What is your security setup these days?

Discussion in 'other anti-malware software' started by dja2k, Dec 15, 2005.

  1. Windows 7 Ultimate 32 bits with Windows FireWall also blocking outbound applications, router with inbound FW

    Restrictions to all users and processes
    - UAC: set to full and deny elevation to all unsigned executables (Chromium, Media Player Classic, 7-ZIP, Evince-PDF)
    - GPO: Deny installation of unsigned drivers and unsigned active-X, disabled autoplay and execute access to USB
    - ACL: Deny execute file/traverse folder for Everyone on Public/Download/User shell folders and Browser data directories.
    - EMET: (system) DEP, SEHOP, ASLR set to maximum protection

    Restrictions to Medium Level Integrity processes
    - SRP: Deny execute applied to all files (outside Windows and Program Files) and all users except (run as) Administrator
    - GPO: Locked IE/Chromium/Outlook policy settings, hardened User Configuration (logon, shell and HKCU-autostarts)
    - ACE: Set Mandatory Medium Level Integrity to Ms Office aps (icacls.exe)
    - EMET: (programs) Explorer, Chromium, IE, Outlook, Media Player Classic, Evince-PDF, Do-PDF,7-ZIP, DVDplayer, Word, Excel, Powerpoint

    Restricted in Low Integrity Sandbox and ExploitShield Browser edition
    - Internet Explorer: locked for on-line banking only through GPO (the URL's) and FireWall (specific IP-addresses and port 443 only)
    - Chromium: for daily browsing, added Pepper-flash and Chrome PDF plug-in, allow javascript from HTTPS, COM and NL, only extension is Ad Block Plus

    On demand
    HitmanPro Free

    1 realtime (ESB) + 1 extension (ABP) + 1 adhoc (HMP) third party security application, rest of the protection is of the Operating System itself :D
     
    Last edited by a moderator: Mar 28, 2013
  2. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    5,974
    Location:
    Parallel Universe
    @Dark Shadow
    Yeah avast! is just awesome.:thumb:
     
  3. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    5,974
    Location:
    Parallel Universe
    @Dark Shadow
    Fortunately I haven't had any fps with HMP.:D
     
  4. CrusherW9

    CrusherW9 Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    517
    Location:
    United States
    What happened to Applocker? I thought I remember you switching entirely to it. Also, what is ESB?
     
  5. KelvinW4

    KelvinW4 Registered Member

    Joined:
    Oct 11, 2011
    Posts:
    1,199
    Location:
    Los Angeles, California
    Removed CIS for Online Armor and WD.
     
  6. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    5,974
    Location:
    Parallel Universe
    I'm using the same setup. avast! and noscript. :thumb:
     
  7. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,343
    Location:
    USA
    Added Zemana
     
  8. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    defensewall:thumb: :thumb:
     
  9. JoeBlack40

    JoeBlack40 Registered Member

    Joined:
    Apr 1, 2009
    Posts:
    1,579
    Location:
    Romania
    Removed WinPatrol and added Syshelter free.So now i have Avast free,ZoneAlarm FW free,SS free and Sandboxie.
     
  10. Applocker is kernel mode, so in theory more secure, but SRP blocks more file formats, combined with my policy tweaks, SRP provides better protection WHEN you allow an explicit hole for signed applications in an admin setup. When in limited user account Applocker beats SRP in terms of protection.

    I would value an in depth read on all internal layers of protection ACE/ACL, LUA/UAC, SRP/Applocker because the description of individual mechanisms don't mention clearly how they affect each other.

    So for my Lazy Admin situation (able to install as admin in same profile with benefits of limited user deny execute on user space and medium level integrity sandbox for unsigned applications) this setup works best.

    Tested with live 0day malware :D


    ESB=ExploitShield Browser edition
     
  11. Antimalware18

    Antimalware18 Registered Member

    Joined:
    Dec 12, 2008
    Posts:
    417
    My setups whats in my sig. with Norton DNS and windows firewall and Im behind a router. This is the lightest setup ive had/non intrusive and honestly? I feel as secure as I did with comodo and alot happier without the popups :D

    So, im liking it very much :thumb:
     
  12. th3m

    th3m Registered Member

    Joined:
    Jan 28, 2013
    Posts:
    11
    @Windows_Security

    Is it possible to make a more detailed topic about how to build your "Lazy Admin Setup" (with screenshots and stuff)

    Those Windows acronyms are hard to find and understand by me, the average user.
     
  13. CrusherW9

    CrusherW9 Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    517
    Location:
    United States
    UAC = User Account Control
    GPO = Group Policy Object
    ACL = Access Control List
    EMET = Enhanced Mitigation Experience Toolkit
    SRP = Software Restriction Policy
    ACE = Access Control Entry

    Look for stuff posted by the user "Kees". It's the same person, he just forgot his password for that account. I'm sure he will have a link and or pictures handy though.
     
  14. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    4,051
    Back to comodo.
     
  15. zitch

    zitch Guest

    ExploitShield has an update coming at the end of the month. Would like to see them emerge from beta
     
  16. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,545
    From what I hear, yes, that will do it. I haven't tested any of this personally, but a few Wilders members reported it so I believe it. It is supposedly using svchost, which explains why I never noticed it. I have svchost blocked silently (no logging) here on XP Pro SP3.

    But if I were one of those people using 2.1, I'd feel pretty good about my decision right about now, if this is true.

    Actually go into your startup and disable the notifier there too (Run > msconfig). Simply choosing "Exit" may not disable it the next time you reboot your computer. And if you're able to block svchost.exe from internet access, I'd do that as well. But not sure it's possible for you... AFAIK it's not possible to do since XP without killing your internet connection altogether. Which is one of the main reasons I don't like any of the newer OS's. Who knows exactly what's piggy backing onto that shady process?... nobody really. And I like to know what happening on my box, and what's leaving it.
     
    Last edited: Mar 29, 2013
  17. CrusherW9

    CrusherW9 Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    517
    Location:
    United States
    Was running Avast realtime just to get a feel for the program and to create a configuration that I will use to install on friends' computers. I have dropped that and am running Emsisoft Anti Malware now, along with what's in my signature.
     
  18. guest

    guest Guest

    Lost my account lol. But oh well...

    Updated stuff to the latest versions. Aside from that, I kicked away Macrium out of my PC because it failed to restore my image. :thumbd:

    Now using Windows default backup tool. Works flawlessly. :thumb:

    Oh, and I don't use CCleaner anymore. Just don't seem to need that. :)
     
  19. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    ThreatFire 4.7 in level 5 it is like malware defender :) lots of pop ups:)
     
  20. DX2

    DX2 Guest

    AppGuard disabled....WF :D
     
  21. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,343
    Location:
    USA
    Have fun with that :D
     
  22. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
  23. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    4,051
    Threatfire still supported..?
     
  24. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    the data base is dead but the program can be use as a hips kind of thing in level 5
     
  25. KelvinW4

    KelvinW4 Registered Member

    Joined:
    Oct 11, 2011
    Posts:
    1,199
    Location:
    Los Angeles, California
    Yeah, but you already have Defensewall jmonge :) It is 100x stronger than threatfire.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.