What is your security setup these days?

I'm trying Win8 Pro 32bit now.

Pls,suggest me which AVs (not suite) are most fully compatible with W8 and other security setup that could be add as layer ?

Current,I let W8 virgin with MSE installed and only add SBIE.

thank in advance,guys

 

I left my windows 8 X 64 a virgin and nothing but built in security,system hardening and the On Demand of Hitman Pro.Did I mention how light it is.

AFAIK,Most third party Antivirus are or should be compatiable with windows 8.

 

Windows 7 Ultimate 32 bits with internal FireWall also controlling outbound traffic

Restrictions for Everyone (including Administrators)
- UAC: set to full and deny elevation to all unsigned executables (e.g. Media Player Classic , 7-ZIP)
- GPO: Deny installation of unsigned drivers and active-X, deny autorun and execute access to USB
- ACL: Deny execute for everyone on User Shell Folders, Public and Internet/Download folders
- EMET: set system wide DEP, SEHOP, ASLR to maximum

Restrictions for Users/Medium Integrity Level processes
- SRP: Deny execute for all files (outside Windows and Program Files) and all users (except Admins)
- GPO: Locked IE10/Chrome/Outlook, denied access to risky OS-programs and HKCU-autostarts
- ACL: Added Mandatory Medium Level Integrity to Outlook E-mail and Foxit PDF-reader
- EMET: added Chrome, IE10, Outlook, Foxit, 7-ZIP and Media Player Classic

Restricted by Low Rights/Intergrity Level sandbox
- IE10: for on-line banking only (IP/SSL FireWall filter), Keyscrambler free (only add-on), no data cached
- Chrome: for daily browsing incognito, click to play flash, allow javascript only from COM and NL domains

On demand
HitmanPro free

 

WSA and HP for backup.

 

WSA Avast pro MBAM Pro

 

Sounds great.

 

Yes, simplified description

 

HI kees.
If you ever find yourself in england please do come and set my computer up to your specs.
Marvellous.

 

Thx, you will need a Pro version of Windows 7 (or higher) to raise Ten Thresholds for Threats (AKA a Tripple T rating security setup)

 

Emsisoft IS + WSA + Sbie + SD

 

Company owned PC:

OS is W7 Enterprise
McAfee EndPoint Encryption system encryption
McAfee Viruscan Enterprise (it sucks!)
Windows Firewall with standard/default settings
Chrome with ADBlock+, Adblock, Ghostery, HTTPS Everywhere, Antisocial, DNT, Google Opt-out.
Cloud files protected with Cloudfogger
Some sensitive local files with AXCrypt.
Passwords stored in Keepass2.

Personal Netbook:

OS is W7 Starter
Truecrypt System encryption
MSE
Windows Firewall with standard settings
Comodo Dragon with same extensions like Chrome
Keepass2

 

@Lucid,

thanks for all those additional tips I tried with .NET 2.0 and EMET removed but I had a hard time noticing a speed difference, so I restored the image with them, because I know I read somewhere, an MS article, that XP with EMET is considerably more secure. I might disable a few more services when I get around to it. As for removing themes, I can't bring myself to do that Currently I'm using a Noir remix and Noir theme - very cool

 

You'd certainly notice a difference if you never install .NET Framework to begin with, have a very barebones setup... and then install it. It's very noticeable that your box isn't as responsive anymore. Uninstalling it afterward on the other hand... you don't notice much of a diff. if at all, because once it's on it's almost impossible to actually get rid of. You may uninstall it but it left a ton of junk behind that dug deep into your OS. It's like a point of no return once it's on... pretty much need to reformat to go back.

