New PC-Suggestions for Running "Lean"

I have built a new Windows XP Pro SP3 PC and want to run "Lean" while still having good security while browsing the web. My only web access so far has been for Windows Update and Microsoft Office Updates.

Current Setup:

1. NOD32 version 3.x Antivirus (with BlackSpear’s Recommended Settings xml Configuration File Loaded, Configuration Password Protected),
2. Windows XP SP3 Firewall On
3. SuperAntiSpyware Free Edition
4. Sandboxie Paid (All Web Browsers Forced into “Sandbox”, Only Web Browsers and Windows Media Player Allowed to Run in Sandbox, Auto Delete Sandbox Contents on Web Browser closure)
5. SpywareBlaster.

For the time being I have decided to leave off the following: Microsoft WindowsDefender, Ad-Aware 2008 Free Edition, AVG Anti-Spyware Free Edition, Spybot Search & Destroy, MalwareBytes AntiMalware and a2free 3.5 AntiMalware.

Plan to add:

1. FunkyToad’s HostsXpert (For Window’s Hosts File Management) and the MVPS Hosts File (with routine updates). I also will disable the Windows DNS Client Service to minimize the load on the PC caused by numerous entries in the Window’s Hosts File.
2. When a2free 4.0 AntiMalware is released in a few weeks I plan to give it a try.

Does anyone have any suggestions for additions/deletions? I have been thinking about HIPS and/or HIPS-Firewall such as Online Armor. I also plan to try out Paragon Disk Backup Personal 9.0 in the near future.

Thank You in Advance.

 

Definitely a Behaviour blocker/HIPS since you are using NOD32. I'd go for Mamutu, if you're willing to pay, or Threatfire/Online Armor/Comodo ( try them all and see what it suits you best), if you're not.

 

it seems to me that you are able to give good advises now can i ask you,if i have a well configure hips program do i need a behaviour blocker
to complament it?or not?thanks in advance for the advice

 

No, normally a HIPS should include all the functions of a behaviour blocker, so instead of getting more protection you'd just get more popups. At most it may give some additional popup that the HIPS doesn't about something like keyloggers or clipboard loggers, but I think that it won't really happen if you're using a good HIPS.

 

thanks for the good explanation

 

Lean? First start with your services. Stop all unnecessary ones. Black Viper has probably one of the best lists. I don't even know if his website is around anymore or not. Be aware that many apps will put in services or autostarts. Kill these off too. You can often rename parts of apps if needed. For instance the Intel mouse driver I use (Sidewinder) has this idiotic updchk.exe run all the time. There has never been a driver update since I bought the mouse, but it is not even going to give me an option to turn it off. Deleting or renaming the file does nothing, as it replaces it or borks the driver and I have to re-install it. I now just make a compiled autoitscript that basically does nothing but open and close, and name it updchk.exe. You just need to be aware that things you install very possibly may want to start other things for you, you know, in the name of convenience. So keep checking.

Second, close all the ports you don't need. Windows Worm Cleaner is a good tool for this.

Third, to state the obvious, alternate browsers and apps/etc that have very small footprints. Ranging from firewalls to AV to HIPS etc.

Fourth, consider some reg tweaks for your installs. There are thousands out there, and many sites devoted to them. This will get rid of crap like the initial Windows Tour and such stuff. Too many to mention for sure.

Fifth, take your system restore % down a notch. Turn off any of the advanced items you don't need, wether it be error reporting or the eye candy fading effects etc.

Sixth, as far as security goes, Sandboxie is good. Consider creating a Software Restriction Policy (SRP) to specifically make a program (such as browser) start as only a 'Basic User'. Or run in LUA, although depending on what you do that may be easier said than done. There are a few threads running around Wilders that talk about how to add the 'Basic User' for the SRP.

Seventh, keep a cleaner around like CCleaner or other to throw out the garbage periodically.

Eigth, use JKDefrag, and JKDefragGui. Use the GUI to install the DefragScreensaver. Now you should stay defragged all the time.

And finally, IMO the #1 thing you can do to help keep that lean 'feel' is be aware of what apps put context menu items in for you. Nothing feels slower than when I right click on something and it takes a very noticable LAG to bring the context menu up.

These are what I do, or some variation. Remember too that Suites generally are much larger than individual apps, although that is not always the case depending on what app it is. Using 7 different apps vs a Suite that consists of 7 modules, there could be a large difference either way as to which has the smaller footprint.

Sul.

 

Black Viper is back and his site is better than ever.
http://www.blackviper.com/

 

This post contains is a real light example on XP Pro

https://www.wilderssecurity.com/showpost.php?p=1336390&postcount=3233

It is strong I have tested it

When you are familiar with SBIE you could add it, when you are new to sandboxes, I would recommend DefenseWall

regards Kees

 

If you have a hardware firewall I would still leave windows firewall active but it's not really needed.

For the lightest setup use the apps in my siggy, learn their their capabilibities and the only time you will need blacklist scanners as on demand will be be for a second opinion/testing.

 

OFF TOPIC:

emperordarius i see in ur setup in ur sig u are using avira suite and comodo firewall, im guessin u disable firewall in the suite and just using comodo's, but why would you buy the suite instead of just the AV if your not using the firewall, is there some kind of bonus to doing that?

 

Just about the same setup,except for the MS thingy,for well over a year FAST,LEAN and CLEAN. People load tons of stuff,but IMO have to know what in your situation is really needed and from there cut down to something simple and effective,get rid of all the resource hungry and conflicting stuf on your machine.

 

In fact I have avira with the mailguard, firewall and backup uninstalled. The reason why I'm using the suite is because someone I know bought a 3 user license for the suite and gave one to me. If it was for me, I would have bought the Premium Version.

 

ah ok, thx for clearing that up

 

I had a feeling that someone would have eventually asked that question