What is your security setup these days?

No, not really. All those apps that you mention, monitor only for specif behaviors (except for SBIE which provides isolation), SS covers more. If you're worried only about ransomware, banking trojans and exploit-blocking in general, then you don't need SS.

 

I was planning on running ESET as I thought I had a valid license but it expired at the end of 2014. I'll keep hunting around for a good deal, but just running MBAM real time.

 

Do you watch this thread? https://www.wilderssecurity.com/threads/newegg-com-av-specials.361072/page-23#post-2497596
NOD32 3 computers $25 until the 15th. And two weeks ago it was listed there for $18.

 

Nice find! I'll check it out

 

I've just installed the latest version of Baidu Antivirus, and so far it has been extremely light, unlike WSA was.

I have posted about my experience so far in the Baidu Antivirus thread.

 

Were you on beta version of wsa or stable ? If beta you can uncheck web filtering driver in settings

 

@Sherlock_Holmes I was using the stable. I did try unchecking the web filtering, but it didn't make much as much difference as uninstalling WSA did. I realise this is not the same as unchecking the driver. On the same computer I ran WSA under Windows 10 with web filtering enabled, and it ran a lot better than it did under Windows 7. Under Windows 10, it was extremely light (but scans were using more CPU time than Baidu is now under Windows 7), but I uninstalled it due to it causing several BSODs. If it was actually Windows 10 ready, I would have kept using it under Windows 10.

 

Good Evening! Avira A/V Pro...AppGuard...and ZAM! It's as easy as 1..2..3! Sincerely...Securon

 

Emsisoft Anti-Malware 10 + Open DNS +µBlock + MBAE Free + system hardening

 

Windows 10 built-in security + MBAM Premium + HMP.A + WinPatrol.

That's really about it in terms of pure security (not including privacy). Would add SBIE once they have proper Windows 10 support.

 

So, am I...

 

Windows 7 Ultimate 32 bit, identical group policy setup on wife's laptop and my desktop.

Laptop has MBAE-free with Adguard adblock extension (easylist filters) on Chrome.

Desktop has Chrome allowing scripts only from [*.]NL domain with uBlock to block 3rd-party iframes and a block rule for third-party scripts in My Filter for HTTPS (so 3rd-party on https is allowed) and WOT as extra URL filter on top of Chrome's safe browsing.

 

still using Emsisoft Internet Security and loving it. Honestly, it is the first software I have used where I actually feel covered 100 percent. Thanks for a great product.

 

It's been a fun experiment the past few years, running from a SUA in Win7. It was extremely painful at times. Sometimes taking up to a week or more to diagnose problems. Often being told by developers: Oh, no, you are one of the 1 percent of users that run as SUA, we can not give you support for this product, sorry. Those are the ones that answered, very often, I was ignored.

So, there you are, for all this talk of don't run as full admin, 99 percent of users do, fact! At least in the audio/musician/producer/engineer world. Btw, most of them also use their machines to connect to the net at the same time. It would be too difficult for them not to, the devs making those that don't have a live machine, jump through hoops.

Never again will I use an SUA. It's full admin for me from now on in. I researched it. I got the feedback from the devs, and it's now time to move on.


New machine. New build. Win7 pro x64.

I'm not connecting to the net, would be no.1 I suppose. I got riddled with malware just by having an ethernet cable plugged in the back and not even opening a browser, after five minutes! Windows firewall was not working and I needed to go into services.msc to get it working again. So, no internet for this machine.

However, I will probably stick an image on that does connect to the net and dual boot. This will be Win7 again. I'll use this for the odd download and emergencies. Most times, it will be physically unplugged.

I'm already experimenting and this is what I have come up with so far:

Webroot WSA A/V
Voodoo Shield
Winpatrol Plus
MBAE
Windows built in Firewall


and that is it!

No more comodo firewall or defense+.


I'm looking to possibly buy either another license for MBAM Pro, or Hitman Pro Alert, or possibly both, but that is just icing on the cake. I'm very picky who I give my money to on a subscription basis, as I don't agree with it as a model, on the whole, but I do make the odd exception here or there for AV stuff.

It's a shame that the MBAM website doesn't work properly in win7 on the latest version of FF, coz I actually wanted to buy a new license for my new machine, but I'll hold off for now. I'm sure it works for everyone else. Never mind.

I think Hitman Pro Alert is probably more beneficial and I'll get that instead.

 

Chrome with uBlock Origin, HitmanPro.Alert, VoodooShield, and HitmanPro, this may be a user-friendly, winning combo I'll put on peoples' PCs.

