What is your security setup these days?

Discussion in 'other anti-malware software' started by dja2k, Dec 15, 2005.

  1. wat0114

    wat0114 Guest

    Hey jmonge,

    you're back only part time now, too busy changing diapers instead :D :p
     
  2. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,259
    Right now I mean, right now that is the answer.

    Well it's good to hear that you do relax from security once in a while :D

    I was about to ask that if you don't pay for software. (any software).
    How do you do with the games (I have asked that before and you said that you got no money over to buy any), No latest and greatest for you I guess?
    Since afaik there's no new released games that's available for free :)

    I need to say that the impression you make here on Wilders (to me) is that you don't got time for anything else but security. But clearly that's not the case thank god. ;)

    One can wonder if you have other "rules" in your life, don't pee in public toilets :D
     
  3. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,870
    Location:
    Canada
    indeed my friend:) wat0114:thumb:
     
  4. Ranget

    Ranget Registered Member

    Joined:
    Mar 24, 2011
    Posts:
    846
    Location:
    Not Really Sure :/
    jmonge

    How do you do all this changing in your security setup

    do you reinstall a freash copy of windows
    or a disk image o_O

    because as far as i know Security Programs have leftovers
     
  5. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,870
    Location:
    Canada
    manualy removed Ranget;)
     
  6. 1chaoticadult

    1chaoticadult Registered Member

    Joined:
    Oct 28, 2010
    Posts:
    2,247
    Location:
    Chaotic Land
    Your PC's probably want to strangle you :D
     
  7. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,870
    Location:
    Canada
    it is very smooth;)
    very fast and trouble free:)
     
  8. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    I'm not understanding. What's asking you what?
     
  9. 1chaoticadult

    1chaoticadult Registered Member

    Joined:
    Oct 28, 2010
    Posts:
    2,247
    Location:
    Chaotic Land
    OK my friend good hehe. :D
     
    Last edited: Sep 6, 2011
  10. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,870
    Location:
    Canada
  11. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,133
    I buy through deals, get them from friends, etc. I haven't purchased a game in a while and I usually stick to emulating games on my computer via PCSX2 (games that I own and have dumped onto the computer.)

    Haha I'm sure I give that impression. I assure you wilders is only ever half of the screen =p I do lots of other things with my computer (and without! haha)

    =p Everyone's got their rules. I just write them out nice and clear.


    When running at LowIL I get a prompt every time I open Chrome saying "Run or Cancel" and some other stuff as if it were the first time I'd ran it.
     
  12. Ranget

    Ranget Registered Member

    Joined:
    Mar 24, 2011
    Posts:
    846
    Location:
    Not Really Sure :/
    :cool:
    :cool:

    how often do you use On Demand scanner ?
    an what are you planning to use j ?

    BTW i Read earlier that you have a new security expert in your family

    Congrats bro
     
  13. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,592
    Location:
    Toronto Canada
    That can happen when your Behaviour Blocker isn't very good.;) :D
     
  14. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    You need to apply a low integrity level to Chrome's profile. Have you done that?
     
  15. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,133
    Yikes. Nope. The entire thing?

    The problem with that is that anything run at LowIL can now write to the entire profile. That's no good. I'm fine with setting a .exe so that it can call things to LowIL but I don't like setting folders like that to LowIL.
     
  16. Ranget

    Ranget Registered Member

    Joined:
    Mar 24, 2011
    Posts:
    846
    Location:
    Not Really Sure :/
    hehehe :rolleyes:

    also it can be a bug in my out bound firewall
     
    Last edited: Sep 6, 2011
  17. 1chaoticadult

    1chaoticadult Registered Member

    Joined:
    Oct 28, 2010
    Posts:
    2,247
    Location:
    Chaotic Land
    Well I suggest going to the store and getting a refund, hehe... :D
     
  18. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    You only need to apply a low integrity level to the folder that contains the folder Default and the safe browsing files, etc.

    I'm not really concerned about execution, as I got AppLocker, which automatically blocks execution.

    Anyway, you could create two batch files. One giving a low integrity level to the profile folder and another one restoring the IL to a medium. Use the Low IL before opening Chrome, so that the profile is loaded. See if after restoring back the Medium IL, you can still use Chrome without problems. You obviously won't be able to modify settings, unless you first re-apply the Low IL.

    See what works best for you. By the way, I also do the same thing for %AppData%\Local\Temp. Two batch files. One applies a low IL, so I can download files, and another one restoring back the IL to medium.
     
  19. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,133
    Ah, I suppose I could block execution.

    I think I'll just pass. I'm very... very confident in Chrome sandboxing techniques and I'm also fairly confident in sandboxie.
     
  20. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    There you go!!! You don't need to apply a low integrity level then. If you run Chrome inside Sandboxie, then chrome.exe's low integrity level will propagate to Sandboxie's processes, which on their turn will apply a low integrity level to any object and folder inside the sandbox's folder.

    Did you experienced what you previously mentioned (about the Run or Cancel thing) inside or outside Sandboxie?

    I ran Chromium with a low integrity level inside Sandboxie for a very long time, and never had issues.

    Sandboxie would allow me to then recover the folders and files just fine.
     
  21. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,714
    You can selectively apply Low IL to specific directories or files. You only need to know which ones need the Low IL, which is not that hard really.

    I run as admin, and have used Low IL for Chromium quite a bit and done much testing. I have don't recall seeing the thing you speak of happening.

    Maybe check the chrome.exe, see if it has an ADS on it. If it does not, then proceed to other offerings. I made a thread somewhere which told what directories were needed to put a Low IL on, and how that effected things. You might find some infos in there that could clear it up.

    I used Low IL for quite a long time, and never experienced what you describe. I don't fear what happens to my profile, as what is in the profile really that is going to hurt me? I don't keep data there, and I have my downloads directory set, and it is sandboxed (normally).

    But also, having been running Chromium as an Admin for a couple months now, without sandboxie, I have not had any issues. How much is needed vs how much is being well prepared is blurred to me.

    Sul.

    Oh yeah, if you run as admin without UAC, chrome broker will run at high. You can always set it to a Medium IL rather than low, which is not as restricted, but definately not as open ended as High. This still gives you access to profiles etc, but also allows other areas too.

    Sul.
     
  22. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,133
    @m00n, I was running Chrome sandboxed. Should I have cleared out my sandbox first?

    @Sully: ADS? I tried to find that topic but I could not.

    I run UAC so no need for that.

    I'll try running Chrome at LowIL and clearing the sandbox.

    EDIT: No, I cleared the sandbox...
     

    Attached Files:

  23. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,714
    This is an ADS prompt. That stands for Alternate Data Stream. Think of it as a psuedo file that is attached to a file. This is used on NTFS file systems. It indicates the file originated from the internet zone, and that prompt is there to warn you of this. The way to get rid of it is to look at the files properties, and at the bottom is a check box for unblocking this. There are other ways to get rid of it as well, but that works fine.

    Sul.

    EDIT: Often you will see a something on the prompt that says something like "always allow this". I do anyway. Maybe because you are using UAC you don't see it, or it is a setting. The 1806 setting Kees talks about controls things like this.
     
  24. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,133
    I don't see any reference to that in my chrome.exe or my shortcut properties. Read only, hidden, advanced. I'm looking around but not finding it.
     
  25. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    OH!!! Now I understand what you were talking about. I tought you were getting some error message due to the profile being with a medium IL. lol

    Sully is right then. You need to unblock it.