Critique my Security

[whitedragon551]

System Security Measures:
Win7 x64 Pro, DEP For All Programs, Windows Defender
Real Time Security Measures:
Immunet Protect Plus, Look N Stop Firewall v2.07, PrevX v3.0 Safe OnLine
On Demand Security Measures
MBAM Pro, Firefox, DynDNS Categories: Conficker Worm, Gambling, Phishing, Spam, Spyware, Paragon Drive Backup v10 Pro, Process Hacker

Ok I have currently whats in my sig, but Im contemplating changing it up.

The only thing I know for sure that I will keep is LnS, MBAM, Process Hacker replaced Windows Task Manager, and DynDNS through my router.

I was thinking maybe ditch PrevX and IPP and Sandbox my browser with a some sort of key scrambling software.

Of course the ultimate goal is light, secure, and ease of use.

[Konata Izumi]

this is your 2nd thread with "Critique my security" name.. but whatever

I'll critique your security then..

Do you use MBAM PRO in realtime?

My suggestions:
Remove Immunet
Disable Windows Defender
Disable SafeOnline you can keep Prevx FREE for detection

Try Spyshelter FREE (Do not reboot on install, set it up to allow only microsoft first and enable autoblock all suspicious behaviour, before doing a reboot. You can also disable auto-update on startup and put a restriction for your browser )



bahh just copy my setup (see sig.)

[whitedragon551]

MBAM is on demand only.

Cant use Spyshelter either. I have x64.

[Konata Izumi]

Quote:

Originally Posted by whitedragon551

MBAM is on demand only.

Cant use Spyshelter either. I have x64.

Spyshelter is x64 compatible
EDIT: Sorry not for free version

Just buy it if you have the money lol XD

If you're going to change things up try BluePoint Security 2010. Go ahead and keep LnS, MBAM, and DynDNS. And running this I don't even worry about sandboxing the browser. Once you get setup which is no problem, you won't know it's there. Have fun how ever you go!

[whitedragon551]

Quote:

Originally Posted by forty

If you're going to change things up try BluePoint Security 2010. Go ahead and keep LnS, MBAM, and DynDNS. And running this I don't even worry about sandboxing the browser. Once you get setup which is no problem, you won't know it's there. Have fun how ever you go!

Does it allow a custom install without the Parental controls, email attachment controls, and allow customization of the automatic removal?

I don't use parental controls and it doesn't have email controls if it doesn't recognize it ,it won't run or install.You can set it to ask for awhile and then lock it down. Bad stuff it recognizes it quarantines and you control. Run a scan and you have a choice of ignore,quarantine or delete. If you take time to get used to it it is going to be hard to trust anything else.

[whitedragon551]

Most importantly is it free?

[Vikorr]

Quote:

Originally Posted by whitedragon551

The only thing I know for sure that I will keep is LnS, MBAM, and DynDNS through my router.

I was thinking maybe ditch PrevX and IPP and Sandbox my browser with a some sort of key scrambling software.

Of course the ultimate goal is light, secure, and ease of use.

Sandboxing is great IF you are never going to install software downloaded over the net (from a source you don't know is 100% reliable). If you are, then you need antimalware support of some sort.

Prevx is lighter than MBAM from my experience. With MBAM Pro that you have, the flash scan is incredibly fast, so maybe you should consider keeping Prevx (especially considering it has Safeonline, as a backup in case something ever does bypass your security) and using MBAM on demand.

Personally, I think Prevx, and an AV are more than enough realtime (Avast is free and fully compatible with 64bit systems). And using Firefox in a sandbox is just beautiful. If people tell you they need more real time programs (numerically more, not talking about brand of program), they really are just being a little overly paranoid.

If you do internet banking, many banks are selling or giving away digital keys - a code key synchronised to your bank account that changes ever 60 seconds, and when you go to log in, you have to enter that code as well as your normal login and password. Credit card purchases are still the risk, but that's why I'd take Prevx SafeOnline realtime over MBAM.

[whitedragon551]

Avast and LnS have issues. Avast uses a .tup file type for one of its GUI or scanner interfaces and LnS doesnt play well with it.

I was thinking about not using PrevX SOL at all and Sandboxing the browser.

As for MBAM its an on demand scanner only.

Updated OP to show whats real time and on demand.

