What is your security setup these days?

Discussion in 'other anti-malware software' started by dja2k, Dec 15, 2005.

  1. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,545
    Awhile back a bunch of us were discussing anonymous payment methods for VPN's, and how frustrating it was that there weren't more/better options. Then one poster pointed out how moot a point it was anyway. After all, any VPN you connect directly to can see anything you do anyway. If they were untrustworthy to the point where you couldn't trust them with your billing info., that ship has sailed anyway. As soon as you check your email, order something online, ect... they could get your personal info.

    The only real way to be anonymous is to use 2 VPN's, and make sure the other one has a truly anonymous payment method (like cash), and no logging. To serve as like a shell, for lack of a better word. So that if "the man" is tracking you down they're thwarted by that layer. That outer layer afterall has no payment/personal info. about you, and no logs. Even if they managed to circumvent those 2 issues, the logs (that aren't supposed to exist) would be obscured by the fact that you've used another VPN to tunnel through that one anyway. They'd certainly have their work cut out for them.

    This is a very cliff notes version, and I'm sure I'm doing a crap job of explaining it at that. I wish I could point you to the post(s) by the person that came up with the idea. They provided a good tutorial. But there were just so many threads/posts about this stuff that I forget where it was. It was practically an obsession for awhile.

    I use 2 hops through iVPN and another through Mullvad. And for some extra shadiness, you can also use a proxy (Tor/Ixquick) to tunnel through your VPN's as well, so that even they can't see what you're doing (either one). As long as you're not filling out forms anyway. If so, axe the proxy.

    I rarely use my VPN's though. For normal use, it's just not necessary, or worth the slowdown. Only for certain things.

    Yeah it's a tad pricey to have to pay for 2 VPN's, but Mullvad is pretty cheap (about $60/year, I think). iVPN is $85/year. I don't buy drugs or alcohol, and rarely eat out, so I feel I'm entitled to spend it on things like this.
     
  2. ComputerSaysNo

    ComputerSaysNo Registered Member

    Joined:
    Aug 9, 2012
    Posts:
    1,465
    OK thanks mate for the explanation :thumb: Just a question though what do you use the VPN's for? Torrents?
     
  3. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,545
    Torrenting, yes, is a big use. But since as I said I've already downloaded the entire internet (lol), I rarely use P2P anymore. But when I do yes, and also run with a tight sandbox.

    I use it for Pidgin Messenger. Some of the conversations I have with certain people, I wouldn't want the whole world knowing about. People that also use VPN's, and OTR & Pidgin-Encryption plugins so we're encrypted end-to-end.

    And no, we're not discussing world domination or anything. Just talking about where the parties are at, ya know? Can't have uninvited guests showing up, crashing them.
     
  4. WSFfan

    WSFfan Registered Member

    Joined:
    May 10, 2012
    Posts:
    374
    Location:
    The Earth
    Reinstalled SD & Sandboxie.Back to Rollback Rx ~ Shadow Defender ~ Sandboxie setup after couple of days testing the system with & without Sandboxie in various Snaphots.Couldn't find the reason for System crash.No crashes so far even after exiting and entering the Shadow mode and also restarted the system several times.System feels very light.

    Cannot leave SD as well as SBIE.
     
  5. Ranget

    Ranget Registered Member

    Joined:
    Mar 24, 2011
    Posts:
    846
    Location:
    Not Really Sure :/
  6. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    just re-installed Look and Stop firewall after a long absence.
    i don't have a router, which a lot of people use for security.
    so i thought a little extra there wouldn't hurt. :)

    the only things allowed to connect are svchost.exe and Firefox.

    all seems to work fine so far.
     
  7. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,587
    Location:
    Canada
    re-install AppGuard:thumb:
     
  8. mattbiernat

    mattbiernat Registered Member

    Joined:
    Aug 17, 2012
    Posts:
    179
    Location:
    U.S.
    I seem to be testing different security set ups every week it seems. This is set up is so much easier on the resources and every time I turn on the computer it feels snappy and fast. I have a microUSB 32GB permanently attached to my laptop so I don't have to worry about not being able to save files.

    Admin account
    UAC Off
    DEP Off
    Windows 7FW default settings

    EMET Uninstalled
    MBAM Uninstalled

    HMP on demand
    Trendmicro HouseCall on demand

    DeepFreeze
    Opera

    Opera Extensions:
    -Ghostery
    -Adblock

    Macrium Reflect:
    -20 minutes to completely re-image my windows

    What do you guys think about this?
     
    Last edited: Sep 5, 2012
  9. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    Completely coverted to OS X, Running MT Lion
    Sophos Anti virus.
    Default firewall - Block All Inbound + router Firewall
    GateKeeper - Installs only from App store and Identified Developers.
    No Java installed.
    No Adobe Reader.
    No Browser Java.
     
  10. ComputerSaysNo

    ComputerSaysNo Registered Member

    Joined:
    Aug 9, 2012
    Posts:
    1,465
    mattbiernat looks pretty good:thumb: Why no EMET/MBAM?
     
