What is your security setup these days?

Switching back to AVG Free. Thoroughly going through Raymond's results on his blog it seems to be the best choice for me when I still wanna use an AV as a backup.

 

Removed Online Armor. After several years of relying on Windows Firewall, I've become used it its silent yet effective inbound protection. A program asking my permission to uninstall an app (as Online Armor did) is a little too chatty for my liking.

Added Sandboxie (free version) to run anything suspect. I very well may buy it as I love lifetime licenses.

 

Actually, there are 6 integrity levels.

Lowest to highest: Untrusted > Low > Medium > High > System > Trusted Installer

And, by design a lower integrity level cannot WriteUp to higher levels. They can still ExecuteUp and ReadUp. To prevent ExecuteUp and ReadUp, you'd need to explicitely add a High integrity level to an object/container and also add the flags NoReadUp and NoExecuteUp (-nr -nx). But, icacls cannot do it. You'd have to use chml. It would be the easiest way.

Just an example, to show what I mean.

Imagine there's a keylogger on your system either running with a low IL or medium IL. You run your web browser as Administrator (an inherited High IL) and enter credentials in some URL (your bank, for example). The keylogger is able to read from the higher IL process (your browser). This is not a bug. It's how ILs were designed.

To change that, you need to explicitely say that you'd want to run the browser (its process) with a High IL and apply the flags -nw -nr -nx (the latter one not really needed for the scenario I'm talking about, but it doesn't hurt to have it there). Now the keylogger running either with Low or Medium IL cannot READ from the browser. Any text entered in the browser won't be READ by the keylogger.

 

It is an excellent software!

It is worth the purchase!

 

Network
DDWRT Router running recommended build
DDWRT firewall turned on
MVPS Host File stored on router for network wide adblocking
Google DNS

Realtime Protection
Mamutu Behavioral Blocker
Beta updates
Allow program if 92% of community members allowed it.
Deny program if 88% of community members allowed it.

Comodo Firewall and Defense+ 5.8 Beta
(Password Protected)

Comodo Firewall: Safe Mode, Alert Settings Low
-- Ports Stealthed
-- Enable IPv6 filtering
-- Protect ARP Cache
-- Block Fragmented IP datagrams
-- No protocol analysis, no monitoring NDIS protocols other than TCP/IP

Comodo Defense+: Safe Mode
-- Autosandbox as Limited
-- Force Java into Restricted Sandbox, clean it out once in a while
-- Force Digsby into Partially Limited sandbox
-- Force Vaio Event Service/ Battery Manager and IE9 into Partially Limited sandboxes

System Hardening -- Windows 7 64bit Ultimate
UAC on Max
EMET: DEP Opt Out, SEHOP Opt Out, ASLR Opt In. All internet facing applications forced to run with EMET.dll and a few others as well.
Downloads folder and all contents forced at Low Integrity
NiNite for updating
Disabled some services
As few programs installed as possible. Only what I need and when I'm done with something it gets uninstalled and I make sure that everything is gone.
Digsby and MiPony's .exe's set to LowIL.

Browser -- Chrome Beta
Block 3rd Party Cookies
Built in malware protection/ download scans
Default PDF reader -- no adobe necessary

Backup Browser -- IE9
Max security settings via IE9's default options

Portable On Demand Scanners/ Tools -- USB Drive
TDSS Killer
JavaRa
RKILL.com
AVZ4
Dr Web Cureit
SuperAntiSpyware Portable
Hitman Pro
Emsisoft Emergency

 

thanks for the info...

is it easy to use chml? are there any tutorials here?

 

Weeew.
Bought my OA Premium license finally.

Permanent build: Emsisoft Anti-Malware V6 and OA Premium Beta 5.0.1.xxxx

 

There are actually more than 6 levels of IL, but they don't really offer much. Indeed, for us, TrustedInstaller, System and Untrusted are not of much use. Untrusted might be usable, depending what you want to accomplish, but TrustedInstaller and System are not what most people want to mess with IMO.

To get the other levels to work, you have to go to MSDN and find thier ID, and use that instead of the "name" Medium etc. It works with icacls and with .inf syntax. I don't know if it works with chml, but I suspect it does.

Sul.

 

opera 11
avast 6 free
malwarebytes
comodo firewall

 

I can only think of two more ILs:

Protected Process Mandatory Level ( SID: S-1-16-20480) and Secure Process Mandatory Level (SID: S-1-16-28672).

I had to dig up some IL files I had saved. Are you thinking of more ILs, though?

 

Hey m00nbl00d

Hows AdBlock faring?

 

Yep, there are more than those too. I don't have my data right at the moment. If you would like I can get you all the SIDs that I dug up.

Sul.

 

Nice Noob. Glad you are all set my friend

 

What happened to testing Panda Cloud jmonge?

 

That would be something.

I probably have the info already, as I saved quite a lot of info I found over MSDN and other places. But, sometimes to fasten things up, I don't give specific names to files. It's hard to find what I need.

 

I still haven't installed it. And, 99% of my browsing is done in a Chromium profile with JavaScript, etc disabled. So, no extensions in this one, as they require JavaScript.

Whenever I happen to use my normal Chromium profile, I'll uninstall AdBlock Plus and give Adblock a try. I just don't known when that will be. It could be later on, tomorrow... or a month from now. I rarely use my normal Chromium profile.

 

Oh man, I know exactly what you mean.

I found them.

Code:

SID: S-1-16-0 
Name: Untrusted Mandatory Level 
Description: An untrusted integrity level. Note Added in Windows Vista and Windows Server 2008 

Note Added in Windows Vista and Windows Server 2008
SID: S-1-16-4096 
Name: Low Mandatory Level 
Description: A low integrity level. 

Note Added in Windows Vista and Windows Server 2008
SID: S-1-16-8192 
Name: Medium Mandatory Level 
Description: A medium integrity level. 

Note Added in Windows Vista and Windows Server 2008
SID: S-1-16-8448 
Name: Medium Plus Mandatory Level 
Description: A medium plus integrity level. 

Note Added in Windows Vista and Windows Server 2008
SID: S-1-16-12288 
Name: High Mandatory Level 
Description: A high integrity level. 

Note Added in Windows Vista and Windows Server 2008
SID: S-1-16-16384 
Name: System Mandatory Level 
Description: A system integrity level. 

Note Added in Windows Vista and Windows Server 2008
SID: S-1-16-20480 
Name: Protected Process Mandatory Level 
Description: A protected-process integrity level. 

Note Added in Windows Vista and Windows Server 2008
SID: S-1-16-28672 
Name: Secure Process Mandatory Level 
Description: A secure process integrity level. 

Sul.

 

Ah OK. I missed the Medium Plus Mandatory Level before.

I was actually taking a look at the file where I got the other ones, and for what you show here, I think it's the same source.

For those interested, this is the link: http://support.microsoft.com/kb/243330

Nonetheless, thank you for taking the time to find the info.

 

Wow, it took me about 10 minutes to completely read your security setup. There is no doubt in my mind that your computer must be gasping for air....

Read my signature and behold D) my own security setup; it is light and effective both with Linux and Windows.

Thanks.

 

Not even the slightest slow down. After all, I allocate almost no resources at all to security on my computer and instead opt into low resource realtime measures and built in system hardening.

 

I'm back to Avast! Internet Security 6.0.1203. I might pair it with MBAM realtime.

 

Yeah, the whole setup cost me . . . 9.34$ for a 1 year license on both!
So i bought 2 licenses of good software and support for a mere 9.34$!!

 

Oh wow nice Noob. Great price for great software

 

There should be a security setup competition lol could test ease of use, effectiveness, and toll on the system