What is your security setup these days?

My firewall (eset) blocked an hidden icmp traffic. Caused by technique some softwarares like Revo uninstaller. So, can firewalls that relys on the basic windows firewall prevent this? Prolly not.

 

Aser Transformer Home 32 bits Windows 8.1:

1. Windows Firewall 2-way, disabled risk-ware, using Norton ConnectSafe DNS
2. UAC set to block elevation of unsigned (still allows unsigned pograms to run)
3. Standard user with parental control and administrator consent for Smartscreen
4. ACL Deny execute in Download folders and microSD+USB (USB disk Manager)
5. Disabled IE+WMP and macro's+plug-ins+active-X in Microsoft Office
6. Hardened Chrome by using options in settings and about flags:

• Disable javascript except from [*.]nl, [*.]com and HTTPS:/*:443
• Clik to play plugins, same allow exceptions as javascript
• Enabled 3p-scripts block via document write
• Enabled Win32 Lockdown for all plug-ins
• Enabled AppContainer Sandbox
• Enabled (safe browsing) permission blacklist
• Enabled extension content verification (strict)
• Enabled User consent for extension scripts
• Enabled reduce referrer granularity
• Disable hyperlink auditing
• Enabled do not track
• Block 3-p cookies

7. Chrome extensions: Blank New Tab, Web RTC block, Avast internet security with tracker blocking

I am only maintaining Chrome options and updating extensions on this parental controlled standard user sertup. I hope Avast extension benefits from the AVG Linkscanner data base soon, that is why I am trailing Avast extension now.

 

Replaced by Re:HIPS and that might be permanent when Re:Hips is as good in practice as their concept is described in theory. In theory Re:Hips is GeSwall on steroids with an Anti-Executable included, with the advantage that the OS itself now contains a sandbox and policy containers. So probably AppGuard and maybe VoodooShield will go next (VS has AI-engine which is Cylance like machine learning, so VS might stay on board). But only @guest can tell us that

 

Avira Pro (sadly with the launcher now) and MBAM Pro.

 

Why do you prefer AdGuard AdBlocker instead of µBlock? Just curious.

 

Still happy with my config in sig

 

They are very close in performance now (Adguard Chrome start's a bit faster). AdGuard's filters were more polished and more compact in case of antispyware filterset (but that is irrelevant now Adguard's filters can be used and GorHill uAssets started the organization to polish the filters). Adguard had some extra features over Adblock clones (but that is irrelevant now since Adguard also implemented CSS injection rules from version 1.7.7). So technically there are no more reasons to value the one over the other now.

GorHill develops uBlockOrigin as a hobby for his own requirements, where as Adguard developers tend to listen more to user questions/reqquests. Eg. When you look at uBlock and uMatrix they have different options for privacy protection, GorHill never reacted to the suggestion to implement uMatrix features also in uBlock, while the developers of Adguard welcomed suggestions for Stealth mode (extension they use to test Adguard improvements releated to privacy, but Stealth mode features will be implemented in Adguard eventually).

 

We already discussed ReHips in this thread some posts above. It uses OS restriction mechanisms, including anti-exec features and sandboxing. That's why it must be light and strong in spheres it covers.

Only one thing weren't pronounced clearly. Does it cover all sensitive areas as e.g. Comodo HIPS or any other "routine" HIPS? Does it offer registry protection for instance?

Thank you.

 

One thing people must understand with ReHIPS is that it isolate each apps via an Isolated Environment materialized by a "Virtual Desktop" (except browsers); each IE functioning like a tighten SUA account, with its own username and access rights.

about Keylogging, registry protection and isolation:

 

yes ReHIPS will permanently stay on my machine, it is what i looked for since Geswall's death, Comodo was near but too many hassles and bugs. indeed,

VS is still useful on my machine, it gives me a backup in case ReHIPS fail against something, also the AI + VT thingy is appreciated. I also keep Adguard because it does an awesome job in blocking ads (and it has some anti-malware filters).

The one i could remove would be HMPA but i like its other features (encryption, etc...).

so basically my baseline security is ReHIPS + VS + HMPA; i consider Adguard more like a comfort tool when browsing.

im waiting the next build of Appguard and Smart Object Blocker to see if some improvements have been made.

 

@guest Sorry confused AdGuard with AppGuard, my bad

 

@guest , thank you very much.

So do I understand correctly that actually Rehips covers all those sensitive areas through isolation of all threatgates. Malicious process can be started only from the spaces which is already isolated by Rehips that's why it just cannot read or manipulate registry or sensitive data or somehow compromise the system.

But if the user start a process which is malicious and which is not isolated then Rehips doesn't see dangerous actions of this process and cannot protect registry or sensitive data. Is it right?

As I understand "common" hips (in corresponding mode) can watch processes and ask the user if to allow dangerous actions. Like Comodo hips in Safe or Paranoid mode e.g.

Thank you.

