What is your security setup these days?

well currently the crème de la crème of course aka airvpn and mullvad , airvpn as my trusted vpn that sees my real ip and mullvad for the outer dirty buisness , both are top tier and protect your privacy , i trust both but only one with my real ip and thats air , cause thats just how we do it

so its airvpn>tor>mullvad , one hell of a combo , hell ill betcha i could even hack the nsa with that one , , lols, but for real , its a damn solid setup, all thanks to mirimir and his genius ideas , hell ive learned more in the past year than all my life , when it comes to computer security, thanks to wilders

this has been an ongoing project of mine , to completely break free of the shackels of corruption , atleast as good as possible , hell only finding the right vpn it took me atleast 25 vpn provider tests to find the right one , hell my old thread ist still alive, kinda suprised , lols its almost like dasfoxes undead anonymous vpn thread

 

lols , i see , well that sounds good enough to me

 

Excellent choices, and I agree with how you're using each one too. Since it doesn't matter as much how you pay for the one that sees your real IP anyway, use Mullvad for the other layer, as it provides payment option by cash money. That to me would be the deciding factor in how I set them up, since I trust both. iVPN/Mullvad is another good option. With iVPN being multi-hop, you could get 3 hops out of it instead of 2, + the TOR tunnel. But I almost don't even want to say that because I don't want you to second guess yourself at all... you made 2 great choices!

And it was great to see you give DasFox some props too. He and I (if you'll excuse the conceit), and a few other peeps through blood, sweat and tears combed through a ton of VPN's to weed out the shiesters and find those (very) few gems. And he was the one that pioneered it. The two you mentioned, Boleh, and iVPN are the only 4 I'd even consider at all. And Mullvad is the only one I'd fully endorse, due to the truly, 100% anonymous payment method, and not merely pseudo-anonymous, like BitCoin, etc...

I really hope you get things up and running so you can get on with your plans for world domination. When you take over, I hope you give me a good job...

 

And when you've got that part all ironed out, make sure to read up on how to prevent DNS leaks, if you haven't already. Choose the right DNS servers for one thing, and either manually flush the cache at connection or use a tool to do it called DNS Leak Fix (I can vouch for it).

And I recommend using Comodo FW to set things up so that in the event your VPN(s) disconnect your entire internet connection drops... as opposed to using some 3'rd party software or setting in a VPN client GUI to do it. Casper and I contributed to a thread that gave a pretty good rundown on how to accomplish it... though I'm not sure where that is now.

 

second guesses , hell no problem im always open for better ways , bring it , but thats only if its really better

thats ok ill find it perhaps with the help of mirimir , currenly this guide ive used up till now from air and served me well in blocking everything not being my tap adapter


https://airvpn.org/index.php?option=com_kunena&func=view&catid=3&id=3405&Itemid=142

about multihop , its not that much of a problem , if youve read up on mirimirs oppinions and explanations to it , in the setup im aiming for it dont matter multi or single , what does matter is if theyre trustworthy and theyre REAL , if you know what i mean

lets not derail the thread too much thou , lols , we got enough vpn threads to talk bout vpns

 

Agreed. And as for second guessing, and "better"... nope, no way I'd change a thing. And you're in great hands.

Now, back to our regularly scheduled paranoia...

Is my security setup okay (sig)?... what would you add/change? Any suggestions?

 

I agree 100%. Comodo 5.10 will be "golden oldie". I m not going to delete the setup file ever, unless a SP comes for Win7 and breaks it. And yes, Kerio 2.1.5, one of the best firewalls EVER!

 

Running (non built-in) Admin on XP Pro SP3:

Realtime
Comodo FW/D+ 5.10 - Custom Policy, Paranoid/Untrusted
Sandboxie Lifetime 3.76 - Removable Drives/USB Ports forced

Pseudo Realtime
VT Hash Check 1.01 - Set to autoscan downloads via Download Statusbar tweak

On Demand
Shadow Defender 1.1.0.325 - Shadow Mode used on occasion
Macrium Reflect Standard 4.2.3775 - Boot time imaging
OpenVPN 2.3.0 - Mullvad
Hitman Pro
MalwareBytes Free
Comodo Cleaning Essentials
Emsisoft Emergency Kit
Kaspersky TDSS Killer
GMER
VT Hash Check

