[Rate 1-10] My Security Setup.

Discussion in 'other security issues & news' started by squash, Jun 27, 2005.

Thread Status:
Not open for further replies.
  1. squash

    squash Registered Member

    Joined:
    Mar 25, 2005
    Posts:
    313
    MY SECURITY SETUP

    =========================
    INFORMATION
    =========================
    Please rate my setup from a scale of 1 to 10.
    And suggest what I can do without... (if there are things that are useless)

    I try to keep this computer look and feel fast and minimal whilst keeping it strong and secure "under the bonnet" and make programs work right with each other. This is unlike some, who have are minimal but lack security, patches and some who have lots of security apps but bog down their PC.

    =========================
    THE SETUP
    =========================
    Microsoft Windows XP SP2 with all patches
    Limited Windows XP Account for everyday use and I use "Run as" for installing applications.

    GENERAL:
    - I am on Dial-up Internet witha reputable and well established ISP.
    - I am on Celeron 1.1Ghz, 128MB RAM computer
    - I usually hibernate this computer, with some occasional restarts. So I don't have to wait for teh security apps to take ages to load.
    - I used to have a computer infected with trojans, viruses - so I have an experience of how to protect myself.

    PARTITIONS:
    [Windows]
    A:\ Floppy
    C:\ Windows XP partition (5GB)
    D:\ Normal files (save pictures off internet, non-sensitive files, save tv programs, video files, music) (10GB)
    E:\ CD-ROM
    F:\ AES-Blowfish-Serpent Encrypted Partition (384MB - part of D:\)
    G:\ USB Flash Drive (128MB)
    [Linux] Backup/Image of C:\ (Windows partition), D:\ and F:\ (5GB)

    MAIN SECURITY APPS:
    F/W (Firewall):
    - Kerio 2.15 (Personal Firewall - Incoming and Outgoing) (Resident)
    - CHX-I (Packet filter - Incoming and Defragged packets) (Kernel)

    IDS (Intrusion Defense System
    - Network Shield plugin in Avast!

    A/V (Anti Virus):
    - Avast! Antivirus (Resident and On Demand) with Standard Shield (Resident antivirus), Web Shield (HTTP Proxy that scans for viruses and block them before they are downloaded) and Network Shield (See Above)
    - Dr. Web (On Demand) I tried F-Prot, but it a home brewed test I conducted - it only detected 244 out of 283 viruses whilst Dr. Web caught 258 out of 283 viruses. So I keep Dr. Web.

    A/S (Anti Spyware):
    - Ad-aware (On demand)
    - Spybot - Search and Destroy (On demand)
    - SpywareBlaster

    A/T (Anti Trojan):
    - Ewido (On demand)

    Hosts intrusion (HIDS):
    - Process Guard (Resident)
    - Prevx (Resident)
    - System Safety Monitor (Resident)

    I use Mozilla Firefox as my primary and default browser.
    Mozilla Firefox with these extensions:
    - Adblock (3 combined filters, Perceive, RejZoR, Mine)
    - Compact Menu
    - Flashblock (Block Flash ads)
    - ImageZoom
    - NoScript (Remove all javascript, except for sites you permit)
    - Objection (Remove Flash cookies)
    - Permit Cookies (Remove all cookies, except for sites you permit)
    - Remove it permanently (RIP)
    - x (remove history, cache etc.)
    - Turned off referers, disabled Java, disable software installation.
    - and a userContent.css to further block ads

    OTHER APPS:
    - Eraser - All sensitive files, erased 35 times with Gutmann Algorithm.
    - TrueCrypt - F:\ (Personal) drive is encrypted with Triple AES-Blowfish-Serpent (Impossible to crack)
    - AxCrypt - All personal files that are backuped to USB Flash Drive are encrypted with AES
    - ERUNT - Registry Backup

    SECURITY TOOLS/UTILITIES:
    - Autostart Viewer - Check for trojans and others
    - Filemon - Check for naughty apps.
    - HiJack This - Check for spyware
    - MD5 Summer - Verify integrity of programs downloaded from web.
    - Rootkit Revealer

    BACKUP:
    Windows partiton (C:\) Drived is imaged with Partition Image
    Personal files imaged with Partition Image and also backup to my USB Flash Drive
    Computer is BIOS passworded
    Computer is Windows XP passworded

    BEHAVIOUR/MISC.:
    - 3 combined HOSTS Files (MPVC, Mike's, Remember.mine)
    - Disabled uneccesary services
    - Hardened with Secure-it, Harden-it, SafeXP
    - Patched with various GRC.com utilities
    - Hardly ever install software, and if they do they must be bloat-free and reputable
    - Don't use P2P or file sharing and never download files off IRC
    - Turned off NetBios etc.
    - System Restore and Windows File Protection is ON
    - I only use this computer for web browsing, watching TV (with TV tuner), multimedia, school work (Word processing) and image processing.
    - Default admin account has been passworded (the one that needs to go into safe mode)
    - Scripts (VBscript) turned off with Symantec NoScript.exe
    - I use dial-up Internet, so my IP address changes (dynamic) every dial-up.
    - I totally know what I'm doing, I'm not a newbie.

