What is your security setup these days?

Thanks!

 

Hi pabrate, these are the settings Kees suggested for quieting down Prevx:

Scanning and Detection (configuration)
Basic Configuration
Deselect "Enable Realtime Master Boot Record Scanning"

Realtime Infection Monitoring
Set Heuristics AFTER Age/Population (third radio button)

Set Heuristics to Max (or High)
Set Program Age Heuristics to Max
Keep Program Polularity Heuristics on Medium (or Low)

 

@justenough , tnx !

 

Shhh. . . Don't tell them my little secret

 

what is in my signiture will be my permanet set up
note:waiting for PEG anti-kelogging protection

 

You are welcome pabrate. But you should also be aware of something Triple Helix said:

"The facebook version of Prevx will protect your online activities and keep your credentials safe during shopping and banking online even if you are infected! But I would leave the program at it's defaults as it will remove Adware & the MBR Rootkit if detected there would not be any extra CPU load!"

I'm still not clear as to who's right or even if they are talking about the same thing. But I'm looking at Event IDs, ProcMon, and I/O Reads and Writes in Task Manager as I change settings to see if I can figure it out.

 

Lets see how long you will last

 

I had to remove Prevx, it just doesn't do well on my computer. Also removed Chrome.

I reinstalled NOD32.

 

On my play PC:vista x32 business

- Safe Admin
- Windows FW 2way

- IE9 beta (normal, locked with GPO)
- Chrome 8 dev (sandboxed with GeSWall Pro, all other aps not guarded)

Using GeSWall to see what malware domains try to do, assessing whether normal running IE9 (only downloads deny execute and 1806 zone block) stands up against it (and off course trying it out). When someone wants to PM me a PoC or links to exploits databases please, do so.

So far safe-admin prooves to be sufficient against life malware.

Note: In case you are wondering why I am not talking about DefenseWall anymore, reason is simple: my mother of 77 uses my lisence (tells you something how easy this software is to use )

 

new protection:

Prevx 3.0 with safe online
Hitamn Pro
Look n Stop Firewall
Spybot Search & Destroy
Spyware Blaster
Shadow Defender
Sandboxie

If it works good for the next days I will change my signature

 

I rebuild my setup from a clean OS install. Took 5hrs of my life.

Windows 7 Professional 32-Bit

OS Internals (no extra overhead or cost)

• Safe Admin Tweaks [MANUAL] (UAC Hardened, Autorun and Autoplay disabled.)
• Software Restriction Policy (Disallowed: Set as default)
• Windows FW setup 2-way [IN/OUTBOUND: Block] (Improved via Baseline Security Templates)

Realtime protection

• Comodo Time Machine BETA FREE (Password Authentication to start Windows and CTM GUI settings)
• GesWall FREE

Tool:

1. ProcessExplorer (replaced task manager)
2. Microsoft Security Compliance Manager 1.0 (for downloading Baseline Security Templates)
3. MS LocalGPO (for applying Baseline Security templates) :
   Baseline Security Template: (IE8SSLFUser -> IE8SSLFComputer -> Win7SSLFUser -> Win7SSLFDesktop : Allowed Legacy Apps to run)
4. EMET 2 (Maximum Security Setting)
5. CCleaner

Setup:

1. Opera (Browser) (Allow Javascript for whitelisted sites only | Isolated by GesWall + Virtualized by OS + Low Integrity + built-in adblocker thru adblock.ini file (adblock list provided at http://fanboy.co.nz))
   
   
2. Media Players (Isolated by GesWall + Virtualized by OS + Low Integrity + EMET2)
   
3. All Download directories is in low rights and have a deny ACL to prevent low rights processes executing in low rights container
   (downloaded low rights processes can't execute in medium / high rights directories)
   
4. Locked down IE8 through Group Policy and FW for on-line banking + EMET2
5. ClearCloud DNS

The Layered Security Setup! This is still incomplete. I'm thinking of adding some HIPS or Prevx SOL.
Any Comments? Suggestions?

 

haha why did you reinstall windows? dont you like how long the windows updates takes takes longer then the installation of windows itself lol

 

Comments: I am impressed: MSCM you passed with flying colours, I am sorry my friend, your ultimate setup quest is done, save it to an image and try to find a different setup, this one won't break, it touches the magical 100% horizon.

So from now on: Konata Izumi San, why not open a thread and spread the benefits of using combined knowledge of Microsoft Security Experts for private use (especially how you merged templates and apply them through localGPO)

 

aww I'm too lazy to create a thread.
all I did was create a GPO backup for each template from MSCM and use LocalGPO Command-line to apply the templates one by one.

Actually I've encountered a problem. The security tab for the folder properties are missing after applying the template.

I still need to put deny ACL for my Downloads Directory

EDIT: I redo my setup yet again. Now I applied deny ACL before applying security templates. Now everything works the way I want it.
I also found an option in MSCM to merge templates.

the are still some problems:
1. compatibility between spyshelter and geswall.
2. After applying baseline security, for some reason EMET doesnt seem to work well, many services are now running without DEP etc.

 

So, finally, I've installed Windows 7 Ultimate and I've changed my setup a bit .

