Network Protection:
Linksys Router with SP1 Firewall
OpenDNS Free (Phishing and "Basic Malware/Botnet" protection enabled)

Real-time Protection:
Comodo Internet Security (Firewall+HIPS+Sandbox)
Microsoft Security Essentials
Immunet Protect
WinPatrol Free

Passive Protection:
Windows 7 UAC (no prompts, thanks to UACTweak. Everything else is enabled: default drop rights, File & Registry Virtualization, etc.)
Disallowed-by-default Software Restriction Policy
SpywareBlaster

On-demand Scanning:
A-squared Free
Comodo AV
Malwarebytes' Anti-malware
Hitman Pro
Sophos Anti-Rootkit
SUPERAntispyware
Trend Micro Housecall

Firefox Add-ons:
Adblock Plus (Malware Domains subscription)
LinkExtend
NoScript

Others:
EULAlyzer
HiJackThis (+ http://www.hijackthis.de/)
VirusTotalUploader

Updates:
RSS Feeds: Freeware Guide, Fileforum, FileHippo.com, Freeware Files, kaldata.net, MajorGeeks.
KC Softwares SUMo

Virtualization:
SandBoxie (+ DropRights)
Vmware Player

System Backup:
Paragon Backup & Recovery 10.1

Every other security features on Windows 7 Pro 64-bit (excluding Windows Defender and Firewall) are on default.

The list is useless if you don´t explain how you use that software.

I use Deep Freeze + Sandboxie and I execute over a thousand malwares every week and I don´t get infected. You should think about that.

-{ Quote: "The list is useless if you don´t explain how you use that software.

I use Deep Freeze + Sandboxie and I execute over a thousand malwares every week and I don´t get infected. You should think about that." }-

Listen to this guy and keep it simple!!!! Dont clutter up your hard-drive full of programs / software you dont need.

CIS (excl. AV), MSE, IP, and WP are all active all the time.
UAC is as well, without notifications.

CIS Firewall and Defense+ levels are on default (Safe Mode), except they monitor everything except for NDIS. Also Alert Frequency is on Medium. I use My Own Safe Files for every software I trust.

MSE and IP are on default, with some exception rules for other security programs. WP is on default.

SRP only allows Program Files, Windows, Standalone Files (exe without installers), and RamDisk. It uses the default designated file types except for .lnk

SandBoxie is mainly used for my Web Browser and testing untrustworthy software. VMware is used instead if SandBoxie doesn't work (like for some installations) and compatability reason (XP Mode).

I use Firefox as my main browser, with AdBlock Plus filtering junk, NoScript blocking all kinds of scripts unless I allow them, and LinkExtend determines the safety of the website I'm on using Web of Trust, McAfee SiteAdvisor, Web Security Guard, Browser Defender, Norton Safe Web, and Compete.

Any new file I don't trust will be sent to VirusTotal, if they're too big, they'll be scanned by my on-demand scanners. EULAlyzer will also be used.

I check my RSS feeds daily.

I do full scans (excl. Personal Media / Backup folders) with all of the on-demand scanners pretty much every week. Also use SUMO to check for software updates I missed.

I back up my system partition and boot sector every month, and use differential backups every week. The archives from this and previous months are kept.

No offense, but that really looks to complex and quite resource intensive.

Don't you think this is an overkill on Website Advisories?
-{ Quote: "<snip> and LinkExtend determines the safety of the website I'm on using Web of Trust, McAfee SiteAdvisor, Web Security Guard, Browser Defender, Norton Safe Web, and Compete." }-

wow you've got lots of resources :D

anyway windows7 64-bit is pretty safe already...
I'd worry about all the data collections / privacy policies of your apps rather than getting bypassed :-\

you even lack key encryption on top of that. :dry:
SBIE isnt much of an anti-keylogger.


Bypassed? http://www.prevx.com/blog/149/SpyEye-steals-your-data-Even-in-a-limited-account.html
maybe not... but still... :)

-{ Quote: "SandBoxie is mainly used for my Web Browser and testing untrustworthy software. VMware is used instead if SandBoxie doesn't work (like for some installations) and compatability reason (XP Mode)." }-

If you browse using Sandboxie and test untrustworthy software in VMWare, I don´t know why you have so many security solutions installed.

