What is your security setup these days?

Hi to the community!
Sandboxie solo here with FF and Palemoon(NoScript ,ABE).
Same set up for almost three years,never a problem.

 

Really nice rule set but I would be more interested in Firewall rules for those apps and system files. E.g. I am working on firewall rules for most windows files that try to communicate (including to disable the ones that simply do homecalling for ads-purpose) as well as browser, mail, etc etc... do you have such rules already ?

 

I highly appreciate the time you spent printing these rules. And donna worry your warning is not neglected.

 

Hi @nnikoss and welcome to this forum. Nice setup

 

Testing F-Secure Ultralight Antivirus+Comodo Firewall 8. Nice combo.

 

Hi javagreen,

I have been running ERP and HitmanProAlert (like MBAE) only for a very long time (see my sig) and i have never had any issues. Feel confident in this setup, they both complement each other very well. Appguard is very strong even by itself, but I recommend you keep patients for a little while longer as ERP is soon to become freeware, although i do recommend a donation to them as its really a brilliant and powerful anti-executable.

regards.

 

Hi mate,

Thanks a lot, I do have more confidence now! ERP becoming freeware is more good news. I'm really looking forward to switch to this set up ☺

 

No problem. It will be the lightest setup you will ever run. Please feel free to post in the ERP forum here at wilders if you have any issues. Everyone is always willing to help.

regards.

 

Hi TS4H. What is ERP?

 

Exe Radar Pro made by NoVirusthanks. Its an anti-executable. Check out this thread https://www.wilderssecurity.com/threads/new-antiexecutable-novirusthanks-exe-radar-pro.300552/

regards.

 

This could be interesting. Are they planning to have a paid version still along with a free version?

 

Any particular reason ? Just that I`m giving Privatefirewall ago myself here and liking it.

Regards Eck

 

No particular reason. PFW was working ok as as was CFW 5.12. Just trying out different combinations. Right now using Windows firewall and Windows FW Control along with it. Also have a router. No real time A/V or 3rd party firewalls. Good luck with PFW.
Wolf

 

WebrootSecureAnywhere and HitmanPro.

 

Hi nnikoss, your setup looks similar to mine.

Firefox with NoScript
Sandboxie

Bo

 

UPDATE (Again, not meant as any kind of tutorial. Use at your own risk.)

Protection Settings tab configuration for rulesets applied to rundll32/CMD; Cyberfox; LibreOffice; other third-party user-space apps
- Interprocess memory access: active
- Windows/WinEvent hooks: active
- Processes' termination: inactive
- Window messages: active

Protection Settings tab configuration for rulesets applied to games and game-recording apps
- Interprocess memory access: active
- Windows/WinEvent hooks: inactive
- Processes' termination: inactive
- Window messages: active

VidCoder has been removed as it needs to execute conhost.exe (a Windows component) residing inside Windows folder. I'm not comfortable with the idea that user-space apps need to execute something in Windows folder.

I don't really block outbounds for Windows processes. As for third-party apps, I only allow outbounds for Cyberfox, CIS and Macrium. All inbounds are blocked in global rules. Sorry for not being able to provide any help.

I am fairly certain that my web browser ruleset is not usable for web browsers other than Firefox and its derivatives. And even for Firefox/derivatives themselves I'm not sure if it is usable for normal usages, since I don't install third-party plugins to be used by Cyberfox and Cyberfox also doesn't have a separated updater process needs to be allowed. Hence why I can block all child process executions without any exception.

 

I believe it is still undecided, this is a very new announcement. But in my opinion, as the software is very mature there is no need for rapid development. Development will slow down obliviously but will continue to be supported.

As for free or paid, existing paid users and new free users will be using the same software. However people with existing paid licenses or users who donate may/may not get additional features.

Keep in mind this announcement is very new, so please don't hold me to anything. The team at ERP are still undecided on the details.

Either way. Its a fantastic opportunity for new users, there are plenty of members here at wilders who do not run real time AV, and most of them have something like this in there arsenal.

regards.

 

I completely agree with you on both points. Thank you for the info. I will definitely keep an eye on it now for sure. This could benefit many users. I haven't tried it before but I am curious to give it a try now. Cheers!

 

No problem.

 

But why not? I think it is one of the best ways to protect yourself. Whenever you run into an exploit or some malware tries to send your data to somewhere else (or windows trying to do random unneeded home calling) you will be able to block that as all your files are limited to the connections that they need (e.g. only specific ports or dns/ip destinations).

E.g. when something exploits/injects into my "skype.exe" then it will not be able to communicte to whereever it wants to.

 

The layered defense malware needs to pass on my Windows 7 ultimate 32 bits desktop:

1. FILTER: WFW 2-way > Norton DNS > Safe Browsing > µBlock ads/trackers and 3rd-party iframes/scripts
2. HARDEN: Disabled unsigned-install, risk-ware, USB-execute, 16bits, cmd, scripts, user autoruns, new tasks
3. MITIGATE: SRP deny execute basic user > EMET scripting apps > Spyshelter threatgate folders + EMET-apps

 

First, if a malware manages to exploit a legitimate process and tries to phone home then I consider that to be already a checkmate. Second, it is hard to tell which home calling is needed by Windows and which one isn't since all it uses is only svchost, and blocking outbounds for it makes you unable to update Windows. Maybe you can lock down the connections through IP and port restrictions, in which I have no sufficient enough knowledge level to determine what are going to be whitelisted and blacklisted. Third, if my data contains sensitive information and I don't want anyone to have access of them, I'll encrypt the data or even better, I'll put them in an external storage and encrypt the whole external drive.

 

Fine line between securing a system, and breaking it. I find it best to deploy solutions that can do much of the securing for you, and are vetted so they don't break anything.

 

You are correct. There might be malware of more insidious nature that can circumvent a tightly configured firewall, but at the very least you have a fighting chance to block mainstream varieties either entirely or at least partially.

 

Still running MVPS Hosts