What is your security setup these days?

This is just me OK?

I would give almost anything for AnalogX's ScriptDefender to rebuild it again with unlimited associations features even if you made a test file and called it dirt.bvw that it would ABORT on.

THAT IS MY PERSONAL WISH LIST!

 

Hi Easter,

With spoofed .vbs files, there is some built-in protection within Windows. If you attempt to click-to-open,
the Open With dialogue box displays, since that file extension is not associated with Windows:


___________________________________________________

I attempted to associate the file with Windows Script Host, but it does not recognize the file extension from within Windows:


___________________________________________________

As far as a Script Blocking Program -- I know you don't care for WormGuard since it is no longer supported,
but it is by far the best of those types of programs which I've looked at. Here, I added .bww to the Block List
and attempted to open the file:


___________________________________________________

Notwithstanding, unless you can think of another scenario for attack, I don't see a spoofed script file as a threat from within Windows.

Now, if the file is excuted remotely by wscript.exe, such as from within an AutoRun.inf file, then no Script Blocking program will prevent its execution, and other measures need to be taken as a defense.

----
rich

 

Whats the chances of you PM me Wormguard since it's now long since considerd obsolete in a manner of speaking anymore and also whats your view of my WISH LIST of AnalogX's ScriptDefender expanding it to the extent i suggested as regards just about any silly association that malware makers make plenty of use of even today.
Also, what's your opinion on executables of .TMP files that you & i have seen in running processes many times before and giving users fits trying to trace down the hidden dll or exe's that supports these malicious files that have a habit of taxing a user's CPU while running unabated untill discovered and given serious attention to removing/terminating them
THANKS EASTER

 

http://www.brothersoft.com/wormguard-download-11279.html

I have no opinions on this, since, after testing it and similar, I do not consider this type of product of any use for me.

I'm not clear as to what you are referring to. A .tmp file that spoofs as an executable?

----
rich

 

Revision of setup, Spyberus tweak applied

On home PC behind a router (E5200@3,0 Ghz, 2GB Ram) and image backup/external harddrive, the following security is applied:

- XP Pro SP3: running as power user (see attachement)
- SPyberus BETA: with extra protection configured through registry (see attachement)
- AVG SP2 BETA only Free modules installed

Surfing with IE8 BETA 2

Spyberus normally asks when a driver is installed, global hook is set, code has been injected. When allowing this the take control has to be used (stopping applications and most services). All other regsitry/file changes are catched and can be revoked bu normal Spyberus uninstall. With the additional protection, programs accessing the Spyberus protection will be locked by default/pop-up whether to allow.

Build in policy management of XP Pro requires very little CPU (have uninstalled defender and disabled XP firewall), Spyberus is very light also. AVG Free does surprisingly well on this cheap dual core, AVG seems to perform less I/O than other AV's, which also helps to give it a responsive feel.

Regards Kees

 

Vista 32 SP1 set-up "changes" in bold as of 11/16/08:

Resident:

DefenseWall HIPS v2.45(http://gladiator-antivirus.com/forum/index.php?showtopic=77256)
EdgeGuard Solo Beta[Uninstalled]
Netgear RP614 v4 Router w/NAT & SPI[Installed]
Prevx Edge 3.0(Paid);(*Note: Advanced Heuristics - Med., Age Heuristics - Med., Popularity Heuristics - Med.);[Installed]
Primary Response SafeConnect 3.5 Beta[Uninstalled]
Windows Firewall

On-Demand:

Autoruns(free)
AVZ Antiviral Toolkit(free)
CsrWalker(free)
CurrPorts(free)
Malwarebytes Anti-Malware Free
Online Solutions Autorun Manager(free)
Process Explorer(free)
RegRun Reanimator(free)
Returnil 2008 Premium Edition Beta(paid)(*Note: For malware testing purposes only.)
RootKit Hook Analyzer(free)
Rootkit Unhooker(free)
RootRepeal(free)
RunScanner(free)
SUPERAntiSpyware Free
System Repair Engineer(SREng);(free)

System Hardening:

Applied manual system hardening tweaks(http://gladiator-antivirus.com/forum/index.php?showtopic=75558)
Disabled non-essential Vista services
Enabled hardware DEP for all programs and services(OptOut)
Uninstalled Java Runtime Environment(JRE)
Windows Worms Door Cleaner(free)

Backup:

ERUNT(Registry Backup)
EasyBCD(free);(Recreates deleted/missing Vista boot files among other things.)
Paragon Drive Backup
(*Note: I have disabled system restore.)

Miscellaneous:

Default Web Browser - Opera v9.62(w/manual privacy & security tweaks);(http://gladiator-antivirus.com/forum/index.php?showtopic=75461)
Default Email Client - The Bat! Home
Disable UAC with TweakUAC
Disabled Windows Defender


Peace & Gratitude,

CogitoErgoSum

 

SmoothWall VM

SmoothWall double NAT(second layer of NAT)

 

[Setup]
Avira antivir premium
Mamutu
Prevx edge
Sandboxie

This is my setup for this week.

 

Windows XP Pro SP3

Limited User Account + SRP
SuRun 1.2.0.5
Avira AntiVir Personal Free
SandboxIE 3.32

Firefox 3.0.4 w/ Noscript, ABP


Lightweight and fairly simple. Works well for me with no annoying popups.

 

as today nov 17/2008 i got a new set up:

MalWare Defender 1.2
SpyWare Blaster 4.1

 

just added thraetfire for testing purpose
let's see what happen

 

Today= DefenseWall and it is frigging amazing. Tommorow, maybe my sig, if my passport to Russia is reinstated.

