What is your browser security approach these days?

Discussion in 'other anti-malware software' started by Kernelwars, Apr 22, 2011.

Thread Status:
Not open for further replies.
  1. Kernelwars

    Kernelwars Registered Member

    Joined:
    Aug 12, 2010
    Posts:
    2,155
    Location:
    TX
    What kind of browser security approach is everyone implementing nowadays...:)
     
  2. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    1. Plugins Disabled

    2. All file-types prompt for action

    3. Javascript and Cookies whitelisted per site

    regards,

    -rich
     
  3. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Sandboxie with Drop Rights and Internet Restrictions.

    Adblock Plus (Malware Domains Subscription), avast! WebRep, LastPass, BitDefender TrafficLight, WOT.

    Firefox website blocking enabled. Always up-to-date.
     
  4. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    Sandboxie (forced)
    OS tweaks (Low Integrity and 1806, etc)
    EVERYTHING gets downloaded to one directory that is forced into a different sandbox
    MBAM - installed but never used - saving it for a rainy day ;)

    Sul.
     
  5. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    @ Kernelwars

    Wonder why nobody thought to start a specific thread before now :D Anyway, what about you ?

    Mine =

    Firefox with NoScript/JavaScriptOptions/BetterPrivacy/Ghostery/RequestPolicy/AdblockPlus/Force-TLS/HTTPS-Everywhere/Calomel SSL Validation/ All these are maxed out, with no visable slowdown. In fact without loading Scripts/Ads etc i guess it would be. Only on a few www's do i selectively allow Scripts etc, and Only temporally :p

    Using Calomel's option to write cache etc Only to RAM, not the HD.

    Cookies disabled, unless needed, not often though.

    PSOL on max.

    Prompts for Foxit PDF viewing & ALL file downloading.

    Avira actively scans FF for maliciousnous & ALL downloads.

    No problems surfing wherever i want here, bad or good.
     
  6. mrfargoreed

    mrfargoreed Registered Member

    Joined:
    Jun 16, 2006
    Posts:
    356
    Bufferzone, as simple as that :) .
     
  7. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    Standard Account + SRP + UAC at max.

    Chrome for day to day browsing, IE9 for online banking.
     
  8. brainrb1

    brainrb1 Registered Member

    Joined:
    Mar 15, 2010
    Posts:
    475
    Sandboxie,EMET,addblock plus and noscript......firefox
    IE9, EMET with disabled add-ons.
     
  9. blasev

    blasev Registered Member

    Joined:
    Oct 25, 2010
    Posts:
    763
    I've read some notes on low integrity, such as :

    -http://msdn.microsoft.com/en-us/library/bb625960.aspx-

    its just too much for me

    are there an easy way to set low integrity?

    ps : I notice (using process explorer) that using "sandboxie's drop my right", browser will be set to medium integrity not low integrity. am I wrong about this?
     
    Last edited: Apr 22, 2011
  10. Essentials

    Essentials Registered Member

    Joined:
    Mar 21, 2011
    Posts:
    49
    EMET
    MBAM PRO
    • IP filtering
    Sandboxie 3.54 Free (64bit):
    • Drop rights
    • Automatically delete sandbox contents
    • Internet access & execution restrictions: firefox.exe, plugin-container.exe,acrobat.exe...
    • Blocked access to areas with sensitive information (my documents…)
    Sandboxed Firefox 4:
    • F-secure protection browser.
    • WOT.
    • KeyScrambler Personal 2.7.1
    • Adblock Plus (Pop-up Addon, Fanboy´s List, Malware Domains).
    • NoScript.
    • LastPass.
    • Search Engine Security.
     
    Last edited: Apr 23, 2011
  11. Boost

    Boost Registered Member

    Joined:
    Feb 2, 2007
    Posts:
    1,293
    Firefox 4 with:

    Geswall 2.91 Free
    Adblock Plus

    Thats it!
     
