What is your security setup these days?

To my surprise everything has been going very light and no issues for 5 days.

 

I had tried to measure the time dll-injecting anti-exploit programs took to inject their protective dll. HPMA was the slowest, then MBAE and EMET being the fastest. With EMET 5.0 the load time tripled for Chrome. New 5.1 is as fast as 4.1 again while MBAE 1.05 (beta) reduces MBAE load time to 0.1 secs only.

I have not added the system processes to EMET's protection (yet), because I use run as admin for installation of new software. I have added vbscript.dll and jscript.dll to the ASR protection of all Office programs, though.

 

Been a good while since I posted. My main rig is down and out due to a fubar'd Windows install after updating to 8.1 Update 1 with Rollback Rx still installed and the DVD drive died on me a month before that happened so I've been using my Surface Pro 2 I got back in February.

Current security set-up is as follows:

On-Demand: Shadow Defender 1.4.0.566; Hitman Pro; AirVPN
Real-time: Webroot SecureAnywhere Complete; MBAM Premium; MBAE Premium; AdGuard Premium w/ built in rules plus Easylist, Malware Domains, Prebake and Anti-Adblock Killer rules enabled (also have the userscript to go with it)
Hardening: SpywareBlaster AutoUpdate

That's pretty much it and it's still pretty fast. That being said, I still like to lurk this particular thread and subforum in general because I like to see the trends and what to watch out for whilst surfing. I know I'mma get scolded for some of the stuff I'm running and I've tried the other tools that ya'll use but it makes my system a bit too unstable for my liking (plus I do run some games on here at times, nothing too fancy, just time wasters). Also, I never knew that AdGuard was so versatile in terms of customizing and running userscripts globally instead of browser only.

 

I am currently trialing K7 AntiVirus Plus 14. I am well aware that its detection rates are not that good, but I can live with that as it does not slow down my aging laptop.

So my current setup is:

Real Time Protection
K7 AntiVirus Plus - with real time protection set to low to make it lighter
Windows Firewall

On Demand Scans
Malwarebytes Anti-Malware
AdwCleaner

I'm running Windows 7 as an administrator with UAC disabled.

 

Safe Admin setup (Windows 7 Ultimate 32 bits)
- Recovery: Windows image and SyncbackFree data backup to NAS and 2nd USB-disk
- Network: behind SPI-Router with Windows Firewall (set 2-way & risk-ware disabled)
- Mitigation: block program downloads & user autoruns and access to shell & scripting
- Whitelist: UAC (silent elevation, block unsigned), SRP (default deny all, allow admin)
- Blacklist: Norton DNS (connect safe), Chrome (safe browsing), µBlock (anti-ad lists)
- VT-scans: Herdprotect (autoruns+criticals) and Process Explorer (running programs)

 

ESET NOD32 Antivirus - License due to expire in 5 days. I'm looking to renew it, but I'm fielding other suggestions for now. What the heck does "NOD32" stand for, anyway?
Malwarebytes Anti-Malware Premium with realtime monitoring.
EMET 5.1 with system processes and many installed programs monitored as per this instructional.
REDO Backup on demand, for drive images and restores.
Firefox with AdBlockPlus. Was using BluHell Firewall, and liked it's light footprint, but wanted more protection via ABP's filter subscriptions.
NoScript (though Noscript is a real pain when I visit new websites, which seems to be frequently. 11 months into this Windows install, Noscript still annoys me. I also think it might be causing issues with my Outlook.com web-based email accounts. I sometimes turn it off and forget to turn it back on.

For the above reason, I'm looking for a few additional, lightweight measures to mitigate my carelessness. I tried Spywareblaster, but my computer got unstable, explorer.exe kept crashing/acting up, etc, so I did a drive image restore. Can't be sure it was the cause, but I had problems right after the install and it hasn't recurred since the image restore.

I was thinking of a new DNS server and/or Hosts file. Do you find these lightweight and useful? Any thoughts, opinions, other lightweight, effective options I didn't list?

