What is your security setup these days?

[AvinashR]

Today's Setup

1. Zillya AV
2. Hitman Pro
3. Administrator Account
4. SandBoxIE

Shadow Defender & Comodo Time Machine

[Konata Izumi]

@Kees

How can I do the Default the deny on partition?

[kjdemuth]

Added Immunet and Emsisoft AM 5.
Ditched MBAM real-time. Figured it would be too much w/ A2 and immunet running.
Downgraded to OA premium from OA++.

[Konata Izumi]

Windows XP SP3 Pro (MINIMALIST NO-AV Setup)

• LUA
• ACL
• DEP
• SRP

Realtime

• PCTools Firewall Plus (Public Profile) added!!
• Peerblock added!!
• PrevX CSI Free/SafeOnline(Disabled Advanced Heuristics, HTTP/HTTPS protection set to MAX)
• Sandboxie
• Deepfreeze (I need it somehow.) added!!
  

Browsers (Forced to run sandboxed)

• Google Chrome (Incognito, Javascript not allowed to run, Plugins not allowed to run, block all cookies, block 3rd-party cookies always)
• IE8 (All settings: HIGH, SmartScreen Filter: ON)

note: All download locations are sandboxed too.

On-demand:

• Macrium Reflect Free
• Random AV scanners.

Everything looks pretty strict but my setup is still open for some light software.
DAMN! I can't make Geswall to work in LUA environment.

Dude, that is total overkill. Unless you're planning on experimenting with malware, in which case you want to use an isolated box instead of your main system (because no security software is enough once malware is actually executed).

Quote:

Windows XP SP3 Pro (MINIMALIST NO-AV Setup)

* LUA
* ACL
* DEP
* SRP

This alone is honestly all you need. Barring some kind of concerted attack on your machine, nothing will get through it, so long as the permissions are set up right.

Quote:

Realtime

* PCTools Firewall Plus (Public Profile) added!!
* Peerblock added!!
* PrevX CSI Free/SafeOnline(Disabled Advanced Heuristics, HTTP/HTTPS protection set to MAX)
* Sandboxie
* Deepfreeze (I need it somehow.) added!!

PrevX Free doesn't block anything AFAIK, and isn't useful for you anyway. PCTools FW is probably overkill, but may be handy I guess (if you disable ESV which doesn't like LUA). Peerblock is like putting a bayonet on a Gatling gun.

Sandboxie I guess could be handy if you mess with a lot of software and want to keep your system clean, though I wouldn't really bother. Deepfreeze on the other hand is just a waste of money for you, so no, you don't need it.

Quote:

Browsers (Forced to run sandboxed)

* Google Chrome (Incognito, Javascript not allowed to run, Plugins not allowed to run, block all cookies, block 3rd-party cookies always)
* IE8 (All settings: HIGH, SmartScreen Filter: ON)

note: All download locations are sandboxed too.

Good luck enjoying the web with this setup... Again: nothing is going to get past a proper LUA/SRP setup, because downloaded malware simply will not be able to execute. It doesn't have to be sandboxed, it doesn't have to be contained, it just won't run.

Quote:

On-demand:

* Macrium Reflect Free
* Random AV scanners.

Macrium Reflect is wonderful and on-demand AV scanners are useful, but that's really all I'm giving you.

Seriously: I am getting a bit concerned seeing so many people use LUA and SRP plus active realtime security plus a dozen other things. It just isn't necessary. For a lot of people LUA + SRP is not feasible due to needing portable apps or whatever, but if it is feasible for you, and you set it up right, you do not need anything else unless some evil person is targetting you specifically. And it disturbs me that so many seem to be spending money on software they don't really need.

I get that this security thing can become something of a hobby. But I think we're seeing, in general, an unhealthy level of involvement here. When you start spending money on software you don't need to supposedly add to the security of an already very secure setup, you're wasting your time, and I hate to say it but you do not have that much time.

And yes, I realize I should be the last person to say this, with my habit of changing my security setup on at least a weekly basis. But I do think a lot of people here are basically wasting their precious time with stuff they don't need, and I want to help them realize that.

My suggestion, for those who find they're actually spending money on this stuff when they don't need to, is this: learn as much as you can about malware, how it works and how it hides and how to detect and remove it, and turn your efforts to helping other people with their malware problems. That's putting your time and knowledge to good use. Running a dozen different security apps, including paid ones, when you don't need half of them... is not.

[/end rant]

Trying this, actually I do feel really safe:

Linksys WRT54G2 router

Microsoft Windows 7 Home Premium 64-bit;
Windows Firewall: enabled, Windows Defender: enabled, UAC: always ask and wait for answer, DEP: on all programs and services, SEHOP: enabled

Internet Explorer 8

Hitman Pro 3.5 (Quick Scan at startup)

So actually out of the box Windows 7 with UAC one level higher, SEHOP enabled and DEP on all programs and services instead of system services only together with Hitman Pro out of the box.

And of course: using common sense while browsing and an up to date pc.
And using Windows 7 integrated functions: System Restore Disc, System Restore Points and Backups.

[snowdrift]

http://bulletproof-windows.blogspot.com/

Quote:

Originally Posted by snowdrift

http://bulletproof-windows.blogspot.com/

Interesting link, I have most things already setup like that site suggests but definately a good blog item, thank you. Bookmarked. Are you using that setup also?

[snowdrift]

http://www.belarc.com/free_download.html

[snowdrift]

Quote:

Originally Posted by Matthijs5nl

Interesting link, I have most things already setup like that site suggests but definately a good blog item, thank you. Bookmarked. Are you using that setup also?

Yes, and I have added a few things... "free" things. I am not spending one more cent on security products.

