My Security Setup, Can Anything Bypass It?

I'm not expecting to keep hackers off, just the malware they create.

 

I disagree ....if you have sandboxie configured with Start/Run access then the keylogger will not be able to execute. Even if you do have the keylogger execute and you have "automatically delete contents of sandbox" that would delete the keylogger. Then start your browser with a fresh session.
http://www.sandboxie.com/index.php?RestrictionsSettings

 

Yes - even if you install 120 on-demand-scanner - there could be malware that can bypass them

 

@Troy45
Yeah. right.

Some info you might want to know about SBIE.
http://www.sandboxie.com/index.php?DetectingKeyLoggers


@TS
Keep overlapping til you're satisfied.

 

That exact why Sbie protect you. I think you no understand how use Sbie to full extent?

 

huh? that's old news actually.
I'm recommending key encryption software for protections against program running outside SBIE.

 

First line of defense is the router, OpenDNS might help, there has been a debate before, but better than nothing.

Relying on firewall/hips to control execution and net access, good. It will all depend now upon your knowledge to answer prompts and set rules. Only as good as your answers really. The others, added bonus.

UAC and default-deny SRP - a tough combo. You must manage this, but offers good protection for what you do configure. Spyware blaster - isn't this only setting browser protections?

Here you rely on updated lists of things to scan for. AV is always behind the real-time. Still, can be a useful resource for on-demand if you always scan with current definitions. The combination of multiple engines gives a greater overlapping of detection rates one would think. Do you update each, then scan with each? Seems like a lot of work but the only way to ensure the highest detection rate.

Standard stuff these days it seems.

Peripherals that can help you but don't offer any protection unless you actually use them and understand how to decipher them. The uploader offers nothing other than peace of mind. Do you upload after one of your on-demand scans find something?

Wow, a lot of work keeping up with the latest of everything.

And here comes the real protection. Running your net facing apps in a controlled environment.

Ah, should all other resources fail (and that is a lot of 'other' resources ) you can fall back to your images. But, do you have a scheme in place so that your data is somewhere different than your OS? Replacing the OS is nice, but if you spend hours reconfiguring everything or waiting for a huge image file to install, is it really convenient? Properly thought out backup plans should place data to a location that is safe, but also fast and easy to access from your images, at least IMO.

You refer to DEP or SEHOP or AppLocker, as well as the LUA?

There are other programs than those you have chosen. Some require less 'tertiary' help. Some, it depends on the 'paranoia' level of the user. No disrespect intended, but you seem to lean to the 'paranoia' side of things. Understandable, as the threats are real. Personally, I don't think with that much arsenal guarding the gates you will have many problems. I think you could shave probably 75% of that off if you so desired though.

Sul.

 

@Troy45:
My SandBoxie does automatically delete everything. About Start/Run access, isn't that covered by my SRP? Very interesting nonetheless.

@Sul:
SpywareBlaster protects against ActiveX, Cookies, and Restricted sites for IE. Only Cookie Protection for Firefox. Might not be much, but it's light and simple.

Yes, I update then scan with them. Usually keep it in the background and do other stuff while scanning. Their process priority is lowered.

I upload first, and usually don't bother to scan afterwards. If it's from a trustworthy source (non-warez or p2p, LinkExtend all green, personal experience, etc.) and nothing detects it, then that's all the confirmation I need. Really like how it checks for hash first, therefore saving time. I think it's more than just a peace of mind, there's 40+ scanners after all.

The images are stored in another partition. Hard drive is pretty new, and MediaShield says nothing, so I think it's ok. When there's even the slightest hint it's failing, then I'm backing up to an external hard drive. Also got a boot cd.

DEP is enabled on default, SEHOP is disabled on default, and AppLocker is only on Ultimate.
Wouldn't encrypt my entire system though, real conflict can occur, images might fail, and hard disk life will be decreased. Totally unnecessary.
Since UAC is on and I use a lot of utilities, LUA is too restrictive for me.
SEHOP looks interesting, but I'm worried about conflict. It seems very advanced and I have a hard time understanding as well.

