What is your security setup these days?

Discussion in 'other anti-malware software' started by dja2k, Dec 15, 2005.

  1. justenough

    justenough Registered Member

    Joined:
    May 13, 2010
    Posts:
    1,549
    Is it really that negative for some people here? I'm not seeing it, and for me it is enjoyable learning how different security works and fits together. But then I come at it as a long-time wargamer who was already interested in strategies of defense, how to use limited resources to the best effect.
     
  2. justenough

    justenough Registered Member

    Joined:
    May 13, 2010
    Posts:
    1,549
    Can on-demand scans with programs like MBAM and VTchromizer and HMP detect malware in installers or zipped files?
     
  3. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    6,941
    Location:
    USA
    I'm gravitating away from computer strategies of defense to a real life strategies of defense mindset. I foresee a time coming when our computers won't even turn on, which will pretty much eliminate the need for endless discussions about suite bloat, encryption, sandboxes and performance hits. I decided that if the SHTF, I don't want to regret tons of hours spent tweaking an inoperable machine instead of preparing for real war games. But we won't talk about that.

    For now, it's Sandboxie and some other stuff, and I'm off someplace else handling different business. :cool:
     
  4. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,144
    Location:
    Nicaragua
    Soon after learning that there are security programs that work differently than antiviruses, I found Sandboxie. And the search was over. Peace of mind has been on ever since day one.

    Bo
     
  5. chris1341

    chris1341 Guest

    Hi Jarmo P, AppGuard does not ask for user input. It is out and out default deny for potentially (not necessarily actual) suspicious activity. You will find for example Memory Guard will block some actions that could be deemed 'normal' without user interaction. If they don't cause functional issues feel free to ignore the alerts, if they do cause issues (much less frequent in version 4) it is easy to set exceptions. Also on default settings anything downloaded from guarded apps that is not signed will be automatically blocked, again without user intervention and you may have to disable protection to install new apps or update existing ones.

    There are a host of features that supplement standard user accounts - Memory Guard and anti-execute on user folders for example - so there are advantages for non-admin accounts. Indeed AppGuard is really an enterprise product designed for standard/limited user accounts that also happens to have a consumer version.

    AppGuard does not make permanent changes on uninstall in my experience although like any programme there is some 'detritus' when you remove it. Empty folders in Programme Data, Programme Files, AppData/Roaming and some Reg entries in particular on Win 7,

    Hope that helps. As you say only way you'll know is to give it a go. With SBIE and common sense you're sorted anyway but this is a good back-up/companion in my view.

    Cheers
     
  6. chris1341

    chris1341 Guest

    Amen Bo :thumb: Different paradigms cause confusion for those that think only in terms of the 'traditional' approaches but making the shift frees the mind and relieves the stress!

    Cheers
     
  7. Jarmo P

    Jarmo P Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    1,207
    Chris, I reinstalled my Win7 quite recently and I don't have a lots of apps yet.

    TinyWall windows firewall controller is not anymore a signed app, since signature has expired. Would there be any conflict with it and AppGuard or what to do to make things work.

    Also I have a wireless Silvercrest mouse and keyboard driver programs that are not signed. Will there in general be troubles with apps that don't have a verified signer?
     
  8. RJK3

    RJK3 Registered Member

    Joined:
    Apr 4, 2011
    Posts:
    862
    Pretty much ^^ We learn what is effective, and think in terms of cost:benefit. A machine runs much more smoothly with minimal realtime software.

    It's quite hard to get infected when being smart about attack surface and using IP and domain blocking (e.g. MBAM and Adblock/malware domains).
     
  9. Behold Eck

    Behold Eck Registered Member

    Joined:
    Aug 23, 2013
    Posts:
    574
    Location:
    The Outer Limits
    The great thing that I like about sandboxie/virtualisation programs is that they not only provide superb protection against all types of known and unknown malware, but more importantly they protect you against your own stupidity.

    That is clicking on things ,plugging stuff in,trying stuff out , letting friends/family members anywhere near your precious machine etc,etc.

    No AV is going to protect against all that never mind updates,upgrades and checking AV comparison sites.

    Light ,free/stress free and totally secure, goodbye antivirus.......forgive me if I sound smug but I`ve good reason to be.
     
  10. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,144
    Location:
    Nicaragua
    Stress level went down from 9 to 1, Chris, that's what using Sandboxie has meant to me. I remember, I used to do scans every day or every other day and now I do none. If I was surfing and sensed something strange in a webpage or something was funny with some software, it was time to run another scan. That took a lot of time and kept my stress level high. All that's gone due to following the simple "Trust no program" Sandboxie motto.

