What is your security setup these days?

Discussion in 'other anti-malware software' started by dja2k, Dec 15, 2005.

  1. nnikoss

    nnikoss Registered Member

    Joined:
    Jan 17, 2015
    Posts:
    7
    Hi to the community!
    Sandboxie solo here with FF and Palemoon(NoScript ,ABE).
    Same set up for almost three years,never a problem.
     
  2. zakazak

    zakazak Registered Member

    Joined:
    Sep 20, 2010
    Posts:
    529
    Really nice rule set but I would be more interested in Firewall rules for those apps and system files. E.g. I am working on firewall rules for most windows files that try to communicate (including to disable the ones that simply do homecalling for ads-purpose) as well as browser, mail, etc etc... do you have such rules already ?
     
  3. Solarlynx

    Solarlynx Registered Member

    Joined:
    Jun 25, 2011
    Posts:
    2,006
    I highly appreciate the time you spent printing these rules. And donna worry your warning is not neglected. ;)
     
  4. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    13,473
    Location:
    Here
    Hi @nnikoss and welcome to this forum. Nice setup :thumb:
     
  5. Tarantula

    Tarantula Guest

    Testing F-Secure Ultralight Antivirus+Comodo Firewall 8. Nice combo.
     
  6. TS4H

    TS4H Registered Member

    Joined:
    Nov 5, 2013
    Posts:
    523
    Location:
    Australia
    Hi javagreen,

    I have been running ERP and HitmanProAlert (like MBAE) only for a very long time (see my sig) and i have never had any issues. Feel confident in this setup, they both complement each other very well. Appguard is very strong even by itself, but I recommend you keep patients for a little while longer as ERP is soon to become freeware, although i do recommend a donation to them as its really a brilliant and powerful anti-executable.

    regards.
     
  7. javagreen

    javagreen Registered Member

    Joined:
    May 2, 2005
    Posts:
    96
    Hi mate,

    Thanks a lot, I do have more confidence now! ERP becoming freeware is more good news. I'm really looking forward to switch to this set up ☺
     
  8. TS4H

    TS4H Registered Member

    Joined:
    Nov 5, 2013
    Posts:
    523
    Location:
    Australia
    No problem. It will be the lightest setup you will ever run. Please feel free to post in the ERP forum here at wilders if you have any issues. Everyone is always willing to help.

    regards.
     
  9. JohnMult

    JohnMult Registered Member

    Joined:
    Mar 26, 2012
    Posts:
    113
    Location:
    Greece
    Hi TS4H. What is ERP?
     
  10. TS4H

    TS4H Registered Member

    Joined:
    Nov 5, 2013
    Posts:
    523
    Location:
    Australia
  11. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    2,587
    Location:
    Toronto, Canada
    This could be interesting. Are they planning to have a paid version still along with a free version?
     
  12. Behold Eck

    Behold Eck Registered Member

    Joined:
    Aug 23, 2013
    Posts:
    553
    Location:
    The Outer Limits
    Any particular reason ? Just that I`m giving Privatefirewall ago myself here and liking it.

    Regards Eck:)
     
  13. wolfrun

    wolfrun Registered Member

    Joined:
    Jul 26, 2009
    Posts:
    660
    Location:
    Canada
    No particular reason. PFW was working ok as as was CFW 5.12. Just trying out different combinations. Right now using Windows firewall and Windows FW Control along with it. Also have a router. No real time A/V or 3rd party firewalls. Good luck with PFW.
    Wolf
     
  14. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,538
    Location:
    Sweden
    WebrootSecureAnywhere and HitmanPro.
     
  15. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,681
    Location:
    Nicaragua
    Hi nnikoss, your setup looks similar to mine.

    Firefox with NoScript
    Sandboxie

    Bo
     
  16. guest

    guest Guest

    UPDATE (Again, not meant as any kind of tutorial. Use at your own risk.)

    Protection Settings tab configuration for rulesets applied to rundll32/CMD; Cyberfox; LibreOffice; other third-party user-space apps
    - Interprocess memory access: active
    - Windows/WinEvent hooks: active
    - Processes' termination: inactive
    - Window messages: active

    Protection Settings tab configuration for rulesets applied to games and game-recording apps
    - Interprocess memory access: active
    - Windows/WinEvent hooks: inactive
    - Processes' termination: inactive
    - Window messages: active

    VidCoder has been removed as it needs to execute conhost.exe (a Windows component) residing inside Windows folder. I'm not comfortable with the idea that user-space apps need to execute something in Windows folder.

