What is your security setup these days?

Lighter is better. And some apps (and their users) just so happen to enjoy the favor of their designer and are tailor made with just the right balance of effectiveness and control with minor footprint to the machine cycles.

ADDED: (once again) COMODO FW/D+

I simply don't feel even Windows 8 is secured enough without a dependable separate HIPS

 

Again about my config for XP with DW PF and Baidu.
Windows Firewall - On.
Baidu is configured to be pure OD only, without anything resident.: I've made its both services "Baidu Antivirus Service" and "Baidu HIPS Service" in only Manual Start. The only inconvenience is that in order to make a scan with Baidu I must manually enable its "Baidu Antivirus Service".

So now only DWPF is resident and Baidu is used only for OD scan.

 

Windows Firewall
EMET
ExploitShield
Panda Cloud Antivirus

 

After getting used to a HIPS, I think I'd feel kinda naked without one now myself. I just want to know exactly what's going on on my machine, and to have the power to decide what does or doesn't happen. I think... it computes, and I'd like to stay on top of that food chain.

 

Windows 7 Ultmate 32 bits (E5200 dual core at 3 GHZ with SSD + 2xHDD) with router and NAS

Home network (LAN) protection
01. Router (inbound) and Windows FireWall also blocking outbound applications

Malware mitigation for All Users/Integrity Levels
02. Deny installation/elevation of unsigned drivers-activeX-PS1scripts/executables (GPO/UAC)
03. Memory exploit protection DEP/SEHOP/ASLR (system) and EMET 4 (explorer and 'user' applications)

Infection restrictions for Basic Users/Medium IL
04. GPO Locked User configuration (FW-rules, logon, shell, command/scripts, com, auto starts, task creation)
05. SRP Deny execute for Basic Users for all files in user folders (installing software with right click 'run as Admin')

Threatgate intrusion protection
06. Media Player Classic, Evince PDF-Reader, 7-ZIP (unsigned) and Outlook (StripMyRights) run in LUA container
07. Chromium (unsigned) with internal sandbox using chrome PDF & PPAPI-flash with Safe Browsing & ABP extension
08. Deny execute for Everyone in (drive-by) download/internet/mail/media folders and (drive-in) USB through ACL/GPO

Real time system protection
09. SpyShelter free restricted USB, Public Users, D:\, F:\, enabled system protection module only with three security zones:
- deny all actions (HIPS) rules for all 'user' applications (PDF, MediaPlayer, 7-ZIP, Ms Office and Chromium)
- auto allow (SAFE) Microsoft signed (effectively limited to the Windows7 OS only)
- ask user (IDS) for all other binaries intruding system space

On demand (monthly) scan's
10. Microsoft's Malicious Software Removal Tool (Windows updates) and HitmanPro (Data and Image backup)

 

Currently using Kis 2013 and emet, I'm thinking of trying Bdav free along side comodo fw/d+

 

When I get a windows 8 laptop for my birthday I am gonna use Windows Firewall+Windows 8 Windows Defender+Smartscreen filter/UAC(Both high has possible)+MBAM Pro+AppGuard(LockDown Mode)+Hitman Pro(One full scan a day)

 

Anyone?

 

NIS 2013
EMET 4.0
MBAM paid version (on demand)
FF + NS

 

Good Evening! Just re-installed Emsisoft 7.0.0.21 alongside WSA Essentials...Benz and Porsche...Smoooooth...and Lethal! Sincerely...Securon

 

i have those 2 plus mbam pro what a triple malware killer i have in my monster pc

 

For a network with more PC's in it, SCM is the easiest way to go. It has lots of features (importing existing GPO, replicate etc). For a single PC it has not so much advantage, since it is very easy to write your own ADM template security additions.

Just down load Chrome templates, look at the REG file which comes with it and learn how to define the various registry field types (DWORD, REG_SZ, etc).

Picture shows how simple this is. On the internet (e.g. NSA, GOV, EDU) there are lots of samples of ADM templates based on security best practises. Cut and Paste and create your own

 

Good Afternoon! Killer Trio...jmonge...I at one time had Mbam Pro...but on my system...I found it to be a little Ram intensive...and at the moment I'll just have to get by with Benz and Porsche...Lol!...Sincerely...Securon

 

Still the same setup

 

Thanks for taking the time to respond.

Yes, I came across USGCB for government templates and a lot of other computer security related documentation.

I figured that the lack of commentary on SCM reflected either that it was too burdensome to implement/maintain for a small group of computers (vs a manul / semi-auto approach) or that the commenters here were more inclined to get into the weeds and eschew such tools (particularly if they had an underlying distrust of MS).

The effort and learning curve for SCM is what I was concerned about and I'm glad you confirmed my suspicion.

I think I've found enough commentary in these 1200 pages and in several other posts on various Wilders threads to cover the bulk of what I was looking for in combination of tools and edits to apply.

I also found this gem from Tomwa about a year ago, which is along the lines of your Chrome template suggestion, but extracting the SCM components...

https://www.wilderssecurity.com/showpost.php?p=2072139&postcount=41

Bottom line, I'll follow your advice, thanks!

 

I've decided to give one more chance to one of my all time favorite combo: EAM + OA aka "No malware can pass"

 

I love that combo as well. Unfortunately, OA just slows my computer down to a crawl... Hope it works well for you!

 

Compared to ERP, SSFW or AG everything slows down my computer, but im my case the biggest problem was slowdown caused by EAM but what I see now is that they have fixed that issue in the last release because all is running really smooth with acceptable level of impact on system resources. And what is more important is that this combo gives me peace of mind while surfing on the Internet

 

still, Eset Antivirus V6 and no malware.

 

Securon, it is true indeed that mbam pro after a day or 2 will slow down the system alot

trojam Nod

 

Back to Emsisoft IS (dont know yet for how long ^^)

 

Good Evening! Took the Porsche in for an oil change...and replaced with Norton A/V 2013...the Benz WSA Essentials is still racking up mileage...Lol! Sincerely...Securon

 

Currently only running:

Macrium Reflect Free
AX64 Time Machine
Baidu Antivirus 2013 (this one will keep changing since I don't consider real-time protection very important)
Windows Firewall

Looks like with age, comes simplicity.

 

how is comodo antivirus free?

I do alot of torrent downloading,what would a good choice for free antivirus?

running windows 8 on a acer aspire one laptop.

 

good security aproach man