What is your security setup these days?

So technically what OA monitors? Tony Klein's Registry Autostarts or what?

http://gladiator-antivirus.com/forum/index.php?showtopic=24610

 

EQS (free) can easily be set to cover StartUp Folders and then it will jump up and alert to ANYTHING moving toward adding themselves in that directory. EQS simply will not allow it without FIRST alerting the user to investigate that action.

It's another reason my confidence is solid in EQS because you can MAKE IT monitor such locations and alert you to attempts at the instant they attempt to do that.

Thats the key important difference in a HIPS which is completely configurable for a user to cover "ALL" critical areas of concern.

EASTER

 

Or just add those to MJ Registry Watcher which can protect what ever you want

 

Resident

Kerio 2.1.5 firewall
Avira AntiVir
DefenseWall HIP's 2.20
EQSecure 3.41
Mamutu
SandboxIE
Hostsman
Spyware Blaster
RegProt
MJRegistryWatcher
FileChangeAlarm

On Demand

AVG Antispyware
A-squared
SUPERAntiSpyware Pro

Backup

Acronis TI 10
FD-ISR
DriveImageXML

Other

Firefox with NoScript,AdBlock+,Scrapbook,Site Advisor,RefControl,CookieSafe,Filterset.G,Tab Mix Plus, ShowIP
CCleaner
Easy Cleaner
Filemap by BB
FingerPrint
WhatsRunning
RegShot
Tiny Watcher
GMER
IceSword (conflicts with DefenseWall unfortunately)
Runscanner

 

I´m in person sceptical to pollers since they don´t prevent the change itself. I rather use a tool where you can choose which entries to monitor before the altering action, for example Winpooch, RegDefend and apparently EQS which I havn´t used.

/C.

 

Layers upon layers upon layers will not keep you better protected then a simple combo. I have always used just an av and a good firewall and never any infections in over 5 years. Some of you people are insane with your set ups. How can anyone be so paranoid about security. My set up.

Avira Premium
Comodo 3.0 w/D+
Firefox with No Script and Ad Blocker
SAS ans Spybot on demand.
I have never needed more.

 

I just want to see those changes. Shadow Defender removes them.

 

Its how it keeps up with your specific use,and five long years is a more then sufficient proof of validity of your security concept,and i guess a very snappy system all those time.

 

Yes both my desktop and laptop have the same set up. Comodo 3.0 with Avira. I also have a fully stealthed hardware firewall which passes all tests without Comodo installed. What I am trying to say is that some people on here act like every time they turn on there pc's there gonna get a virus. This is so not true.

 

Does Returnil slow down anyones system at all?

Oh, and also, is ZoneAlarm still a good firewall?

 

Computer

Realtime
NAT+SPI Router
Avira Antivir PE Premium
Comodo Boclean
Comodo Firewall Pro With D+

On-Demand
Spybot S&D 1.4
AdAware SE Pro
AVG Anti-Spyware
A-Squared Anti-Spyware Free
SuperAntiSpyware
AVG Anti-Rootkit
Panda Anti-Rootkit
GMER

Virtual/Sandbox
Sandboxie
Returnil

Hardening
SafeXP

Blocklist/Other
SpywareBlaster 4.0
IE Spy Ad
MVPS Host


Laptop

Realtime
NAT+SPI Router
Comodo Firewall Pro With D+

On-Demand
SuperAntiSpyware
Malwarebyes Anti-Malware
Ewido Micro Scanner
Panda Anti-Rootkit
AVG Anti-Rootkit
GMER
Avira Antivir PE Classic

Virtual/Sandbox
Sandboxie
Returnil

Hardening
Security & Privacy Complete

Blocklist/Other
SpywareBlaster 4.0
MVPS Host

 

I never noticed any slowdown using returnil before and I never heard of any slowdowns using returnil,

I don't know that much about zonealarm I use comodo.

 

After Problems with SafeSpace at turning off my machine ( LauncherService.exe error Banner, and no Purge) I have a new Setup :

Active :
Ghostwall
Returnil
Threatfire-Step 4

OnDemand :
Onlinescanner
Dr.Web CureIT
Prevx CSI
Ewido micro
Antirootkit ( Panda+Threatfire)
+
System hardening

 

Always active:
Sygate Pro 5.6.3408
Sandboxie with forced programs etc., separate sandboxes

Dumped AVAST too buggy 4.8 beta, crash and like

back to Avira write only

added Threatfire, trying ....dumped it....

trying Prosecurity free

 

Beta software is supposed to be buggy, nah? Why didnt you just use 4.7 release?

