What is your security setup these days?

OS: Windows 7 64-Bit
Scanners-AV/AM: Avira, Malwarebyte's.
FireWall & HIPS: Online Armor, WinPatrol.
Virtu & Sandx: VMware, Shadow Defender, Sandboxie.
Encrytp: TrueCrypt, KeePass, KeyScrambler
Other: No Autorun, Hosts:MVPS.

Something to add/change ?

 

Amit, I'm interested in what the correct way is to configure Sandboxie? I thought it was pretty much ok as it is with 64 bit protection and auto delete or have I missed out on something?

 

You can run Windows Explorer sandboxed, what we should not do is force Windows Explorer to run sandboxed. If you try to force Windows Explorer, SBIE gives the message that doing so is not recommended. If you force WE, you will get errors. On the other hand, Sandboxie allows you to sandbox Explorer to navigate to files.

If you go to the Sandboxie menu in Start, you will see an option there to open WE sandboxed. If you click on it, WE will attempt to open in your default sandbox but if you are using a restricted default sandbox, Explorer wont open. So, you can either right click on WE and choose to run it in another sandbox or to make it easier, you can create a sandboxed shortcut for it and place it in your desktop or taskbar. I have mine in the taskbar and I use it occasionally. Even though, I am using the paid version, using a sandboxed Windows Explorer comes handy some times.

If you like to create a shortcut for Explorer. Create a new sandbox and name it something like WE, I disabled internet access and allow all programs to run on mine. Then follow the instructions from the link on how to create the shortcut.

http://www.sandboxie.com/index.php?ConfigureMenu#shell

Bo

 

The correct way to configure SBIE depends on what you are going to use Sandboxie for. In my opinion, the default sandbox is strong as it is, it is setup by Tzuk in a way that makes it easy to use for people that just started using SBIE. Again, in my opinion, when people start using SBIE, for the first few weeks or months the new user should use a default sandbox until it gets a good feeling of how the sandbox works.

I see a lot of people start restricting the sandbox right away after installing SBIE for the first time and then when they start getting a bunch of messages from SBIE, they think that SBIE is not working properly when that is not the case.

By the way, I do believe that the default setting of the default sandbox is well balanced in the sense that is secure and comfortable to use. If I was you, I would just change three settings at this time. Make sure the sandbox deletes on closing, set recovery so you can save files and allow bookmarks to be saved out of the sandbox.

Later, when you get a good feel about SBIE, create more sandboxes and use the restrictions on the ones that can be restricted without interfering with usability. Sandboxie is very easy to use but you should read about it. There is plenty information on this forum and at the Sandboxie forum.

Bo

 

@merisi
Well Bo explained very nicely.

 

I also needed several months to learn how to configure SBIE.

 

OK, big thanks, I just remembered that ssj100 has shown on youtube how to sandbox WE, and it is basically exactly what you said, I will look for it, but also take a look at this link you gave me.
Big thanks.

 

How exactly WinPatrol Plus protects my computer system? I installed it and I don't know what to do with it. I see many people here use WinPatrol Plus, why?
I want to try it myself, but I don't know what to do with it?

 

I think it should be like a hips basically, so it should tell you about any changes on your Computer. The main difference between the paid and the free Version is that the paid Version is proactive and the free Version just reactive so Winpatrol PLUS should be HIPS (prevention) where as Winpatrol free should be HIDS (Detection). I'm not quite sure though

 

Thanks Bo. I have been using Sandboxie for over a year so I'm quite embarrassed to find out there is more to it than I realised but I've been learning a lot on Wilders in the last month.

I think I'll create a new Sandbox to tweak around with things before I lock any configurations but I will do as you suggested and read up on this first.

 

After a couple of year of absence back to my signature.

 

CWS , you are welcome.

You know, actually, you shouldn't feel embarrassed by using SBIE the way you have so far because now you know that SBIE works well just the way it comes out of the box. Your confidence in Sandboxie should be greater now than it was early today, you have been using SBIE on default and you havent been infected. You don't need to hear from anyone telling you that SBIE works great on default and now when you start to make restrictions in your sandbox, if SBIE behaves differently than it has in the year that you used it or if you get a message from SBIE, you ll know that it is related to the changes you made and is not an error.

