What is your security setup these days?

Can clarify what do you mean by "Disabled risk-ware"?

 

risk-ware: build-in services providing access to your computer.

Business stuff which most home users don't need: e.g. active desktop, gadgets, file(media)-internet-port-printer sharing, remote desktop-support-registry-shell.

Fancy stuff which is used to enriche your PC experience and basic PC users (browse, mail, office) don't need like rss feeds, messaging, chat features, codecs, etc.

 

Thank you. I see I mostly covered all this stuff. BTW as for services Black Viper's Service config for Win-7 helped me to config services.

 

Online Armor free
MBAE free
Panda Cloud free
Zemana AL (licence)

The setup is light and strong.

 

Windows 7 Professional SP1 x64

Firewall & Anti-Virus:
Router NAT/SPI (Password Protected)
Emsisoft Internet Security 9.0.0.4799

Blocking/Hardening:
AppGuard 4.1.45.1
Malwarebytes Anti-Exploit Premium 1.05.3.1016
Norton ConnectSafe DNS (Malware, Phishing)

 

Have dusted off the dust on MBAM Pro 2.0.4.1028 and actived it in real time to see how it goes, (once again). Runs well with Sandboxie so far. MBAM Service running at 73.5 mb in memory. A bit high? Rest is per signature.

 

How's that working out for you?
73.5 mb sounds high, like you said. I'm always around 35-45 mb.

 

Re-Adjusted the network/security a bit.. Notably, my fully licensed Untangle has been moved to the Gateway, maximum rack for protection.

Connection/Multi-Homed:
WideOpenWest 60Mbps Cable Connection WAN1
AT&T 10Mbps DSL - Multi-Homed, Failover via WAN2.
AT&T 4G LTE Hotspot Box - Provided by work for free, in the event everything else fails.
Norton Connectsafe DNS
Motorola DOCSIS3.0 SB6141

Frontend:
Untangle Layer 7 NGFW(FULL LICENSE - Maximum Rack Activated - URL Filter/Cookie+AD Filter, Bit Defender UTM, ClamAV UTM, SNORT Intrusion Guard, HTTPS Inspector, Etc)
ASUS RT-AC87R Functioning in AP MODE ONLY.
Layer 3 GBE 16 Port Switch (Cisco)

Systems:
Win 8.1x w/Tweaks+Lockdowns
Trend 2015 (Hypersensitive, Maximum Web Protection Slider)
Chrome w/uBlock, HTTPS Everywhere, Tab Cookies, Privacy Badger
PeerBlock w/iBlock Subscription (Malware Databases - blocking 500K bad IPs)
Kerish Doctor w/Realtime Malware Scanner

Backup/Redundancy
Lenovo IX4-300D 12TB Raid10 Network Access Storage (NAS)
3X Cyberpower 1500VA AVR UPS
Generac 20,000 Watt Air-Cooled Aluminum Enclosure Natural Gas Powered Standby Gen w/Transfer Switch

Network Structure
Subnet Segregation
VLAN Isolation

Given the network security, I DMZ policy the DSL (when not in failover capacity) a honeypot system for research purposes, running VMWare. (obviously) I also run multiple servers in the home, including an FTP, Security, Camera, etc.

 

emsisoft antimalware

 

What do you guys use for USB protection? I was literally shocked when I realized my dad's PC had been infected through an infected USB flash drive. This is fairly uncommon as I manage the network in our small office and we hadn't had any infection since 2010. Well... counter reset to zero. I don't want a real-time AV and anything complicated to deploy and manage since I'm mostly out of the office.

I loved No Autorun back in the XP days, but I can't get it to work right on Win 7.

Thanks in advance for your suggestions.

 

LOL

 

Is that a reading for mbamservice or exe ? Right now as I am typing this Thurs. 11:16 PM EST, Mbamserv. is at 82.8mb and Mbam.exe is at 36.2 mb. Not exactly ecstatic over those readings.

 

Sandboxie. By forcing the USB drives, auto run programs in flash drives start sandboxed automatically. Works nice.
http://www.sandboxie.com/index.php?ProgramStartSettings#folder

Bo

 

@atomomega
You can disable Autorun: http://www.redmondpie.com/how-to-disable-autorun-autoplay-in-windows-7-and-windows-8/

 

I block external devices with ERP

 

@atomomega
In addition to what bo elam, Minimalist and Overkill have said, there is also deny execute permission of removable media that can be configured through GPEdit.

 

See picture

 

I saw the original question and I was about post using AppGuard and wanted to to not do that post. My post would not have included a comment that Bo will most likely come and post about his beloved Sandboxie. I was right as usual in my expectations.

Both programs work for that protection and you need a payed license for them.

 

Thank you very much @bo elam @Minimalist @Overkill @GrafZeppelin @Windows_Security @Jarmo P for your comments and recommendations. I'll look into each one to see which fits best. It's a good thing to see that Invincea is offering lifetime licenses again. ERP, I've never used it before and I'm not sure if it's worth for just blocking USB execution. I have to compare these two. For the other OS-internal solutions, I need to be able to execute from my USB, since I'm constantly running portable apps.
Well, the first thing I'll do this weekend is reformat, as I don't feel well knowing my OS was infected and "disinfected". I just prefer to start from scratch knowing it's all good and clean.

 

I think in a case like yours where you can not disable autoruns, Sandboxies paid version works great because you can set things up so as your dad plugs a flash drive to the computer, the USB folder opens up using a sandboxed version of Windows explorer. Anything that runs, runs sandboxed automatically. Its almost impossible to get infected. You probably know, you can also set the sandbox where only a few programs can run and block all programs from having access to the internet. And if you enable Drop Rights, that alone blocks anything from installing in the sandbox.

If eventually you are able to disable autoruns, then using Sandboxies free version can be beneficial as well. After plugin the flash drive, you can show your dad how to manually run a sandboxed version of Windows explorer and then use it for navigating to the flash drive. Works nice and to make it convenient, you could create a sandboxed shortcut icon for Windows explorer. That way, as your dad clicks in the sandboxed shortcut, the sandboxed explorer opens up.

Bo

 

LOL, you would think that Mayahana's setup is actually meant for large businesses.

 

True enough, and I totally agree. But at the same time, if you've got the extra money to spend and work hard at what you do in your career, it makes sense to enjoy the life in which you've worked hard for. I believe he occasionally does some work related things at home as well and in that case it would be imperative to ensure a secure network and follow best practices for security in general. If I had the extra cash I would love to upgrade some of my hardware as well. But since I was injured as a young child, I have to rely on food banks and getting used hardware at thrift shops. But I still enjoy what I do with bringing older networking hardware back to life and customizing with OpenWrt. I even use my leftover OpenWrt to help secure networks for a lot of elderly folks around town to make sure they don't get ripped off by having to pay to clean their machines and so on.

 

The reading I gave was for mbam.exe. Mbamservice.exe is around 82 mb... higher than yours.

 

O.K. thanks for the reply. Looks like the readings are normal then.

 

My current setup:

OS: Windows 8.1 x64
Built-in: Windows FW (inbound), User Account Control, Software Restriction Policies, various security related tweaks
Backup: Macrium Reflect daily incremental system backup, backup to external HDD
Update: SUMO, Secunia PSI
Browser: Google Chrome x64, µBlock, µMatrix, custom Google Chrome policy templates
On demand: HitmanPro, Malwarebytes AM, Emsisoft EK, Avira PC Cleaner, VT Uploader
Other: CCleaner, Autoruns, KeePass, TrueCrypt