  12. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    You are not wrong about it, only IE9 and Chrome run out of the box with low rights on Vista and Windows7. The reputation of Sandboxie security is solid, so allthough it seems unlogical (increasing the attack surface from low to medium), I would not worry about it.
     
  13. Brocke

    Brocke Registered Member

    Joined:
    Mar 16, 2008
    Posts:
    2,191
    Location:
    USA,IA
    IE9 forced Sandboxie with Drop Rights
     
  14. ivan2k2

    ivan2k2 Registered Member

    Joined:
    Jan 24, 2011
    Posts:
    7
    Location:
    Earth
    SRWare Iron with EMET, UAC Virtualization and Bitdefender Trafficlight :thumb:
     
  15. justenough

    justenough Registered Member

    Joined:
    May 13, 2010
    Posts:
    1,509
    Sandboxie 3.55 Experimental and Chrome 10.0 with WOT and LastPass. I think Kees said that Chrome and Sandboxie make a good combination because it's like having a sandbox inside a sandbox, but that's my interpretation of technical details that were over my head.
     
  16. blasev

    blasev Registered Member

    Joined:
    Oct 25, 2010
    Posts:
    763
    Thx for the answer kees1958. Finally my confussion is cleared ;)
    I always wondered about that since last year :D

    My browser set up : firefox & IE on sandboxie (medium rights)
    IE is my backup, never really used it.
    My add on : ABP (easy list+privacy) ,Noscript (Allow globally),keyscrambler
     
    Last edited: Apr 22, 2011
  17. adam993

    adam993 Registered Member

    Joined:
    Jul 22, 2009
    Posts:
    203
    Location:
    Poland
    Opera in RunSafer mode.
    OA Premium
     
  18. NAMOR

    NAMOR Registered Member

    Joined:
    May 19, 2004
    Posts:
    1,526
    Location:
    Arkham Asylum
    IE9

    AV updated, OS Patched, 3rd SW (flash, etc) kept up to date.
     
  19. harsha_mic

    harsha_mic Registered Member

    Joined:
    Mar 11, 2009
    Posts:
    791
    Location:
    India
    ClearCloud DNS
    Firefox - ABP + Rapport + Disabled third party cookies and permanent inprivate browsing mode.
    IE9 - TPL

    Waiting for Sandboxie v3.55 to be compatible with rapport...
     
  20. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    runsafer my browser
     
  21. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Hello there... :ninja:

    Not so long ago, I had a similar approach... but, then I thought "What's the purpose of having the web browser running under Sandboxie, if I'm running it with a low integrity level, and downloads are forced to be saved in a folder w/o execution rights, plus the 1806 registry "hack"?"

    Now, I simply run the web browser unsandboxed, but to allow me to open PDF file from within the web browser (not the plugin), I'm forcing Adobe Reader X to run in a sandbox, which otherwise would be impossible to open PDF files (from within Chromium).

    Office documents open just fine... I just get an error related to some temp thing... I didn't pay much attention. It works. :-*

    Media player is also forced to its own sandbox... but, most likely it would run OK, if I opened say an MP3 file from within Chromium, because I have VLC Media Player with a low integrity level as well, and it runs fine, so I doubt there would be any issues.

    Other than certain functionality that low integrity level may kill, do you still find Sandboxie useful for your web browsing, considering the rest?
     
  22. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Doesn't IE9 require UAC to be enabled, so that Protected Mode (aka low integrity level) becomes active?
     
  23. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    yes.

    -http://www.sevenforums.com/tutorials/63141-internet-explorer-protected-mode-turn-off.html-
     
  24. blasev

    blasev Registered Member

    Joined:
    Oct 25, 2010
    Posts:
    763
    Yup, since UAC also enabled by default, so its safe to say IE run with low integrity out of the box
     
  25. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    I am doing about the same thing I have done for the last twenty plus years. At this time I am using Vista home premium with UAC enabled. Norton Internet Security 2012 and an AlphaShield Hardware Firewall, Opera and Chrome and common sense. I really don't remember the last time I had an infection on a computer so it must be working.
     
Loading...
Thread Status:
Not open for further replies.