Post your x64 Security Setup

[The Hammer]

Thanks 1chaoticadult.

[1chaoticadult]

Quote:

Originally Posted by The Hammer

Thanks 1chaoticadult.

No problem

[Fly]

On WIN XP I usually 'rely' on a security suite.
'Rely' isn't the best word since I use common sense, a lot of caution and an imaging setup.

Still, a suite (mostly a firewall plus AV) offers some protection.

On WIN 7 64 bit this type of software is less effective because the AV vendors have limited or no access to the kernel.
I understand a HIPS can be bypassed.

If I wanted to 'rely' on a security suite for my WIN 7 64 bit PRO, what measures could I take to deal with these shortcomings without making things complicated ?

Opinions ?

[No_script]

Quote:

what measures could I take to deal with these shortcomings without making things complicated ?

Uninstall Windows if you want to be safer. If someone is out to get you, not much you can do.

[Kees1958]

Quote:

Originally Posted by Fly

On WIN XP I usually 'rely' on a security suite.
'Rely' isn't the best word since I use common sense, a lot of caution and an imaging setup.

Still, a suite (mostly a firewall plus AV) offers some protection.

On WIN 7 64 bit this type of software is less effective because the AV vendors have limited or no access to the kernel.
I understand a HIPS can be bypassed.

If I wanted to 'rely' on a security suite for my WIN 7 64 bit PRO, what measures could I take to deal with these shortcomings without making things complicated ?

Opinions ?

Use Software restriction policy (your on PRO might as well use it) in the following settings:

Security Levels: set basic user as default
Additonal rules: none use the default
Enforcement
- All software files
- All users except Admins
- Ignore certificate rules
Designated file types: don't change, use the default
Trusted Publishers: dont change, use the default

Add registry trick to install MSI's as ADMIN (safe text below as MSIasADMIN.REG)
----------------------------------------
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\Msi.Package\Shell\runas]
"HasLUAShield"=""

[HKEY_CLASSES_ROOT\Msi.Package\shell\runas\Command]
@=hex(2):22,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6d,00,\
73,00,69,00,65,00,78,00,65,00,63,00,2e,00,65,00,78,00,65,00,22,00,20,00,2f,\
00,69,00,20,00,22,00,25,00,31,00,22,00,20,00,25,00,2a,00,00,00
----------------------------------------
===> effect you can only install software by running it as ADMIN, no risk for shoot in the foot (social engineering) or drive by's

Install EMET 3.0 for all internet facing software and plug-ins (e.g Adobe Reader).
===> effect you are pretty good secured against memory based intrusions

Install 64 bit version of MSE
===> effect, same company AV, Moneysoft should know how to deal with kernel limitation

Use IE64, make some adjustments in GPEDIT to harden IE (see picture)
===> effect, no fiddling with security features of IE


You are done with your Microsoft suite

[zip]

It's in my sig.

[nikanthpromod]

my first post in this thread
windows 7 home premium
Eset AV 5
Rollback RX
Hitmanpro
SUMo
Firefox with ABP and FB

[IBadget]

On Win 7 x64 I am using AdAware Antivirus Free and BufferZone Pro Free.

[STONEMAN]

Webroot SecureAnywhere Essentials
Sandboxie
ShadowDefender

[1chaoticadult]

Network:
Router
SPI firewall turned on
Norton ConnectSafe

Realtime Protection:
Windows SmartScreen
Windows Defender
Windows Firewall

System Hardening -- Windows 8 64bit:
UAC on Max
Disabled some services
EMET:
DEP Always On
SEHOP Always On
ASLR Always On
Certain exe's forced with EMET

Internet Explorer 10 Release Preview
Fanboy Adblock & Tracking TPLs
Enhanced Protection Mode
SmartScreen Filter
Block Third-Party Cookies
DuckDuckGo Default Search Provider

Backup:
Windows Backup & Restore
Cobian Backup

[zip]

I've upgraded from Mbam free to Mbam Pro.

