What is your security setup these days?

How is faronics running lonewolf?

 

Zero problems to report for now, I'll see as the days go by.

 

just removed comodo firewall cause i just was playing with my router firewall and it blocks alot of in/out stuff and also can be able to block alot of ports in real time,just need my antivirus that's it,coming back to my faborite program HitmanPro 3.7

 

How can HMP protect you alone?

 

I have decided to add Shadow Defender to my configuration so I am able to test programs, which cannot be run inside Sandboxie, because they need to start a service or load a driver.

 

@Overkill some windows's own registry tweak(browser tweak)SRP etc etc and hitmanpro for daily scan
i also disable some services like windows installer,spool service and the list is big,also my router firewall instead of default i put it to high and blocks some stuff here and there

 

MSE is gone. Installed Comodo V6 firewall as per Chiron's suggested setup. (not sure if that is with the av and firewall or just the firewall alone.) Anyhow will see how it get's along with MBAM and Sandboxie.

 

Added============Zemana free

 

NVT Pro - WSA - W7F

On Demand - MBam Pro

 

Ahhh I see, more power to ya if it works for you

 

Those three always have gotten along fine for me.

 

360 Internet Security 4.8.0
ToolWiz Time Freeze 2.2.0.3500

 

360 Internet Security
+
Windows Firewall Control 4

 

Back to WSA Complete & ESET NOD32. Seems like a good combo.

 

@Page42 I had a feeling that you would respond to my post regarding CFW. lol. Yes, it does get along with all the rest of the programs in my sign., most importantly with Sandboxie. I have a few points that I want to share with you. According to Chiron's setup, which is very informative he recommends using:
1) Proactive Security
2) Disable Hips and chooses "Block requests", and checks the box "Do not show popup alerts", thus only seeing popups only for Sandbox alerts. (could you comment on this?)
3)Auto Sandbox is set to Untrusted.
3) His Strongly Recommended Settings (I have all those ticked)
(Personally I would prefer to utilize Hips, which at default is set to safe mode.) (a comment about using Clean PC mode with Hips in lieu of Safe mode ?)

Currently my setup is this as follows
1)Proactive Security 2) Firewall-Safe mode 3)Hips-Clean PC mode 4) Auto Sandbox-Untrusted
Comments of any or all of the above would be appreciated or tips on any beneficial changes.

 

I use the following configuration.

1.Internet security configuration.
2.Firewall set to custom mode.Alerts to new outbound connection Attempts.
3.Hips disabled.
4.Auto-sandbox set to block.
5.Anti-virus set to stateful.

 

1. Put ASLR back to its default state. Force ASLR made me lost all my thumbnails on every boot.
2. Using HTTP SB now because there are way too many annoying webmasters these days and ABP is no longer sufficient enough to give me simple and clean web experience.
3. Hardened SRP, gone as crazy as blocking rundll32 and msiexec.

 

@wolfrun,
I am hardly the person to ask about CFW settings, and I will always append any advice I may look like I'm giving with the "it works for me" qualifier.
That said, here is how I have CFW set on my machines:

FW set Safe Mode
Auto Sandbox set Partially Limited
HIPS set Safe Mode
I made most/many of the changes that Chiron suggests for hardening.

I keep the HIPS set on Safe Mode rather than Clean PC Mode.
You can certainly get an eyeful looking up the difference between those two settings.
I currently run an VIPRE AV with CFW D+, so Safe Mode works well for me.

Comodo HIPS is very quiet for me, and I don't mind the few alerts that appear. They are why I run D+, right? With CFW set the way I have it, I am not challenged by incredible security decisions... CFW handles most of it.

The Partially Limited Auto Sandbox seems adequate to me, given my use of both Sandboxie and Chrome's sandbox. The 'Attack Surface' crowd among us surely feels I have blundered in some hideous fashion by using more than one sandbox, but my position is that it works fine for me and will continue to do so... unless I change or it lets me down.

CFW is a wonderfully multi-faceted program, capable of very adequate out-of-the- box settings that do not require a great learning curve to employ... which has a lot to do with why it runs on my machines.

HTH

 

@Page48

Nevertheless, it's always good to get other opinions and thanks for yours.

Totally agree with above. So far so good here as well.

