To what end do you desire security?

Having spent the better part of the last 2 years seeking to unshackle myself from the yoke of prompts like HIPS throw at you, and come to grips with some form of security that is more simplistic, I wonder, what are your thoughts?

For myself and what I do typically from day to day, I just cannot concede to use LUA. LUA is the best method, whether you go very stringent with a default-deny policy or the more standard implementation.

But all you Wilder "fan-boys", what do you really want these days, I am curious?

Do you want to see all the pop-ups from your security tools? Do you want absolute control still? Have you become tired of the constant game of which security tool is best for the latest threats? Do you still prescribe to using a mechanism such as AV which relies on definitions that must be current to maintain a whisper of absolute assuredness of the integrity of your files?

Or, like me, are you simply tired of employing many tools for a threat that never really strikes you?

I have settled with not using an AV at all. If in doubt I will submit a file to an online scanning house. I choose instead to use Sandboxie as my only 3rd party tool. I segregate everything that touches the net with it if possible. I have ran it through so many tests that I just plain and simple trust it like no other tool.

For my use I employ DropMyRights or SRP in Basic User mode for applications I deem as susceptible to compromise. This is essentially putting my internet facing apps in the same realm as LUA, while still leaving me without the restrictions LUA imposes for my common daily uses, such as futzing with the registry.

I rely heavily now on Macrium to handle my imaging needs, which for me has replaced most of what is left of security.

What do you feel is the direction you are headed? Do you still want everything under your thumb and willing to go through strict configurations to achieve this? Or, are you now knowledgable enough to use much less that you used to, with hardly any configuration, and be more secure that you used to be?

Sul.

 

Hi Sul,

The same direction I started out 20 years ago!

Early in my computing experience I conlcuded that user error is responsible for most problems. This can be confirmed by perusing the hijack forums.

When I began to look closely at exploits in the wild, I concluded that all I really needed was a properly configured inbound firewall and a properly configured browser. I saw these as the 2nd and 3rd weak points in a security strategy, the first being user stupidity and ignorance.

I became interested in White Listing when I began to do some home consulting, mainly for parental control over what the kids could download and install. Faronics had FreezeX - later Anti-Executable - and it was a suitable product.

While I've used it mostly for testing, in all the years, I never had an alert during normal internet usage. Why? Because nothing gets by the properly configured firewall and properly configured browser.

All software I install is purchased/downloaded from reputable sources, so I've never felt the need to upload something to scan. I always check around for user feedback before installing something.

In the years of poking around security forums, I've concluded that there is more emphasis on products than a well-thought out security strategy. A similar phenomenon exists on the photography forums, where such people are referred to as gear-heads: always changing camera systems, never satisfied with what they have.

There is nothing wrong with that, of course, as long as one realizes it has nothing to do with the art and craft of photography!

regards,

-rich

 

Exactly! I let go of all the security apps several years ago. All I use now are an AV (mostly out of habit), and Chrome. Nothing else. Router also of course. No LUA, although LUA in Win 7 is quite pleasant to use now.

I have been on the internet doing literally everything for over 15 years now, and have never been hit by any threat. So for me, it simply doesn't exist.

The day I do get bitten, perhaps I'll reconsider. But until then, it's all a waste of time.. I keep it simple.

 

I ditched Norton 2011 Beta a few days ago in favour of LUA, Applocker and Sandboxie.

For my current computing practices, it is generally unobtrusive, extremely effective and the main reason for changing, super light.

 

I think I've reached my limit
Only thing that can break though is an intelligent hacker imho.

 

Security that will make me feel safe online using the least computer resources as possible.

 

I've only recently registered here at Wilders, you might think I'm not qualified yet but I'm quite a security veteran actually. They do exist outside of this forum too

I never bought into the "security through products". Blacklisting and signatures stroke me as an incredibly stupid method and I literally hate bloated and slow or obtrusive nanny software, which, to add insult to injury, usually hooks deeply into the system thereby increasing attack surface, bugs and instability. Like Rmus I analysed the real an realistic risks and came to the conclusion that I didn't need any of that.

Through this forum I learned about SRP and Applocker. That's what I'm using now together with LUA which doesn't impose any limitations for my day to day work. Add to this a "properly configured browser and firewall".
I'm a cautious user and tend to think I know what I'm doing. Never had a security breach to my knowledge. I feel save enough, that's all I want and need. I think I also got this from here: "Security is a state of mind".

 

Long ago I ditched the av (although do keep MBAM on-demand for rare usage) and hips and have used with sheer joy: lua, AppLocker or SRP depending on the machines and built-in Win fw behind a router, with Sandboxie as the only 3rd party security solution on two desktops plus a laptop the kids will use. In the last 6 months or so I feel I've also pretty much mastered the fine art of properly imaging drives for safe keeping. I don't mind occasional UAC pop-ups.

