What is your security setup these days?

Good-bye Mamutu, I'll miss you after all these years. Welcome aboard EAM, let's see if you and WSA can get along.

This is way more than I'm used to running, but Emsisoft has traded in my Mamutu for EAM, so I'll run it with everything else unless I start to see problems or slow-downs.

 

They won't completely kill it until 2014

 

Hey that's what I'm running now! I have one big question mhl6493, have you had any glitches running WSA and EAM together?

 

Yeah but my understanding is that you have two months to trade in Mamutu for EAM. At least that's the way it looked in the email from them.

 

Really?

 

Tempting to just say Yes really, but instead I found the quote from the Emsisoft email.

"This license needs to be activated within the next two months and has the same remaining license period as your existing Mamutu license."

 

Thanks

 

No, none whatsoever - at least nothing noticeable. They seem to work together very smoothly...

 

Now we are on our way to 3M

 

You're welcome.

 

That's reassuring. Thanks.

later: There was a noticeable lag playing a game with EAM running along with WSA. This is a game I play a lot and have never had any slowdown with, and the slowdown went away when I uninstalled EAM. I'm not giving up WSA so next I'll try installing EAM as an on-demand scanner, see if there's still a problem.

 

Sorry to hear that. I don't play games much, so that hasn't been a problem. You should be fine with just WSA and Sandboxie, though. Maybe an occasional scan with Hitman Pro, Malwarebytes, or EAM, and you should be good to go!

 

OK finally back to avast,this is my world record of being away for like 2 weeks from avast,I never had such longtime no see with avast earlier

 

Windows 7 Ultmate 32 bits (E5200 dual core at 3 GHZ with SSD + 2xHDD) with router (inbound), WFW (outbound) and NAS

Execution control
1. ACL: Deny execute file for Everyone in download/mail/media folder
2. SRP: Deny execution of all files in user folders for basic users only
3. UAC: Deny elevation (execution/installation) of unsigned binaries

Intrusion mitigation
1. Locked User Config (autostarts, Outlook, Chromium, Firewall) through GPO, disabled 60 services, added EMET 4
2. Running Mail, Media Player (StripMyRights) and Browser, PDF-reader (unsigned) in basic user container
3. Using Chromium low rights sandbox, allow javascript only from COM and NL, click to play flash

Startup checks
HitmanPro to scan load points & HMP Alert to check browser integrity

 

Avira Premium (high heuristics for on demand and real time scanners)
Toolwiz TimeFreeze (testing software)
Firefox + NoScript + AdBlock Plus
Emisoft Emergency Kit as on demand 2nd scanner

 

I ended up adding EXE Radar Pro to my setup. Now I got that good 'ol layered approach going on. Anti-executable, sandboxing, anti-virus

 

SpyShelter Premium 8.5
EMET 4.0
Windows Defender
Hitman Pro
Shadow Defender

 

Hardware & OS hardening:

Windows XP Pro SP3 32-bit - Always fully patched ASAP
Router w/SPI - wired to PC - 63 digit ASCII key (for when connecting wireless devices like PS3, and enabling WPA2)
Windows XP Pro FW - Exceptions blocked, settings greyed out via Group Policy
User friendly Default Deny SRP, Local & Group Policy tweaks galore (Autorun blocked and much more), Folder Permissions, LUA's used on demand, built in Admin & Guest accounts disabled. Unneeded services disabled, NetBios over TCP/IP disabled. Hundreds more hardening, but that's the main gist.

Real-time:

Comodo FW/D+ v5.10 - FW Custom Policy, automatically detect new networks & both Trustconnect settings checked, rest unchecked. Very High alerts, all checked except ICS server setting. All Advanced settings checked. D+ - Paranoid, nothing checked. Execution Control enabled, Treat Unrecognized as Untrusted, Heuristic command line analysis & shellcode injection checked, both Cloud settings unchecked. Sandbox disabled, all settings unchecked. Monitoring settings all checked. Chirons "Protect All Files" tweak applied. TVL deleted (vendor.n file)

Sandboxie Lifetime v3.76 32-bit - Removable Drives/USB ports forced into restricted sandbox. Only VT Hash Check & MBAM can run.
VirtualBox v4.2
TrueCrypt v7.1 - System partition encrypted, sensitive material in encrypted container

On Demand:

VT Hash Check 1.01 - Scan new files before unsandboxing, from browser, removable drive, or whatever, before moving to real machine
MBAM Free - Shell scan, and use as 2'nd opinion to VTHC if file not found.
Hitman Pro - Portable only. Full scans on occasion.
CCE
Kaspersky TDSS Killer
GMER
OpenVPN 2.2.1 (Chained) - PRQ to connect directly to, then Mullvad. Comodo FW used to prevent leaks
Comodo Secure DNS, Swiss & German Privacy Foundation DNS servers, Mullvad DNS servers
Macrium Reflect Free 4.2 (used to use "Standard" version but didn't like the real-time components for something I never use anyway)

Firefox v22.0 - Adblock Plus (EasyList, EasyPrivacy, Malware Domains, Antisocial), CS Lite Mod, HTTPS-Everywhere, NoScript, RequestPolicy, WOT, Element Hiding Helper for Adblock Plus (disabled - on demand). Tons of about:config hardening tweaks (mostly privacy related)

Only Plugin - Shockwave Flash 11.7.700.224 (installed in sandbox)
Ixquick Search Engine (custom) - SSL. Proxy used on occasion in conjuction with VPN's, when no active content is used or forms must be filled in.

Logon Barriers:

Bios password
TrueCrypt encryption key - 32 digit ASCII key, no ESC option to bypass, blank screen
SysKey via floppy disk
Ctrl+Alt+Del
Windows logon username & password (last user name not shown)

... last but hardly least - discretion, and safe end user usage

 

Currently using

Emisoft Anti Malware - Always On
Emisoft Online Armor - Always On, HIPS On
Malware Bytes Anti Malware - Always On
EMET 4.0 - Maximum Settings, Imported the default lists and added a few of my own programs to the app list.
KeyScramble - Premium
HitMan Pro - On Demand
Sandboxie - Paid, Different sandbox for various applications (Firefox, Media Player etc)

Should I consider using a Anti Exe in my set up? Also do I need a anti virus even though I have EAM? Is what I have enough protection for my setup?

 

No you don't, it protects against all kinds of Malware, a Virus is a type of Malware. And EAM is Anti-malware.

Same as all Antiviruses also protects against all types of malware, and not only Viruses as one could think

 

I don't know if you know this but bios passwords are incredibly trivial to bypass.

 

On older desktops.

 

Even on my 2 year old HP laptop. Let's just say I got into a pickle and all I had to do was take out the CMOS battery for a few seconds and boom, password gone.

 

Testing Bitdefender Internet Security New Edition (2014)

 

My settup is whats in my sig Only change is I am running chrome sandboxed through CFW.