And your computer still boots. :o
Keep it light and simple. World war 3 is not going to happen to your computer!
My god! lol ;D

Nothing is perfect :P

@J_L,

Hi mate. Well believe me, I change my security setup many, many times within a few months. Looking for the BEST! The BULLETPROOF!!! But really, you should first step back and ask yourself "What sites do I browse? Do I use P2P...etc.". At one point I had all this cool security software 'n all that jazz, spent weeks setting it all up, bogged down my PC quite a bit but heck, what did I care?. Then one day I took a step back and looked at all the things I had, and asked myself "do I really need all this?".

If you are a casual web browser like myself, and only hop on Gmail, YouTube, Wikipedia, CNN, Wilders, Facebook. Then you are really, at minimal risk.

But lets not say throw everything out the window. With COMODO's Firewall and D+ you'll be covered with a "whitelisting" type layer of security, which as most of us know is VERY effective. Afterwords setup a good antivirus, perhaps a sandbox, and you are now the farmer with the rifle.

But nevertheless, it all boils down to our little think-box to keep us protected, the best anti-virus out there we can find in our melon. So, to conclude... Comodo + a good antivirus + a sandbox, good host file, and maybe toss in a scan from MalwareBytes once a week, and you'll be fine mate.

Cheers! :)

well his setup is just above average.

he have 4 realtime app running...

-{ Quote: "Real-time Protection:
Comodo Internet Security (Firewall+HIPS+Sandbox)
Microsoft Security Essentials
Immunet Protect
WinPatrol Free" }-


but he's got damn long list of on-demand scanners... paranoia? :-\


MY SUGGESTION?:
DUMP CIS4 or Immunet Protect + Winpatrol
Replace it with Prevx SafeOnline Free or Trusteer Rapport free.

The apps in my siggy have seen me through gigs of malware samples. KISS ;)

Of course my Computer boot fine, in fact it's much faster than the average Joe's.

As for resource intensive take a look at this:
1.45 gb out of 4 gb used. Plus, that's with Firefox and a 512mb RamDisk.
System Disk Space: 15.8 gb out of 33.5 gb. Most of it is winsxs.
Dual-core Processor, ~5% used in background.

P2P, W@rez, etc. That's pretty normal for me. Except I only trust getting media off of them, and maybe a few little things to try on my virtual machine..

I don't really do banking or stuff like that, still a teen. So SafeOnline and Trusteer Rapport aren't that useful.

As for all the on-demand scanners.. Well I've gone through a LOT more than that. Kept these because they don't come with useless features, most (excl. 2) can do right-hand scanning, and they pretty much detect different things.

Maybe I'll get rid of HouseCall, its scanning takes forever.. Plus it doesn't have right-click. Need some more info about its detection.

I'm not really looking here for suggestions on my setup, but more for if there are any risks for me.

-{ Quote: "
I'm not really looking here for suggestions on my setup, but more for if there are any risks for me." }-

Maybe... I think they're called Zero-Day MALWARES or so... ;D

-{ Quote: "I'm not really looking here for suggestions on my setup, but more for if there are any risks for me." }-

Yes risk of conflict.

Guys, he doesnt want suggestions...
He's concerned if there's anything that can bypass his setup ;D


OBVIOUS ANSWER: YES! NOTHING IS 100% PERFECT, Does that enlighten you J_L?

I doubt Zero-Day Malwares will matter much with Cloud AV, Virtualization, Whitelist, and HIPS.

WinPatrol is more for pesky Ask-toolbars and the like. Too lazy to use CIS fully monitoring installations..

As for risk of conflict, please elaborate.

Yes nothing is 100% perfect, but I want more details than that.

-{ Quote: "I doubt Zero-Day Malwares will matter much with Cloud AV, Virtualization, Whitelist, and HIPS." }-
There's the answer to your bypass.

details? wait. What? you want to talk about actually bypassing your setup?
you want us to give you what a zero-day malware would actually do to you?

sorry I'm not an expert in writing malware nor am not a prophet to know what zero-day malware can do in the future.

Fine then, the zero-day malware stuff can wait.

What I want to know is how effective Trend Micro Housecall is at detecting malware.

What about rootkits and boot-sector viruses?

I have used Trend House call in the past to check my fathers computer when he was having issues. It found a rootkit and removed with zero problems. But it did not detect the other 3 trojans that were left behind. :thumbd:

I see. At least it can remove rootkits.

