What is your browser security approach these days?

What kind of browser security approach is everyone implementing nowadays...

 

1. Plugins Disabled

2. All file-types prompt for action

3. Javascript and Cookies whitelisted per site

regards,

-rich

 

Sandboxie with Drop Rights and Internet Restrictions.

Adblock Plus (Malware Domains Subscription), avast! WebRep, LastPass, BitDefender TrafficLight, WOT.

Firefox website blocking enabled. Always up-to-date.

 

Sandboxie (forced)
OS tweaks (Low Integrity and 1806, etc)
EVERYTHING gets downloaded to one directory that is forced into a different sandbox
MBAM - installed but never used - saving it for a rainy day

Sul.

 

@ Kernelwars

Wonder why nobody thought to start a specific thread before now Anyway, what about you ?

Mine =

Firefox with NoScript/JavaScriptOptions/BetterPrivacy/Ghostery/RequestPolicy/AdblockPlus/Force-TLS/HTTPS-Everywhere/Calomel SSL Validation/ All these are maxed out, with no visable slowdown. In fact without loading Scripts/Ads etc i guess it would be. Only on a few www's do i selectively allow Scripts etc, and Only temporally

Using Calomel's option to write cache etc Only to RAM, not the HD.

Cookies disabled, unless needed, not often though.

PSOL on max.

Prompts for Foxit PDF viewing & ALL file downloading.

Avira actively scans FF for maliciousnous & ALL downloads.

No problems surfing wherever i want here, bad or good.

 

Bufferzone, as simple as that .

 

Standard Account + SRP + UAC at max.

Chrome for day to day browsing, IE9 for online banking.

 

Sandboxie,EMET,addblock plus and noscript......firefox
IE9, EMET with disabled add-ons.

 

I've read some notes on low integrity, such as :

-http://msdn.microsoft.com/en-us/library/bb625960.aspx-

its just too much for me

are there an easy way to set low integrity?

ps : I notice (using process explorer) that using "sandboxie's drop my right", browser will be set to medium integrity not low integrity. am I wrong about this?

 

EMET
MBAM PRO

• IP filtering

​

Sandboxie 3.54 Free (64bit):

• Drop rights
• Automatically delete sandbox contents
• Internet access & execution restrictions: firefox.exe, plugin-container.exe,acrobat.exe...
• Blocked access to areas with sensitive information (my documents…)

​

Sandboxed Firefox 4:

• F-secure protection browser.
• WOT.
• KeyScrambler Personal 2.7.1
• Adblock Plus (Pop-up Addon, Fanboy´s List, Malware Domains).
• NoScript.
• LastPass.
• Search Engine Security.

​

 

Firefox 4 with:

Geswall 2.91 Free
Adblock Plus

Thats it!

 

You are not wrong about it, only IE9 and Chrome run out of the box with low rights on Vista and Windows7. The reputation of Sandboxie security is solid, so allthough it seems unlogical (increasing the attack surface from low to medium), I would not worry about it.

 

IE9 forced Sandboxie with Drop Rights

 

SRWare Iron with EMET, UAC Virtualization and Bitdefender Trafficlight

 

Sandboxie 3.55 Experimental and Chrome 10.0 with WOT and LastPass. I think Kees said that Chrome and Sandboxie make a good combination because it's like having a sandbox inside a sandbox, but that's my interpretation of technical details that were over my head.

 

Thx for the answer kees1958. Finally my confussion is cleared
I always wondered about that since last year

My browser set up : firefox & IE on sandboxie (medium rights)
IE is my backup, never really used it.
My add on : ABP (easy list+privacy) ,Noscript (Allow globally),keyscrambler

 

Opera in RunSafer mode.
OA Premium

 

IE9

AV updated, OS Patched, 3rd SW (flash, etc) kept up to date.

 

ClearCloud DNS
Firefox - ABP + Rapport + Disabled third party cookies and permanent inprivate browsing mode.
IE9 - TPL

Waiting for Sandboxie v3.55 to be compatible with rapport...

 

runsafer my browser

 

Hello there...

Not so long ago, I had a similar approach... but, then I thought "What's the purpose of having the web browser running under Sandboxie, if I'm running it with a low integrity level, and downloads are forced to be saved in a folder w/o execution rights, plus the 1806 registry "hack"?"

Now, I simply run the web browser unsandboxed, but to allow me to open PDF file from within the web browser (not the plugin), I'm forcing Adobe Reader X to run in a sandbox, which otherwise would be impossible to open PDF files (from within Chromium).

Office documents open just fine... I just get an error related to some temp thing... I didn't pay much attention. It works.

Media player is also forced to its own sandbox... but, most likely it would run OK, if I opened say an MP3 file from within Chromium, because I have VLC Media Player with a low integrity level as well, and it runs fine, so I doubt there would be any issues.

Other than certain functionality that low integrity level may kill, do you still find Sandboxie useful for your web browsing, considering the rest?

 

Doesn't IE9 require UAC to be enabled, so that Protected Mode (aka low integrity level) becomes active?

 

yes.

-http://www.sevenforums.com/tutorials/63141-internet-explorer-protected-mode-turn-off.html-

 

Yup, since UAC also enabled by default, so its safe to say IE run with low integrity out of the box

 

I am doing about the same thing I have done for the last twenty plus years. At this time I am using Vista home premium with UAC enabled. Norton Internet Security 2012 and an AlphaShield Hardware Firewall, Opera and Chrome and common sense. I really don't remember the last time I had an infection on a computer so it must be working.