What is your security setup these days?

Perhaps, but an unpatched OS is a huge attack surface itself - I noticed you are running an EOL OS. Interesting thing is all of the new UTM's we deploy we activate the 'don't allow XP machine connection' policy enforcement. When this policy doesn't exist by default, we activate application control to disallow XP connections. It's considered a serious security risk by every IT engineer I know, and anyone attempting to connect to these companies will receive a block, and a notice to upgrade their OS.

http://docs.fortinet.com/d/fortigate-blocking-web-traffic-based-on-operating-system

 

Sandboxing the browser its only a tiny bit of what can be done with Sandboxie. Look at the picture below, it shows some of the things that I do with the sandbox. I also sandbox programs like WinRar, 7Z and HJSplit. My CD and DVD drives get sandboxed as well.



Bo

 

Yup, I know. I used to use Sandboxie for malware analysis on isolated machines when some threats detected VM's, but still missed SBIE. Just getting the browser and child processes is pretty huge. But again for me it's not really needed if you saw my network setup. ;-)

 

It's been years since I last posted in this forum.

My setup on an old HP Mini 210 netbook w/ Intel Atom @ 1.5GHz and 2GB RAM (lol) is:

Realtime:
- Qihoo 360 Internet Security (BitDefender off, QVM on, 360 Cloud on)
- Windows Firewall
- EMET 5.0
- MCShield
- SpywareBlaster

On-demand:
- SUPERAntiSpyware Free Edition
- Malwarebytes Anti-Malware (free)

All recommended updates from Windows 7 installed, and all browsers running under Incognito mode and sandboxed by Sandboxie.

 

Nov. 6, 2014 - Updated, Added, Removed

Network

• Three Netgear WNR3500L-100NAS (DD-WRT Firmware)
• Four Netgear PowerLine AV 500 Adapters
• Wired Cat5e Connection between all 3 Routers
• WPA2-PSK AES Encryption
• SPI Firewall Enabled
• OpenDNS Configuration

Computers

• Desktop - Windows 8.1 Pro with Media Center x64
• Laptop - Windows 8.1 x64

Built-In Security

• USER ACCOUNT CONTROL: HIGHEST SETTING
• EMET 5.0: RECOMMENDED SECURITY SETTINGS
• WINDOWS SMART SCREEN: ENABLED
• WINDOWS DEFENDER: ENABLED
• WINDOWS FIREWALL: ENABLED

Resident

• Emsisoft Internet Security 9.0.0.4546 Beta (Paid)
• Appguard 4.1.45.1 (Paid)** - Locked Down
• NVT ERP 3.1.0.0 Build1 v13 Beta (Paid)** - Lockdown Mode
• Sandboxie 4.14 (Paid) - Sandboxie Container Folder on RAMDisk
• Adguard 5.10.1167.5997 (Paid)
• DNSCrypt 0.0.6 - HTTPS Enabled

On-Demand

• PeerBlock 1.2 (P2P Blocking List)
• Shadow Defender 1.4.0.553** (Paid)
• AOMEI Backupper Professional 2.02 (Paid)
• Macrium Reflect 5.3 build 7220*
• VMWare Workstation 10.0.4 build-2249910** (Paid)

Browser, Immunization, Tweaks

• Firefox 33.0b9 (HTTPS-Everywhere, Gmelius) - Firefox Profile Folder on RAMDisk and Sandboxed
• Chrome 38.0.2125.111 m (HTTPS-Everywhere, Gmelius) - Chrome Profile Folder on RAMDisk and Sandboxed
• Homepage and Search Providers set to Startpage (Chrome & IE)
• Tweaks on How to eradicate Google from Firefox Applied
• LastPass 3.1.2 Premium (Chrome & IE)
• Spyware Blaster 5.0 (All Protection Enabled + Customblocking.txt)

*Macrium Reflect (Full Daily Backup -Desktop, Full Weekly Backups - Laptop)
**VMware Workstation, Appguard and NVT ERP only installed on Desktop \ Shadow Defender only installed on Laptop

dja2k

 

@dja2k
reason for removal of EIS ?

