What is your anti-ransomware & data protection?

Discussion in 'other anti-malware software' started by Windows_Security, Sep 23, 2016.

  1. My anti-ransomeware / data protection is

    My Desktop (Windows 10 Pro)
    1 Level 1: Quick backup disk (only business documents, no personal pictures/movies)
    a) only allowed to modify by Admin (Access Control List)
    b) disk is set read only using Secure Folders Free, only allowing Syncback Free to write
    c) Syncback runs elevated on demand (a couple a times per day)

    My Wife's laptop (Windows 7 Ultimate)
    1. Level 1: Kapersky Anti-Ransomware for business free

    2. Level 2: NAS weekly backup
    a) scheduled at Sunday night (starts at 01:00 ends at 06:00)
    b) internet (WAN) and Wifi (LAN) are shut down during NAS (in router)
    c) collects business documents from my desktop, pictures from wife's laptop
    d) cross saving data with syncback (laptop data on my desktop and vice versa)
    e) network is partitioned the rest of the week (so my desktop can't touch wife's laptop).

    3 Level 3: Monthly USB syncback with NAS
    a) schedules at first Monday of the month (starts at 10:00 ends at 16:00), runs on wife's laptop
    b) USB-disk rotates (I have got two, one at home and one at another location)


    I looked for a cloud service, but we have nearly two TB of pictures gathered from al our holidays (wife is amateur photographer, she shoots around 20-50 GB per holiday), it is just to expensive IMO when compared with data loss risk, althoug ransomware news (FUD) has me triggered. Strato costs 20 euro per month for 2 TB, but next holiday we will pass 2 TB data, so it would cost 50 euro per month. So I think I will be using my half baked solution for some time. The cost of a decent router+NAS+2*USB-disk is one year cloud backup, so convienance loses from costs
     
    Last edited by a moderator: Sep 26, 2016
  2. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    6,779
    Windows 7 x64

    Daily system image backup using Macrium (once a week full image is created then incremental each day of week).
    Frequently changing data is daily copied to other disk using batch file and scheduler (data from SSD is copied to HDD and vice versa).
    Once a week I copy my data and system image files to external HDD. I have 2 drives and rotate them each week.
    I use Sandboxie to restrict Firefox from accessing my personal data.

    I use no online backup at the moment.
     
  3. SHvFl

    SHvFl Registered Member

    Joined:
    May 7, 2015
    Posts:
    750
    Daily backup.
    All important documents are saved in a cloud service that offers 2 step authentication. Every night Macrium Reflect takes a backup on another drive which only applications with Admin can write(UAC is at max,MR runs as admin at that time). Don't find this 100% secure but don't know of a better idea.

    Weekly backup
    I have Macrium Reflect running a full disk image and i have to manually connect the external drive for the backup to happen. I wish i could also use a cloud service for my whole drive image but my upload speed is so bad that it's not possible.
     
    Last edited: Sep 23, 2016
  4. My take: a proper data backup/recovery feature should be part of any (security) setup
     
  5. ArchiveX

    ArchiveX Registered Member

    Joined:
    Apr 7, 2014
    Posts:
    1,195
    1. Leave no Personal files inside my PCs.

    2. Use Macrium Reflect > External Drives.
     
  6. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    4,412
    My middle finger first. I never keep any sensitive data on my computers. Five external USB drives are my data bank using Macrium and plain data storage . Last but not least my layered defense... No chance here...
     
  7. PaleDark

    PaleDark Registered Member

    Joined:
    Nov 30, 2015
    Posts:
    55
    I don't use back-up/recovery function.

    Instead I store duplicate stuff* on all my 4 laptops + 2 clouds.

    *Stuff referring to photos only.
     
  8. ExtremeGamerBR

    ExtremeGamerBR Registered Member

    Joined:
    Aug 3, 2010
    Posts:
    1,308
    AV Protection: Windows Defender
    Virtualization: Shadow Defender (In my system HD and my internal backup HD)
    To block ransonware execution (Firefox/Chrome): Sandboxie
    Data protection: Cloud + 2 offlines HDs.
     
  9. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    9,225
    Location:
    The Netherlands
    I protect my most important data with Sandboxie and SpyShelter. I would also like to use specialized anti-ransomware tools like HMPA and MBARW, but because of certain reasons I have chosen not to do so, at least not yet.
     
  10. ArchiveX

    ArchiveX Registered Member

    Joined:
    Apr 7, 2014
    Posts:
    1,195
  11. PEllis

    PEllis Registered Member

    Joined:
    Aug 25, 2016
    Posts:
    110
    Location:
    Australia
    I back up my files, keep my AV and OS up to date. That's it.
     
