What is your security setup these days?

Layers are GOOD. Witness: Am running Emet 3.0, along with ExploitShield (outside of Emet).....Avast 7, and have Eset online scanner ready when needed. Have also ran Kaspersky online scanner. Triple threat. Avast is hands down the best. Have been using it for years.

 

weren't you using Kaspersky Internet Security?
what happened?

 

Keep in mind that the online scanners generally have significantly lower detection rates compared to the full software. The full software can install drivers and such, which make it harder for malware to hide from compared to a basic user-level scanner. Online scanners may also perform more limited scans.

 

Added Zemana AntiLogger from the giveaway to my setup (in my sig)

 

I'm using what's in my sig.

 

Changed mine a little, now using Sandboxie for Firefox with NoScript and Adblock Plus. Also using Emisoft Anti-Malware in real time just incase and also Win7 Firewall block in/out and NortonDNS with Malwarebytes for on demand. Everything runs smooth , I will probs stick Malwarebytes in real time also as it has no impact on the system because i got used to the website blocking when doing random browsing.

 

Hi vector.
Im still with kaspersky for the forseeable future.Just thought i would go back to a comodo image to see if a few bugs were ironed out but i still dont think they have been.
Needs more time i suspect.
Kaspersky runs great here with no problems.

 

My nice and light setup! I'm using Windows 7 x64; running as admin with UAC at max.

Real time:
Sandboxie
- Sandboxed all internet facing applications in mostly separate sandboxes
- Set to NOT auto start on boot(for dat boot time)
- Program restrictions, internet access restrictions, and file restrictions
Windows Firewall
- Block all inbound
- Allow all outbound

On Demand:
HitmanPro

Other:
KeePass
TrueCrypt
Crashplan - Backing up all my files to their server along with a hard drive on my router.
CloneZilla - Imaging to the hard drive on my router.

 

1. Comodo Internet Security 6
2. Zemana free antilogger (on demand)
3. Sandboxie (browser) Intenet and Run Restrictions (only browser can run and connect to the Internet) Drop my rights and delete contents of sandbox at the end of session
4. Chrome (Adblock Plus and LastPass)
5. Norton DNS (Policy 1: Security)

and nothing else matters...

 

Layers are good, but they can also interfere with each other if several solutions do basically the same thing. Why on earth are you running both Exploitshield and EMET? They have the same purpose, EMET arguably being a bit better at the job and you're not limited by any "browser vs corporate edition" stuff. Personally I'd just use Avast and, if I thought I needed it, VirusTotal for weird downloads. Do layers, but don't use 3-4 products that do the same job.

 

Windows 7 Ultimate 32 bits with internal FireWall also controlling outbound traffic

Restrictions for Everyone (including Administrators)
- UAC: set to full and deny elevation to all unsigned executables (e.g. Media Player Classic , 7-ZIP)
- GPO: Deny installation of unsigned drivers and active-X, deny autorun and execute access to USB
- ACL: Deny execute for everyone on User Shell Folders, Public and Internet/Download folders
- EMET: set system wide DEP, SEHOP, ASLR to maximum

Restrictions for Users/Medium Integrity Level processes
- SRP: Deny execute for all files (outside Windows and Program Files) and all users (except Admins)
- GPO: Locked IE10/Chrome/Outlook, denied access to risky OS-programs and HKCU-autostarts
- ACL: Added Mandatory Medium Level Integrity to Outlook E-mail and Foxit PDF-reader
- EMET: added Chrome, IE10, Outlook, Foxit, 7-ZIP and Media Player Classic

Restricted by Low Rights/Intergrity Level sandbox
- IE10: for on-line banking only (IP/SSL FireWall filter), Keyscrambler free (only add-on), no data cached
- Chrome: for daily browsing incognito, click to play flash, allow javascript only from COM and NL domains

On demand
Toolwiz TimeFreeze
HitmanPro free

 

I just continue to be impressed with Rising PC Doctor. With the latest updates all issues of the process manager giving a large amount of internet being sucked up by RSTray.exe is fixed. Any UI glitches I have been having was fixed. Now if only it would detect Panda Cloud as an AV installed in the security monitoring area.

I highly recommend running it with an AV (*cough* Panda Cloud *cough*)

 

Well stated. And also when all these layers are part of the same product (i.e. Comodo 6), to me it defeats much of the purpose of layers. If this 1 product is compromised/terminated, or becomes corrupt and fails to load properly all those "layers" are swept aside in one fell swoop. That's why I'd never put all my eggs in one proverbial basket with these all encompassing suites.

 

Here Here! If you feel like you're sacrificing too much performance and/or convenience then it's time to trim back some of these layers/apps... when it's becoming quite obvious that you don't really need them anyway.