 

Here is my current slim setup on Win10 Pro:

Eset NOD32
Windows Firewall Control
Zemana AntiMalware (on demand)
Avira Browser Safety

 

Then you will have the HIPS asking if you want run the process or isolate him. The HIPS always kicks-in first unless a rule was already set for the apps/process.

btw, we can continue our discussion in the REHIPS thread ^^

 

no problemo

 

Windows XP Pro:
Shadow Defender
Sandboxie
WinPatrol
Look 'n' Stop firewall

On demand:

Zemana anti-malware premium (portable)
Malwarebytes anti-malware free

 

On my Vista...a bit experimental and quite useful...I think
real-time: Privatefirewall and EdgeGuard Solo
on-demand: Shadow Defender, Crystal Security, EEK

 

Aug. 2, 2016 - Updated, Added, Removed

Network

• Two Netgear Nighthawk R7000-100PAS Routers (Stock Firmware)
• Four Netgear PowerLine AV 500 Adapters
• Wired Cat5e Connection between both Routers
• WPA2-PSK AES Encryption
• SPI & NAT Firewalls Enabled
• OpenDNS Configuration

Computers

• Desktop (Custom Built) - Windows 10 Pro x64 Ver. 1151 Built 10586
• Tablet (Surface Pro 4) - Windows 10 Pro x64 Ver. 1151 Built 10586

Built-In Security

• USER ACCOUNT CONTROL: HIGHEST SETTING
• WINDOWS SMART SCREEN: ENABLED
• WINDOWS DEFENDER: DISABLED
• WINDOWS FIREWALL: DISABLED

Resident

• Emsisoft Internet Security 11.10.0.6563 (Paid)
• Sandboxie 5.13.3 Beta (Paid) - Sandboxie Container Folder on RAMDisk
• Adguard Premium 6.1.250.1247 Beta (Paid)
• KeyScrambler 3.10
• DNSCrypt 0.0.6 - HTTPS Enabled

On-Demand

• PeerBlock 1.2 (P2P Blocking List)
• Macrium Reflect Home Edition 6.1.1366* (Paid)
• VMWare Workstation 12.1.1 build-3770994** (Paid)

Browser, Immunization, Tweaks

• Chrome 51.0.2704.106 m x64 (HTTPS-Everywhere, Gmelius Premium, Lastpass Premium) - Chrome Profile Folder on RAMDisk and Sandboxed
• Homepage and Search Providers set to Startpage (Chrome)
• Cleaner Professional Edition 5.20.5668 (Paid)
• Spyware Blaster 5.5 (All Protection Enabled + Customblocking.txt)
• CryptoPrevent Premiium Edition 7.4.20 (Paid)

*Macrium Reflect Home Edition installed in both Desktop & Tablet - Backup Template: Deferential Backup Set
**VMware Workstation only installed on Desktop

dja2k

 

Asus Transformer Windows 8.1 Home edition 32 bits

• Enabled WFW two-way, disabled riskware (remote, syncing, sharing services)
• Only allow signed executables to elevate and signed (power) scripts to run
• Control execution with Smartscreen and SRP basic user (allow admin)
• Running all internet facing in AppContainer, including Chromium
• Norton DNS, Google Safe Browsing and Avast Web-filters
• ACL deny user autoruns and internet folders
• Protected processes with MemProtect
• Disabled legacy (16bit, IE, WMP)

100% protection using Windows build-in security?

 

Did you mean 99,999% protection?

 

Reason for stacking up different Windows protection mechanisms is threefold:

1. Maintaining system integrity and compatibility (allow signed) and admin functionality (easy update/install with 'run as admin') reduce the attack surface, but still have dedicated doors for ease of use.
   
   
2. Windows build in mechanisms have near zero impact on system performance and resources, allowing to stack them to obfuscate these 'ease of use' doors and build additional defense walls (layers) behind those doors.
   
   
3. Stacking different mechanism does accomplish a maze effect. As with a maze, there is a way in, but it is not straight forward. It is specific for my PC and you have to find this way in by trail and error.

This setup will ultimately break when attacked by a dedicated hacker. Since there is no bug bounty involved or high profit to be gained, the chances of becoming a victim of a targeted attack is zero. That is why I boldly stated 100% protection.

For example MemProtect using Windows protected processes feature, passes all exploit test of HitmanProAlert and since I use it (March this year), required no updates and gave no issues. Simple Basic User deny execute in user folders (and deny execute/write ACL for user autoruns), protects against all ransomware in the wild without updates, setup changes or compatibility issues.

I agree that 100% security is not possible, so I editted the post and added a question mark: 100% protection using Windows build-in security?

 

I used to love spyware blaster, but the custom blocking list I used to incorporate came from a blogsite that has since long disappeared. May I ask where or how you compiled your custom list?

 

Windows 7 x64 Ultimate
Standard User Account
User Account Control - max, with password

Windows 10 Firewall Control (SphinxSoftware) (this "Windows 10" is rather misleading though can't they make it other way?)

VoodooShield 3.30 in Smart mode

Zemana AntiLogger Pro (it includes Zemana Antimalware)

MalwareBytes AntiExploit with additional shields for some routine apps

The setup seems to be light on my PC.

 

Well, agree it is a nice example of thinking out of the box: How did you get a license for EdgeGuard?

 

Realtime: SpyShleter Firewall
Web browser: Chrome + Ghostery + Adblock
Password Manager: LastPass Premium