Contribute building FREE and QUIET optimized unbeatable system shields

What can i advice ? A bit understanding how security work will make you relax and will get you the right things on your system.
From there you will ditch 90% off the crab .

 

I like crab. Seafood FTW! (sorry Huupi, couldn't resist).
Back on-topic...
I seriously miss FF add-on Noscript.
And about those system cleaners; I use CCleaner myself, I really like the feeling of seriously enhancing my notebook speed when deleting 5 obsolete registry entries...

Like Huupi said, learn. Stick around here on Wilders, learn from the interesting topics and knowledgeable members, try different programs to see which you like best and then choose the (one) solution(s) which suits you; f.i. LUA, sandbox, hips or a virtualisation app.
All those things are much more usefull then a pile of system cleaners.

 

Thank you.
Everithing is going fast, believe!
I have in this moment working Firefox + Openoffice Writer + Openoffice Base + oldest Word 2000 and i have 2.69 gb ram free!
I'm use all free security software with default options, except Forticlient firewall se to to Basic business profile.

 

Why did you ask for suggestions if you were going to disregard the more knowledgeable people at this forum?

 

I added A-Squared free recommended in this topic.
The topic was useful, i think.

 

sorry, wrong thread

 

Remove everything marked red

Set UAC to full

Use icacls.exe to run all internet facing programs (like your mail, firefox, P2P program, Chat, Messenger, etc) with Medium or Low rights (try Low first) see http://msdn.microsoft.com/en-us/library/bb625960.aspx

Use this trick to protect from driveby downloads of executables https://www.wilderssecurity.com/showpost.php?p=1595542&postcount=1 Use these reg files out of this post https://www.wilderssecurity.com/showpost.php?p=1603237&postcount=1


Use Hitman Pro for on demand check

Congrats you just created a very secure and light setup

 

very, very, very nice tweak. I'd like to do this to firefox, does this work in XP or just Vista and Windows 7?

 

only by testing is the way to find out

 

It has been stated that this method Kees points out is now merely a security "speed bump", but in future releases is rumored to become a legit security tool. Whatever that means.

Kees, do you ever think about inheritance when doing this stuff? Inquiring minds want to know (ps. I think about OI,CI and IO in my sleep )

Sul.

 

don't like using my main machine as a Guinea pig for testing stuff but did anyway and unfortunately it doesn't work in xp, don't understand why running for instance firefox with fewest privileges possible opposed to full admin would be considered a speed bump for security, seems like a significant improvement to me similar to the difference of running IE full admin vs protected mode, etc.

 

XP only has high and medium, from Vista there are three policies High (admin) Medium (Limited User) and Low (Protected Mode). You are right about the policy containment. Compared to XP, Vista/Win7 are great improvements (to name a few: x64 with kernel patch protection, all have ADSL, Protected mode, higher rights objects are proteced from lower right objects). So basically you only have to worry about side by side infection (objects with same rights).

Basically when you run full UAC + internet facing as LUA (with Chrome and IE run LOW rights) like uTorrent, LimeWire, Messenger, Outlook, Mail, etc + deny execute tweak through registry and use Chromium/Iron with WOT, Adsweep, IEtab and --safer-plugins switch you are done. Reason: Chrome (runs like IE with lowest rights) has an internal sandbox which even protects you from side by side infections. So on a x64 this means a speed bump and an increase of security.

Regards Kees

 

Yep Microsoft providing information us a real pain in a place where the sun dows not shine. So far so good about inheritance

a) Executables = they inherite the parents rights

b) folders can be set with the mentioned switches. I found this freebie usefull http://www.bpsoftware.com/products/BPACLer/

c) still not solved: forcing new files in a folder with Low rights also to have low rights. There are some freeware alternatives to icacls, but I like to get it working with the MS default tool first.

Regards Kees

 

What have you found on this? If I am reading this correctly, it states that

If you start Firefox with low level label, and it becomes compromised, a higher level application (define that exactly) that is not "checking appropriately" may be defeated by the lower level

Does that make sense?

Have you tried the "for /r" technique yet to propogate to all .exe files in a directory? Have you examined inheritance on parent containers to see how the container and objects inehrit this?

Questions questions questions.

Sul.

