What is your security setup these days?

[LoneWolf]

Defensewall 3.07
ShadowDefender 1.1.0.325

OpenDNS
Firefox 3.6.9

On-Demand scanning / Gmer ~ CureIt ~ MBAM

[safeguy]

This is on my own lappie running Windows 7 32-bit...minor change from last setup:

Windows built-in security mechanism:
LUA, UAC at max (with 'elevated program launcher' method to run trusted apps that require admin rights)
Default-deny SRP with Additional Path Rules set to 'Unrestricted'
(Mozilla Firefox profile folder, my PortableApps directory, special folder for trusted program installers/registry files, etc)
EMET v2.0.0.1 (DEP, SEHOP, ASLR - all at 'green' settings)

Sandbox/Containment:
Sandboxie (for launching unknown/untrusted downloads)

Real-time antimalware protection:
Panda Cloud AV Pro (behavior blocker, behavior analysis)
Returnil Virus Guard ("Only proven detection rules")

Firewall:
ZA Free (default settings; except auto-updates turned off)

Light-weight HIPS/Anti-keylogger:
WinPatrol Plus (custom 'locked' registry keys)
SpyShelter Free (Auto-block suspicious behavior)

Light-virtualization:
Returnil System Safe Virtual Mode on-demand (used when lending my lappie to others - esp. click-addicts)

Others:

Show Hidden File Extensions, AutoRun disabled, Custom DNS service with DNS Jumper (Norton DNS, Sunbelt ClearCloudDNS, OpenDNS Family Shield, etc)

A few future considerations:

Comodo Firewall. (or PrivateFirewall which I have not tried)
MSE when the newer version is out of beta.
Pure behavior blocker such as ThreatFire or Mamutu but it may be redundant on my current setup...I'll see how things go.

[Cvette]

I - despite my efforts so far - cannot infect my VM which is Running Norton IS 2011 and Norton DNS. Norton snags more than half of the samples right after they are downloaded. The rest are either detected before execution, on execution, or by SONAR. Only a few cache files were left behind.

Not to mention how much the DNS blocks.

I still have an extra VM that I plan on loading with the latest Kaspersky, been meaning to try!

[Kernelwars]

norton is really good

[jmonge]

SoNar helps alot here it's like a behabiour blockerthe firewall is weak

[sportsfan7700]

Since I was the one to post that I hadn't had any changes, I'll post one although non security related

-Dragon Naturally Speaking Standard 10

[Kernelwars]

firewall is hilarious

[jmonge]

Norton Antivirus is very good now especially this new 2010 version,it is so fast and light but i remember the 2007 norton monster

[Kernelwars]

lol tell me about it

[Cvette]

What problems are y'all having with the firewall? I've tweaked and customized mine.

[MrBrian]

Quote:

Originally Posted by safeguy

LUA, UAC at max (with 'elevated program launcher' method to run trusted apps that require admin rights)

It's nice to see that you've found that method useful. In that thread you mentioned a problem that I have had also: the program launcher startup isn't always successful. Within the past hour, I've changed the program launcher to launch upon standard account logon via Task Scheduler instead of using the standard account's Startup folder. So far, in maybe 8 to 10 attempts, the program launcher has launched properly every time. If this trend continues, I'll document it in the appropriate thread(s) within the week.

Update: In another perhaps 8 to 10 tries, I did have one failure. I'm now using a task delay of 10 seconds.

[ExtremeGamerBR]

Returning to use NIS 2011 suite that is extremely lightweight and effective, I'm not using any anti-executable, I intend to add the SRP or AppLocker , but I have to learn more about AppLocker.

UAC set a maximum, DEP for all programs, SEHOP. EMET set to maximum security settings.

Using only the IE8 InPrivate with Adblock to block advertisements and using Norton Safe Web.

Very happy with my current security settings!

Sorry for my english!

[jmonge]

currently testing Comodo Time Machine

[ALiasEX]

What's weak about the Norton firewall?

[jmonge]

well back before when it was bloated couple years ago i tested some malware that called home and norton stayed silent and didnt alert at all and comodo and OA did alert

[Kernelwars]

Installed Emet for both machines..set to maximum protection level..

[Mongol]

Back to Prevx 3, it has served me well and is such a light and tight mix with Online Armor...

[Kernelwars]

Quote:

Originally Posted by Mongol

Back to Prevx 3, it has served me well and is such a light and tight mix with Online Armor...

yes

[Konata Izumi]

Quote:

Originally Posted by Konata Izumi

Windows 7 Professional (x86/32-bit) - Standard User (SU/LUA)
Network Address Translation (NAT) via Router 'without' Stateful Packet Inspection (SPI)
Software Restrion Policy (SRP) and Group Policies (GPO) via GPEDIT
User Account Control (UAC) set to Max.

Enhanced Mitigation Experience Toolkit v2.0.1 (EMET) provides the ff protection: (Opt-in, Opt-out, Opt-in)
Dynamic Execution Prevention
SEHOP
NullPage
Heapspray
EAF
Mandatory/ASLR

Windows 7 Built-in Firewall with Advanced Security: default-deny in/outbound connections.

SRware Iron browser with built-in adblock and sandbox.
removed execution from 'downloads' folder
removed user rights on the root of non-system drives.

Returnil System Safe Free 2011 (Virus Guard: OFF / Virtual Mode: ON / Trust System Services from real disk only)

Norton DNS

with this:

Quote:

Originally Posted by safeguy

(with 'elevated program launcher' method to run trusted apps that require admin rights)

Waiting for the next Prevx SafeOnline stable release.

[cgeek]

Dual boot:
1st partition Main OS
Arch Linux

2nd partition for games
Win7 64
OA Premium

[LoneWolf]

Active
Defensewall 3.07
Prevx 3.0.5.199

Light Virtualization
ShadowDefender 1.1.0.325

On-Demand
Gmer ~ CureIt ~ MBAM ~ Hitman

OpenDNS
Firefox 3.6.9

[rager]

If I use something like Sandboxie to browse (or Comodo sandbox) do I really need a real-time web-shield/scanner? Shouldnt I be protected?

[jmonge]

Real Time Protection
PE Guard 2.2
Some Registry Tweaks

Ondemand
Hitman Pro

[SweX]

Quote:

Originally Posted by rager

If I use something like Sandboxie to browse (or Comodo sandbox) do I really need a real-time web-shield/scanner? Shouldnt I be protected?

The Web-shield "Http scanner" is there to block websites from opening so you wont be able to even access them.

So Yes, it's a nice layer to have I think.

[ExtremeGamerBR]

Quote:

Originally Posted by ExtremeGamerBR

Returning to use NIS 2011 suite that is extremely lightweight and effective, I'm not using any anti-executable, I intend to add the SRP or AppLocker , but I have to learn more about AppLocker.

UAC set a maximum, DEP for all programs, SEHOP. EMET set to maximum security settings.

Using only the IE8 InPrivate with Adblock to block advertisements and using Norton Safe Web.

Very happy with my current security settings!

Sorry for my english!

Added Norton DNS!

Internet Explorer 8 with all settings on Medium-High (only restricted sites that are set to High).