I can't wait for Mbam 64bit Pro.

[trjam]

still with my favorite 2.

[blasev]

Its late but Thx for the tweak kees1958
I always amaze with your registry knowledge

[Function]

Quote:

Originally Posted by zip

I've upgraded from Mbam free to Mbam Pro.

I can't wait for Mbam 64bit Pro.

Is there a release date for it? I have the paid 32 bit version at the moment.

[IBadget]

I dropped BufferZone Pro Free because it was causing Silverlight to hang. I now use AVG Free. I trust AVG Linkscanner to stop exploits cold.

[zip]

I'm very happy to be back with Opera!

Mouse gesters were the cause of my "problems" with Opera. Disabled them.

I'm running Opera 64 bit.

BTW, there is no substitute for Opera!

[newbino]

Win 7 Pro
Windows Firewall + Windows Firewall Notifier
EMET
Sandboxie
AppGuard
MSE incoming (write) only
+
HitmanPro on demand, daily scan
MBAM on demand, weekly scan

[ShockWaves]

Mine is in my signature.

[jjc225]

I have a Compaq pc that is Windows 7 and 64-bit. I use ESET NOD32, Superantispyware Pro, and the regular Windows firewall. So far so good. Really like ESET.

[IBadget]

I dropped AVG because their LinkScanner was preventing Java from working properly. Now I'm using Comodo Internet Security 5.10 with Enhanced Protection enabled.

[boonie]

Making the switch away from 32bit (and DefenseWall and Zemana).
So for right now:

Resident and Sandboxing:
MBAM Pro (trial)
SandBoxie Paid

On Demand
EAM
Hitman Pro
SARDU Boot Disc

System Hardening
UAC Silent
EMET
Spyware Blaster

Backup/Recovery
IFW for Imaging

Wanted to test SpyShelter, but I can't connect to the site. Down?

[digmor crusher]

See my sig.

[zip]

I use the antirootkit built into MSE. (If any)

[Noob]

Quote:

Originally Posted by Kees1958

Use Software restriction policy (your on PRO might as well use it) in the following settings:

Security Levels: set basic user as default
Additonal rules: none use the default
Enforcement
- All software files
- All users except Admins
- Ignore certificate rules
Designated file types: don't change, use the default
Trusted Publishers: dont change, use the default

Add registry trick to install MSI's as ADMIN (safe text below as MSIasADMIN.REG)
----------------------------------------
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\Msi.Package\Shell\runas]
"HasLUAShield"=""

[HKEY_CLASSES_ROOT\Msi.Package\shell\runas\Command]
@=hex(2):22,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6d,00,\
73,00,69,00,65,00,78,00,65,00,63,00,2e,00,65,00,78,00,65,00,22,00,20,00,2f,\
00,69,00,20,00,22,00,25,00,31,00,22,00,20,00,25,00,2a,00,00,00
----------------------------------------
===> effect you can only install software by running it as ADMIN, no risk for shoot in the foot (social engineering) or drive by's

Install EMET 3.0 for all internet facing software and plug-ins (e.g Adobe Reader).
===> effect you are pretty good secured against memory based intrusions

Install 64 bit version of MSE
===> effect, same company AV, Moneysoft should know how to deal with kernel limitation

Use IE64, make some adjustments in GPEDIT to harden IE (see picture)
===> effect, no fiddling with security features of IE


You are done with your Microsoft suite

I didn't know the admin part :O:O
*Bookmarked*

[ESQ_ERRANT]

Quote:

Originally Posted by elstupido

According to Tzuk at Sandboxie, a kernel patch from MS may cause sandboxie to BSOD.

I tried SANDBOXIE on my WIN7 PRO x64. The software destroyed my OS. I had to reformat. For me, I find it best to use my VMWARE WORKSTATION if I am going to be doing much websurfing.