If you don't use an AV please post your Security Setup

I have to state that using something like Avira for it's guard only is what I have used for years now. I never do manual scans. I have not used scanners of any sort on my computer for years now. I guess I figure if I start clean, all I need Avira to do is tell when something is infected before I install. Since using vmWare, things are very different now. Sandboxie only made it easier too.

Currently I do it this way as an admin on my box (xp pro):

Install the OS, tweak services, close ports, basically make it obey me as much as possible
Install my favorite utilities/applications, no office or other large apps, just the little helper tools.
Install browsers, import my settings/configurations and sometimes proxomitron.
Install Sandboxie and vmWare. Import settings just the way I like. (forced folders etc)
Use SRP to restrict most every internet facing application to Basic User.
DropMyRights used occassionaly, so it is in windir or sysdir.
Some IPsec rules that restrict local activity and also specify remote addys for dns ports etc
Use windows xp firewall some of the time.
Install SoftPerfect firewall, but only use when checking and testing.
Lately been using Shadow Defender in shadow mode all the time with lots of exclusions for areas I don't want shadowed, this means no need to commit.
Use Macrium to make images to secondary hdd.
Use BartPE (with macrium plugin) in ramdisk, boot option available in boot.ini - this is for image restoration pretty much, but also have some tools like Clam AV in bartPE as well if needed.

Now the image has most everything in it. When I install apps like office, I install to c:\. When I install other things like games, I install do d:\program files\... This way I don't have to include large programs in my images. It is easy enough to export the registry values and save them in the game/app directory and merge them if I restore my image. Some apps require you save configs from 'my docs' but not all.

I have not been using AV now for awhile. Nor any hips/behaviour blocker. There are no real prompts at all, other than SRP telling me a policy is in effect to deny or the OS telling me the program does not have rights to do something because of SRP.

Other than a slight delay when using SB, I don't notice any performance issues, and I love not having any pop-ups from security tools. If problems arise, I will use my images. Worst case scenario is an OS reinstall, as I religiously backup my data I want to never lose.

Sul.

 

It's been about 18 months using the apps in my signature apart from Prevx which I've included for the last 5 months. No AV. System runs very fast. I have used NOD32 and KAV in the past but I play games on my pc as well and always had to close the AV down to run the games I play. With my current setup I can still play games without having to close things down. My pc is three years old, so not new by any means. One of the games I play is called Oblivion. It'll bring your system to it's knee's given a chance, but as I said my setup still allows me to play it(and any other games) without any slowdown. It's not bulletproof, but nothing is. But getting rid of an AV running realtime is without doubt the best move I ever made for getting performance back.

I do however run an on-demand AV system scan once every two weeks. AV's are still useful to me but not efficent as a realtime tool.

muf

 

I last used a resident AV in early 2006. In 2007, I deleted the remaining AV scanners and anti-spyware tools. For the last 3+ years, I've relied on a default-deny security policy which is applied to all aspects of my system.

Kerio 2.1.5 is my firewall on all my Windows operating systems. Internet access is restricted to only those apps that need it. Operating system components are not permitted to connect out. Inbound access is limited to apps like µTorrent and Shareaza and is restricted to one forwarded port. UPnP is disabled.

Proxomitron filters the traffic for all browsers. Firewall rules prevent the browsers from connecting out directly. My filterset is a combination of components from the JD500, Grypen, Sidki, and Andrew filters with several of my own. The configuration is too involved to describe here.

System Safety Monitor prevents any malicious processes from running and restricts the activities of whitelisted processes. On NT systems, I use SSM pro. 9X systems use SSM free. It runs with the UI disconnected so there are no prompts. The rulesets are matched to each users needs.

On my 2K unit, I'm experimenting with SandBoxie as an additional isolation layer for the attack surface. I'm undecided if I'll make it permanent.

All auto-updating is disabled for apps and OS. On all but one OS (98FE), Internet Explorer and other unneeded components have been removed. I maintain full system backups for each OS but have never had to use them.

 

Limited user account, software restriction policy, no autostarts for users, DEP and all unnecessary services turned off. I have a Linux firewall (IPCop) on an old IBM ThinkCentre as a gateway, no desktop firewall. I do have Avira on one computer and Avast on another, on-demand only, to check files I download.

A limited user account should be your first step in setting up a secure system. Running as admin with all kinds of security apps is like installing burglar alarms and then leaving your doors and windows wide open.

 

So true...

 

Computer One

• Windows XP, SP3
  
• NAT Router
  
• SandBoxie
  
• Limited Services Profile (19 processes running with no applications other than SB open)
  
• Windows Worm Door Cleaner (WWDC)
  
• SRP using limited accounts
  
• File sharing and NetBIOS disabled

Computer Two

Same as above but only SP2 with not a single critical patch released post SP2!

Computer Three

• NAT Router
  
• Windows Vista, SP2
  
• Outpost SS Pro with AV module disabled
  
• UAC Disabled
  
• Sandboxie
  
• SRP using limited accounts

 

The first step in setting up an secure system should and must be an reliable Firewall Router.
Limited User Accounts, well.....debatable.....for children yes.
With quality security software one can leave the doors and windows wide open, everything going through the doors and windows will be scrutinized.
Running in an Limited User Account with all kinds of security software installed is like placing an adult in an child's playpen.


HKEY1952

 

Unless you're talking about some industrial-strength router like Cisco, Juniper, Lancomm, etc., my IPCop firewall is as good as or better than any router. If it isn't turned on I don't get on the internet, so that's a moot point.

The rest of your posting makes no sense.

