What is your security setup these days?

Think again: https://www.wilderssecurity.com/showpost.php?p=1757933&postcount=247

Sully's credit

Mine (Chromium) does run with Low IL, always. Does yours?

 

Good Evening ! REAL-TIME-Vipre Premium...Prevx 3.0 & Safe-On-Line...ON DEMAND-S.A.S.Pro...Primary Browsers...Chrome By Google...Opera 10.6...I.E.8...O/S..Windows 7. Sincerely...Securon

 

Win 7 64 bit?

 

Currently trying out Norton Internet Security 2011 since it has 90 days

 

Oh well NIS 2011 didn't turn out to be good on my system.. Took longer boot-up time and sometimes sluggish..

Back to Avast! IS 5.0.677

 

A slightly modified Kees1958's setup.

Safe-Admin recap (manually set)
a) Windows FW 2-way inbound/outbound only application level

b) OS Hardening (mainly through UAC)
- set UAC to quiet (silently auto elevate without prompt )
- disabled intelligent installer detection
- allow only to elevate from safe locations (Windows & Program Files)
- allow only signed programs to run elevated
- disable auto run of USB
- registry editing disabled
- cmd disabled

c) Threatgate hardening
- Threatgates isolated by GeSWall.
- Applied EMET-2.
- Assign RunAsInvoker trick to virtualise ThreatGates with Windows internal mechanism.
- Set Download and Mail directory to deny execute through ACL.


d) GeSWall'd Internet Explorer 8 w/ Prevx SafeOnline (medium-high settings for privacy and security)

e) Software Restriction Policy - Disallowed by default

SanityCheck for on-demand scan ^^

 

time for a change

 

for me it is same Peg2 and winpatrol plus
finally my computer is fast and stable again

 

Okay, okay, I could control myself, bút Comodo gave a lot of trouble using a game.
So I decided to buy SpyShelter for my x64 pc and use SpyShelter free on my netbook.
And removed Comodo. Using Windows Firewall again.

 

I've been testing this in a virtual machine, and, well... I can only make it work for installers not containing the manifest file. If they do have it, UAC will prompt you.

So, I don't truly see the point in this setting. Most of installers, I came across, have the manifest file. For example, 7-zip installer doesn't have it, so in this case UAC won't prompt you if you try to install it. But, had it one, it would prompt you.

 

Almost identical setup to mine.

 

no av at all in dsktop

i practice safe surfing and hardly get any viruses .. after installing my av , my PC feels light

unfortunately , have to go with some av .. thinking about light av such as eset

laptop will always have norton

 

@Konata

It is not advised to set UAC to quiet. I am just doing it for test purposes (I can go back with CTM or in worst case with Paragon restore an image).

@Moonblood

Yes that is quite a flaw in Chrome. I have the same results with Iron and Chrome for Google pack. We (Sul & I) entered a bug report for Chrome, no one has responded yet. Shows Safe-admin is really nessecary

How come yours run all with IL? Did you apply Low Integrity on Chrome?

My setup for the time being (chrome tabs running with medium rights in some occasion)

Safe-Admin

Treatgates
Iron - EMET2 + GeSWall Pro
Outlook - EMET2 + virtualisation through RunAsInvoker + SRP Basic User +1806 trick
Winmail - same as outlook
WMP - same as outlook

I do not virtualise Iron anymore, seems that downloaded programs with Iron, also run virtualised even when installed as Admin

 

Windows 7 Home Premium x64:

Real-Time

• Norton Internet Security 2011 (Paid)
• Emsisoft Mamutu 3.0.0.16 (Paid)
• Malwarebytes Anti-Malware 1.46 (Paid)

On-Demand

• Emsisoft Emergency Kit 1.0.0.19
• VMware Player 3.1.2 (W7 HP X64)

Windows Hardening

• Admin Account with Safe-Admin Tweaks
• Data Execution Prevention
• Structured Exception Handling Overwrite Protection
• Address Space Layout Randomization
• Enhanced Mitigation Experience Toolkit 2.0
• Drive-by Protection via 1806 Trick

Browser and Network

• Mozilla Firefox 3.6.10 (Adblock, Norton IPS, NoScript)
• Internet Explorer 8 (Norton IPS + Hardening)
• Norton DNS (Block Malicious Websites)

* Using NIS with Heuristics/Sonar/Boot Time in aggressive mode, Mamutu on Paranoid mode, EMET configured for maximum security, UAC OFF.
* Tablet PC, Gadgets, Remote Registry, Remote Assistance, Remote Desktop and CD/DVD/USB Autorun are disabled.

 

@Kees1958

no tutorial for icacls?

 

Yes, I have applied an explicit Low IL to Chromium. If you check the SAFE-Admin thread, you'll notice that I mentioned I can run Chromium (explicit Low IL) via a batch file, otherwise starting Chromium via shortcut or chrome.exe will fail to run.

I could do the same for Opera... But, I messed it so much lol ... no longer works, at all.

Edit: Chromium makes it a lot easier to work with Low IL, due to the fact you can set profile folder to one specific location, unlike Opera.

 

Open command line and type icacls /?

I don't think you need more than that.

 

Out: Comodo Firewall, EAM, Threatfire.
In: NIS 2011 90 days trial, Norton DNS.

NIS2011 installed fast, uses less then 30k memory on my system, fast updates and when i did a fast malware links testing it detected most of it. But i been using it for 30 min only, maybe i will keep it And i must say congrats to Norton, i always told people to NOT install Norton on their system because it sucks and is more an resource hog then anything useful but this time Norton seems to have made it right.

Btw how is the fp's with NIS 2011, someone just told me it has alot of FP?

Edit: + On demand: "ESET SysInspector (Freeware)" to detect malicious-unknown processes / system changes.

 

Wait until Safe-Admin comes out, it is complex see https://www.wilderssecurity.com/showpost.php?p=1748703&postcount=231

 

I know but I was like tl;dr on it
I guess I'll wait for Safe-Admin ^^

I've reached my limit... you guys are genius!!

 

AVG AV Free 2011
360 Safeguard
Google Chrome (Adthwart+WOT)

 

Hey CiX, what's exactly the difference between 360 Safeguard and 360 Antivirus (this might be a stupid question, but the 360.cn webpage doesn't help at all with it's chinese-only version nor does google translator)...

 

360 AV: Cloud+BD engine AV, (recently bundled with safeguard cloud HIPS and webshield)

360 Safeguard:　Light cloud HIPS with heuristic engine(optional), webshield (adblock, download guard, browser fixer), IE add-on cleaner, Anti-malware component, windows vulnerability scanner, Junk file cleaner, Software manager (Startup manager, Uninstaller, Process manager..and more)

 

Turned on Windows Defender.