About Prevx CSI, I've actually had it before for quite a long time. Thing is, I thought it wasn't that useful anymore because HitmanPro includes it and it can't do a full scan. Also comes with unnecessary "real-time infection monitoring" and SafeOnline Trial, which I had to manually disable. There's the removal limitations as well.
Should I bring it back? What advantages does it have over my other scanners?

Accidently missed this: http://www.prevx.com/blog/149/SpyEye-steals-your-data-Even-in-a-limited-account.html
Very interesting, how well does SandBoxie and CIS protect against SpyEye?

You overlap in many areas. That is good I suppose, if you don't mind that much protection.

You obviously know that the answer is "yes, somthing could". Perhaps you might rephrase the question to "where is my overlapping security lacking" or something similar. I see that as more likely to produce answers, as people who use many different products, including some of the ones you are using, will have a better idea of how they have tested and implemented thier security.

Sul.

Good point, but with all the KISS posts I'm seeing, I wonder about that.
Anyways, "where is my overlapping security lacking" is a better way of saying it. That's exactly what I'm looking for.

Usually I post carefully on a less active forum, so I'm not used to this kind of rapid posting. If any of you feel offended by me not quoting and replying to everything properly, please don't take it personally.

Kind of paranoid for average use yet not enough because the well known motto of hackers says the most secure pc is...

-{ Quote: "Kind of paranoid for average use yet not enough because the well known motto of hackers says the most secure pc is..." }-

:thumb:

I'm not expecting to keep hackers off, just the malware they create.

-{ Quote: "wow you've got lots of resources :D

anyway windows7 64-bit is pretty safe already...
I'd worry about all the data collections / privacy policies of your apps rather than getting bypassed :-\

you even lack key encryption on top of that. :dry:
SBIE isnt much of an anti-keylogger.


Bypassed? http://www.prevx.com/blog/149/SpyEye-steals-your-data-Even-in-a-limited-account.html
maybe not... but still... :)" }-


I disagree ....if you have sandboxie configured with Start/Run access then the keylogger will not be able to execute. Even if you do have the keylogger execute and you have "automatically delete contents of sandbox" that would delete the keylogger. Then start your browser with a fresh session.
http://www.sandboxie.com/index.php?RestrictionsSettings

Yes - even if you install 120 on-demand-scanner - there could be malware that can bypass them :)

@Troy45
Yeah. right.

Some info you might want to know about SBIE.
http://www.sandboxie.com/index.php?DetectingKeyLoggers


@TS
Keep overlapping til you're satisfied. :dry:

-{ Quote: "@Troy45
Yeah. right.

Some info you might want to know about SBIE.
http://www.sandboxie.com/index.php?DetectingKeyLoggers" }-

That exact why Sbie protect you. I think you no understand how use Sbie to full extent?

-{ Quote: "That exact why Sbie protect you. I think you no understand how use Sbie to full extent?" }-

huh? that's old news actually. ;D
I'm recommending key encryption software for protections against program running outside SBIE.
:-*

-{ Quote: "Network Protection:
Linksys Router with SP1 Firewall
OpenDNS Free (Phishing and "Basic Malware/Botnet" protection enabled)" }-
First line of defense is the router, OpenDNS might help, there has been a debate before, but better than nothing.

-{ Quote: "Real-time Protection:
Comodo Internet Security (Firewall+HIPS+Sandbox)
Microsoft Security Essentials
Immunet Protect
WinPatrol Free" }-
Relying on firewall/hips to control execution and net access, good. It will all depend now upon your knowledge to answer prompts and set rules. Only as good as your answers really. The others, added bonus.

-{ Quote: "Passive Protection:
Windows 7 UAC (no prompts, thanks to UACTweak. Everything else is enabled: default drop rights, File & Registry Virtualization, etc.)
Disallowed-by-default Software Restriction Policy
SpywareBlaster" }-
UAC and default-deny SRP - a tough combo. You must manage this, but offers good protection for what you do configure. Spyware blaster - isn't this only setting browser protections?

-{ Quote: "On-demand Scanning:
A-squared Free
Comodo AV
Malwarebytes' Anti-malware
Hitman Pro
Sophos Anti-Rootkit
SUPERAntispyware
Trend Micro Housecall" }-
Here you rely on updated lists of things to scan for. AV is always behind the real-time. Still, can be a useful resource for on-demand if you always scan with current definitions. The combination of multiple engines gives a greater overlapping of detection rates one would think. Do you update each, then scan with each? Seems like a lot of work but the only way to ensure the highest detection rate.