Real-Time

• Avast! 5 (File, Behaviour and Network Shields)

• Prevx SafeOnline (Facebook Edition)

On-Demand

• Hitman Pro (Daily scan)

• MBAM (To check some downloads)

Windows 7

• UAC (Max)

• EMET 2 (Max)

• Windows Firewall (2way)

Misc

• ClearCloud DNS

• Secunia PSI

• Macrium Reflect Free

 

7 X64:

Real-Time Protection
Norton Internet Security 2011

Behavior Blocker
Emsisoft Mamutu 3.0.0.18

Web Protection
IE8 Hardenned - ClearCloud DNS

Windows Hardenning
DEP - SEHOP - EMET - Safe-Admim

On-Demand Scanning
Hitman Pro 3.5.7 - Emsisoft Emergency Kit

 

Good Afternoon ! Real-Time...Avast 5-Complimentary Edition-Prevx 3.0 with Safe-On-Line...On Demand S.A.S.PRO...Firewall...P.C.Tools 7...Beta...Browser...Firefox 3.6...Google Chrome...O/S...Windows 7. Sincerely...Securon

 

Security setup these days :


main desktop W7 x 32 :
Eset Smart Security
Win Patrol
Prevx safeOnline


family laptop W7 x 64 :
Bit Defender IS 2011
Win Patrol
Prevx safeOnline


Daughter1 desktop W7 x64 :
Bitdefender IS 2011
Win Patrol


Netbook daughter 1 W7 starter x 32
Eset Nod32 4
Win Patrol
W7 firewall


daughter 2 laptop W7 x 32 :
Bitdefender IS 2011
Win Patrol


Netbook daughter2 W7 starter x 32
Dr.Web 6
Win Patrol
W7 firewall


old laptop (only for downloads) xp x 32 :
Dr.Web 6 pro
Win Patrol
Prevx safeOnline


Very old desktop xp x 32 » :
Eset Nod32 4
Win Patrol
xp firewall



All computers fully patched
Web : firefox
Wi fi - linksys - cable 30 meg

 

It looks like BitDefender is working out well for you.

 

Can any1 suggest a freeware alternative to sandboxie ?
i have avira free and comodo fw ..should i add something to my setup ?

 

Yes, it's true, not so expensive for 3 computers, not too heavy nor intrusive and powerfull. A good product for the daughters.

 

Windows 7 Professional 32-Bit

OS Internals (no extra overhead or cost)

• Safe Admin Tweaks [MANUAL] (UAC Hardened, Autorun and Autoplay disabled.)
• Software Restriction Policy (Disallowed: Set as default)
• Windows FW setup 2-way [IN/OUTBOUND: Block] (Improved via Baseline Security Templates)

Realtime protection

• Comodo Time Machine BETA FREE (Password Authentication to start Windows and CTM GUI settings)
• Spyshelter FREE (Password Protected / Auto-block suspicious / Allow Microsoft Certified)

Tool:

1. ProcessExplorer (replaced task manager)
2. Microsoft Security Compliance Manager 1.0 (for downloading Baseline Security Templates)
3. MS LocalGPO (for applying Baseline Security templates) :
   Baseline Security Template: (IE8SSLFUser -> IE8SSLFComputer -> Win7SSLFUser -> Win7SSLFDesktop : Allowed Legacy Apps to run)
4. EMET 2 (Maximum Security Setting)
5. CCleaner
6. On-demand AV will be added if I feel the need for it.

Setup:

1. Chromium 8 (Browser) (click to play plugins | --safe-plugins | Virtualized by OS | Low Integrity | built-in adblocker thru adblock.ini file (adblock list provided at http://fanboy.co.nz))
   
2. Media Players (Virtualized by OS + Low Integrity + EMET2)
   
3. All Download directories is in low rights and have a deny ACL to prevent low rights processes executing in low rights container
   (downloaded low rights processes can't execute in medium / high rights directories)
   
4. Locked down IE8 through Group Policy and FW for on-line banking + EMET2
5. ClearCloud DNS

Removed GesWall and Opera because they're too heavy for my PC and my cousins are addicted to Chrome/Chromium/Iron's light-ness.

I still want to add a complementing software for the loss of GesWall.

 

konata izumi:

how did you fix the problem?

 

I don't know... for some reason they're working fine today.

I installed GesWall first.
then reboot.
Installed Spyshelter. Don't reboot yet. Add exception for GesWall folder in Spyshelter settings.
Then Reboot.

 

I usually just use Firefox sanboxed using Sanboxie.
Since I've heard about how SBIE is weak to keylogger and GesWall is stronger in that area, I decide to try GesWall. Plus, I am using SBIE free and it keeps showing the nag to buy.

However, I tried running Firefox isolated with GesWall (I turn off my SBIE), and it always starts as not responding and I have to kill the process via task manager. Guess it is a sign that I have to stick with SBIE?

I'm running right now:
Windows XP Pro x86 (Windows Firewall off)
Sanboxed (SBIE) Firefox 3.6.11 (with NoScript and ABP and BetterPrivacy)
ESET Smart Security 4.2.40.0
Prevx Free 3.0.5.209
WinPatrol Free
ThreatFire Free

For my notebook sometimes I feel like I want to stop being paranoid and dump all these security applications and just stick with Windows 7 Pro x86 + Avira AntiVir PE + Windows Defender + Windows Firewall + UAC On + Firefox with ABP only. Is it sufficient? My notebook is kind of low on resources and I'm not going to browse or download anything weird anyway.