What is your security setup these days?

#CogitoErgoSum : My message for you page 103 , in latin ( like your pseudonym ) was friendly ... It was fun , wasn't it ?.. For translation , look to phrases in latin in your encyclopedia . Thanks

 

nothing wrong with that Lonewolf.

But ti those who think the good folks at Gentle Security are not keeping a eye here, they are.

I have had 22 attacks prevented since installing Geswall and nothing else.

 

Still not a finalized setup.
(but judging from the other posts this is not necessary to be eligible to post )

Reinstalled my OS (OEM XPSP2 MCE) after I had purchased new HDs. The new storage enabled me to integrate an effective backup solution into my security strategy. Quite a new experience but I really enjoy the new possibilities.

Old setup:
Router
KAV 7
a-squared(paid)
Outpost Pro
Spybot
Spywareblaster
SAS(paid)

New setup:
-Router
-Avira Antivir Premium 8
-Online Armor(paid) (not yet installed)
-Malwarebytes' AntiMalware(paid) vs SuperAntiSpyware(paid)
-ERUNT/NTREGOPT
-Secunia PSI
-Firefox 2 w NoScript, AdBlock Pro, CookieSafe, RefControl & FEBE

I am currently playing with Returnil(paid) vs Defensewall(paid)
and Sandboxie(paid).

Also created a pure gaming image protected only by the router, the integrated XP FW and Windows Defender. (All installs checked by DrWeb's CureIt)

Any comments on the setup are welcome.

regards,
T

 

Buffalo WHR-HP-G54 [OpenWRT + OpenDNS]

Windows XP Professional SP3 [Customized + nLited]

-Installer:

• DefenseWall 2.43
• DriveSentry 3.0.3 <- Not installed atm. I'm waiting that I can disable Advisor totally.
• Online Armor 2.1.0.131
• Sandboxie 3.26
• Shadow Defender 1.1.0.258
• MailWasher Pro 6.1
• RoboForm Pro 6.9.89
• Ace Utilities 4.1 + Registry Defragmenter and Compactor 1.3
• Cobian Backup 9.1.1.178
• Mozilla Firefox 3.0 RC2

-Portable

• AutoRuns
• Evil Player
• FreeCommander
• Notepad++
• PeaZip
• Popcorn with OpenSSL (libeay32.dll and ssleay32.dll)
• Process Explorer
• Process Monitor
• Sumatra PDF
• TCPView
• XnView

 

Hello LoneWolf and Teknokrat,

To the former, welcome to the DefenseWall(DW) club. To the latter, I am extending a warm welcome to you as well if you decide to implement DW into your security set-up. If you have not yet done so, both of you may be interested in the information contained in the following link below.

https://www.wilderssecurity.com/showpost.php?p=1250098&postcount=2

For those of you who are interested in trialing or are currently trialing DW, the following links and technical support contact information may be of interest to you.

http://softsphere.com/
http://gladiator-antivirus.com/forum/index.php?showtopic=71682 (Download & Installation Guide)
http://softsphere.com/online-help/defensewall/ (Online-Help File)
http://gladiator-antivirus.com/forum/index.php?showforum=193 (Official DW Support Forum)
("Ilya Rabinovich" <support [at] softsphere [dot] com>);(Direct Technical Support Contact)

Hope this helps.


Peace & Gratitude,

CogitoErgoSum

 

Router
Online Armor (paid)
DefenseWall 2.43
Returnil
Malwarebytes' Anti-Malware

 

Same ol, same ol here on my XP/Vista installs.
HW Firewall
Sandboxie
Returnil
Ghost Images
So damn light and secure it's boring!

 

It seems to me that the general way of thinking is that a major part of any security setup should be some sort of imaging and/or virtualization software.

 

It exactly as in fashion trends...
let's see what's the latest trend in a few months

 

Sandboxie version 1.7 Released - Fri Mar 04, 2005 5:50 pm

And I've been using ever since.

 

NAT Router

Resident:
OA - Browsers, email, media players all set to Run Safer
NOD32 v2.7 (1 more month on license)
RegDefend w/Tony's gsr and custom rules

On Demand:
SAS
MBAM
RKU

Hardening:
Spyware Blaster
DEP - Opt Out
Seconfig
Other reg and policy tweaks

Browsing:
FF w/NoScript, CS Lite, AB+, Customize Google
SandBoxie - Firefox Isolated, Data drives blocked, System Folders and registry read only, Immediate deletion of Sandbox

Backup and recovery: FD-ISR (321 B205), IFD

 

Of course I forgot something... Putty Tray. I need SSH client to play with router.