[Vikorr]

That seems fine to me. You use a multi-layered approach, and I'd be surprised if you ever became infected (unless you go downloading lots of programs willy nilly from anywhere and everywhere - which would be akin to trying to become infected)

[LockBox]

I understand these threads, and the need for input, but it's important to remember that one-size doesn't fit all.

On my laptop, I run with Returnil and Anti-Executable only. Unless you include Roboform PRO which is more for convenience than anything. On my desktop, I use Deep Freeze instead of Returnil, but otherwise the same setup - all behind a LinkSys router. A few on-demand things now and then, but more out of curiosity about the software than anything.

But if all of that is right for you - go for it. I don't see any problems.

[Konata Izumi]

Can someone critique my setup too? Click my sig below.
I'm using my setup for 2months without realtime AV and today I scanned it with Hitman Pro and MBAM. No infections found!

[whitedragon551]

Quote:

Originally Posted by LockBox

I understand these threads, and the need for input, but it's important to remember that one-size doesn't fit all.

On my laptop, I run with Returnil and Anti-Executable only. Unless you include Roboform PRO which is more for convenience than anything. On my desktop, I use Deep Freeze instead of Returnil, but otherwise the same setup - all behind a LinkSys router. A few on-demand things now and then, but more out of curiosity about the software than anything.

But if all of that is right for you - go for it. I don't see any problems.

Reason this thread came about was because I made a thread at Immunet with a few ideas and got badgered over my ideas because some guy had his undies in a bunch. Now because of the horrible customer service Im considering switching. Glad I didnt pay for my license. Also sad to see that I wasted hours helping beta test for some guy to have a new pair of undies all covered in skid marks.

I have a 1 year license for F Secure AV 2011 which was great, but had issues with PrevX SOL and its Deepguard. It also didnt have a web scanner. I have a 1 year license for AVG AV 2011 and AVG IS 2011, but AVG's detection rates are horrible and the IS is bloated with crap I dont need and cant choose to leave off my computer.

[trjam]

try the Web and let your problems be gone.

[whitedragon551]

Quote:

Originally Posted by trjam

try the Web and let your problems be gone.

Nice and light. Do you know how much the standard AV is without the firewall? I cant find a price in USD.

[Kernelwars]

1user/1yr is 30.76

[bellgamin]

All (absolutely ALL) you need is . . .

1- Real-time: Private FW and Prevx/SOL. Provides FW + HIPS + Anomaly Detection + Antivirus + Anti-logger + Web Protection. All of this with only 2 apps, both of them free.

2- On-demand: Tiny Watcher, Keriver 1-Click Restore Pro, Hitman Pro. Only 3 apps, & the only non-free is K1-Click ($10 until 10/17).

[Kernelwars]

Quote:

Originally Posted by bellgamin

All (absolutely ALL) you need is . . .

1- Real-time: Private FW and Prevx/SOL. Provides FW + HIPS + Anomaly Detection + Antivirus + Anti-logger + Web Protection. All of this with only 2 apps, both of them free.

2- On-demand: Tiny Watcher, Keriver 1-Click Restore Pro, Hitman Pro. Only 3 apps, & the only non-free is K1-Click ($10 until 10/17).

awesomeness re defined right here

[Konata Izumi]

@bellgamin

Is the firewall part in the Privatefirewall really strong?
is it application-based firewall or a rule-based firewall or both?

I tried it. I allowed my IM client to connect to the internet, my IM can work if I let it connect to port 80 and 443 so its the only port I want to open.

after allowing my IM in PFW it automatically create rules for it allowing it to connect in alot of ports I removed the rules but PFW re-creates it.

PFW is not on learning mode during that time and everything is set to high and MANUAL with disabled auto-respond.

[whitedragon551]

Quote:

Originally Posted by bellgamin

All (absolutely ALL) you need is . . .

1- Real-time: Private FW and Prevx/SOL. Provides FW + HIPS + Anomaly Detection + Antivirus + Anti-logger + Web Protection. All of this with only 2 apps, both of them free.

2- On-demand: Tiny Watcher, Keriver 1-Click Restore Pro, Hitman Pro. Only 3 apps, & the only non-free is K1-Click ($10 until 10/17).

Im keeping LnS which makes PFW useless to me. I dont want HIPS either.