  11. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,545
    Yep... and may I add also Torrent clients, and IM clients (i.e. Pidgin Messenger). Anything internet facing, as you say, but not limited to that either. I also have boxes for removable media: USB, DVD/CD rom, floppy drives (yes, I do have one of these ancient things ;) I pretty much only use it to keep an offline syskey.

    Which brings to mind another component of computer security I never thought to mention: login

    may as well right now while I'm at it...
     
  12. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,545
    My login regimen:

    1- Enter my Bios password
    2- Enter my TrueCrypt system encryption password (32 digits long)
    3- Insert my syskey (floppy disk)
    4- Enter Ctrl+Alt+Delete (Local Policy edit, protects against keyloggers)
    5- Enter user name & password (last user name not stored)

    IMO #4 on this list is a very overlooked, but handy measure I never see mentioned in here.

    And yes, I'm aware that this is overkill. But I like it :)
     
    Last edited: Sep 6, 2012
  13. ReverseGear

    ReverseGear Guest

    Switched to EAM - seriously impressed with the lightness and speed !
     
  14. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Let me guess, you allways leave your system on.
     
  15. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Firewall
    Router with Norton DNS and WFW setup two way

    Real time protection
    1. Threatgates containment
    Disabled USB autoplay/execute USB through GPO, Added deny "Traverse folder/execute" ACL for everyone on Download, mail and media folder. Added EMET to mail, media player and browser (Chrome). Running Chrome (offline installer in Program Files) with PPAPI flash and PDF in (untrusted) sandbox with AdBlock+ and VT chomizer extensions. Added 1806 trick for extra execute block on downloaded executables.

    2. User Space protection
    Hardened HKCU autorun entries through GPO, only Run and Run Once through limiting registry permission for Users (Not admins). Set "Basic User" as default level, for all files, except Administrator. Added symantec Run MSI as Admin tweak. This prevents programs from elevating and executing in user directories, but allows to install with "Run As Admin" right click.

    3. Admin Space protection
    Set UAC to full, disable intelligent installer recognition, disabled unsigned programs to elevate.

    On demand scan check
    HitmanPro free, Panda Cloudscanner free, Comodo KillSwitch (programs and autoruns) => only before monthly backup

    Backup/Imagine
    Windows own image backup, Synctoy free for data backup
     
    Last edited: Sep 10, 2012
  16. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,545
    Incorrect. And any time I walk away, even to squeeze a leak, I lock my desktop. Not that it really matters... I'm a single user, at home, living alone. lol

    The only other person that touches the box is my best/girl friend, and she has her own LUA.

    Overkill is the name of my game... Even my absurdly light setup is complete overkill. I'd be fine with just a router & nothing else probably.
     
  17. mattbiernat

    mattbiernat Registered Member

    Joined:
    Aug 17, 2012
    Posts:
    179
    Location:
    U.S.
    1) MBAM updates every 4-8 hours, it won't be able to do so with DeepFreeze
    2) EMET? What's the point? My system gets restored to original set up at boot time. Do you think that DeepFreeze can be bypassed by malware?
     
  18. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,587
    Location:
    Canada
    appguard in lockdown mode and hitmanpro
     
  19. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
     
    Last edited: Sep 6, 2012
  20. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    6,587
    Location:
    USA
    For all those who had an issue with the green bump in TrafficLight...
    it's GONE with the new version release, as noted here. :D
     
  21. mattbiernat

    mattbiernat Registered Member

    Joined:
    Aug 17, 2012
    Posts:
    179
    Location:
    U.S.
    Yeah I 100% agree before each shopping or banking session you gotta reboot. Yhe upside of this set up is a very good safety at start up and as you browse the internet more and more, the less secure your system gets. Then when I finally download something I may want to save, I have a dilemma - is it safe or not safe?
    That's why I got HMP and TrendMicro HouseCall. Both connect to the could so no need to thaw my system from deepfreeze. I wish there were more options for cloud based security solutions. EMET is another option that I will enable, since it doesn't use almost any resources and works almost silently in the background.
    I really like this security solution, I may end up keeping it and buying 2 licenses for DeepFreeze.
     
  22. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    I think its a great setup,I like it to.:thumb: My local library use Deep Freeze and if they didn't there systems would be a disaster with out Deep Freeze and keeps there cost down.One of the managers said its like we have a new computer every time they reboot them.LOL,I agree with her.
     
    Last edited: Sep 6, 2012
  23. Robot_Z

    Robot_Z Registered Member

    Joined:
    Jul 22, 2012
    Posts:
    45
    Location:
    Canada
    Uninstalled most of my stuff and just keeping CIS + Sandboxie for now. Will likely change soon..

    Also using Comodo Dragon in place of Chrome now.
     
  24. KelvinW4

    KelvinW4 Registered Member

    Joined:
    Oct 11, 2011
    Posts:
    1,199
    Location:
    Los Angeles, California
    Why change you should try Comodo 6 beta when it comes out :thumb:
     
  25. mattbiernat

    mattbiernat Registered Member

    Joined:
    Aug 17, 2012
    Posts:
    179
    Location:
    U.S.
    I think it's one of the few ways the we can make sure that the system is 100% free of keyloggers, malware, spyware and all the other good stuff. I can see you are also using SD :)
    What I love about this set up is that it actually uses so few resources and I don't have to install 5 security apps...
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.