|
|
#1
February 3rd, 2008, 04:01 PM
|
||||
|
||||
'Easy setup for starters' HIPS combo
Hi,
A few members asked me to give them an easy HIPS setup with few pop-ups. On vista32 it would be 1. Basic HIPS = use build in UAC, Some complain about the number of pop-ups they are getting. Never run without UAC, When you want less pop-ups use teh queit setting. Use regedit to set UAC parms as follows: http://www.wilderssecurity.com/archi.../t-185220.html When on Vista 32 bits add ThreatFire out of the box. 2. Firewall Use freeware Vista Firewall Control 1.2 (uses the Vista Fire Wall kernel, but adds outbound control). On Windows XP it would be HIPS + FireWall, http://www.wilderssecurity.com/showp...1&postcount=29 Now for some reason this setup will cause your PC to hang when shutting down. In that case this would be a good alternative File filter = http://www.wilderssecurity.com/showp...5&postcount=25 Registry Filter = http://www.wilderssecurity.com/showp...6&postcount=24 Set application filter to see pic Now set EQS in learning mode Download PC Tools firewall, go to settings and select Enable protection against code injection: Having this enabled will automatically prevent any code injection/hook setting (this PCTOOLS FW setting correspondenses with EQS "Modify memory of other process" and "Install global hook"). PCTools code injection is pretty good, try it with TrojDemo. Next download drop my rights http://cybercoyote.org/security/drop.shtml and set it up for all your internet facing aps (alternative is using virtualisation = SafeSpace Personal = http://www.wilderssecurity.com/showthread.php?t=199167) Startup all your internet facing aps (and allow the pop-ups and injection thing). Advantage of PCTools FW is that it comes in many languages. When you want to change a rule for an application, click applications tab and double click a application listed, a pop-up will show what the application is allowed to inject or set a hook. EQS will take care of the intrusions which are really suspicious. Code injection/hook setting is done a lot by XP applications, so the most common are dealt with PCTOOLS FW+ The real nasties are dealt with EQS, which are not common so EQS should be reasonably quiet. With those two (EQS + OA) or (EQS + PCTools FW) you are protected by the worst things by EQS and the common (als legitemate) intrusions are dealt with by OA or PC TOols. You will notice that OA is a lot more intelligent due its blacklist. On the other hand PCTool FireWall is light and has excellent code injection detection/hook setting detection ( Regards Kees Last edited by Kees1958 : February 4th, 2008 at 06:34 PM. |
|
#2
February 3rd, 2008, 05:18 PM
|
||||
|
||||
|
Re: 'Easy setup for starters' HIPS combo
great job mate...maybe it would be nice to add a link for the thread "online armor learn-a-thread" from firewall section so people can almo set it on auto pilot.great opportunity for novice users to start protecting themselves more effeciently
 (we all are after all)
__________________
"Two things are infinite: the universe and human stupidity; and I'm not sure about the universe" |
|
#3
February 3rd, 2008, 06:34 PM
|
|||
|
|||
Re: 'Easy setup for starters' HIPS combo
 There are several applications I have to test in my hunt for the security setup I want to use. When time for it I test EQS+OA+possibly one more (AV or Threatfire). Quote:
I have to try this Edit. Sorry, forgot you already answered here: http://www.wilderssecurity.com/showp...1&postcount=15 Quote:
__________________
DESKTOP: XP Home SP2 - OA - Avira free - Sandboxie - BING - Karens Replicator - SAS free LAPTOP: Windows 7 Home Premium 64 - ? Last edited by tepe2 : February 3rd, 2008 at 07:12 PM. |
| « Previous Thread | Next Thread » |
| Thread Tools | Search this Thread |
|
|
