What is your security setup these days?

OA does everything PG does plus more, that is a more likely conflict. I have run OA free with no problems with DW in the past

 

I finally decided to join this very GREAT forum about computer security.

Please, advice me if I should change anything or add anything to this security setup. Thanks.

Running Windows Vista SP1 w/ UAC

Browser: Opera (cookies, javascript, etc disabled by default), running sandboxed.

Outpost Firewall Pro 2009
Eset NOD32 v4.0 Beta
Spybot Search & Destroy
LinkScanner Pro
Trend Micro RUBotted
Customized HOSTS file (blocking more than 600.000 entires)
PeerGuardian 2 RC1 (using Bluetack block lists and lists from sudosecure, dshield, emerging threats and Donna, converted by me to support PG)

Malwarebytes and SUPERAntispyware as on-demand tools.

 

maybe,it was fine before but after like 1/2 hour when trouble started

 

Still the same

It is still the same!

Home PC E5200@3,06 2GB Ram, XP Pro

General security measures
A) Image backup (Paragon)/Data backaup (Synchback free) + external (off line harddisk)
B) Router properly configured, https://www.wilderssecurity.com/showpost.php?p=1370231&postcount=14
C) Limited user with SRP (no execute on Recycler, temporary and P2P directories)

Extra security Software
D) Malware defender beta 2 running internet facing in contained environment with deny all + allow write of few selected registry keys/folder(s) and deny on low level /direct access to registry, keyboard, shutdown, system time + outbound control
E) Avast free with write only check of standard shield plus incoming data streams (webmail, webshield, P2P shield, network shield)

Browsing
- normal IE7, dodgy IRON portable

 

Realtime:
Avira AntiVir Personal Free
Online Armor Premium v3.1 (Beta)
DefenseWall v2.46

On-demand:
SAS, MBAM, A-squared, ShadowDefender.

 

Agreed. I have had no issues running OA with DW.

 

thanks it maybe processguard conflict with online armor

 

Just a couple of minor changes. Behind a Netgear Router with all systems backed up to external drive using Drive Snapshot (and Drive Snap Frontend).

vLited Vista SP1 Laptop (UAC and Windows Defender Disabled)

Norton Antivirus 2009
Outpost Firewall Pro 2009
SandboxIE 3.34 (Paid)
Firefox 3.0.5 (AdblockPlus, NoScript, SpywareBlaster installed)

vLited Vista SP1 Desktop (Windows Defender Disabled)

KIS 2009
IE7 (IE7Pro, SpywareBlaster installed)

nLited XP SP3 Desktop

Avira Premium 8.2
LooknStop 2.06p3
Defensewall 2.45
FD-ISR 3.31.233
Firefox 3.0.5 (AdblockPlus, NoScript, SpywareBlaster installed)

No conflicts, no bloat/overlap, very light and bulletproof protection IMO regarding each systems use and users. Currently trialing a2 Free as an on-demand scanner but i doubt ill ever run it.

 

You could do without LSP and SSD

 

Thanks for the feedback.

I only use Spybot for it's preventive measures (entries in the HOSTS file). Since, not using TeaTimer, won't make it waste any resource, then why not. I guess it won't hurt.

I'm a long user of LinkScanner Pro, and I started to use it before most of the security I have now, and still have a license for it. It has prevented me from being redirected to bad domains a few times, when other rating utilities reported a green status for those domains, which base their ratings in a database, while LinkScanner Pro will check a domain in real time.

I still don't know if I will keep it or not, after the license ends, though.

I'm aware that if I exclude LinkScanner Pro, that my security setup won't become weak, but since nothing prevents 100%, wouldn't you agree it could become one extra layer of security?

Regards

 

I am in need of some help. Currently I have this setup:

Real Time:
WinPatrol
Online Armor

On Demand:
MBAM
SuperAntiSpyware

I seem to be infected pretty often by browser hijackers. I will be browsing the web when all of a sudden FireFox will freeze up for a few minutes and next thing I know I am infected.

I don't believe the websites are malicious but still something is getting through. I just installed SandBoxie to combat this problem.

Does anyone have any other recommendations?


I

 

My view, not agreed with by many, is that before advice can sensibly be given you need to say more about what you do on your pc, what risks you take, how often or not you are contaminated and so on.

with a Vista SP1 system running Opera a large number of users would need no more security. I am quite happy to operate behind a hardware firewall and Firefox - I do run occasional on demand checks but have not found anything dangerous in 12 years on line. Note I said "I". Other users seem to have a talent for attracting trouble and managed to get infected even when ( possibly because) they are running copious amounts of security.

Taking the liberty of assuming that you are a "normal" user I would think that UAC, Opera and sandoxie if you must, would be more than enough. The laws of diminishing marginal returns apply even to layered security.

