What is your security setup these days?

Discussion in 'other anti-malware software' started by dja2k, Dec 15, 2005.

  1. AlexC

    AlexC Registered Member

    Joined:
    Apr 4, 2009
    Posts:
    1,288
    Simple setup:

    - Zone Alarm Free Antivirus + Firewall: first impressions - light, simple to use and configure. Uses Kaspersky sigs :)

    - Sandboxie ( with VT Hash Check configured in Download StatusBar - Firefox extension -)

    - Some system hardening.

    Very light and stable so far.
     
  2. kjdemuth

    kjdemuth Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    2,975
    Location:
    Boston, MA
    Alex how much memory is ZoneAlarm using?
     
  3. KelvinW4

    KelvinW4 Registered Member

    Joined:
    Oct 11, 2011
    Posts:
    1,199
    Location:
    Los Angeles, California
    Oh you should know, always the regular ;)
     
  4. Tyrizian

    Tyrizian Registered Member

    Joined:
    Apr 26, 2012
    Posts:
    2,838
    Well, hahahaha....this is like the fourth setup I have gone through, because I've been trying to find the right balance between super secure and lightweight, and I think I finally found it.

    I dunno, what do you all think?

    Well, plus some previous software I was using gave me some troubles, so that is also another reason why I've been soul searching for the right setup.
     
  5. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    5,974
    Location:
    Parallel Universe
    Couldn't agree more my friend.;):thumb:
     
  6. zitch

    zitch Guest

    Iobit caused a ton of registry problems on my XP/SP3/PRO system when I uninstalled it. Beware.
     
  7. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    5,974
    Location:
    Parallel Universe
    @RADEON
    Nice setup you got there my friend.:thumb: Light and fast.
     
  8. zitch

    zitch Guest

    I ran AAron Stebner's .NET cleanup utility to remove .NET version 1.0, then downloaded .NET 2.0 from his site. That enabled me to run EMET, and I have added as many .exe files as I could find, to the EMET configure apps list. I do not have Java running, but do have Javascript enabled on Opera. I run ExploitShield OUTSIDE of Emet, and have my old Comodo firewall+hips set on paranoid mode, also running Sandboxie/browsers sandboxed, with their version of drop my rights. Now, you guys are a lot more knowledgeable than I am about some of this stuff, but I don't think I have much of an attack surface here, on this XP/Pro/SP3 'puter. I am pretty confident. And with this config, it runs fast enough for me. Not lightening fast, but fast enough. Oh, BTW, my Avast antivirus has caught more exploits over the years than any other app could possibly catch, I know I am going out on a limb saying that, but its solid.
     
  9. AlexC

    AlexC Registered Member

    Joined:
    Apr 4, 2009
    Posts:
    1,288
    I´m not home so i can´t tell you exact values.

    With firefox opened about 200.000 k.

    With firefox closed between 60.000 k and 100.000k

    It runs very light :thumb:
     
  10. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    4,051
    Whats the total download size of zonealarm please.?
     
  11. AlexC

    AlexC Registered Member

    Joined:
    Apr 4, 2009
    Posts:
    1,288
    @Beethoven1770
    Sorry but i don´t remember... :/
     
  12. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    5,974
    Location:
    Parallel Universe
    Changed setup. Now using what's in my sig. Nothing else. This is the fastest, lightest and strongest setup for my pc.:):thumb:
     
  13. siketa

    siketa Registered Member

    Joined:
    Oct 25, 2012
    Posts:
    2,718
    Location:
    Gaia
    No defense against key/screen loggers...
     
  14. Syobon

    Syobon Registered Member

    Joined:
    Dec 27, 2009
    Posts:
    469
    maybe in his 'parallel universe' :D
     
  15. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    5,974
    Location:
    Parallel Universe
    @siketa
    Nope. My pc is clean. And anything including loggers will get trapped in the sandbox temporarily only to be cleansed on browser exit. If something survives that it'll still get trapped in the virtual environment and will be removed on pc shutdown. I do not worry about the temporary existence of loggers other than when online banking which I of course carry out on a whole new computing session. :)
     
  16. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    4,051
    A keylogger will still attempt to make an outbound connection even when sandboxed.
    Hope you have a good firewall.:D
     
  17. AlexC

    AlexC Registered Member

    Joined:
    Apr 4, 2009
    Posts:
    1,288
    Unless he manually withelist internet and run access/permissions in sandbox configuration...
     