 

Welcome to Wilders Security! Feel free to check out this site, has lots of free options: http://www.techsupportalert.com/content/probably-best-free-security-list-world.htm

My DNS of choice is OpenDNS. A lightweight layer I'm thinking of is using a Standard User Account instead of an account with Administrator rights, with User Account Control set to max. Some also use Software Restriction Policy and if the version of your OS doesn't support this, you may use Family Safety as a whitelist application filter. Maybe lightweight virtualization or sandboxing is your thing, there are lots of options out there.

Go crazy! (for as long as you have a nice back-up mechanism)

And oh, this thread can help (NOD32): https://www.wilderssecurity.com/threads/nod32-what-does-it-mean.25585/

 

Thanks! I've been around here for years, even had an acct for a year, just never posted before. I've been following this thread and others for all that time.

I have an interest in SandboxIE and sandboxing. I use it on occasion, but I'm not a master of it. I use LastPass & Xmarks, and my machine is otherwise a living entity, in that I'm always DL'ing pictures and media, dragging links to the desktop to look at later and share with friends, etc. I don't really want EVERYTHING to go back to a set point in time by using a sandbox, though I LOVE the protection it provides. I should look at it more closely and see if I can configure it to be more friendly to my needs.

I tried UAC again as well, but my G15 mod, LCDmisc, didn't like it, and I won't be without LCDmisc while I have a G15. Again, perhaps I should see if I can configure it to work with my needs. I know little about UAC and how to work around it.

I'm off to check your links, thanks for the response!

 

Added Sandboxie to my On-Demand list. I like how fast it is now and it's a heck of a lot more stable than earlier versions. I had a real hard time running 4.0 so I just waited til it got more refined and I'm glad I did.

Sincerely,

Coresix

 

I've replaced Sigcheck+VT with Herprotect and added uMatrix.

So my setup is now:
Windows 8.1 x64, SRP, UAC on max, Macrium Reflect
Chrome + uBlock + uMatrix
On demand: HitmanPro, Malwarebytes AM, herdProtect, Emsisoft EK, Avira PC Cleaner

 

Sandboxie is really friendly, you just have to know how to set it up for what you want. I remember, when I started using Sandboxie, one of the things that I wanted to know on the day that I installed it for the first time was how to save files out of the sandbox. That can be done in various ways but I recommend you set that up through the Sandboxie UI.

First of all, since you are using Firefox, make sure Firefox is set as your default browser, that way Firefox runs sandboxed automatically when you click in the SandboxedWebBrowser icon that Sandboxie placed in your desktop after installing the program. Then, set Firefox to save files at an specific location. This location can be your Desktop or Downloads folder. Do it out of the sandbox (Firefox Tools>Options>General).

After you done what I wrote above, open Sandboxie control and navigate to:

Sandboxie control>Sandbox>DefaultBox>Sandbox settings>Recovery>Quick recovery, Add the folder where you set Firefox to save downloads to. If the folder is one of the folders that you see there already, then add nothing.

Thats it, by setting it up this way, Sandboxie will prompt you after downloads are finish, the prompt gives you the opportunity to choose saving the downloads or to leave it in the sandbox. To get familiar, do a few downloads and play with the different options that you ll see in the prompt.

Myself, I don't like prompts of any kind so I disable the prompt and recover manually. You can disable recovery prompts in Recovery>Immediate recovery. But I recommentd, you keep the prompts on, its better until you get used to.

For convenience, you can set Bookmarks to be recovered out of the sandbox in:

Sandbox settings>Applications>Web browser>Firefox. Tick "Allow direct accees to Firefox bookmarks and history database"

And set your sandbox to delete on closing:

Sandbox settings>Delete>Delete invocation, Tick "Automatically delete contents of sandbox"

And the last thing that I wanted to know when I first started using Sandboxie was how my antivirus interacted with Sandboxie. Read here.
http://www.sandboxie.com/index.php?FAQ_Virus

Thats it, do what I wrote above and you ll be ready to use your sandboxed Firefox as you normally use Firefox.