 

No, I am not referring to any industrial-strength router, just an home consumer router like Linksys or Dlink.
I would like to have an industrial-strength router like Cisco, but the price tag is beyond the contents of my wallet.
Now talking about industrial-strength routers for the home consumer, ZoneAlarm offers the Z100G Wireless Router.
The ZoneAlarm Z100G Wireless Router features an Antivirus, Firewall, Antispam and Parental Control solution at the Networks Edge.
All traffic passing through the router is scanned with Antivirus plus Firewall Rules before entering or leaving the router.
Policies can be setup within the router for each individual computer on the Network governing what applications have access to the Internet.
Very attractive solution. The price tag is reasonable also.

You can play with an virtual demo of the ZoneAlarm Z100G Wireless Router here:
http://www.sofaware.com/upload/Demo/Z100G/index.html


HKEY1952

 

XP Pro SP3
Outpost Firewall Pro 6.7
Geswall 2.8.3
Sandboxie 3.38

 

Doors and windows wide open here with every burglar being trapped in the sandbox then taken in for a mug shot and addition to blacklists.

And I've let thousands of burglars enter.

If you can't run a secure system as admin then maybe you really need a limited user account.

 

i always run admin because i hate the limitations of using LUA, i like to be in full control of my system and not have to constantly switch accounts when i need to do something. (and i do things with my system basically daily so LUA wuld be a serious irritant for me)

 

That looks pretty good if you have $150 to spend. I do this stuff on a budget, my ThinkCentre cost 64€ on eBay (with 1 yr. guarantee) and the Linux firewall distros are free. Some of them, like ClarkConnect and Astaro, will do all of that as well (except the wireless part, you'd still need a wireless router to add to it).

 

That statement is idiotic. I use the features built into the OS rather than depend on some software application that can crash, fail or be bypassed. I suppose that Unix/Linux/BSD/OSX use limited accounts as the default because their users aren't as smart as you are.

 

Now now Johnny123 don't go getting ya knickers in a knot.

As for linux systems - http://free.avg.com/download?prd=afl - hey AVG haven't ya heard it's impregnable due it's "oh so secure LUA" environment.

LUA - BAH!

 

agree lua adds some protection not all (a sandbox/hips is way better and safer than Lua)

 

You and Franklin are obviously trying to outdo each other with ridiculous statements.

Pray tell us uniniformed souls why your software solutions are "way better and safer".

 

Security wise it is best practice to segregate any Wireless Network from the internal Local Area Network.
Positioning the Z100G outside of the Gateway Router of the Local Area Network will segregate the Wireless Network from the Local Area Network.
The Local Area Network can still benefit from the Z100G protection.


HKEY1952

 

Limited User Accounts are designed for Computer Administrators as an tool to protect the Operating System when the computer is used by Non-Administrative people,
such as an Guest at the house and for Children.

I agree with you that one should use the features of the Operating System for security rather than rely primarily on third party protection.
The upcoming release of Microsoft Windows 7 will provide just that, there will be no need for third party security.

01)- Improved and hardened Limited User Account
02)- Improved two way Firewall
03)- Internet Explorer 8 exists Ad, Popup, and Phishing blocking and protection
04)- Optional installation of Microsoft Security Essentials will void the need of any other third party security software

Microsoft ignited this trend with the release of Microsoft Windows XP and the berth of the Limited User Account.
Microsoft warned security venders their market time is limited with the release of the scaled back Microsoft Windows Vista featuring the two way Firewall with hardened Limited User Account.
Microsoft will now enforce their right to protect their Operating System with the upcoming release of the True Vista, Microsoft Windows 7.


HKEY1952

 

Lua will not protect you againts screen catching or data theft where a sandbox/hips will save your bacon own experience also my friend uses lua and antivirus and got infected(i have to clean his infected pc)put in a sandbox program called appranger and never been infected again it is not an stament it is real life situations

 

it gets really annoying after a while seeing how these people think LUA is impregnable and can do no wrong, ther wuld be no need for virtualizers or policy restriction software if that was the case. nothing is invincible, but software meant specifically for the task of protecting is a better start.

 

That's why a software restriction policy is a good addition to LUA. The concept is simple. Where you can execute something, you can't write, and where you can write you can't execute.

I have no sandboxes or realtime scanners and I don't get infected either. Also a "real life situation".

 

For the longest time I would have argued against this concept as others here are doing (well, they are at least arguing against the effectiveness of LUA), but recently I have adopted it as sound policy in protecting a pc, especially the enabling of SRP.

I prefer the balanced approach; one or two third party security apps along with LUA and SRP, although I've mostly ditched the use of antivirus.

 

It also gets annoying to see people say LUA is useless and only for children when they don't know what they're talking about. Everyone here is always babbling about "layered approaches" and LUA is the first layer you could use that will probably stop around 95% of the malware floating around without having to install a thing. Anyone saying that running as admin is safer than running as a limited user is bonkers.

I see in your sig that you are running Vista Ultimate. Software restriction policies are already in the OS. All you have to do is turn it on, why install some third-party app to accomplish the same thing which will probably run in the background eating resources?

 

Again for those arguing against LUA, dig around in these forums for posts from members: Lucy, Windchild, tlu, Rmus and Sully (sorry if I've missed someone) and read some of them with an open mind, and you will find very informative discussions on the subject. There is no denying they have a far better grasp on the subject than the majority of us.

I would agree that those who have a sound technical grasp on Windows can probably run years malware-free under an admin account, but I don't see the point of doing so for those (the majority of users) running under admin if they don't have to. Everything I need to do runs fine under limited accounts, so admin is only necessary for installing programs or other admin-required tasks and maintenance.