I don't mind seeing someone saying "I am using Product X, Method Y and Product Z, and it is working great" because that is how we can share what we find works on our systems, and gives you ideas of what is out there that you might not have heard of. But I also don't expect that what works for me or you will work for everyone in the same manner, as our systems can be radically different as well as our habits. I don't for a minute think that those with intentions of hacking/cracking/etc are not aware of all of these tools and more. If they are any good at what they do, they probably have preferred programs for thier own security, and preferred settings/tweaks to enhance those programs. I tend to believe that if you wanted the best security possible, you should ask a professional hacker, as they probably know which tools are thier toughest opponents. Sul.
Well, Site Advisor on my Chrome portable claims that link is bad: Whoa! Are you sure you want to go there? http://www.matousec.com/ may cause a breach of browser security. Why were you redirected to this page? When we tested this site, it attempted to make unauthorized changes to our test computer by exploiting a browser security vulnerability. This is a serious security threat which could lead to an infection of your computer. Way to go with that. I'd better run my AV now then ... "expletive deleted" ... EDIT: WOT & Trust My Web seem OK with it, must be another case of Site Advisor being a tad over enthusiastic.
Rofl. Search for matousec in wilders. It's a widely recognized security software testing company. Even partnered with some security vendors. But the site advisor warning isn't wrong at all. The matousec site has some leaktests and things of that kind available for download.
Yeah, I think Site Advisor can be a bit unjustly spooked terrified terrorised ballistic berserk crazed alarmed sometimes. Well, 'leaktest' does sound a bit dodgy LOL!
Actually, when you search Wilders, you will find out, that their tests are complete nonsense/unrealistic, as one user explained in detail. To the topic, I think that getting list of running processes would reveal, what security software is running. http://support.microsoft.com/kb/187913
Matousec and his tests are of no value in the real world. His methods of testing border on extortion of the security app vendors. Because of his methods and the flawed ideas they're based on, the results are little more than paid advertizing. Regarding: "Posting security setups a bad idea?" It doesn't make any difference if it's in your signature or contained in posts. A couple clicks will bring up everything you've posted. IMO, it's not wise to reveal all of your defenses. Using my own for example, I have no issues with stating that my core policy is default-deny, enforced by SSM, Kerio, and Proxomitron. If someone searches my posts, they'll find: 1, I use Smoothwall. 2, I use batch files to prevent/undo changes to my registry and other autostart locations. 3, I use encryption when I feel it's necessary. 4, I run Tor. 5, I multi-boot but run one OS most of the time. They'll find some details or examples regarding how each is configured, most of which is on a concept level, not the exact settings for each app. There's details to their configuration that I don't mention and other layers in place to alert me if my primary defenses are defeated. In todays political climate, I have no doubt that anyone who has expressed sympathy or support for Wikileaks or any part of the anti-sec movement is being monitored, and depending on what you've said or done, they may be doing more than just monitoring you. Short of getting physical access to your system, the only way that they can determine what your defenses are is to use nosy scripts, applets, etc (which can be defeated by proper filtering) or keep tract of what you reveal. This is a very unique and volatile time where what is legal and what is right can be in complete opposition to each other.
They have a constantly updated test suite that is pretty accurate in emulating what malware can do in real world in order to compromise a Windows XP SP3 32-bit system (their testing procedures will begin to use a Windows Seven x64 in the next round I think). http://www.matousec.com/projects/security-software-testing-suite/ Here you are only giving Matousec tests some questionable adjectives, not directly criticizing them. Read their FAQ: http://www.matousec.com/projects/proactive-security-challenge/faq.php#testing-guidelines
Talking of being able to see some running processes: IP-Secrets Wie ist meine IP? und was verrät sie über Sie
Thanks for explaining your position. IMO, it is one of the most practical approaches I've seen, when it comes to posting setups or not.
No it's not a bad idea. I give the primary security apps, and the rest is good practices which everyone knows, especially the crooks. These best practices are recommended by security firms, government, and mentioned in just about all forums. When I say my security is router, Online Armor, Webroot SecureAnywhere Essentials, Sandboxie, and SpywareBlaster, plus some manual scanners and diagnostic apps, I haven't given the public the whole store. I have some special things I dont mention. Some settings, some programs I dont mention, because they'd be dangerous if used by a novice, I'm a raving paranoid and dont tell all, and some are adjunct to generally recognized security apps. Many of you here scan your systems with online scanners and may not think to mention it or name which ones. There are myriad settings in the operating system hardly mentioned but contribute to security, unless as answer to specific question. So I doubt if any person here exposes the whole security configuration. Besides if the system's security is layered right, it doesn't matter. If you checked my past posts you'd see what I used at various times, but you never saw mention of Wormguard, a truly ancient app for one purpose, simple, and effective. For what it does I've found no weakness. It's either have certain extensions open in notepad or use Wormguard. Some of you oldsters know it. The company that made it is non existent now. Even though I name it now, I have more I dont name. I bet many of you dont too.
Of course you are correct. Some people list every program on their system that is vaguely related to security. Most people list just a few of the main apps.
I have always been annoyed by security setups in signatures. While I don't find it a particular concern, it may be due to the opinion that it's not just what you install but whether you know how to use that setup or not. That said, I also see "things" in users' signatures I find far more annoying than security setups. It may look like I am an easily annoyed person - but actually I'm not. I voted for "yes".
Thanks. No, I didn't. Besides the annoying factor, signatures can still tell something about mindset, so I'll leave my setting to "on".