 

Testing purposes only!

dja2k

 

@dja2k

Why did you replace Firefox with Chrome?

 

Sandboxie and the rest is per signature. Uninstalled MSE. Running with no A/V and using only MBAM 1.75 at the moment.

 

Yeah, I saw you regurgitate this link elsewhere too, as if it's a one size fits all matter. What they're doing is prudent, in general, because the average end user isn't taking the steps that I, or the average Wilders user takes to secure their setups. They figure that most of the people still on XP are because they're either too lazy, too poor to change, or just plain don't care. And they'd be right. The kind of people that rely on only the XP FW and an AV, and may not even keep the latter up to date. So yeah, what they're doing is in their best interest.

What I'm doing is in mine. I'm not sure if you really understand the concept of attack surface, because it's the last thing you'd want to use as an arguing point against me. Heck, over 90% of the patches I do have are moot because of either attack surface I've trimmed out, software I use, or that I don't use (like IE, Flash, Java, .NET FW, Office, PDF program). Things you just can't eliminate on MS OS's since without bricking your box. Believe me, my attack surface is exponentially smaller than yours.

That said I don't recommend sticking with an EOL OS to anyone else. It's not good advice in general. But in the right hands it can be made to be more secure, private, and anonymous than any MS OS made since. And what's more, I just flat out don't trust any of them since XP at all.

And on my Macbook I'm using Debian.

 

Personal preference as Chrome runs better on my system. I've never had Chrome permanently installed as my main used browser, but I am still testing it. Time will tell if I like it enough to keep it.

dja2k

 

I decided to go without real-time AV for a while and removed ESET Nod32 AV.

My security software (in order of importance):

Backup:
Macrium Reflect Standard for daily incremental backups
External HDD to backup system images and other personal data

Network:
Router with firewall
Windows built-in firewall (inbound monitoring only)

Whitelisting:
Software Restriction Policies
User Account Control on maximum

Blacklisting:
on demand: HitmanPro, Malwarebytes AM, Emsisoft AM, Avira PC Cleaner, VT Uploader

Browser:
Google Chrome x64 and uBlock

Less is more.

 

I am in the same situation.

 

Just wondering why you would want to browse without Sandboxie ?

Pretty much bullet proof.

Regards Eck

 

See screenshot:

 

No ClamAV realtime?

You'd be surprised the 'oddball' stuff Clam can find. I pull data from a honeypot, and all I will say is Clam finds strange things, and often it's heuristics grabs before anything else does. I have clam at the router level (Untangle) as a second opinion to Kaspersky for this reason.

 

I don't really see the need for another real-time AV just for "strange things". VirusTotal will do for that.

Also using the following browser extensions: LastPass, TrafficLight, VTchromizer. WOT, uBlock.

 

3 routers? What is the size/surface of your home?

 

Back to NOD32.

 

There is a cottage in the back of the main house that has its own router. Then the main house has two because one router doesn't reach (due to thick walls) to the opposite side of the house.

dja2k

 

I meant Clam on Demand.. LOL

 

Changes;

Re-wired entire network with Cat6a.
Tossed a new TP-Link 16 Port Rack Mount Jumbo switch to replace 2 8-Port's.
Dropped uBlock due to some issues with some pages, changed to Adguard Chrome Extension.
Added some APC UPS for up to 3 hours of backup power on the network.
Gave up on stacking three Layer-7 UTM's due to packet dropoffs. Sticking with USG60+Untangle (Kaspersky+Clam)

Pretty much done tweaking. Now I need to repurpose a Dual Core PC for something. I may DMZ it and turn it into a Honeypot for Zero-Day submission to a couple AV companies.

 

@dja2k

Thanks, have you tried uBlock extension of Chrome already, it also is able to block third party scripts/iframes Anti-exploit testing

 

The video crashes I was having on Chrome seem to have stopped with the latest version of Sandboxie, so Sbxie is back on. Trying HTTPS Everywhere and TrafficLight.

 

I saw a few of you mention it, but haven't had time to look into it and test it out.

dja2k