  12. NormanF

    NormanF Registered Member

    Joined:
    Feb 20, 2009
    Posts:
    2,083
    Sounds like an SRP - according to the product description:

    The function of ANTI RANSOM
    After activating ANTI RANSOM, settings are made in the registry via standardized Microsoft functions. All file executions on the PC, which are not based on regularly installed programs, are then prevented. However, according to a security question, ANTI RANSOM offers the possibility to start alternative programs or to permanently open them for execution. Since in the case of Ransomware the actual malicious software is temporarily loaded in most cases, the execution can thus be prevented and a damage avoided.

    Basically, it sets permissions in the Windows registry so ransomware can't run with rights on the PC. For legitimate programs, AR can be temporarily unlocked to allow installation/upgrade of legitimate software to take place. This is how ransomware infection is prevented.
     
  13. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    2,579
    Location:
    Europe
    A multi layer security and a system image. If a ransomware passed my defenses it would be a test ( negative ! ) for them, and not a real loss for me: ransomware removal with some tool, format ( better go too far :D ) and system image restore.
     
  14. NormanF

    NormanF Registered Member

    Joined:
    Feb 20, 2009
    Posts:
    2,083
    If you keep your PC locked down, its not a worry. Still best protection are safe computing practice and regular backups because no anti-ransomware software can guarantee 100% protection.

    Best weapon against malware is still the human mind. :D
     
  15. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    2,579
    Location:
    Europe
    Sure. Regular security updates, backups and similar were implied. And in private computing - not work, not business - this can be an opportunity to test the defenses in the wild. :D
     
  16. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    18,667
    No specific anti ransomware software. I use:

    EIS,Appguard,ERP,SBIE and excubits drivers. Pumpernickel to protect other drives, MZwritescanner as a first line of defense. I also take hourly Macrium Reflect images. I've tested this approach against real malware. So far nothing has gotten through
     
  17. doesntmatter

    doesntmatter Registered Member

    Joined:
    Sep 19, 2012
    Posts:
    32
    Location:
    Bulgaria
    I use mainly Comodo IS and CryptoPrevent (for passive protection + more rules in SPR created by me).
    I added Kaspersky Anti-Ransomware for Business v2 just in case because KSN is a lot better than the cloud in CIS (I disabled it for security purposes).
    Also I have a system image on an external Adata HD710 with Macrium Reflect v6 (still no v7 free after so many months)...
    OS and all installed programs are fully updated and tweaked of course.
     
  18. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    6,388
    Location:
    U.S.A. (South)
    Same

    Ransom0ff HeiDef Defense for Anti-Ransomwares + L0cked avenues of entry to easy peasy drop locales. Hello Secure Folders too
     
  19. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    3,693
    Location:
    Europe then Asia
    my sensitive datas?

    Encrypted via GPG then uploaded to the cloud and copied to external HDD.

    nothing extravagant.
     
  20. illumination

    illumination Registered Member

    Joined:
    Jul 3, 2017
    Posts:
    27
    Location:
    US
    I do not store anything on my system. I keep everything on external devices and access when needed.

    I also run Appguard with "Hardened Policies" in combination with Eset which is not at default settings as well.
     
  21. RockLobster

    RockLobster Registered Member

    Joined:
    Nov 8, 2007
    Posts:
    480
    Internet computer running linux live CD no hard drive installed in the machine.
    Main computers airgapped from internet on hardwire LAN:
    1) windows XP clean install no updates no AV no WiFi no Bluetooth
    2) Linux no AV no WiFi no Bluetooth.
    Private data held on external encrypted devices and backed up to dvd.
     
  22. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    1,922
    Location:
    Cape Town, South Africa
    No HMPA?
     
  23. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    1,922
    Location:
    Cape Town, South Africa
    Doesn't RansomOff Folder Protection negate the need for Secure Folders?
     
  24. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    18,667
    You are right I forgot to mention. Mainly because, I don't consider the anti ransomware function all that important. In testing against the latest ransomware samples I can find the preventive measures in HMPA are much more effective and the ransomware never gets to tickle that module. It does work, but the other features shut it down first.

    Good catch Paul
     
  25. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    4,568
    Location:
    U.S.A.
    Since Eset now also has a product called Internet Security, perhaps we should adopt the following acronyms; EMIS - Emsisoft and ESIS - Eset?
     
Loading...