I also used to run LUA, but realized it just wasn't necessary and sometimes a PITA. I run a very safe Admin account that's more than adequate. The real-time AV was easy to leave behind too with SBIE, and now even easier thanks to user Dgiji dropping the knowledge about Download Statusbar.

But GPO's & SRP is hardening that doesn't interfere with my usage or add footprint (actually it decreases it), in my case. I run a user friendly default deny SRP... with dll's excluded and shortcuts allowed (.lnk excluded). I feel it's a great balance of convenience & security. My D+ renders it pretty moot, but I like to harden at the OS level to begin with and leave less work for my software. Also just in case software glitches out, you're covered.

 

Yep. I'll bet I could probably get by with nothing but my system hardening, a router, and NS. But I sure sleep better, err... browse better anyway with SBIE. Knowing I'm a closed session away from making malware *poof* into oblivion if it were to occur.

If it negatively impacted my footprint I wouldn't use it though. But the only thing I notice is that it adds 2-3 seconds to the boot time of a program. And I'm not even sure that's true anymore since FF v17. Since that version FF seems to boot up just as quick with or without SBIE for me. But anyhow, once the program is up and running SBIE has no impact on it. In fact if anything it may make it snappier since it keeps it isolated, but that may just be a placebo effect.

Things that offer an insurance policy like that and bring along no noticeable footprint... will always get consideration from me. SBIE & imaging mainly fall into that category. And VT Hash Check/Download Statusbar has also joined the ranks.

 

True... but I always like to harden my box at the OS level in the first place. That way in the event that software is compromised, becomes corrupt or otherwise fails to load properly for some reason you're already covered.

I also like to disable all vulnerable services/processes and close up the ports associated with them even though I have a FW & router stealthing all my ports anyhow. Just in case some day Comodo glitches out on me and/or my router breaths it's last breath (inevitable some day).

So I personally appreciate the tip.

 

Kerio Firewall 2.15 + Sandboxie 3.76
AppGuard 3.4.2 + Shadow Defender 1.1.0.325

AdMuncher 4.93 + Macrium Reflect 4.2

OpenDNS + Opera

 

LoneWolf

 

My pleasure bro! Both of your setups, for both XP & Win7 look rock solid. Like me you prefer to build your security from the ground/foundation up. Making it so theoretically you could axe all that software and still get by just fine. IMO that's the way to approach it.

If you plan on continuing to keep that XP boot around even after it's EOL I recommend favoriting the MSFN Forums website, and checking in periodically. They will keep releasing (unofficial) patches for it to keep it hardened. They still patch 98SE over there and other older OS's. And they will keep XP alive and perfectly healthy for a long time. I know that angers a lot of people... for some reason I don't quite grasp. But figured I'd pass that along to ya anyway.

 

That is one sweet setup. Lovin the Kerio 2.1.5. Perfect FW for XP, if Comodo is a bit too clunky for your taste and/or you don't care for HIPS. One of the best legacy apps of all time.

I've considered using it as well because my SRP probably sufficiently takes care of what D+ provides to me, with albeit a bit less control. It would make my uber light setup even a tad snappier. And now I'm considering it once again...

 

Kerio! Wow. That brings back some memories. I used to love that firewall. Is that still supprted Lonewolf?

 

Thanks,all running together w/o any problems whatsoever, light,quick and strong,maybe a keeper for a while.

Supprted ? Doubtful but not needed to be here on XP as it's working like a charm.

 

I actually did a small test where I ran the Counter Strike Source video tester both sandboxed and un sandoboxed and I got a higher average FPS with is sandboxed. I believe it was up about 10fps. This doesn't really mean much though as I'm already running at ~235fps on max settings as it is but it was still something. I was confused by this so I did something similar in Heroes of Newerth and I got a couple extra fps while sandboxed too. I went from ~33 to ~38 iirc. I never mentioned it on a forum though because it didn't make sense to me and figured I'd be flamed to no end. Haha

 

Not ture, EMET doesn't protect you from java exploits.

 

Thank you for that data Wesley Crusher (I just like to think that's who you are). Yeah it actually makes perfect sense to me. That something is isolated and things are prevented from leaching onto it. Plus just the act of isolation itself, gives it it's own little room/space.

Like I swear I notice a difference having my OS in it's own partition as opposed to having everything on my computer/hard drive all in the same one. I also think giving it some extra free space helps too. I think of it as "room to breathe", lol. Although (my install of) XP Pro SP3 only takes up about 5 gigs of hard drive space I make the partition 15-20 gigs for this reason. And I think I notice a difference.

I don't just do it with my OS either. I give a lot of my programs their own partition, including: Firefox, Pidgin Messenger, Comodo, Sandboxie, VLC, Open Office, and UTorrent back when I used it. Isolation is a big part of my security approach. But I believe it also makes things snappier. And it was awesome to see some hard evidence of this.