Access to Read-Only.

-{ Quote: "solid setup man:thumb: just throw in a dash of on-demand MBAM to it for that extra flavor:argh:" }-

Definitely solid. Its really light. ;) Actually I have some portable scaners in a directory on other drive. But those are emergency cleanup tools, which I'm pretty sure I won't need.

-{ Quote: "solid setup man:thumb: just throw in a dash of on-demand MBAM to it for that extra flavor:argh:" }-
Love it. Security Chef Kernelwars! :thumb:

-{ Quote: "Changed a few sandboxing settings - moved some thigns from Direct Access to Read-Only." }-
Like what, HM?

-{ Quote: "Love it. Security Chef Kernelwars! :thumb:" }-
I knew you would like it.. Master Chef @page42;D ;D

-{ Quote: "I knew you would like it.. Master Chef @page42;D ;D" }-
No no no. I am not even a line cook with security. :)

-{ Quote: "No no no. I am not even a line cook with security. :)" }-

Don't feel bad I just chop carrots and boil water in a pot;D

-{ Quote: "No no no. I am not even a line cook with security. :)" }-
You are just as humble as I thought you would be Master Chef @Page42:)

-{ Quote: "To borrow from wat a little bit, here is my Platinum Status Security Setup ;D :P:

Comodo Firewall: Safe Mode, Alert Settings Low
-- Ports Stealthed
-- Enable IPv6 filtering
-- Protect the ARP Cache
-- Block Gratuitous ARP Frames
-- Block Fragmented IP datagrams
-- Do Protocol Analysis
-- monitoring NDIS protocols other than TCP/IP unchecked
-- This computer is an internet connection gateway unchecked

Comodo Defense+: Safe Mode
-- Autosandbox disabled (Until v6 ;D)

System Hardening:
UAC - Always Notify
EMET - DEP Opt Out, SEHOP Opt Out, ASLR Opt In. Browsers, Media Players, MS Office, PDF Reader and few others forced to run with EMET.
Applocker - EXE, MSI, Script and DLL rules are configured and enforced.

Browser:
Chrome Stable
Built in malware protection/ download scans
BitDefender TrafficLight extension
Adblock Plus extension: EasyList, Fanboy's List

Backup Browser:
Internet Explorer 9
Using Recommend settings by IE9
Fanboy Adblock List added

On Demand Scanner:
Hitman Pro (Installed on PC)

Imaging/Backup:
Active@ Disk Image" }-

looks like a full time job, taking care of all this. ;)

-{ Quote: "Like what, HM?" }-
I'd given Skype some direct access it didn't need to. Same with Minecraft. I'm now changed it to read only and that seems to still work.

-{ Quote: "looks like a full time job, taking care of all this. ;)" }-

LOL not really. Its pretty much set and forget. I just gave the details of what settings I'm using. I will rarely have to change anything. ;)

-{ Quote: "Don't feel bad I just chop carrots and boil water in a pot;D" }-
LOL! Okay, I was bragging. I wash dishes.
Sometimes they let me out of the kitchen to bus tables, but when I return, they run manual scans to make sure I am clean.

-{ Quote: "LOL! Okay, I was bragging. I wash dishes.
Sometimes they let me out of the kitchen to bus tables, but when I return, they run manual scans to make sure I am clean." }-

LOL Page. Look at the bright side at least you know you are clean after the manual scans are done ;D

Yeah, seems like a very calm system. Very little user-interaction necessary... as it should be!

And when autosandboxing comes it'll be even moreso.

@1chaoticadult
did you enable SSL scanning for traffic light?:o

-{ Quote: "Yeah, seems like a very calm system. Very little user-interaction necessary... as it should be!

And when autosandboxing comes it'll be even moreso." }-

Exactly. Very light as well. ;D Well Said. Lets just say I get why you don't like AVs now :P


-{ Quote: "@1chaoticadult
did you enable SSL scanning for traffic light?:o" }-

I don't see that option..

-{ Quote: "
I don't see that option.." }-
I think you get that option when you r installing it..:o

-{ Quote: "I think you get that option when you r installing it..:o" }-

I didn't get that option when I installed the extension.

-{ Quote: "I didn't get that option when I installed the extension." }-
ah ok. I installed the web installer..the universal one I think:o

-{ Quote: "ah ok. I installed the web installer..the universal one I think:o" }-

Yea I don't use the web installer.