Bo

My securuty setup

Sandboxie

NoScript

 

https://www.raymond.cc/blog/task-scheduler-bypass-uac-prompt/

 

Added HitmanPro.Alert for the first time a few days ago. It's looking like I'll keep it on.

 

I've ditched K7 (it didn't take long) and replaced it with Virus Chaser, which is using Bitdefender's scan engine these days. I remember long ago, when it was using Dr Web. The update function is not working at the moment, but I was able to manually update it by downloading the latest Bitdefender definitions and copying them to the plugins folder.

It is exceptionally light, and is free.

 

Added Voodooshield to my arsenal. Holy crap has it come a long way since I last used it! Although I found some of the balloon alerts a bit quirky but after a few tweaks (since I bought the licensed version), it's running quite nicely.

Also, the customer service is top notch. Had a bit of a mixup when I bought another year and sent them a support email; they came back with the fix and threw in another year for free since I already had an account but I forgot which email address I used when I first bought a license so they had a database mix up, but they rectified it. Awesome service and product! It definitely deserves the praise it gets on here.

Sincerely,

Coresix

 

Windows 8.1 64-bits

UAC Setting:
Highest setting - Always notify

Real-time protection:
Antivirus: ESET NOD32 Antivirus(Version 8.0.304.0)
Companion Antivirus: Emsisoft Anti-Malware(Version 9.0.0.4570)
Firewall: Comodo Firewall(Version 8.0.0.4337)
Anti-Exploit: Malwarebytes Anti-Exploit Experimental(Version 1.05.3.1011)

On-demand scanner:
herdProtect
Malwarebytes Anti-Malware

Backup and/or Recovery:
Shadow Defender

 

Thanks. I've saved this link so i'll always have it in the future. Now that I can fix certain program problems, I'll give UAC another try after I play with SandBoxIE and get it configured.

Thank you so much for a very helpful and informative post! I'm making changes now and will be taking SandboxIE for a drive when I'm done. The browser is my biggest security problem, as I relentlessly chain-surf when I have insomnia, and sometimes I'm a few clicks into a website before I realize it looks sketchy and I might not want to be there. When I have malware, it's virtually always due to surfing. I'll knock my chance for infection WAY down if I use SandboxIE.

 

Can somebody explain to me why people with an interest in security (e.g. Wilders Forum Members) on Windows Vista/Win7/Win8 still use FireFox?

My ironical post from may 11th 2010: FireFox is making up ground confirmed by one of the co-founders of Firefox on may 18th 2010 http://techcrunch.com/2010/05/18/future-of-firefox/

A report of december 2011 confirming what most security enthusiasts knew already: http://files.accuvant.com/web/files/AccuvantBrowserSecCompar_FINAL.pdf

Chrome bragging on its solid testing (50 million test cases a day) april 2012: http://blog.chromium.org/2012/04/fuzzing-for-security.html

How to geek in june 2013: http://www.howtogeek.com/165264/heres-why-firefox-is-still-years-behind-google-chrome/

Blog commenting on Pwn2own march 2014 http://www.extremetech.com/computin...er-falls-to-four-zero-day-exploits-at-pwn2own

In XP-times Firefox was safer and IE6 was a drama security wise, no questioning, but the times they are a changing, it is Q4 2014, move on please.

 

Well, I use Cyberfox.

 

I still use XP.
Better to use FF + SBIE.
Compared to only Chrome:

http://www.chromium.org/developers/design-documents/sandbox

 

Why should I move? I can make Firefox be the browser that fits my needs, something that I can not do with Chrome. But since you asked, I tell you a few reasons why I prefer Firefox over Chrome.

1. In Firefox, I can set Tabs not on top. Maybe that is not important to you but I feel more comfortable using my browser that way.

2. In Firefox, I can set my bookmarks to open as a sidebar with one click. Again, something that you cant do with Chrome. And its something that to me is very important. I feel more comfortable opening bookmarks the old way.

