What is your security setup these days?

Well, "better" when talking about performance will always depend on things like system specs, how the software is coded and blah blah blah. When I speak of EMET being better than ES as far as protection is concerned, it's because EMET is not limited to a browser or some 3rd party wanting to make more money by limiting protection to one thing or another. Again, EMET covers pretty much the entire system and it does so using protections already built in to the OS. That can make a lot of difference in performance. I'll assume when people talk about it being "heavy", they might be meaning the service that continually runs as of 3.5. In my own case, I noticed very obvious drag on my system with ES that is all but gone with EMET. Your mileage may vary of course.

 

Checked my Emet configure apps list, it shows: Java.exe,Javaw.exe, and Javaws.exe. Presumably, these are protected against DEP,NullPage,Heapspray, and EAF on an XP computer.

 

Perhaps at least one of those threads was referring to a specific exploit. As to the other thread, I'm confused.

 

Currently switched to
Look'n'Stop + MJ RegistryWatcher + ExeWatch
TTF and the other addons still the same.

 

With off-line installer the pepflashplayer.dll is located in C:\Program Files\Google\etc. With the default web installer it is located in the User directory. Even when you use the off-line installer version, you will see a pepflashplayer.dll in your User directories.

Now windows was vulnable to dll path intrusions in the past, Chrome was vulnable through user files (also old chrome exploit) and webkit had a history vulnability. Enough ingredients, to check whether this fresh malware sample would succeed against lates Chrome off line installer version.

So I did not deliberately allow anything , just was checking whether GPO stopped this malware. I have whitelisted my plug-ins and blacklisted extensions, but in theory the malware could change the pepflashplayer.dll located in the user directory (no UAC protection) and maybe trick Windows (path vulnability) and Chrome (auto install plug-in) in using the adopted dll.

This malware was a new variant using a mix of older exploits,rest assure, even the vulnable chrome version would have survived with the GPO hardening

 

Well when I speak of "heavy", on XP, I speak of .NET Framework itself which is needed before I can even get around to assessing how heavy EMET is. And that happens to increase the size of my OS install by about 30% and makes my box noticeably less responsive. Throw EMET in there on top of it and my footprint is doubled. Since I don't even use Java, or PDF, or .NET FW, have about 9 services running (none renowned as being vulnerable), have never fallen victim to an exploit in my life, and have an attack surface the size of a gnat to begin with... it's not a concession I'm willing to make personally.

But sure, it all depends on the individual. And I agree I don't like things that greatly limit/diminish protection in the free version. I heard some talk about the possibility of a Pro version, which would be nice. But really, my browser is the only realistic way I'd get compromised anyhow. The only other thing I ever have facing the internet is Pidgin Messenger, which is well hardened via D+, a tight FW ruleset and sandboxed. And not having to install .NET FW, to me makes all the difference on XP. Makes it "better", for me and me only. On a post XP OS I'd probably lean toward EMET as well, since you're stuck with .NET FW regardless.

So v3.5 of EMET is especially cumbersome then? I'd heard before people had problems with that one in particular, which isn't surprising since from what I gather it's not even a final release? I know some people that swear by sticking with v2.1 even... say it's lighter and does everything 3 could do for them, with no annoying tray icon. Just what I hear... as I don't actually use it myself.

 

I developed a full proof method to prevent against exploits long ago... I don't put things on my box that are vulnerable to them, and disable any services that fit the bill & close up any ports otherwise associated with them.

The only thing left is Adobe Flash Player (simply no alternative/way around it), which I keep patched, disable all caching in the settings, and install into a restricted sandbox.

As the EMET/ES debate wages on... better yet = knowing you don't need either one of them, and your odds of an exploit are roughly equivalent to a lightning strike.

I wonder why anyone bothers to even put Java on their box? I've never needed it for anything. And if I did, said "anything" would be out the window. Heck, I barely ever even need Javascript for that matter. Besides the 2 scripts needed to watch Youtube videos, I only need to allow 1'st party scripts once in a blue moon for proper functionality. To change my sig on here, for instance, lol, is about it.

Same with cookies. I can't remember the last time I even needed to allow them for something to work.

And referrers... never have I witnessed a site break because I disallow them.

People make far too many concessions that are simply unnecessary... or their browsing habits are completely alien to me.

 

@jmonge
Nice setup J.

 

@LoneWolf
Well careful not to rust it too much.

 

How did it happen, then? Would whitelisting DLLs have stopped the bogus dll? Unless this malware was taking advantage of the fact that SRP works at user level, unlike AppLocker which works at kernel level. Which makes me wonder why someone who has the privilege of having a Windows version with AppLocker still decides not to use it, and instead use SRP.

 

Changed to Avast free,ZoneAlarm FW free.Later i will add WinPatrol Plus.And maybe Zemana Antilogger free.And of course,the program which is already part of my OS,Sandboxie.

 

@JoeBlack40
Nice setup. Same here with sbie.

 

Thanks.Added WinPatrol already.Everything is fast,light and snappy.

 

One of those people seems to have contradictory opinions: -http://www.insanitybit.com/2012/05/29/emet-a-windows-security-tool-that-everyone-should-have-15/

 

Zemana Antilogger Pro

 

I honestly don't get the comparison or debate between EMET and ExploitShield. The 2 don't do the same thing.

EMET aims to prevent vulnerabilities from being exploited.
ExploitShield (Browser Edition) aims to prevent execution of payload.

Software has vulnerabilities. Exploits make use of vulnerabilities to do something. That 'something' can be anything. In today's context, most drop a payload but it's not really necessary.

While you may think it's the same, it's not. From a security standpoint, EMET comes in earlier in the picture while ExploitShield deals with the after-effect (and that is if the exploit decides to drop a payload)

EMET achieves it's aim by using security mitigation technologies such as DEP, SEHOP, ASLR, EAF, HeapSpray, etc. Unfortunately, SEHOP and ASLR are unavailable in XP natively.

ExploitShield is at best, a companion to EMET. It's not a replacement.

HunGryMan recommends EMET because it helps to break most exploits. Apparently, with some the new Java exploits, EMET doesn't (as ZeroVulnLabs pointed out). I get what you're saying but there's really no "contradiction" in his opinions.

 

Same here, trying Zemana Pro. Not seeing any noticeable impact, seems like a good program. I'll have to do some reading about it to see if it plugs any vulnerabilities in my setup.

 

it has some hips protection too

 

Didn't know that, must be the System Defense Module? Some HIPS is always a good thing.

 

yeap

 

@JoeBlack40
How's Scotty doing?

 

I put on Avast Free, and only scan executed.

 

Replaced Windows Defender & Zemana Antilogger Pro with Bitdefender Antivirus Plus 2013

Seems light

 

back to Avira

 

Avira is always a keeper