What is your security setup these days?

My setups are often overlap as well. I'm still not sure is it good or not. The only criterion I have for now if the setup is lite. Maybe there's other criteria?

As for EICAR actually only AV can react to it - by detection. MBAE and AG cannot react as EICAR does nothing to trigger reaction.

 

Not much to do in malware prevention, so I started fooling around in privacy and anonymity matters. Trying to figure out how to arrange chained anonymity services. Probably going to try VPN --> VPN --> Tor setup but I'm still not really decided.

~ Removed Off Topic Remarks ~

 

Hmm... while I'm at it, I think I'll also start messing around with AppArmor as well.

 

Yes, as you once said "great minds think alike." I also use Norton ConnectSafe DNS. If you can P.M. why you went back to EAM from EIS.

 

using a new setup and am really liking it.
Emsisoft Anti-Malware
Hitmanpro.alert 3

and daily incrementals using macrium reflect 6

 

New here and I'm running Forticlient AV and webfilter alongside shadow defender for piece of mind.

 

Outpost Pro plus Sandboxie on Win7 64 bit.

ST HIPS, PFW plus Sandboxie on XP SP3.

Regards Eck

 

Windows XP SP3
Shadow Defender 1.4.0.578, Look 'n' Stop firewall, WinPatrol Plus.

 

My new security setup (WIndows XP Home, Admin account):

1. ESET NOD32 Antivirus
   
2. CryptoPrevent
3. Chrome runs limited (plugins click to play, μblock, poperblocker)
4. Firefox secondary browser runs limited (NoScript tighten restrictions, Strict Pop-up Blocker) mainly for playing an online flash game
5. Norton Dns on router
6. SpywareBlaster
7. No Java

 

There was a setting in that old version of Avira I used that made a significant difference too, whether I checked it or not. I forget exactly what it was, but think it required a restart to make it take effect... that's often a tell-tale sign that it's something that will have a substantial affect... requiring that reboot. Think it may have even said that enabling it could affect system performance... another red flag. Comodo FW/D+ (v5 anyway) has one too in the firewall settings < Advanced, at the bottom. I generally make it a rule of thumb not to enable such things.

Avast ran light for me too, especially after I tweaked it just the way I wanted it. I'm a big tweaker/fine tuner. I had it integrated with my OS's Group Policy to fire/scan upon opening any new files introduced to the box... without the File Shield even having to be enabled. I didn't use the Web Shield, Mail Shield, or anything else I don't think. Just that feature. So that thing was uber light that way. I'm surprised more people didn't take advantage of this. I did hear 1 other person (at least) mention it in here. But Avira was still lighter yet, if you can believe that. And I really liked it's scheduler too. It was very granular. And you could tweak it to get automatic updates more often than you were supposed to be able to. Like every few hours instead of once a day. And found a tweak to remove the splash screen as well. Then it was an awesome free AV. The best there ever was, IMHO. Avast comes a close 2'nd with that GP integration... very handy.

 

That's a darn good router you got there. I was thinking about getting one but elected to go with a Netgear AC1750 R6300v2 instead. But I had my eye on yours. Let me know how it's working out for you. I'm running the "Open VPN Small" dd-wrt build. It has everything you need to run an open vpn setup through your router without the frills... saving any extra juice for essential functionality. It's a great build that I highly recommend to people that mainly want dd-wrt to run VPN(s) through their router without a bunch of extra jazz... save that bandwidth & overhead.

 

Home PC:

Windows XP Pro SP3: Secondary Admin., Default Deny SRP, GP/LP hardened, Folder Permissions
Autorun disabled, Services barebone, NetBios over TCP/IP Disabled, All ports closed at OS level, Non-Local SysKey, Secure Logon enforced

Modem: Motorola / Arris Surfboard 600 Series, Model SB6183. DOCSIS 3.0 Cable Modem
Router: Netgear AC1750 R6300v2 w/dd-wrt firmware, "OpenVPN Small" build

Comodo FW/D+ v5.10 - Custom Policy Mode, Alerts- Very High- All checked except ICS server setting, Advanced- All checked, All ports stealth
D+ - Paranoid, Untrusted, Cloud settings unchecked (rest checked), Sandboxing disabled/all unchecked. All monitoring enabled. Trusted vendor list (vendor.n file) deleted
Trusted Publishers certificate deleted, cpf & cmdagent both block rules in FW
Sandboxie Lifetime v3.76 - All removable files and new/incoming files autosandboxed & isolated. Internet facing apps in restricted boxes.
Shadow Defender v1.1.0.325 - All partitions in S.M. w/ a few exceptions (Favorites, Power Options, Game save states, 1 partition for new downloads)
Macrium Reflect v4.2.3638 - Clean images at various states (Fresh format, OS install, + updates, Programs, Data)
TrueCrypt 7.1 - OS partition, Hidden Volume

On demand scanning

VT Hash Check 1.01
Malwarebytes Free v2
Hitman Pro 3.7 (portable)
TDSS Killer v3
GMER v2.1

Firefox v27.0.1 - Adblock Edge, Calomel SSL Validation 0.70, CS Lite Mod, HTTPS-Everywhere 3.5.3, NoScript 2.6.8.16, Private Tab, RequestPolicy, WOT, Youtube ALL HTML5, Element Hiding Helper for Adblock Plus.

