What is your security setup these days?

ERD - W7FW - Emet 5.1 - SBoxie - AdGuard - uBlock

Backup - AX64

 

I've come to similar conclusion. I use SRP instead of ERP for whitelisting. I must say that I really like this simple but effective setup.

 

Hi DX2,What is ERD?

 

Emergency Repair Disk?

 

Maybe he thought ERP (Exe Radar Pro)?

 

Yeah, my bad, ERP..just put NVT to make it easier..

 

Emsisoft

 

I agree on SRP as well. Was also using Applocker with emet a while ago. Still feels secure especially when running it with chrome with/without Sandboxie or appguard and i am the only one who has access to this PC.

regards.

 

Linux!

 

CIS seems to be heavy with EMET and MBAE on my PC (though it's lite on my office PC). Now I try just CIS in different configs.

 

SRP
Deepfreeze
Emet 5.1
Image for Windows
OpenDNS+DNScrypt

 

Linux also.

 

For you guys running Linux, can you elaborate on how it's secured? Sure, Linux by its design and even through obscurity is secure to a point, but what about hardening measures you've incorporated into it?

On my machines running Linux, openSUSE on one, Lite on the other:

• Chromium browser harnessing the Linux OS' sandbox, especially the robust Seccomp-BPF sandbox, with uMatrix and uBlock extensions for privacy enforcement and scripting control. 3rd-party cookies blocked by default. Other Privacy options in browser enabled.
• AppArmor enforcement on Chromium, VLC player, dhclient and Java
• UFW enabled for default-deny in/out traffic, remote port restrictions and remote IP restrictions for DNS servers

 

dd-wrt [Yandex.DNS Safe]
Windows 8.1 Pro x64 [Windows Firewall, privacy improved and other system tweaks]
360 Total Security [Performance (Custom), all Engines] TESTING
Malwarebytes Anti-Exploit
AppGuard
Opera [µBlock(Dynamic filtering 3rd-party <script> and <iframe>, and also some other filters list) and HTTPS Everywhere]
WinPatrol PLUS

scheduler/on-demand:
AOMEI Backupper Standard or Macrium Reflect FREE
HitmanPro [also scan at startup]
Malwarebytes Anti-Malware

"Secure", Fast, and without conflicts!

 

Would be nice when someone opened a "What is your UNIX-security setup" thread in UNIX section where AppArmor settings are exchanged so newby's have a headstart on UNIX

I am interested whether there are additional benefits of using AppArmor and FireJail to guard Chrome for instance (sounds like a fort knox construction to me, so just wondering after having succesfully converted two old XP's to UNIX-with-an-XP-look-and-feel)

Regards Kees

 

Switched out Emsisoft AM and put on Eset SS, also added herdProtect for on-demand

 

A "What is your UNIX-security setup" thread might be okay but it won't have nearly the wide array of setups found in this thread for Windows. I could be wrong, but there're only a few antivirus packages, some basic firewalls, Apparmor and not much else, other than what can be achieved from hardening the OS itself. As for Apparmor, it seems to be too intimidating for average users. There are some good threads on Apparmor, although I haven't seen a whole lot of interest in them except from current Linux users.

 

I don't see why there needs to be a separate thread for that. This is a fine place to post all computer security setups.

 

I concur.

 

Security by obscurity. Too few users on Linux to make it worthwhile for hackers.

 

Although there are few is true, for AppArmor to restrict an application is quite intimidating. That would exactly be the reason to start one, just limit it to
a) Firewall settings
b) AppArmor
c) Firejail http://sourceforge.net/projects/firejail/

Do you use firejail? Would there be advantage of using AppArmor and Firejail together. For a non linux user (as said only Windows_XP to XP_skinned_Linux conversions) this combo seems to have no match on other OS-ses.

 

Just added uMatrix to Chrome. A nice addition to uBlock. But it somehow cripples youtube (embedded and also youtube.com). Any ideas what to do ? Should I just generally allow all "youtube and yimg" or is this a common problem?

Also thinking about removing CIS and adding ESET Smart Security

Thanks

 

I've replaced herdProtect with ESET Online Scanner. OD scanners that I use ATM: HitmanPro, Malwarebytes Anti-Malware, Eset Online Scanner, Emsisoft Emergency Kit, Avira PC Cleaner.

 

Some people don't accept this as "security", though I believe it to be a valid form of security.

No I haven't tried it yet. Can it be combined with Apparmor for an advantage? Well, I've the same question as you. The feeling I get with my limited knowledge is that Apparmor with Linux-sandboxed Chromium, scripting control extensions, basically the setup I'm using, is already so powerfully secure it's not likely anything else is needed.