What is your security setup these days?

Firefox - Noscript , HTTPSeverywhere , adblock plus with tons of filters , about:config custom tweaks
Sandboxie - Browsers , IRC and lots of system deamons
EMET 5.1 - Browsers , IRC and lots of system deamons
TinyWall
Windows 7 Ultimate x64 - Disabled Vulnerable daemon plus more tweaks
UAC - maxed out
Bitdefender Live USB - on demand - I prefer this

(If i feel life being paranoid i use these too... all of them )
Dr.web Live USB - on demand
Kaspersky Live USB - on demand
AVG Live USB - on demand

 

try my setup.. its super light and all free.. but i see on your sig that you have Malwarebytes pro... thats a plus too...

 

I can see both sides to this little dust-up. Sandboxie is powerful stuff, but does it mean anything to answer every problem with praise for just one program? Maybe Sandboxie deserves it, I probably appreciate it as much as you do Bo, it's been on my computer since how it worked was first explained to me here a few years ago.

There might be something to what you and Kees have posted in the last page or so. Layering is the standard here for good protection. Are there areas of security where Kees thinks using only Sandboxie leaves you vulnerable? If so, have you found a reliable way to cover them with Sandboxie?

 

my current setup:

Desktop 1: Emsisoft Internet Security + Malwarebytes Premium (on-demand) + HitmanPro (on-demand)

Desktop 2: Avast Premier + Comodo Firewall ver8 (HIPS enabled)+ Malwarebytes Premium (on-demand) + Keyscrambler Pro

Laptop : EAM + Online Armor Premium + Malwarebytes Premium (on-demand)

Android 1: Avast Mobile Free + GreyShirts NoRoot Firewall + Adguard for Android

Android 2: AVG Pro (Yandex Promo) + GreyShirts NoRoot Firewall + Adguard for Android

 

As far as I am concern, the little dust up is over. Don't stir it up.

This reply is for you. The layered approach might work great for you but I found my own personal way of taking care of security. For me, it is safer and I feel more comfortable not piling up security programs, one on top of the other. By using three, four, five programs to take care of security, you end up opening holes in programs in order for programs to work well with each other.

I avoid watering down Sandboxies protection by using Sandboxie on its own. I want Sandboxie at its best and that is what I achieve by not using anything else. You might not see the point of doing that but I do. I don't have to exclude this or allow that for SBIE to work (half fast) with other programs. In my view, that is security and I am being more secure by not doing any workarounds.

In a few days, its going to be four years since I stopped using antiviruses or anything along Sandboxie. If I was doing things wrong, I would have gotten infected more than a few times already this past four years. But it doesn't happen. Why should I add security programs to protect myself against something that its not happening? It doesn't make sense.

Besides that, by using Sandboxie the way I do, I don't have to do upgrades or updates everyday. That gives me peace. I get to enjoy computers and the internet more by not doing that every day, every week. You know, I turn on my computers and I use them as I wish. No worries and when I turn them off, I know my computers are clean. I never get the feeling that I have to run scans because I notice something strange. That don't happen at all.

I can keep going and going but I ll stop here. The way that I take care of my security is not for everyone. I dare you to find one post of mine recommending to do things like I do. You wont find one, anywhere. But you will find many many of my posts recommending Sandboxie. Why shouldn't I recommend the one program that turned my computing experience to be joyful?

In addition to Sandboxie, I do other things that are not for everyone. I mean, NoScript for me, has never been a pain. Its been a joy to use that program. In fact, I believe, for browsing, I don't really get much from Sandboxie. Sandboxie gets the credit but I believe NoScript is the one that really takes care of my security while browsing.

And I do other things like not using Java and getting rid of plugins. In my W7, I don't carny any plugins. If I need to use one, I install it temporarily in a sandbox, after using it, I delete the sandbox and forget about it. Doing something like that is not for everyone but for me, its the way to go.

All files that run in my computers, they run sandboxed from the day I download them till the day they get deleted. There are rare exceptions but thats the rule. And all is done automatically. Some people think that Sandboxie protection stops when you recover files out of the sandbox. Not me, I don't stop sandboxing files just because they have been recovered.

Another thing that I do is I treat all sites the same. I shake my head when I read someone say, "I use SBIE for suspicious sites or suspicious files", I don't do that and I believe that is the wrong way of using Sandboxie. So I treat all sites, files and programs the same way. It works for me.

Bo

 

Unfortunatelly my current home PC is very sensitive to security combos. Especially when I use SBIE or Comodo's sandbox for browsers. Unlike my office PC which is fine whatever paranoid combo I poke into it.

Yes, that's true. Actually what I get it's unnecessary doubled fuss.

+1
I'm still shivering after a "toilet duck" prank from someone Kees1958.

 

EMET 5.1
Windows Firewall Control 4.2 (medium filtering)
MCShield
OpenDNS
SpywareBlaster
Firefox w/ NoScript
SUPERAntiSpyware Free Edition
MBAM (free)
Sandboxie (free)
...and a little common sense

No realtime AV protection as of now.

