What is your security setup these days?

Discussion in 'other anti-malware software' started by dja2k, Dec 15, 2005.

  1. Kernelwars

    Kernelwars Registered Member

    Joined:
    Aug 12, 2010
    Posts:
    2,155
    Location:
    TX
    howz this system resources.. do you feel any drag?:doubt:
     
  2. The Seeker

    The Seeker Registered Member

    Joined:
    Oct 24, 2005
    Posts:
    1,338
    Location:
    Adelaide
    Using around 19MB currently, no drag felt.
     
  3. cm1971

    cm1971 Registered Member

    Joined:
    Oct 22, 2010
    Posts:
    727
    I have Online Armor on a laptop and feel no drag either. :thumb:
     
  4. Threedog

    Threedog Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    1,125
    Location:
    Nova Scotia, Canada
    Still using Defensewall and Shadow Defender. Do the occasional on demand scans with SAS Pro and Avira Premium.
    Did have Prevx but subscription almost out and don't want to renew until I find out where they are going with pricing and switch over on the new product.
     
  5. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,146
    I wish I could use DefenseWall on 64bit.

    What's it like using it? Do you ever have programs that are incompatible? Every have to whitelist a program?
     
  6. Threedog

    Threedog Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    1,125
    Location:
    Nova Scotia, Canada
    Very easy to use. I haven't found any incompatibilities. Never had any need to manually white list a program. Any problems I have ever had Ilya was right on them.
     
  7. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,146
    Great. That's exactly what I'd like.
     
  8. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
  9. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    I changed my security again :D

    Chrome 13 +Adblock Plus and Ghostery (I know, I complained a lot about Chrome, but it's behaving alright and it has sandboxing/low integrity..can't beat that)

    EMET (Got the thing to working right somehow. Very few apps are under it, Chrome I unchecked EAF, as I understand Chrome already has it's own method?)

    Avast Free

    MBAM Pro

    Windows 7 services tweaked


    I removed Sandboxie. I don't think with EMET and Chrome that I'll be needing it. I'm tempted to put an easy to use firewall on, perhaps OA free if past issues like remembering answers has been fixed. Comodo is a bit over my head, too many settings and complicated things I don't want to mess up.

    Now, on to more important matters----who wants to make bets this setup changes quite a few more times? :D
     
  10. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    This is very close to what I am doing, but without Avast and MBAM.

    I have been using Chromium at defaults (chrome/chromium, same thing almost), tweaked services and EMET in default mode (whatever it comes with).

    I did manually set my downloads directory to Low Integrity.

    I did keep Sandboxie, however Chromium has not been running in it. Instead, I use it to force my downloads directory into a sandbox with no outbound network access. In this manner I can execute what I please from there before deciding to keep it, examine it further, or submit it to an online scanner. In your case you could run Avast or MBAM against such things.

    I have been doing this for maybe 1 1/2 months now, nothing ugly to report at all.

    Very light setup.

    Sul.
     
  11. 1chaoticadult

    1chaoticadult Registered Member

    Joined:
    Oct 28, 2010
    Posts:
    2,342
    Location:
    USA
    I bet it will change a few more times..:D
     
  12. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,557
    DUALBOOT No Realtime AV and FREE Security Setup

    1. Windows 7 Profesional SP1 32-bit (Used mainly for Gaming and family use)

      • System Partition (Returnil Virtualized), Data Partition (storage), Apps Partition (Sandbox Directory)
      • Microsoft Baseline Security Templates, Software Restriction Policy (SRP), UAC set to highest, EMET and 1806 trick (3)
      • deny Everyone from executing on data partition and download directory, userpace including desktop
      • disabled unnecesary services (ie. print spooler, windows search, windows defender)
      • Windows Backup and Restore (system image backup)

        • OpenDNS / OpenDNS FamilyShield
        • MVPSHOST

        • Trusteer Rapport

        • Returnil System Safe FREE (3.2.12918.5857-REL14)
          • Enabled Password Protection
          • Trust Programs from real disk only
          • Virus Guard: Disabled.
          • Virtual Mode: Always ON.

