What is your security setup these days?

Discussion in 'other anti-malware software' started by dja2k, Dec 15, 2005.

  1. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220
    Perhaps, but an unpatched OS is a huge attack surface itself - I noticed you are running an EOL OS. Interesting thing is all of the new UTM's we deploy we activate the 'don't allow XP machine connection' policy enforcement. When this policy doesn't exist by default, we activate application control to disallow XP connections. It's considered a serious security risk by every IT engineer I know, and anyone attempting to connect to these companies will receive a block, and a notice to upgrade their OS.

    http://docs.fortinet.com/d/fortigate-blocking-web-traffic-based-on-operating-system
     
  2. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,313
    Location:
    Nicaragua
    Sandboxing the browser its only a tiny bit of what can be done with Sandboxie. Look at the picture below, it shows some of the things that I do with the sandbox. I also sandbox programs like WinRar, 7Z and HJSplit. My CD and DVD drives get sandboxed as well. :)

    untitled.JPG

    Bo
     
  3. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220
    Yup, I know. I used to use Sandboxie for malware analysis on isolated machines when some threats detected VM's, but still missed SBIE. Just getting the browser and child processes is pretty huge. But again for me it's not really needed if you saw my network setup. ;-)
     
  4. nomarjr3

    nomarjr3 Registered Member

    Joined:
    Jul 31, 2007
    Posts:
    502
    It's been years since I last posted in this forum.

    My setup on an old HP Mini 210 netbook w/ Intel Atom @ 1.5GHz and 2GB RAM (lol) is:

    Realtime:
    - Qihoo 360 Internet Security (BitDefender off, QVM on, 360 Cloud on)
    - Windows Firewall
    - EMET 5.0
    - MCShield
    - SpywareBlaster

    On-demand:
    - SUPERAntiSpyware Free Edition
    - Malwarebytes Anti-Malware (free)

    All recommended updates from Windows 7 installed, and all browsers running under Incognito mode and sandboxed by Sandboxie. :)
     
  5. dja2k

    dja2k Registered Member

    Joined:
    Feb 15, 2005
    Posts:
    2,101
    Location:
    South Texas, USA
    Nov. 6, 2014 - Updated, Added, Removed

    Network
    • Three Netgear WNR3500L-100NAS (DD-WRT Firmware)
    • Four Netgear PowerLine AV 500 Adapters
    • Wired Cat5e Connection between all 3 Routers
    • WPA2-PSK AES Encryption
    • SPI Firewall Enabled
    • OpenDNS Configuration
    Computers
    • Desktop - Windows 8.1 Pro with Media Center x64
    • Laptop - Windows 8.1 x64
    Built-In Security
    • USER ACCOUNT CONTROL: HIGHEST SETTING
    • EMET 5.0: RECOMMENDED SECURITY SETTINGS
    • WINDOWS SMART SCREEN: ENABLED
    • WINDOWS DEFENDER: ENABLED
    • WINDOWS FIREWALL: ENABLED
    Resident
    • Emsisoft Internet Security 9.0.0.4546 Beta (Paid)
    • Appguard 4.1.45.1 (Paid)** - Locked Down
    • NVT ERP 3.1.0.0 Build1 v13 Beta (Paid)** - Lockdown Mode
    • Sandboxie 4.14 (Paid) - Sandboxie Container Folder on RAMDisk
    • Adguard 5.10.1167.5997 (Paid)
    • DNSCrypt 0.0.6 - HTTPS Enabled
    On-Demand
    • PeerBlock 1.2 (P2P Blocking List)
    • Shadow Defender 1.4.0.553** (Paid)
    • AOMEI Backupper Professional 2.02 (Paid)
    • Macrium Reflect 5.3 build 7220*
    • VMWare Workstation 10.0.4 build-2249910** (Paid)
    Browser, Immunization, Tweaks
    • Firefox 33.0b9 (HTTPS-Everywhere, Gmelius) - Firefox Profile Folder on RAMDisk and Sandboxed
    • Chrome 38.0.2125.111 m (HTTPS-Everywhere, Gmelius) - Chrome Profile Folder on RAMDisk and Sandboxed
    • Homepage and Search Providers set to Startpage (Chrome & IE)
    • Tweaks on How to eradicate Google from Firefox Applied
    • LastPass 3.1.2 Premium (Chrome & IE)
    • Spyware Blaster 5.0 (All Protection Enabled + Customblocking.txt)
    *Macrium Reflect (Full Daily Backup -Desktop, Full Weekly Backups - Laptop)
    **VMware Workstation, Appguard and NVT ERP only installed on Desktop \ Shadow Defender only installed on Laptop


    dja2k
     
    Last edited: Nov 7, 2014
  6. NSG001

    NSG001 Registered Member

    Joined:
    Jul 14, 2006
    Posts:
    682
    Location:
    Wembley, London
    @dja2k
    reason for removal of EIS ?
     
  7. dja2k

    dja2k Registered Member

    Joined:
    Feb 15, 2005
    Posts:
    2,101
    Location:
    South Texas, USA
    Testing purposes only!

    dja2k
     
  8. ArchiveX

    ArchiveX Registered Member

    Joined:
    Apr 7, 2014
    Posts:
    1,434
    Location:
    Land of the Light
    @dja2k

    Why did you replace Firefox with Chrome?
     
