What is your security setup these days?

Discussion in 'other anti-malware software' started by dja2k, Dec 15, 2005.

  1. moredhelfinland

    moredhelfinland Registered Member

    Joined:
    Mar 31, 2009
    Posts:
    344
    Location:
    Finland
    Currently testing:
    G Data Antivirus
    VoodooShield Pro
    Symantec Endpoint Firewall with IDS
    NVT Registry Guard(with my own custom registry entries added)
     
  2. osmandemi

    osmandemi Registered Member

    Joined:
    May 5, 2010
    Posts:
    113
    Chomar internet security
    NeuShield Data Sentinel free
    Zemana antiloger
     
  3. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    Okay. This one grabs at me because I use another of their free applications Driver Radar Pro and find it invaluable as well as accurate as the day is long without fail.
    I tried NVT Registry Guard once before but for whatever reason couldn't get it to ALERT say if I manually added a string in the Registry which I felt it should immediately alert on and so many other apps in the past have worked great that way.
    Am I missing something for it to perform as expected? Maybe needing to add my own custom rules which I know that I didn't do before.
     
  4. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    Macrium Reflect Home
    Emsisoft Anti-Malware
    uBlock Origin
     
    Last edited: Jun 3, 2022
  5. moredhelfinland

    moredhelfinland Registered Member

    Joined:
    Mar 31, 2009
    Posts:
    344
    Location:
    Finland
    @EASTER
    NVT Registry Guard does need an alert option. Its only log any attempt to modify protected registry keys.
    While testing GData BEAST/DeepRay(virus monitor off, so its a basically a BB test) against a lot of different malwares from bazaar, one so called "screenlocker" ransomware compromised the system.
    It modified a lot of registry keys(disabled task manager, windows key, control panel etc etc). Checked the sample via Joe online Sandbox to see the behavior of it and especially registry keys that it modifies.
    Then i booted to WinPE USB stick and used "remote registry" program to load registry hives, reverted back registry keys modified by that screenlocker and rebooted. No screenlocker anymore.
    HiBit startup monitor is great, it monitors and alert any autorun, task scheduler and service modifications. However, it needs a feature "autoblock+notify" and a feature to add custom protected registry keys.
    Then i copied those registry keys modified by that ransomare screenlocker to NVT registry guard and then ran the sample again and...voila. Screenlocker part of the malware does not work because NVT registry guard blocked it.
     
  6. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Good to see that you have added NeuShield, I'm surprised that not more people are using it. Seems to me like it's one of the best solutions to tackle ransomware in case AV's and behavior blockers fail. In fact, it also does a bit of behavior blocking, since it protects from modifying the MBR and against direct disk access.
     
  7. dja2k

    dja2k Registered Member

    Joined:
    Feb 15, 2005
    Posts:
    2,120
    Location:
    South Texas, USA
    Hey guys, I'm Back! Hope you all have been well.

    FRESH START - DESKTOP

    June. 2, 2022 - Updated, Added, Removed

    Network
    • Netgear Orbi AC2200 Tri-Band Mesh Wi-Fi System (3-pack)
    • Netgear Armor (Bitdefender) - Enabled
    • WiFi WPA2-PSK AES Encryption - Enabled
    • SPI & NAT Firewalls Built-In
    • Cloudflare DNS Configured
    Computers
    • LOCAL ACCOUNTS - Administrator Password Protected
    • DESKTOP (Custom Built Desktop) - Windows 11 Pro x64 Ver. 21H2 Built 22000.708
    Built-In Security
    • USER ACCOUNT CONTROL: HIGHEST SETTING
    • WINDOWS DEFENDER SECURITY CENTER: ALL ENABLED
    • WINDOWS FIREWALL: ENABLED
    • WINDOWS RANSOMWARE PROTECTION: ENABLED
    • WINDOWS CORE ISOLATION: ENABLED
    Resident
    • Malwarebytes WFC v6.8.2.0 - Medium Filtering, Display Notifications: Outbound
    • Keysccrabler 3.15.0.0 - Keystroke Profiling Enabled
    • Adguard Premium 7.9.1 (Paid) - Custom Settings + Additional Filters Enabled
    On-Demand
    • Macrium Reflect Free Edition 8.0.6758 - Backup Template: Full \ Differential
    • Adguard VPN 1.2.519.0 (Paid) - On Demand
    • VMware Workstation 16 Pro 16.2.3 build-19376536 (Paid) - Software Testing
    • Emergency Toolkit 2022.1.0.11328 - Beta Update Channel
    Browsers, Immunization, Tweaks
    • Microsoft Edge 102.0.1245.30 (Official build) (64-bit) (Lastpass & HTTPS Everywhere)
    • Homepage and Search Providers set to Startpage
    • ConfigureDefender 3.0.0.1 - Defender MAX Settings
    • Additional Group Policy Defender Settings - Manually Applied
    • Windows & User Temp Folders set to RAMDisk - Cleared on Reboot
    • Windows & Documents - Separate NVMe SSD Drives
     