  18. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    5,974
    Location:
    Parallel Universe
    @Beethoven1770
    Just Win XP FW.:D
     
  19. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    5,974
    Location:
    Parallel Universe
    @AlexC
    Right you are.;):thumb:
     
  20. siketa

    siketa Registered Member

    Joined:
    Oct 25, 2012
    Posts:
    2,718
    Location:
    Gaia
    What if an infection comes from USB memory?
     
  21. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,545
    Sweet setup bro! Thanks for the info. Your superior specs seem capable of taking on that burden without any "noticeable" impact. If that were the case with me I "may" run it too. But I'll wait on ES. But quite frankly, I'm confident that I'll be just fine without either. With lower specs it's always been a security vs. what I consider acceptable resource/convenience loss for me. If I feel either of the latter 2 are being sacrificed I'll peel security back if I feel I'm already sufficiently covered in that regard by other means (typically hardening). That mainly entails to me dropping the real-time AV in favor of SBIE & imaging. And my paranoid HIPS & default deny SRP cover a lot of ground too with very little footprint.

    I see you mentioned you combed through the GP. Just wanted to make sure you didn't overlook a few in the Local Policy... Under "User Right Assignments", I like to clear all user accounts from "Allow logon through Terminal Services". Bypass traverse checking & Access this computer from the network = Admins & Users only.

    For that matter, I hope you created another Admin. account to use, then disabled the built in one before you did any of this stuff (Computer Management). That's the first thing I do on a fresh XP install. I delete or disable all other accounts too. So in the end I have 2 accounts, that secondary Admin & a LUA. I used to run LUA most of the time, but that turned out to be one of those cases I felt I was sacrificing too much convenience. I feel my Admin account is plenty safe/hardened.

    Under "Security Options": Do not require Ctrl+Alt+Del = disable. Send unencrypted passwords to 3'rd party SMB servers = disable. Do not allow anonymous enumeration of SAM accounts and shares = enable. The very next one under that "storage of credentials or .NET passport... = enable. Shutdown: clear virtual memory pagefile = enable

    And ya know... since adding this 2'nd gig of RAM I haven't tried EMET again. I wonder if now I couldn't take it in stride better? I may just try and reimage if I don't like it. To be perfectly honest I don't know much about buffer exploits, other than that I've managed to avoid them all this time without a tool like EMET. So I imagine I'm doing "something" to adequately protect me from that vector. Exactly what... I have no idea.
     
    Last edited: Jan 30, 2013
  22. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    5,974
    Location:
    Parallel Universe
    @siketa
    For USB memory, autostart/autoplay of drives are disabled. I force start the USB drive to start in sandbox and I also put that drive in shadow mode. And last but not least I do rarely use any USB memory/flash nowadays. :D
     
  23. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,545
    As do I... excellent measures indeed. I also force my CD/DVD & floppy drives. Flat out, any place you can possibly plug something into my PC is forced into a sandbox that allows only a few manual scanners start/run... to verify anything on it clean before putting it on my box. In addition to disabling autoplay (all drives) I also recommend disabling the service "Shell Hardware Detection", on XP anyway. I have no idea if such a service exists on post XP versions and/or if it's tied into autoplay functionality like it is on XP. And Volume Shadow Copy is another that should be nuked.

    This measure is what allows me to feel nothing is lost by using my VT Hash Check/Download Statusbar method as a substitute for a real-time AV.
     
    Last edited: Jan 30, 2013
  24. siketa

    siketa Registered Member

    Joined:
    Oct 25, 2012
    Posts:
    2,718
    Location:
    Gaia
  25. AlexC

    AlexC Registered Member

    Joined:
    Apr 4, 2009
    Posts:
    1,288
    Unless you´re tricked to install malicious software in your machine, or someone inside your network hacks your computer, everything looks fine to me.

    VT Hash Check is great to check files (installers, for instance) with size under 20MB, and Comodo Camas (h**p://camas.comodo.com/) can be used to watch the installer behavior before you actually use it on your computer :thumb:
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.