    Greetings Chris:cool:

    Bo
     
  11. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,144
    Location:
    Nicaragua
    I like the way you are using SBIE, Eck.:thumb:

    Bo
     
  12. guest

    guest Guest

    i started with really paranoid behaviors, testing and experiencing as much security softs i could , mixing them together, until i knew how they behave between each other.

    Now i have enough knowledge and skills to create on the fly a working, light, clean setup without conflict or excessive resources usage.
     
  13. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,294
    Location:
    USA
    Dr. PC - Good points but a lot is comfort level. I have lessened some over the years as I learned more about security at this forum, but still like a layered approach that involves more than one blocking technique.
     
  14. DoctorPC

    DoctorPC Banned

    Joined:
    Jan 9, 2014
    Posts:
    813
    Looking at his setup, I can pick 3 things out of the list of 32 items that would offer him virtually 100% protection with barely discernible impact on system/browsing performance. (virtually zero)

    OpenDNS
    Emsisoft AntiMalware
    Appguard

    OpenDNS is your phishing/malware domain blocking.
    Emsisoft has your AV, AntiTrojan, and HIPS.
    Appguard is.. Well.. Awesome.

    It would be very nearly impossible to infect such a machine, even if you were to attempt it with a stack of malware in some ridiculous LULSEC like experiment. Also people still use Spyware Blaster? :cautious: I think what happens is installing/uninstalling security software becomes an obsession. People are a bit unrealistic about the actual risk to them, and rather than lowering attack profile, and improving IP filtering, they just keep tossing more and more layers on, and uninstalling/reinstalling various products. Really the majority of products aren't needed.

    Now this is my opinion... Worry about what is coming in, and less about what it does when it gets there. That means GREAT firewalls (hardware please), security appliances, IP Databases, and Packet Inspection(Hardware). If someone gets through your front door MANY of those products won't matter. Interesting note, I tried to hack Appguard protected machine using Kernal level intrusions, and it still blocked me, pretty interesting eh?
     
    Last edited: Mar 22, 2014
  15. siketa

    siketa Registered Member

    Joined:
    Oct 25, 2012
    Posts:
    2,718
    Location:
    Gaia
    EAM has a behavior blocker, not HIPS.
    ;)
     
  16. guest

    guest Guest

    indeed, and a pretty strong one :thumb: and if you set it to Paranoid mode, it can be almost assimilated as an HIPS
     
  17. chris1341

    chris1341 Guest

    I've never used the apps you note but if they are installed in Program Files and the drivers are in the standard System32 driver folder there should be no issues with AppGuard as it only restricts guarded apps or those launched from user space. You'd likely need to install them with AppGuard in install mode but after that they'll likely be fine.

    The signed / unsigned thing is only an issue for user space. AppGuard effectively allows system space files to run unhindered unless they interfere with guarded apps. usually no specific actions ate required to facilitate that.

    Cheers.
     
  18. Jarmo P

    Jarmo P Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    1,207
  19. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    emsisoft running very smooth here :):thumb: :thumb:
    mmmmm I was thinking if I really need mbampro when I am running webroot with emsisofto_O
     
  20. Securon

    Securon Registered Member

    Joined:
    Jan 11, 2009
    Posts:
    1,960
    Location:
    London On
    Good Morning! jmonge...my own feeling is what you currently have is superb...no real need for another layer. Great Dynamic Duo! Sincerely...Securon
     
  21. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    thank you buddy :):thumb:
     
  22. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,294
    Location:
    USA
    32 or 64-bit machine?
     
  23. Nightwalker

    Nightwalker Registered Member

    Joined:
    Nov 7, 2008
    Posts:
    1,387
    Windows 8.1 x64

    Real time: Emsisoft Anti-Malware 8.1 + Open DNS + Windows firewall behind a router

    Browser: Superbird (Chrome alternative) with Adblock Plus filters + Disconnect + HTTPS everywhere


    No Java, No Adobe Reader, system and apps "always up to date" and Virus Total scanner to check new files.


    This setup is very light and simple, it is working pretty good for me.
     
  24. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    I like your setup (especially simplicity). How is superbird browser? I admit that I didn't hear of it before. How quickly do they release updates when they are available?

    hqsec
     
  25. Nightwalker

    Nightwalker Registered Member

    Joined:
    Nov 7, 2008
    Posts:
    1,387
    Superbird is a Chrome clone with privacy in mind, it is very fast and stable, it doesnt update quickly as Google does, but it is enough.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.