 

Alphashield - Hardware Dedicated Firewall

Comodo CFP ver 3.0.24.368 - Software Firewall & HIPS, D+ set to Safe Mode, FW set to Custom Policy Mode. sure i've suffered some hearing loss as a result of this app yelling at me so much. but like a good woman, you take the bad with the good.

Prevx2 - the Community Intrusion Prevention/Behavrial Monitor HIPS recently and surrepticiously orphaned by it handlers. quite possibly my all time favorite app, when it's not corrupting it's local database, popping visual c++ runtime errors, crashing when scanning archives.....

Prevx CSI - Malware Scanner of some pedigree, though it missed Vanquish rootkit (self-infected). Prevx2 caught it, but did not completely clean (infection continued to reappear) lowly little Comodo scanner alerted me to the reappearance, while it could not clean, it allowed me to hand the ball to Cureit....which did.

SafeSpace - Application Level Virtualization, rock solid reliability, performance, and support. even though there is basic policy restrictions, without more precise control, end-user could inadvertently leave holes.

Returnil - System Disk Virtualization, gets along with everything, but until virtualization can cover all drives and partitions, this app will not be complete (my opinion)

FDISR - Nothing to add

ShadowProtect - Disaster Recovery, like FDISR, just does what it is designed to do, day in day out, no drama, no trauma.

Offline Scanner - Panda Totalscan & Nanoscan, which i understand has been changed to Activescan. powerful nook and cranny scanner that takes literally hours on my box to complete due to FDISR snapshots.


Mike

 

NAT router

DefenseWall 2.43
Prevx 2.0
Returnil RVS
Windows firewall

On demand:
Prevx CSI
SAS
MBAM

Note to Simmikie: have a look here
http://www.prevx.com/antimalware.asp
New Prevx logo and the Prevx 2.0 GUI is different, has something called 'pinnacle' on it and 'recent program activity' and a new one 'event log' so perhaps things are moving.

Ian

 

I'm putting a lot of effort into fashioning a bare bones grid. Probably not the safest ATM, but definitely is enough to ward off most if not all common threats, uncommon new code attempts notwithstanding.

SandboxIE (Latest)
Kerio 2.15 (special rules)
CyberHawk (Early Version)
Samurai (Prevent Rootkits Installing) POWERFUL!
EQSecure (Beta 4) (Alcyon's Rulesets) note: Magic Shield post here is not working.

Any thoughts, opinions? This is working to perfection so far.

And yes i have a DriveSnapshot Image waiting in the wings just in case.

XP Pro SP2

 

hey Ian, thanks for the heads-up! has the GUI on your copy of Prevx2 been updated?? maybe all of the Prevx close mouthedness has been due to Prevx2 update activities?!? if that is the case, i will gladly eat all of the 'Humble Pie' Prevx folk can dish out! spoon on stand-by, we can only hope


Mike

 

Mike,
No, my Prevx GUI 1.0.2.127 is still the same. Did think of contacting Prevx but I suspect it would be a waste of time! Will let you know if I see / hear anything,

Ian

 

Vista 32 SP1 set-up "changes" in bold as of 6/9/08:

Resident:

DefenseWall HIPS Pre-v2.44[Update]
Netgear RP614 v2 Router w/NAT & SPI
Primary Response SafeConnect v3.2.0.915[Update]
Vista Firewall

On-Demand:

Autoruns
AVZ Antiviral Toolkit
GMER
Prevx CSI+
Process Explorer
RegRun Reanimator
Returnil 2008 Personal Edition(*Note: For testing purposes only.)
RootKit Hook Analyzer
SUPERAntiSpyware Free
System Repair Engineer(SREng)

System Hardening:

Applied manual system hardening tweaks
Disabled non-essential Vista services
Enabled hardware DEP for all programs and services(OptOut)
Uninstalled Java Runtime Environment
Windows Worms Door Cleaner

Backup:

ERUNT(registry)
Paragon Drive Backup

Miscellaneous:

Primary Web Browser - Latest Opera v9.5 Beta 2(w/UserJS scripts; Java disabled, JavaScript enabled(userscripts only), but with options disabled, Iframes disabled and plug-ins disabled);(https://www.wilderssecurity.com/showpost.php?p=1257643&postcount=1)
Email Client - The Bat! Home
Disable UAC with TweakUAC
Disabled Windows Defender


Peace & Gratitude,

CogitoErgoSum

 

A very nice setup. However, imo overkill. If you want minimal go for Kerio and Sandoxie and run the occasional on demand. And of course an alternative browser.

