New to Windows, need advice on 7x64 security

Discussion in 'other anti-malware software' started by justenough, May 13, 2010.

Thread Status:
Not open for further replies.
  1. justenough

    justenough Registered Member

    Joined:
    May 13, 2010
    Posts:
    1,549
    After reading your post Ace, I installed WinPatrol, a "light HIPS". So far I've gotten some woofs, but nothing annoying yet. I had gotten used to retrieving downloaded files in Sandboxie, so we'll see which is less intrusive, and I'll go with that one. Or go back to Threatfire, which was extremely quiet.

    I also re-installed AVG's LinkScanner, but this time didn't do a custom install. It put on a Yahoo tool bar, and all sorts of other stuff I didn't want. And then when I used Revo Pro (a utility program worth the upgrade IMHO at the half-price deal;)) to uninstall LinkScanner, it found all sorts of crap left behind. What is AVG thinking with this? I won't touch another one of their products.

    So then I tried Norton's SafeWeb, and it put a nice big "Norton" on my toolbar, with their own search window. I guess free can have its price. So I am back to plain ol' WOT and whatever good sense and luck I might have.
     
    Last edited: May 17, 2010
  2. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    The solution to this problem is to use the paid version. Here you can force a browser to start in SBIE. I make a different sandbox for each browser. I limit what programs can run within this box, and what programs have network access.

    Concerning downloads, all it requires is saving downloads to either "my docs" or "desktop" and SBIE will auto-prompt you to recover them. But what I do is to create a special directory (or use public downloads or user downloads in win7) and tell SBIE to have "direct access" to this folder(s). Now when I save things, they are written directly to that location and there is no extra step required.

    I go one step further, and have created another sandbox that forces anything executed in my downloads directory to start in a sandbox that has no network access allowed. In this manner, I use any browser to download anything, and they all save to one directory. I don't have to recover, it is a direct "live" write. I can then move things if I want to keep them. I can execute things from this downloads directory to test them, and they are opened in a sandbox.

    If you have a few specific places you save things to with frequency, just give those directories direct access so that you can save there. It goes without saying that if you are downloading a trusted file, there should be no worry. If you are downloading something untrusted, one can only hope that you place it somewhere and take some precautions before executing it.

    Simple, effective and minimal setup.

    Sul.
     
  3. Matthijs5nl

    Matthijs5nl Guest

    It can be done without changing a registry value, this file does it for you: http://support.microsoft.com/kb/956607
     
  4. justenough

    justenough Registered Member

    Joined:
    May 13, 2010
    Posts:
    1,549
    My current security:

    OpenDNS
    NAT router
    Windows 7 Firewall
    Avast
    LUA, UAC, DEP, SEHOP
    IE8 with WOT and SpywareBlaster
    Trying WinPatrol, will use it or Sandboxie

    Secunia PSI
    Hitman Pro
    MBAM
    CCleaner
    Revo

    Macrium Reflect

    I was getting an Event ID on MSE that meant that a MSE file was corrupted. From reading on the internet, it happened with a lot of people, and Microsoft's solution was to delete the file, and MSE would reinstall it. But for me as with others, it got corrupted again at the next crash. So I have taken MSE off, and am now using Avast again.

    Is Avast the lightest AV?

    I will be buying Hitman Pro.

    After the help I have gotten here, I have gone from bordering on paranoid to feeling pretty safe with the in-built protections of 7 x 64, and the other security programs suggested here. So thank you Wilders people. This is a great site that is now a regular read for me.
     
    Last edited: May 18, 2010
  5. justenough

    justenough Registered Member

    Joined:
    May 13, 2010
    Posts:
    1,549
    That looks like a better way of using Sandboxie, Sully, thanks. After I have gotten used to how WinPatrol works for a few days, I will reinstall Sandboxie and try it the way you've outlined here.
     
  6. ace55

    ace55 Registered Member

    Joined:
    Mar 29, 2010
    Posts:
    91
    Never tried WinPatrol, might have to do that soon.

    Not a big fan of LinkScanner myself, nor SafeWeb on its own. Linkextend and WOT are the only browser addons I've found of their type that don't annoy you in some way or another.

    Good on you for using Hitman Pro, great software. In regards to your desire for a light av/antimalware, I would suggest prevx or avast. I'm running both, alongside immunet, and there is very little slowdown. Prevx is actually a fantastic choice, try it!

    I use Sandboxie in a similar manner to Sully - it is much easier to not have to bother with launching applications in a sandbox, as the paid version quite easily handles this for you.
     