WINDOWS XP SP2

Realtime:
Bufferzone Pro
LooknStop
Norton DNS

Ondemand:
Hitman pro

Instant recovery:
Rollback RX

Software Update :
SUMo

Browser:
Firefox 6 with AB plus and Flashblock

Ok so I decided to add sandboxie. I also have Nod32, MBAM Pro, Ad Muncher and Online Armor firewall only.

Quick SBIE question- my default browser is Chrome. When running Chrome sandboxed with more than one tab open I only see the top tab in SBIE. Are all tabs in Chrome sandboxed or just the one that is on top? Maybe that's a dumb question but I am new to this SBIE stuff.

EDIT- also for some reason there are no [#] emblems in the Chrome tabs. Is that normal?

-{ Quote: " When running Chrome sandboxed with more than one tab open I only see the top tab in SBIE. Are all tabs in Chrome sandboxed or just the one that is on top? Maybe that's a dumb question but I am new to this SBIE stuff." }-
They are all sandboxed.
One way to confirm is to drag the finder tool over the window in question...

Sandboxie Control \ File \ Is Window Sandboxed? \ Drag the Finder Tool over a window to select it, then release
228924

-{ Quote: "EDIT- also for some reason there are no [#] emblems in the Chrome tabs. Is that normal?" }-
I don't see them in Chrome either, and I have Sandboxie configured to show the # indicators. You can always have Sandboxie display a border around the window.
228925

Removing the AV (Avira) has made a profound impact on my setup. I guess the absence of real-time scanning, even for a light AV, makes a big difference that goes far beyond simple memory usage. Browsing hasn't changed much, it's windows explorer that's much snappier.

Removing D+ from Comodo FW on the other hand has had no noticeable impact whatsoever, so I'm thinking about just keeping it around an an anti-executable. I'd feel safer this way anyway now living without an AV. It would help fill some of that void.

my most favorite setup yet;) it's 'lean and mean';D pc's running smooth and fast 8)
see my sig

-{ Quote: "I'm thinking about just keeping it around as an anti-executable. I'd feel safer this way anyway now living without an AV. It would help fill some of that void." }-
good for you:)

Removed Avira free and replaced it with AVG 2012 pro.Also Rising FW and Sandboxie paid.

-{ Quote: "Removing the AV (Avira) has made a profound impact on my setup. I guess the absence of real-time scanning, even for a light AV, makes a big difference that goes far beyond simple memory usage. Browsing hasn't changed much, it's windows explorer that's much snappier.

Removing D+ from Comodo FW on the other hand has had no noticeable impact whatsoever, so I'm thinking about just keeping it around an an anti-executable. I'd feel safer this way anyway now living without an AV. It would help fill some of that void." }-
PCAV is even lighter if your inclined to try it. Not that I found Avira heavy but I did notice a difference on my Netbook.

-{ Quote: "Removing the AV (Avira) has made a profound impact on my setup. I guess the absence of real-time scanning, even for a light AV, makes a big difference that goes far beyond simple memory usage. Browsing hasn't changed much, it's windows explorer that's much snappier.

Removing D+ from Comodo FW on the other hand has had no noticeable impact whatsoever, so I'm thinking about just keeping it around an an anti-executable. I'd feel safer this way anyway now living without an AV. It would help fill some of that void." }-

Good setup lucid. You don't need an AV with the setup you have. You are all set IMO. :thumb:

Disabled AppLocker and re-added Sandboxie. For as much security as it provides, AppLocker doesn't sit well with someone like myself who likes to download all sorts of suspicious files. I could either add a temp rule to run them, or turn off AppLocker and run them under Sandboxie. So that's what I've done.

Still running as a standard user. After a few days of doing so, I'm getting used to it and certainly feel safer knowing my admin password is needed for any system changes. Much like running Linux really.

Thanks chaotic :thumb:

That's what I've done. Re-enabled D+ in Clean PC mode with unrecognized files treated as "Restricted".

I'm really liking my setup the way it is now. Doubt I'll mess with it much for awhile.

-{ Quote: "Thanks chaotic :thumb:

That's what I've done. Re-enabled D+ in Clean PC mode with unrecognized files treated as "Restricted".

I'm really liking my setup the way it is now. Doubt I'll mess with it much for awhile." }-

Your welcome. Glad you re-enabled D+. :thumb: I don't think I will be messing with my setup anytime soon either. I'm enjoying how light my setup is. ;)

-{ Quote: "They are all sandboxed.
One way to confirm is to drag the finder tool over the window in question...

Sandboxie Control \ File \ Is Window Sandboxed? \ Drag the Finder Tool over a window to select it, then release
228924


I don't see them in Chrome either, and I have Sandboxie configured to show the # indicators. You can always have Sandboxie display a border around the window.
228925" }-
Thanks for the helpful info. I'm liking this SBIE.

