What is your security setup these days?

Discussion in 'other anti-malware software' started by dja2k, Dec 15, 2005.

  1. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,273
    Location:
    USA
    Firewall:
    NAT Router (Password Protected)
    Look’n’Stop Firewall 2.07 (Phant0m’s Ruleset)

    Anti-Virus:
    Emsisoft Anti-Malware 7.0.0.21

    HIPS/Blocking/Hardening:
    DefenseWall HIPS/Personal Firewall 3.21
    VoodooShield 1.08
    EMET 3.5 (Internet facing applications & MS Office)
    SpywareBlaster 5.0 (Ad-Aware custom blocking list)
     
  2. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,343
    Location:
    USA
    Nothing should get thru your fortress :thumb:
     
  3. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,273
    Location:
    USA
    Hope not, my setup has evolved over the years to its current form.
     
  4. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,343
    Location:
    USA
    How do you like looknstop? have you ever tried windows firewall control?
     
  5. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,273
    Location:
    USA
    Not yet, I am happy with LnS, using Phant0m's ruleset. I see no current need to switch yet. I am using Windows 7 x86. If I did WFC or Tinywall would be high on my priority list to try. With my other security software I want a firewall that's just a firewall (no HIPS included).
     
  6. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,545
    Yep... you need .NET FW 2.0 at least to "install" EMET. But afterward you can remove most of the framework and retain EMET's functionality. Another poster in here in another thread mentioned the exact specifics of what you need to keep to retain it's functionality, though I forget what thread. What I did was use Revo in advanced uninstall mode to remove 2.0... it pretty much took v1 with it, lol. Then I used CCleaner & Auslogics registry cleaners, and they removed more traces. I like both of these programs because they don't remove too much. What I had left was just enough to keep EMET functional in the end.

    But I decided this time not to do that, fearing it could somehow render EMET vulnerable. So I kept 2.0 and patched it fully. I recommend you do the same... there's a SP2 for .NET FW 2.0. Install it, and then check for Windows Updates, there were like 5-6 updates for the SP2. Then you have a fully patched .NET FW 2.0... I think that's the best trade off of keeping attack surface low while gaining EMET's functionality.

    v3.5 adds a bunch more surface/bloat, and I just quite frankly don't need it for anything. And I also tried many, many different ways of gaining EMET's abilities on my box without having .NET FW touch it... it just isn't possible... period. NEMET's redeployment packs flat out don't take to the box you try to transfer it to... ever. It only serves as an alternate GUI. And WehnTrust will conflict with any other form of shellcode injection protection you have in place... which pretty much every FW and/or HIPS program will have these days, or even CPU's have them integrated in your hardware. And IMHO you're better served trusting the latter solutions over 5 year old abandonware.

    Here's the link for .NET FW 2.0 SP2: Again, after installing it check for Windows Updates, and you'll see some critical updates for it.

    https://www.microsoft.com/en-us/download/details.aspx?id=1639
     
    Last edited: Apr 16, 2013
  7. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,343
    Location:
    USA
    Is LnS very talkitive? I tried tinywall awhile back and it blocked my internet and a few other issues so I got tired of it quick
     
  8. siketa

    siketa Registered Member

    Joined:
    Oct 25, 2012
    Posts:
    2,718
    Location:
    Gaia
    You don't need both DW and VS in this setup.
    It's an overkill.
    EAM has BB so I would leave only DW.
    In case of 64-bit OS, use VS instead of DW.
     
  9. siketa

    siketa Registered Member

    Joined:
    Oct 25, 2012
    Posts:
    2,718
    Location:
    Gaia
    You don't need both DW and VS in this setup.
    It's an overkill.
    EAM has BB so I would leave only DW.
    In case of 64-bit OS, use VS instead of DW.
     
  10. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,273
    Location:
    USA
    Not here, occasional popup for new or modified program wanting Internet access. I don't have the dll monitoring activated.
     
  11. DR_LaRRY_PEpPeR

    DR_LaRRY_PEpPeR Registered Member

    Joined:
    Oct 11, 2012
    Posts:
    141
    Location:
    St. Louis area
    There's really no reason not to use the latest beta (another coming soon, I'll post in your thread). :) They're just calling the new experimental mitigations "beta." Other stuff should still be the same as previous versions. Don't worry about the DEP not working (let's see what next release is like!), since that would only affect people using OptIn system DEP. OptOut/AlwaysOn has DEP enabled for everything regardless of EMET. Oh, how could I forget, well OK EMET's DEP being broken won't make DEP Permanent for its processes (only really an issue on XP + OptOut), but...

    With OptOut, DEP is probably actually still enabled for your sound driver and emulator (if you didn't make an explicit System Control Panel exception, of course), assuming the EXE doesn't use a certain type of "packed loader" or such that implicitly disables DEP (check status in Process Explorer), which doesn't happen with AlwaysOn. I noticed the same on my Dell laptop's audio driver installer (but DEP still on w/ OptOut). What the issue seems to be with more of these AlwaysOn failures is that these programs (older?) need something called "ATL thunk emulation," which is where Windows handles special (safe) cases of DEP being triggered. See description of SetProcessDEPPolicy.

