What is your security setup these days?

Thats the way it should be

 

http://www.youtube.com/watch?v=iHEFmg1Cr0Q
http://www.youtube.com/watch?v=iHEFmg1Cr0Q
Kaspersky is good
i may try it

 

Standard User Account :
deny users UAC elevation request - UAC set to highest and SRP-disallowed + 1806 trick : for Default-deny approach.
SuRun: to elevate apps automatic/manual

GesWall: system-wide automatic isolation for applications that are in the rules database.
Sandboxie FREE: to manually contain/test untrusted "tempting" files.
Spyshelter FREE: to inspect bad behaviours

Windows Image Backup: just in case

 

UAC + DW + HitmanPro/MBAM (monthly)

 

Don't do it J, jk

 

i am learning kunfu

 

nice setup konata

 

good for you

 

thank you.

now for the browser:

I picked Firefox 6.0.1 and decided not to run it inside Sandboxie but instead I added it to EMET protection and isolated it with GesWall.
Installed NoScript, Adblock Plus and HTTPS Everywhere addon right away.

 

lua plus geswall or spyshelter plus sandboxie would satisfy my surfing habits. What dark cornes of the web are you frequenting to double stack a system wide plus threatgate protection?

 

Reverted to Platinum status :

My security setup
Win 7 x64 Ultimate Desktop:

1. Using LUA account as default
2. UAC at highest level
3. AppLocker with all rules, including DLL, enforced
4. Windows Firewall with advanced security, inbound and outbound blocked by default, restricting web-facing applications to specific remote ports and in some cases to remote ip addresses.
5. EMET, with mainly web-facing and MS Office apps configured
6. MBAM on-demand free (used sparingly)
7. Routine images of system using ShadowProtect RE disk, saving the images to two separate physical locations.
8. All sensitive data kept on a TrueCrypt volume on h/drive and USB pendrive, and also a bitlocker encrypted volume.
9. 09/01/2011: Added Sandboxie Paid:

• Set up for web browsers Chrome & IE9 with forced folders full qualifying path to iexplore.exe & chrome.exe
• Restricted Internet access
• Restricted Start/Run access

I've decided I really don't need Sandboxie after all. Nothing against it; it's just that it's additional 3rd party overhead I can do without. Even tzuk has said the more 3rd party apps added increases the attack surface (or something to that effect).

the following services are disabled:

• Secure Socket Tunneling service
• IP Helper
• Remote Access Connection Manager
• SSDP Discovery service
• TCP/IP NetBIOS Helper
• Workstation
• Function Discovery Resource Publication
• WinHTTP Web Proxy Auto-Discovery service

• SuRun, v1.2.1 B9 – used only for convenience to easily launch some programs and Windows functionality with administrative priviledges.

Note the use of free MBAM for on-demand only. I despise realtime antivirus programs. They are, for the most part, an antiquated, resource-sucking leech on the system.

 

Literally any application on your computer increases the attack surface (which is why I don't like EMET and have constantly said it should be built into the OS.)

Sandboxie was the best part of your setup. Looking at your setup I see a lot of system hardening (which is wonderful) and default-deny.

The problem with default-deny is that every decision goes through you first. Do you honestly trust yourself to always make the right decisions?

The nice thing about sandboxie is that you don't HAVE to make the right decisions, you can run malware if you like just make sure it's sandboxed, and then it doesn't matter if you default deny or default allow.

 

Damn... Short life...

 

lol. I don't worry too much about what comes in to my PC, I worry what goes out from my PC these days.



EDIT: Oh wow I just had a BSOD with my current setup... happened during ccleaner cleanup...
BSOD only happening when I have other realtime app running with geswall (like spyshelter/pandacloud/rapport)

probably harddrive cant handle the I/O.. my harddrive is dying

 

Sandboxie Experimental

MBAM real-time

Mamutu Paranoid

 

I've had paranoid on for so long. I almost never get Mamutu popups. I guess I just haven't introduced anything to my system in a long time.

 

Yep, I came to my senses

You don't have to worry about EMET. It's an MS product so it no doubt co-exists splendidly with Windows.

Again, nothing against SB or tzuk (a genius, really) but it's still 3rd party software so problems with O/S conflicts are inevitable. If you don't believe me, just check out the SB forum and behold the trouble reports (where have I said this befiore? ). I had a few issues myself, not really worth mentioning here, but they were real issues.

