What is your security setup these days?

Simple setup:

- Zone Alarm Free Antivirus + Firewall: first impressions - light, simple to use and configure. Uses Kaspersky sigs

- Sandboxie ( with VT Hash Check configured in Download StatusBar - Firefox extension -)

- Some system hardening.

Very light and stable so far.

 

Alex how much memory is ZoneAlarm using?

 

Oh you should know, always the regular

 

Well, hahahaha....this is like the fourth setup I have gone through, because I've been trying to find the right balance between super secure and lightweight, and I think I finally found it.

I dunno, what do you all think?

Well, plus some previous software I was using gave me some troubles, so that is also another reason why I've been soul searching for the right setup.

 

Couldn't agree more my friend.

 

Iobit caused a ton of registry problems on my XP/SP3/PRO system when I uninstalled it. Beware.

 

@RADEON
Nice setup you got there my friend. Light and fast.

 

I ran AAron Stebner's .NET cleanup utility to remove .NET version 1.0, then downloaded .NET 2.0 from his site. That enabled me to run EMET, and I have added as many .exe files as I could find, to the EMET configure apps list. I do not have Java running, but do have Javascript enabled on Opera. I run ExploitShield OUTSIDE of Emet, and have my old Comodo firewall+hips set on paranoid mode, also running Sandboxie/browsers sandboxed, with their version of drop my rights. Now, you guys are a lot more knowledgeable than I am about some of this stuff, but I don't think I have much of an attack surface here, on this XP/Pro/SP3 'puter. I am pretty confident. And with this config, it runs fast enough for me. Not lightening fast, but fast enough. Oh, BTW, my Avast antivirus has caught more exploits over the years than any other app could possibly catch, I know I am going out on a limb saying that, but its solid.

 

I´m not home so i can´t tell you exact values.

With firefox opened about 200.000 k.

With firefox closed between 60.000 k and 100.000k

It runs very light

 

Whats the total download size of zonealarm please.?

 

@Beethoven1770
Sorry but i don´t remember... :/

 

Changed setup. Now using what's in my sig. Nothing else. This is the fastest, lightest and strongest setup for my pc.

 

No defense against key/screen loggers...

 

maybe in his 'parallel universe'

 

@siketa
Nope. My pc is clean. And anything including loggers will get trapped in the sandbox temporarily only to be cleansed on browser exit. If something survives that it'll still get trapped in the virtual environment and will be removed on pc shutdown. I do not worry about the temporary existence of loggers other than when online banking which I of course carry out on a whole new computing session.

 

A keylogger will still attempt to make an outbound connection even when sandboxed.
Hope you have a good firewall.

 

Unless he manually withelist internet and run access/permissions in sandbox configuration...

 

@Beethoven1770
Just Win XP FW.

 

@AlexC
Right you are.

 

What if an infection comes from USB memory?

 

Sweet setup bro! Thanks for the info. Your superior specs seem capable of taking on that burden without any "noticeable" impact. If that were the case with me I "may" run it too. But I'll wait on ES. But quite frankly, I'm confident that I'll be just fine without either. With lower specs it's always been a security vs. what I consider acceptable resource/convenience loss for me. If I feel either of the latter 2 are being sacrificed I'll peel security back if I feel I'm already sufficiently covered in that regard by other means (typically hardening). That mainly entails to me dropping the real-time AV in favor of SBIE & imaging. And my paranoid HIPS & default deny SRP cover a lot of ground too with very little footprint.

I see you mentioned you combed through the GP. Just wanted to make sure you didn't overlook a few in the Local Policy... Under "User Right Assignments", I like to clear all user accounts from "Allow logon through Terminal Services". Bypass traverse checking & Access this computer from the network = Admins & Users only.

For that matter, I hope you created another Admin. account to use, then disabled the built in one before you did any of this stuff (Computer Management). That's the first thing I do on a fresh XP install. I delete or disable all other accounts too. So in the end I have 2 accounts, that secondary Admin & a LUA. I used to run LUA most of the time, but that turned out to be one of those cases I felt I was sacrificing too much convenience. I feel my Admin account is plenty safe/hardened.

Under "Security Options": Do not require Ctrl+Alt+Del = disable. Send unencrypted passwords to 3'rd party SMB servers = disable. Do not allow anonymous enumeration of SAM accounts and shares = enable. The very next one under that "storage of credentials or .NET passport... = enable. Shutdown: clear virtual memory pagefile = enable

And ya know... since adding this 2'nd gig of RAM I haven't tried EMET again. I wonder if now I couldn't take it in stride better? I may just try and reimage if I don't like it. To be perfectly honest I don't know much about buffer exploits, other than that I've managed to avoid them all this time without a tool like EMET. So I imagine I'm doing "something" to adequately protect me from that vector. Exactly what... I have no idea.

 

@siketa
For USB memory, autostart/autoplay of drives are disabled. I force start the USB drive to start in sandbox and I also put that drive in shadow mode. And last but not least I do rarely use any USB memory/flash nowadays.

 

As do I... excellent measures indeed. I also force my CD/DVD & floppy drives. Flat out, any place you can possibly plug something into my PC is forced into a sandbox that allows only a few manual scanners start/run... to verify anything on it clean before putting it on my box. In addition to disabling autoplay (all drives) I also recommend disabling the service "Shell Hardware Detection", on XP anyway. I have no idea if such a service exists on post XP versions and/or if it's tied into autoplay functionality like it is on XP. And Volume Shadow Copy is another that should be nuked.

This measure is what allows me to feel nothing is lost by using my VT Hash Check/Download Statusbar method as a substitute for a real-time AV.

 

Old and not so often seen trick:
https://windowssecrets.com/top-story/one-quick-trick-prevents-autorun-attacks/

 

Unless you´re tricked to install malicious software in your machine, or someone inside your network hacks your computer, everything looks fine to me.

VT Hash Check is great to check files (installers, for instance) with size under 20MB, and Comodo Camas (h**p://camas.comodo.com/) can be used to watch the installer behavior before you actually use it on your computer