ABE Subscriptions: EasyList, EasyPrivacy, Fanboy's Annoyance List, Malware Domains

No Plugins, No Java, No Flash, No Silverlight, No MS Office, No .NET Framework, No PDF program, No Internet Explorer or Google Chrome, No WMP, No Quicktime, No Winamp, No Shockwave, No ITunes, No Skype.

VLC in restricted sandboxed where only it can start/run, internet blocked, rights dropped. Tight HIPS enforcement as well.

 

Just get the ASUS ones, and you have TREND lifetime for free.. No reason to buy anything else - just be careful which firmware you plant on it, otherwise Trend alone makes it a better choice.

 

Because maybe he wants something else? Not everyone needs to run Trend.

 

There is nothing to 'run' with Trend on the router. It's seamless, doesn't drop throughput, and adds a tremendous layer of security. There isn't anything to run, or install, it's at the hardware level on the router. That makes it the best solution out there in the mid to upper end consumer router market.

 

Yes I know this, but not everyone has to run what you suggest or push on people. You sound like a salesman.

 

I just follow the path of Surak, the path of logic. Given choices in comparable price range, I think it's simply logical to use the one with the most advanced, and protective technology. Nothing more, nothing less.

Let's not derail this any further!

 

Setup is as per signature. Recently added FF and µBlock running in Sandboxie.

 

i'm trying to beef up the security on this laptop for someone that banks/shops with it on public wifi while traveling

so far...

Windows 8.1 64bit - basic hardening, UAC max, standard user account
Tinywall, Avast free (hardened mode/aggressive, sensitivity/high), MBAM free
Chrome (hardened): click&clean(clear all data on exit), HTTPS Everywhere, uBlock

i wanted to add something for targeted phishing & keylogging - maybe Trusteer Rapport or Zemana free? is there a good comparison of these 2 or anything else to suggest?

i was just going to suggest they use HTTPS Everywhere to block HTTP traffic while banking/shopping, but after reading an article on DNS leaks i'm thinking of adding DNScrypt or Zenmate (VPN) to the mix - comments??

What about a dedicated browser like Safepay free for banking/shopping? i'm thinking it'd be more secure to just add Zenmate to the Chrome profile above.

anything else to suggest? need to keep it pretty basic for the user.


Thanks for any help

 

Have been without AV since end 2006, started to use Panda Free as real time protection for execution in user folders/partitions, because system impact is minimal (chrome cold launch 0.1 second delay, consecutive cached launches 0.04 second delay).

Panda Free as realtime on execution protection for user folders/partitions only:
- de-installed device agent (GPO prevents autoruns and execution access to USB devices)
- excluded UAC folders in realtime AV protection (GPO/UAC prevents elevation of unsigned)
- disabled process monitor (SRP deny execute for basic users, right click 'run as admin' is allowed)
- disabled Panda news (spam could be a deal breaker, but so far so good, no ads or pop-ups seen yet)

After the 1-5 victory in Brasil, I could leave the 2010 final behind me and was mentally ready to install a spanish AV

 

Sandboxie, and some other stuff.

 

Agree.

 

It was good advice though, I didn't take it that way at all. The one I got was $60 cheaper though and had everything I wanted. IMO it's the best bang for the buck out there right now. Netgear has come a long way since their WNR lines. The R6300v2 is a powerful unit, and can handle any firmware build you can throw at it. I was gonna throw the Giga build on it initially but decided I just didn't need all that crap. So went with the OpenVPN Small build instead.

The one he recommended is a great value too, and I was considering it. But it didn't really offer anything I needed that I didn't already get out of mine after adding the dd-wrt firmware, and for $60 less. I don't regret my decision one bit.

And for those that don't know there's a bigger difference than one might think between the regular R6300 and the v2. You should look into it if you plan on getting one.

 

Huge update for me. Many changes/improvements.

Connection/Multi-Homed:
160Mbps Cable Connection WAN1
AT&T 10Mbps DSL - Multi-Homed, Failover via WAN2.
AT&T 4G LTE Hotspot Box - Provided by work for free, in the event everything else fails.
OpenDNS

Frontend:
Motorola DOCSIS3.0 SB6141
Sophos UTM 9.3 Layer 8 NGFW/UTM Appliance
ASUS RT-AC87R (Access Point Mode Only)
Layer 3 GBE 16 Port Switch (Cisco)

Systems:
Win 8.1x w/Tweaks+Lockdowns
Norton 2015 w/Aggressive Settings
PeerBlock (paid, with all Malware/Adware databases - 1.5 million IP's blocked)
Admuncher (for Heuristic Script and Webbug Blocking)
Chrome w/uBlock(default),Glove, WebRTC Block, Vanilla Cookie HTTPS Everywhere, Norton Toolbar.

Backup/Redundancy
Lenovo IX4-300D 12TB Raid10 Network Access Storage (NAS)
3X Cyberpower 1500VA AVR UPS
Generac 20,000 Watt Air-Cooled Aluminum Enclosure Natural Gas Powered Standby Gen w/Transfer Switch

Network Structure
Subnet Segregation
VLAN Isolation

I also run a variety of servers. Including an obfuscation server that pushes out 'fake' network traffic, searches, and activity to mask real activity. In addition to a security system (including cams) server.