[bellgamin]

Quote:

Originally Posted by Konata Izumi

is it application-based firewall or a rule-based firewall or both?

Both. Also Stateful Packet Inspection.

I have passed your query re IM client to PFW tech support. Stand-by.

[Sully]

Quote:

Originally Posted by Vikorr

Sandboxing is great IF you are never going to install software downloaded over the net (from a source you don't know is 100% reliable). If you are, then you need antimalware support of some sort.

Why do you say that? Why don't you just install new software IN the Sandbox? Isn't that part of its purpose? It is for me.

This thread is such a reminder of how complicated computer security really is. Look at ourselves, postulating which single or combination of methods keep one secure. Users of differing levels of experience mix and match, and match and mix, with an endless combination that will fail for one user but succeed for the other.

How is it that the worldwide population of users fail to miss the larger picture? That the internet is no longer a trivial thing that is new and exciting, but a tool for everyone. How is it that users fail to realize, with all the spyware/malware they have contracted, with all the viruses and trojans they have been infected with, with all the money paid out to have thier machines repaired, that they simply cannot continue BLINDLY using a computer online?

Here we have a collection of users who pursue knowledge, albeit of differing degrees. Theorizing the best combination. Kudos to us all for being ahead of our time. But I ask you two questions. 1 - isn't it worth your while to invest your time into studying how these exploits might work, to discover where your weaknesses are, to find out if you can simply change your habits or employ easier methods to become more secure rather than simply relying on "program X preventing exploit Y". And 2 - do you think it is really worth the effort to do such a thing. Is your use of the internet and your computer really that valuable? Do you think you can just get infected and restore/reimage/reinstall occassionally and save yourself the time investment? Or do you put a lot of value on your use of the online resources and feel compelled to be secure so you don't lose an investment? If one is only playing games and browsing, perhaps they would be best off to simply learn a little about the file structure so they can back thier data up, and use thier computer until it is infested, then start over.

I have often wondered about the people like us here who are so concerned about security. Do we all need it? Is is a good investment, doing all of this? Sure, it is interesting, but couldn't imaging be the easiest and most expedient answer for many? I don't believe for one minute that the worldwide population is going to pony-up and actually learn what is going on. Therefore, they will continue to be targeted by the unscrupulous of society. Maybe every security setup should start with a "value based" baseline. Imaging might be enough, maybe sandboxing/virtualizing, maybe more. These sort of threads always make me wonder why people either pursue things which might not pay out a vested return or why the investment is obviously needed but they skimp out on investing and are always in the negative.

Sul.

[bellgamin]

Quote:

Originally Posted by Konata Izumi

after allowing my IM in PFW it automatically create rules for it allowing it to connect in alot of ports I removed the rules but PFW re-creates it.

PFW is not on learning mode during that time and everything is set to high and MANUAL with disabled auto-respond.

Per PFW Tech Support:

Quote:

This would be expected if the user had responded to an alert for the IM client in Standard mode. User states he was in Manual mode, however, please ask him to re-validate this. At the risk of being redundant, please ask him to. . .

1- Check to be sure that PF is in Manual mode

2- Check to be sure that Auto-Response is Disabled

3- Reset the defaults (Round white arrow in blue box on Main GUI)

4- Right click the cop in the system tray & check to be sure that PFW is NOT in training mode.

5- Then launch the IM client and carefully respond to the alerts displayed.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

If the problem persists, PFW support requests. . .

1- A screen shot of the application rules created for the IM client (On Main GUI, "Applications", double-click the relevant application to invoke the rules specific to the IM client application.

2- If possible, it would also be very helpful to have a screen shot of the rules that were generated once the IM client was invoked. (Bellgamin sez: I don't understand this. #1 would seem to do what he is asking for. However, hopefully you DO understand. )

[whitedragon551]

Dr Web AV doing a mighty fine job here. So far its light and hasnt caused any lag. There are a few areas Im slightly concerned about. One is that in the day Ive had it Ive seen two FP's. However thats not such a big issue as I emailed Dr Web this morning about them and a few hours later they were corrected. Number two being the splash screen. Its rather annoying. And third the price. $30+ for a basic AV just doesnt seem feasible or logical. If anyone knows of a give away Ill gladly try it out.