-{ Quote: "Thanks for the helpful info. I'm liking this SBIE." }-
You're welcome. Glad SBIE is working out for you. :thumb:

Removed BitDefender QuickScan, WOT and SiteAdvisor. Returned MBAM to on-demand. Installed BitDefender TrafficLight.

-{ Quote: "You're welcome. Glad SBIE is working out for you. :thumb:" }-
BTW- I checked with the file check you posted about above to see if Chrome was sandboxed. Nothing really happened when I tried that. Also, even though there is supposed to be a yellow border around the sandboxed applications, nothing shows up for Chrome. It shows for firefox, though, when my pointer touched the outside edge of Firefox. But I check SBIE and it shows Chrome as running in the sandbox. Maybe this all is just a Chrome issue? Everything seems to be going fine otherwise.

BTW II- when my 30 day trial is up, what features go away? I'm particularly interested in being able to have the context menu option to launch apps within SBIE as well as the standard ability to run downloaded apps sandboxed as well as internet facing programs. SBIE is so nice I'm sure I'll go ahead and at least buy a 1 year license anyway.

Removing Digsby and Skype manual sandboxes from Comodo. Sticking to Sandboxie for those - leaving Java sandboxes.

EDIT: When I sandbox Chrome every tab gets a border around it btw.

-{ Quote: "BTW II- when my 30 day trial is up, what features go away?" }-

30 day trial ??? I could be wrong but to my knowledge there is no 30 day trial, theres only a free version and a paid version of Sandboxie.
Some features/options only available in the paid version.

-{ Quote: "The Personal (Home Use) License for Sandboxie:
Is personal and is not transferable into computers or electronic media that you do not own;
But does permit you to use Sandboxie on any number of computers that you personally own;
Covers the current version and all future versions of Sandboxie;
Removes the nag screen that initially appears after you have used Sandboxie for more than 30 days;
Enables the Forced Programs and Forced Folders features;
Allows you to run programs in more than one sandbox at the same time (see message SBIE1303);
But does not entitle you to any guaranteed level of technical support.
All of the above applies to both the lifetime and limited-time licenses.
Price excludes VAT for European customers.
Price in USD and other currencies varies according to Euro conversion rate. Please enter the online store to see the actual price.

See also: FAQ Licensing. If you do not agree to these terms, you may continue to use Sandboxie free of charge, as long as you are not in violation of any of the conditions of the End-User License Agreement.

Thank you for considering the registration of Sandboxie.

Ronen Tzur, author of Sandboxie." }-

http://www.sandboxie.com/index.php?RegisterSandboxie

-{ Quote: "BTW- I checked with the file check you posted about above to see if Chrome was sandboxed. Nothing really happened when I tried that. Also, even though there is supposed to be a yellow border around the sandboxed applications, nothing shows up for Chrome. It shows for firefox, though, when my pointer touched the outside edge of Firefox. But I check SBIE and it shows Chrome as running in the sandbox. Maybe this all is just a Chrome issue? Everything seems to be going fine otherwise." }-
If "nothing really happened" when you dragged & dropped the finder tool, I don't understand, because something usually happens either way... it either says the selected window is sandboxed or is not sandboxed. If nothing happens, there is an issue that needs to be looked into on the SBIE forum with tzuk. When you state that "I check SBIE and it shows Chrome as running in the sandbox", do you mean you see the sandboxes you have created in the Sandboxie Control dialog?
-{ Quote: "BTW II- when my 30 day trial is up, what features go away? I'm particularly interested in being able to have the context menu option to launch apps within SBIE as well as the standard ability to run downloaded apps sandboxed as well as internet facing programs. SBIE is so nice I'm sure I'll go ahead and at least buy a 1 year license anyway." }-
I concur with LoneWolf that there is no trial. Just a money back guarantee.
The lifetime license gives you the ability to force sandboxes, and to have more than one sandbox, and to use the program on as many computers as you like. I think it is the same for the 1 year license, but I'm not positive.

To reiterate, Chrome and SBIE work fine for me, and for others, so the problems you are having sound like configuration issues or something else.

HTH

I'm having one problem with Chrome in Sandboxie: downloads won't go automatically onto desktop, they go first to Documents.

-{ Quote: "If "nothing really happened" when you dragged & dropped the finder tool, I don't understand, because something usually happens either way... it either says the selected window is sandboxed or is not sandboxed. If nothing happens, there is an issue that needs to be looked into on the SBIE forum with tzuk. When you state that "I check SBIE and it shows Chrome as running in the sandbox", do you mean you see the sandboxes you have created in the Sandboxie Control dialog?

