Only using Microsoft's free offerings to protect Win 7?

Discussion in 'other anti-malware software' started by Scoobs, Jun 25, 2010.

Thread Status:
Not open for further replies.
  1. Scoobs

    Scoobs Registered Member

    Joined:
    Sep 21, 2005
    Posts:
    110
    Good idea?

    I want a simple package that will provide a decent degree of security without being too intrusive or tech-heavy.

    I read this about using IPsec, Win7's built-in firewall, Windows Defender and Microsoft Security Essentials.

    It sounds like a possible idea.

    What do people reckon?

    Otherwise, how about my old XP setup of Online Armor, Avira AntiVir (always on) and SuperAntiSpyware (on demand)?
     
  2. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,852
    Either setup would be ample security, but turn on full DEP.
     
  3. Matthijs5nl

    Matthijs5nl Guest

    and SEHOP, also keep UAC enabled. It can really help if you don't simply always click allow, also disabling UAC disables IE Protected Mode.
     
  4. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,852
    Here was me thinking SEHOP was forced on by default on 64bit editions of Windows... Guess you learn something new every day. Here's also a thread about it that I missed.

    You can automatically enable it here.
     
  5. Matthijs5nl

    Matthijs5nl Guest

    I also have that setup from your sig on one of my pc's. Microsoft only, super light, and bulletproof. Especially when you use Standard User Account (or, but less preferably Administrator Account with UAC on full).
     
  6. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    I don't see anything wrong with either setup. You have a 2 way FW on both XP and on W7.

    You may want to look at PeerBlock for ip block lists for your W 7 setup but much depends on your www risk profile.
     
  7. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Hi funky....

    Tell me about DEP when you have time. What does it achieve for the user. ?


    Never mind, I found this link which gives an explanation of Windows 7 DEP (Data Execution Prevention)

    http://laptoprepair.ca/news/12632/5.html
     
    Last edited: Jun 26, 2010
  8. Scoobs

    Scoobs Registered Member

    Joined:
    Sep 21, 2005
    Posts:
    110
    Thanks for all the replies -got some googling to do:

    DEP
    SEHOP
    UAC
     
  9. ALookingInView

    ALookingInView Registered Member

    Joined:
    Sep 14, 2009
    Posts:
    365
    SEHOP can't hurt anything (aside from Skype and such), thanks for the tip.
     
  10. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,852
    Works fine with the latest Skype.
     
  11. ALookingInView

    ALookingInView Registered Member

    Joined:
    Sep 14, 2009
    Posts:
    365
    I see.
    Suppose there's been at least one update to that particular app since the Microsoft KB article was written.
    Doesn't matter to me one way or the other (I don't use Skype), but thanks for the correction.
     
  12. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,852
    The page seems a little outdated. For example, the fix it tool works perfectly fine on Windows 7, even though it says it doesn't. You can verify that by looking at the registry location after running the tool.

    Most developers will be making sure their apps work with SEHOP, just like DEP, etc...
     
  13. iravgupta

    iravgupta Registered Member

    Joined:
    Dec 17, 2009
    Posts:
    605
    Confirmed, the FixIt tool works fine.
     
  14. Scoobs

    Scoobs Registered Member

    Joined:
    Sep 21, 2005
    Posts:
    110
    Ahead of my laptop arriving, I'm trying to get what I need to do clear in my head. I'm looking for howto's for the various aspects of the setup.

    Also, will any of these cause any ballache down the line?

    This machine is going to be used by my girlfriend who usually uses a mac, and who can't stand intrusive security programs - will these be fairly silent once set up?

    LUA - Any tutorials?

    UAC - This seems like a nuisance - all the first google returnsa are how to disable the thing. Is there a simple tutorial on how best to configure the thing? Edit: Is it this simple?

    DEP - This sounds like a potential thorn in the side down the line. Edit: Reassuring sounding howto.

    SEHOP - Funkydude's sig link looks pretty straight forward.

    Are all these necessary to protect the system? Would I be better off with online armor and Antivir?
     
    Last edited: Jun 28, 2010
  15. Matthijs5nl

    Matthijs5nl Guest

    Necessary no - but they are all really easy to setup and handle and will improve your protection. It is not meant to replace antivirus or something, but help with protection.

    DEP & SEHOP, both take 1 min to setup. All programs I have used work with it. They both simply can't do harm, and in my eyes have only positive effects.

    LUA: Least User Account, it is not a correct name actually. It just just called Standard Account in Windows 7. You could use a Standard Account instead of an Administrator Account. If you get infected a Standard Account can reduce the damage. Also it will be harder to get infected with it.

    UAC: simple to setup with one slider. Default value: notify when important changes. If you use a Standard Account I would recommend that default value. You could also opt for a Administrator Account and put the slider to the max (always notify), that is what I am using. By putting UAC on max on an Admin account, the disadvantage compared to LUA is heavily (almost totally) reduced.

    Also I would choose Windows 7 x64. It has major advantage in security: it has natural selfdefense (32-bit can't touch 64-bit processes), a lot of malware (especially rootkits) doesn't work on 64-bit, all drivers on 64-bit have to be digitally signed in contrary to 32-bit. (PatchGuard).

    Windows 7 also has a great firewall, the lightest in the world, and the most stable in the world.

    Windows 7 x64 is by the far the most secure OS available. I think using the above + Microsft Security Essentials + the golden security rules = bulletproof.

    Golden security rules:
    1. keep your system up-to-date. Windows Update will handle all your Microsoft products. Next to that you have to keep your internet-facing applications up-to-date (Java, Adobe Flash, Adobe Reader, Silverlight). You could do it manually (like I do, I hate installing unnecessary applications), or just an application (Secunia PSI, Filehippo Update Checker).
    2. be carefull with credentials: There is not a single website on the internet which will ever ask for your PIN code. So never give it. Also watch for the domain name on websites you enter credentials (https://, close your browser if you see a strange domain, for example www.yourbank.com.ru instead of .com (Russian and Chinese especially) and watch for the padlock).
    3. avoid strange ads (Your pc is infected! Click here to clean your pc!, You are the 1000th visitor, you have won!).
    4. avoid risky websites (warez, torrents, porn, Russian, Chinese)
    5. be carefull when opening attachments from sources you don't recognize.
     
    Last edited by a moderator: Jun 28, 2010
  16. Scoobs

    Scoobs Registered Member

    Joined:
    Sep 21, 2005
    Posts:
    110
    Thanks a lot
    That's exactly the sort of thing I wanted to know.

    Thanks for explaining LUA and UAC (and SUA - Standard User Account?) - I think I'll set up a SUA for my girlfriend and an Admin account with full UAC for me - I don't mind a few warnings and pop-ups.

    The laptop comes with Win 7 x64 so I'm pleased you think it's the one to go for.

    That makes a lot of sense.
     
Loading...
Thread Status:
Not open for further replies.