Suggestions for a Windows 8 Pro 64 bit setup.

I just built a new PC that is running Windows 8 Pro 64 bit. My PC has an SSD for the OS and a HDD for data and large programs. I also have a UEFI type BIOS. I'm new to all of the tech in the PC and OS.

So far I have installed Keepass and Sandboxie 4.04 paid. After I get everything installed I will create a standard user account for my daily use. If you have a link to information on the best way to setup a standard account I would appreciate it.

What other programs would you suggest I install to protect this PC? I would like to use as many free apps as I can. I would like some sort of execution prevention or HIPS program. I would also like a good firewall. On my old XP 32 bit machine I ran Sandboxie, OA HIPS/firewall, Avira and Returnil or Shadow Defender (on demand). I also had free MalwareBytes and SuperAntiSpyware for on demand scanning).

 

To be honest, if you have Sandboxie, I really don't think you need a HIPS, policy-restriction program, or Shadowdefender. Anything bad you may run across would be sandboxed so execution prevention wouldn't be necessary. I'd recommend a simple free AV, and HitmanPro for on-demand. Maybe change to a different DNS server as well, such as Norton DNS or Comodo DNS.

 

I put a lot of faith in Sandboxie but I guess I like having an extra layer. Maybe I don't need it with a standard user account and UAC. I'm honestly out of my comfort zone here. I also like using a light virtualization app for trying new programs and surfing the dark side of the web.

Does HitmanPro have the option to scan individual files and folders? I'm really looking for something to scan all files I remove from the sandbox. I use VirusTotal or Jotti but I still like to scan locally.

How reliable and fast are Norton DNS servers? Would it affect online gaming?

Are Avira, Avast and Bit Defender the only decent free AV's? I looking for one with a very high on demand detection rate even if that mean false positive as long as it gives me control of what I want to do with the file.

 

That would be Avira then

 

1) Very reliable. Won't affect online gaming at all.

2) All three are good choices. Test them for yourself and pick the one you like the most. There are a lot of good threads at Wilders which you could search for if you want more information.

Good luck!

 

Here are instructions on using SRP (also instructions on Parental Controls for non-Pro versions of Windows, that can be set up to do most of the same than SRP).
http://www.mechbgon.com/srp/

Win8 and 64-bit support is still more or less limited in many security programs. Can't really say which ones support them best, but not Norton. Checking the latest tests on 64-bit and Win8 environment prolly give some clue.

 

Also, here is a link to A LOT of free security software. I got it from the sticky-thread.

https://www.wilderssecurity.com/showthread.php?t=249469

 

I've been using Avira free on my old computer and I think they removed the option to ask what to do when it detects something. I would appreciate a confirmation if the free version asks for real-time and on-demand detection.

I would love to be able read about and try out a bunch of security programs but I'm going nuts dealing with a new computer, new tech, Windows 8, drivers, BIOS issues, stability testing, installing programs, data, etc. I also don't want to muck up a new machine by installing and uninstalling a ton of security programs that dig deep into the machine.

I also know "there is no best" but I've narrowed down what I'm looking for in an AV. Windows 8 64bit compatible and high detection rates (false positives not a problem if user can decide what to do). I've used Avira for about 5 years and I'm also pretty familiar with Avast free and it's what I install on family member's PCs. I just don't' know what else is out there that the "security gurus" are running.

Thanks for the link. I'll see if that fits the way I use a PC.

Thanks for the link but it hasn't been updated since 2009. I was practically living on this forum back then .

I honestly know what I'm looking for in a "roll your own" suite. I want to isolate internet facing apps (Sandboxie). I want apps to scan what I remove from the sandbox before I run them. I want something to let me know when something I didn't start runs (if it can't run, it can't infect). I would also like a firewall to control outbound connections. A light virtualization is just for trying new apps and surfing the dark side of the web.

 

Make a clone/image of a base system, then add a third party firewall, make another image of that system, restore a base system, equip it with another third party firewall, then try those with some other security progs to see if you get a working combo or not, and see what you like. (Btw, the new Avast causes blue screens with Comodo 6.x fw on boot. Not every time, but too often.)

If anyone wants help with imaging and/or multibooting, I've done those quite a bit. You can even boot Windows instances (including Win7 and Win from both primary or logical partitions. Took some time to find out how to do that, but it works with post-XP Windowses too. (A common thinking used to be, that Vista+ OS's can only be booted from primary partitions unless you place the 'boot files' like BOOTMBG and BCD on the first primary partition, that would make truly independent installations of several Windowses on the same HD impossible)

 

Thanks for the suggestions chimpsgotagun!

I was looking around mech's site that you linked to and I'm looking into setting up Secure Boot. I'm not sure I can do it as my GPU may not have a "UEFI GOP Bios". Whatever that means.

So far here is my setup.

Router
Windows firewall (Does this have good outbound control?)
Avira free (other suggestions?)
Sandboxie

What I'm considering.

Standard User Account
Online Armor free or an Anti-Executable or SRP. (Which method covers the most executable types?)
Shadow Defender (Looking for more suggestions. Are there any free light virtualization apps that work in the memory?)

