What is your security setup these days?

OMG!... lol. 16 GB? As I look in task manager right now, between cfp.exe & cmdagent.exe (combined) they're only using about 6000K. And that's with everything in advanced checked except the bottom thing, and everything in D+ on except cloud scanning.

I don't know about OA, but for Comodo I'd say 16 gigs of RAM is... excessive, lol. Honestly even 1 GB is more than you should need on XP. The 2 I have in this box now is even pointless. It was just as fast with 1.

Different strokes for different folks and all. Comodo has never been anything but feather light for me.

 

Giving Iobit Malware Fighter a test on my testing box

 

Oh dear!

 

Comodo FW/D+/BB/Cloud AV

Ram=8k (cmagent/tray/av/gui)
CPU Usage of cmdagent: 0:01:25
System Idle: 76:37.18
System: 1:12.34

Pair virtually zero impact with Comodo's deep protection, I would run either Comodo or similar gear like it (HIPS/AntiExe/Sandboxing)

 

tested Trend Micro Titanium AV+, Eset Nod32 v6 and Norton 360 today. I have to say although These are very well known vendors of security products I am not very impressed. Norton's Interface was Kind of slow and there was a delay when clicking through the Interface. Trend Micro let me execute malware although it actually detected the malicious file. Nod 32 is no longer top notch in my opinion and I tested it with interactive hips. Ran quiet heavily on ram usage and hips became annoying after a while. It did okay but I am not overwhelmed of any of those products. I think I will continue not using any antivirus programs.

So after testing several products in my vmware Player I'm glad I still use what's in my sig.

 

good choice

 

Currently I "Play" a lot with vmware Player to test out different programs. I tried to install Comodo IS / Comodo Firewall many times now in vmware Player but the Installation keeps crashing over and over again. Does anyone have a solution for this? I wanted to look into the Comodo products as These seem to be one of the more interesting products out there due to the new Approach of virtualization and sandboxing besides the regular antivirus behavior.

 

So far in my testing Iobit Malware Fighter reminds me a lot like Rising PC Doctor. Lower detection rate, some interesting tools, really limited real time proection. No FPs on any of my scans, very light. I see some potential to grow:

1. Incorperate Cloud into scan engine. Right now a user has to manually load up any files to the cloud they want to scan. They need somethingthat could automatically do that to help improve detection.

2. Explain what fileguard it.

I understand what process guard would be in pro but I honestly have no idea what file guard does or if it actually is protecting me.

3. Cloud Task Manager:

Something thats needed to help expand use of IMF

 

Dang... I didn't expect v6 would be that light with all modules. That's not much heaver than just using the FW & D+. If I ever decide to go back to real-time AV monitoring, I know what I'm doing, that's for sure.

I don't need the BB & Kiosk though.

Admittedly, much of my trepidation over v6 is probably a placebo effect. Whenever you see that much stuff going on all under 1 hood, you just expect it to be bloated. And as they say, when you go looking for something...

I do so wish they'd make a slim build though (FW/D+ only). And also a FW only version.

 

Malwarebytes Pro + BitDefender Free Antivirus on Windows 8 Enterprise

 

Time to ramp up the security.. something managed to slip by.

Switched to Norton DNS, adding Avira as realtime (maybe). Gonna finetune it over the next few days.

 

Tried this combo:

Windows Firewall+WFC \ MBAM Pro (full time) \ MSE in Windows 7 (x64 bit)
Windows Firewall+WFC \ MBAM Pro (full time) \ Win Defender in Windows 8 Pro (x64 bit)

then switched over to :

Comodo FW\D+ (ver 5.12) \MSE in Windows 7
Comodo FW\BB (ver 6) \Win Defender in Windows 8 Pro
(MBAM Pro on demand only in both)

The Comodo setups made my other combos look like memory gluttons!

Can't remember Comodo AV memory usage last time I tried it, but I think it was less than MSE - so may replace MSE soon. This should further slim down memory usage.

 

I'm using what's in my sig. It's very fast and light. I like it.

