What is your security setup these days?

Discussion in 'other anti-malware software' started by dja2k, Dec 15, 2005.

  1. wolfrun

    wolfrun Registered Member

    Joined:
    Jul 26, 2009
    Posts:
    700
    Location:
    North America
    Comodo FW out, Private firewall back in. Rest is per signature.
     
  2. The layered defense malware needs to pass on my Windows 7 ultimate 32 bits desktop:
    1. Windows FireWall 2-way > Norton DNS > AVG Linkscanner > Browser Sandbox
    2. ACL deny execute threatgate folders > SRP deny execute for users except admins
    3. Disabled risk-ware, user autoruns, 16bits, cmd, scripts, unsigned elevation > EMET
     
    Last edited by a moderator: Jan 14, 2015
  3. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    2,587
    Location:
    Toronto, Canada
    I have noticed quite a few reputable users here mentioning/using Norton DNS (ConnectSafe) over the past few weeks and it has got me intrigued. I have a few years of experience running my own DNS servers for lookups/caching and have also used Google DNS at times, both for reasons of performance and security. But with lots of mention of Norton DNS, I am curious.

    How is the performance of Norton DNS? (Compared to common DNS servers such as OpenDNS, Google DNS, etc.)

    How about reliability? (Any random slow downs on lookups, downtime, etc.)

    Thank you! :)
     
  4. Last edited by a moderator: Jan 14, 2015
  5. ReverseGear

    ReverseGear Guest

    With all the dns talk i tested with dns bench and I got this , can someone explain this to me
     

    Attached Files:

  6. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    2,587
    Location:
    Toronto, Canada
    Certainly odd that their suggestion is to use DNS provider by your ISP. ISP's usually have terrible DNS server performance/reliability/security.

    EDIT: Just tested mine and it showed the exact same generic message which doesn't seem to take test results into consideration. On the same results page, it states that mine out performed all other tested nameservers. So clearly the generic message can be ignored.
     
    Last edited: Jan 14, 2015
  7. 192.168.0.1 and 192.168.0.100 are often used for (home) routers. Compare that with industry grade setups and DNS services and you will likely score poor to average on all sorts of DNS related tests. Set a third party DNS address (e.g. Norton DNS) in the router makes the outside world scores improve. See http://www.howtogeek.com/167239/7-reasons-to-use-a-third-party-dns-service/
     
  8. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    2,587
    Location:
    Toronto, Canada
    I definitely agree with you regarding setting third party DNS addresses in the router. That is actually the case here with how GRC's DNS benchmark tool is reporting the generic message for myself and user Sherlock_Holmes as well. I have always had Google DNS addresses set up in my router, but today switched it over to Norton DNS. The DNS benchmark tests were very impressive.
     
  9. According to Norton DNS's network picture, it does not have a dns server node in Toronto, Open DNS has a back bone node in Toronto (YYZ), so I would expect Open DNS to be the fastest for you (with PhisTank URL-filter)
    upload_2015-1-14_21-16-44.png
     
  10. ReverseGear

    ReverseGear Guest

    I have changed my router dns to open dns but i should change my ip to norton dns i.e 199.85.126.10 ?
     
  11. guest

    guest Guest

    I made a special D+ HIPS ruleset for rundll32 and CMD so they don't share the same ruleset for other Windows system components that is less restricted. The said special ruleset is almost completely locked-down, but working fine so far. :D

    I might be, but I'm not too rushed about it. Since I've configured D+ to make the threat-gate apps to be so restricted, even if they were exploited there's nothing can be done about it.
     
    Last edited by a moderator: Jan 14, 2015
  12. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    6,039
    Location:
    Parallel Universe
    Ah good to hear that. WSA is so fast and light! It's very quiet. I can use my computer and not worry about AVs and malware anymore.:)
     
  13. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220
    The IP of what? Just chance your DNS1 and DNS2 on the router to whatever you want, and the rest is DHCP.
     
  14. Solarlynx

    Solarlynx Registered Member

    Joined:
    Jun 25, 2011
    Posts:
    2,015
    CIS is very configurable that's why it is so attractive. :)

    Can you share your HIPS rulesets for rundll32, CMD and apps?
     