-{ Quote: "Firefox Add-ons:
Adblock Plus (Malware Domains subscription)
LinkExtend
NoScript" }-
Standard stuff these days it seems.

-{ Quote: "Others:
EULAlyzer
HiJackThis (+ http://www.hijackthis.de/)
VirusTotalUploader" }-
Peripherals that can help you but don't offer any protection unless you actually use them and understand how to decipher them. The uploader offers nothing other than peace of mind. Do you upload after one of your on-demand scans find something?

-{ Quote: "Updates:
RSS Feeds: Freeware Guide, Fileforum, FileHippo.com, Freeware Files, kaldata.net, MajorGeeks.
KC Softwares SUMo" }-
Wow, a lot of work keeping up with the latest of everything.

-{ Quote: "Virtualization:
SandBoxie (+ DropRights)
Vmware Player" }-
And here comes the real protection. Running your net facing apps in a controlled environment.

-{ Quote: "System Backup:
Paragon Backup & Recovery 10.1" }-
Ah, should all other resources fail (and that is a lot of 'other' resources ;) ) you can fall back to your images. But, do you have a scheme in place so that your data is somewhere different than your OS? Replacing the OS is nice, but if you spend hours reconfiguring everything or waiting for a huge image file to install, is it really convenient? Properly thought out backup plans should place data to a location that is safe, but also fast and easy to access from your images, at least IMO.

-{ Quote: "Every other security features on Windows 7 Pro 64-bit (excluding Windows Defender and Firewall) are on default." }-
You refer to DEP or SEHOP or AppLocker, as well as the LUA?

There are other programs than those you have chosen. Some require less 'tertiary' help. Some, it depends on the 'paranoia' level of the user. No disrespect intended, but you seem to lean to the 'paranoia' side of things. Understandable, as the threats are real. Personally, I don't think with that much arsenal guarding the gates you will have many problems. I think you could shave probably 75% of that off if you so desired though.

Sul.

@Troy45:
My SandBoxie does automatically delete everything. About Start/Run access, isn't that covered by my SRP? Very interesting nonetheless.

@Sul:
SpywareBlaster protects against ActiveX, Cookies, and Restricted sites for IE. Only Cookie Protection for Firefox. Might not be much, but it's light and simple.

Yes, I update then scan with them. Usually keep it in the background and do other stuff while scanning. Their process priority is lowered.

I upload first, and usually don't bother to scan afterwards. If it's from a trustworthy source (non-warez or p2p, LinkExtend all green, personal experience, etc.) and nothing detects it, then that's all the confirmation I need. Really like how it checks for hash first, therefore saving time. I think it's more than just a peace of mind, there's 40+ scanners after all.

The images are stored in another partition. Hard drive is pretty new, and MediaShield says nothing, so I think it's ok. When there's even the slightest hint it's failing, then I'm backing up to an external hard drive. Also got a boot cd.

DEP is enabled on default, SEHOP is disabled on default, and AppLocker is only on Ultimate.
Wouldn't encrypt my entire system though, real conflict can occur, images might fail, and hard disk life will be decreased. Totally unnecessary.
Since UAC is on and I use a lot of utilities, LUA is too restrictive for me.
SEHOP looks interesting, but I'm worried about conflict. It seems very advanced and I have a hard time understanding as well.

Thank you for your input.

-{ Quote: "@Sul:
SpywareBlaster protects against ActiveX, Cookies, and Restricted sites for IE. Only Cookie Protection for Firefox. Might not be much, but it's light and simple." }-

And what´s the point of using it if you use Sandboxie already?

Gonna add Anubis (http://anubis.iseclab.org/) to my list. Like its summary description, nice and simple.
ThreatExpert also seems interesting, but 5 mb is too small imo.

-{ Quote: "And what´s the point of using it if you use Sandboxie already?" }-
Cookies blacklist, I'm rather privacy sensitive.
Also have this Windows Sidebar Gadget Mini Explorer on my secondary monitor. Convenient when I don't want to open another browser window (or the browser itself), but not sandboxed.

Edit:
Actually I should SandBox the Sidebar nevermind. Also Cookies Blacklist is more of an excuse, there's much better methods already available. Guess I'll uninstall it.

