Critique my setup

Okay,

I have to use an older PC (because somebody messed at work, our company laptops do not allow a second admin user on a different group anymore). So did gather some advice through PM (thanks).

This is what I have come up with on an desktop XP Home SP3

Behind Router with NAT firewall

Windows XP Firewall

Comodo Time Machine
To reduce updates on C: [Windows] partition I created a seperate Data Partition (excellent tutorial on Mrkvonic site) and moved Temporatay directories to a special Temp partition (same as Kees1958 ) containing
- Internet net files
- Temp & Tmp variable
- Download directory

Policy Management
Running Admin with PGS (thanks Sully) with deny execute on Data and Temp partition and running:
- third party aps as basic user (flash, foxit, pdfcreator, 7-zip, java)
- internet facing aps as basic user
- my Softmaker office aps as basic user

PrevXSafeOnlineFacebook freebie
Note I deleselected the realtime MBR check, because it possibly interferes with CTM (just to be sure). I have gradually upped the heuristics (as Kees1958 advises), which are now
- heuristics = HIGH (apply AFTER age/population)
- Age = MAX (only look at latest to reduce CPU usage of PrevX)
- Popularity = LOW (only recent programs also)

The idea behind this setup is when PrevX spots something, I travel back in time on my Windows partition with CTM, because PGS protects other partitions I can't be infected (deny execute is simple and strong according to Rmus). CTM runs very efficiently (plus providing some MBR protection). PrevX3 freebie also scans for MBR rootkits, so I am not that worried running Admin. PrevX only looks at newest arrivals, so when infected I do not have t travel back to much (I hope . Becasue of this PrevX3 free also very lean, safe online only kicks in on https websites, so no CPU waisted while surfing normally.

Browser
I am using Chromium as primary browser. I enjoy its speed (using Adsweep, SiteAdvisior and Wot extentions). I am not looking for warez, not using any Peer to Peer or messagsing programs, not visisting dubious sites, so think I have a moderate Internet risk profile (and hope the sandbox is strong enough when Mcfee and Wot miss something out)

On demand
Using HitmanPro on demand (for the rare occasion I try-out a new program).

No outbound control
As said it is an older PC, so I want to keep it as lean as possible. I am also having doubts on added value of outbound (post intrusion) protection.




Thanks Newby

 

Very very very Good.

1 Question how can I disable Prevx' MBR check? is it somewhere around the settings page. I'll check it anyway

 

Konata, thanks for the heads up

I originally I tried Sandboxie free plus PrevX free. But Sandboxie needs configuration. Evertime I read on Wilders "with a proper configured Sandboxie you are safe", to me this implies that I have to be experienced to use SBIE properly. I also ran into problems using SBIE and PrevX Safe Online FaceBook freebie.


Your question
When using the facebook freebie (different language here, so hard to explain)

Click second vertical option (below status, problably called settings) on the left

Choose standard configuration (icon left top on displayed panel)

A list is displayed, second from below (real time scanning MBR)

 

Nice setup,

I kicked out keyscrambler and Tusteer and tried PrevX SafeOnline freebie again. This time I do not have delay when typing a web address in the browser address bar (so they have fixed it ).

Only running Power user instead plus secpol for deny execute

EDIT: plus forticlient free FW.

Regards Kees