 

Removed: Windows Firewall Notifier and WinPatrol
Added: Privatefirewall

 

Trying out VoodooShield 1.06.
Put NVT EXE Pro on the back burner for the moment.

 

Good Afternoon! Since I had some time remaining on my Zone Alarm Anti-Virus Pro with Firewall license,I installed the newest release 11.0.000.054. I'm so far pleasantly surprised...it's light and nimble and without the bloat of the previous version. It's compatible with WSA Essentials...and with the Kaspersky engine provides excellent protection. It actually detected a Trojan with it's Heuristics HEUR:Trojan.Win32.Generic. The only odd part was the following message...There are no matching records for HEUR:Trojan.Win32.Generic. Please try your search again. So...I'm not certain if it's a false positive or not...I'll forward the findings to their Tech Support. So far really as mentioned surprised and pleased with the newest version. Sincerely...Securon

 

Have installed XP Pro dual-boot with current Win 7 Ultimate setup, mainly for nostalgic reasons and to compare its efficiency and speed to 7


Windows XP Pro SP3 Desktop:

• Running from a Limited User account
• SRP enforcing all software files, all users except administrators
• Jetico v2 Firewall with application network activity control and Process attack filter (HIPS) enabled, monitoring and enforcing for only:
  1. write to application’s memory
  2. modify child process
  3. critical registry modification
  
  This nicely compliments SRP with additional process control
  
  
• EMET 3.0, with mainly web-facing and MS Office apps configured
• Several Windows and MS Office settings hardened via configuration in Group Policy Editor
• Chrome Stable release with ScriptSafe plugin and Enterprise Group Policy template enforcement
• MBAM on-demand free (used sparingly)
• Routine images of system using ShadowProtect RE disk, saving the images to two separate physical locations.
  
• Several services disabled

In spite of all the criticism XP gets for being so insecure by default, I'm confident this lightweight (only 19 processes running at idle state) setup is extremely resistant to compromise by any of the web-borne threats in circulation

 

Cool test wat. But I'm pretty confident that given those conditions XP Pro will prove inferior to 7. In large part due to having EMET & .NET Framework installed. The latter is a resource hog/bloat on XP as it is... and EMET runs especially poor on XP compared to post XP OS's. .NET Framework also seems to be better implemented on the newer OS's.

If you want to see XP really hum... don't install .NET Framework or EMET. Hardened properly, there isn't much attack surface left to worry about being exploited. Especially if you don't use Java either.

Also, running both OS's on say 3-4 gigs of RAM, you may see similar performance give or take depending on how each is tweaked. What will show XP to be lighter however is running the box on 1 gig of RAM instead. XP, properly hardened/trimmed down will thrive on it. While 7, well you'll be lucky if it even boots at all.

I know people will say "well I'm not running 7 on 1 gig of RAM". True that, I would hope not. I believe when you talk about which one is "lighter", period, you compare them spec by spec. Given the same specs... on low specs, XP will blow 7 away. With higher specs (3-4 gigs of RAM), then it's a close contest.

Out of the box, and with all updates including .NET Framework, and 3-4 gigs of RAM... 7 wins hands down.

I am curious to see what turns up in your testing though.

In any event, XP Pro can be made to be perfectly secure with the right tweaking & software to supplement it. I could easily make the argument "more" secure even, taking into account a much smaller attack surface and less targeting now... with the right hardening tweaks & software accounting for any areas it would otherwise be lacking in. And I actually did make this argument in another thread. And I knew it wouldn't be popular. People seemed to disregard my (valid) points. And "the proof is in the pudding", as they say: I've never in my life been compromised running it. Until that happens, I can't help but feel safe on it. If some big exploit comes around that threatens me, that remains unpatched due to it's EOL or something... I'll be the first to change my OS, believe me.

I don't want this thread to devolve into what that one did, so I won't say anything more about this subject here.

 

When ExploitShield has reached a final/stable release, it will IMO be the last piece of my puzzle for hardening XP Pro. Something like EMET is the only thing lacking in my setup. But I just won't use it because it slows my box down so much (.NET FW alone does), and has so many compatibility problems waiting to happen.

