Security specialists! Is my set up secure enough?

Discussion in 'other anti-malware software' started by mattbiernat, Aug 23, 2012.

Thread Status:
Not open for further replies.
  1. mattbiernat

    mattbiernat Registered Member

    Joined:
    Aug 17, 2012
    Posts:
    179
    Location:
    U.S.
    Security specialists! Is my set up secure enough (updated)?

    Here is my set up:
    - Admin user account
    - UAC off
    - DEP on
    - EMET 3.0

    - Private FW
    - MBAM Pro (active)
    - HMP (on demand)
    - Trend Micro Housecall (on demand)
    - Norton ConnectSafe

    - Rollback Rx
    - Reliable Imaging software

    Firefox:
    - NS
    - ABP
    - Ghostery

    IE
    - inPrivate mode for banking
     
    Last edited: Aug 25, 2012
  2. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    Looks good
     
  3. Solarlynx

    Solarlynx Registered Member

    Joined:
    Jun 25, 2011
    Posts:
    1,915
    I am not a security specialist, but anyway - where's a firewall? Or you must be using Windows' one?
     
  4. mattbiernat

    mattbiernat Registered Member

    Joined:
    Aug 17, 2012
    Posts:
    179
    Location:
    U.S.
    Windows Defualt FW
     
  5. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    5,965
    Location:
    Parallel Universe
    Add HitmanPro, KeePass, Sandboxie and Norton ConnectSafe. What is your 'Reliable Imaging Software'?
     
  6. mattbiernat

    mattbiernat Registered Member

    Joined:
    Aug 17, 2012
    Posts:
    179
    Location:
    U.S.
    - will add hitman pro
    - sandboxie don't really like it
    - is keepass secure? i've heard they store your passwords on a server? how is that more secure than storing passwords locally?
    - what's norton connectsafe?
     
  7. mattbiernat

    mattbiernat Registered Member

    Joined:
    Aug 17, 2012
    Posts:
    179
    Location:
    U.S.
    Macrium reflect.
     
  8. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    5,965
    Location:
    Parallel Universe
    Great.
    May I ask why?
    You're talking about LastPass. I'm suggesting KeePass. By the way, LastPass is secure enough. KeePass is the perfect solution for people who would like to store their passwords locally.
    It's the secure DNS service from Norton. It's extremely efficient and reliable. You can choose out of 3 subscriptions. https://dns.norton.com/dnsweb/dnsForHome.do
     
  9. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    5,965
    Location:
    Parallel Universe
    Free, Standard or Pro?
     
  10. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    I also recommend Connectsafe - Norton DNS. It is very good at blocking Malware domains and fantastic on porn sites.Great for a family with kids as you can set up each computer or configure a router for protection across your entire network.

    You also can change windows firewall to block all inbound connection if you have not done so already.
     
  11. mattbiernat

    mattbiernat Registered Member

    Joined:
    Aug 17, 2012
    Posts:
    179
    Location:
    U.S.
    Yeah im using a Free version. I have set up a clean fresh W7 install with all the updates and nothing else on it. I use it when Rollback Rx can't resote it's own image.
    Thanks for the keepass, I will see how it works. Right now I have my passwords memorized, so im not sure what's the addventage of keepass.
    Also, norton connect looks good. Is there an option for any of my wifi networks to connect automatically via norton connect? or do I have to set it up manual for each public wifi?
     
  12. mattbiernat

    mattbiernat Registered Member

    Joined:
    Aug 17, 2012
    Posts:
    179
    Location:
    U.S.
    W7F blocks all inbound connections by default doesn't it?
     
  13. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    No, it allows in and out.It blocks whats not on the allowed list but everything else is allowed by default.If you open up your firewall in the control panel under system and security you can change it by openning the change notification panel.
     

    Attached Files:

    Last edited: Aug 23, 2012
  14. mattbiernat

    mattbiernat Registered Member

    Joined:
    Aug 17, 2012
    Posts:
    179
    Location:
    U.S.
    I just checked in my FW settings. It blocks ALL inbound unless they match a rule. So basically all unwanted inbound is blocked. Outbound is always open. I don't want to block outbound because it causes problems. For example WiFi networks, that require log in via browser no longer work.
     
  15. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    No don't block outbound.I set up mine to block all inbound,I see no reason for any program to have inbound connection,rule or no rule but thats just me and my rules.
     
  16. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    5,965
    Location:
    Parallel Universe
    That's good practice.:thumb:
    This will help https://www.wilderssecurity.com/showthread.php?t=329785
    I do not use wifi networks. Other members may help.
     
  17. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    You just need to configure the router with one of the DNS address of norton,example A B or C and all the other computers on the same wireless network will use the norton DNS instead of your ISP.You may want to test each one with the norton DNS tester.A step further is to google porn and click a link and it should be blocked with a confirmation warning.
     
    Last edited: Aug 23, 2012
  18. adrenaline7

    adrenaline7 Registered Member

    Joined:
    Apr 27, 2011
    Posts:
    128
    Put an adblocker on IE, ads can contain malware and slow browsing.
    https://secure.fanboy.co.nz/adblock/ie.html

    You can easily setup Parental Controls so only certain programs can run in your Limited User Account:

    http://windows.microsoft.com/en-us/windows7/Set-up-Parental-Controls

    This tightens things up but how much I am not sure. Can anyone say how much using Parental Controls to white-list what you can runs in your LUA improves security? I think it is basically the same thing as a software restriction policy.

    Add Secunia PSI to keep things up to date, and use EMET for all web facing apps and we basically have the same setup. Search this forum for EMET.
     
  19. mattbiernat

    mattbiernat Registered Member

    Joined:
    Aug 17, 2012
    Posts:
    179
    Location:
    U.S.
    I went to the site, selected Internet Explorer but when I click on add TPL, I get "Error on Page" displayed at the bottom.

    Can't have parental controls. I use my computer for medical studies.

    Im gonna check out Secunia PSI but EMET is out of the question. It's too heavy for my set up.
     
  20. adrenaline7

    adrenaline7 Registered Member

    Joined:
    Apr 27, 2011
    Posts:
    128
  21. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,770
    Location:
    Nicaragua
    mattbiernat, I think this is very good advice. I also have the Firewall set like that, browsing feels the same and is safer.

    Bo
     
  22. mattbiernat

    mattbiernat Registered Member

    Joined:
    Aug 17, 2012
    Posts:
    179
    Location:
    U.S.
    But FW is already set to block all inbound connections with exception of windows default rules such as windows update, malwarebytes update, ff update.
     
  23. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,984
    Location:
    Canada
    Yes, controlling outbound means you'd have your work cut out for you setting up all the rules, although it can be done but certainly not necessary. BTW, nice setup, though I don't know why you want UAC at minimal. One of the defaults is better
     
  24. mattbiernat

    mattbiernat Registered Member

    Joined:
    Aug 17, 2012
    Posts:
    179
    Location:
    U.S.
    Thanks. Minimal is the same as standard, except that UAC will not ask when I make changes to windows settings. What's the worst that can happen when malware changes windows settings.... It's not system critical IMO and is more of a hassel to get asked every time.
     
  25. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,984
    Location:
    Canada
    Oh I see, I thought you meant lowest setting :)
     
Loading...
Thread Status:
Not open for further replies.