  15. ReverseGear

    ReverseGear Guest

    This is the setting in router
     

    Attached Files:

  16. @Sherlock_Holmes only change prefered and alternate DNS, you are using OPEN DNS now
     
  17. ReverseGear

    ReverseGear Guest

    I want to use open dns , i found it better than google and norton dns
     
  18. wolfrun

    wolfrun Registered Member

    Joined:
    Jul 26, 2009
    Posts:
    700
    Location:
    North America
    Private firewall is gone. No more 3rd party firewalls. Using Windows firewall and Windows firewall control to keep an eye on outgoing connections. Should be enough as I also have a modem and router.
     
  19. Using IE11 (locked by GPO) for HTTPS browsing (firewall allows only port 443, EMET checks certificates)

    Chromium (locked by GPO) running virtualized (runasinvoker) while UAC blocks elevation (validateadmincodesignature)
    • Default settings:
      Disabled all Google options, allow 1st party session cookies only, enabled do-not track,
      disabled javascript except for high level domains [*.]COM, ORG, NET, EDU, EU, NL
    • Extra switches:
      --enable-strict-site-isolation, --ppapi-flash-path, --ppapi-flash-version, --no-referrers, --incognito
    • Extra flags:
      #disable-hyperlink-auditing, #enable-javascript-harmony, #enable-spdy4
    • Extensions (white list):
      - µBlock third party scripts/iframes using easylist ads+privacy list
      - Secure Downloader checking downloads at Virus Total
    • Plugins (white list, click to play):
      - Adobe PPAPI flashplayer
      - Chromium PDF-reader
     
    Last edited by a moderator: Jan 19, 2015
  20. FleischmannTV

    FleischmannTV Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,094
    Location:
    Germany
    Why don't just use µBlock as an adblocker? I don't micromanage either.
     
  21. guest

    guest Guest

    A bit of correction there, it does also deny write access. Only the read access that is not restricted, which again can be circumvented by blocking direct disk access right to the app you don't want to access your protected files/folders.

    Version 8 really has made it back on track. :thumb:

    WARNING!
    This post is intended for informational purpose only and is not being provided as any kind of tutorial. Any configuration in this post should be treated as experimental configuration and may render your operating system to be completely unusable. All attempts to replicate any information provided in this post without a virtualized environment exclusively prepared as a testing zone and a rollback capability ready to use are strictly prohibited. The author of this post is not responsible for all possible problems that may or may not occur before, during and after the attempt to replicate any of the configuration below.


    Code:
    Defense+ HIPS mode: Paranoid
    Shellcode injections detection: on
    Auto-trust features: off
    Enhanced protection mode: off
    Monitoring settings: all active
    
    Ruleset for rundll32 and CMD
    - Run an executable: block
      *exclusion: allow Windows folder; block user-writeable folders residing inside Windows folder
    - Interprocess memory access: block
    - Windows/WinEvent hooks: block
    - Processes' termination: block
    - Device drivers' installation: block
    - Window messages: block
    - Protected COM interfaces: block
    - Protected registry keys: block
    - Protected files/folders: block
    - DNS client service: block
    - Physical memory: block
    - Computer monitor: block
    - Disk: block
    - Keyboard: block
    - Protection Settings tab: all inactive
    
    Ruleset for Cyberfox (may not work with other web browsers)
    - Run an executable: block
    - Interprocess memory access: block
    - Windows/WinEvent hooks: block
    - Processes' termination: block
    - Device drivers' installation: block
    - Window messages: block
    - Protected COM interfaces: block
    - Protected registry keys: block
      *exclusion: allow HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters
    - Protected files/folders: block
    - DNS client service: block
    - Physical memory: block
    - Computer monitor: block
    - Disk: block
    - Keyboard: block
    - Protection Settings tab: all inactive
    
