What is your security setup these days?

Care to expand?

 

Hello everyone,

After testing some AV, and some applications from NVT, Heimdal, HitmpanPro...
I use what until now, It hasn't failed me,
Currenlty and all my pc's:

- Windows 10
- Kaspersky Total Security, currently using all its modules like: VPN, Password Manager,Trusted Application Mode, Software Updater, Adblocker and Privacy Protection, Backup (Dropbox and external HDD) and Parental Control (to block application downloads on shared pc's)
- Recommended settings from syshardener.

 

@Minimalist - I must concur, duly.

@TheSeeker - expand beyond 1,5k of posts?

I'll to try to compose myself here for a moment.

Ladies and gentlemen, when on Windows environment, your doors are open, you may leave them ajar, but they have always been open as that's the designer's aim / concept.

I am behind a firewall just to be able to say Yes/ No when asked to open the door knowing it is only an illusionary perception.

Carry on

 

I disagree. If I use Windows with no security software (not even Windows Defender) or tweaking and keep it and vulnerable software updated, then as long as I'm careful about what files I open, then I know that is highly unlikely I will ever get infected. It's not something I recommend doing, but that has been my experience. For example, it doesn't matter if you get emailed ransomware or other malware if you don't actually run the infected attachments.

In my opinion, most people get infected because they open infected files.

 

You have evidence of this, I assume?

 

@korben I agree with you. I had a similar experience. I used to have windows 10 fully patched. I have my data on a separate d partition protected by bitlocker. When I was connected to my wifi I could not lock my d partition at all. The firewall profile was set to public. I didn't do any browsing at that time and didn't have any file opened. There was an error that it was in use. I store my login passwords in a text file in d partition. After a couple of days, my electricity bill details were altered and some sleazy channels were added to my youtube subscription. This happened twice! I did antivirus scans but my system was clean. Fed up I went back to windows 8.1. It was a blessing in disguise as the current windows 10 build is having issues.

I have removed all built in inbound windows firewall rules and have a single rule to block all incoming connections.

There are guides to harden windows security
For windows 10 - https://www.hardenwindows10forsecurity.com/index.html
For windows 8 - https://www.hardenwindows8forsecurity.com

Also there is a thread in malwaretips relating to blocking specific ports commonly used by malware. The thread is about panda dome but the rules can be applied to other products as well.

I hope that labs like av-comparatives and av-test test products for inbound firewall protection especially when connected with wifi.

 

My security set up:
OS: Windows 8.1 pro
Encryption: Bitlocker
Separate standard user accounts for browsing, mail and payments
Windows firewall
Nod32 antivirus
Dns over https
Primary browser: Firefox protected by sandboxie with start run restrictions
Novirusthanks sys hardener

 

The version of Roytam1 currently developed or the very old original version?
I understood the rest.
TH.

 

I have on XP and Vista v.52.9...do you think it's better revert version you mentioned?
BTW on my XP are working in real-time SpyShelter Premium, Kerio FW 2.1.5 Free and Shadow Defender...no AV (only on demand).

 

@ichito

It is not wise to use an outdated browser with XP.
A test that is not passed is not enough.

https://www.whatismybrowser.com/

https://tlstest.paypal.com/

https://www.youtube.com/html5

There are also updated browsers:

1) MyPal developed by Fedor2
2) New Moon developed by Roytam1
3) Basilisk developed by Roytam1
4) Maxthon (not advisable for privacy)

_____________________________

4) KMeleon Goanna developed by Roytam1
5) Firefox 45ESR SSE developed by Roytam1

 

Windows XP Home (My PC)
Windows Firewall
Open DNS/CloudFlare DNS **
PsExec
DEP Always ON
Trick POSReady 2009
Black Viper's List
No NET Installed
SMB Protocol Disabled
MBAE Premium v. 90
OSArmor v.1.4

New Moon (Pale Moon fork for XP) - Custom Setting About:Config
UBO ****
UBO Updater
NoScript
HTTPS Always
Self-Destructing Cookie
Decentraleyes
No Resource URI Leak
Super Start Speed Dial

** = Added Open DNS.
**** = Added "Spam404 Domain Blacklist" to UBO lists.
Changes motivated by the fact that New Moon does not have the "Google Safe Browsing" feature.

 

Moved from Windows 10 Enterprise LTSB (1607) to LTSC (1809). Removed Kaspersky Free as I can now use Windows Defender in a sandboxed state.

 

OS: Windows 7 x64
Built-in protection: Software Restriction Policies, Standard User Account, User Account Control on max, various tweaks
Firewall: Windows Firewall monitoring connections both ways
Backup: Macrium Reflect
Updates: SUMo
Firefox protection: Sandboxie and uBlock Origin
Passwords: KeePass
OD Scanners: Emsisoft Emergeny Kit, Avira PC-Cleaner, KVRT
VPN provider: Mullvad
and other OD tools.

 

• Windows 7 Professional x64
• Microsoft Security Essentials
• Standard User Account (for everyday use)
• TinyWall Firewall (Mode:Normal)
• Simple Software-Restriction Policy
• SysHardener v1.5 (Default settings)
• Adguard DNS (Default configuration)
• Firefox (ublock Origin blocking 3rd-party iframe, Decentraleyes, Google search link fix, CSS Exfil Protection)

Simple, light, tight, set and forget...