-{ Quote: "LUA is too restrictive for me." }-

Your setup is mostly nice I like because it free I notice! But your comment not much make sense to me here. Windows 7 make is easy to run user limited. Ok? What problem for you? You can ask me as I here to help. By way many here I note say such thing as dont need much protect. It true but if you want talk like that then dont need much protect except may be one program or good browser. Fact is that user limited give tight protect and it should no be too restrict like you say. I know many Chinese hacker who just run user limited and nothing else. It because they know a lot and how to avoid get infected any way. May be same for you. But may be you dont understand user limited.

-{ Quote: "Your setup is mostly nice I like because it free I notice! But your comment not much make sense to me here. Windows 7 make is easy to run user limited. Ok? What problem for you? You can ask me as I here to help. By way many here I note say such thing as dont need much protect. It true but if you want talk like that then dont need much protect except may be one program or good browser. Fact is that user limited give tight protect and it should no be too restrict like you say. I know many Chinese hacker who just run user limited and nothing else. It because they know a lot and how to avoid get infected any way. May be same for you. But may be you dont understand user limited." }-
Many of the programs I regularly use require admin privileges for proper function, therefore it's much more convenient for to work in a admin account. UAC default-drop rights is good enough in my opinion.

-{ Quote: "Many of the programs I regularly use require admin privileges for proper function, therefore it's much more convenient for to work in a admin account. UAC default-drop rights is good enough in my opinion." }-

That is whole problem. Need use program that run nice in user limited. Many program can do this. All program that dont run nice in user limited are bad program or very old program. Ok? But yes you do what you like.

-{ Quote: "That is whole problem. Need use program that run nice in user limited. Many program can do this. All program that dont run nice in user limited are bad program or very old program. Ok? But yes you do what you like." }-
Those programs need admin rights because they're system utilities. I have many more programs that don't need admin rights.

privacy sensitve eh? ;D

bye.
Konata Izumi

-{ Quote: "Those programs need admin rights because they're system utilities. I have many more programs that don't need admin rights." }-

How many time you use system utility a week. No need to do that many right otherwise you spend all time on system utility and never use comp! So if no spend much time then just answer UAC prompt to run it as admin. As I say Win 7 make it easy to run user limited. Very nice.

-{ Quote: "How many time you use system utility a week. No need to do that many right otherwise you spend all time on system utility and never use comp! So if no spend much time then just answer UAC prompt to run it as admin. As I say Win 7 make it easy to run user limited. Very nice." }-
Umm, some people do things that require being an admin. LUA is very nice, and very much better than running as Admin from security perspective. But, LUA is the most annoying thing when you constantly do things that requires admin. I would rather get infected a dozen times over than use a RunAs or click UAC "ok" button that many times during a day.

Win7 does make it "easier" to run as LUA, the same as SuRun does for XP. The argument that one should not use older programs that do not comply to "user space" requirements is only an opinion. Many fine programs exist that do require admin. It comes down to what the person really desires: a new program that may not be as "nice" but works in LUA, or an older program that "rocks" but does require admin.

LUA is NOT the answer for everyone on the windows platform. But, for most, especially the novice, LUA IS the best approach.

Sul.

-{ Quote: "Umm, some people do things that require being an admin. LUA is very nice, and very much better than running as Admin from security perspective. But, LUA is the most annoying thing when you constantly do things that requires admin. I would rather get infected a dozen times over than use a RunAs or click UAC "ok" button that many times during a day.

Win7 does make it "easier" to run as LUA, the same as SuRun does for XP. The argument that one should not use older programs that do not comply to "user space" requirements is only an opinion. Many fine programs exist that do require admin. It comes down to what the person really desires: a new program that may not be as "nice" but works in LUA, or an older program that "rocks" but does require admin.

LUA is NOT the answer for everyone on the windows platform. But, for most, especially the novice, LUA IS the best approach.

Sul." }-

You right but I say Windows people not used to clicking and putting password. Think Linux. Alway put password when want do admin thing. Ok?