But then the need for such protection is far less for someone like me too, with so little attack surface for exploits in the first place. No vulnerable services running. No Java. No .NET FW. No PDF reader. Only Adobe Flash really fits the bill, and I always keep it patched, and installed in it's own sandbox... also then inside my Firefox sandbox. In my life I've yet to have an exploit hit me.

But still, I expect to be adding ES to my sig when it's ready for the bigtime, if I find it light enough.

 

I will try your advice. Thanks! This XP setup does actually seem to runner a little quicker than my Win7 setup, although maybe it's a placebo effect. I'm not using any stopwatches or other timer devices, just my own perception of things

I agree XP Pro can be configured tremendously secure, and even without adding too much in the way of 3rd party security.

 

Here's how to stop ports 135 & 445 from listening, and close them down for good. These 2 ports are tough to close on XP and doing this is a great hardening measure. In fact there's a good chance they're the only 2 you have left that aren't completely closed. This is the case on most boxes I come across.

To close port 135:

HKLM/Software/Microsoft/OLE
Value "EnableDCOM" - modify to "N"

HKLM/Software/Microsoft/Rpc
Modify "DCom Protocols" - under "Value Data" delete everything there... leaving the box blank.

OK your way out of regedit.

Go into your services and make sure these are disabled:

Com+ Event System
Com+ System Application
DCOM
System Event Notification

Port 445:

HKLM/System/Current Control Set/Services/NetBT
"Start" entry - modify DWord Value from 1 to 4

Find "Parameters" entry in NetBT. Erase the "\DEVICE\" value, leaving the field blank.

Restart computer... check "netstat -an" in cmd to see they're no longer listening.

 

Also disabling Themes makes a huge difference on XP. In CP > Display I use Windows Classic theme, and things are snappier. I disable Themes in Services & Windows Components as well. And in System > Advanced tab > Performance - settings, the only 2 things on that list I have checked are: Smooth edges of screen fonts, & Show drop shadows under icons... or whatever. You may also want Common Tasks in folders, but I prefer the barebones/minimalistic look. Plus it makes opening & closing windows snappier.

And these are the only services I have running:

COMODO Internet Security Helper Service - Auto
Cryptographic Services - Manual
Event Log - Auto
Network Connections - Manual
Plug and Play - Auto
Remote Procedure Call (RPC) - Auto
Sandboxie Service - Auto
Windows Audio - Auto
Windows Firewall/Internet Connection Sharing (ICS) - Auto
Windows Management Instrumentation - Auto

You may not even need WF/ICS, but I was once told by someone more knowledgeable than myself not to disable it even if you don't use WF. So I listened. Plus the little padlock symbol and word "firewalled" in my network connections is a nice placebo, if nothing else ; )

In your network connections I disable everything except Internet Protocol TCP/IP. Meaning... Client for Microsoft, File & Print Sharing, QOS, and whatever else is there. Disable NetBios over TCP/IP in there. Uncheck LMHost lookup, and the box at the bottom of the DNS tab "DNS request"... something or other (can't remember). It's not needed for proper DNS implementation... nor is DNS Client. After looking into it actually sounds like it could impede it.

These measures here are great/simple ways to harden & quicken XP. Sounds like you already did plenty yourself too.

 

To turn DEP "always on" on XP:

http://support.microsoft.com/kb/875352

It added no noticeable footprint to my setup at all, and no conflicts.

Okay, I'm done. Back on topic:

Sig + lots o' hardening + Firefox/Ixquick - NoScript/ABP and some other stuff.

Looking ever forward to a final/stable build of ExploitShield. And considering now actually giving Comodo 6 a try, without the Kiosk & BB. And no, I didn't accidentally neglect to mention AV too. I'm considering giving it a shot with the AV component. If it's as light as I see it advertised as I may just be returning to having a real-time AV in my setup.

I'm thinking about it...

 

It works real nice no doubt about it!

 

removed Winpatrol Plus