Securing Vista 64 H/Premium

Discussion in 'other security issues & news' started by Ickk, Aug 25, 2009.

Thread Status:
Not open for further replies.
  1. Ickk

    Ickk Registered Member

    Joined:
    Aug 20, 2009
    Posts:
    10
    Location:
    UK
    I made the change to 64 bit Vista Home Premium from the 32 bit version , and decided to see if securing it was possible without using any vendor AV ,HIPS,Sandox ect.

    After lots of research on wilders and other sites , i put it all into practice .
    First off 64 bit vista has "kernal patch protection" , not really a saving grace as vista shuts down if the kernal is hooked. Next turn on hardware DEP (Data Execution Prevention) for all programs. turn on UAC (User Account Control). and set up a LUA (Limited User Account) account and use it .

    Using Lucy's great post www.wilderssecurity.com/showpost.php?p=1402246&postcount=1 with an addition to an unrestricted path for "Program Files (x86)", i now have SRP set up (not sure if any more paths are needed, mabey "Program Data" DiR ?).

    Having a NAT router with firewall i dont feel i need vistas firewall running.
    so what have i got ... Windows defender , DEP, UAC , LUA ,SRP , Firefox with noscript . I would be interested in hearing your opinions/views downsides ect.
     
  2. Lucy

    Lucy Registered Member

    Joined:
    Apr 25, 2006
    Posts:
    401
    Location:
    France
    Hi,

    Get rid of Windows Defender.
     
  3. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,089
    Windows Firewall would only be inbound protection and provides an extra hurdle for anyone wanting to gain access to your computer- a very good idea to put those extra hurdles into place and help them to make the decision to go elsewhere, but what do you have to protect the outbound side if perchance you become a high-valued target (if they are determined enough, they can break into your computer) from calling home, i.e. outbound communication filters that only by your approval (unless they get root or admin access when they break into your computer) can anything go outbound.

    Think about it - at least ZoneAlarm Free can handle it for you to protect your back.

    BTW, only get onto the Internet with a regular users account - surfing with root or admin permissions makes it far too easy for someone unauthorized that gets into your computer to have root or admin permissions, and then your computer becomes owned by them.

    -- Tom
     
  4. ravnen

    ravnen Registered Member

    Joined:
    Mar 2, 2009
    Posts:
    17
    Hello

    First, you need the Vista firewall on, if you have more than one computer on your local network or if you have some friend's comming by with laptop's.

    Here is my advice to a simple secure setup.

    1. Enable automatic updates (Windows + Adobe + Java, etc.).
    2. Enable windows firewall.
    3 Use a limited user account (LUA).
    4 Install a AV program, that uses minimum system resourcess.
    (ex. Microsoft Security Essentials - Avira AntiVir - avast)
    5. Setup Software Restriction policy/Parental Controls.
    6. Implement system and online data backup.
    (ex. Carbonite - Live Mesh (5 GB) - Macrium Reflect - Easeus Todo Backup)
    7. Think (Mail, Web, Software)

    No need for anything else.
    Also In Windows 7, you will have a built-in image backup, nice and easy.

    /Jesper
     
  5. ravnen

    ravnen Registered Member

    Joined:
    Mar 2, 2009
    Posts:
    17
    Hi Tom

    For the average home user, outbound filtering is false security.
    If malware is activated on your system with admin rights , it's "game over".
    It can manipulate with your security software (firewall, services, system files)

    In my view all "internet security suites" and 3 part firewall's are the worst junk and should be forbidden by law. They give the users endless problem's.

    /Jesper
     
  6. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    Windows firewall
    Eset- Suite or AV
    Keyscrambler
    Malwarebytes on demand

    that is my setup on my 64 bit and it is working.
     
  7. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
  8. Ickk

    Ickk Registered Member

    Joined:
    Aug 20, 2009
    Posts:
    10
    Location:
    UK
    Thankyou for all your comments,

    Lucy and Kees1958 .. i took your advice and installed MSE .. as you say defender is put on hold.

    I really dont see the need for an inbound Firewall as i am behind a NAT router with SPI firewall, but i take on board your comments about an outbound firewall.

    The whole point of this setup though, is that nothing without my consent can actually run (read my folders yes), but ring home and download more crap no.

    Update: i got fed up with programs only running from %program Files% %WinDir% ect, that i went back to admin account and run win7 in a VM when i need to surf unsafe sites , Online banking i now run from a Linux (Knoppix) CD.

    i'm weak i know *grin*.
     
  9. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,089
    Hi Ickk,

    Not weak, just getting smarter about security!

    -- Tom
     
  10. Habakuck

    Habakuck Registered Member

    Joined:
    May 24, 2009
    Posts:
    544
    Ickk i absolutely dont think you are weak!

    Together with brain1.0 you should be very well protected! Better then with unnecessary security software!

    One question just because i am thinking of that at the moment.
    Is LUA nessecary while UAC is active?
    I thought UAC will lend the LUA token to the administrator token if nessecary. So it should be as safe as a LUA. Am i wrong?
     
  11. Ickk

    Ickk Registered Member

    Joined:
    Aug 20, 2009
    Posts:
    10
    Location:
    UK
    As far as i know the default setting in Vista when you install and create your account is an administrator account, which is run as a LUA if UAC is enabled as you say.
    What the difference is between the admin/LUA and a normal LUA account is i couldnt say ... I do get UAC prompts when running this account.

    When running another created LUA account i dont seem to get any UAC prompts even when i right click and run programs as admin.

    Whether or not the admin under UAC is the same as a normal LUA account i couldnt say. Perhaps someone can enlighten me.
     
  12. jdd58

    jdd58 Registered Member

    Joined:
    Jan 30, 2008
    Posts:
    525
    Location:
    Arizona
  13. Ickk

    Ickk Registered Member

    Joined:
    Aug 20, 2009
    Posts:
    10
    Location:
    UK
    Thankyou for those links Jdd58.

    Habakuck you are not wrong , it seems there is little difference running an Admin account under UAC than a Standard user account.
    The Admin under UAC seems to share/use on the surface anyway the Standard user Token.
     
  14. Habakuck

    Habakuck Registered Member

    Joined:
    May 24, 2009
    Posts:
    544
    Ok. So i should be no security problem to log in with admin rights as long as uac ist active.
     
Loading...
Thread Status:
Not open for further replies.