    DESKTOP AND START MENU:
    ...For the curious, my Desktop:
    [​IMG]

    And Start Menu:
    [​IMG]

    As you can imply from my desktop screenshot and start menu - I am not a newbie... Nothing has gone through, yet... :)

    =========================
    CHANGELOG
    =========================
    1. Changed IDS, Lightweight firewall to state it is an IDS - to avoid confusion
    2. Added to say I have a userContent.css in Firefox for adblocking
    3. Replaced SpywareGuard with Microsoft AntiSpyware
    4. Made Microsoft AntiSpyware On Demand only - as it was sucking up 12MB RAM
    5. Tried Proxomitron, then removed - made this computer extremely boggy - every time I type, it would takes ages for each letter to come up.
    6. Remove Microsoft AntiSpyware (redundant)
    7. Added Ewido Security Suite
    8. Replaced F-Prot with Dr. Web
     
    Last edited: Jul 2, 2005
  2. lynchknot

    lynchknot Registered Member

    Joined:
    Jun 26, 2004
    Posts:
    904
    Location:
    SW WA
    Then why the newbie question? You certainly seem to know what you are doing (more so than I). I wouldn't worry about it. I'll give you a 9 - one point deduction for asking. :D


    - wow, I like apps - mine's 19GB other than security apps as well.
     
  3. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    You do seem to be well protected. I know you are running way more security apps than I need. But everyone to their own feeling of security. ;)
     
  4. squash

    squash Registered Member

    Joined:
    Mar 25, 2005
    Posts:
    313
    Thanks both.
    I just wanted to be assured by other people that I'm protected... :)
     
  5. lynchknot

    lynchknot Registered Member

    Joined:
    Jun 26, 2004
    Posts:
    904
    Location:
    SW WA
    I do see a flaw in your defense strategy............. :p
     
  6. areply

    areply Guest

    I would consider getting a Anti-trojan. You never know if a trojan could slip past your setup. What harm can it do to have a free Anti-trojan like Ewido or A2?

    Are you saying your using two software firewalls? Kerio2.15 and Network Shield. If so, it is never a good idea to use two software firewalls together.

    Also if you have read the paper by Peter Gutmann on how to properly erase data from a hard drive, you would see that what he did was to later add to it in his Epilogue, saying that the 35 gutmann pass was totally unecessary amout of overwrites that is no more effective than a few passes. Read the Epilogue here by scrolling down to near the bottom.
    http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html

    So when it comes to overwriting your data, if your using 35 passes, your wasting your time. All anyone needs is a few passes at the most (I use between 5-8 passes myself). Any more than that and it's doing you no extra good.

    RAM isn't really that expensive so why not consider an upgrade there? 128MB is really a rock bottom minium for todays set ups. I would say 256MB is really a minium IMO. I use 512MB myself and I think I need an upgrade. ;)
     
  7. squash

    squash Registered Member

    Joined:
    Mar 25, 2005
    Posts:
    313
    - I have tried ewido and a-squared. They don't work for me. There is also no reputable evidence to suggest that these products will catch more products than an antivirus'es heuristics. (AV Comparatives shows that a majority of AVs catch between 80-98% of trojans)
    - The Network shield of Avast! Antivirus is an IDS (Intrusion defense system), so it differs from a firewall.
    - Thanks for the info about the Gutmann epilouge - it's information I didn't get to read about. ;)
    - 128MB RAM is sufficient for my use - since I don't restart the computer; I just hibernate and all my security apps do not need to be loaded - they are already loaded (I hibernate this computer).