    I don't really block outbounds for Windows processes. As for third-party apps, I only allow outbounds for Cyberfox, CIS and Macrium. All inbounds are blocked in global rules. Sorry for not being able to provide any help. :(

    I am fairly certain that my web browser ruleset is not usable for web browsers other than Firefox and its derivatives. And even for Firefox/derivatives themselves I'm not sure if it is usable for normal usages, since I don't install third-party plugins to be used by Cyberfox and Cyberfox also doesn't have a separated updater process needs to be allowed. Hence why I can block all child process executions without any exception.
     
    Last edited by a moderator: Jan 17, 2015
  17. TS4H

    TS4H Registered Member

    Joined:
    Nov 5, 2013
    Posts:
    523
    Location:
    Australia
    I believe it is still undecided, this is a very new announcement. But in my opinion, as the software is very mature there is no need for rapid development. Development will slow down obliviously but will continue to be supported.

    As for free or paid, existing paid users and new free users will be using the same software. However people with existing paid licenses or users who donate may/may not get additional features.

    Keep in mind this announcement is very new, so please don't hold me to anything. The team at ERP are still undecided on the details.

    Either way. Its a fantastic opportunity for new users, there are plenty of members here at wilders who do not run real time AV, and most of them have something like this in there arsenal.

    regards.
     
  18. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    2,587
    Location:
    Toronto, Canada
    I completely agree with you on both points. Thank you for the info. I will definitely keep an eye on it now for sure. This could benefit many users. I haven't tried it before but I am curious to give it a try now. Cheers!
     
  19. TS4H

    TS4H Registered Member

    Joined:
    Nov 5, 2013
    Posts:
    523
    Location:
    Australia
    No problem.
     
  20. zakazak

    zakazak Registered Member

    Joined:
    Sep 20, 2010
    Posts:
    529
    But why not? I think it is one of the best ways to protect yourself. Whenever you run into an exploit or some malware tries to send your data to somewhere else (or windows trying to do random unneeded home calling) you will be able to block that as all your files are limited to the connections that they need (e.g. only specific ports or dns/ip destinations).

    E.g. when something exploits/injects into my "skype.exe" then it will not be able to communicte to whereever it wants to.
     
  21. The layered defense malware needs to pass on my Windows 7 ultimate 32 bits desktop:
    1. FILTER: WFW 2-way > Norton DNS > Safe Browsing > µBlock ads/trackers and 3rd-party iframes/scripts
    2. HARDEN: Disabled unsigned-install, risk-ware, USB-execute, 16bits, cmd, scripts, user autoruns, new tasks
    3. MITIGATE: SRP deny execute basic user > EMET scripting apps > Spyshelter threatgate folders + EMET-apps
     
    Last edited by a moderator: Jan 23, 2015
  22. guest

    guest Guest

    First, if a malware manages to exploit a legitimate process and tries to phone home then I consider that to be already a checkmate. Second, it is hard to tell which home calling is needed by Windows and which one isn't since all it uses is only svchost, and blocking outbounds for it makes you unable to update Windows. Maybe you can lock down the connections through IP and port restrictions, in which I have no sufficient enough knowledge level to determine what are going to be whitelisted and blacklisted. Third, if my data contains sensitive information and I don't want anyone to have access of them, I'll encrypt the data or even better, I'll put them in an external storage and encrypt the whole external drive.
     
  23. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220
    Fine line between securing a system, and breaking it. I find it best to deploy solutions that can do much of the securing for you, and are vetted so they don't break anything.
     
  24. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    2,801
    Location:
    Canada
    You are correct. There might be malware of more insidious nature that can circumvent a tightly configured firewall, but at the very least you have a fighting chance to block mainstream varieties either entirely or at least partially.
     
  25. siljaline

    siljaline Registered Member

    Joined:
    Jun 29, 2003
    Posts:
    6,618
Loading...
Similar Threads
  1. LICIL4801
    Replies:
    27
    Views:
    2,157
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.