What is your security setup these days?

Active
Look'n'Stop
DefenseWall
Sandboxie
AntiBot
Malwarebytes AntiMalware


On Demand
DrWeb CureIt
SuperAntiSpyware

Opera

 

Toyed around with the group policy in XP Pro, but decided to stay with Vista HP SP1. So here's what will stay in place for a while, I hope. LOL.

Vista HP SP1 using Standard Account (key starting point)

1. Tweaked UAC to continue protected mode and registry virtualization, but now has one less prompt in standard account and is where I do my computing. Just asks for admin. password now.

2. Antivir 8 free (set to write)
3. Vista Firewall
4. DEP (all programs)
5. K9 Web protection (no internet slowdown)
6. Router w/ firewall
7. Use Driver Detective to keep drivers updated. Did help Vista improve performance.
8. Using Firefox 3 beta 5 with Adblock and noscript.
9. KeyScrambler installed in IE 7 protected mode for sensitive surfing.

Lastly, FD-ISR in case I goof.

 

Antivirus: Avast! 4.8
Antispyware: Spybot S&D + SUPERAntispyware
Firewall: Comodo Firewall Pro 3

That is all.

 

XP Pro SP3
Look'n'Stop 2.06p2 (Phantom's ruleset)
Greatis Regrunsuite
Threatfire Pro
Sandboxy

on-demand:
SAS free
Spywareblaster
Mrublaster
HostsXpert
Gmer
wwdc
bugoff

 

Resident:
OA
NOD32 v2.7 (2 months left on license)
SandBoxie

On Demand:
SAS
MBAM
RKU

Backup/Recovery:
IFD
FD-ISR

 

Updated in BLUE, We are behind a router with build in NAT/SPI firewall)

Vista64 box
- Comodo FW/D+ reduced https://www.wilderssecurity.com/showthread.php?t=207773
- Primary Response Safe Connect -
- AVG 8 free with linkscanner BHO's disabled in IE (icon displays normal, but slowdown of retrieveing central rating data base disabled)

XP box
- Comodo FW/D+ reduced https://www.wilderssecurity.com/showthread.php?t=207773
- Windows XP FireWall
- DefenseWall 2.4 (with some additional resource protection)
- ThreatFire with some custom rules (for outbound + user hive of registry)


Note XP Box
I have made an image backup and check how much security I will lose by bringing most of D+ goodies to TF and DW. I will be destructively surfing downloading crab and trying virusses from the honepot in the next weeks. Keep you posted.


Note the CFP/DW/TF was a real winner in terms of security. Good thing about Comodo is that noobs understands the 'safe' program concept. There are however a few pop-ups which lead to confusion (e.g. the ones where a safe program invokes something new).

DW + TF alone will reduce those pop-ups, but I will be losing some rights elevation control with (pseudo) COM defense of D+ (note when you are on vista32 running LUA this is not an issue, only on XP running admin). So let's see how it goes. This change is only to reduce the user-error risk (the other people using this PC)

 

My setup:

WinXP sp3
router with SPI firewall on
windows firewall
Nod 32 v.3
SSM free
weekly scan with Kaspersky online scaner

 

New.

-Fortknox Firewall
-Returnil
-Threatfire.

 

After many weeks of running different combos i seem to have settled on simplicity with Kerio 2.15 OR Comodo D+ for firewall protection. Followed always by EQS 4.0 Beta and SandboxIE/Returnil. Sometimes both.

EQS seems the more widely effective interceptor not taking away anything from Comodo, but Alcyon's RuleSets for EQS is been a huge boost in filling in gaps with absolutely excellent results, plus it's Lite as a feather. I still like and use TinyWatcher also.

On-Demands are RKU + NOD32 for keeping inventory of the disruptor collections and while running them in research.

For the time being i've moved away from Limited User although that approach is really effective and tight.

