Securing Win 7 64 bit

I'm looking for info on how I can better secure Win 7 64 bit. I currently have PCTools firewall + Avira + Win Defender is active.

Anyone either have a link to a list of important things to disable in Win 7, to make it more secure, or any other programs that I may need to add for a more solid security set up?

Too bad SandboxIE isn't so good on 64 bit. I'll miss that one.

Are there any programs like SafeXP or WWDC but for Win 7 64 bit?

Thanks.

 

The same old routine. Update your software, run as a non-admin user, and install software only from trusted sources.

Practice the basics properly, and losing hair over which security product(s) to run is nothing but a waste of time.

 

AppLocker - available through the Ultimate and Enterprise editions of Win 7. There are a couple of threads with good tutorials here to get you started.

SRP - available in Professional, Enterprise and Ultimate

Run one the above with a standard account (LUA), along with UAC, & DEP should help you become better secured.


Just take a look around Wilders, there are people including myself usng Win 7 64, plenty of info to go on.

 

The developer himself stated, "...even with this disadvantage, the 64-bit edition of Sandboxie is still an adequate front line of defense against most types of malicious software."

http://www.sandboxie.com/index.php?NotesAbout64BitEdition

Not to mention I've yet to see a single instance of Sandboxie x64's achilles actually having been exploited yet.
Maybe a year or whatever from now it will be proven obsolete but at this point it's just a bunch of hot air.

 

I asked a similiar question recently, and got lots of good replies that you may find helpful:

https://www.wilderssecurity.com/showthread.php?t=272564

For how I use the computer, my conclusion was that 7 x64 comes with a lot of security already built in, and that Sandboxie and on-demand programs and a system image were all I needed.

 

WIN7 64 OS SECURED AT NO EXTRA EXPENSE WITH:

- TURN ON 'DATA EXCUTION PREVENTION' (DEP): Fights against Buffer Overflow attacks.

- USE 'APP LOCKER' AND 'SOFTWARE RESTRICTION POLICIES (SRP)': This restricts execution of rogueware / scripts. Recommend to use it on Web facing software (Web browsers, web chats, etc.).

- TURN ON 'STRUCTURED EXCEPTION HANDLING OVERWRITE PROTECTION (SEHOP)': Blocks exploits that uses structured exception handler (SEH) overwrite techniques.

- USE A 'STANDARD USER ACCOUNT (SUA)': Limits exploitation of elevation of rights (number one security vector that is constantly being exploited in WIN OS platforms not properly configured).

- USE ' USER ACCOUNT CONTROL (UAC)' (*Turned ON by default in WIN7 64): Limits exploitation of elevation of rights. Use this with "CTRL-ALT-DEL for Elevation To Admin" to prevent spoofing of password dialog.

- USE 'WINDOWS DEFENDER' (*Turned ON by default in WIN7 64) AND DOWLOAD+INSTALL 'MICROSOFT SECURITY ESSENTIALS': Helps fight and clean malware that would break through (unlikely) the other security layers.

- USE 'WINDOWS FIREWALL' (*Turned ON by default in WIN7 64): Keeps certain Malware (worms) out/contained and other unwanted, unauthorized software from communicating with the outside or into your home network.

- USE 'AUTO UPDATES': Let it run automatic in order to keep your WIN7 OS up to date and secured from "discovered" flaws or to enable new "features".

- DISABLE AUTOPLAY: Fights against automatically running 'autorun.inf' that could install Malware into your system via USB, optical disks (DVD, CD, etc.), flopply disks (anyone use these anymore?), bootable external HDD, etc.

- DISABLE 'ACTIVE X' IF USING INTERNET EXPLORER 8: Eliminates many active-x exploits.

- ENABLE 'PROTECTED MODE' IN INTERNET AND TRUSTED SITES WITHIN INTERNET EXPLORER 8: This provides a sanbox-like environment for IE8.

- DISABLE OPTIONS WITHIN 'SECURITY' AND 'PRIVACY' OPTIONS WITHIN MICROSOFT MEDIA PLAYER: This helps reduce exploits created for MS Media Player.

Other options to add:

- Use True Crypt to encrypt files, folders or the complete partition if needed.

- Use Macrium Reflect to backup and/or create images of your OS.

- Use Virtual Box to run virtual systems for testing or checking out software.

 

I thought SRP was not available in Home Premium editions? I'd be glad to be wrong though.

 

You're right, my mistake, it starts with the Professional Edition

 

Lucy, another Wilders member, has done an implementation via the registry for SRP on Win 7 including Home Premium. See the link below for details:

https://www.wilderssecurity.com/showthread.php?t=262686

 

Thanks a lot for that list. Very helpful.

 

My config: Returnil + Outpost Pro

haven't encountered any problem since 2009