HTH" }-

I'm running as admin so do I need to check the "drop rights" box in the SBIE configuration? I tried the "check window" tool running programs sandboxed and not sandboxed. Either way, nothing happened, just the same as in your previous picture-
http://www.wilderssecurity.com/showpost.php?p=1931692&postcount=18337

-{ Quote: "I'm having one problem with Chrome in Sandboxie: downloads won't go automatically onto desktop, they go first to Documents." }-
Isn't that a function of Chrome "Under the Hood" settings... "Download location" and " Ask where to save each file before downloading"?

-{ Quote: "I'm running as admin so do I need to check the "drop rights" box in the SBIE configuration? I tried the "check window" tool running programs sandboxed and not sandboxed. Either way, nothing happened, just the same as in your previous picture-
http://www.wilderssecurity.com/showpost.php?p=1931692&postcount=18337" }-
Drop Rights is is optional, it's up to you if you want to use it. I don't with Chrome because I want it to update itself.

As for the Finder Tool not working, are you clicking on the little square Finder Tool button 228942 and dragging it onto the window you wish to check?

-{ Quote: "Drop Rights is is optional, it's up to you if you want to use it. I don't with Chrome because I want it to update itself.

As for the Finder Tool not working, are you clicking on the little square Finder Tool button 228942 and dragging it onto the window you wish to check?" }-
OK, I was not pulling that little circle icon, but moving the window across by the top bar. That's why it wasn't showing a message. I figure I'll use SBIE when I download new programs and possibly sometimes when I'm running my browser. Does the "drop rights" give more protection when running SBIE occasionally? I'm assuming it would, just not sure of the details. I have UAC on max but run as admin 99% of the time if that makes any difference.

BTW- thanks for the info as I'm pretty lost about this all. But I see the value of SBIE now as previously I thought it would be much more complicated than it is (at least for my needs).

-{ Quote: "OK, I was not pulling that little circle icon, but moving the window across by the top bar. That's why it wasn't showing a message. " }-
I thought when you were saying nothing was happening that might be the case.
So is it saying that Chrome is sandboxed?
Btw, lots of SBIE configuration threads and gems here (http://www.wilderssecurity.com/forumdisplay.php?f=98).

TrafficLight standalone gave me a BSOD.
TrafficLight as a Chrome extension is perfect. :thumb:
228944

-{ Quote: "TrafficLight standalone gave me a BSOD.
TrafficLight as a Chrome extension is perfect. :thumb:
228944" }-
page did you try this on firefox?

No. Just Chrome. :)

No programs that are sandboxed by Sandboxie are also sandboxed by Comodo now. Comodo is sandboxing my media player and some vaio services - Sandboxie has everything else.

-{ Quote: "I thought when you were saying nothing was happening that might be the case.
So is it saying that Chrome is sandboxed?
Btw, lots of SBIE configuration threads and gems here (http://www.wilderssecurity.com/forumdisplay.php?f=98)." }-
yes, it says chrome is sandboxed- all is good now, thanks

-{ Quote: "Isn't that a function of Chrome "Under the Hood" settings... "Download location" and " Ask where to save each file before downloading"?" }-

Yes, I've set it up out of the sandbox but Chrome still won't download to the desktop in Sandboxie. It's not a problem with Internet Explorer.

- removed Trusteer Rapport, it's the 4th BSOD in 3 weeks.
- disabled UAC: if i trust Chrome to protect me from "exploits in the wild" what do i need UAC for? ???
- tweaked the most dangerous attack vector; the one sitting 18 inches away from the monitor.

-{ Quote: "- removed Trusteer Rapport, it's the 4th BSOD in 3 weeks.
" }-

Wow BSODs. Thats worse than my issues with Rapport. I thought my issues were bad. I just freezing and crashing with both Chrome and IE9. I say good riddance.

-{ Quote: "Yes, I've set it up out of the sandbox but Chrome still won't download to the desktop in Sandboxie. It's not a problem with Internet Explorer." }-
Okay, then it seems to me that it can only be a matter of handling the download via Sandboxie and the Enable Immediate Recovery setting, which upon download, produces the Immediate Recovery dialog. Select the destination folder by clicking on "Recover to Any Folder", then browse to desired location.

