What is your security setup these days?

Emsisoft Anti-Malware and AppGuard.

 

Easter, you could also use Sandboxie. For every day use, it is more convenient than SD.

Bo

 

Sanbxoxie and some other.............well ya'll know what I mean.

 

Desktop setup (Windows 7 Ultimate 32 bits)
- Recovery: Weekly Windows Image and Syncback Free data backup to NAS and USB-disk
- Mitigation: Windows Firewall (also blocking outbound), disabled risk-ware/user-autoruns
- Whitelist: UAC (block unsigned), AppLocker (allow trusted), Secure Folders (no-execute)
- Blacklist: Linkscanner (exploits), ScriptBlocker (3rd party scripts), µBlock (easylist ads)

 

Get a UTM appliance on your home network, that will stop Crypto in most cases.

 

Funny. Nice choice there siketa . I loaded them yesterday to try a non-Sandboxie set-up for a change, seems like EAM and AG will be a good match.

 

Thanks KEES. As for bo elam? I have blown the dust off of version 4.04 Sandboxie and have some study up to do on it to make it proficient again for my system. I have to admit that I foreseen all of this notorious crap coming back to haunt me in windows even worse, to make up for all the fantastic security tightening apps (HIPS) (Behavioral Blockers) that kept them seriously at bay no matter what new way back in they tried. When our XP 32bit security HIPS were in full swing then, security was at it's absolute best IMHO.

 

Get 4.14, Easter. Its more secure than 4.04.
http://www.sandboxie.com/index.php?AllVersions

Bo

 

Good Morning! Eset S.S.8...AppGuard...MBAM Premium...Sincerely...Securon

 

AppGuard
Keyscrambler
WinPatrol
MBAE free on the browsers
EMET 5.0 (except on Chrome)
NPE, EEK, MBAR and Kaspersky Security Scan all on demand
Smartscreen since it is built into Tech Preview
Just added Voodoo Shield

 

Couldn't go long without Sandboxie, now back to running Sandboxie and AppGuard.

 

Well I'd just generically say the same advantage to using Sandboxie over anything else for that matter. Because it is, IMO, the best security software ever created. And using both would be overlap, and potentially conflict as well. I've never actually used the sandboxing module in D+ along with SBIE though, so I wouldn't know for sure. I do remember hearing stories from someone who did though and said they "seemed" to work fine together. I disable it and uncheck all the boxes in the module personally.

 

I love that on XP this would be a complete non-issue for me. svchost.exe doesn't need, nor is it granted internet access, and everything works just fine regardless.

 

Yes but XP has 20,000 other exploits, holes, unpatched vulnerabilities, and doesn't work with a plethora of new software/drivers/games, and in some cases modern hardware. So no real point even mentioning it.

 

Let's not derail this thread into another fruitless XP debate.

 

20K?... I think that's quite the exaggeration. I have 0 that affect me personally... can you make the same claim regarding the version you're on? Can you even do anything to close those holes/vulnerabilities without rendering your entire box ineffective?

And actually if I "upgraded" (the word being a mere technicality), it would adversely affect my compatibility with things I need/use. And everything I do need works just fine.

Again the actual facts just don't align with the doomsaying that's been taking place since it's EOL. People are still not only getting by just fine, but thriving. I come across more problems on Win7/8 boxes these days than I see on XP rigs, and by an exponential margin.

 

Thanks for your answer. Here I have the same opinion that SBIE surpasses other apps of this type.

 

I am thinking about doing a switch:

AppGuard.. or maybe NoVirusThanks Exe Radar Pro ?
Comodo Firewall + HIPS
MBAM Pro
EMET v5
DNSCrypt

Should I add Avast Free Antivirus or is that an overkill ?

 

Done and done. Thanks guys. I knew it was too good to be true being malware free for this long then out-of-the-blue CRYPTOINSTRUCTIONS.TXT in numerous folders along with TOR shortcut. ARGGG!!! That never would have happened in a million years with my HIPS!

 

Did you find out how you got infected?

 

No way or no how. Probably from one of those notorious pop under ads I would guess. That's what I get for still using IE

 

My network is getting hit pretty hard. I had some engineers on last night, including from a well known AV vendor. There are active injection attempts on my HTTP stream originating outside of my home network. They are being scooped up right now, but every page I visit has some injection (sometimes multiple) attempting remote execution/control. I've run a lot of tests the last few days to isolate it, and rule a lot of things out. It's OS, Browser, IP, MAC, and User Agent independent - not impacted by changes in anything. The AV engineer said he is confident they are being scraped. However to ultimately solve the issue (which is almost like a mild DOS). I need to change providers, but that's no guarantee since it may be on the backbone, or a main hub around here. Right now I am doing loop scanning, and inspection inbound and outbound, that's already snagged some potential credential loss.

Two things come to mind.. Put an Untangle on the front-end for a deeper layer of IPS/AV, then DHCP my USG210 off from that in UTM mode as a router. That's a dual Layer-7 UTM solution with variances of signatures for both IPS and AV. Second solution - obviously - is to Sandbox all of the browsers in the home to isolate them should one of these injections sneak in. Possibly both solutions at once. Anyone have any thoughts? I was thinking of picking up a $25.00 Dual Core from Craigslist, and building out an Untangle this weekend, while working on sandboxing/virtualization of browsing.

Actually I might be better off using ESXI, and simply sharing the download folder on the non-virtualized, rather than Sandboxie or something.

 

Changed to what's in my Signature.

 

The only advantage of Comodo sandbox over Sandboxie is it`s ability to autosandbox unknown programs otherwise I find Sandboxie simply easier to use i.e. file recovery and sandbox deletion.I`ve ran both together without a problem.

Regards Eck