    Ruleset for LibreOffice (may not work with other office suites)
    - Run an executable: block
      *exclusion: allow soffice.exe and soffice.bin
    - Interprocess memory access: block
    - Windows/WinEvent hooks: block
    - Processes' termination: block
    - Device drivers' installation: block
    - Window messages: block
    - Protected COM interfaces: block
    - Protected registry keys: block
    - Protected files/folders: block
    - DNS client service: block
    - Physical memory: block
    - Computer monitor: block
    - Disk: allow
    - Keyboard: block
    - Protection Settings tab: all inactive
    
    Ruleset for VidCoder (may not work with other encoder apps)
    - Run an executable: block
      *exclusion: allow VidCoderWorker.exe and conhost.exe
    - Interprocess memory access: block
    - Windows/WinEvent hooks: block
    - Processes' termination: block
    - Device drivers' installation: block
    - Window messages: block
    - Protected COM interfaces: block
    - Protected registry keys: block
    - Protected files/folders: block
    - DNS client service: block
    - Physical memory: block
    - Computer monitor: block
    - Disk: allow
    - Keyboard: block
    - Protection Settings tab: all inactive
    
    Ruleset for other user-space apps (may not work with OS-provided apps in the same league)
    - Run an executable: block
    - Interprocess memory access: block
    - Windows/WinEvent hooks: block
    - Processes' termination: block
    - Device drivers' installation: block
    - Window messages: block
    - Protected COM interfaces: block
    - Protected registry keys: block
    - Protected files/folders: block
    - DNS client service: block
    - Physical memory: block
    - Computer monitor: block
    - Disk: allow
    - Keyboard: block
    - Protection Settings tab: all inactive
    
    Ruleset for games and game-recording apps
    - Run an executable: block
    - Interprocess memory access: block
    - Windows/WinEvent hooks: allow
    - Processes' termination: block
    - Device drivers' installation: block
    - Window messages: block
    - Protected COM interfaces: block
    - Protected registry keys: block
    - Protected files/folders: block
    - DNS client service: block
    - Physical memory: block
    - Computer monitor: allow
    - Disk: block
    - Keyboard: allow
    - Protection Settings tab: all inactive
    
    “It's a weapon! It's really powerful, especially against living things!” - Barry Burton
     
    Last edited by a moderator: Jan 16, 2015
  22. guest

    guest Guest

    I kind of just want to make a blanket ruleset for user-space apps other than the web browser that only allows execution in both Program Files folders and the Windows folder (without the user-writeable folders included of course). Most of the user-space apps that I use don't execute child processes but some do, as you can see I needed to create specific rulesets for LibreOffice and VidCoder. What halts me is this makes me feel quite insecure.
     
  23. Solarlynx

    Solarlynx Registered Member

    Joined:
    Jun 25, 2011
    Posts:
    2,015
    Thank you very much! This is one of the most precious things I got here.

    I tried to create my own HIPS rules but I didn't go so deep.

    Thank you!

    :thumb: :) :thumb: :D :thumb: :thumb: :thumb: :cool: :thumb: :thumb: :thumb: :thumb: :thumb: :) :thumb: :D :thumb: :thumb: :thumb: :cool: :thumb: :thumb: :thumb: :thumb:
     
  24. guest

    guest Guest

    @Solarlynx and everyone else
    Again, see the warning. These rulesets are basically the products of my madness so they may not work at all on sane systems used by sane people.
     
  25. javagreen

    javagreen Registered Member

    Joined:
    May 2, 2005
    Posts:
    96
    I have a Windows 8.1 x64 laptop which currently runs Trend Micro Internet Security and MBAE. I quite like TMIS but it's on the heavier side, more disk writes and CPU usage than I'd like.

    I'm frankly tired of running a full blown 'suite' and I'm looking to replace TMIS with something like AppGuard or ERP. I'll be keeping MBAE. Would this setup be good enough to protect me? I'm your proverbial teenager with a same-age brother, both of us you tubing, torrenting et al with the few occasional visits to the shadier parts of the interwebs

    Is what I mentioned an effective combo? One thing we both don't do is install random crap or toolbars and any other 'tune up'or 'PC boost' garbage.

    Please suggest/help...it'll be much appreciated.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.