 

Basic strategies staying out of dangerous area's
- linkscanner lite or any other URL rating browser add-on

Reducing attack surface
- Run as limited user with UAC ON, use Norton's UAC tool to reduce elevation requests
- Run IE with least required rights, or any other browser having this option or forced running LUA (StripMyrights and Google Chrome or Iron Portable with thier build-in sandboxes which reduce 70% of browser vulnability)

Control attack vectors/reduce effects of intrusion
- Windows Firewall, use VistaFw control for easy outbound
- Windows defender, join community = realtime Intrusion Detection with a AS blacklist, you can use Spyware Terminator with its Shields as an easy replacement (Windows Defender requires less CPU cycles though)
- Install al freeware AV like AVIRA free or AVG or Avast, with AVG and AVAST you won't need Spyware TErminator, Avira free has best detection rate

Easy alternatives:
- PC Tools FW is a pretty good free HIPS/FW for it's user friendliness

 

Yes, I totally agree. One should always give a little background about how uses the system.

First, I must say that I'm not the only person making use of this system.

I'm not a "dangerous" user, as in, I don't visit those sites/forums of pirated software, porn sites, etc. Most of the use I give to the Internet is for research. Not only on already known specific sites by me, but also searches done in google, yahoo, etc. So, I don't know if a certain site I will visit is safe or not. It may be so, it may be not... There's always room for uncertainty.

I follow one basic rule - Consider nothing safe, not even what is safe, because it may not be it so, at one point.

Most of the security measures I use were implemented to prevent infections, by denying access to domains spreading malware based attack, phishing, etc. Hence the use of a customizable HOSTS file and the use of their respective IPs, among other known bad IPs. Let's imagine that today came out a new bad domain that goes by baddomain1.com, I will also be blocking it's respective IP because, a few seconds later, that domain may not exist anymore and be something like bad_domain_again.com, but still have the same IP. So, I'll still be blocking it. My blocking lists are maintained on a daily basis, so that it is always up to date.

I also use LinkScanner Pro, for one reason - it protects Opera, by working in the background, and it does it's job, if it needs to get in action. I've seen it a few times, when I got redirected from, apparentely safe domains, to malware based attack domains. It prevented me from being redirected. I also like the fact that it bases it's protection by verifying a link in real-time, unlike other services such as SiteAdvisor, myWOT, etc. If a domain is rated green by those, the same won't mean they are clean. The rating could come from a database 2 days old, 1 week old, etc.

I'm aware that Opera already provides a great deal of protection, by also, from a sort of recent moment, partnered with HauteSecure (which also works with PhishTank, Spamhaus and Google). Using it with Sandboxie and only allowing it to be the only executable to be able to run, it will provide a great deal of protection against unauthorized processes (for example, malware). But, as everything else, won't provide a 100% effective shield.

So, there could be a situation that neither Opera and Sandboxie could stop malware domains based attacks from doing it's thing.
That's why I make use of such customizable HOSTS, IP block lists and LinkScanner Pro. If the HOSTS file fails to deny access to a bad domain, because no longer exists, I still have the IP from the IP block lists. If the IP is no longer the same, then LinkScanner Pro may stop it, or even NOD32 (almost forgot about the AV). If all these measures fail, then Outpost HIPS, will, and I hope, alert me for some sort of action.

Of course, then, there are other tools, such as MM or SAS and Hijackthis/HijackFree/other alike tools.

 

If your satisfied with your setup you really dont need an outside confirmation.

 

i went back to my original and stable set up:
Mamutu 1.7 and DefenseWall Hips 2.46(skinless)
need some outbound protection but i guez i have to wait for defensewall to incorporate the outbound protection
notenline armor conflicts with Processguard

 

It is unfortunately that you can't make OA work out.

If what you look for is outbound control, perhaps you could try Outpost Firewall FREE. The latest version is from 2002, but I guess it will get the job done. (http://www.agnitum.com/products/outpostfree/index.php - I hope it is ok to place links.)

Otherwise, if you got Windows Vista, you could use or the advanced firewall (start menu - search field, write wf.msc) and then block the apps wish not to communicate with the outside. That would be a way. You could perhaps, also add the Sphinx addon?

Regards

 

this machine is xp2 and about outpost it makes me alitle slow and also zone alarm free too makes me slow for browsing,i guez i have to be patient thanks for advising

 

i have an idea,i will give Dynamic Security Agent a try mean while DefenseWall get the outbound protection
so :
Mamutu 1.7
DefenseWall 2.46
Dynamic Security Agent 2.0

what do guys think about this set up?

 

i am very fast again with my defensewall and mamutu combo

 

Jmonge - why you tried PG when u had OA?

 

pg was part of my set up with defensewall,i am using mamutu i got 1 year license for free so i tried and love it so far now defensewall and mamutu are my current set up,that's why ,i was trying online armor cause i think i need outbound protection thanks for replying

 

I see, but now when you dont using PG, you shouldn't get any errors when u start using OA Firewall i think.

 

the thing is that it for some reason it slow me down and also the start up pc is very slow

 

Yes i noticed also slow down until windows loading, but it takes max 20sec in my case and i accustom to this.