Newby
May 23rd, 2010, 03:31 AM
Okay,
I have to use an older PC (because somebody messed at work, our company laptops do not allow a second admin user on a different group anymore). So did gather some advice through PM (thanks).
This is what I have come up with on an desktop XP Home SP3
Behind Router with NAT firewall
Windows XP Firewall
Comodo Time Machine
To reduce updates on C: [Windows] partition I created a seperate Data Partition (excellent tutorial on Mrkvonic site) and moved Temporatay directories to a special Temp partition (same as Kees1958 ) containing
- Internet net files
- Temp & Tmp variable
- Download directory
Policy Management
Running Admin with PGS (thanks Sully) with deny execute on Data and Temp partition and running:
- third party aps as basic user (flash, foxit, pdfcreator, 7-zip, java)
- internet facing aps as basic user
- my Softmaker office aps as basic user
PrevXSafeOnlineFacebook freebie
Note I deleselected the realtime MBR check, because it possibly interferes with CTM (just to be sure). I have gradually upped the heuristics (as Kees1958 advises), which are now
- heuristics = HIGH (apply AFTER age/population)
- Age = MAX (only look at latest to reduce CPU usage of PrevX)
- Popularity = LOW (only recent programs also)
The idea behind this setup is when PrevX spots something, I travel back in time on my Windows partition with CTM, because PGS protects other partitions I can't be infected (deny execute is simple and strong according to Rmus). CTM runs very efficiently (plus providing some MBR protection). PrevX3 freebie also scans for MBR rootkits, so I am not that worried running Admin. PrevX only looks at newest arrivals, so when infected I do not have t travel back to much (I hope :-). Becasue of this PrevX3 free also very lean, safe online only kicks in on https websites, so no CPU waisted while surfing normally.
Browser
I am using Chromium as primary browser. I enjoy its speed (using Adsweep, SiteAdvisior and Wot extentions). I am not looking for warez, not using any Peer to Peer or messagsing programs, not visisting dubious sites, so think I have a moderate Internet risk profile (and hope the sandbox is strong enough when Mcfee and Wot miss something out)
On demand
Using HitmanPro on demand (for the rare occasion I try-out a new program).
No outbound control
As said it is an older PC, so I want to keep it as lean as possible. I am also having doubts on added value of outbound (post intrusion) protection.
Thanks Newby
I have to use an older PC (because somebody messed at work, our company laptops do not allow a second admin user on a different group anymore). So did gather some advice through PM (thanks).
This is what I have come up with on an desktop XP Home SP3
Behind Router with NAT firewall
Windows XP Firewall
Comodo Time Machine
To reduce updates on C: [Windows] partition I created a seperate Data Partition (excellent tutorial on Mrkvonic site) and moved Temporatay directories to a special Temp partition (same as Kees1958 ) containing
- Internet net files
- Temp & Tmp variable
- Download directory
Policy Management
Running Admin with PGS (thanks Sully) with deny execute on Data and Temp partition and running:
- third party aps as basic user (flash, foxit, pdfcreator, 7-zip, java)
- internet facing aps as basic user
- my Softmaker office aps as basic user
PrevXSafeOnlineFacebook freebie
Note I deleselected the realtime MBR check, because it possibly interferes with CTM (just to be sure). I have gradually upped the heuristics (as Kees1958 advises), which are now
- heuristics = HIGH (apply AFTER age/population)
- Age = MAX (only look at latest to reduce CPU usage of PrevX)
- Popularity = LOW (only recent programs also)
The idea behind this setup is when PrevX spots something, I travel back in time on my Windows partition with CTM, because PGS protects other partitions I can't be infected (deny execute is simple and strong according to Rmus). CTM runs very efficiently (plus providing some MBR protection). PrevX3 freebie also scans for MBR rootkits, so I am not that worried running Admin. PrevX only looks at newest arrivals, so when infected I do not have t travel back to much (I hope :-). Becasue of this PrevX3 free also very lean, safe online only kicks in on https websites, so no CPU waisted while surfing normally.
Browser
I am using Chromium as primary browser. I enjoy its speed (using Adsweep, SiteAdvisior and Wot extentions). I am not looking for warez, not using any Peer to Peer or messagsing programs, not visisting dubious sites, so think I have a moderate Internet risk profile (and hope the sandbox is strong enough when Mcfee and Wot miss something out)
On demand
Using HitmanPro on demand (for the rare occasion I try-out a new program).
No outbound control
As said it is an older PC, so I want to keep it as lean as possible. I am also having doubts on added value of outbound (post intrusion) protection.
Thanks Newby