        • Mozilla Firefox (5.0.1)
          • Noscript
          • Adblock Plus


        • Sandboxie FREE (3.57.02)
          • Relocated sandbox directory into Apps Partition.
            1. This will allow me to install apps even when Returnil Virtual Mode and Anti-executable is ON.
            2. Programs installed in the sandbox can run properly because its will be running on a virtualized environment created by sandboxie
              and is on unvirtualized/real disk/partition thus not affected by Returnil's anti-executable.

          • Excluded/Unrestricted Sandbox Directory from SRP.

        • Hitman PRO (on-demand scanning)



    2. OpenSUSE 11.4 KDE (32-bit) (used mainly for pr0ns / P2P downloading lol)

      • ---

        • Firefox with Noscript and Adblock Plus



    Comments and Suggestions are welcome.
    -Konata Izumi​
     
    Last edited: Aug 4, 2011
  13. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    I saw a post from you describing how to do this with icacls, but I never could get it to work. icacls.exe just flashes on the screen a split second and never stays up for me to insert the command. I think it's "icacls "C:\Users\your_username\Downloads" /setintegritylevel (oi)(ci)Low"? (without the quote tags obviously).
     
  14. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,146
    icacls "C:\Users\your_username\Downloads" /setintegritylevel (oi)(ci)Low


    Should work. Make sure you're running an admin CMD.
     
  15. Eru

    Eru Registered Member

    Joined:
    Mar 23, 2010
    Posts:
    108
    Location:
    Poland - Sosnowiec
    PC:
    Notebook:
     
  16. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,557
    you have to open cmd.exe as Administrator (not icacls.exe)
    then type your command there. :rolleyes:

    you can put /t at the end of the command to see the changes.
    Code:
    icacls "C:\Users\your_username\Downloads" /setintegritylevel (oi)(ci)Low /t 
     
    Last edited: Jul 31, 2011
  17. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,146
    Very pleased with my setup still. I haven't had any need to change it. Running malware on my system (no VM) from my downloads folder has not led to infection. The combination of LI and sandboxing is more than enough restrictions to break malware. I was also able to block direct disk access to one program through Mamutu, which detected it quickly and quarantined the malicious file.

    At this point I'm just wondering how I can get infected. I still need to test Black Day against the latest Comodo but I can't find a sample.

    All I'm really looking for is full virtualization ala sandboxie but thankfully CIS 6 will (rumored) have that for free.
     
  18. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,146
    Network
    DDWRT Router running recommended build
    DDWRT firewall turned on
    MVPS Host File stored on router for network wide adblocking
    Google DNS

    Realtime Protection
    Mamutu Behavioral Blocker
    Beta updates
    Allow program if 92% of community members allowed it.
    Deny program if 88% of community members allowed it.

    Comodo Firewall and Defense+ 5.8 Beta
    (Password Protected)

    Comodo Firewall: Safe Mode, Alert Settings Low
    -- Ports Stealthed
    -- Enable IPv6 filtering
    -- Protect ARP Cache
    -- Block Fragmented IP datagrams
    -- No protocol analysis, no monitoring NDIS protocols other than TCP/IP

    Comodo Defense+: Safe Mode
    -- Autosandbox as Limited
    -- Force Java into Restricted Sandbox
    -- Force Digsby into Partially Limited sandbox
    -- Force Vaio Event Service/ Battery Manager and IE9 into Partially Limited sandboxes

    System Hardening -- Windows 7 64bit Ultimate
    UAC on Max
    EMET: DEP Opt Out, SEHOP Opt Out, ASLR Opt In. All internet facing applications forced to run with EMET.dll and a few others as well.
    Downloads folder and all contents forced at Low Integrity
    NiNite for updating
    Disabled some services
    As few programs installed as possible. Only what I need and when I'm done with something it gets uninstalled and I make sure that everything is gone.
    Digsby and MiPony's .exe's set to LowIL.