[Konata Izumi]

@Gullible_Jones

you are maybe the 2nd person to have told me those.
now I think theres something wrong with me. ^^

okay I'll follow your suggestions

Thanks.

btw... I didnt spend a single cent in my setup though.
I was just evaluating a 30 day trial of deepfreeze.

and about the usage of SafeOnline in my setup... it was there because I'm afraid that maybe some legitimate apps or my own OS might be recording my keystrokes


P.S. I'll be updating my setup today. * PCTools Firewall and Peerblock will stay and I will find a free alternative to deepfreeze.

I don't think there's anything wrong with you, just your current behavior. Some people get like that after being hacked, and kind of need to be snapped out of it. (I did.)

But I'm glad to hear you weren't using the payed versions of all that stuff.

[snowdrift]

The "security" industry loves to whip up a frenzy to sell more product... it is a real gas.

Combine that fervor to sell with a need of some to worry about things needlessly... and you get endless experimentation with security wares to assuage guilt/fear/paranoia.

[Konata Izumi]

Quote:

Originally Posted by Gullible Jones

I don't think there's anything wrong with you, just your current behavior. Some people get like that after being hacked, and kind of need to be snapped out of it. (I did.)

But I'm glad to hear you weren't using the payed versions of all that stuff.

say, should I dump SafeOnline or not?
although prevx cannot remove malware and malware wont execute in LUA/SRP environment...
prevx seems useless but I just want to know if I was in contact with malware.

[snowdrift]

Quote:

Originally Posted by Konata Izumi

say, should I dump SafeOnline or not?
although prevx cannot remove malware and malware wont execute in LUA/SRP environment...
prevx seems useless but I just want to know if I was in contact with malware.

Drop Prevx... try a-squared Free:

http://www.emsisoft.com/en/software/free/

Quote:

Originally Posted by snowdrift

Drop Prevx... try a-squared Free:

http://www.emsisoft.com/en/software/free/

Another option is Hitman Pro, althought it not really free, scanning is always free so you can know whether you are infected or not. At the moment you are you can activate the 30-day removal trial so you are assured of one time free removal or you can manually delete it or try Malwarebytes to delete it. The advantage of Hitman Pro over a-squared Free is: much faster scanning, doesn't scan for harmless cookies, also uses a-squared + others so detection is somewhat higher probably.

[arjunned]

Current setup:

W7 (x64):
REALTIME - AppLocker, UAC, Sandboxie 3.45.10
ON DEMAND - Shadow Defender, MBAM Pro, Hitman Pro.

W7 (x86):
REALTIME - Prevx 3.0, AppLocker, UAC.
ON DEMAND - MBAM Pro.

Backup: Macrium Reflect Free

Any comments/suggestions are welcome.

Cheers.
Ned.

[Konata Izumi]

Wow! Alot of people is already on Windows 7 x64... I'm so envious!

[Kees1958]

Quote:

Originally Posted by Konata Izumi

@Kees

How can I do the Default the deny on partition?

I guess you mean BufferZone


Regards Kees

[Konata Izumi]

Quote:

Originally Posted by Kees1958

I guess you mean BufferZone
Regards Kees

no not bufferzone..
how do you default deny on partition using SRP?

[Kees1958]

Quote:

Originally Posted by Konata Izumi

no not bufferzone..
how do you default deny on partition using SRP?

Enter run
secpol.msc
Click extra rules
right click, choose add new path/rule
Just enter the partition root directory

see pic

[Konata Izumi]

Thanks Kees

Windows XP SP3 Pro (MINIMALIST NO REALTIME APP? I can't feel safe with this. I'm afraid of keyloggers >__<)

• LUA
• ACL
• DEP
• SRP

Browsers

• Google Chrome (--safe-plugins, block 3rd-party cookies always)
• IE8 (All settings: HIGH, SmartScreen Filter: ON)

On-demand:

• Macrium Reflect Free
• A-Squared Anti-Malware Free

[xnevermore]

Norton 360 V4


running Windows7 x64

[Kees1958]

Quote:

Originally Posted by Konata Izumi

Thanks Kees

Windows XP SP3 Pro (MINIMALIST NO REALTIME APP? I can't feel safe with this. I'm afraid of keyloggers >__<)

Well download Trusteer Rapport or PrevX SafeOnline Facebook freebie(disable heuristics and age/popularity).

For Trusteer change the settings to
1. Allways (first choice when option)
2. On partner and secured sites = the ones you add yourself (2nd choice)
3. Never
4. Partner sites

For PrevX change the http setting to high, keep https on default (max).

This will have two effects
a) browser processes are being protected (both Trusteer and PrevX)
b) keylogger protection (PrevX for all, Trusteer only on Partner and secured sites)


I would add HitmanPro on demand it really is a good Dutch security application (thx to Loman brothers)

Regards Kees

[Konata Izumi]

Thanks Kees! Hitman Pro is awesome!

Windows XP SP3 Pro (MINIMALIST NO-AV Setup.)

• LUA
• ACL
• DEP
• SRP

Realtime

• PCTools Firewall Plus (Public Profile w/o ESV) added!!
• Peerblock will be added
• Prevx SafeOnline (disabled all heuristics. HTTP/HTTPS protection set to MAX.)
  
  

Browsers

• Google Chrome (block 3rd-party cookies always)
• IE8 (All settings: HIGH, SmartScreen Filter: ON)

note: All download locations are sandboxed too.

On-demand:

• Macrium Reflect Free
• Hitman Pro (quick scan on-startup)

Concerns: I'm sharing my PC with my cousins, they frequently install games (yes! I taught them how to install under LUA/SRP environment) which I don't like to have. Any solutions other than virtualization software?