What is your security setup these days?

I'm attempting to... but the broker won't go to LowIL.

 

What are you doing to apply the low integrity level?

 

I removed AV so my new setup is a little lighter:

Resident:
ESET Nod32
Sandboxie (for browsers)
Malware Defender
EMET (for internet facing apps and apps that open files)
Router with SPI Firewall
Windows 7 firewall

On demand:
Hitman PRO
MBAM
Acronis True Image
Autoruns
Secunia PSI

 

With the amount of installing/uninstalling I do (as well as other stuff), running as a standard user was becoming irksome. Because of this, I've decided to go back to running as admin and have re-added avast! Free and removed Sandboxie. UAC is still set to Always Notify and I've beefed up my password to 16 characters.

 

back to Avira.

 

Then instead of allowing all for %PROGRAMFILES% and all its subdirectories, you could instead simply, for example, allow for %PROGRAMFILES%\internet explorer, %PROGRAMFILES%\Firefox\*, %PROGRAMFILES%\Secuna\*, %PROGRAMFILES%\Java\* ...etc

IOW, you allow very specifically only those programs you want. The rest will be default-denied.

Alternatively, you could allow all under %PROGRAMFILES%, then add exceptions to those programs you want to deny.

 

The latter option would be better. I think it's Microsoft's recommendation also. I think I've read it somewhere; not sure, though.

 

Right, specifically they recommend the allow with exceptions option as opposed to a combination of allow and deny rules. I just looked it up in my AppLocker manual

 

Coming from where?

Thanks.

 

icacls "C:\Users\your_username\AppData\Local\Google\Chrome\Application\Chrome.exe" /setintegritylevel (oi)(ci)Low


@Wat/m00n, I'll see what I can do.

 

I was reading your signature and wow you have quite a set-up. Could you tell me why you removed IE9?

Thanks.

 

There you go. That's the wrong syntax.

You only use (OI) and/or (CI) for folders. The full command should be

Code:

icacls "C:\Users\your_username\AppData\Local\Google\Chrome\Application\Chrome.exe" /setintegritylevel Low

 

Ohhhh Thank you

Does the temp folder need to be lowered?

 

EDIT: Nevermind. It worked.

It asks me every time I open the program if I want to run it or not. Can I stop it form doing this?

 

LOL Fantastic what a miracle.

I never thought that you would break the silly "I am not paying, you hear me!" rule

But it's good that you did. And I'm sure that you will enjoy the software even more after that you've become a paying customer. So what's next on your list hmm.....it must be rather long by now

 

no.

 

The rule stands for the most part. I don't plan to pay for any other software.

editMoon. Oh well. Not worth it! haha, back to medium level. Not like there are any exploits in the wild anyways.

 

Well afaik you didn't "plan" to buy Sandboxie either but here you are.

Though you don't seem to use your computer for anything else but Security software that has to be as strict as possible. It's just that I myself would find it very boring by giving myself an Limitation to just use Freeware. And then we have this 3'rd party rule but that's another chapter I guess.
Without 3'rd party security vendors the whole world would be infected

 

Yes, without 3rd party security we'd all be screwed. That doesn't mean that 3rd party security is the answer.

I use my computer for school; so that means reading books, writing documents, emails, IDE (Python, Eclipse.) I also watch movies and TV shows, I've ripped many of mine onto this computer for storage. I play lots of games on here as well.

 

i am also a tv freak

 

Yes haha I buy lots of DVD's but I don't like using them so I rip them to my HDD and watch from here.

 

Yeah that's what I thought too, but no luck. It's not a problem with sandboxed IE9 or even the unsandboxed Chrome.

edit: I just had a thought: it somehow might be from trying the Chrome Beta a few weeks ago, even though I have already reinstalled the regular Chrome.

 

Hey jmonge,

you're back only part time now, too busy changing diapers instead

 

Right now I mean, right now that is the answer.

Well it's good to hear that you do relax from security once in a while

I was about to ask that if you don't pay for software. (any software).
How do you do with the games (I have asked that before and you said that you got no money over to buy any), No latest and greatest for you I guess?
Since afaik there's no new released games that's available for free

I need to say that the impression you make here on Wilders (to me) is that you don't got time for anything else but security. But clearly that's not the case thank god.

One can wonder if you have other "rules" in your life, don't pee in public toilets