Somebody should make a Norton UAC tool for Windows 7 ;D

-{ Quote: "You right but I say Windows people not used to clicking and putting password. Think Linux. Alway put password when want do admin thing. Ok?" }-
I actually use Ubuntu Netbook Edition on my Netbook. It's my overnight downloader and ultra-portable machine.
Not too bothered by entering password, because it's mostly for installing, updating, uninstalling, and configuring. With Windows LUA, it's a prompt for every program that needs admin rights, even a few on my startup.
If you enter the password on Ubuntu, it won't prompt you for a while after. With LUA UAC, it's prompt, then prompt, and then prompt.

-{ Quote: "I actually use Ubuntu Netbook Edition on my Netbook. It's my overnight downloader and ultra-portable machine.
Not too bothered by entering password, because it's mostly for installing, updating, uninstalling, and configuring. With Windows LUA, it's a prompt for every program that needs admin rights, even a few on my startup.
If you enter the password on Ubuntu, it won't prompt you for a while after. With LUA UAC, it's prompt, then prompt, and then prompt." }-

Why you use Windows at all then. Your answer will be nice because I can use it for those who say Linux better Windows. If Linux better Windows why still use Windows. Ok? Also if you do so many admin work why you need so many security. If you do many admin work mean you need less security. Mean you know how to keep clean any way. Ok?

-{ Quote: "Why you use Windows at all then. Your answer will be nice because I can use it for those who say Linux better Windows. If Linux better Windows why still use Windows. Ok? Also if you do so many admin work why you need so many security. If you do many admin work mean you need less security. Mean you know how to keep clean any way. Ok?" }-
Currently I'm not used with Linux yet, and it doesn't seem provide everything I need. I can't install anything other than binary packages without tutorials.
I've got to say that Windows software is more superior at the moment as well.

One of the biggest caveats is my damned widescreen monitor. It's EDID is incorrect and forces Window to use low resolution. Had to use ATI CCC to ignore it. As for any Ubuntu-based distros, "Out Of Range" appears at even the Live CD. Not sure about other distros, but I doubt I can get the correct resolution without some serious tweaking out of my technical skills.

Also got to add that as Linux gets more popular, there will be more malware for it.
Which is the best rootkit remover / protection for Linux?

-{ Quote: "Also got to add that as Linux gets more popular, there will be more malware for it.
Which is the best rootkit remover / protection for Linux?" }-

I get my popcorn and drink now. You will get some very nice reply!

only mse and a firewall if you need outbound protection is ok
you can use also use wot and noscript in frirefox and malwarebytes and asquared on demand and you are perfect

-{ Quote: "Umm, some people do things that require being an admin. LUA is very nice, and very much better than running as Admin from security perspective. But, LUA is the most annoying thing when you constantly do things that requires admin." }-

Sul, you don't fall into the typical category of one who does things with their pc such as browse the web, email, play games, listen to music, use the office apps once in a while, as opposed to yourself who does things to it. You've mentioned the latter about yourself many times :) You are also far and away more advanced than the average pc user too, although you are too modest to admit it.

TBH, it really pains me to know there are so many out there who run full administrator when there's no need to. Sure they have an arsenal of kernel-hooking-and-conflicting security apps to watch over them, but that's the whole gist of the problem; they are sacrificing performance and stability on their machines to compensate for the dangers of running with full privileges just so they can gain convenience and run their admin-only programs (I really wonder what those programs are?? ). The linux concept of supplying credentials whenever privilege escallation is required is, imo, a sound policy, and nothing wrong with using a similar approach (runas.. or UAC credentials) in Windows.

Oh, to respond to J_L, no, I doubt anything can bypass your fortress, unless that fortress collapses upon itself due to some conflict.

MSE really lags Paragon and makes it so unresponsive that it's a pain to create my images. Therefore I had to uninstall it, and opted for customized Avast (not all the shields).

A note for users trying Avast on Windows 7 64-bit with default-deny SRP, you have to add it as an exception rule or the AvastUI won't startup. Manually opening it worked fine for some reason.
Avast installs in the Program Files folder even though the processes are followed by *32. That may have confused my SRP, which normally allows anything under %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% (Program Files), and Program Files (x86). My UAC may have something to do with it as well.