Updates to my setup:

Desktop: Router + Zenwalk
Laptop: Router, XP Firewall and Threatfire. Occasional DrWeb Cureit scan.

Now that's minimal!

 

Na - Router + Firefox - that's minimal

might take a look at Zenwalk though - thanks

 

It's a great distro. It's my fave so far after a bit of distro hopping. It has a good balance of speed, stability and usability on my old machine. I highly recommend it.
Off topic there, sorry guys.

 

FULL LIST JUNE 10, 2008

Prior Full List found HERE

NETWORK
Two Linksys Wrt54g Routers (DD-WRT Flashed) in WDS Mode
SPI Firewall Enabled, MAC Filtering Enabled for Wi-Fi

RESIDENT - XP MCE 2005 SP3 <--- Primary OS
Online Armor AV+ 2.1.0.145 (Beta)
- Custom Bluetach Blacklists Enabled (For Global and P2P Dependent)
- RunSafer Enabled for all Browsers, Email Clients, Messengers, Media Players
Sandboxie 3.26.07 (Paid)
- Enabled for all Browsers and Email Clients
- Automatic Sandbox Delete Enabled[/COLOR]
Hostsman's HostsServer (MVPS Hosts File)
Script Sentry 2.7.1 (All Extensions Associated)
Process Explorer 11.13 (Task Manager Replacement Enabled)

RESIDENT - VISTA ULTIMATE SP1 <--- Backup OS
Online Armor AV+ 2.1.0.145 (Beta)**
- Custom Bluetach Blacklists Enabled (For Global and P2P Dependent)
- RunSafer Enabled for all Browsers, Email Clients, Messengers, Media Players
RVS 2008 Premium Edition 2.0.0.5007
- Session Lock is used when needed
Hostsman's HostsServer (MVPS Hosts File)
UAC: off, Windows Defender: off, Windows Firewall: off

HARDENING - XP
Harden-It (All Default Recommended), Bugoff (All Enabled),
SeconfigXP (Configured for Home), Security & Privacy Complete (Custom)
Advanced System Optimizer (Custom)

OTHER - XP & VISTA
Hostsman (MVPS host file), Spyware Blaster (Immunized)
Sybot Search & Destroy (Immunized), A-Squared Anti-Malware (Free)
KeyScrambler (Firefox Plugin), Malwarebytes Anti-Malware (Free),
Avira Antivir Personal (Free)

BROWSERS - XP & VISTA
Firefox 3 (RC2), Opera 9.50 (Beta), Internet Explorer 8 (Beta 1)

BACKUP
Acronis True Image 10, Acronis Disk Director Suite 10, Acronis OS Selector 10

dja2k

**There is a beta version for Vista now available

 

XP SP3

NAT Router

Resident:
OA AV+ - Browsers, email, media players all set to Run Safer
NOD32 v2.7 (1 more month on license)
RegDefend w/Tony's gsr and custom rules

On Demand:
SAS
MBAM
RKU

Hardening:
Spyware Blaster
DEP - Opt Out
Seconfig
Other reg and policy tweaks

Browsing:
FF w/NoScript, CS Lite, AB+, Customize Google
SandBoxie - Firefox Isolated, Data drives blocked, System Folders and registry read only, Immediate deletion of Sandbox

Backup and recovery: FD-ISR (321 B205), IFD

 

- Hardware Firewall
- Kaspersky AntiVirus 2009
- SAS (on demand)
* MBAM
- Spybot S&D (on-demand & immunization)
- SpywareBlaster (in-advance immunization)

* new

 

Well, that depends. I like to do research sometimes on my production unit so i have to settle in with a fair balance of formidable (Kernel)(Dll Injection) coverage to avoid a image restore. In those cases Returnil or SandboxIE seem to stand up well, but i deliberately let those guards down then follow with EQS on how or if penetration to Device\Physical Memory is attempted and with Samurai it seems to build a barrier in that respect; CyberHawk jumps on the Dll Injections in a snap.