Browser
Firefox w/Ixquick - Adblock Plus (EasyList, EasyPrivacy, Malware Domains, Antisocial), CS Lite Mod, Download Statusbar, HTTPS-Everywhere, *KeyScrambler, NoScript, RequestPolicy, VTzilla, WOT, Element Hiding Helper for Adblock Plus (Disabled - on demand)

Other
Router w/SPI - wired
Truecrypt 7.1 - OS partition encrypted (AES), sensitives in container
Comodo Secure DNS, Mullvad's DNS, *Swiss Privacy Foundation DNS - depends on situation

Hardening
A lot... wouldn't even know where to start

* = Recent changes - Put KS back, but on browser only. Haven't tried out those DNS servers yet but they seem like good options if Mullvad's are down for some reason.

 

Back to Eset NOD32 Antivirus v6
feeling light and powerful than v5

 

Another image with...
NIS 2013,Spyshelter free,Zemana AL free,Sandboxie.Hope it'll be a keeper.

 

Gone back to no av setup after having problems with bitdefender plus.

Chrome w/ Adblock Plus (Click to Play, Java Disabled except trusted sites)

Norton DNS

Windows 7 Firewall block in/outbound

Winpatrol Plus (Paid)

Malwarebytes PRO in real time

I will probs get EAM 7.0 or Webroot AV to run along side mbam pro. I used to use Sandboxie but because i only visit trusted sites and dont download anything dodgy like torrents etc i had no use for it. I never get infected by malware/viruses but i like to use mbam pro mainly for the web blocking and just to be safe.

 

I know exactly what you mean but if one focuses only on the bolded part above.....

 

Unbearable lightnes of being (protected by Windows 7 32 bits Ultimate only)

Windows 7 FW, also blocking outbound traffic

Low Rights Container
Chrome's sandbox with --no-referrers click to play flash plug-in, safe browsing, javascript allow for HTTPS\\* and .COM & .NL domains, extension blacklist (all)/whitelist(AddBlock only), plug-in allowed/disabled list, no history and other settings enforced through GPO.

User Space protection
Set a deny execute for everyone/all executables on Data Partitions (through ACL) and USB (with GPO). Addtional GPO template to enhance security of Outlook. Hardened GPO settings to limit user access to regedit, command, scripts, 16-bit, active desktop, Active-X & COM installation, task creation and obvious HKCU autostarts. Removed permissions for Users to change remaining (mostly empty) HKCU autostart entries (of Sysinternal autoruns) with RegEdit.

Admin space protection
Set UAC on Full and deny elevation of unsigned executables. Don't allow unsigned drivers to install. Applocker controls EXE & MSI, allowing only selected publishers/programs to update. Memory mitigation with EMET on all non-system/security programs of Program Files directory.

 

Nice setup Kees. Just wondering how you force chrome in incognito mode and also how you allow java for only https etc.

 

I have not installed java, controlling javascript with Chrome

See https://www.wilderssecurity.com/showthread.php?t=339576 and
https://www.wilderssecurity.com/showthread.php?t=339348

 

Changed setup.

Webroot SecureAnywhere
Google Chrome
Hitman Pro

I like the new setup. Very fast and light

 

Changed mine

Added avast! Free Antivirus, Outpost Firewall Pro, BitDefender Trafficlight and VTzilla

The rest remained from previous setup (In Sig)

I'm actually pretty satisfied with this one

 

You can easily disable java in Chrome by going to chrome://plugins. Firefox automatically disabled java.

 

Emsisoft Anti-Malware 7.0
huge virus database of more than 13 millions

 

Just a question concerning all that virus databases of all av vendors. Do they include all this antiviral stuff from old DOS times and other signatures of outdated viruses which are not actual anymore? Or they include only signatures of really actual viruses?

 

Comodo @ 15M


@ Solarlynx: I can tell you for sure that Malwarebytes deletes older signatures.

 

The amount of signatures is irrelevant...its how the av engine detects and utilises those signatures which is more important.

 

Of course. We know that.

 

I really do wish comodo would submit there av for testing and ive asked this on the comodo forum and melih said that some of the testing organisations are not iso accredited and so will not submit it..but comodo av has been tested by ICSA labs and performed quite well.

 

I've often thought that for this reason alone, it wouldn't be a bad idea for the bad guys to recycle old malware, i.e. bring something back to life, since it would largely go undetected.