    Browser -- Chrome Beta
    Javascript on a whitelist
    Built in malware protection/ download scans
    Default PDF reader -- no adobe necessary

    Backup Browser -- IE9
    Max security settings via IE9's default options

    Portable On Demand Scanners/ Tools -- USB Drive
    TDSS Killer
    JavaRa
    RKILL.com
    AVZ4
    Dr Web Cureit
    SuperAntiSpyware Portable
    Hitman Pro
    Emsisoft Emergency
     
  19. JoeBlack40

    JoeBlack40 Registered Member

    Joined:
    Apr 1, 2009
    Posts:
    1,584
    Location:
    Romania
    Changed to
    Avira free
    Mamutu
    Sandboxie
    Win7 Firewall Control
    :cool:
     
  20. enemyofarsenic

    enemyofarsenic Registered Member

    Joined:
    Jun 18, 2011
    Posts:
    85
    Is there like a site with instructions on how to set up "Low Integrity"? And also like an explanation for what it does?
     
  21. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,557
    a lower integrity object cannot read/write/execute in higher integrity object.
    there are 3 integrity levels Low,Medium,High.

    just search around here to learn more about it. :thumb:
     
  22. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    Worked fine, thanks a bunch :) Brand new to doing that, so if I need to install anything, will it install correctly from there? Or do I need to move the executable from that directory? Going by Konata's post above, it sounds like an install could get messed up.
     
    Last edited: Jul 31, 2011
  23. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    Once you set your downloads directory to a Low IL, whenever you execute anything that lives within it, what you executed will start with a Low Integrity Level.

    If you are Admin, most of what you do is at High IL.

    If you are UAC/User, most of what you do is at Medium IL.

    If you are guest, things are at Low IL.

    Other directories and files will have a default IL of Medium. Only very few and specific areas will have a High or Low IL. AppData/Low is one area that has Low IL by design. So, if you execute something from your downloads directory (that you used icacls to force to Low IL), it starts as Low IL, and while it can read/execute in Medium or High IL locations (remember Medium is the default unless stated otherwise), it will not be able to "write" or modify.

    You end up with a directory (downloads) that once you execute something within, is treated as a guest, and cannot even write to your user profile directories. It can only write to the AppData/Low directory, and possibly a few other very choise lcoations.

    It is a method you can employ to make sure that your downloads directory is restricted, but not so restricted you cannot execute. It doesn't stop drive by downloads that might get put there and executed, although you could set that directory to NoExecute. But it does rather severely limit what is executed within the downloads directory from being able to modify anything else.

    The use I see is to put the Low IL in place on the downloads directory. Maybe it is there for only preventing accidents/drive-bys, or to execute to test and know it is restricted. If you decide to keep something, just copy it from the downloads directory to some other location, then execute it or whatever. If you copy a file/directory with an IL you have created (called an explicit IL), the copy will have no IL (meaning medium by default). If you move the file/directory, then the IL moves with it.

    I have explained this about a dozen times, in varying degrees of detail, if you would like to search it out. I don't mind repeating it, I am just saying you might find some of the other explanations better understandable.

    Sul.
     
  24. gobbledog

    gobbledog Registered Member

    Joined:
    Jan 2, 2007
    Posts:
    40
    Location:
    Everywhere
    REAL TIME

    SAS
    MBAM
    OUTPOST 7.5.1 (PRO)
    SPYWARE BLASTER
    WIN PATROL
    AVAST

    ON DEMAND

    HITMAN PRO
    SPYBOT

    death to all scumware!!!
     
  25. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    Sorry for repeat questions, Sul. I did some searching before I posted this, guess I didn't search well enough :D I understand what you just explained though. If I feel the file is safe enough, I'll copy it to my desktop and execute it from there. Thanks a ton for the help everybody :)
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.