Average Joe setup and PGS Version 2?

Discussion in 'other software & services' started by Kees1958, Mar 17, 2010.

Thread Status:
Not open for further replies.
  1. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Sul,

    When you can find the time and are considering the release of version two of Pretty Good Security, here is some input.

    I recently 'hardened' the Windows x64 setup of my brother in law

    1. Made a scheduled task which set the UAC protection ON to default and set the download protection registry tweak PROTECTION ON (see https://www.wilderssecurity.com/showpost.php?p=1603237&postcount=1) through a reg file running admin rights at log-on

    2. Hardened IE with the following registry tweaks
    [HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions]
    "NoChangeDefaultSearchProvider"=dword:00000001

    [HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel]
    "Advanced"=dword:00000001
    "Autoconfig"=dword:00000001
    "Cache"=dword:00000001
    "Certficates"=dword:00000001
    "Connection Settings"=dword:00000001
    "HomePage"=dword:00000001
    "Profiles"=dword:00000001
    "Proxy"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe]
    "DisableExceptionChainValidation"=dword:00000000

    3. Enabled DEP, Windows FW, Windows Defender (with on execution agent OFF), made host file read only.

    4. Set all internet facing software (execpt IE) to Medium Intergrity level with icacls.exe (advantage you won't get a UAC elevation prompt when a process request elevation, it is simply denied, like running with old drop my rights)

    5. Installed Trusteer Rapport and added the bank sites he uses.

    6. He uses Open DNS, Google and IE8, so he has IP checking from Open-DNS, Google and Smartscreen filter.

    7. Installed an AV (any choice you like, I installed Avast 5 file shield only, because his ISP provides spam and virus mail filtering) plus Hitman Pro (also scheduled once a week to run with task manager).

    He understands he has to click the set Download Protection OFF (reg file) from the start menu before he is able to download a new program. He still is Admin, he tells me he does not 'feel' any functional limitations.

    Bottem line:
    Windows 7 x64 security by itself is an improvement

    My guestimate is that with the three IP/website black lists of Open DNS, Google and Smartscreen he reduces chance of infection with 60 to 70 percent.

    When Trusteer Rapport indeed protects the browser process, IE8 runs with low rights and a deny exectanles download policy, he is also protected from 80 to 90 percent of the remaining thirty-forty percent.

    My (maybe naief) idea is that when these tweaks are provided to average PC users in a user friendly way (PGS V2 ?) maybe more people would use it.
     
Loading...
Thread Status:
Not open for further replies.