Please comment my setup

Discussion in 'other anti-malware software' started by Newby, Oct 30, 2008.

Thread Status:
Not open for further replies.
  1. Newby

    Newby Registered Member

    Joined:
    Jan 12, 2007
    Posts:
    153
    Hi,

    I have not the latest hardware (Athlon 3700+ with 2GB Memory), so I wanted a 'reasonable' secure AND light setup

    Behind a Router with NAT/SPI

    XP Home SP3
    - no MS firewall
    - no MS defender

    Security:
    - SURUN (therefore implicitely running all internet facing aps as limited user)
    - ThreatFire V4 with:
    a) outbound control (former Kees1958 tip, now included)
    b) registry protection rule (Kees1958 tip)
    c) file protection (Kees1958 tip)
    d) added custom rules for all internet facing aps warning when these aps execute something outside their own program directory, see Iron example below

    When SRWare Iron|SourceProcesses
    tries to execute|TriggerAccessFlags a file
    in C:\Program Files or C:\WINDOWS|TriggerFolders
    except when the source process is in the system process list
    or the source process is in the trusted process list
    or the target file is in C:\Program Files\SRWare Iron|ExcludedFolders

    e) Browsing Internet with Iron (Chromium clone with better Webkit version)

    Runs really light, have not tried against malware

    Backup/Restore with Maxtor Maxxblast (free because I have seagate drive)
    On demand: Bit Defender/MAM/SAS/A2 all free before backing up image

    Thanks to Tlu, Cerxes and Kees1958 Kind of imitated Kees1958/Cerxes set up on an XP Home with the help of Tlu's excellent posts on Surun, Kees1958 ThreatFire tips and Cerxes tips for getting XP Pro security tab features with FajoXP

    Question to other members
    Is there a web site rating add-on Chrome/Chromium/Iron, or something that works with IRON?

    Do you think this minimal setup is safe when not a risky surfer or 'try new programs' addict? ;)

    Thanks Newby
     
    Last edited: Oct 30, 2008
  2. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    I did :eek:

    You are not protected against System Shutdown Simulator type of intrusions. On the good side when running LUA they can not do much harm. So your fine, you even have Iron as an extra bonus see EDIT

    Download Anvir task manager free (will show changes in start ups when you launch it = ON DEMAND, see options) and Eset sysinpector to check all startup entries before backup.


    EDIT: Using Iron (Chromium with latest webkit release) is a good choice as this interesting study shows

    http://crypto.stanford.edu/websec/chromium/chromium-security-architecture.pdf

    In short: The browser has seperated browser kernel and sandboxed rendering engine. The browser kernel does not allow the rendering engine to commmunicate directly with the OS (ergo is sandboxed). A POC with an known vulnability in the XML parser of Chrome (XXE vulnability) prooved that the exploit was blocked from accessing the file system (unable to read data from harddisk), but was able to mess within the sandboxed rendering engine.

    Because Chrome 'inherites' all the exploits of the components it uses (which is true for any program using components) and no software is error free, Chrome can not be 100% bullet proof. On the other hand Chrome is definitely a lot safer safer than other browsers at the moment.

    Chrome would have not be vulnarable to 67,4% of the browser exploits of the past year (and would have protect you against 70.4% of the real serious exploits of the past year), by using this two layered security model (user interaction with browser kernel, sandboxed rendering engine doing all the internet related tricky stuff ).

    By running Iron with limited user rights, you prevent Iron to save to windows and programs directory, your extra ThreatFire rule also limites code execution to its own Program Directory, making the containment even stronger. :thumb:

    EDIT2: Seems that the vulnability of using previous webkit release is solved with the Chromium 0.3.154 release. So security advantage of IRON is questionable now (also because Chromium releases more updates frequently).

    Cheers
     
    Last edited: Oct 30, 2008
  3. HURST

    HURST Registered Member

    Joined:
    Jul 20, 2007
    Posts:
    1,419
    I would enable Windows Firewall to have inbound protection, unless you are behind a router.
    The rest seems fine.
     
  4. Someone

    Someone Registered Member

    Joined:
    Jan 18, 2008
    Posts:
    1,106
    Maybe you could add Sandboxie, or Returnil/Shadow Defender.
     
  5. Newby

    Newby Registered Member

    Joined:
    Jan 12, 2007
    Posts:
    153
    Hurst, see bold

    Someone, after reading the explanation of Kees1958 on Chrome, I already seem to have a sandbox, what would adding sandboxie provide me with extra security, considering the fact that I run limited user also?

    Kees, I changed to Chromium 0.3.etc It is a lot faster than 0.2 version (on which Iron was based). Some fun links to test webbrowser speed:
    http://code.google.com/apis/v8/run.html

    http://webkit.org/perf/sunspider-0.9/sunspider.html
     
    Last edited: Oct 30, 2008
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.