What is your security setup these days?

With Comodo FW/D+ and Sandboxie? How did that happen?

 

Win7 Ultimate x64.

So far:

Sandboxie [drop rights,start/internet restrictions - only allow chrome.exe]
MSE
UAC max.
autoplay and autorun disabled.

no java
no adobe pdf reader (using the pdf reader built in chrome)
no flash player (besides the one the one built in chrome)

Some more system hardening and must be it.

 

added Ikarus Anti.Virus

 

Software: (all free)

Chrome
Avast AV
BufferZone Pro (http://www.trustware.com/)
Secuina PSI Scanner (http://secunia.com/vulnerability_scanning/personal/)
Keriver 1-click backup (http://www.keriver.com/oneclick_free.html)
Windows HOSTS file to block known naughty sites (http://winhelp2002.mvps.org/hosts.htm)

Settings:

Chrome Browser

• Configure plugins as "Click to play" (chrome://chrome/settings/content)
• Disable all plugins except: google update, PDF, Flash (chrome://plugins)

Avast settings (for performance and less hassle)

• File System Shield -> Settings -> When writing -> Scan Files with default extentions
• Web Shield -> Settings -> Exclusions -> Mime types -> Add: application/x-javascript, image/jpeg, text/html, text/css, image/x-icon
• Basic Settings -> Popups -> Update Popups = 1 second
• Basic Settings -> Sounds -> Automatic Update = Off

BufferZone Pro

• Edit BufferZone Programes - Remove CHROME.EXE

UAC "Always notifiy" (http://www.dummies.com/how-to/content/how-to-change-user-account-control-settings-in-win.html)

Monthly maintenance:

1. Empty BufferZone
2. Go into Avast Software Updater (to see if any other security-vulnerable apps need updated)
Normally Secuina PSI takes care of this, but it might miss some programs.
3. Run a full system scan and a boot-time scan with Avast
4. Create a system snapshot with Keriver 1-Click

Considering, but not installed, yet:

GesWall
Windows 7 Firewall Control (http://www.sphinx-soft.com/Vista/index.html)

 

Sandboxie is in the house

 

Sandboxie is a permanent lifelong resident here.

 

AVG IS

 

I still use HMP. avast! has sandbox you see. So the inequality is slightly incorrect.

 

Yup.

 

Ah good going. avast! had caught some rootkits and trojans for me in the past. avast! is just

 

I can only imagine recovering something from the box without scanning it, or that Avast didn't detect at the time. And either ignoring a bunch of D+ popups or having it on a weak level (Clean PC Mode) where it trusts you to keep a clean box.

This is what I love about having VT Hash Check autoscanning my downloads. 45 opinions are much better than 1. The chance that a single AV may fail to detect something, well, a good one like Avast, the chances are small to begin with. The odds of evading 45 are astronomical... it would just never happen. In fact probably 20+ would detect it, including most major vendors. If just 1-2 do, and none are big vendors, you can pretty much chalk it up to a FP. And real-time footprint for this luxury = 0.

Also my noid D+ would scream at me if a kit tried to dig it's hooks in.

The right software is only as good as it's implementation.

 

@joffy
Nice setup.

 

@jmonge and @Beethoven
+1 for sbie

 

@gery
How's AVG IS?

 

I always liked this idea but what do you do when your download is larger than 20mb?

 

Well, there IS something like that. Avira free. The heuristics are very strong, and it never slowed down my machine when I used it.

 

I told him the same thing before I read your post. We agree on that. Avira is quite good.

 

I will tell you how- I have Avast and Comodo running INSIDE of Sandboxie. Avast caught the rootkit INSIDE of Sandboxie while I was websurfing. It never got anywhere close to my registry. it was defeated at the source.

 

BTW, nice setup in your sig. Pretty smart guy.

 

Same here. Hooked on it. It's proper......

 

Yes, my bad....had the FW set on Clean PC mode for a couple days. No popups, Just had my guard down, was reinstalling an app. Have since reset firewall tight.

 

It's 32 MB actually... and I'll let you know when it happens ; )

Seriously, nothing I DL is ever that big. As I said I've already gotten everything I want by now from the net. My DL's are pretty much updates for apps these days, or the occasional pic/jpeg file(s) from a friend. But in the event that were to happen I guess I'd have to settle for MBAM.

Then I could do a full scan with Hitman Pro too for 5 more vendor opinions, and if found nasty could reboot from Shadow Mode. Meanwhile the file would remain in an isolated, sandboxed partition until I verified it safe. I have a few other OD scanners too I could do custom scans with to target that file.

Unfortunately Hitman Pro has the same 32 MB limitation for shell scans, or I could use it instead. And since it has the same limitation, and VT Hash Check has the same 5 vendors (plus 40 more), I have no reason whatsoever to install HMP. I just run it portable and do the occasional full scan with it.

If you're a heavy P2P user, or otherwise downloading large files, perhaps from direct links, then it's not the type of measure for you. In that case I'd probably use a fully featured real-time AV like Avast. And also hit it up with 2'nd opinions before un-isolating it though.

 

It happens to the best of us man, wasn't busting your balls or anything. When I'm installing some apps and/or applying updates I treat them as installers or trusted temporarily, to avoid a plethora of popups. And I could get burned too if there was something nasty there. And even if you always download from trusted sources, and use trusted apps, nothing is guaranteed in life other than death. To me there are only degrees of trust, none of the unconditional variety when it comes to computing. Even the apps renowned in here time & time again, I have under restrictions in D+ and allow only what I need.

 

I know that in the past, even if you did this the modules, drivers, files and whatnot would all actually install with the program... the modules would just be disabled. In this case all that bloat still comes along with the program and it feels heavier.

Has this changed? Like could I just choose the File Shield, and when I open the program that's the only thing there? Or will all those other modules be there too, just greyed out/disabled, or whatnot? And can be toggled on at any time.

As horrible as it's detection rates are, MSE is otherwise what an AV should be. Resident File protection and nothing more. If I could get something like that from a real vendor with top notch detection rates, like an Avast/Kaspersky or whatnot, I'd be all over a real-time AV again.

Avira Personal, back in the day was about the closest thing you could get to it, when tweaked to remove the nag & splash screens.

 

it is just fine.
I had ESS installed and after uninstalling it it seems i can not install it at all. I got tired of it . So i went to AVG