What is your security setup these days?

Discussion in 'other anti-malware software' started by dja2k, Dec 15, 2005.

  1. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,545
    Bitdefender's too heavy for my box... unless it has had a MAJOR overhaul since I've last looked at it.

    Nah, if I decided to look at a real-time AV again it'd have to be something near the footprint of an Avira/Avast with file guard/shield only. In fact I think I may even be able to disable the real-time file components and use a GP tweak to get it to fire only when new files are introduced to my box... making it uber light. It could hit up things automatically that come in via removable drives/USB, while I keep VTHC in place for my browser.

    Of course it's not an issue really since I have removable/USB sandboxed and would shell scan anything before putting it on my box. But still... thinking about it. The Script Shield of Avast also, in case I allow a script through NoScript and it proves to be a mistake. But again... sandboxed.

    Man... Sandboxie really takes away any need to be creative and play with my setup like I used to. I "almost" want to remove it on grounds it's too effective, and makes me bored.
     
  2. CrusherW9

    CrusherW9 Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    517
    Location:
    United States
    LOL

    I'm debating on adding Applocker to my setup as can be seen in my signature. What do you guys think? Personally, I feel that Sandboxie is extremely effective BUT, for a few things I'm using it with, it would be easier to whitelist with Applocker and not run them Sandboxed. Ofcourse if I end up adding Applocker for this reason, I might as well ditch Sandboxie then. Gah. So many possibilities.
     
  3. DR_LaRRY_PEpPeR

    DR_LaRRY_PEpPeR Registered Member

    Joined:
    Oct 11, 2012
    Posts:
    141
    Location:
    St. Louis area
    Couple questions Kees. :) In your attached image, which I think you've said previously, it says: "SRP: Set Default Level to Basic User ..." But AFAIK, the "Basic User" level just blocks stuff in Win 7, right?

    What does that do? With UAC, that stuff is already at Medium Integrity, so does setting Medium explicitly on the files prevent them from ever elevating or something?
     
  4. CrusherW9

    CrusherW9 Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    517
    Location:
    United States
    @DR_LaRRY_PEpPeR, Actually, IIRC, the Basic User option in SRP doesn't do anything in 7 and Vista since UAC has been implemented and it was just carried over from XP. Because of this, I think he meant that it was applied to standard users. As for the integrity levels, I think he meant low, as that was the trend on his old configurations but you never know what Kees will throw out there.

    EDIT: Actually, I just checked and the Basic User option in SRP has this description: "Allows programs to execute as a user that does not have Administrator access rights, but can still access resources accessible by normal users." So if you enabled this on XP, wouldn't this somewhat be the same as having UAC enabled on an administrator account in Vista/7? Of course, you wouldn't have the virtualization that UAC has but the access and integrity levels would work the same, no? Also, since "Basic User" and UAC appear to do similar things, wouldn't that mean you could somewhat implement UAC functionality in Vista/7 with this option while having UAC turned off? I don't know why you would do this but I'm just wondering.
     
    Last edited: Feb 22, 2013
  5. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,789
    Location:
    Nicaragua
    Hey Luciddream, I know the feeling. I being using the same setup for over two years, when I feel a little bored because the setup don't change nothing, I fire up SD and try something under it. For example, last night I played with the SBIE beta under SD in my XP.

    To me, coming to this thread and seeing people talking about security products they are trying is like seeing children talking about playing with toys that I am not allowed to play with.

    Bo
     
  6. Rompin Raider

    Rompin Raider Registered Member

    Joined:
    May 6, 2010
    Posts:
    1,252
    Location:
    North Texas
    Bo...using Sandboxie is like being the Maytag service man...nothing to do. Hope you are doing well!!! :thumb:
     
  7. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    6,586
    Location:
    USA
    Funny, and true. But the operative word is "almost", right?
    Sandboxie's presence may at first create boredom, but one soon realizes and appreciates the extra spare time it magically produces. More time to rediscover other aspects of life... that should be SBIE's slogan! :D
     
  8. 1chaoticadult

    1chaoticadult Registered Member

    Joined:
    Oct 28, 2010
    Posts:
    2,289
    Location:
    Chaotic Land
    Well said my friend :thumb:
     
  9. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,789
    Location:
    Nicaragua
    Page, my friend, you are right on the money. Having that spare time to do other things is one of the great benefits of using Sandboxie.

    Bo
     
  10. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,789
    Location:
    Nicaragua
    A few months after I started using SBIE, I actually did uninstall SBIE for a few days. I did it because I was bored. Before SBIE, I was doing scans all the time and cleaning an infection once or twice a year, that made things exciting. Right? Well, all that changed when SBIE came around. Now, I don't do any scans, don't get infected but have the extra time that Page:cool: mentioned to do the things that I really enjoy doing. Thats what SBIE is all about.

    RR, take care brother

    Bo
     
  11. kjdemuth

    kjdemuth Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    2,975
    Location:
    Boston, MA
    Yep. :thumb:
    I feel the same way. I've found a setup that is light and strong. I'm finding it kind of boring. I keep trying to add things but realize that I really don't need them. I still find time to try different things out though. You have to keep up with the times.
     
  12. arsenaloyal

    arsenaloyal Registered Member

    Joined:
    Nov 1, 2009
    Posts:
    512
    the feeling you describe is the same feeling i get when i use a linux machine! LOL
     
  13. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,734
    Location:
    Toronto Canada
    :rolleyes: Yes no security needed whatsoever on one of those.
     