How often do you think I need to make decisions in my day-to-day home computing? I can tell you it's not very often, but for the few I do need to make, it does me no harm, and probably helps stimulate my ageing and weary brain, at least somewhat Also, how would it be any different using Sandboxie? One still needs to decide whether or not allow something out of the sanbox on to the real environment.

Close to 100%, which is close enough to rationalize the use of the security I've decided upon. If I do go wrong I've got enough moxie to detect it right away and apply my trusty fail safe image/restore plan. It's a peice of cake, really

I don't have to worry about that with my current setup, either. Malware will be blocked if I do try to run it, and then again I tend not to get in to situations where I have to make these type of decisions. If i somehow navigate to a site that requires a "codec" or "plugin" to view a video (not pr0n of course ), I navigate away from it. Again, rather easy.

 

No matter who EMET is developed by it still increases attack surface just by being installed to userspace. Not only that but I am against any security being handled outside of kernelspace.

My issue with 3rd party security is not that it can cause incompatibilities but because that's just poor security.

You probably only make decisions very rarely. But it's not about how often. IT's about the decision. If malware finds its way onto your computer and you think it's a legitimate application you'll let it run.

How does sandboxie mitigate this? It lets you run it in a sandbox and stops it from touching the system.

Yes, a backup is nice I guess. Still I am always going to advocate prevention over cleanup.

Yes, it will be blocked... until you allow it.

I'm not trying to knock the security but I think that security should never be handled by the user. One time you might download a crack for software (just an example, I'm not saying you do, there are other methods of socially engineered malware =p) or some pr00n or whatever and it'll ask to run and, naturally, you will allow it.

And there's the layer of defense. All of that default deny stuff gets bypassed immediately.

 

If I download something I can't be sure about, even after the on-demand av clears it as legit, I can test in the vm. If it runs fine or not at all (suspected vm-aware) then it's ditched. This never seems to happen to me, probably because I tend to download from known, legit sources.

Default-deny employing already built-in mechanisms no less (AppLocker), performs its intended duties with almost self-effacing perfection. My decision-making process comes in to play when necessary, but I can do so with utmost confidence that it will be done so responsibly and without detrimental consequence.

I can't understand your stance users making decisions for themselves, nor your objections to the employment of common sense.

 

Hardly any pop-ups for me either.

 

You scare the hell out of me!!

What would you think of anyone else if they said that, and then they post a security setup where they have third-party security, while having Windows 7 Ultimate?

You could ditch Comodo Firewall and Defense+. According to you it's poor security, isn't it? The same for Mamutu.

Why don't you deploy AppLocker? It operates at kernel level. Why not Windows Firewall with Advanced Security?

You seem to say one thing, but do the opposite. I don't know... it's just that you seem to have a lot against third-party security software, yet you use them. And, the irony is that you actually have a Windows 7 version that allows you to deploy AppLocker.

 

Vista32 SP2 (UAC on, Firewall on, WD off)

Real Time:
Look'n'Stop (Application Filtering enabled only)
Sandboxie (Restrictions /Internet/Start/Run access/Drop Rights)

On Demand Scanners:
Avira Premium
MBAM Pro
HitmanPro

Virtualizers and Backup
ShadowDefender V 325
ShadowProtect Desktop (Cold Images, 3 USB Hard Drives)

Browser: Chrome + Ad Muncher

 

I don't see your point. Yes, I believe all security should be built into the kernel. Yes, 3rd party applications DO increase the attack surface. These ideas are fairly accepted by everyone I've talked to in the industry.

Does that mean I'm going to rely on Windows? No. That would be silly at this point in time. However, if Windows and Comodo both had literally the same software but Windows had it built into the kernel I'd use Windows' built in security.

Security should only ever be handled the operating system, it just happens to be that modern operating systems don't have enough security and I am forced to look elsewhere.

I'm not saying you should switch your setup. It works for you.

But I don't think that common sense should ever come into play when it comes to security; furthermore the User themselves should never come into play when it comes to security.

TLR : The best way to secure a computer is to have the security built in at the lowest possible point, the lower it's built the harder it is to circumvent. If something goes wrong the system crashes rather than allowing a successful attack.

 

Furthermore: I don't like any of the security software on my computer. I mean... I feel it protects me, but I don't think it's the best way to be protected.

1) It DOES add to the attack surface. Literally anything that executes code adds to your attack surface.

2) It's all closed source. I really don't care about licensing or "free and open" whatever, the fact is that being open has security benefits.

But I use it anyway because the alternatives are the (in my opinion) not so great security implementations of Windows 7, which are far too limiting.