 

I have read latest matousec test.
I removed Forticlient free and installed Comodo Internet Security free (antivirus+firewll+defense+).
I have set the firewall and Defence+ to traing mode yesterday and today.
I have set firewall and defense+ to default settings now due to the training is finished, i think.

My security free suite is now:
A-Squared free [RESIDENT]
Advanced SystemCare [RESIDENT]
CCleaner [ON DEMAND]
COMODO Internet Security [RESIDENT]
COMODO System-Cleaner [ON DEMAND]
Glary utilities [ON DEMAND]
IObit Security 360 [RESIDENT]
KeyScrambler [RESIDENT]
Malwarebytes' Anti-Malware [ON DEMAND]
Microsoft Security Essentials [RESIDENT]
Mozilla Firefox + Adblock Plus [ON DEMAND]
SUPERAntiSpyware [RESIDENT]
Windows Firewall [RESIDENT]

 

To repeat what whitedragon551 said:
"Why did you ask for suggestions if you were going to disregard the more knowledgeable people at this forum?"

 

I have not the knowledgeable to understand this:

Set UAC to full

Use icacls.exe to run all internet facing programs (like your mail, firefox, P2P program, Chat, Messenger, etc) with Medium or Low rights (try Low first) see http://msdn.microsoft.com/en-us/library/bb625960.aspx

Use this trick to protect from driveby downloads of executables https://www.wilderssecurity.com/showp...42&postcount=1 Use these reg files out of this post https://www.wilderssecurity.com/showp...37&postcount=1

 

What he is saying and what everyone else has told you. You are running things that do the exact same thing. IObit and MBAM for example. IOBit stole MBAMs database and have since removed it. IObit is inferior to MBAM and SAS. With defense plus you dont need Windows firewall on, you dont need advance system care, you dont need ccleaner and comodo cleaner and glary utilities (pick 1), etc.

 

no dedicated rootkit scanner? might as well layer together a few more anti-malware scanners while we are at it. I'd recommend that you immediately install these tools (all of them)

http://download.cnet.com/SpywareBlaster/3000-8022_4-10196637.html?tag=mncol

http://download.cnet.com/GMER/3000-8022_4-10720107.html

http://download.cnet.com/The-Cleaner-2010/3000-8022_4-10915400.html

http://download.cnet.com/Microsoft-Windows-Defender/3000-8022_4-55082.html

http://download.cnet.com/Panda-Anti-Rootkit/3000-8022_4-10717196.html

http://download.cnet.com/Sophos-Anti-Rootkit/3000-8022_4-10702329.html

http://download.cnet.com/Ad-Aware-Free-Anti-Malware/3000-8022_4-10045910.html

http://download.cnet.com/Spybot-Search-amp-Destroy/3000-8022_4-10122137.html

http://download.cnet.com/Webroot-Spy-Sweeper/3000-8022_4-10192729.html

 

Heres a new rootkit scanner I saw on Technet. Better get this one too.

http://www.tizersecure.com/

You should definately get Tune Up Utilities to compliment Glary Utilities. You should also add KCleaner since its the same as CCleaner, but a bit better.

 

ooooo what a twat

 

what?

if i have the choice i would chose the minor devil: glary
it looks not as nice as tuneup but it has less options to crash a working system.
at least the simplest gui has ccleaner - oh wait - KCleaner has - but also less options than ccleaner

 

Perhaps you would be better off to stop playing with so many different applications, and find one or two that are deemed "excellent" and learn them. Read on how malware/virus attack, what doors they use, and how your security tools help with this.

If you are not able to understand things, because you are not yet experienced enough, is not a shame. It is where everyone starts. And you are in the right place to learn, for sure!

I think you need to slow down some, and read more, and begin to understand why you are suggested to use DefenseWall or Prevx. Then eventually you can begin to understand what Kees suggests, which is an alternative way to have better security without 3rd party tools.

Bottom line is there is no right or wrong, mainly user preference. But, you have in your list tools that do the same thing, which is not always the best thing to do.

Good luck.

Sul.

 

Kees, thanks for the advice.

Ilya Rabinovich says that DefenseWall is much stronger security environment than LUA/UAC. Do you agree? Beside that, he sees Patchguard as an obstacle for implementation of his security policies. Thoughts?