 

I was trying to do the opposite of "stir things up", like talking about the interesting question of can it work to use one program (Sandboxie) exclusively instead of the accepted method here of layering security. But never mind, I misunderstood, you are layering too and Sandboxie isn't even the primary layer.

 

I have currently Malwarebytes Anti-Malware (Premium), ZoneAlarm (Free), WinPatrol (Plus), Norton AntiVirus (Paid), Zemana AntiLogger (Paid). Rarely I may use an online scan.

 

I think, regarding browsing, you can say that NoScript blocks and Sandboxie contains. I guess using both programs is sort of using two layers. During the 6 years that I used both programs, I have never seen a Sandboxie message about blocking an unknown executable or program that attempted to run, that IMO is due to NoScript blocking the bad stuff that is all over the internet and doing it quietly.

Perhaps, a few times, I had malicious programs downloaded into the sandbox when browsing the internet but they done nothing, some of this things can not even start when they are in the sandbox and since there is no reason to be looking inside the sandbox, I don't know.

Thats browsing. But for the rest of what I do with computers, I got nothing but Sandboxie doing the protection. In a few words, any file that's downloaded or introduced into my computers, they run sandboxed until the day they are deleted- Its a simple rule and I follow it. Its not hard to do and it has worked for me. Once you get into it, its really easy. I don't even have to think about it, all done second nature.

I remember telling you a couple of years ago and I think it was in this thread, running files sandboxed doesn't have to stop when they are recovered out of the sandbox. Why stop sandboxing files just because they have been recovered? For me, someone that doesn't have a scanner and totally depends in Sandboxie, sandboxing files for as long as they remain in the computer is they way to do it.

justenough, I ll finish with this two thoughts about Sandboxie. I use my computers exactly as I would use them if I didn't use Sandboxie. There is nothing that I cant do because I am a SBIE user, if using SBIE was inconvenient or slowed things down, I would not be a SBIE user. Last, I know many people think of Sandboxie as a browser in a sandbox. But thats not what Sandboxie is. Sandboxing the browser is just a taste of what you can do with it.

Bo

 

After micro-tweaking Safe_Admin on desktop since 2010, I will settle for this, further hardening reduces functionality, so my Saint Nicalaus present for this year to this security forum will be, no more security setup changes, until I upgrade to Windows 10

My Home Desktop Windows 7 Ultimate 32 bits
- Recovery: Windows image and SyncbackFree data backup to NAS & remote storage
- Network: behind SPI-Router with Windows Firewall (set 2-way & risk-ware disabled)
- Security: SRP, block autoruns/scripts/shell for basic user, added MBAE & Zemana
- Blacklist: Norton DNS (connect safe), Chrome (safe browsing), µBlock (anti-ad lists)

My Asus Transformer Windows 8.1 32 bits (with classic shell)
- Recovery: Windows 8.1 recovery, data to 64GB SDXC Card, sync via cloud to NAS
- Network: Microsoft Windows Firewall set 2-way and risk-ware services disabled
- Security: added MBAE & Zemana, System Wide Smartscreen (admin consent)
- Blacklist: Norton DNS (connect safe), Chrome (safe browsing), µBlock (anti-ad lists)

Wife's laptop Windows 7 Ultimate 32 bits (light with low pop-ups)
- Recovery: Windows image backup and SyncbackFree data backup to NAS & remote
- Security: SRP, Webroot Secure Anywhere (firewall, warn for untrusted), MBAE
- Blacklist: Norton DNS (connect safe), Chrome (safe browsing), µBlock (anti-ad lists)

 

@Windows_Security

Why Not running x64 OS?

 

Disappointment with Bitdefender Total Security 2015. Winamp didn't start and after attempt to run winamp svchost.exe consumed 30% of CPU. Otherwise BTS feels lite.

Btw they have nice user support for lic users. I had correspondence with them on some other question (couldn't make FW to go in "Ask" mode for outgoing apps). They replied to each email in about 24 hrs. It took me only 4 emails to explain finally what I want and only 2 emails with a bit incorrect explanations from them how to make "Paranoid" for the whole BTS 2015, as for just FW it's not possible. It's OK as the BTS is not for tweaking but for just using - install and forget.

 

My desktop at that time was a Pentium E6200 dual core with only 2 GB of RAM, so 64 bits would not run nicely. Wife's laptop had 4 GB RAM, but it was a Celeron P4600 dual core with little cache. Since instructions are twice the size as 32 bits, the CPU cache should be twice as effective when on 32 bits OS (I thought). Easier for me to have the same OS on both machines.

 

Kaspersky IS
MBAE with 7 additional shields for routine apps, including sidebar and Process Explorer.

The setup is very lite. I like idle scan in Kasper.

