What is your security setup these days?

Windows 7 Ultimate 32 bits with Windows FireWall also blocking outbound applications, router with inbound FW

Restrictions to all users and processes
- UAC: set to full and deny elevation to all unsigned executables (Chromium, Media Player Classic, 7-ZIP, Evince-PDF)
- GPO: Deny installation of unsigned drivers and unsigned active-X, disabled autoplay and execute access to USB
- ACL: Deny execute file/traverse folder for Everyone on Public/Download/User shell folders and Browser data directories.
- EMET: (system) DEP, SEHOP, ASLR set to maximum protection

Restrictions to Medium Level Integrity processes
- SRP: Deny execute applied to all files (outside Windows and Program Files) and all users except (run as) Administrator
- GPO: Locked IE/Chromium/Outlook policy settings, hardened User Configuration (logon, shell and HKCU-autostarts)
- ACE: Set Mandatory Medium Level Integrity to Ms Office aps (icacls.exe)
- EMET: (programs) Explorer, Chromium, IE, Outlook, Media Player Classic, Evince-PDF, Do-PDF,7-ZIP, DVDplayer, Word, Excel, Powerpoint

Restricted in Low Integrity Sandbox and ExploitShield Browser edition
- Internet Explorer: locked for on-line banking only through GPO (the URL's) and FireWall (specific IP-addresses and port 443 only)
- Chromium: for daily browsing, added Pepper-flash and Chrome PDF plug-in, allow javascript from HTTPS, COM and NL, only extension is Ad Block Plus

On demand
HitmanPro Free

1 realtime (ESB) + 1 extension (ABP) + 1 adhoc (HMP) third party security application, rest of the protection is of the Operating System itself

 

@Dark Shadow
Yeah avast! is just awesome.

 

@Dark Shadow
Fortunately I haven't had any fps with HMP.

 

What happened to Applocker? I thought I remember you switching entirely to it. Also, what is ESB?

 

Removed CIS for Online Armor and WD.

 

I'm using the same setup. avast! and noscript.

 

Added Zemana

 

defensewall

 

Removed WinPatrol and added Syshelter free.So now i have Avast free,ZoneAlarm FW free,SS free and Sandboxie.

 

Applocker is kernel mode, so in theory more secure, but SRP blocks more file formats, combined with my policy tweaks, SRP provides better protection WHEN you allow an explicit hole for signed applications in an admin setup. When in limited user account Applocker beats SRP in terms of protection.

I would value an in depth read on all internal layers of protection ACE/ACL, LUA/UAC, SRP/Applocker because the description of individual mechanisms don't mention clearly how they affect each other.

So for my Lazy Admin situation (able to install as admin in same profile with benefits of limited user deny execute on user space and medium level integrity sandbox for unsigned applications) this setup works best.

Tested with live 0day malware


ESB=ExploitShield Browser edition

 

My setups whats in my sig. with Norton DNS and windows firewall and Im behind a router. This is the lightest setup ive had/non intrusive and honestly? I feel as secure as I did with comodo and alot happier without the popups

So, im liking it very much

 

@Windows_Security

Is it possible to make a more detailed topic about how to build your "Lazy Admin Setup" (with screenshots and stuff)

Those Windows acronyms are hard to find and understand by me, the average user.

 

UAC = User Account Control
GPO = Group Policy Object
ACL = Access Control List
EMET = Enhanced Mitigation Experience Toolkit
SRP = Software Restriction Policy
ACE = Access Control Entry

Look for stuff posted by the user "Kees". It's the same person, he just forgot his password for that account. I'm sure he will have a link and or pictures handy though.

 

Back to comodo.

 

ExploitShield has an update coming at the end of the month. Would like to see them emerge from beta

 

From what I hear, yes, that will do it. I haven't tested any of this personally, but a few Wilders members reported it so I believe it. It is supposedly using svchost, which explains why I never noticed it. I have svchost blocked silently (no logging) here on XP Pro SP3.

But if I were one of those people using 2.1, I'd feel pretty good about my decision right about now, if this is true.

Actually go into your startup and disable the notifier there too (Run > msconfig). Simply choosing "Exit" may not disable it the next time you reboot your computer. And if you're able to block svchost.exe from internet access, I'd do that as well. But not sure it's possible for you... AFAIK it's not possible to do since XP without killing your internet connection altogether. Which is one of the main reasons I don't like any of the newer OS's. Who knows exactly what's piggy backing onto that shady process?... nobody really. And I like to know what happening on my box, and what's leaving it.

 

Was running Avast realtime just to get a feel for the program and to create a configuration that I will use to install on friends' computers. I have dropped that and am running Emsisoft Anti Malware now, along with what's in my signature.

 

Lost my account lol. But oh well...

Updated stuff to the latest versions. Aside from that, I kicked away Macrium out of my PC because it failed to restore my image.

Now using Windows default backup tool. Works flawlessly.

Oh, and I don't use CCleaner anymore. Just don't seem to need that.

 

ThreatFire 4.7 in level 5 it is like malware defender lots of pop ups

 

AppGuard disabled....WF

 

Have fun with that

 

lol

 

Threatfire still supported..?

 

the data base is dead but the program can be use as a hips kind of thing in level 5

 

Yeah, but you already have Defensewall jmonge It is 100x stronger than threatfire.