 

I've been antivirus free for 2 years now,and never will go that route again.
Never jumped on the HIPS bandwagon.

I run what I have in my sig,nothin more,nothing less,period.

I've said it 100-times now and still tooo many people on these forums,still feel the need to pile on the security apps,taking up a half-page of software applications and hey if that makes you feel "secure" go for it!

For me,I've got life to live and not worrying about getting attacked from something thats not gonna attack me anytime soon.

 

This thread is so pertinent. Thanks for starting it Sul.

When I first joined Wilders, I was in awe of the depth of knowledge and the variety of all the security sotware that is concentrated here.

Of course, wanting to learn, I plunged in and used everything that I could afford to buy, and then (sort of) enjoyed watching all the pop-ups, while congratulating myself on how secure I had made my machine.

However, it very soon became pretty boring, and on analysing exactly what my online habits actually are, I came to realise (after I had run out of money and RAM) that my machine was so busy protecting itself from unlikely dangers, that it had little left for the tasks which I needed it to do.

Out went the HIPS, Anti-Virus, and 3rd party firewalls, together with the real-time anti malware, etc.

Now, I just use Sandboxie, Shadow Defender (for testing) FDISR (because of the Archive feature) and have on demand scanners if I feel the need.

For me, this setup, together with a reliable imaging program does what I hope is sufficient, and so far it certainly has been.

Regards

Ken

 

But, as I found out a very long time ago now, you can go about learning the slow way, what a setup.exe is doing or what a process started is doing, using firewalls and things like process monitor or regmon or diskmon or filemon.. stumbling along the way. Or, you can use a good hips appliance, and excelerate the process.

I personally believe that those who still use a lot of hips and stuff, like jmonge seems to (hey bud, sorry, but your are the perfect example, (bows low in respect) ) , either love to play with software or are still in the process of really learning.

But I want to know, from people like jmonge, where are you really headed? Are you content to keep trying out many different appliances, or do you have an end goal of finding the most bestest, most lightest-est, most bodacious-est configuration and be done with these security journies?

Sul.

Edit: @jmonge... please do note I am not being derogatory at all..

 

My pc is pretty bolted down, but hasn't changed a lot in the last few years. Liked to play with it, but that's long gone. I know the chance of getting infected is minimal, but I like to know it when I am. The pc is still fast, so loss of speed doesn't make me feel the need to trim it down.

 

Here I want to be both as insecure and secure as possible at the same time so no UAC and full blown admin.

In other words I want any and all all malware to come through and run unimpeded yet have the capabilty to discard any infection whenever I want.

The apps in my siggy allow me to do that.

 

Sully, all this is fine if you are one user, one computer, or you set it the way you only allow. Some dont have that luxury and have to trust in "Old-fashioned" apps.

I have a 64 bit desktop, wife 64 bit laptop, two teens with 32 bit laptops. All with different needs. Kids download music and programs to use, edit and create documents for school.. Yes, I would prefer to zip them all up and use ShadowDefender and LUA, but doing so would take away from the freedom and enjoyment that each get from their computer.

For me, keeping a clean back image that can be restored when one does, mess up, is the most important thing I do. Having a AV or Prevx allows for some sort of good protection and notification.

Malware I have found is a learning tool. Each time any one of us have gotten infected, I take the time to explain to that person how it happened and how to avoid it in the future. It works, my having to clean up is a lot less frequent. But I didnt give them computers to make them a object they couldnt fully utilize and enjoy. Though, it does resuilt in a self induced headache for me, from time to time.

 

My entire family has been hit by malware at some point. Having a program like FD-ISR and FD-SR have been my saving grace and easiest way to fix what is broken. I really dont understand a lot about LUA and how to use it. But even with my limited ability, they have yet to break something I couldnt fix. And malware programs do work, to some degree.

 

Sorry, for all the posts, by security to me isnt about what app you use or how you lock up your computer but more about regular maintenance. Once a week, I grap everyones computer and go in and clean the junk from the week out, make sure everything is updated and defrag. To me this is the one most important thing a user can do. My sons piece of crud, 3 year old Compaq laptop is still as good and fast as the day I bought it. It isnt because of LUA or any malare program, but, weekly maintenance. Plain and simple.

 

Sully,
Thoroughly enjoying this post.
I was mostly computer illiterate when I found Wilders.
And I knew nothing about pc security except what the ads told me about being at risk.
So I spent a good bit of money for AV's etc. and invested some time in learning from many of you at Wilders and elsewhere.
I'm still a novice and hope to remain teachable.
I've removed most of the software I used to use and now am happily using MSE, W7 firewall, router, Sandboxie paid and Keyscrambler free for everyday use.
I use Hitman Pro occasionally and have a lifetime license for SD, which I might use if I feel the need.
Also I make frequent images for backup.
My pc runs lite and fast.
Thanks.
Hugger

 

No resident AntiMalware, HIPS, and Software Firewall here, too.
-NAT/SPI Router
-Firefox with WOT and Adblock Plus
-Rollback Rx
-Sandboxie (Registered/Paid)
-KeyScrabler Pro and Trusteer Rapport.