 

Desktop PC: Microsoft Windows 8.1 SL x64
- SmartScreen Filter: on, get administrator approval
- User Account Control: max, always notify
- Windows Firewall: on
- Standard User Account
- EMET 5.1: max settings, popular software and Internet-facing applications

Mozilla Firefox 34.0
- Master Password enabled
- AdBlock Plus: EasyList

ESET NOD32 Antivirus 8
- Enabled potentially unwanted, unsafe and suspicious applications
- Integrated document protection

Malwarebyte's Anti-Malware Premium
- Enabled advanced heuristics and rootkit detection

SyncBackPro 7
- Back-up on change, but only after 300 seconds of inactivity
- Mirror important documents and media to separate storage
_____________________________________________________________

Wife's Laptop: Microsoft Windows 8.1 SL x64
- SmartScreen Filter: on, get administrator approval
- User Account Control: max, always notify
- Windows Firewall: on
- Standard User Account
- EMET 5.1: recommended settings, popular software and Internet-facing applications

ESET NOD32 Antivirus 8
- Enabled potentially unwanted, unsafe and suspicious applications
- Integrated document protection

 

Looks like you are closer to using the full abilities of Sandboxie than I am. But it's still doing a good job here, the only time something got by Sandboxie was a slip on my part, letting something out of the sandboxed download folder without checking it first with an on-demand scanner. Wasn't running a real-time AV at the time. That's the reason for my layering, for when I slip up.

Sorry if my last post to you seemed harsh. Looking at it now I don't think the tone intended is apparent. I should have put a wink and smile at the end.

 

This is why I recommended to you not to stop sandboxing files just because they have been saved out of the sandbox. In my personal case, even if I was using real time antivirus or on demand scanners, I would continue sandboxing files for as long as they remain in my computers. When I recover files out of my Firefox sandbox, the only question really is in which sandbox they are gonna run. And that depends where the files are at in the computer and what kind of files they are.

Greetings

Bo

 

That is called seamless containment in the file system, on 32 bits that is provided by a program called DefenseWall (on XP GeSWall sort of does both of what DW and SBIE offer). On 64 bits BufferZone Free offers this when enabling the application (and script) control option. Although BufferZone's sandbox is not as restrictive as SBIE's sandbox or DW's seamless containment

 

DefenseWall is a great program. The only reason why I use Sandboxie instead of DefenseWall is because Sandboxie has a free version. I discovered both programs at the same time but since Sandboxie had the free version, it was easier to test and get to know. And thats what I did.

After using Sandboxie for about a year, I got me a license for DW and used both programs together for a while. After purchasing my SBIE license, to avoid possible conflicts, I stopped using DW. But to me, both programs are amazing and both do the same, they just get it done differently. I personally dont see much difference between both programs.

Bo

 

Home PC:

Windows XP Pro SP3: Secondary Admin, Default Deny SRP, Barebones cubed
Netgear AC1450 dd-wrt (just upgraded my router)

Comodo FW/D+ 5.10: FW- Custom Policy, Alerts- Very High, all checked except ICS server setting. Advanced- All checked, All ports stealthed
D+- Paranoid, Untrusted- Cloud settings unchecked. Sandboxing disabled/all unchecked. All monitoring enabled. Trusted vendor list (vendor.n file) deleted
Sandboxie Lifetime 3.76: All removable drives and new/incoming files auto-sandboxed & isolated.
TrueCrypt 7.1: FDE
Shadow Defender 1.1.0.325: Select partitions (including OS) in Shadow Mode- System Startup
Macrium Reflect Free 4.2.3638: Several states imaged

On Demand Scanning:

VT Hash Check 1.01
MBAM Free v2
Hitman Pro 3.7
TDSS Killer
GMER

Firefox 27.0.1, Ixquick Custom Search, Plugins: Adblock Edge, Calomel SSL Validation, CS Lite Mod, HTTPS-Everywhere, NoScript, Private Tab, RequestPolicy, WOT, Youtube ALL HTML5, Element Hiding Helper for Adblock Plus. ABE Filters: EasyList, EasyPrivacy, Fanboy's Annoyance List, Malware Domains.

No Plugins. No Java. No Flash. No .NET Framework. No PDF program. No MS Office. No IE.

 

Xp Home SP3
Windows Firewall
Trick Myrrh-Sebijk-Harkaz
PsExec
System Restore Off
Black Viper's
Norton Connect Safe
EMET 4.1 U1 *
SBIE

Firefox-ABP,Ghostery,WOT,Noscript,HTTPS Everywhere,Toggle Referer.


On Demand

Hitman Pro
HijackThis Portable

* Upcoming transition to MBAE Premium

 

Prefer running light nowadays.

UAC
Sandboxie
Windows Firewall Control
Avira PC Cleaner

 

Windows 7 x64
With Emsisoft Internet Security
and Malwarebytes Anti-Malware (MBAM)

in case of files that I don't trust I check them thru Virustotal on top.

My guess this is -generally- sufficient.

 

Been testing NVT with Appguard it is has been fantastic. I enjoy using windows firewall control, which has also been easy and light weight. I still have a few programs that I used to run, but wasn't sure if they would be needed with the NVT&AG set up such as; Malwarebytes Anti-exploit and NVT driver pro. Any benefit from running them with the setup? Also, would having UAC set to high be effective anymore?