What is your security setup these days?

Discussion in 'other anti-malware software' started by dja2k, Dec 15, 2005.

  1. RSpanky

    RSpanky Registered Member

    Joined:
    Feb 27, 2009
    Posts:
    220
    Location:
    Arizona, USA
    No I have paid licenses for all my apps. I've been trying to install EMET 3.5 but I keep getting a Error code 2738, something to do with a bad package install and I do use OpenDNS. I've tried to install EMET several times but no go, Not sure whats going on
     
  2. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    No, we just love a perfectly balanced product that's really really nice :) Why?

    My sig may say ESET, but if I wouldn't use ESET then there would be no other choice than to use WSE as it seems. :thumb:
     
  3. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    Yeah indeed, and they keep improving it all the time with new effective features like the cloud based "Live Antivirus" feature. :thumb:
     
  4. Cloud

    Cloud Registered Member

    Joined:
    Feb 1, 2011
    Posts:
    1,029
    Location:
    United States
    You're right... Not enough loyal Panda fanbies in the crowd. :D
     
  5. I just don't like the fact Moderator's close any negative threads down in the forum. To me that smells of having something to hide + the really defensive tone in response to all the bad test results and any criticism of the product.

    I own a license for WSE if your wondering :)
     
    Last edited by a moderator: Aug 26, 2012
  6. arsenaloyal

    arsenaloyal Registered Member

    Joined:
    Nov 1, 2009
    Posts:
    513
    I don't a find a compelling reason to switch over from ESET yet :D
     
  7. guest

    guest Guest

    Check the link on my sig ^^

    (btw, dont even think of saying "2 RT AVs should not run together" ^^, i know what im doing, if you still thinking of it, check the bottom of my config description post)
     
    Last edited by a moderator: Aug 26, 2012
  8. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    5,974
    Location:
    Parallel Universe
    Ah well, good for you. :)
     
  9. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    Well its to be exspected and Believe it or not, I know people that take offense to compliments. However,I believe Constructive criticism is ok but dont forget to leave out the good sides as well and perhaps a thread will remain open.Just my 2 cents.
     
  10. tomazyk

    tomazyk Guest

    I removed Norton AV 2012 and am now RT AV-free.
     
  11. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,981
    Location:
    Nicaragua
    SBIE.;)

    Bo
     
  12. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    5,974
    Location:
    Parallel Universe
    LOL. You don't like any poor RT AV, now do you Tom? That's just rude!:D
     
  13. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    5,974
    Location:
    Parallel Universe
    Ah yes the good old sbie. :D
     
  14. tomazyk

    tomazyk Guest

    No, they don't last long on my system :) On-demand is enough for me...
     
    Last edited by a moderator: Aug 26, 2012
  15. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    5,974
    Location:
    Parallel Universe
    Well good for you. RT AVs are fun but not needed with that strong setup you got there.:)
     
  16. RSpanky

    RSpanky Registered Member

    Joined:
    Feb 27, 2009
    Posts:
    220
    Location:
    Arizona, USA
    Couldn't get EMET 3 to install, Back to Sandboxie:D
     
  17. lws

    lws Registered Member

    Joined:
    Aug 28, 2009
    Posts:
    196
    lol. Sandboxie :thumb:

    Agree. Sandboxie :thumb:
     
  18. kjdemuth

    kjdemuth Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    2,975
    Location:
    Boston, MA
    Ditched Kingsoft AV for the moment.
    Trying out Avast free again. Seems like the browser slow down has been fixed. Running nice and smooth. Low resources too.
     
  19. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Changed my setup, I lost a bottle of good whisky to my friend (who is a white hat malware researcher), because one of his honey pot samples managed to damage (not infect) my setup.

    Okay, the live malware came not through, but it managed to nuke an NTFS protected file. Somehow my SID was messed up and I could not install anything (no windows updates either). So I decided to use a third party layer again and buckled up one of my free licenses :D A default AppLocker setup would have prevented the attack also (but I had left a door open to easily install with run as admin). Reinstalled a clean image and decided for a change after 2.5 years safe-admin.

    Network protection
    Wireless Router with WPA2, SPI with Flood/Poisoning/Spoofing protection and Norton DNS (malware). ISP service includes email scanner and spam-filter. Using Windows 7 internal FireWall both for inbound and outbound.

    Low Rights Browsing and Privacy Protection
    Using Chrome (in Program Files) with Chrome sandbox (Low Rights/Untrusted), Flash and PDF PPAPI plug-ins and build in safe browsing website blacklisting and download reputation scoring. Block indirect and HTTP cookies, allow HTTPS cookies, block javascript (except from *.NL and *.COM), click to play flash, installed Referer Control extension only (allow only HTTPS) with Windows7 skin.

    Threat gate protection
    Running browser, mail, media player with EMET 3.5 memory protection[/B]. Added an ACL deny execute for everyone on all threat gate folders (browser download, e-mail and media player). Used Group policy hardening to deny execution from USB and never execute autoruns of USB sticks (and lot's of other GPO hardening). Put back the 1806 trick again to add an extra deny execute on downloaded executables (the same extensions as SRP protects)

    AppGuard
    On High, meaning only some trusted publishers are allowed to install from user space and allowing other signed programs to run as limited user. UAC on full, denying unsigned programs to elevate and set to elevate quietly.

    On demand
    - Running CCleaner through scheduled task (/run /tn) to evade UAC pop-up
    - HitmanPro Free (cloud) scan[/QUOTE]
     
    Last edited: Aug 26, 2012
  20. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    @ Kees,Thats all it takes is one man to destroy another mans hard work and take his Whisky.It's really to bad about the whisky.:p
     
  21. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    I still have to figure out why people still insist on that kind of setup - automatically allowing execution of trusted publishers. What trusted publishers? If you folks look around, you'll see quite a few reports of malware using digital stolen signatures.

    If I still recall well, during our PM exchange sometime ago, you mentioned that the malware in question was digitally signed. By itself, your little test ought to teach you a lesson regarding that aspect.

    In my setup no code is allowed to run from userspace, without my explicit consent, and only by hash.

    Otherwise, think about it. Some other malware using a stolen digital signature will still be able to execute, even with AppGuard. So, what good does AppGuard do, if we open a hole like that?

    To be honest, I don't see much difference in your setup, other than the introduction of AppGuard - but, you're still introducing a 100% unnecessary hole.

    By the way, I don't recall if AppGuard allows to create rules by hash? If it doesn't, it would be a nice feature to have in it.

    That's my take on it. :) (Don't be too harsh :D)
     
  22. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    I keep all my windows with AppGuard in Lock down - Trust none.
     
  23. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    m00n

    The polenesians travelled from Somoa and Tonga to Hawai, Eastern island and New Zealand (compare the size of their boats/canoes with the average waves height in the pacific)

    The vikings discovered the Americas with no compass, Columbus had a compass but did not have a sextant. Recently a millionaire with high tech gadgets and equipment (global positioning assitance/radar) got lost at sea

    After the Dutch failed to find a seaway around the NorthPole (to discover the East Indies), they tried again and rounded South Africa. This opened the golden age of the VOC.

    Bottem Line: willing to face the challenges, drives improvement (not allways first time right, but see how Windows has evolved as an OS :cool: ) On the other side, it is more fun when you know there is a weakness somewhere. Wilders is populated by security enthousiasts trying to wreck their own setup. So you are right and more secure.

    As mentioned in the post, I have added the 1806 trick again as double lock (on deny traverse folder/execute of threat gate directories). As for the trusted Publishers, these are Microsoft and Surfright (HitmanPro) only :D
     
    Last edited: Aug 26, 2012
  24. ZZZ7

    ZZZ7 Registered Member

    Joined:
    Sep 8, 2002
    Posts:
    72
    Was reading some of the earlier pages and saw that quite a few people were using Boclean!


    Thought I was in a time warp,till I saw the dates ,2005. :)

    My setups:

    XP:

    Online Armor,Mamutu,Avast and of course FF with Noscript.

    W7:

    Buffer Zone Pro and Avast.



    All with a router.
     
  25. KelvinW4

    KelvinW4 Registered Member

    Joined:
    Oct 11, 2011
    Posts:
    1,199
    Location:
    Los Angeles, California
    Bufferzone causing any slowdowns?
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.