I weekly check with MBAM, SAS, Emsisoft Anti-Malware, Hitman Pro, and F-Secure Easy Clean
BUT they find cookies in the worst case. I am without infection since the Fall of 2007.
I am fond of Security but Not of Paranoia...

 

A limited account and being behind a router are the two single most significant things a person can do to prevent and/or combat malware.
Yet so many have a notion that using a LUA is somehow going to put a crimp in their style.

If their style is allowing malware to have free reign over the system once it manages to get on board, then they're right.
If their style is spending most of each day installing and uninstalling software, then they're right.

I've been using a LUA on Windows for years. I use one on Ubuntu Linux when I occasionally use that OS. (Just like virtually everyone else who powers up a Linux OS does.)

I rarely have need or desire to log onto my Admin. account in Windows. A LUA puts no crimp whatsoever into my style.
The few apps I run which require Admin. privileges all run perfectly fine from a LUA when given the 'Runas' command.

Btw-- Once your bank account info has been stolen, restoring an image or rebooting into a new virtual environment doesn't reverse that action. Your bank account info remains stolen.
Which unfortunately holds true irrespective of user account limitations.

 

My idea of a secure system is one that does exactly what I want and nothing more. It saves only the data I want saved and sends out nothing unless I choose to send it. I expect it to let me browse anywhere I choose and not be altered in any way. I don't want it alterable by anyone else who uses it.

The only security policy I know of that meets these requirements is a strict default-deny. When I first started, I used anywhere from one to three AVs and at least as many anti-spyware and anti-trojan apps. At one point, I had over 20 security apps installed, over half of which were resident or scheduled apps. In 2004, I began experimenting with SSM and default-deny as an alternative to signature based security apps. About a year later, I removed all of the signature based security apps from my system and started using the same security package I'm using now, SSM, Kerio 2.1.5, and Proxomitron. Prompts from SSM and the firewall are not an issue. SSM doesn't prompt with the UI disconnected. There's very little maintenance on these as my system rarely changes. For the most part, testing and experimenting are done on virtual systems.

For a while, I was experimenting with adding SandBoxie to my default package as an additional isolation layer for the attack surface with more permissive SSM rules for the sandbox. Since then, I've concluded that it's not necessary on a default-deny system. I also make system backups whenever my system is changed. With the exception of reverting to a previous set of drivers, I've never had to use them.

For the most part, I'm where I want to be, security-wise. The only real improvement I'm considering is strong encryption for the entire hard drive with 3rd party software and combining that with a live CD experiment I'm trying.

 

Hopefully not. Folks, let stay on topic and keep in mind that people (the masses that is, where the money is) really don't "use" OS's, they "use" applications. Layered on top of that is first to market and installed base inertia.

That said - my end desires - 100% system uptime and file/account fidelity. That's it. All occurring quietly in the background, without my intervention or continuous reminders that those goals are being realized.

I can appreciate that a lot of tools provided by vendors not only try to provide that goal, but attempt to offer some information on the how's and why's of providing those end goals (firewalls are probably the most transparent in this regard).

However, when all is said and done, I want access to my system and my work without worrying that someone unknown to me is rummaging through it, and I want it available to me on my terms. It doesn't matter what the OS is. That only comes into play indirectly since I tend to work in and need to be compatible with a computing ecosystem that is Windows based. If key applications reside elsewhere, I'll go there.

Blue

 

I decided to simplify my approach to security a while ago as well. On my laptop I use an AV, SpywareBlaster & SUPERAntiSpyware (on-demand) & rely on control over Javascript on a browser (NoScript in SeaMonkey) & use WOT.

My next desktop will run Linux....

 

So if I get this straight, you guys are saying your desire for security would be even to use an OS other than one from Microsoft to achieve it? Does that sum it up?

Sul.

 

OK folks, let's rewind this thread a bit.....

Once again, please stay on topic. On topic means addressing the question "To what end do you desire security?" That should be a straightforward exercise.

Please note that this question is OS neutral. One doesn't need to mention a preferred platform since the answer simply doesn't depend upon it (never mind having the thread devolve into yet another useless discussion of the relative merits of the various OS options one can select amongst).

If you choose a specific OS because it provides a specific end goal that you strongly desire, that's fine to note. However, keep the discussion centered on that goal (whatever it is) and not your perception of the relative merits of the various OS's floating out there.

Blue