What is your security setup these days?

not much.

my first line of defense is me, Chrome and UAC at max.
Chrome protects me from drive-by malware and i don't expect to get drunk enough to install malware myself.
UAC protects Program Files and Windows folders and reduce the Integrity Level for that 'limited' admin account.

my second line of defense is on-demand scanners: Hitman Pro, VirusTotal and sometimes Jotti.
anything that i download and that is not from a major publisher is scanned.
i only make exceptions for Adobe, Microsoft, NVdia. stuff like that.

my third line of defense is Look and Stop Firewall and Password Depot.
i don't think i really need any of those 2 but i like the convenience factor.

if the ~ Snipped as per TOS ~ was to hit the fan big time, restoring a disk image with IFW would fix the problem. unless i were to get a BIOS/hardware virus or something really nasty.

i've been doing this for almost 6 months without a problem.
i've even tried to get deliberately infected by drive-by malwares, surfing virus sites for hours.
nothing got through i'm glad to say.

this strategy would not work for everyone but it works for me.
i'm the only one using this computer, so that makes a big difference.
i only have 1 user to worry about.

 

moontan, I like your approach. Things don't have to be complicated when you know what you are doing. I hope to be getting there, though slowly.

 

Windows 7 x64
Applocker with all rules configured and enforced including DLL.
UAC: Always Notify
Windows Firewall Notifier (extend Windows Firewall, allowing outgoing connections handling with popups)
Windows Firewall with advanced security, inbound and outbound blocked by default, restricting web-facing applications to specific remote ports
Windows Defender
Firefox Nightly x64
Internet Explorer 9 hardened though GPO
Hitman Pro
Active@ Disk Image w/ three different maintained images on two separate hard drives

 

i just like to keep things simple.

to tell the truth, i think when it comes to security softwares and setups, the cure can sometimes be worse than the disease.

 

very true

 

Superb setup! Glad you joined the bandwagon.

 

Privatefirewall (previously Comodo Firewall)
Sandboxie
Hitman Pro
MBAM

 

Good Morning ! Avast I.S. Zemana AntiLogger...Hitman Pro...Avast all shields set to the max. Sincerely...Securon

 

MSE, EMET, Sandboxie

 

feeling pretty secure with just Look n Stop,EMET,SRP i dont think i can make it any more lighter than it is now

 

ESET HIPS feels like an anti executable

 

My security setup
Win 7 x64 Ultimate Desktop: updated November 07, 2011

New: Blue
Removed: strikethrough

1. Using Standard account as default
2. Hardened Windows 7 with customized baseline via Group Policy Editor with settings found here
3. UAC at highest level
4. AppLocker with all rules, including DLL, enforced
5. Windows Firewall with advanced security, inbound and outbound blocked by default, restricting web-facing applications to specific remote ports and in some cases to remote ip addresses.
6. Disabled DNS Client service: set DNS ip addresses in Network settings, and created DNS-specific rules for all web-facing apps
7. IE 9 x64 with several restrictions applied in Group policy editor found here
   
8. EMET, with mainly web-facing and MS Office apps configured
9. MBAM on-demand free (used sparingly)
10. Routine images of system using ShadowProtect RE disk, saving the images to two separate physical locations.
11. All sensitive data kept on a TrueCrypt volume on a USB pendrive, and also bitlocker-encrypted volumes.

the following services are disabled:

• DNS Client
• Secure Socket Tunneling service
• IP Helper
• Remote Access Connection Manager
• SSDP Discovery service
• TCP/IP NetBIOS Helper
• Workstation re-enabled because of a VMWare component that needs it
• Function Discovery Resource Publication
• WinHTTP Web Proxy Auto-Discovery service

• SuRun, v1.2.0.10 – removed again, having decided to elevate only known Windows services from the Standard account using OTS, Secure Attention Sequence (SAS), UAC and FUS to the Administrator account for all other elevations using AAM, also Secure Attention Sequence (SAS) UAC.

Note the use of free MBAM for on-demand only.

 

Good job on this set-up, I like it.

 

start using sandboxie and i will wait for defenseall 64 bit version

 

I'm trying the new setup: Avast IS, Spyshelter Free and Appguard 3.

 

Thank you!

 

Ok I take back what I said to tom of what can be more chatty then MD and I stand corrected.ESET IS Loud.The Hips in Interactive mode is absolutley mental. My index finger is Sore.

 

Yahoo

 

If you start with HIPS in Interactive mode you can get crazy from clicking

I managed to disable some rules in Interactive mode by making some general rules (I only left execution control, direct drive access and driver loading on).
I have Learning mode on and manually move rules to groups that I have made. It's a slow process but after two days almost no new rules are created. In a week or so I will probably put it in Policy-based mode and see how it goes.

 

Has Ilya said he will make a 64 bit version?

 

I know you were going to remove SuRun again. Hahaha MrBrian LOL... Thanks for your post you Applocker Troll

 

As far as I know, the answer is no.

 

I hope that changes...I would love to install DW again.

 

he will but he doesnt know when

 

Very true