    Update: This test http://www.virus.gr/english/fullxml/default.asp?id=69&mnu=69 shows that ewido catches 38.67% and a-squared 25.37% - whilst what I have Avast catches 79.65% and F-Prot 87.07%
     
    Last edited: Jun 27, 2005
  8. MakoFusion

    MakoFusion Registered Member

    Joined:
    Jun 25, 2003
    Posts:
    130
    This 'setup' is a step up from my own 'setup' listing currently. I have a few suggestions but for the most part I'm taking notes as well. ;)

    A. Don't forget the Immunize feature in Spybot Search & Destroy!

    B. You can update to an even more complete HOSTS file using <10 sources from the net. Instructions have been somewhat laid out here...
    https://www.wilderssecurity.com/showthread.php?t=71226&highlight=Hosts
    The posting however is in need of editing and since the edit time has expired I may one day make such an updated posting... Watch for it in the near future. [I am disowning Hostess and replacing it with something better I found.]

    C. Forget about SpywareGuard to free up some memory. Suggestions might include getting MS-Antispyware and TDS-3! Correct me if I'm wrong but can some trojans be something that shows up only in the device manager and not a running file? AVs are not really best known for their 'trojan detection' anyhow!

    D. Have you considered Proxomitron and >>
    Kye-U's,
    JD5000's 'JD_Advanced.cfg',
    Sidki's,
    and/or
    Grypen's
    filter sets a go? Proxomitron is just a fun program even if you are protected in other ways... :p

    E. Is ProcessGuard hampered by your 'limited account'? It always is for me so is there a way to get full use of it here?

    F. You forgot one vital piece of software that I can think of! It is called CWShredder and can be found

    http://www.intermute.com/spysubtract/cwshredder_download.html

    G. As far as those Windows services go you should check over that with a fine tooth comb. Right off the top of my head are ports 445, 500, 1900, 135, etc., etc., closed? Find yourself a worthy port scanner so you can find any still open ports and disable stuff like DNS Cache, IPSec, etc., etc. I leave it up to you to find such ports. I will give you a hint... The mighty three programs on GRC.com will take care of some of it for you. (And I see you have mentioned them in your posting)

    H. Find out how to disable remote administration or remote anything for your computer.

    I. Another program to have is WormGuard.

    J. If you ever wanna join the chat community my #1 suggestion would be gAIM or and *coughtrilliancough*. AIM can go pound sand!

    K. Here is a good little list of things to do to your WindowsXP setup in case you are interested. It includes alot of things you can do within the OS Software.

    http://www.markusjansson.net/exp.html

    But be warned! Following every single step on the list will severly hamper your computer. Lets put it this way >> I fiddled with it, got setup, and could not even install any non approved MS software such as Look 'n' Stop even on the Admin account. This is just for you to play with and test out! Read for yourself what all it covers... I would like to change a few things in it personally cause its overkill!

    L. Ok thats all for now... Did you really think I could get to Z?
     
    Last edited: Jun 27, 2005
  9. squash

    squash Registered Member

    Joined:
    Mar 25, 2005
    Posts:
    313

    A. Yep I didn't forget, it is immunized.
    B. I'll check it out
    C. Trojans can be a running file, I got one before...
    D. I'll check it out
    E. Nup, I did some registry tweaks to make ProcessGuard show in the system tray. Yes, the GUI is hampered - but protection (the engine) still works fine.
    F. I use Firefox. I am immune to CWS
    G. All closed :)
    H. NetBIOS, Remote Assistance, Shares etc. all closed :)
    I. AV takes cares of worms. Avast detects 82.18% and F-prot 93.35% of worms. (Source: AV comparatives)
    J. I hardly use MSN Messenger - I just keep it there just in case. I have used GAIM and Trillian before but others complain that they can't send me <insert MSN Messenger only feature here>
    K. Thanks for going into such detail to correct my flaws. I hope that this thread will provide informative details to others, not just of benefit to this computer. ;)
     
  10. MakoFusion

    MakoFusion Registered Member

    Joined:
    Jun 25, 2003
    Posts:
    130
    B. But can [some trojans] still be a running process instead of a running file which only shows up in device manager? Control-Alt-Deleate won't work in all cases? Check it out! I'm not so sure myself...

    F. But you still use IE to update Window's patches do you not? I'm pushing CWShredder once again simply to cover all your bases. We would not want a messed up IE browser when updating now would we?
     