 

Lenovo E580 Laptop, Windows 10 Professional 64 bit:


Full disk Bitlocker encryption aided with TPM v2.0

Secure boot: On

Several Group Policy settings enabled or disabled for privacy and security enhancements

SUA account with UAC: Default


Software Restriction Policy:

Security Levels: Disallowed

Enforcement: All software files, All users except local administrators

Designated File types: Defaults except removed LNK and added: PS1, JSE, VBS, SCT, VBE, WSF

Additional Rules:

Path configuration as shown here


Windows Defender Security Center:

Real Time Antivirus monitoring: Turned Off

Device security: Core isolation, Security processor, Secure boot: On

Memory integrity: On

Exploit protection: Defaults

Windows Firewall: enabled using Public profile and blocking incoming only

Latest beta version Chromium browser

Extensions:

• uBlockO; 3rd-party frames blocked

Settings

3rd-party cookies blocked

Javascript blocked by default, except for: [*.]ca, [*.]com, [*.]gov, [*.]edu

Flags enabled:

Strict site isolation, Appcontainer lockdown, GPU Appcontainer lockdown, PDF isolation


Disk images using Image for Windows

 

Samsung Laptop
Windows 10 / 64bit

Kaspersky Security Cloud
AppGuard Solo
Faronics AE + DeepFreeze
AdGuard
Raxio Instant Recovery
BestCrypt Suite
IVPN

 

On the Mac:
Malwarebytes (on demand)
AdGuard
That's it!

 

Windows 10 v. 1809 Home

+Windows Defender Security w/all Exploit Guards and PUA detections enabled (via gpedit.msc). Controlled folder access OFF.
+SmartScreen set to "Block"
+NVT EXE Radar Pro in Alert Mode
+SysHardener at defaults with some additional "unassociate" file extensions enabled.
+Sandboxie beta v.5.27.1 (not latest) on demand
+Installation of group policy editor on Home version to block third party driver updates and some other little stuff

+Firefox run in Sandboxie w/ trace, Canvas Blocker and uBlock Origin add-ons. NoScript currently disabled.
+Edge browser w/Nano Adblocker

Seems a lot when you write it all down, but the total impact on here is negligible b/c in part, Windows drive is always 90-93% free in space.

 

OS: Win10 Home 64bit ( version 1809, build 17763.195 )
FW: Windows Firewall
AV: Windows Defender (tweaked by ConfigureDefender and sandboxed)
OD: AdwCleaner, HitmanPro, Zemana AntiMalware
Others: NoVirusThanks SysHardener, Run-by-Smartscreen
Privacy: uBlock Origin, Windows Privacy Dashboard, O&O ShutUp10
DNS: CleanBrowsing DNS (Security Filter)

Merry Christmas to everybody !!!

 

Hi,
it seems that with your DNS many web pages are broken.
Take a test:

https://www.phishtank.com/phish_search.php?valid=y&active=All&Search=Search

 

They are not broken, it's just CleanBrowsing that prevents them to load because they are phishing, malware or anyway in the black list

 

No warning pop-up?

 

No, they just drop the connection. For some it's good not to have a redirection, for some other it's better to redirect to a warning page

 

Time to update this post

Windows 10 1809 Home Built-in security :

Machine hardening:
- BIOS Password

System Hardening:
- NVT SysHardener: most checkboxes ticked, allow me to implement many of my manual custom tweaks in 1mn.
- SUA
- UAC Max with credentials prompts.
- Smartscreen set to block
- Only allows Apps from Store.
- Deny elevation of unsigned executables.
- Windows Defender tweaked via Config Defender (set to high)
- Windows Features removed: Internet Explorer, XPS; SMB, Legacy Features, Media Features, etc...
- several services disabled.

Network Hardening
- Windows Firewall with customized settings : all profile's connections blocked + disabled/added rules , etc...
- IPv6, homegroup, tunneling, -related features removed/disabled.

Privacy Hardening: (for the fun)
- unused Win10 setting related to privacy disabled.
- O&O Shutup 10 customized
- Mullvad VPN

Browser & Extension
- Chrome x64 security tweaked (Appcontainer enabled, etc...) +
netcraft (anti-XXS) and Canvas Defender (anti-fingerprinting) extensions.

3rd Party Security Softs:
- ReHIPS : Sandbox + Application Control set on Lockdown Mode + personal tweaks.
- Appguard Enterprise : Corporate grade SRP with policy set to block most LOLbins and MemoryProtect-ing crucial running processes.
- NVT OSArmor: anti-exe, with 98% of the advanced settings ticked + personalized
Custom Block rules.

Adblocker
- Adguard for Desktop: Adblocker with custom filter and all "stealth" features enabled.

System Recovery
- Windows Backup: full backup when needed.

 

Windows XP Home (My PC)
Windows Firewall
AdGuard DNS - CloudFlare DNS
PsExec
DEP Always ON
Trick POSReady 2009
Black Viper's List
No NET Installed
SMB Protocol Disabled
MBAE Premium v. 90
OSArmor v.1.4

New Moon (Pale Moon fork for XP) - Custom Setting About:Config
UBO
UBO Updater
NoScript
HTTPS Always
Self-Destructing Cookie
Decentraleyes
No Resource URI Leak
Super Start Speed Dial

__________________________

Added AdGuard DNS.
Alert Pop-Up in the image below: