What is your security setup these days?

Awhile back a bunch of us were discussing anonymous payment methods for VPN's, and how frustrating it was that there weren't more/better options. Then one poster pointed out how moot a point it was anyway. After all, any VPN you connect directly to can see anything you do anyway. If they were untrustworthy to the point where you couldn't trust them with your billing info., that ship has sailed anyway. As soon as you check your email, order something online, ect... they could get your personal info.

The only real way to be anonymous is to use 2 VPN's, and make sure the other one has a truly anonymous payment method (like cash), and no logging. To serve as like a shell, for lack of a better word. So that if "the man" is tracking you down they're thwarted by that layer. That outer layer afterall has no payment/personal info. about you, and no logs. Even if they managed to circumvent those 2 issues, the logs (that aren't supposed to exist) would be obscured by the fact that you've used another VPN to tunnel through that one anyway. They'd certainly have their work cut out for them.

This is a very cliff notes version, and I'm sure I'm doing a crap job of explaining it at that. I wish I could point you to the post(s) by the person that came up with the idea. They provided a good tutorial. But there were just so many threads/posts about this stuff that I forget where it was. It was practically an obsession for awhile.

I use 2 hops through iVPN and another through Mullvad. And for some extra shadiness, you can also use a proxy (Tor/Ixquick) to tunnel through your VPN's as well, so that even they can't see what you're doing (either one). As long as you're not filling out forms anyway. If so, axe the proxy.

I rarely use my VPN's though. For normal use, it's just not necessary, or worth the slowdown. Only for certain things.

Yeah it's a tad pricey to have to pay for 2 VPN's, but Mullvad is pretty cheap (about $60/year, I think). iVPN is $85/year. I don't buy drugs or alcohol, and rarely eat out, so I feel I'm entitled to spend it on things like this.

 

OK thanks mate for the explanation Just a question though what do you use the VPN's for? Torrents?

 

Torrenting, yes, is a big use. But since as I said I've already downloaded the entire internet (lol), I rarely use P2P anymore. But when I do yes, and also run with a tight sandbox.

I use it for Pidgin Messenger. Some of the conversations I have with certain people, I wouldn't want the whole world knowing about. People that also use VPN's, and OTR & Pidgin-Encryption plugins so we're encrypted end-to-end.

And no, we're not discussing world domination or anything. Just talking about where the parties are at, ya know? Can't have uninvited guests showing up, crashing them.

 

Reinstalled SD & Sandboxie.Back to Rollback Rx ~ Shadow Defender ~ Sandboxie setup after couple of days testing the system with & without Sandboxie in various Snaphots.Couldn't find the reason for System crash.No crashes so far even after exiting and entering the Shadow mode and also restarted the system several times.System feels very light.

Cannot leave SD as well as SBIE.

 

Escan

 

just re-installed Look and Stop firewall after a long absence.
i don't have a router, which a lot of people use for security.
so i thought a little extra there wouldn't hurt.

the only things allowed to connect are svchost.exe and Firefox.

all seems to work fine so far.

 

re-install AppGuard

 

I seem to be testing different security set ups every week it seems. This is set up is so much easier on the resources and every time I turn on the computer it feels snappy and fast. I have a microUSB 32GB permanently attached to my laptop so I don't have to worry about not being able to save files.

Admin account
UAC Off
DEP Off
Windows 7FW default settings

EMET Uninstalled
MBAM Uninstalled

HMP on demand
Trendmicro HouseCall on demand

DeepFreeze
Opera

Opera Extensions:
-Ghostery
-Adblock

Macrium Reflect:
-20 minutes to completely re-image my windows

What do you guys think about this?

 

Completely coverted to OS X, Running MT Lion
Sophos Anti virus.
Default firewall - Block All Inbound + router Firewall
GateKeeper - Installs only from App store and Identified Developers.
No Java installed.
No Adobe Reader.
No Browser Java.

 

mattbiernat looks pretty good Why no EMET/MBAM?

 

Yep... and may I add also Torrent clients, and IM clients (i.e. Pidgin Messenger). Anything internet facing, as you say, but not limited to that either. I also have boxes for removable media: USB, DVD/CD rom, floppy drives (yes, I do have one of these ancient things I pretty much only use it to keep an offline syskey.

Which brings to mind another component of computer security I never thought to mention: login

may as well right now while I'm at it...

 

My login regimen:

1- Enter my Bios password
2- Enter my TrueCrypt system encryption password (32 digits long)
3- Insert my syskey (floppy disk)
4- Enter Ctrl+Alt+Delete (Local Policy edit, protects against keyloggers)
5- Enter user name & password (last user name not stored)

IMO #4 on this list is a very overlooked, but handy measure I never see mentioned in here.

And yes, I'm aware that this is overkill. But I like it

 

Switched to EAM - seriously impressed with the lightness and speed !

 

Let me guess, you allways leave your system on.

 

Firewall
Router with Norton DNS and WFW setup two way

Real time protection
1. Threatgates containment
Disabled USB autoplay/execute USB through GPO, Added deny "Traverse folder/execute" ACL for everyone on Download, mail and media folder. Added EMET to mail, media player and browser (Chrome). Running Chrome (offline installer in Program Files) with PPAPI flash and PDF in (untrusted) sandbox with AdBlock+ and VT chomizer extensions. Added 1806 trick for extra execute block on downloaded executables.

2. User Space protection
Hardened HKCU autorun entries through GPO, only Run and Run Once through limiting registry permission for Users (Not admins). Set "Basic User" as default level, for all files, except Administrator. Added symantec Run MSI as Admin tweak. This prevents programs from elevating and executing in user directories, but allows to install with "Run As Admin" right click.

3. Admin Space protection
Set UAC to full, disable intelligent installer recognition, disabled unsigned programs to elevate.

On demand scan check
HitmanPro free, Panda Cloudscanner free, Comodo KillSwitch (programs and autoruns) => only before monthly backup

Backup/Imagine
Windows own image backup, Synctoy free for data backup

 

Incorrect. And any time I walk away, even to squeeze a leak, I lock my desktop. Not that it really matters... I'm a single user, at home, living alone. lol

The only other person that touches the box is my best/girl friend, and she has her own LUA.

Overkill is the name of my game... Even my absurdly light setup is complete overkill. I'd be fine with just a router & nothing else probably.

 

1) MBAM updates every 4-8 hours, it won't be able to do so with DeepFreeze
2) EMET? What's the point? My system gets restored to original set up at boot time. Do you think that DeepFreeze can be bypassed by malware?

 

appguard in lockdown mode and hitmanpro

 

For all those who had an issue with the green bump in TrafficLight...
it's GONE with the new version release, as noted here.

 

Yeah I 100% agree before each shopping or banking session you gotta reboot. Yhe upside of this set up is a very good safety at start up and as you browse the internet more and more, the less secure your system gets. Then when I finally download something I may want to save, I have a dilemma - is it safe or not safe?
That's why I got HMP and TrendMicro HouseCall. Both connect to the could so no need to thaw my system from deepfreeze. I wish there were more options for cloud based security solutions. EMET is another option that I will enable, since it doesn't use almost any resources and works almost silently in the background.
I really like this security solution, I may end up keeping it and buying 2 licenses for DeepFreeze.

 

I think its a great setup,I like it to. My local library use Deep Freeze and if they didn't there systems would be a disaster with out Deep Freeze and keeps there cost down.One of the managers said its like we have a new computer every time they reboot them.LOL,I agree with her.

 

Uninstalled most of my stuff and just keeping CIS + Sandboxie for now. Will likely change soon..

Also using Comodo Dragon in place of Chrome now.

 

Why change you should try Comodo 6 beta when it comes out

 

I think it's one of the few ways the we can make sure that the system is 100% free of keyloggers, malware, spyware and all the other good stuff. I can see you are also using SD
What I love about this set up is that it actually uses so few resources and I don't have to install 5 security apps...