I have been downsizing my applications of late since I am tired of 'percieved threats driving complex precautions'. So, here I present a list of applications or techniques I employ that hopefully reduce my time spent protecting myself from an as of yet unknown risk. lol. Please also consider that all network precautions are taken in fact that a router using NAT is in existence. First and foremost is to have a clean OS to begin with. I myself roll my own XP Unattended dvd's. They are SP2 with RyanVM update packs and Bashrat's Driver Packs. Once a clean install is performed I take the following steps: Windows Worm Cleaner - or equivilent, maybe xpy? This is to close ports except for netbios communications. Promptly install 3 alternative web browsers: Opera, Kmeleon & Firefox. Any of them will be better than IE. I use Opera as main, and occasionally use Kmeleon. Rarely use Firefox. Set preferences in browsers to use localhost 8080 as proxy, and then install Proxomitron. No fancy filters really in Proxomitron. Just to keep all the ads/etc to a minimum. As of late have also been using Tiny Watcher. Simply keeps track of what I have installed, allowing a small level of control in case something malicious should ever get installed, which I doubt. Now I have to decide on what firewall to use. I am now interested in an on-demand firewall that does not normally run. And I wish to use it for outbound application filtering only. I have a list of small products that are free, such as Soft Perfect (no applications though, but does do DNS resolution on learning mode), R-Firewall (does have dns plugin, so so firewall), Primedius (simple allow this exe or not, that is it) or a paid for Outpost v2 (which I would still use v1 if it worked with my current rig). I am not interested in a firewall that does everything for me. I do not want the bloat. I just want to be able to turn it on if I wish to see what is happening. Ok. So I have a firewall I can use if needed. That still leaves some basic things left, like an Anti Virus. I choose to use Avira AntiVir. AVG is ok, but I don't like it. Some also like to use Avast, Comodo, etc etc. Really, Avira has some really good results lately in tests, and it is a very small footprint. Personal preference. Now how about a HIPS? There are many. As my goal here is to build a layer of protection that is small and fast and most importantly does not require me to spend hours setting it up and learning it's interface, I choose Threatfire. It does successfully detect trojans and the like, I have tested it with a few. It also is intersting in that it speaks to me that programs I wrote may be malicious. I found that interesting, as no other tool has yet to do that for me. So what could be left now? For starters let's do a netstat -ano and see what ports are open. For me at this point, I have only ports 137,138 and 139 open. Not bad. I feel at this point that my system is potentially safe for looking at email and surfing forums etc. But, maybe I want to browse around sites I don't implicitly know. I will now turn to Sandboxie. Simple and effective virtual sandbox for my browsing now. Should I be feeling the need to do driver level stuff I will switch to using VMWare, but usually I don't need to do that. So now let's speak of some applications that I have found to be extremely useful in my geekness. Beyond Compare - I have yet to find a better tool for comparing, anything. Install Rite - really want to know what an app is installing? Want to know what has changed? It does this and much much more. Auslogics Registry defrag - useful sometimes. JkDefrag GUI (JK Defrag) - if you have not used it, you should look into it. OK, so there is a short list of possible companion utilities for system security/stability. Granted they are not technically security apps, but they are very good tools for either maintaining stability or digging around. Where would we be though if we did not include Process Explorer. A great tool to find why something is running and what started it or where it lives. For that matter, should something actually get onto my system, how do I deal with it? There are a number of tools at my disposal. Let's start with a couple items to examine what is starting itself up, other than the Startup folder itself. SysInternals made a great one in Autoruns. Very comprehensive. There is another that is a bit more lightweight but effective, Mike Lins Startup Control Panel. How about services? I very much like to use Pserv, much easier interface than the mmc module. Regarding services, there are many many that can be disabled. I am currently, including firewall etc, running 25 services. That is a very high amount for me, but between the AV/HIPS, mouse, vmware and others, it has crept up a bit. Black Viper made a very good guide to the XP Services that could be disabled. A good place to start. We must also be able to deal with perhaps hidden windows from a mal-content application. Here I would use FaberToys. It does some cool stuff for digging around. An older version of HiJack This is also handy to keep around at times. It is helpful to use the application Unlocker to unlock files you wish to delete that are being held open by some parent process. Want to see Threatfire talk to you, just start Unlocker... I have long since dropped the whole Spybot/Adaware type stuff. I don't keep cookies. I don't have a large cache. I have broadband, so why worry about it? I have a good set of reg tweaks that are put into place on every install. This and many utilities from my unattended dvd really go a long way to allowing me to go about pretty much problem free. Not keeping any potential sensitive data on my computer is also a good dose of prevention. USB sticks are great for that, or if you have a local network. My server however does have a firewall installed, and locked down very tight. I set it for my access only with various tricks. So where does that leave me? With an AV that pretty much takes care of itself, a 0 day/HIPS application that rarely presents itself and a firewall that only gets used when digging. Only 3 ports open on bootup. A good alternative browser that is filtered with Proxomitron or a sandboxie browser. That is pretty much it. Other tools used only when needed. Not what one might call the uber or ultimate setup. But it is all pretty much scripted install or painless setup. And no nagging 'allow this' screens to speak of. So what of system security? No firewall? So what. I only install what I know. I have a sandbox or vmware to play with new stuff. I don't really want to clutter up my OS anyway any sooner than is needed. There are many many other tweaks that make using my computer streamlined. I want to code that script or play that game or listen to that cd or watch that movie or research that bug or shop for a new lcd monitor, not spend hours saying 'yes you can go out on port 567 using TCP protocol' or 'no, do not allow global hook'. Roll your own dvd install I say. 20 minutes and 2 cups of coffee later you have your fresh OS installed, all your apps in place with minimal setup left. Don't like it? Contract a bad virii? 20 minutes and 2 cups of coffe later you are back to fast booting sweetness. Find a new killer app? New set of backgrounds. New reg settings to speed up that DNS cache? Roll another dvd in an hour, and 20 minutes and 2 cups of coffee later you have a brand new install, complete with your new favorite additions. Edit: Almost forgot to mention a nice one. Often I have disabled my network connection when doing things. I always hated having to go into the network properties to enable it. I dug around and wrote a vbs script to toggle a named network interface enabled/disabled. Eventually I incorporated that into an AutoIT application. Another good one that is really easy is to make a couple batch files that use netsh to change your gateway to something that is not a gateway, such as 192.168.1.200, and another batch file to set it back to normal, ie. 192.168.1.1. Very easy way to just unplug access to the net and do your thing. I find myself using both of these more and more. Tis too simple to just unplug it rather than some 'block all' in a systray menu. Sul.