  8. Antarctica

    Antarctica Registered Member

    Joined:
    Feb 25, 2003
    Posts:
    2,177
    Location:
    Canada
    Hey @dja2k, my God you stated this thread in 2005 and it is still alive! :)
     
  9. dja2k

    dja2k Registered Member

    Joined:
    Feb 15, 2005
    Posts:
    2,120
    Location:
    South Texas, USA
    Yessir and still got lots of life left, Thanks to y'all :thumb:
     
    Last edited: Jun 2, 2022
  10. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    Appreciate the tip about HiBit StartUp Monitor- I already use HiBit Cleaner and it's proven the safest Registry Cleaner ever found with absolutely zero issues, none. Even makes backups just-in-case.

    As far as backups for the Registry I use RegBak, Tweaking.com Registry Backup along with MiTec and Registry Hive Extract to have on hand an assortment of that Windows database branch. Registry is worth preserving at all costs as well as other data.

    Testing malware AND just a corrupt registry can knock a system into a tizz so I completely understand your practice of using a USB Stick to RELOAD 'good operating' hives.
     
  11. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    5,614
    Location:
    Milan and Seoul
    I have my own strategy to protect my system from ransomware, namely backup/restore images unplugged from my computer or protected by Macrium Image Guardian when plugged in to create an incremental. I wonder, there are now several anti-ransomware programs claiming to be effective out there, and still big corporations and institutions keep getting infected. Are their IT managers amateurish? Or maybe these programs are easily circumvented by skillful crackers... To protect a large network of computers from a dedicated attack is probably a difficult task, but backups should provide 100% peace of mind...
     
  12. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Yes, I guess this is a good strategy, however I'm not that disciplined when it comes to making back ups, I have to admit. So a tool like NeuShield is always nice to have but not bulletproof of course. Normally speaking, ransomware should be already tackled by Win Defender and AppCheck on my machine, NeuShield is another layer.

    And yes, protecting a corporate network is way more complex than protecting home user PC's, I believe this is the main problem. In theory, those advanced business AV's and EDR's should be able to tackle all kinds of malware, but sometimes it seems they are indeed circumvented, not sure if they are simply disabled or can't recognize the attack if it's done by trusted system processes and trusted apps.
     
  13. Bertazzoni

    Bertazzoni Registered Member

    Joined:
    Apr 13, 2018
    Posts:
    652
    Location:
    Milan, Italia
    Most enterprise attacks are the result of successful phishing operations. IT managers can continually test employees re: phishing but a system is only as strong as its weakest link, which is usually its employees.
     
  14. digmor crusher

    digmor crusher Registered Member

    Joined:
    Jul 6, 2012
    Posts:
    1,157
    Location:
    Canada
    Slight change here.

    FSecure Safe
    Simple Windows Hardening
    Firewall Hardening
    Macrium Reflect
    Shadow Defender
     
  15. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Yes, but that doesn't explain why so many companies get owned. Either they didn't invest in security systems or those tools weren't correctly configured, or they were simply bypassed by skilled hackers.
     