  9. wolfrun

    wolfrun Registered Member

    Joined:
    Jul 26, 2009
    Posts:
    622
    Location:
    Canada
    Sandboxie and the rest is per signature. Uninstalled MSE. Running with no A/V and using only MBAM 1.75 at the moment.
     
  10. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,545
    Yeah, I saw you regurgitate this link elsewhere too, as if it's a one size fits all matter. What they're doing is prudent, in general, because the average end user isn't taking the steps that I, or the average Wilders user takes to secure their setups. They figure that most of the people still on XP are because they're either too lazy, too poor to change, or just plain don't care. And they'd be right. The kind of people that rely on only the XP FW and an AV, and may not even keep the latter up to date. So yeah, what they're doing is in their best interest.

    What I'm doing is in mine. I'm not sure if you really understand the concept of attack surface, because it's the last thing you'd want to use as an arguing point against me. Heck, over 90% of the patches I do have are moot because of either attack surface I've trimmed out, software I use, or that I don't use (like IE, Flash, Java, .NET FW, Office, PDF program). Things you just can't eliminate on MS OS's since without bricking your box. Believe me, my attack surface is exponentially smaller than yours.

    That said I don't recommend sticking with an EOL OS to anyone else. It's not good advice in general. But in the right hands it can be made to be more secure, private, and anonymous than any MS OS made since. And what's more, I just flat out don't trust any of them since XP at all.

    And on my Macbook I'm using Debian.
     
  11. dja2k

    dja2k Registered Member

    Joined:
    Feb 15, 2005
    Posts:
    2,101
    Location:
    South Texas, USA
    Personal preference as Chrome runs better on my system. I've never had Chrome permanently installed as my main used browser, but I am still testing it. Time will tell if I like it enough to keep it.

    dja2k
     
  12. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    12,363
    Location:
    Here
    I decided to go without real-time AV for a while and removed ESET Nod32 AV.

    My security software (in order of importance):

    Backup:
    Macrium Reflect Standard for daily incremental backups
    External HDD to backup system images and other personal data

    Network:
    Router with firewall
    Windows built-in firewall (inbound monitoring only)

    Whitelisting:
    Software Restriction Policies
    User Account Control
    on maximum

    Blacklisting:
    on demand: HitmanPro, Malwarebytes AM, Emsisoft AM, Avira PC Cleaner, VT Uploader

    Browser:
    Google Chrome x64 and uBlock

    Less is more. ;)
     
    Last edited: Nov 8, 2014
  13. ArchiveX

    ArchiveX Registered Member

    Joined:
    Apr 7, 2014
    Posts:
    1,434
    Location:
    Land of the Light
    I am in the same situation. ;)
     
  14. Behold Eck

    Behold Eck Registered Member

    Joined:
    Aug 23, 2013
    Posts:
    553
    Location:
    The Outer Limits
    Just wondering why you would want to browse without Sandboxie ?

    Pretty much bullet proof.

    Regards Eck:)
     
  15. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,726
    See screenshot:
     

    Attached Files:

  16. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220
    No ClamAV realtime?

    You'd be surprised the 'oddball' stuff Clam can find. I pull data from a honeypot, and all I will say is Clam finds strange things, and often it's heuristics grabs before anything else does. I have clam at the router level (Untangle) as a second opinion to Kaspersky for this reason.
     
  17. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,726
    I don't really see the need for another real-time AV just for "strange things". VirusTotal will do for that.

    Also using the following browser extensions: LastPass, TrafficLight, VTchromizer. WOT, uBlock.
     
  18. 3 routers? What is the size/surface of your home?
     
  19. Pain of Salvation

    Pain of Salvation Registered Member

    Joined:
    Apr 21, 2005
    Posts:
    398
    Back to NOD32.
     
  20. dja2k

    dja2k Registered Member

    Joined:
    Feb 15, 2005
    Posts:
    2,101
    Location:
    South Texas, USA
    There is a cottage in the back of the main house that has its own router. Then the main house has two because one router doesn't reach (due to thick walls) to the opposite side of the house.

    dja2k
     
  21. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220
    I meant Clam on Demand.. LOL
     
  22. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220
    Changes;

    Re-wired entire network with Cat6a.
    Tossed a new TP-Link 16 Port Rack Mount Jumbo switch to replace 2 8-Port's.
    Dropped uBlock due to some issues with some pages, changed to Adguard Chrome Extension.
    Added some APC UPS for up to 3 hours of backup power on the network.
    Gave up on stacking three Layer-7 UTM's due to packet dropoffs. Sticking with USG60+Untangle (Kaspersky+Clam)

    Pretty much done tweaking. Now I need to repurpose a Dual Core PC for something. I may DMZ it and turn it into a Honeypot for Zero-Day submission to a couple AV companies.
     
  23. @dja2k

    Thanks, have you tried uBlock extension of Chrome already, it also is able to block third party scripts/iframes Anti-exploit testing
     
  24. justenough

    justenough Registered Member

    Joined:
    May 13, 2010
    Posts:
    1,549
    The video crashes I was having on Chrome seem to have stopped with the latest version of Sandboxie, so Sbxie is back on. Trying HTTPS Everywhere and TrafficLight.
     
  25. dja2k

    dja2k Registered Member

    Joined:
    Feb 15, 2005
    Posts:
    2,101
    Location:
    South Texas, USA
    I saw a few of you mention it, but haven't had time to look into it and test it out.

    dja2k
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.