Please rate my Windows 7 security and/or give any recommendations.

Discussion in 'other security issues & news' started by polartux, Apr 19, 2013.

Thread Status:
Not open for further replies.
  1. polartux

    polartux Registered Member

    Joined:
    Nov 5, 2010
    Posts:
    4
    Hi

    I want to know if my Windows security config is alright or if it is too little/too much.


    Wireless router with firewall and WPA2 encryption.

    Avast Free Antivirus 8.0 and Comodo Firewall 5

    AppLocker path rules on Program Files and Program Files (x86) folders.

    EMET 3.5 with these settings:

    DEP on for all programs and services

    SEHOP Application Opt Out (Enabled SEHOP with Fix it 50096)

    ASLR Application Opt In


    Require Ctrl-Alt-Del for elevation to Admin

    Lastpass with unique secure passwords for all websites

    Secunia PSI for checking if software is up to date.

    Update Windows and all software plus scan whole system for viruses once a week.

    Limited User Account for daily normal use with SuRun.

    Firefox with Noscript.

    For data backup I use Cobian Backup 11 and for disk imaging I use Clonezilla.

    Should I add a antimalware program like Malwarebytes and a antikeylogger program like Zemana Antilogger ?
     
  2. guest

    guest Guest

    I'm not saying you have a flawless fortress, there's none anyway. But IMO it's already pretty hard to get pwned (nearly impossible in-fact unless you're sooo unlucky). OD scanners aren't really necessary but it won't hurt to have MBAM or HMP just in case. As for anti-keylogger, I assume you're using the HIPS in Comodo FW. Therefore it's not needed at all. :isay:

    P.S. : Wait, isn't the latest Comodo FW version is 6.1? :blink:
     
    Last edited by a moderator: Apr 19, 2013
  3. mechBgon

    mechBgon Registered Member

    Joined:
    Mar 2, 2013
    Posts:
    68
    Location:
    USA
    If you haven't done so already, confirm that your processor's DEP / Execute-Disable feature is actually enabled in your motherboard's BIOS (it probably is).

    Also do a real-world test to confirm your AppLocker config actually works as expected; if you don't have Win7 Ultimate or Enterprise, then AppLocker can be configured, but will not actually be applied. Plant a harmless new .EXE file in your user directory, or in a viable section of the Windows directory, and try to run it. That should be blocked.
     
  4. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    3,871
    Hi,
    I use windows7 home premium 64 bit.Are there any other software restriction policies i can use besides the parental controls and EMET?
    Thank you.
     
  5. mechBgon

    mechBgon Registered Member

    Joined:
    Mar 2, 2013
    Posts:
    68
    Location:
    USA
    Since I'm such an SRP junkie, I haven't tried out other anti-executable software, but I'm sure several of the others reading this thread can recommend some to try out :) Anyone?

    Oh, and I do have another defense-in-depth suggestion to try out, which I described in this thread: https://www.wilderssecurity.com/showthread.php?t=342865 You can restrict how Windows will search for a .DLL file that it's looking for, which closes a potential loophole that is sometimes exploited in real life.
     
  6. polartux

    polartux Registered Member

    Joined:
    Nov 5, 2010
    Posts:
    4
    Thank you for your answers.

    I am using Windows 7 Ultimate SP1 x64.

    I tried Comodo firewall 6.1 but the interface and config options were too limited, so I'm staying with version 5.

    I have Firewall and Defence+ Security Level in Safe Mode and sandboxed Firefox.

    I have checked that DEP is enabled in the BIOS and is working.

    I created a new text file, put some text in it, then named it virus.exe and saved it in the C:\Windows folder.

    When I ran it I got the message

    Code:
    The version of this file is not compatible with the version of Windows you're running. Check your computer's system information to see whether you need an x86 or x64 version of the program, and then contact the software publisher.
    Is this the right Applocker result?
     
  7. mechBgon

    mechBgon Registered Member

    Joined:
    Mar 2, 2013
    Posts:
    68
    Location:
    USA
    Hmm, I think Windows is not falling for the renaming ploy. How about try it with an actual executable file, one that wouldn't match your AppLocker rules. For example, maybe download an installer for CCleaner from Piriform.com, and use that as your test bait.

    I do that with SRP as well. Since my approach is path-based, I can just copy a Windows file (Notepad.exe or something) to my desktop screen, then try to run it as a reality check to confirm it's getting blocked.
     
  8. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,984
    Location:
    Canada
    The renamed text file is not a binary executable, so my guess is that even though it's renamed with an exe extension, windows doesn't recognize it as one.
     
  9. polartux

    polartux Registered Member

    Joined:
    Nov 5, 2010
    Posts:
    4
    Hi

    I got Applocker working after I set the startup type of Application Identity service to Automatic.

    MechBgon why do you use Software Restriction Policies instead of Applocker,isn't Applocker meant to replace Software Restriction Policies?
     
  10. mechBgon

    mechBgon Registered Member

    Joined:
    Mar 2, 2013
    Posts:
    68
    Location:
    USA
    SRP is available on far more versions of Windows than AppLocker, for one thing. For example, I use mostly Win8, and the only version of Win8 that can apply AppLocker is Win8 Enterprise Edition. Ouch! But I can use SRP on Win8 Pro.
     
Loading...
Thread Status:
Not open for further replies.