What is your security setup these days?

A frozen snapshot removes any change by comparing the frozen snapshot with the "Freeze Storage".
FDISR adds, deletes and replaces objects until the frozen snapshot is EQUAL to the "Freeze Storage".

I think that PowerShadow empties a virtualization container, but I'm not 100% sure, because the documentation of PS is rather poor and it originates from China. So I can't read their websites, except the English one.

 

WilliamP, They will be unless it is to your anchored data. This is why I use PowerShadow when cleaning other computers through my own. They are like houses of ill repute, you never know what my jump off or where.

 

Anchoring folders/files makes a frozen snapshot more vulnerable for infections, because anchored objects are not included in the frozen snapshot.
So I don't do any anchoring in my frozen snapshot and my data files are stored on another harddisk/partition.
My system partition contains only WinXPproSP2 + FDISR + Applications, but NO data.

 

Latest "changes" in bold as of 4/30/07:

Resident:

Comodo BOClean v4.23[Uninstalled]
DefenseWall HIPS v2.0 Beta 6
LinkScanner Pro v2.6
Look'n'Stop 2.06 Beta 2[+Phant0m's latest r/s]
Netgear RP614 v2 Router w/NAT & SPI
Primary Response SafeConnect v2.2

On-Demand:

A-Squared(free)
Autoruns
Avira AntiVir PersonalEdition Premium
CounterSpy v2.0
Process Explorer
Process Walker
RootKit Hook Analyzer
Rootkit Unhooker
Sentinel
SUPERAntiSpyware Pro[Upgraded]
Windows Malicious Software Removal Tool

System Hardening:

Applied manual system hardening tweaks
Disabled most WinXP SP2 services
Harden-It
Removed Netmeeting
Removed Windows Messenger
Samurai
Windows Worms Door Cleaner

Miscellaneous:

Primary Web Browser - Opera Weekly Build(w/UserJS scripts)
Email - PocoMail


Peace & Love,

CogitoErgoSum

 

Nice impliment of Power Shadow, since i don't anchor with FD-ISR thats not my use of PS, it mostly for testing softwares that don't require a reboot and especially malware. Keeping the FD snaps shadowed with Power Shadow offers an even more ambitious safety net. I never worry about unwarranted intrusion or forced system file patching or have reason to be with this combo.

 

OK, i've settled on a configuration, and stopped looking. Sure, trying out programs is still an urge from time to time. But i rely on this config.

Active: CPF+ SandboxIE + Antivir
Installed: plenty
At home, i'm behind a NAT Router (laptop). I'm also running A2 Antimalware for kicks, but i see no real necessity. Not for my present pc usage.

Now i'll devote my time on what i feel is a more interesting subject.

 

RESIDENT:
Comodo firewall Pro
KAV 6
SpywareTerminator
Comodo BOClean
Defensewall 2 beta

ON DEMAND:
Superantispyware Pro
AVG Antispyware 7.5 (free)
A-Squared (free)
RootkiUnhooker
PowerShadow

BROWSER:
Firefox with no-scripts, adblock plus, cookiesafe, netcraft toolbar, AI Roboform toolbar.

OTHERS:
Spywareblaster
ProcessExplorer
TCPview
MRU-blaster
ERUNT
CCleaner
Eraser
Truecrypt

BACK UP:
FDISR
Acronis True Image 10

 

added
changed
removed


Server 2003 setup #2

FD-ISR no longer necessary thus removed

Resident:

Ad Muncher
Comodo BOClean
ESET Smart Security
NOD32
Online Armor FW

On-Demand:

same as my Server 2003 setup #1

Other Security / System Hardening:

same as my Server 2003 setup #1

>>Snapshot 2

 

COMPLETELY SCALED BACK!

 

D-Link Router
NOD32
BOClean
Sandboxie
SuperAntiSpyware on demand

That be it for me

 

WOW....What has happened? You really have scaled down

 

RESIDENT:
KIS 6
Prevx1
Comodo BOClean
Defensewall 2 beta

ON DEMAND:
Superantispyware Pro
AVG Antispyware 7.5 (free)
A-Squared (free)
RootkiUnhooker
PowerShadow

BROWSER:
Firefox with no-scripts, adblock plus, cookiesafe, netcraft toolbar, AI Roboform toolbar.