-{ Quote: "TBH, it really pains me to know there are so many out there who run full administrator when there's no need to. Sure they have an arsenal of kernel-hooking-and-conflicting security apps to watch over them, but that's the whole gist of the problem; they are sacrificing performance and stability on their machines to compensate for the dangers of running with full privileges just so they can gain convenience and run their admin-only programs (I really wonder what those programs are?? ). The linux concept of supplying credentials whenever privilege escallation is required is, imo, a sound policy, and nothing wrong with using a similar approach (runas.. or UAC credentials) in Windows." }-
I agree completely. I really feel it is those who advance past "basic use" that get into the situation of preferring Admin over User, because they are using things a basic user probably won't. Programs such as Unlocker. It does not play well with SuRun for example, so you choose whether you want to continue to use it or not. There are many such tools, many of them very useful if you actually need them. Instead of making concessions, one is then forced to either do without something they really like or need, and just make do. At this point, if you know enough, why not run as admin. If you don't know enough, then as you suggest you must rely on so many other tools to help keep you safe. Whether these will sacrifice performance I would say is not black and white though.

Myself, I seek to minimize what little "typical" use I do within sandboxie or other means the OS provides. Imaging is my best friend, but I am always putting images on or making new ones, simply because I am playing with the machine. If I were to only do typical things, I would login as a User only. Many problems solved.

So many though rely on specific software that needs or is easier to use in Admin. Windchild suggested to dump such software and move on to ones that play nice in userland. I have to say, I agree with that, but it is sometimes hard to actually do. Perhaps as M$ bends more to not giving people admin accounts from the beginning, more software will adhere to userland protocols and this problem will erase itself.

But the bigger question, why stay with M$ at all? *nix is stable (or can be after learning much configuring) and offers much of the same basic tools. So, one could say if everyone switched over to *nix, it would be better. M$ won the OS wars because any fool could install the OS and just use it, for the most part. *nix, after some recent activity with it, appears to have gained ground but not closed the gap. Installing M$ platform is still relatively painless for anyone who knows nothing. At least it gives the appearance that it works properly ;)

If *nix would just get gaming down, I think the computing world might just change for the better, as there would be no reason for a HUGE number of people to continue paying M$. But that is another topic...

Sul.

-{ Quote: "

But the bigger question, why stay with M$ at all? *nix is stable (or can be after learning much configuring) and offers much of the same basic tools. So, one could say if everyone switched over to *nix, it would be better. M$ won the OS wars because any fool could install the OS and just use it, for the most part. *nix, after some recent activity with it, appears to have gained ground but not closed the gap. Installing M$ platform is still relatively painless for anyone who knows nothing. At least it gives the appearance that it works properly ;)
" }-

Ubuntu, and its spin-off Mint, have come awfully close to providing a viable replacement for Windoze :) Within 30 - 45 minutes one can have it fully installed and updated with a browser, email, music and movie players, a full office suite (OpenOffice), optical media burning software and a torrent client. You're right about it needing to be more gamer friendly, but for those with only basic needs, it's a terrific option worth considering, especially since it virtually eliminates the need for antivirus or other security measures, It installs easily side-by-side with Windows or as dual-boot or even in a vm if desired, so there is the option of keeping Windows and running Linux for, perhaps, risky surfing forays. Whoa, I better be careful not to venture ot with Linux ramblings; you got me started on this, Sul ;D

bottom line is you can never be 100% secure. its a part of life. just like when ride a motorcycle, or drive a car, you will always have a chance of getting into an accident.

Simple answer to OP . YES !:(

-{ Quote: "Ubuntu, and its spin-off Mint, have come awfully close to providing a viable replacement for Windoze :) Within 30 - 45 minutes one can have it fully installed and updated with a browser, email, music and movie players, a full office suite (OpenOffice), optical media burning software and a torrent client. You're right about it needing to be more gamer friendly, but for those with only basic needs, it's a terrific option worth considering, especially since it virtually eliminates the need for antivirus or other security measures, It installs easily side-by-side with Windows or as dual-boot or even in a vm if desired, so there is the option of keeping Windows and running Linux for, perhaps, risky surfing forays. Whoa, I better be careful not to venture ot with Linux ramblings; you got me started on this, Sul ;D" }-

Correct. I no excuse not use Ubuntu or Mint. They is better than Windows. But then there is no more fun and as you say no way to play many game. Also I read advance chinese programmer hacker say Linux is just as easy hack as Windows but just no market target for it. One other programmer say that Linux less secure than Windows! If true then may be Windows is fine. Ok? Sound like we believe Linux more secure because no one get infect on it. Not yet? By way I try argue that Linux more secure but I no know how argue against programmer with high knowledge. Ok?