@The Red Moon
Thanks for your input also. I see that you are using the AV as well so you setup might a bit different than mine as am using the Firewall only.

Thanks again all

 

Thought I was just going to give Qihoo 360 a test spin and move on but it's ran very well since install and the last program update has it running with fewer resources than before and it was already light.

 

DefenseWall 3.22
WinPatrol 29.2.2013

ShadowDefender 1.1.0.325
InstantRecovery 2.0
Macrium Reflect 4.2

Seconfig XP
AdMuncher
OpenDNS
Opera

 

Added Windows Firewall Control again! I can't seem to stay away from it for very long, awesome program

 

Colour legend:
Red - sandboxing, mitigations and hardening
Green - active protection
Blue - on demand tools

System configuration and hardening:
• Operating system: Windows 7 Ultimate SP1 32 bit, all updates installed.
• User Account Control: I have set UAC control on Maximum.
• Autorun / Autoplay: This feature is disabled. Everything that needs to be run is run manually.
• Services: All unnecessary services are disabled. Some services have startup type changed from "Automatic" to "Manual" and are run on-demand.
• Windows 7 features: Unnecessary and unused Windows features are turned off.
• User Accounts: Built-in Administrator and Guest accounts are disabled.

Network security:
• Router: Whole network is behind router with SPI firewall. Unsolicited inbound connections are blocked. Router has access from Wan and UPnP disabled.
• Wireless: Wireless access to network is secured with strong password. WPA2-PSK EAS encryption is used.
• Windows Firewall: Windows Firewall is monitoring inbound connections. Outbound connections are not monitored.
• Malware Defender: Malware defender is monitoring all outbound connection attempts.

System and applications security:
• Sandboxie: all browsers are run in sandbox. Sandbox container is set on RamDisk.
• Malware Defender: it is protecting my system by monitoring process execution, interprocess activity, driver loading, low level access...
• HitmanPro: I run default scan once a day with my second opinion anti-malware.
• Emsisoft Emergency Kit: Smart Scan is run once a week.
• VirusTotal Uploader: Uploader is used to upload and scan individual files prior to installation.

Data security:
• Acronis True Image: System image is created at least once a week to another HDD.
• Malware Defender: it is monitoring access to sensitive/personal data.
• Keepass: All logins are stored in password protected database. Unique password is used for each login.
• Truecrypt: All sensitive data is stored in password protected encrypted container.

Browsers usage, security and privacy:
• Google Chrome: it is used for casual browsing. Adblock Plus is used. EasyList, Malware Domains and EasyPrivacy filters are enabled.
• Mozilla Firefox: it is used for sites, where I have to login (email, Twitter ...). Add-ons used: Adblock Plus, BetterPrivacy, Ghostery, HTTPS-Everywhere, NoScript, RefControl. All add-ons are configured for maximum security and privacy.
• Internet Explorer: it is used exclusively for online banking.

Internet security and privacy:
• OpenDNS: OpenDNS provides reliable internet connection and protects system from phishing websites.
• CCleaner: MRUs, temporary (internet) files and other junk files are deleted at least once a day.
• Other mitigations: No Java installed. No Flash for IE.

Online banking security:
• Online banking: All banking is conducted in sandboxed Internet Explorer after previous browsing session was closed, all sandboxed processes were ended and all data in sandbox was deleted. Every funds transfer must go through triple verification (personal certificate, password, two letters from additional passphrase).
• Paypal: Only payments through Paypal for online purchases are used. No online merchant gets my credit card information.

Updating:
• Windows Update: it is used to update system and other software from Microsoft. It is also manually run each Patch Tuesday.
• Secunia PSI: Scan is run once a week to check for security updates for my system and applications.

Other security related tools:
• Virtualbox: Virtualbox provides me virtual environment for testing purposes.
• Autoruns: Autoruns is run once a week to check all start up items.
• Process Explorer: It is used as replacement for Windows Task Manager.

Regards, tomazyk

 

• Internet Explorer: it is used exclusively for online banking.


• Online banking: All banking is conducted in sandboxed Chrome after previous browsing session was closed, all sandboxed processes were ended and all data in sandbox was deleted. Every funds transfer must go through triple verification (personal certificate, password, two letters from additional passphrase).

humm, i see.... something feels wrong there

 

You're right, I forgot to update that section. Thanks.