EASTER

 

My whole setup

Buffalo WHR-HP-G54 with Tomato 1.19
--
GhostWall 1.150
DefenseWall 2.40
--
Sandboxie 3.26
Shadow Defender 1.1.0.254
--
RoboForm Pro 6.9.88
MailWasher Pro 6.1
--
Ace Utilities 4.1
FreeCommander 2008.06 Beta
--
Opera 9.50.9981
PDF-XChange Viewer 2.0 Build 37.2
--
MPlayer for Windows 2008-05-13 Build #16
--
Notepad++ 4.9.2
PeaZip 2.0
--
AutoRuns 9.21
TCPView 2.53
--
Process Explorer 11.13
Process Monitor 1.33

 

Online-Armor
EQS 3.41 (file/registry only)
AntiVir 8
Mamutu
SAS Pro

SandboxIE 3.26 (browser only)
Returnil

MJ Registry Watcher
MBAM (on demand)

Backup

FD-ISR
DriveImageXML
Karen's Replicator

 

My security setup now, router with hardware firewall, bitdefender is 2008, sandboxie, returnil, spyware blaster and spyware guard, i tink i'm going to temporarily unninstall bit defender and try avira antivir premium and comodo firewall pro with d+, what do you think about it? is it worth to try this? And I can still add Spysweeper to this configuration.

 

XP Firewall + TF + DW are no fun, with my set of malware and POC's I could not break anything (apart from a few leaktests, but hey they are getting silly anyway). I have prepared a second image with the following
- Sunbelt Personal FireWall
- DefenseWall
- Mamutu

Hope I ahave more luck breaking this combo

 

Back to the tried and true.

 

For the next 10 minutes anyway.

 

Im running naked :

added
changed
removed


XP setup 1

Resident:

ThreatFire
Windows Firewall

Other Security / System Hardening:

nLite'd Windows XP SP3 (with service tweaking based on TweakHound's guide)
Seconfig XP
xp-AntiSpy
Process Explorer
Firefox extensions: AdBlock Plus, and Permit Cookies

 

true. I reimaged today and started with a clean image and Returnil. Leaving it at that.

 

Joining the nudist colony...

ACTIVE
Comodo w/ Defense +
SandboxIE (Registered)
Roboform

DEMAND
ShadowProtect Desktop
GMER
Dr. Web Cure-It

 

Just giving a chance to Antivir, Comodo w/defense + and winpatrol

 

updated:

* Hardware Firewall
* Kaspersky AntiVirus 2009
* A-Squared AM (on-demand)
* SAS (on demand)
* Spybot S&D (on-demand & immunization)
* SpywareBlaster (in-advance immunization)
* XP Pro & Vista built-in firewall on both desktop & laptop computers.

 

NAT router with SPI enabled
avira personal
jetico v1
mj registry watcher
spywareblaster
opera 9.5

 

ComodoFP 3.0.22.349 (D+ Paranoid Mode)
Comodo Memory FW 2.0.4.20
Kaspersky IS 2009 (heavily crippled)
AdMuncher 4.72
WOT
East-Tec Eraser 2008
WinHex 14.9
RoboForm PRO 6.9.87
Regshot 1.8.2
TamoSoft SmartWHOIS 4.3
TamoSoft CommView 6.0

 

Family PC (XP-MCE/SP2)
FSIS 2008
My PC (XP-PRO/SP3)
AntiVir (on-demand)
Returnil (always on)
SAS (on-demand)
ThreatFire (advanced rules)
Virtual-PC (XP-Home/SP3)
Both are using
HijackThis
D-Link router
IE7-PRO
various on-line scanners

changed or added...

 

After many months of testing and reading, ive finally settled on this:

Windows XP SP3 (nlited)

Resident
Avira Antivir Premium (Heuristics: High)
Pc Tools Firewall Plus (imported custom ruleset)
EQSecure 3.41 (Alcyon’s Ruleset)
SandboxIE (Paid)

Backup
FD-ISR (Uncrippled version replaces system restore)
ShadowProtect

On-Demand
Dr Web CureIt
Superantispyware
Gmer

Hardening
IE7 Pro
MVPS Hosts File
SpywareBlaster

Other
CCleaner
TrueCrypt
PeerGuardian (Only run during p2p)

The only change that I am likely to make to this setup is to replace Avira Premium when my licence expires with KAV 8 or Avira Free.

Windows Vista SP1 (Windows Defender. UAC disabled)

Resident
KIS 8 (waiting for KIS 2009 bugs to be resolved)

On-Demand
Superantispyware
Dr Web CureIt

Hardening
SpywareBlaster

Backup
ShadowProtect (Stored on external drive)

Other
CCleaner
AdMuncher

Both setups are stable, run lightning fast and are extremely light. IMHO, the XP setup is bulletproof, while Vista machine is very well protected for the tasks carried out on it.

 

Avast Antivirus
Windows Firewall
Opera
Limited user account
Common sense

X.