  14. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,545
    Yeah... the "almost" was a very key word. I have no desire to go back to the way things were.

    Still, there are times I consider putting on a real-time AV again. But then every time I run an on demand scan with something, and see how sluggish my box is afterward, I come to my senses. I have to reboot to get things back to normal.
     
    Last edited: Feb 22, 2013
  15. blasev

    blasev Registered Member

    Joined:
    Oct 25, 2010
    Posts:
    763
    sandboxie makes me rarely post on wilders

    because I don't have anything to share....

    and I just love the way it stop me from downloading av definition, then use the precious bandwidth for fun :D
     
    Last edited: Feb 22, 2013
  16. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Windows 7 Ultimate 32 bits with internal FireWall also controlling outbound traffic, Norton DNS set at router with SPI FW

    Restrictions for Everyone (including Administrators)
    - UAC: set to full and deny elevation to all unsigned executables (e.g. Media Player Classic , 7-ZIP)
    - GPO: Deny installation of unsigned drivers and active-X, disabled autoplay and execute access to USB
    - ACL: Deny execute for everyone on User Shell Folders, Public and Internet/Download folders
    - EMET: set system wide DEP, SEHOP, ASLR to maximum

    Restrictions for Users/Medium Integrity Level processes
    - SRP: Deny execute for all files (outside Windows and Program Files) and all users (except Admins)
    - GPO: Locked IE10/Chrome/Outlook settings, hardened logon, shell and HKCU-autostarts
    - ACL: Added Mandatory Medium Level Integrity to Outlook E-mail and Foxit PDF-reader
    - EMET: added Chrome, IE10, Outlook, Foxit, 7-ZIP and Media Player Classic

    Restricted by Low Rights/Intergrity Level sandbox
    - IE10: for on-line banking only (IP/SSL FireWall filter), Keyscrambler free (only admin approved add-on)
    - Chrome: for daily browsing incognito, click to play flash, allow javascript only from COM, NL, EU, ORG, NET and EDU domains

    On demand
    HitmanPro free

    Lazy admin security practise: first - only download from known sources, second - prevent unintented installation, third - only allow signed software to elevate (not blacklisted by 2 IP-filters and 5 AV-engines)
     

    Attached Files:

    • Easy.png
      Easy.png
      File size:
      127.6 KB
      Views:
      786
    Last edited: Feb 23, 2013
  17. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,545
    Looks like an awesome balance of security & usability/convenience Kees. Which IMO is the desired goal no matter what OS you're using. When you come to find you're blocking yourself, and fighting your own restrictions every step of the way... it's time to ease up a bit.

    Sweetest Win7 setup I've ever seen.
     
  18. blasev

    blasev Registered Member

    Joined:
    Oct 25, 2010
    Posts:
    763
    Kees you should make an e-book for "Lazy admin security practise"
    step by step instruction.
    I'll definitely buy it, if the price is right :D
     
  19. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,545
    The only thing that could make it better is Sandboxie... but I know he's anti-3'rd party. He has an integrated sandbox for Chrome, but for other apps... SBIE is just so sweet. It's practically 2'nd party because in a way it takes advantage of measures already in place on his OS & CPU (virtualization, Dropped Rights, isolation).

    Maybe even just throw MSE/Defender on there too. It wouldn't break the 1'st party app rule and would probably add no footprint. But some attack surface. And since you probably shell scan new files from any vector with HMP... unneeded. But just saying, a 1'st party possibility.

    And/or use VT Hash Check instead of Hitman Pro. 45 engines instead of 5, and it's quicker. Pops up quicker & no 10 second countdown after. Trid analyzes unknown files, and/or you can upload them to VT with 1 click.

    Just food for thought... far be it from me to question your setup, of all people.
     
  20. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,545
    Yeah, I got a lot of my concepts for the Safe Admin I run on XP from him. And also back when I ran a real-time AV, I believe it was he that taught me how to make it uber light. Make it so that I could even disable the File Shield and still have it autofire for new files... I just mentioned this tweak yesterday actually.

    Dude is the king of integrated hardening. He, Sully, HungryMan, wat, Dgiji, and Page42 have been God sends to me over time... and now 0strodamus is moving himself to the front of the list in a major way... helping me to get ASLR, SEHOP, and EMET app mitigations in place here on XP without having to install .NET FW.

    If I can pull it off I'll be so happy.
     
  21. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Got no problems with SBIE, since Tzuk respected Low Rights container of Chrome, I also congratuled him on his forum with it. I think it is amazing three of the best sandboxing/policy container aps were russian (GeSWall, DefenseWall and Sandboxie).
     
  22. pablozi

    pablozi Registered Member

    Joined:
    Oct 24, 2010
    Posts:
    215
    Location:
    nowhere
    My new setup is: NoVirusThanks EXE Radar Pro + SpyShelter Firewall + HitmanPro + OpenDNS
    It's so light...
     
  23. siketa

    siketa Registered Member

    Joined:
    Oct 25, 2012
    Posts:
    2,718
    Location:
    Gaia
  24. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,789
    Location:
    Nicaragua
    Hey Kees, Tzuk is from Israel.

    Bo
     
  25. chris1341

    chris1341 Guest

    Wasn't Geswall's main developer/founder Andrey Kolishchak (now with Beyond Trust?). I'm sure I saw something once suggesting he is originally from Russia. Certainly a Russian name.

    The talented Mr Tzur is from Israel though.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.