Critique my setup

Discussion in 'other anti-malware software' started by Newby, May 23, 2010.

Thread Status:
Not open for further replies.
  1. Newby
    Offline

    Newby Registered Member

    Okay,

    I have to use an older PC (because somebody messed at work, our company laptops do not allow a second admin user on a different group anymore). So did gather some advice through PM (thanks).

    This is what I have come up with on an desktop XP Home SP3

    Behind Router with NAT firewall

    Windows XP Firewall

    Comodo Time Machine
    To reduce updates on C: [Windows] partition I created a seperate Data Partition (excellent tutorial on Mrkvonic site) and moved Temporatay directories to a special Temp partition (same as Kees1958 ) containing
    - Internet net files
    - Temp & Tmp variable
    - Download directory

    Policy Management
    Running Admin with PGS (thanks Sully) with deny execute on Data and Temp partition and running:
    - third party aps as basic user (flash, foxit, pdfcreator, 7-zip, java)
    - internet facing aps as basic user
    - my Softmaker office aps as basic user

    PrevXSafeOnlineFacebook freebie
    Note I deleselected the realtime MBR check, because it possibly interferes with CTM (just to be sure). I have gradually upped the heuristics (as Kees1958 advises), which are now
    - heuristics = HIGH (apply AFTER age/population)
    - Age = MAX (only look at latest to reduce CPU usage of PrevX)
    - Popularity = LOW (only recent programs also)

    The idea behind this setup is when PrevX spots something, I travel back in time on my Windows partition with CTM, because PGS protects other partitions I can't be infected (deny execute is simple and strong according to Rmus). CTM runs very efficiently (plus providing some MBR protection). PrevX3 freebie also scans for MBR rootkits, so I am not that worried running Admin. PrevX only looks at newest arrivals, so when infected I do not have t travel back to much (I hope :). Becasue of this PrevX3 free also very lean, safe online only kicks in on https websites, so no CPU waisted while surfing normally.

    Browser
    I am using Chromium as primary browser. I enjoy its speed (using Adsweep, SiteAdvisior and Wot extentions). I am not looking for warez, not using any Peer to Peer or messagsing programs, not visisting dubious sites, so think I have a moderate Internet risk profile (and hope the sandbox is strong enough when Mcfee and Wot miss something out)

    On demand
    Using HitmanPro on demand (for the rare occasion I try-out a new program).

    No outbound control
    As said it is an older PC, so I want to keep it as lean as possible. I am also having doubts on added value of outbound (post intrusion) protection.




    Thanks Newby
    Last edited: May 23, 2010
  2. Konata Izumi
    Offline

    Konata Izumi Registered Member

    Very very very Good. :thumb:

    1 Question how can I disable Prevx' MBR check? is it somewhere around the settings page. I'll check it anyway :D
  3. Newby
    Offline

    Newby Registered Member

    Konata, thanks for the heads up

    I originally I tried Sandboxie free plus PrevX free. But Sandboxie needs configuration. Evertime I read on Wilders "with a proper configured Sandboxie you are safe", to me this implies that I have to be experienced to use SBIE properly. I also ran into problems using SBIE and PrevX Safe Online FaceBook freebie.


    Your question
    When using the facebook freebie (different language here, so hard to explain)

    Click second vertical option (below status, problably called settings) on the left

    Choose standard configuration (icon left top on displayed panel)

    A list is displayed, second from below (real time scanning MBR)
    Last edited: May 23, 2010
  4. Kees1958
    Offline

    Kees1958 Registered Member

    Nice setup,

    I kicked out keyscrambler and Tusteer and tried PrevX SafeOnline freebie again. This time I do not have delay when typing a web address in the browser address bar (so they have fixed it :thumb: ).

    Only running Power user instead plus secpol for deny execute

    EDIT: plus forticlient free FW.

    Regards Kees
    Last edited: May 24, 2010
Thread Status:
Not open for further replies.