3. NoScript. I love NoScript. You cant have NoScript in Chrome. You have programs alike NoScript but to me, comparing those programs to NoScript is like comparing Coca Cola (the real thing) with colas that copy Coke.

4. No sandboxing. Thats right, Kees. To me personally, no sandboxing in Firefox is a good reason to prefer Firefox over Chrome. Even though I would sandbox Chorme if I was a Chrome user, my better senses tell me that the chances for a conflict with Sandboxie are there. Something that doesn't exist with Firefox (perhaps it exist with Flash Protected mode but not Firefox itself).

5. Six years using Firefox with NoScript under Sandboxie and never a problem, no conflict no malware. Only if I was stupid I would change what has worked so well for me. I do all things for a reason. Switching browsers in my personal case wouldn't make sense.

6. In my W7, I don't install plugins. Flash gets installed with Chrome. Maybe that's fine with you and prefer it that way. But not me, I hardly ever require Flash in my W7 so whenever I need to use it, I install it temporarily in a sandbox, after using the plugin, I delete the sandbox. Thats the way I like it. I am not too familiar with Chrome but I doubt you can do that with Chrome. Perhaps Flash can be disabled but get rid of it completely, I don't think so.

7. I don't like updating nothing automatically. I think you can disable Chrome from doing it but even so it is a pain with Sandboxie every time Chrome wants to update. People who use SBIE and Chrome get a message and are bother with it when Chrome is connecting. While that's how it goes with Chrome, disabling automatic updates in Firefox is painless. You disable it in the UI and that's it. Forget about it.

Greetings

Bo

 

You are welcome. Based on my personal experience using a sandboxed Firefox with NoScript, if you are extremely careful with anything that you recover out of the sandbox and execute out of the sandbox, your chances of being infected again are about 0. Whenever you are browsiing with SBIE don't concern yourself with what is inside the sandbox, that wont do nothing to your system, files, registry, etc, concern yourself only with what you recover and execute unsandboxed. Its simple and it works.

And you can prove it to yourself. Do this test. Don't take any site for granted, don't matter what kind of site you visit, if for the next six months you do all browsing using Sandboxie and follow the dummy user formula that I wrote above, your infections will belong in your past.

And then maybe, you ll do like me and start sandboxing the email client, Download folders, USB drives, PDF reader, etc and etc and then all of the sudden, you ll notice that you cant get infected anymore despite visiting the same sites that you used to visit when you used to get infected. Now, you can get infected anymore even if you tried to.

Bo

 

@bo elam : Bo that explains so much I am not going to argue about it

Security wise I would not use FF without SBIE and the added value of Noscript is disputable when used with SBIE. From what I have read: a lot of Noscript users are very happy with uMatrix extension of Chrome.

 

I don't see it that way at all. Perhaps security wise, I get very little out of NoScript but because I use NoScript, my browsing is faster and sites are clean, there is no hanging, I set NoScript in a way in which I don't even see signs that NoScript is on as I disable notifications, collapsed objects or placeholder icons. For me, its like NoScript its no there. But its there and its doing its thing.

You are in Europe, next time your favorite football team plays a game, find the game in this site and take a look at all the scripts that load as you are watching the game. I get none of that as I block all script except the ones that are required to watch games. For sites like wilders or the SBIE forum, using NoScript dont do nothing but for sites like the one in the link, its a different story.
www.firstrowsports.bz/

I told this story before. Theres a Colombian site that I visit on a regular basis. A few years ago, this site became under click jacking attack, it lasted for a couple of weeks, I didn't stop going there, I kept going there but was very careful not to click where NoScript warned me that there was a problem. At the time, I was still using an antivirus. The AV never said anything about it.

Bo

 

Well, I wouldn't say that.

You wouldn't say uMatrix and the likes are disputable when Chrome has its sandbox, would you?

As useful as Sandboxie is, one has to regard that Sandboxie itself does nothing to counter platform independent/os agnostic web threats.

http://hackademix.net/2008/01/12/malware-20-is-now/