What is your security setup these days?

That is good to know.

Comodo firewall huh? Is it rather chatty? Display a lot of alerts etc?

 

Agreed. I have only used the online scannners to double check my installed antivirus periodically when I have time to do so. Was thinking it couldn't hurt to do that.

 

Well, to answer your question about using Emet along side of ExploitShield, since I am running Windows/XP/SP3, Emet is somewhat limited in what it can do on this system. It is limited to Application Opt In, I cannot configure it to Always On, or Maximum Security Settings. That is a limitation of XP. Also, SEHOP and ASLR protection is disabled by default on Emet/XP apps. Sooooo, I decided to run Emet alongside of ExploitShield to see how it would work, and talked to one of the ExploitShield tech guys, who said he doubted if the 2 programs would conflict. And so far, they have not. There has been no sign of a system slowdown, my CPU usage averages between 4, and 22, which is right where it should be, and you know what? I think I have some good protection on this old machine. And Avast 7 antivirus still in my opinion is the BEST antivirus for XP machines. A lot of the other antivirus vendors have geared their products toward 64 bit newer operating systems. Avast is still the king on these old 32 bit 'puters. And, there are millions of computers like mine, that are still running, and I will wager a bet that a lot of them aren't secured as well as mine.

XP/SP3 PRO, [MS config/SSDP Discovery Service disabled],[UPNP disabled], [system 32\ping.exe blocked in/out],Java uninstalled, Javascript enabled in Opera, Flash Player blocked, Emet, ExploitShield,Opera/Yahoo, Opera/delete private data/Netcraft/Phishtank,want nothing Google, VPN4All, Comodo secure DNS server, Sandboxie/drop my rights/delete invocation, Comodo 3.0 22.349, Hips set on paranoid mode, Zemana antikeylogger free, Avast 7 set tight, MBAM, SuperAntispyware, Ccleaner.

 

Windows 7 Home premium x64
° updated

Realtime protection
° Bitdefender Internet Security 2013
° Windows 7 Firewall control free

On demand
° Hitmanpro

Instant Recovery
° Rollback RX

Browser
° Firefox
Addons: Adblock plus & Flashblock
° IE9

Software updater
° KC Softwares SUMo

 

Its totally silent now

after these 3 steps, i receive absolutely no popups from Comodo, unless i am installing a new app
and the entire process takes about 15-20 minutes
after that....... peace

 

One difference-I set firewall on safe mode, and Hips on paranoid.

 

So you like Fine granular controls eh?
will try out Outpost Firewall with Kaspersky AV today
Outpost is not quite as silent as Comodo, and it is a little counter-intuitive
But it does pass the Comodo Leak Test

 

If you made the partition 6gigs, it would probably be slow due to having no room for the page file and other temporary locations.

 

@Kees1958
Nice setup as always.

 

@LoneWolf
What happened to DefenseWall?

 

@nikanthpromod
Nice setup. How's BIS? Feel any drag?

 

I was playing with an 'in the wild' fresh sample (which tried to change chrome user profile, allow silent plug-in install, set plug-in to run unsandboxed and execute the plug-in dll).

My group policy settings of Chrome stopped the intrusion sequence, but chrome's flash plug-in did not wan't to play anymore, so had to re-install chrome. Also had to revert to an older image last year in which system was not intruded by a fresh malware sample, but system was partly damaged, because I could not install programs anymore.

Therefore installed Toolwiz TimeFreeze to use on-demand (un-do side effect changes of malware testing).

Thx

 

Good going Kees.

 

Umm, yes it does actually. Where are you getting that it doesn't? EMET will protect every plugin and application you have, including the latest Java. Download the latest XML that HungryMan provides a link to on his blog for EMET 3/3.5. The only exceptions to coverage in EMET are some drivers like audio. Otherwise it covers far far more than ExploitShield with, in my own personal experience, much less of a performance hit.

@Zitch: Okay, I missed you referring to XP.

 

Will test it out in a vm.

Thanks.

 

Hi Kees, none of this would happen if the browser is running under Sandboxies supervision.

Bo

 

Right you are Bo.

 

Emsisoft/HitmanPro

 

1. https://www.wilderssecurity.com/showthread.php?t=331069 -- post #19
2. https://www.wilderssecurity.com/showthread.php?t=333127 -- post #7

At least 2 other people agree that EMET will not stop Java exploits.

 

Yes because I have hardened chrome so much through GPO, SPR, ACl etc. that a sandboxed Chrome is unable to connect to the internet. So that would not have happened for sure.

 

"Better" is such a subjective term. It can depend on the needs of each individual, and depend on so many other factors too. Seems that the products are 2 different approaches to accomplishing basically the same thing. For my needs personally ES would be "better" on account of the fact I don't need .NET Framework for it to function... which slows down my setup considerably and adds more attack surface. But if you're using a post XP OS and .NET FW is forced/shoved down your throat anyway, then one may as well take advantage of a tool like EMET if there's no noticeable, negative impact on your boxes performance and stability.

But the subjective nature of the term "better" aside... I thought it was pretty much universally recognized that ES was lighter? I guess not... as usual I'll just have to see for myself. No doubt that also varies depending on the circumstances. But you're the first person I've seen say that EMET was lighter than ES.

 

Good Evening ! J Monge...Sweet and Dynamic...Two some! Sincerely...Securon

 

Good Evening Securon this is the best combo i can find around penny by penny this two are the best from the west !Sincerely...J Monge

 

Its on the backburner.

 

With that security setup you have, how did all this happen?? Did you deliberately allow the dll to blow past SRP?