  11. squash

    squash Registered Member

    Joined:
    Mar 25, 2005
    Posts:
    313
    B. Thats why I have System Safety Monitor, so that trojans can't install hooks into Windows as a device.
    F. Downloaded :)
     
  12. MakoFusion

    MakoFusion Registered Member

    Joined:
    Jun 25, 2003
    Posts:
    130
    Last edited: Jun 28, 2005
  13. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    And the paranoia get stronger and stronger :D :D ;)
     
  14. squash

    squash Registered Member

    Joined:
    Mar 25, 2005
    Posts:
    313
    OK. I admit it, my security setup won't stop a TEMPEST attack, but at least I just know that no one in my street is technically indept enough to do this kind of attack. :)
     
  15. areply

    areply Guest


    I've heard about such techniques and in reality only the CIA (or other 3 letter federal agencies) can really afford the equipment necessary to accomplish such things. But even if it was possible the detection equipment would have to be right next to the wall that your computer was up against in order to get a clear image. I have never heard of anyone getting a picture from across the street. Such tales are really designed for realm of Hollywood spy movies. ;)
     
  16. Meltdown

    Meltdown Registered Member

    Joined:
    Sep 17, 2004
    Posts:
    299
    Location:
    Babylon
    So why do you need all the heavy-duty security software?
     
  17. squash

    squash Registered Member

    Joined:
    Mar 25, 2005
    Posts:
    313
    To keep all the paranoid security people on this forum happy... :)
     
  18. MakoFusion

    MakoFusion Registered Member

    Joined:
    Jun 25, 2003
    Posts:
    130
    Warm feelings come to my heart just thinking about installing the next biggest thing in security software.

    Question: If I run a magnet 35 times over my old Credit Card strips does that count as a Gutmann pass?
     
  19. squash

    squash Registered Member

    Joined:
    Mar 25, 2005
    Posts:
    313
    No. :D
     
  20. lynchknot

    lynchknot Registered Member

    Joined:
    Jun 26, 2004
    Posts:
    904
    Location:
    SW WA
    Write a bunch of ones and zeros 35 times over with a magnetic ball point pen. :p
     
  21. Meltdown

    Meltdown Registered Member

    Joined:
    Sep 17, 2004
    Posts:
    299
    Location:
    Babylon
    LOL! :D :D :D
     
  22. Detox

    Detox Retired Moderator

    Joined:
    Feb 9, 2002
    Posts:
    8,507
    Location:
    Texas, USA
    Hey - who are you calling paranoido_O Are you calling me paranoid? I think you are... yeah just keep up calling me paranoid! *tosses a few well-balanced rocks*
     
  23. MakoFusion

    MakoFusion Registered Member

    Joined:
    Jun 25, 2003
    Posts:
    130
    Remember kiddies... The best way to truely get rid of data on that old hard drive disc platter is to burn it with a magnitized lighter!

    Any metal zippo will do... Rub a magnet on it for about a minute for good luck and burn baby burn!
     
  24. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,699
    Hi,
    I think you're overdoing it.
    However, I find horrible flaws in your security, if you ask me:
    Hibernate is bad for your machine, it stores passwords in plain text on the disk.
    Messenger is bad for your machine, it's a worms invitee.

    You do not need limited account and processguard and ... and ...
    Hosts files also slow down your browsing a lot.
    If you want something to keep the bad sites away:
    You're using SpywareBlaster and Spybot S&D already!
    Browse with Firefox, hey, you're doing it already!
    Use common sense, hey, you might be doing it already!
    Proxomitron is a nice addition to the computer and should not be bogging you. It will combine perfectly with your firefox plugins and extensions.

    Finally, a cube of 500-grams of C4 strapped to the computer just in case you need to erase all data about yourself, including yourself.

    Mrk

    Now, if you wanna be extra extra paranoid:
    Build a Linux server with Frisco firewall and ip tables on a cheap P2 or P3 machine. Hook into a router. Then, comes your machine, also running dual boot with Linux with firewall and Windows, on separate drives, with Windows partition drivers not installed, so the Windows is always kept offline and swap files between the two using a usb device.

    P.S. Why are you deleting files 35 times over? What have you got on your machine, you dirty rascal?? Guatamalese porn? Eskimo porn? You devil!
     
    Last edited: Jun 28, 2005
  25. squash

    squash Registered Member

    Joined:
    Mar 25, 2005
    Posts:
    313
    A hosts file doesn't slow down my surfing - all I need to do is just disable the DNS server service in Windows XP. Proxomitron uses 8MB and lags this computer really badly. Adblock and hosts file is fine for me.

    MSN Messenger is fine, so long as I don't download programs from my contacts - which I never do. I am also the only person who uses this PC.

    I am deleting files 35 times over, because I feel like it. I don't have any type of material (pr0n) as you mentioned.

    No need for Linux distro firewall, I'm not on a network - this is a home computer.
     
Loading...
Thread Status:
Not open for further replies.