What is your security setup these days?

Dave,

PM Sully. when you are willing to try, Sul and I would like your feedback on the Safe-Admin program. It is now in early Alpha.

The tweaks are a threshold, but Safe-Admin will allow everyone to apply them and use it.

I would appreciate your involvement very much.

 

OS:
-Windows 7 Ultimate x86

Real-Time Protection:
-Kaspersky Internet Security 2011 CF1 (11.0.1.400 a.b) configured and password protected
-WinPatrol PLUS 2010 (19.1.2010.0) configured
-DefenseWall Personal Firewall (3.0 configured and password protected
-Wondershare Time Freeze (2.0) password protected

Complementary Protection:
-GPO/SRP/UAC/SEHOP/DEP/EMET
-Autorun/Autoplay disabled

Browsing Configurations:
-Firefox with WOT (+ DW)
-Download directory is protected via DefenseWall and rest of drives/data folders are also secured via DefenseWall

Comments/Suggestions?

 

interesting idea, KIS and DesWall ... did they get a long well. or u shut off kaspersky firewall?

 

@Kees

I'd imagine there to be many,..users informed from people like yourself to users that go back along way. Public machines that are locked down with only a 'stunted' browser and intranet.

How far away is Safe-Admin's release?

 

AVG 9 paid
Private firewal free
MBAM pro SafeReturner pro

 

Well the nice thing about Safe-Admin is that it does not lock, but only provides selective deny execute

1) non-signed drivers and programs are not allowed to execute elevated

2) internet Browser and mail are put in low rights world completely, making it impossible to harm the normal (medium) rights programs and files on your PC. IE and Chrome run in Low rights (protected mode). Safe Admin brings these benefits also to FireFox and Opera users (the GUI supports only the 4 main browser).

3) It sets a deny execute on Download directory and Mail directory to prevent drive by attacks.

So it creates two clear borders between low -> medium and medium -> high objects on Vista and Windows7. Deblocking is possible: low -> medium with right click context menu and move out of download/mail directory; medium -> high with 'run as admin' from safe location. So for both elevations two user actions are required, being
a) move the executable to a different directory
b) apply a right click menu action (remove block or run as admin)

In my testing it turned out that Safe-Admin is still secure and effective when UAC is set to silent. This way UAC becomes a non-issues (it provides protection without being intrusive, the only UAC prompt you will see is when you put something with explorer in a UAC protected area like Windows or Program Files).

Benefit for Noobs is that it comes with a GUI and a wizard to guide the user who does not has the knowledge, benefit to pro's (like yourself) is that it is able to interpretate a scripting file with a clear mnemonic syntax. The latter will allow you to help protect your clients which fits their PC usage/environment (e.g. adding P2P programs in a low rights world for them, this only requires a one time investment on your side and replicate the script to all your customers).

I have some friends who use Safe-Admin (I manually set it for them). All seven are average PC users with no OS, registry or security knowledge. They understand that it protects them from unwanted (low -> medium) or unsafe (not signed medium -> high) installations. Good thing of Safe-Admin is that is real easy to use, but hard to set manually. Fantastic feature of Safe-Admin GUI is that even Noobs can install it now, so this is a break through on usefullness (since everybody can install it now, it was allready easy to use).

Sul and I discussed the 'wizard', the 'script interpretator' and the 'worker' (a 'dumb' command line program). All changes are backed up in the registry. The GUI and Script interpretator also won't allow system lockout (e.g. setting a low rights on Windows or a deny execute on Programs Files directories). It is a modular design with re-use of functionality.

All mechanism and settings are checked and seem to be working. It is all up to Sul to blend it together. It is quite a programming effort and for Sul security/programming is a hobby, so it competes with family and social network time. I have a bachelor in IT and years of software design/programming experience (as a free-lance in my thirties). There is nothing amature about the design and programming of Safe-Admin. Main reason is Sul's ambition to make it really good. When I said no that is to complex, you have to develop a wizard and some sort of object request broker. He said fine, let me dig my teeth into it. Therefore the time expected to create this has trippled (for Sul). His skills are now at least equal to a full time job programmer/designer.

Best to PM Sul for due date. I think it will take a month or so to complete.

Regards Kees

 

i want to try the Safe-Admin

 

I really, really want to try the Safe-Admin!

 

it sounds interesting man and fun

 

You need Vista or Windows7 for it.

 

Kaspersky Antivirus 6.0

 

AVG Anti-Virus 2011 (paid)
Hitman Pro
Windows 7 Firewall

How simple is that....

 

Hehe very simple

 

I agree with you here. I've been running MBAM for a while and never had any problems or slowdowns because of it. It has helped me save 3-4 computers from oblivion lmao. Only time memory usage becomes an issue is for someone who doesn't have a lot of ram.

 

Finished my wife's laptop setup (she is on a short weekend trip with two friends so I can hack her PC as much as I want ).

Added same Safe-Admin setup https://www.wilderssecurity.com/showpost.php?p=1775211&postcount=11560


With this really nice find ro start antivirus when EXE is created in specified folder trick (so real time on-demand protection on a specified folder )

https://www.wilderssecurity.com/showthread.php?t=285538

Cheers

 

I haven't messed with IE myself, as I use Chromium, and recently I've also installed Chromium to a family member, leaving IE only for home banking. But, were you able to mess with the ILs? Also with WMP? I'm guessing the reason is that UAC is set with less restrictive permissions With UAC maximum settings, not possible. I'm not even sure it is due to UAC, because to mess with ILs one needs Administrator rights, so UAC issue would be bypassed. At least, that's what I think.

So, what did you do to change WMP ILs? As I pointed out in the other thread, I was denied access.

Do you mean an explicit low IL (the way I run it)? Or the default low IL?
If the first option, then the Downloads folder would need to be set with a low IL as well. But, since you mention to remove execute rights, I'm assuming you mean the latter option.

What security benefits do you get from virtualizing Chrome? Wouldn't it just make Chrome write to user space, which already does?

Hmmm... Do you run all those antimalware tools as on-demand Or was it only part of your testing? How did you perform the testing? Have you compared what was on the system already, against what was created/modified, etc afterwards? Or, did you just check with those antimalware tools with scanning results coming out clean?

 

Norton Security Suite, Malwarebytes (registered), Super Anti-Spy-ware.

To protect data: ShadowProtect running to second internal 1Tb drive, and ClickFree device attached to external 1Tb drive.

 

Norton Antivirus 2011

 

Avast 5

 

Wow, you change both antivirus?

Sorry for my english!

 

You are right, I like Vista as OS best. I degraded from Windows7 on my wife's laptop to Vista again (reason SRP works, now I remember these troubles were the reason). I thought I had managed once. With WMO you have only read and execute rights (RX), have you tried adding WDAC (write DAC) and then trying setting Low rights? I went the easy route to set a basic user SRP for WMP.

No an explicit low. Also downloads has an explicit Low

Only because IE runs protected mode and also sets the process virtualised, there must be some benefits when the guys who have written the OS apply it. So not really a direct reason, but circumstantional reason I would say.

Only part of the testing. Also registry monitoring and file monitoring tools. That is how I found out about https://www.wilderssecurity.com/showthread.php?t=284820

Regards Kees

 

Mhm

 

I'll try that out.

OK. You forgot to add that bit of information, regarding the Downloads folder, then.

It does make sense. After all, and if behavior is the same as what happens with apps requiring admin. rights and that run virtualized, then IE and Chrome won't be writing to the user space, rather to a virtualized one.

 

I got enough reserves to relieve an entire country from pop ups

 

removed MBAM, added Hitman Pro and Prevx Safeonline (FB Edition)