OTHERS:
Spywareblaster
ProcessExplorer
Autoruns
MRU-blaster
CCleaner
Truecrypt

BACK UP:
FDISR
Acronis True Image 10

 

Yeah, and the beauty of that is i can still research malware and not have to break a sweat that my system might be overtaken, because each of my FD-ISR snapshots rest under the protective cover of POWER SHADOW. And anyway if one of them did just happen to become affected, it's but a very simple matter to let FD-ISR perform a Copy/Update "FROM" it's archive to that red flagged snapshot in literally Seconds! and everything is good to go again.

 

You have made into a artform now

 

avast! Home Edition

Spyware Terminator

PC Tools Firewall Plus

The freeware that keeps me free from malware & spyware.

Freeware is the best!

 

Partial List Updated From Post 1183

Changed
Added
Removed

WINDOWS XP ACTIVE PARTIAL SETUP

ACTIVE

Ksspersky Internet Security (7.0.0.111 Beta)
- File, Mail & Web Anti-Virus Enabled
- Proactive Defense Registry Protection Enabled
- Privacy Control Enabled
Online Armor FW (Beta 183)
- Advanced Mode
- Mail & Web Shield Enabled
- Program Guard Enabled
- Firewall Enabled
PeerGuardian 2.0 (Beta 6b)
- Anti p2p list Enabled
Geswall (2.6)
- Isolate Know Applications
- All Browsers Automatically Isolated
Comodo BOClean (4.23.001)
Hostsman (3.0.0.25 Beta1)
- MVPS Host File \ Overwrite
- Auto Updates

HARDENING
Spybot 1.4 (Immunized)
Seconfig XP
- Set for Home Use
Advanced WindowsCare V2 Personal
- All Scanned & Repaired (didn't affect services by blackviper.com)
ScriptSentry
- All Associations Enabled
- Reclaim Associations at Startup Enabled

WINDOWS VISTA ACTIVE PARTIAL SETUP

ACTIVE

Ksspersky Internet Security (7.0.0.111 Beta)
- File, Mail & Web Anti-Virus Enabled
- Proactive Defense Registry Protection Enabled
- Privacy Control Enabled
User Account Control (UAC)
- UAC Disabled
Prevx2 (v 1.0.0 Built 73)
- ABC Mode
- Caution Programs Query
- Unknown Programs Query
Geswall (2.6)
- Isolate Know Applications
- All Browsers Automatically Isolated
Comodo BOClean (4.23.001)
Hostsman (3.0.0.25 Beta1)
- MVPS Host File \ Overwrite
- Auto Updates

HARDENING
AutoPatcher Vista 2007 (May 07 Full)
Advanced WindowsCare V2 Personal
- All Scanned & Repaired (didn't affect services by blackviper.com)
ScriptSentry
- All Associations Enabled
- Reclaim Associations at Startup Enabled

THE REST OF BROWSERS, HARDENING, ON DEMAND
ARE FOUND HERE AND UPDATED (Browsers, Scanners, etc.)

 

dja2k,
I would replace PeerGuardian and the host file with the inbuilt blacklist function of Online Armor.

 

Believe it or not...
Since April Prevx1 and Avira PP.

 

I have a minor issue with Online Armor's Blacklist function but its only happened to me. Mike has not found my problem in the logs I have sent him, so still trying to fix it.

dja2k

 

So, it's a matter of fixing this bug?

 

Yes! I pm'ed you some more info.

dja2k

 

Windows XP Pro SP2
F/W: CHX-I (Inbound) | Kerio 2.15 (Outbound)
A/V: avast!
A/S: Ad-Aware | SpywareBlaster
Generic: ProcessGuard | SnoopFree
Encryption: TrueCrypt | AxCrypt
Backup: Acronis True Image | Rollback RX

Limited account

 

added
changed
removed


Server 2003 setup #1

Resident:

Ad Muncher
Comodo BOClean
ESET Smart Security
NOD32
Online Armor FW
Prevx 2.0

On-Demand:

SUPERAntiSpyware Free

Other Security / System Hardening:

nLite'd WIndows Server 2003 SP2 (with servIce tweaking based on a guide from Smallvoid.com)
Boooggy's Win2k3sp2 WUZero UpdatePack
Harden-It
Samurai HIPS
Seconfig XP
SocketLock
xp-antispy
Process Explorer
Firefox extensIons: Cookie Button (in the status bar), and NoScript

****************************************************************************************************

Server 2003 setup #2

same as my Server 2003 setup #1

 

A few changes.

 

Realtime: Nothing (Vista UAC, IE with scripts & cookies blocked).
OnDemand: MWAV Free, HijackThis 2.0 Beta, CCleaner at startup.
Deleted: WWDC, which resulted in opened TCP ports 49152-49157.
Changed: no longer altering local user rights just policies via registry.