Bo

 

Just because programs recommend having that much physical memory in place doesn't mean they'll use it all. They're assuming you'll of course have other stuff on there too and taking that into consideration.

If you want a true outbound firewall, LooknStop IMO is your best bet. It's the lightest outbound FW I've ever seen. Yes, it is paid. And no, it hasn't been updated in ages. But it's just what your low spec box needs if you want a true outbound FW.

Personally, back when I ran with 1 GB of RAM (not long ago at all) my setup was plenty snappy with Comodo FW & D+ on it. And I even used a real-time AV then too (Avira- File Guard only). I can't see it slowing down your box much, if at all, even with 1 gig.

If you don't want a full blown HIPS but find the functionality in WinPatrol useful to you, then yes it's ideal for you.

If you're a Firefox user you may also want to look into the VT Hash Check/Download Statusbar method, as an alternative to a real-time AV. Of course you could just use VT Hash Check to shell (right click) scan files before recovering them from SBIE too. If you don't download things often it's not much convenience lost. And 1 less thing to allow in SBIE restrictions.

Also you should definitely not have to disable the Windows (XP) FW on account of anything, including Malware Defender. I've yet to meet an app it will conflict with. And if you feel confident that everything on your box is clean & trustworthy, and have an image(s) handy, then heck... roll with just the XP FW + router (if you have one). Doesn't get lighter than that. That method Bo mentioned to sandbox removable drives/USB ports will help cover vectors otherwise lost too. As will WinPatrol if you decide to stick with it.

If you use XP Pro there's a tweak to harden it via a GP edit I posted in the FW forum some time ago. Should be on page 2 or 3, not too far buried. Titled: "How to harden XP Pro FW"... or something like that. It might make you sleep better at night ; )

 

Well, I've been surfing on even dangerous websites without Windows XP firewall, but with my router's firewall and still nothing has been able to penetrate it (that's how much it is good), however I still decided to use Windows XP firewall.

I don't know if the newest Comodo Firewall's version will work on my 1 gigabytes of ram memory, but honestly I don't need it. My computer system is 100% clean, I reinstall it every 3 months, from scratch.
I use configured paid Sandboxie.
I don't need anything else, at least not on this computer.

It is possible to tweak via GP edit? Sorry, I don't understand what does this mean, but I'd like to know what do you mean, I'll try to find it...

 

When you put it like that you're absolutely right Bo, SBIE has protected me and stopped me from having any problems bearing in mind my av until recently was McAfee. I have made a few changes to SBIE because I have numerous sandboxes for different tasks and I just modified them in settings so only the one program I want running is allowed and that certain browsers are automatically sandboxed but I can change bookmarks. I never knew I could do half this stuff and I must admit I like SBIE even more.

 

That's the last version "xiaolin" developed before turning MD over to 360Labs.(and also going to work for them)
I don't believe there is much difference between 2.6 and the most current version, only cosmetic changes such as new tray icon.
Besides 2.6 is bought and paid for here and runs without issues.

 

Malware Defender

 

I'm using version 3.76

I have XP firewall on with MD running, no conflicts here.

 

Switched Comodo FW out for LNS 64b. Comodo was messing up my wifi connection, kept losing connectivity.

MBam for OD

 

OK...thanks for explanation

 

I am "outed"...

 

First, you need to be running the Pro version of XP to be able to utilize it. If you are... the thread is actually all the way back on Page 5. I didn't realize there were that many new threads in the FW section since then.

Also, I wasn't recommending you use v6 of Comodo FW at all. Go with version 5.10, if at all. But I agree you'll be fine without it.

I highly recommend VT Hash Check as either an on demand scanner, to hit things up before recovering them from SBIE... or in the manner I suggested if you're a Firefox user for footprint free automatic scanning of new downloads.

GP = Group Policy... only available on the Pro version of XP. To get in there enter "gpedit.msc" (without the quotes) into the "Run" box.

I like your setup

 

Nice setup

 

Ha ha
am a comics fan myself

 

Eset AV 6