    Anyway, so now you could use my Permanent DEP DLL too then, which will make everything like AlwaysOn, but still allow everything to work (since it doesn't disable "ATL thunk" stuff, among other things). I thought it would be available NOW (maybe later this week I'll have a page, etc. up). After waiting over a month, I finally rewrote it in assembly (unexpectedly simple to "set up" compiler) last week. Now I just need to finish the companion SetDEP program (should've yesterday :doubt:), the purpose of which is primarily to set Permanent DEP on csrss.exe (optional; DLL doesn't work on it for some reason), although you can also use an option to see how DEP can be easily disabled on non-Permanent processes.
     
  12. safeguy

    safeguy Registered Member

    Joined:
    Jun 14, 2010
    Posts:
    1,794
    When you mentioned it "tried to block my sound drive and an emulator", do you mean it blocked the installers? If that's the case, then you might want to temporarily revert back to Opt Out/Opt In for the installers to work and then revert back to Always On. I don't know about emulators but I did that as a workaround for Realtek HD Audio.
     
  13. blasev

    blasev Registered Member

    Joined:
    Oct 25, 2010
    Posts:
    763
    thx :D
     
  14. Saraceno

    Saraceno Registered Member

    Joined:
    Mar 24, 2008
    Posts:
    2,404
    Real-time:
    Webroot SecureAnywhere

    On demand:
    Hitman Pro
    MBAM
    Sandboxie (some browsing and program and file testing)

    Browser:
    Opera + Adblock + WOT
     
  15. Safe Admin's eleven tricks to keep the 'rings' of my Windows7 Ultimate x32 safe and clean :cool:

    Home network (LAN) protection
    1. Router (inbound) and Windows FireWall also blocking outbound applications, with IE locked (IP's+HTTPS) for banking.

    Local Machine (PC) protection
    2. LUA-sandbox-unsigned: deny installation/elevation of unsigned drivers/executables/activeX/COM through GPO/UAC
    3. UAC set to full, disabled redundant options in GPO, signed programs mandatory medium integrity level through icacls.exe
    4. Exploit-mitigation: DEP/SEHOP/ASLR (maximum), EMET (for Explorer and all non-system programs)

    User space protection
    5. Basic User deny execute for all (executable) files in all user(s) folders except for (run as) admin through SRP
    6. Locked User Configuration (logon, shell, scripts, tasks and HKCU-autostarts) for basic users through GPO

    Threatgate protection
    7. Internet Explorer, Outlook, Chrome (with ABP) settings are locked through GPO (nsa.gov templates)
    8. Deny execute for Everyone to entry/landing folders (USB, download, Mail, etc) through GPO/ACL
    9. Untrusted/Low rights internal sandbox of Chrome/IE10 and LUA sandbox to Outlook (StripMyRights)

    On demand
    10. HitmanPro Free Scan before monthly Data (to NAS) and Image (to 2nd HD) backup
    11. Practice safe-hex: download from trusted sites and check with VirusTotal and CIMA online sandbox before install
     
    Last edited by a moderator: Apr 21, 2013
  16. VectorFool

    VectorFool Registered Member

    Joined:
    Oct 21, 2012
    Posts:
    280
    Location:
    India
    what happened to your previous account Kees?
     
  17. My ISP offers two aliasses for each e-mail addresses (e.g primary is kees1958@serviceprovider[dot]nl alias is spamKees01@etc. All mail sent to spamKees01 will be delivered in kees1958 inbox).

    I use alias e-mail addresses when I first enter something When site sends no spam, I change alias into real. Totally forgot that I still used alias at Wilders.


    Decided to change password after hard disk crash. Wilders requires a confirmation after password change. This conformation bounces because old alias does not exist (I am now at spamkees64). Thought it was easier to create a new nick name.
     
  18. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,273
    Location:
    USA
    Perhaps, but they work fine together and do different things.
     
  19. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,742
    Location:
    Canada
    i will stay with my best choice :) emsisoft antimalware and online armor premium;) :thumb:
    what a killer combo
     
  20. zitch

    zitch Guest

    Thanks...I usually go to the Microsoft update site. Usually custom install updates. Running Emet 3.0, can't remember how many .NET FW updates I have done. Will check on that ASAP....Peace~Out~Zitch
     
  21. VectorFool

    VectorFool Registered Member

    Joined:
    Oct 21, 2012
    Posts:
    280
    Location:
    India
    In my personal opinion,
    Emsisoft Antimalware + Comodo Firewall is a bigger Killer if you are in x64 environment
     
  22. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,545
    The problem with just using Windows Updates for .NET FW is that, if memory serves, after installing v1.1 it jumps right to 3.5 (XP)... leapfrogging v2.0 altogether. So I go to that website and download v2.0... then check Windows Updates to patch it. Then throw on SP2 for 2.0, and check WU again for yet more critical updates, till there aint no more for v2. Then I stop there.

    I reboot and let it do it's little run once "optimization" thing... then I disable the service (+ the aspnet one... also delete the account). Run CCleaner to clean up a slew of junk files & keys the whole process leaves behind. Defrag. And then finally throw EMET on there.
     
  23. justenough

    justenough Registered Member

    Joined:
    May 13, 2010
    Posts:
    1,549
    Hello and welcome Windows_Security, Infrequent Poster. Let me know if I can help you with your newbie security questions.;)

    Not much new to report here. In fact nothing new, still happy with the Sandboxie/WSA first line of defense.
     
  24. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,742
    Location:
    Canada
    i have trendmicro emsisoft and kaspersky antivirus sincerely jmonge..:D
     
  25. VectorFool

    VectorFool Registered Member

    Joined:
    Oct 21, 2012
    Posts:
    280
    Location:
    India
    Whoa!!!
    everything on real time?
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.