 

added
changed
removed


XP setup 1

Resident:

System Safety Monitor (Free Edition)
ThreatFire
Windows Firewall

XP setup 2

Resident:

Prevx
ThreatFire
Windows Firewall

XP setup 1 & 2

On-demand:

Avira AntiVir

Other Security / System Hardening:

nLite'd Windows XP SP2 (with service tweaking based on TweakHound's guide)
RyanVM's Windows XP Post-SP2 Update Pack
Xable's Windows XP Post-SP2 Update Pack
Seconfig XP
xp-AntiSpy
Process Explorer
Firefox extensions: AdBlock Plus and Permit Cookies

 

Resident:
Nod32 v2.7
Threatfire
XP Firewall

On Demand:
Tiny Watcher
SAS
RKU
Prevx CSI

Firefox w/No Script, CS Lite, Adblock Plus, LinkScanner Lite

Hardening/Policy:
SuRun
SRP
SpywareBlaster
Seconfig
DEP - Opt out

Recovery:
IFD
FD-ISR

System info:
Process Explorer
Autoruns
Process Monitor
TCPView

 

Was running the Avast beta liked it very much, but somehow (beta so you can expect it) the XP recovery did not work in conjunction with Comodo. Decided to keep Comodo, so now

Comodo V3 with D+ in this setting https://www.wilderssecurity.com/showthread.php?t=199867

DefenseWall with 7-zip and scriptdefender also marked as untrusted (besided the build in list)

Avira AV classic (free) with normal heuristics, scan at write only, using smart extention list (meaning also a bit of content), unpack archives, recursive 3

 

Yep, did so. Using it now. With the whole shebang.

So my setup is:
Sygate Pro
AVAST
Sandboxie
Peerguardian (when P2P ing)
Pro Security for the time being.

Edit: LUA-ing now with SuRun (necessary for PeerGuardian)

 

Changed from Prosecurity to EQsecure thanks to Alcyon's rules.

Edit 2: Eqsecure is a bit too much for my knowledge, now using Winpatrol, like it a lot!
So now my setup is:

Sygate Pro
Avira free (with tips from Kees)
Sandboxie
Peerguardian (when P2P ing)
Winpatrol 2007

 

Hardware Firewall: AlphaShield
Software Firewall: Look'n'Stop
Anti Virus: Avira AntiVir Premium
Sandbox: SandBoxie
Exploit/Malicious Site Blocker: LinkScanner Pro
Realtime AntiMalware: MalwareBytes AntiMalware
System Monitor: WinPatrol Plus
On Demand: SuperAntiSpyware, Rogue Remover, ADS Spy, Prevx CSI
Other helpful & handy tools: Spyware Blaster, Ad Muncher, Seconfig Xp, TuneUp Utilities, Rollback Rx

Using Firefox with NoScript

 

ESS and Sandboxie.

 

Since the DeleteVolume test "AND" my test samples busted right thru SandboxIE's containment, i've taken steps to shore up my HIPS = EQS thanks mostly to Alcyon's Rulesets he's shared recently.

I feel if i can set EQS to "DENY" all possible common entry areas of the registry AND startup folders as well as System Folders as well as get SuRun prepped enough to strip rights with LUA, that duo will account for the greatest percentage of shielding against forced entries.

So this week we're putting MOST of our Easter Eggs in only two baskets, EQS + SuRUN, and as always Kerio 2.15 FireWall untill theres time to give CPF/D + an opportunity to prove itself formidable enough or not.

DeepFreeze + Anti-Executable shored up by EQS is the absolute extreme TORQUE set up i found safest so far.

 

Kerio 2.1.5
EQSecure (with Alcyon rules)
DefenseWall

 

Vista 32 SP1 set-up "changes" in bold as of 3/22/08:

Resident:

DefenseWall HIPS Pre-v2.30(Compatible w/Vista SP1)
Netgear RP614 v2 Router w/NAT & SPI
Primary Response SafeConnect v3.0.0.1443
Vista Firewall

Other "Paid" Security Applications at My Disposal(Not currently installed):

DriveSentry Full
LinkScanner Pro
Look'n'Stop
Norton AntiBot
RegRun Platinum
Shadow Defender
SuperAntiSpyware Pro
Task Catcher
WinPatrol Plus

On-Demand:

Autoruns
AVZ Antiviral Toolkit
GMER
Prevx CSI+
Process Explorer
RegRun Reanimator
Returnil 2008 Personal Edition(For testing purposes);[Installed]
RootKit Hook Analyzer
ShadowDefender(For testing purposes);[Uninstalled]
SUPERAntiSpyware Free

System Hardening:

Applied manual system hardening tweaks
Disabled non-essential Vista services
Enabled Software DEP for all programs and services
Disable UAC with TweakUAC
Disabled Windows Defender
Uninstalled Java Runtime Environment
Windows Worms Door Cleaner

Backup:

ERUNT(registry)
Paragon Drive Backup

Miscellaneous:

Primary Web Browser - Opera v9.26(w/UserJS scripts; Java disabled, JavaScript enabled(userscripts only), but with options disabled, Iframes disabled and plug-ins disabled);(https://www.wilderssecurity.com/showpost.php?p=1207602&postcount=6)
Email Client - The Bat! Home


Peace & Gratitude,

CogitoErgoSum