Thank you for your input.

 

And what´s the point of using it if you use Sandboxie already?

 

Gonna add Anubis to my list. Like its summary description, nice and simple.
ThreatExpert also seems interesting, but 5 mb is too small imo.

 

Cookies blacklist, I'm rather privacy sensitive.
Also have this Windows Sidebar Gadget Mini Explorer on my secondary monitor. Convenient when I don't want to open another browser window (or the browser itself), but not sandboxed.

Edit:
Actually I should SandBox the Sidebar nevermind. Also Cookies Blacklist is more of an excuse, there's much better methods already available. Guess I'll uninstall it.

 

Your setup is mostly nice I like because it free I notice! But your comment not much make sense to me here. Windows 7 make is easy to run user limited. Ok? What problem for you? You can ask me as I here to help. By way many here I note say such thing as dont need much protect. It true but if you want talk like that then dont need much protect except may be one program or good browser. Fact is that user limited give tight protect and it should no be too restrict like you say. I know many Chinese hacker who just run user limited and nothing else. It because they know a lot and how to avoid get infected any way. May be same for you. But may be you dont understand user limited.

 

Many of the programs I regularly use require admin privileges for proper function, therefore it's much more convenient for to work in a admin account. UAC default-drop rights is good enough in my opinion.

 

That is whole problem. Need use program that run nice in user limited. Many program can do this. All program that dont run nice in user limited are bad program or very old program. Ok? But yes you do what you like.

 

Those programs need admin rights because they're system utilities. I have many more programs that don't need admin rights.

 

privacy sensitve eh?

bye.
Konata Izumi

 

How many time you use system utility a week. No need to do that many right otherwise you spend all time on system utility and never use comp! So if no spend much time then just answer UAC prompt to run it as admin. As I say Win 7 make it easy to run user limited. Very nice.

 

Umm, some people do things that require being an admin. LUA is very nice, and very much better than running as Admin from security perspective. But, LUA is the most annoying thing when you constantly do things that requires admin. I would rather get infected a dozen times over than use a RunAs or click UAC "ok" button that many times during a day.

Win7 does make it "easier" to run as LUA, the same as SuRun does for XP. The argument that one should not use older programs that do not comply to "user space" requirements is only an opinion. Many fine programs exist that do require admin. It comes down to what the person really desires: a new program that may not be as "nice" but works in LUA, or an older program that "rocks" but does require admin.

LUA is NOT the answer for everyone on the windows platform. But, for most, especially the novice, LUA IS the best approach.

Sul.

 

You right but I say Windows people not used to clicking and putting password. Think Linux. Alway put password when want do admin thing. Ok?

 

Somebody should make a Norton UAC tool for Windows 7

 

I actually use Ubuntu Netbook Edition on my Netbook. It's my overnight downloader and ultra-portable machine.
Not too bothered by entering password, because it's mostly for installing, updating, uninstalling, and configuring. With Windows LUA, it's a prompt for every program that needs admin rights, even a few on my startup.
If you enter the password on Ubuntu, it won't prompt you for a while after. With LUA UAC, it's prompt, then prompt, and then prompt.

 

Why you use Windows at all then. Your answer will be nice because I can use it for those who say Linux better Windows. If Linux better Windows why still use Windows. Ok? Also if you do so many admin work why you need so many security. If you do many admin work mean you need less security. Mean you know how to keep clean any way. Ok?

 

Currently I'm not used with Linux yet, and it doesn't seem provide everything I need. I can't install anything other than binary packages without tutorials.
I've got to say that Windows software is more superior at the moment as well.

One of the biggest caveats is my damned widescreen monitor. It's EDID is incorrect and forces Window to use low resolution. Had to use ATI CCC to ignore it. As for any Ubuntu-based distros, "Out Of Range" appears at even the Live CD. Not sure about other distros, but I doubt I can get the correct resolution without some serious tweaking out of my technical skills.

 

Also got to add that as Linux gets more popular, there will be more malware for it.
Which is the best rootkit remover / protection for Linux?