What is your security setup these days?

look at this one
SpyShelter 5.20 beta 2 i recomend this one is very stable and rock solid

 

LOL J trying SpyShelter again huh. Never tried it and won't until they have a trial x64 version.

 

but spyshelter 64bit do have 14 days trial period
at least when I first try em, it does have one

 

My new lean and mean laptop setup

Windows 7 home x32 bits
- Windows FW 2-way (1)
- UAC set to auto elevate (2), using Spyshelter instead
- UAC set to only allow signed programs to elevate (3)
- Internetzone set to deny downloaded executables to run (3)
- EMET2 internet facing software (4)

Using only Microsoft Office Professional and signed utilities (for backup and registry cleaning)

Spyshelter free set to auto allow Microsoft signed only

Set all Microsoft Internet nonsense stuff (messenger, windows live etcetera) to deny execute through icacls, (3)

Using Chrome with forced LOW rights only (5) with McFee siteAdvisor (and Sunbelt GFI clear cloud through wireless DNS)

HitmanPro on demand


Wonderfull Wilders Forum where I learned about security, credits go to:
1) Stem
2) Sully
3) Kees1958
4) AKO
5) Moonblood

Regards Newby

 

1chaoticadult i tell you it has a trial version for 64 bit version and it works very good can have all application that can carry viruses can be run restricted i really like the restricted mode alot

 

Windows 7 Professional 32-bit (Modem-Router NAT: enabled)

separate partitions for:

• SYSTEM
• PROGRAMS
• DATA

Setup:

1. Disabled Windows System Restore and Windows Defender
2. User Account Control set to Highest
3. Microsoft Security Compliance Manager (MSCM) for downloading Baseline Security Templates from Microsoft that will harden Group Policy settings.
4. LocalGPO (included in MSCM) this tool is used to apply Security Templates.
   
   • Templates used: Merged copy of Win7SSLFComputer, Win7SSLFUser and IE8SSLFComputer, IE8SSLFUser
     • Do not allow legacy apps to run
   • Modified GPO thru 'gpedit.msc' also added some Safe-Admin tweaks
     • allowed Administrators to debug programs (Compatibility for EMET. see below)
     • 1806 trick
5. Enhanced Mitigation Experience Toolkit (EMET) to apply the ff. and more:
   • Data Execution Prevention (DEP): Opt-out
   • Structured Exception Handling Overwrite Protection (SEHOP): Opt-out
   • Address Space Layout Randomization (ASLR): Opt-in
6. Returnil for system virtualization (antivirus disabled / trust programs from real disk only)
7. Peerblock
8. Outpost Security Suite FREE ( Firewall:Block Most / Antimalware:Scan on execution / Anti-leak:Low )
9. ClearCloud DNS
10. Hitman Pro (for fast scans)

Google Chrome --safe-plugins -incognito (Regular Browsing)

• Clearcloud DNS
• 1806 Trick

JanusVM + Opera Browser (Anonymous Browsing)
plugins only on-demand.
disk cache off
never check cached documents and images
Turbo Mode: ON
Disabled Geolocation and mouse gestures.
Fanboy's Adblock list for Opera


I need a FREE antikeylogger and I'm done.

For Windows 7 Only here's a tutorial how to apply Microsoft Baseline Security template (tools included)
http://www.mediafire.com/?a6oqyg7tvtyikva

 

Windows 7 x32 Ultimate
- Windows FW 2way
- GPO hardening (e.g autorun, some autostart locations)
- UAC set to elevate SILENTLY, elevate only SIGNED executables, no installer detection
- Everyone set to deny execute Download directory, public user, data drives, except an installer directory (X:\Install_here) through right click security tab
- SRP set to deny execute USB drives and intranet zone
- virtualising file + registry (Software hive) for Chromium, WMP, Mail (IE9 is all virtualised by default) through RUNASINVOKER trick

EMET2
- IE9, CHrome, WMP, Mail, Adobe progs

GeSWall Pro
- running IE9, WMP, Mail, Adobe, Chrome guarded (high)
- network as confidential (IE9, WMP, Chrome and Mail allowed)
- X:\Install_here as confidential (guarded aps not allowed to write to)
- Chrome set to redirect most (sort of SBIE application virtualisation), except bookmarks and download directory
(this way I can use UAC with GeSWall, and make a file trusted by moving it from C:\User\Kees\downloads to X:\Install_here)

Hitman Pro on demand

 

KeyScrambler Personal

 

Microsoft Security Essentials for realtime AV.

Comodo Internet Security 2011 Pro for Hips, sandboxing, and firewall. AV turned off.

I use Comodo to sandbox pretty much anything that uses the internet such as java.

MVPS host file on my DDWRT router with firewall. Spybot S&D portable on my USB to update my local host file on my PC.

Chrome + security features.

 

Outpost and Returnil already have you covered. It won't survive after a reboot, and while in Virtual Mode Outpost will monitor its behaviours and connections. You don't need one.

 

exactly with a firewall outbound protection will cover you for any suspicious outbound activities in real time so dont worry and plus returnil will erase any tracks that only keylogger but all kind of malware may be deleted after a reboot you are good to go

 

now for me i have Spyshelter beta 2 i think i will run a firewall for out bound protection maybe Private Firewall or even Prevx 4 FireWall

 

Currently using CIS v5, sandboxie and mamutu.
Everything seems to be getting along....at the moment.
Mamutu is very light and it doesn't conflict w/ D+.

 

PM me I have a keyscrambler Premium key if you want it!

New Macbook (warranty covered it). Now using firefox with same addons as before and Sophos for AV. Any mac security tools for any recommends? or ABE scripts for NoScript?

 

My sig...

 

DefenseWall Personal Firewall v3.12
Look'n'Stop 2.07 (Phantom ruleset)
BitDefender Free Edition 2009 (on-demand)
Malwarebytes' Anti-Malware (free)
Macrium Reflect (paid)

 

What's the 1806 trick?

 

it's a registry tweak for your browser to restrict software installation

 

I'd be happy if you could provide a link for me. Would protect against drive-by downloads eh? Would it work with Chrome?

 

See picture of https://www.wilderssecurity.com/showpost.php?p=1869763&postcount=11

Here are the registry files https://www.wilderssecurity.com/showpost.php?p=1603237&postcount=1

Download the *.txt files, open them with notepad, save as ascii file with .reg extention and you are done

Works perfectly with chrome (chrome allows to download, but explorer does not execute these files unless the block is removed = unblock)

 

Wow! I'll take it
PM'd you

 

Is it the guide that i have seen on forum, called "kees guide"?

 

Cheers! Will try this when I get back from work! Is it fool-proof-safe against drive-by downloads?

 

Thanks!

 

The 1806 is a registry key that you set a value for. It is a dword value, with the following results
0 = off
1 = prompt to execute a file that originated from the internet
3 = deny execution of file that originated from internet, but show user it was denied
5 = deny execution of file that originated from internet, and do NOT show user it was denied

On NTFS file systems, a file can have what is called an Alternate Data Stream (ADS). In this case IE and Chrome both create a value in the ADS of the file downloaded which identifies it as originating from the internet. When you have set the 1806 registry key to 1, 3 or 5, windows explorer actually looks for this ADS and will prompt for or deny execution. So it does not prevent downloading, it only creates the identification of where it came from. If you set the 1806 value to 0, the ADS is not created I believe.

Either way, it gives the benefit of allowing you to either be prompted for execution or to deny execution. It may not be foolproof, but it is a nice feature that is ready to go, all you need to do is set the 1806 value.

Sul.