  16. Bertazzoni

    Bertazzoni Registered Member

    Joined:
    Apr 13, 2018
    Posts:
    652
    Location:
    Milan, Italia
    Why doesn't it?
     
  17. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    What I meant is that, no matter how companies get hacked, either by some zero day in MS Exchange (where no employee is involved) or by phishing mail, security tools should at least in theory be able to block malware from doing any damage. So that's why I think it's weird that hackers are still so succesful, wouldn't it be cool if these hacked companies were forced to disclose what type of security tools they were using? Now that sure would explain a lot LOL.
     
  18. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    4,064
    Location:
    Canada
    Ultimately, the onus is on the company to safeguard its digital assets against all current and even future cyber threats. The "Human Factor" means that the perfect or correct decision can never always be made by the employee handling malicious emails, pendrives, software or other types of physical or digital media. That said, it's perfectly fine and even recommended practice for companies to provide required training to their employees on avoiding these threats.
     
  19. Bertazzoni

    Bertazzoni Registered Member

    Joined:
    Apr 13, 2018
    Posts:
    652
    Location:
    Milan, Italia
    We live in the real world, not a theoretical one.
    It's not weird or unusual at all. We are humans and thus imperfect. What's weird is that you expect perfection, or virtual perfection, which is not to mention all the companies that are never hacked. We don't hear about them. So dream on, my friend.
     
  20. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    I've switched AVs for a mega increase in laptop speed. Real-time security is now:
    K7 AV Premium
    SpyShelter Premium
    OSArmor
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    @Rasheed187 -- A businesses will almost always have a network, with many computers/employees tied into it. The weakest link in any network's security is usually a careless or unloyal employee.

    Small business or big business, top tier business networks will have a full-on server and not just a PC running as a server. There is a significant advantage to having a full-time server that is TRULY "wired" as a server -- see HERE.

    Small business or big business, top tier business networks will use servers with a server core of Linux, NOT a Windows/MS core -- see HERE.

    Hacking a business network that has a Linux core server, with a security conscious IT administering it, is much much more difficult than hacking the average home computer. Ergo, I *think* that those who hack business & government networks are, themselves, "top tier" hackers.

    BTW, to those expert hackers, my little home computer is boring, & far far beneath their radar. I shall strive to remain boring. As such, I will NEVER run more than 3 security apps real-time. I image 3x/week (don't we all?) so I do not need to burden my laptop with layer upon layer of security, do I?
     
  21. Nightwalker

    Nightwalker Registered Member

    Joined:
    Nov 7, 2008
    Posts:
    1,387
    Real-time protection: ESET Internet Security 15
    DNS: NextDNS via YogaDNS client
    VPN: Windscribe Pro
    OS: Windows 11 with some tweaks for security in a Standard User Account.
    Backup: Macrium Reflect and OneDrive
    Browser: Brave and LibreWolf
     
  22. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    @Nightwalker -- Very good set-up. ESET includes FW, HIPS, BB, AV, anti-ransomeware, etc, so it's well-rounded & powerful for solo real-time.
     
  23. Nightwalker

    Nightwalker Registered Member

    Joined:
    Nov 7, 2008
    Posts:
    1,387
    ESET is one of my favorites, it is all you said while being very light on system resources with little to zero false positives.

    I was using F-Secure before, I had a good experience with it too, but ESET seems to run better on my system.
     
  24. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Yes this is exactly my point. Some companies get hacked, others not and I would like to know why. Are the ones who don't get hacked using more advanced security tools? But they never mention this in the news articles, that's all I'm saying.

    Yes these are ''top tier'' hackers, but like I said, security tools should be able to tackle most of these attacks easily, unless they somehow get disabled. And I'm actually running 6 realtime security tools at the moment without any problems, so kudos to Windows 10, I wouldn't be able to do this on Win XP LOL.
     
  25. Bertazzoni

    Bertazzoni Registered Member

    Joined:
    Apr 13, 2018
    Posts:
    652
    Location:
    Milan, Italia
    No.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.