  7. justenough

    justenough Registered Member

    Joined:
    May 13, 2010
    Posts:
    1,549
    Can't use the program to change SEHOP in 7 64, and following the instructions to do it manually, I got a message saying not allowed at the last step.
     
  8. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    The Fixit did work fine for me.
     
  9. justenough

    justenough Registered Member

    Joined:
    May 13, 2010
    Posts:
    1,549
    I didn't use the program since it said it was for something other than 7, but I'll give it a try.
     
  10. justenough

    justenough Registered Member

    Joined:
    May 13, 2010
    Posts:
    1,549
    I just loaded Prevx, and Sysinternals Process Monitor shows it working away nonstop, doing RegQueries. Avast doesn't do that, probably only checking actual activity on the computer. edit: Just to be clear, I don't know if that's good or bad, or if Prevx settles down after a while.

    Since I have gotten good recommendations on Sandboxie, and it seems that used the right way it could replace a few other programs, I will load Sandboxie tomorrow and actually read the manual:eek: , and see what it can do.
     
    Last edited: May 17, 2010
  11. Matthijs5nl

    Matthijs5nl Guest

    I am on Windows 7 x64 too, it works, just download and run, takes 1 minute and you have to restart your pc and your done.

    EDIT: I see what you mean, it says it doesnt work for Windows 7 yet, but it does here at me, just a little typo by microsoft.
     
  12. justenough

    justenough Registered Member

    Joined:
    May 13, 2010
    Posts:
    1,549
    I ran the fixit, thanks for letting me know it would work with 7. Guess I now have SEHOP on, but how do you know if it is actually enabled?
     
  13. Matthijs5nl

    Matthijs5nl Guest

    Only way to see if it is working is by doing the following:

    1. Press Start
    2. In the search bar, type "regedit" and press enter.
    3. Expand HKEY_LOCAL_MACHINE
    4. Expand SYSTEM
    5. Expand CurrentControlSet
    6. Expand Control
    7. Expand Session Manager
    8. Click on kernel
    9. In the right pane, spot DisableExceptionChainValidation

    If the value between the brackets is 0, SEHOP is enabled (in other words, it is not disabled if you look at the name of the registry item: DisableExceptionChainValidation).
    If the value between the brackets is 1, SEHOP is disabled (in other words, it is disabled if you look at the name of the registry item: DisableExceptionChainValidation).

    The FixIt is the automatic way to turn SEHOP on. If you want to disable and mayby enable it again in the future, using regedit is the way to go (FixIt can't disable). Right-click DisableExceptionChainValidation -> Modify -> In the Value data box put the 0 (enabled) or the 1 (disabled).
     
  14. justenough

    justenough Registered Member

    Joined:
    May 13, 2010
    Posts:
    1,549
    Thanks Matt, this is really helpful. I checked, and the program did turn on SEHOP for me.
     
  15. justenough

    justenough Registered Member

    Joined:
    May 13, 2010
    Posts:
    1,549
    After some discussion and help in PMs, this is the security I am running now:

    NAT Router
    Windows 7 firewall
    Avast 5
    WinPatrol Plus
    Sandboxie (paid)

    IE8 with WOT
    Secunia PSI
    MBAM
    Hitman Pro

    Using Windows 7 to defrag and make the disk image

    Think this is about as simple a set-up I can get and still feel safe.
     
  16. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,752
    Location:
    Toronto Canada
    First let me say I use WOT. However a friend who uses McAfee Site Advisor and I did a quick comparison, and McAfee had ratings for sites that WOT did not. Also Site Advisor warned against a couple of sites that WOT said were ok. So on the suface at least it would appear that Site Advisor has a larger database of rated sites and may be more accurate than WOT at this time. We didn't spend a lot of time on it and it was hardly scientific.
     
  17. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,164
    Location:
    UK / Pakistan
    I totally agree. Don,t mess with a lot of security software.
    Get rid of WOT, WinPatrol, Hitman etc.
     
  18. sunoracle

    sunoracle Registered Member

    Joined:
    Mar 25, 2010
    Posts:
    51

    I know I'm replying to this late, but I feel it's important enough that I keep repeating it whenever I can:


    You really don't want to run as the Admin user. Run as a Standard user and when needed supply the admin credentials (password) to escalate privileges and install a new app or whatever (or run an app that affects the entire system and thus requires Admin privileges). I've seen this called "over the shoulder mode" by some people.

