Advice on my current setup

It's been a long time since my last visit here; so, being a bit impractical reading all the posts from the past years, I'd like to take a new start asking for an advice on my current security setup.

Assessment (needs):
I need to secure my home PC, used by me and my family (wife and two daughters learning how to use a PC)

I mainly use Free and Open Source Software; my only paid app is MS Office 2010 (I need it sometimes for my paid work!)
I view myself as a tech-savvy person (I'm an IT Project Manager).
I evangelized my family members so they don't download software or click around
I don't ever install crackz, warez ans so on

General setup:
My home network is behind a Netgear DG834DG router with SPI firewall, UPnP disables, set to Norton DNS (security + pr0n + family).
My desktop PC has an SSD (dual boot Win + Linux), a separate storage hard drive for data, an external hard drive for backups

Linux setup:
Debian stable, security updates enabled
Browsers: Iceweasel (me), Chromium (family)
only installing SW from official repositories

Windows setup:
Windows 7 Home Premium SP1 (64 bit)
Standard User Account
UAC on max
Windows Update on auto
Windows Firewall
Microsoft Security Essentials (real time)
Hitman Pro (free version, on demand)
Hitman Pro.Alert
Virus Total uploader
Browsers: Firefox (me), Google Chrome (family)
default browser set to IE11 64-bit, protected mode, adblock plus, flash for IE not installed
Java not needed, so not installed
Secunia PSI

Browser hardening in both systems:

Firefox / Iceweasel:
do not save History
do not accept third party cookies
NoScript
Adblock Plus (easylist+easyprivacy+MDL)
VT checher
Self-destructing cookies

Chrome / Chromium:
do not accept third party cookies
click to play plugins
--safe-plugins
Adblock Plus (easylist+easyprivacy+MDL)
VT checher
Vanilla Cookies

I still have to find a virus so I'm thinking: it's overkill?
Or I have to change / add something?

Your opinion would be very appreciated

Greetings from Italy

 

I suggest adding Malwarebytes Antimalware, replacing MSE with Avast! and disabling Autoplay. Since you've already evangelized your family so they don't click on everything on a webpage, I think you have good strong setup.

 

Autoplay is already disabled.
MBAM is a good advice.

Sometimes I'm leaning to no a no real-time AV setup at all, but then I think about my daughters... Maybe I'll try whitelisting legitimate programs using Parental Control

 

Its already pretty good, but you can add sandboxie.

 

yeah, tbh.. to me, it's kinda overaction. but it's ok since you're not the only person who uses your pc.

My recommendations:

1- leave UAC on default level, it'd be ok thanks to step 2. UAC on max is kinda chatty. on your current defined level It'll alert when even you make changes to windows settings which can be annoying, oh no..

2- Since windows firewall lacks a user-friendly GUI, you may wanna consider installing a firewall software instead of the boring old-fashioned Windows firewall.. Comodo free firewall, no question! ( for what it's worth, there is also a tool called 'windows firewall control' which provides fast access to the Windows Firewall settings and enhances functionality by letting you manage networking rules for each application. It mainly caters to experienced users, such as network administrators , oh did I forget to mention it? it's not free!)

3- MSE acts not like the way you expect it to.. if you're looking for a free, yet powerful AV, why not choosing QIHOO 360 IS ? I'm using it, it's great. take a look at this

4- The additional malware scanner as our friend said, MBAM is highly recommended beside whatever you want to use.

Take Care

Regards,
Amin

 

You have a good setup.. My advice is replace MSE with either Avira, Avast or Bitdefender free and include Malwarebytes for on-demand scanning.. Disabling third party cookies is fine but might break many websites. As long as you have self-destructing cookies it will delete all third party cookies which are not needed in the current or open tabs. Set your default browser to Firefox/Chrome so kids don't have to surf using IE. Not that IE is not safe but compared to other browsers IE is not great. MBAE will be good addition to prevent exploits in browser and flash.

 

I'm almost positive all those who replied above meant MBAM Pro as opposed to MBAM freeware. Along with the fine AV upgrade suggestions, MBAM Pro affords full-time Anti-Malware & Anti-Spyware protections.

Since you're IT savy, also install EMET 4.1

SpywareBlaster 5.0 wouldn't hurt your system resources a bit.

Some of us also populate and maintain our system's HOSTS file.

EFF's HTTPS-Everywhere 3.4.5 add-on/extension for both Firefox & Chrome.

HTH

 

I forgot to mention my strong recommendation for a password manager. Go for either LastPass or KeePass.

 

1. Add Microsoft's EMET.
2. Consider using anti-executable protection, such as Software Policy.
3. Microsoft Security Essentials is considered by Microsoft to be a baseline for realtime protection.
4. Firefox in protected mode.
5. Leave UAC at max. There is a known weakness with UAC at default.

 

Thank you so much.

I forgot to mention that I already use EMET 4 and Keepass.

Yesterday I did the followng:

1) Replaced MSE with Avast Free. I installed only the file shield, because I don't need a mail shield (using only webmail) and I don't like running local web proxies when I already use Norton DNS (it seems to me a bit overkill). Witn Avast the system seems also a bit snappier

2) Installed and run MBAM. Found nothing, but it doesen't harm

3) Chrome is now my default browser

4) Added HTTPS Everywhere to my browsers

Now deciding abaut sandboxes and anti-executables (thinking about family calls...) . BTW, Avast Aggressive Hardened Mode could play the role of an 'intelligent' Anti-executable?

Regards