As for whether EMET helps much, it certainly depends on your setup. As I look I have no vulnerable services running and no ports hanging open that would otherwise be associated with them. Closing those 2 I mentioned closes a huge gap that would otherwise exist in XP. Even if you disable NetBios those ports aren't completely closed. No Java and things of that nature. A default deny NoScript regimen. Just how is this exploit supposed to, well... exploit me?... with no vulnerable services to piggy back onto and no ports to swoop in on? It'd have to get up pretty early... Really it would take a lapse of judgement on my part. But if EMET isn't slowing you down compared to the way you had it prior, and isn't conflicting with anything, sure why not? That isn't the case with me. Right now windows pop up & pages load immediately the way I have things. If I add something like .NET FW, EMET, and real-time AV's... that's no longer the case. I think when you have things so barebones & light to begin with you notice any little impact. But if things aren't that light to begin with, then adding something else isn't nearly as noticeable.

And it's a shame, because stripping down those theme settings I mention makes a HUGE difference... probably more than anything else in regards to Windows Explorer. Barebone those settings on a clean/freshly formatted box (without .NET FW), then add it... and I'll bet you notice a difference.

 

I've nLited my XP pro disk, removing 245 MB of clutter in the process but I'm all out of optical media to burn the iso to, and I can't boot off of usb no matter what I try in the bios, so I'll have to pick up some disks later then try it out tonight.

 

Thank for input,DS

Agree with you,now only add SBIE & MBAM Pro plus system hardening.

 

And now are you running Avast and Privatefirewall?If yes,could you please block a browser in Privatefirewall and see if it still connects?

 

Joe,

i would be glad to do it but i´m no longer using Privatefirewall.

 

Windows 7 Home premium x64
° updated

Realtime protection
° Bitdefender Internet Security 2013
° Windows 7 Firewall control free

On demand
° Hitmanpro

Instant Recovery
° Rollback RX

Browser
° Firefox
Addons: Adblock plus & Flashblock
° IE9

Software updater
° KC Softwares SUMo

 

Well wat I assume you have like 4 gigs of RAM on your box? If so, maybe you'll notice nothing at all. I certainly did with only 1. But then again I'd think it would be noticeable no matter how much RAM you have. It just bloats your XP install so much... practically makes it 20% larger. That leaves bloat that goes beyond mere RAM measurements. Hell, I'm not sure it even uses ANY RAM at all really. But I notice a difference afterward that's night & day in terms of responsiveness. But who knows, maybe it wouldn't be the case with XP pushing the max 3.25 of RAM? And your CPU is also undoubtedly better. Mine is but a lowly single core Celeron @ 2.4 ghz.

If it makes no difference on your box, then go for it. Though I personally would still rather have less attack surface in the first place than add something like .NET FW then EMET to compensate for it. I see that as kind of like painting over rust, or even curing the disease by killing the patient... which becomes especially true once EMET starts conflicting with stuff.

 

Ok Alex,no problem.

 

I'm still using what's in my sig. Absolutely nothing else. It's light and simple.

 

no firewall?
or are you using windows default?

 

Windows XP FW. Titanium has the firewall booster thing you see. Also I believe if there's no malware in pc there's nothing to call home. I'm being on the simplified side.

 

Ditto. I have win7 firewall for inbound control and WSA for outbound control. I used to feel the need for a 3rd party firewall but with my current setup nothing mush is getting in to call back out.

 

Well this new nLited setup is completed and similar to the previous install except of course this one has less crap on it. I created an image pre-.NET 2.0 and EMET then ran it for a while, then installed .NET and EMET and ran it, not really noticing any performance difference, so I will keep .NET and EMET, as I feel EMET fills a rather significant security hole by protecting against buffer exploits.

As for RAM, yes I have 4GB although XP sees ~ 3GB. The rig has dual gpu's, nVidia 7900GTX so they take quite a load off the processor as well, which is just an AMD 64 X2, 2.27GHz 4400+.

The security as I've posted several posts above I feel is near perfect. Many services disabled, SRP covers basic executable whitelisted paths for protected directories, Jetico covers additionally for modify child processes, registry modification attempts and writing to application's memory, then it also has excellent packet filtering and application outbound control, EMET covers buffer exploits and then I'm running as limited user. To top it all off, I'm using Chrome with all kinds of policy hardening and script control plugin.