 

i am testing alot of software but i tell you DefenseWall is one of a kind better than all i ever tried for sure defensewall and malware defender will be my main line of permanent defensethats why i kept my avatar on always

 

Vista 32 SP1 set-up "changes" in bold as of 11/17/08:

Resident:

DefenseWall HIPS v2.45(http://gladiator-antivirus.com/forum/index.php?showtopic=77256)
Netgear RP614 v4 Router w/NAT & SPI
Prevx Edge 3.0(Paid);[Uninstalled]
Primary Response SafeConnect 3.5 Beta[Installed]
Windows Firewall

On-Demand:

Autoruns(free)
AVZ Antiviral Toolkit(free)
CsrWalker(free)
CurrPorts(free)
Malwarebytes Anti-Malware Free
Online Solutions Autorun Manager(free)
Process Explorer(free)
RegRun Reanimator(free)
Returnil 2008 Premium Edition Beta(paid)(*Note: For malware testing purposes only.)
RootKit Hook Analyzer(free)
Rootkit Unhooker(free)
RootRepeal(free)
RunScanner(free)
SUPERAntiSpyware Free
System Repair Engineer(SREng);(free)

System Hardening:

Applied manual system hardening tweaks(http://gladiator-antivirus.com/forum/index.php?showtopic=75558)
Disabled non-essential Vista services
Enabled hardware DEP for all programs and services(OptOut)
Uninstalled Java Runtime Environment(JRE)
Windows Worms Door Cleaner(free)

Backup:

ERUNT(Registry Backup)
EasyBCD(free);(Recreates deleted/missing Vista boot files among other things.)
Paragon Drive Backup
(*Note: I have disabled system restore.)

Miscellaneous:

Default Web Browser - Opera v9.62(w/manual privacy & security tweaks);(http://gladiator-antivirus.com/forum/index.php?showtopic=75461)
Default Email Client - The Bat! Home
Disable UAC with TweakUAC
Disabled Windows Defender


Peace & Gratitude,

CogitoErgoSum

 

12 days with the same setup.
Must be some kind of new record for me

 

And the next day....a whole different setup and avatar
Ya gave up being an Edge Head already

 

For me it's also a record, same setup since 6 month.

Defensewall
Dr.Web
Mamutu

 

Old Set Up: Netgear DG834, Firefox 3.0.3 NoScripts
New Set Up: Netgear DG834, Firefox 3.0.4 NoScripts
Shadow Defender when I remember to turn it on.

 

1: Use ThreatFire custom rule for outbound protection instead
2: TF (behaviour) + Avira (Heuristics) are more than sufficient, no need for Bo clean. On demand SAS & MBAM is more than sufficient
3: Use TF custom rules for file protection (see tips at Castle Cops list of freeware behavior blockers)
4: Winpatrol redundant with TF, choose TF custom rule to protect host file
5: Sandboxie on demand is enough

 

Back to basics again:

Behind Router:
- XP Pro running ADMIN with SRP to contain WMP (limited), P2P Directories and TEMP Internet directories (all block)
- ThreatFire Free with custom rules (outbound, host file, SCR-save, own registry protection, own WMP monitor = gaurd execution)
- GeSWall Pro (all internet facing except WMP)
- IE7 and Chromium Beta

 

Symantec Endpoint Protection 11.0.3001.2224 on personal unit. Fab upload and d-load speeds, as well as ultra quick ping response.

 

Too much memory usage.

 

Anything Symantec still remains a joke from my experience. I recently tried Anti-Bot myself. Not a ringer on anything, left me wide open for the kill. And after you uninstall it go inside your registry under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root and be sure to check the others 1, 2, 3 if you have those too and get ready to manually do your own removal. Lousiest clown programming i ever seen, and i bet they have a hey day laugh all the way to the bank with anything they pawn off to the public.

Now back to reality, sanity, and equally important, PC safety. Whew!

Behavioral Blocker = MAMUTU! (This one is no joke friends but serious business)
Antivirus = AVIRA (Free) I very well may go premium with this one, and i'm a big NOD32 fan.
Real-Time Defender = HIPS! (This was a gift that still keeps giving solid protection)
EQSecure Beta3 = HIPS! ( 2 HIPS are better then one in my book, but only one at a time, LoL) Alcyon's Rules blew the lid right off advanced monitoring in this HIPS.
Script Protection = ScriptTrap! Not nearly as active as they once were, but you can at least add your AV or AS to do a scan of the script. Not bad for an old freebie, neither the script coverages although limited.
Sandbox = SandboxIE! (A true inventor's invention that is revolutionized executable's containment and browser protection.

Have to stop there, but those are the basics right now. Never been more satisfied except at the end of all this resides DriveSnapshot Images (.SNA) for easy quick restores whenever necessary, which is not been very often anymore.

 

Updated List 11-19-08

Active (Vista Ultimate SP1)

Online Armor AV+ v3 3.0.0.203 Beta (Paid)
- All Shields Enabled with Bluetach Blacklists
SUPERAntiSpyware 4.22.1014 (Paid)
- Reatime Protection Enabled
Sandboxie 3.32 (Paid)
- Friefox w/ Start\Run and Internet Restricted Settings
Shadow Defender 1.1.0.275 (Paid)
- Shadow Mode Continues After Reboot

dja2k

 

Thought I'd look at SAS and NAB new versions, will try NAB on Vista x64.

Welcome to Leopard. Permanently added an Intel Mac OS X to the network, will add nothing to this.