That's what I would recommend. :)

-{ Quote: "Wow BSODs. Thats worse than my issues with Rapport. I thought my issues were bad. I just freezing and crashing with both Chrome and IE9. I say good riddance." }-

Blue Screen Viewer said that a Rapport process and nkktrlpa.exe (or somesuch) could not live together. ;)
this time, about 30 minutes ago, the BSOD was so severe Windows did not even generate a Minidump.

-{ Quote: "Blue Screen Viewer said that a Rapport process and nkktrlpa.exe (or somesuch) could not live together. ;)
this time, about 30 minutes ago, the BSOD was so severe Windows did not even generate a Minidump." }-
oh man..I had to give up trusteer earlier this week..:wacko: what are you planning on replacing it with?:o

Removing Mamutu. I may add it back in eventually.

EDIT: Just removed it.

Also set up a sandbox for CCCP Media Player. Removed sandbox from Comodo. Comodo is now only sandboxing two vaio services.

I'm keeping CIS installed for the cloud scanners, so that it can sandbox the two vaio services, for the firewall, and for Defense+.

-{ Quote: "Removing Mamutu. I may add it back in eventually." }-

LOL Hungry Man. Resist the urge to not install it back ;D

-{ Quote: "oh man..I had to give up trusteer earlier this week..:wacko: what are you planning on replacing it with?:o" }-

nothing actually.
Trusteer was just a little extra security that i did not mind, until by computer started not liking it. ;)

-{ Quote: "LOL Hungry Man. Resist the urge to not install it back ;D" }-
>_> as in install it back? lol

I'm finally taking my own advice. I've had my fun installing software and seeing how it works. I'm in school now =p I can learn there.

I think I might look at applocker. We will see.

-{ Quote: ">_> as in install it back? lol

I'm finally taking my own advice. I've had my fun installing software and seeing how it works. I'm in school now =p I can learn there.

I think I might look at applocker. We will see." }-

Up to you my friend. Applocker is your friend hehehe.

Applocker sounds.... invasive =p I don't ever want to have to "toggle" my security on and off. But I would like to restrict some applications from being able to read/write to certain areas.

I don't want anything being able to access certain registry keys or files/folder that belong to my security software or browser or really anything that they don't need access to.

-{ Quote: "Applocker sounds.... invasive =p I don't ever want to have to "toggle" my security on and off. But I would like to restrict some applications from being able to read/write to certain areas.

I don't want anything being able to access certain registry keys or files/folder that belong to my security software or browser or really anything that they don't need access to." }-

I don't toggle security off and on lol. I haven't turned off applocker since I started using it. I have no clue what you mean. If you are toggling applocker off and on then you don't have it setup correctly IMO. I'm not gonna convince you to use applocker. Either you do or you don't, but I'm happy using it.

Just moved my firewall alerts to Very High. Just to try it out...

What rules do you use for applocker? I basically want to block access to certain files/folder for all programs except the ones I say are ok.

-{ Quote: "Just moved my firewall alerts to Very High. Just to try it out...

What rules do you use for applocker? I basically want to block access to certain files/folder for all programs except the ones I say are ok." }-

My rules are specific to my laptop in a way. Here is one thread http://www.wilderssecurity.com/showthread.php?t=272761 way you can setup applocker, look at MrBrian's posts. I basically use wat's method which is essentially auto-generate rules for exe and scripts, use default rules for MSI and DLLs but also create specific rules for dll files needed to run as well. Best thing to do it setup your rules and then use audit only mode to see what files applocker says wouldn't run if the rules were enforced. You also ask wat aka the applocker troll and he will help ya I'm sure ;D

-{ Quote: "Removing Mamutu. I may add it back in eventually.

EDIT: Just removed it.

Also set up a sandbox for CCCP Media Player. Removed sandbox from Comodo. Comodo is now only sandboxing two vaio services.

I'm keeping CIS installed for the cloud scanners, so that it can sandbox the two vaio services, for the firewall, and for Defense+." }-


Oh wow! when did you get sandboxie pro? :)

A few days ago. Liking it quite a bit. Still working out kinks.

So anyone know if I can basically restrict certain files from being written to except by specific programs?

-{ Quote: "A few days ago. Liking it quite a bit. Still working out kinks.

So anyone know if I can basically restrict certain files from being written to except by specific programs?" }-

create a sandbox specifically for "each program" and use the resource access settings per-sandbox.

or you could do this manually for every process (see screenshot):

I like that but what I'm trying to do is block EVERY program EXCEPT for one from accessing certain files/ folder.

For example: Comodo apparently stores some config files in userland. I want Comodo to be the only software to access them - perhaps CCleaner as well.

Can I run Chrome at LowIL without problems?

EDIT: I guess so... doing it now! haha