    I've only found a very few times when I actually needed to login as the Admin user. (For example, when you need to create or modify user accounts.) My Admin account is setup with horrible, eye-curdling, bright colors, and I keep the desktop free of all icons. It's not a "friendly" place, and you just get in, do what you need, and get back out.

    If there is software that won't play nicely with this, then I would suggest you look for an alternative piece of software that's done properly.
     
  19. sunoracle

    sunoracle Registered Member

    Joined:
    Mar 25, 2010
    Posts:
    51

    The NAT router, Win 7 firewall, and Avast sound good.

    I thought Sandboxie really doesn't work properly with 64-bit Windows? Has that been fixed?

    I'm not a fan of IE. I'd recommend Firefox, Opera, Chrome, or Safari instead. They're less tied into the OS, so there's another layer of separation there.

    Secunia PSI is good, although it's had some false positives that they're slow to fix.

    I use MBAM too.

    Hitman Pro seems to be worthwhile for an occasional checkup. I also run scans with SuperAntiSpyware and some of the online AV scanners too.
     
  20. justenough

    justenough Registered Member

    Joined:
    May 13, 2010
    Posts:
    1,549
    I tried several of these browsing alert programs, and they all put an intrusive logo on the browser, and tried to put a search window on. Plus who knows what else behind the scenes. And comparing them to WOT, any improvement in alerts wasn't worth having them brand my toolbar.
     
  21. justenough

    justenough Registered Member

    Joined:
    May 13, 2010
    Posts:
    1,549
    With 7 x64, I am getting the feeling that it might be hard to write software that fits seamlessly in with the system. So I have just done a reinstall using the fewest 3rd party programs possible.

    Sandboxie is gradually giving me the confidence to lighten up in other areas. But Hitman Pro daily scans and WOT seem indispensable if I am not going to use a real-time A-V.
     
  22. justenough

    justenough Registered Member

    Joined:
    May 13, 2010
    Posts:
    1,549
    I have caught hints that shifting between Admin and Regular can cause problems with software, depending on which it was installed under. Since I am still unclear on this issue, I am using an Admin. account for now, and relying on careful browsing, Sandboxie, scans, and if the walls are breached, a quick retreat to the system image.
     
  23. justenough

    justenough Registered Member

    Joined:
    May 13, 2010
    Posts:
    1,549
    Sandboxie 3.45.14 is still a beta I think, but it comes in 64 bit.

    I would probably go with a version of Chrome (Iron?) except for 2 things: I have had stability issues with 7 x64 with some 3rd party software, so I am trying to use as much inbuilt stuff as I can. Even have Defender enabled for the first time, though it probably doesn't do much. The other problem, or maybe the same problem, is that Chrome and Firefox would crash the system when dragging the scroll bar. Though that might have been a conflict with Logitech trackball software, I have come across a few comments about their drivers and 7 x64. So I am even using the Windows mouse driver now.

    Yes, Secunia, MBAM, and Hitman Pro are working really well on my system, and I am depending on them heavily.

    Since I am new to the Windows world, it hard for me to get my bearings enough to know what is causing what. But keeping it simple has paid off, using this plan with the last fresh install has given me the longest stretch with no problems.

    p.s. Sunoracle, I think I misunderstood what you were saying about 64 bit Sandboxie. There is a way malware can get through, and Sandboxie isn't locked down tight the way it is on 32 bit. On the other hand, I have read that a 64 bit OS is safer, so maybe it balances out.
     
    Last edited: Jun 3, 2010
  24. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    I don't know that there is an issue with being admin or user really so much as when you are a user you must elevate some processes to admin to use them.

    Likely what you are experiencing is a admin-user-mutex program (I just made that up ;) ), where you have to be admin to install to program files (perfectly normal) and it also creates userland items. This sort of situation does exist, and goes against all that is good in the universe lol. You have to raise to admin to install, yet it puts data in the admins profile, so the user doesn't have access to it. Strange, but thankfully not very often does this happen.

    As a new user to the M$ world, it would be best if you were only a user. However, contrary to what some believe, you certainly can be admin and have no problems if you understand what to do or not to do. Many here are admins and have no issues. It would certainly be better to be only a user, but whatever works for you that is secure..

    Sul.
     
  25. justenough

    justenough Registered Member

    Joined:
    May 13, 2010
    Posts:
    1,549
    Took your advice Sully and changed to Standard Account, getting Admin approval on changes. No passwords, since I am the only one using this computer.

    And since there seems to be a limit on how relaxed I can be about security, I added an AV, NOD32. I wanted something I wouldn't notice, and it felt like the lightest.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.