 

You could use the Software restriction Policy of your Windows 8,

Set default level to basic user
Set all files (incl dll) all users except Admin

No you can install files by right clicking "Run as Admin" after having them scanned by VT. Clicking a downloaded executable in user folders will trigger a deny prompt

Download the http://www.symantec.com/connect/downloads/msi-run-administrator-context-menu-vista
This also provides you with an option to run MSI files as Administrator.

Add EMET, with a boot to restore for trying out software and sandboxie for dodgy browsing, you will be fine with any AV of your choice. Using boot to restore a cloud AV would make sense (free Bitdefender or free Panda)

 

Thank you for your suggestions Windows_Security. I will have a closer look into them very soon.

I just reinstalled Windows 8, installed drivers, Avira and Sandboxie. After that I created a standard user account and then installed firefox. Is this the correct way to go about using accounts? Also, I'm using KeePass portable. Where should I put its folder?

Also, I'm wanting to try the 4 free games that I got with my graphics card. 2 of them require Steam to be installed. Apparently this blows a big hole in a standard account. https://www.wilderssecurity.com/showpost.php?p=2207063&postcount=4

First of all, do I install things like Steam with my admin account or standard account? How would I go about mitigating the hole it creates? Simple solutions first please.

 

I have it in Avira Premium. Im pretty sure they didn't remove it from the free version either. You have to go to Real Time protection --> Scan--> Action on detection.

I like Avira more than the other ones because its Web filter blocks adaware. Something that a lot of other AVs miss and that also includes Norton DNS.

 

This one's pretty simple one. Make a base intallation before installing hole-creating software, and make an image of it. Then install the stuff you want, test it, and afterwards write the partition over with a fresh image.

An 'off-line' method of making an image easily. Get a Clonezilla, put it in a USB stick (with e.g. Yumi), boot Clonezilla, but enter the command prompt aka shell, and use a command
'fsarchiver -eswapfile.sys -ehiberfil.sys -j4 -z8 savefs -s 4000 ./MyWinImage.fsa /dev/sda2'

To restore it later:
'fsarchiver restfs ./MyWinImage.fsa id=0,dest=/dev/sda2'

First you have to mount a partition you are using for storing the image with ntfs-3g if you are using NTFS partitions. And use the correct partitions anyway, I only had sda2 in this example (sda1 is usually used for 'boot files' by new versions of Windowses). Basic unix commands needed.

Now restoring Windows takes about half a time that it took to make an image - depending level of compression used (z8 above is pretty deep). And much easier and faster than doing a new install from Windows install DVD. When you think your system might be compromised, or otherwise messed up, restore from an image. (Yes, there is imaging system built in Windows nowdays too, so you can also return to previous restore point.)

 

In Avira free it gives you the interactive option for the system scanner but for Real time protection - action on detection it only has Use event log. This is to send a log to the Windows event log.

Since I'm curious I did download an EICAR test file and if I click Details in the Avira taskbar pop-up I get another Avira pop-up in the center of the screen which has the options to Apply now (to quarantine) or cancel. Cancel works so it looks like I'm good to go .

chimpsgotagun, Thanks for your suggestion. It sound a bit complicated for me but I'll keep it in mind. It does sound super light and fast.

 

I think RT Avira would add a lot of unnecessary overhead to a HIPS.

Why add it? It backs up a HIPS. So when you get an anti-executable notification xxx.exe is trying to run, you can assume Avira has scanned it and found it "safe". This increases coverage.

Why not add it? It's a realtime suite so has tons of services even if you configure to be OD as possible. Now everything is being scanned and sucking resources. Things you already vetted by the HIPS, or non executables.

So you may be better off with a true ondemand product. If hips triggers a warning, scan it manually and with more powerful products like VT uploader and HitmanPro. These have far less ongoing overhead and use more scanner; HMP has behavioral tagging, so even if no AV hits, it may still flag as an "unknown"--having a low reputation. This could even potentially stop signed malware like Stux and Duqu.

So I would do a HIPS like Comodo or OA and add:

Router
Keepass
Sandboxie
HMP with context menu
MBAM with context menu
EMET / Kees (Windows Security's) posted hardening techniques.

At images/roll backs. Just use an image. If there is a problem: fully roll back. Rollback OD/Shadow doesn't work IMO over images in a security setting. If you put malware on a roll-back protected box, your credentials/data can still be stolen. Only use quick rollback for testing "safe" progs you are unsure of in regard to things like performance/compliance/compatibility.

In short: do NOT "test" likely malware on a real system with real data. If you are unsure of a prog: send it to an AV house for manual analysis. If you coincidentally stumble upon malware--fully re-image and change your credentials etc.

 

Go with a layered approach. Almost all current security software is compatible with W8.

 

Sordid,

Thanks for your reply. I understand what you're saying about Avira. I would like to drop running a real-time but I'm not that confident with HIPS pop-ups and especially when it comes to Windows 8.

As soon as I saw your suggestion about using HMP's context menu I installed HMP. Is it really a good on-demand scanner and does it dig deep into a file or folder like Avira would? Will it scan other non-exe type files if I ask it to? I see that their site says it won't upload private documents to their cloud scanner.

P.S. I didn't know Windows_Security was Kees. I will have a look into his setup and suggestions very soon. I want to harden Windows against attacks as much as possible.