I have been reading with interest the two recent threads on LUA and SRP SuRun: Easily running Windows XP as a limited user (http://www.wilderssecurity.com/showthread.php?t=196737) and Maximising Windows XP security with LUA and SRP (http://www.wilderssecurity.com/showthread.php?t=200772) started by Tlu with additional precious contributions from other posters.
To my mind, it appears to be a very sensible and relatively down-to-earth (after the initial setup) approach to security for someone like me who doesn't particularly care for trying the latest HIPS or tweaking the OS forever. I certainly need to study the whole thing again, in one go, to firm my understanding before implementing it.

Having said that, in the next month or so I intend to make a fresh install of XP slipstreamed with SP3, and I am beginning to ponder what other security apps to add to LUA+SRP.

It would seem to me that two additional items would be needed:
1. a two-way firewall. At the moment I am using OA Free together with its HIPS, but I would disactivate the HIPS. Any other suggestions for a firewall?
2. a behavioural analysis security application like Threatfire. Alternatives?
Also, as I would be browsing with Firefox and NoScript, would SandboxIE still make sense?

Any comments appreciated.

my piece of advise is stick to OA...great piece of software and the sandboxie,which has prooved its strength over time and arised triumphant

-{ Quote: "It would seem to me that two additional items would be needed:
1. a two-way firewall. At the moment I am using OA Free together with its HIPS, but I would disactivate the HIPS. Any other suggestions for a firewall?
2. a behavioural analysis security application like Threatfire. Alternatives?
Also, as I would be browsing with Firefox and NoScript, would SandboxIE still make sense?" }-

1. Why you want to disactive HIPS? OA Free is superb. I used that earlier but bought 2 year license with that May discount.

2. ThreatFire is good. You can test DriveSentry too. There is coming free version too.

-{ Quote: "1. Why you want to disactive HIPS? OA Free is superb. I used that earlier but bought 2 year license with that May discount.
" }-

My understanding, but please correct me if I am wrong, is that LUA + SRP should prevent malware executing, and thus, in effect, act in a fashion as a HIPS

-{ Quote: "It would seem to me that two additional items would be needed:
1. a two-way firewall. At the moment I am using OA Free together with its HIPS, but I would disactivate the HIPS. Any other suggestions for a firewall?
2. a behavioural analysis security application like Threatfire. Alternatives?
Also, as I would be browsing with Firefox and NoScript, would SandboxIE still make sense?" }-
By two-way firewall, I'm assuming your wanting leak prevention? If you disable OA's HIPS, that may hurt the leak prevention. I'm not sure about this so someone like Mike or Pete would have to confirm or deny it.

A fw without HIPS can still be two-way if it can restrict selected applications to how/where they connect regarding directional control to local/remote ports, ip address, as well as selected protocol (UDP/TCP). I have software fw's that do this with "HIPS-like" features built-in, but I use the latter in only a limited fashion. With LUA/SRP, especially as described in those threads, you are in very good shape. Your machine will be locked down like a bank vault. Personally, it's not the way I like to do things, but I can't argue its system hardening effectiveness.

-{ Quote: "By two-way firewall, I'm assuming your wanting leak prevention? " }-
Correct, innerpeace.