 

Three weeks ago I decided to switch things around, and changed my setup to some other stuff and Sandboxie.
It was fun while it lasted, but now I am back to Sandboxie and some other stuff.

 

AppGuard, Webroot, Mbae, ublock, adguard.

 

I would like to know what that "other stuff" exactly is.

 

Microsoft Windows 8.1 SL x64
- SmartScreen Filter: enabled, get administrator approval
- User Account Control: max, always notify - Standard User Account
- Windows Firewall: enabled
- Network: DD-WRT with SPI enabled
- EMET 5.2: max settings, popular software and Internet-facing applications (testing MBAE 1.06)

Mozilla Firefox 38.0.5
- Master Password enabled
- µBlock Origin
- DownThemAll!

ESET NOD32 Antivirus 8
- Enabled potentially unwanted, unsafe and suspicious applications
- Integrated document protection

NoVirusThanks Driver Radar Pro
- Lockdown mode

SyncBackFree
- Back-up every four hours
- Mirror important documents and media to separate storage

 

My Windows7 Ultimate desktop 32 bits "Safe Admin" setup using OS security only

1. Reduce attack surface of OS
- disabled risk ware (active desktop/gadgets, remote access/assistance, sharing)
- disabled USB autorun and deny execute access of removeable disks
- disabled guest user and enabled admin approval mode admin

2. Reduce rights of internet facing
- Set windows firewall to block by default with application exceptions on ports
- Set deny execute for Everyone on folders used by mail, browser, mediaplayer
- Hardened internet security zones settings (also used by Outlook+WMP)

3. Allow software with user constent
- Locked user task creation, startup folders and HKCU autorun entries
- SRP default level to basic user (block user space), allow run as admin
- Chrome lock plug-ins/extensions (GPO) and click to play flash and pdf

4. Allow software from certified sources
- Allow only signed drivers/ActiveX/Com/powerscripts/AppInit to run
- Allow only signed programs to elevate (UAC full, silent elevate)
- Chrome uBlock iframes and allow third-party scripts of HTTPS-sites

5. Exploit mitigation (scripted content > memory exploit > shell access)
- no Adobe PDF+flash, using Chrome's PPAPI javascript+flash and SumatraPDF
- disabled dotNet and Visual Basic & Macro's & Add-ins in Microsoft Office
- Force permanent DEP/SEHOP, run only software which is ALSR enabled
- Block access to 16 bits and DOS command shell and running scripts

 

I'm back to using no security software at all, as I really don't like it when my computer is slowed down due to having antivirus software installed. After installing Baidu Antivirus, my laptop is running noticably faster than before Baidu was installed. I'm not sure what's going on, but I was experiencing some annoying lags at time when using page up/down to scroll though web pages - even before I installed Baidu. But doing so is much smoother now.

Right now, I'm not using any security software at all. However, any archives I open, get scanned with both Qihoo's and Tencent's scan engines due to the security engine included in HaoZip.

On the second laptop I use, I'm using Norton Security with Backup as my antivirus under Windows 8.1, and it very light. However, this is a much faster laptop, which has a Core i5 processor, while my primary laptop has only a Core2 Duo processor.

 

@Windows_Security

Very nice, multi-layered setup there Kees. Thank you for sharing your different setups as it is often inspiring and helps others to open their minds to creativity within their own security setup.

I greatly respect how you are accomplishing the majority of your setup with built-in OS security functions as opposed to relying on third-party.

One question regarding:

As that is not within your Third-party section, I assume you are achieving this part manually now and not relying on Secure Folders. Do you have any tutorials that you can point to regarding manual ACL configurations? That is an area that I am not very familiar with at the moment but would like to learn more.

 

@WildByDesign

Here you go, information on file permissions. When tweaking permission Never remove Change Permissions (you will lock yourself out = unable to change permission again)



2. Example to add a deny execute for all users (Everyone)

A. Right click download folder, click on properties and click on the securities tab, select Advanced button




B. Select Change permissions, next Add




C. Typ "Everyone" (depending on language version of your Windows), Click Check Names Button and Click OK, next add select DENY (second column) at Traverse folder/execute file (second list item) and choose OK

 

I'm now using Advanced SystemCare Ultimate as my antivirus. It uses BitDefender's scan engine, and seems to work quite well. I guess pretty much no one uses it here due to past allegations of stealing.

I really like that the default action is not to automatically quarantine threats. Manual scans are very slow, which I can live with them, as it don't do on demand scans much. It is only taking just over a minute to do a quick scan.

 

Currently on family desktop
Win 7 HP
Realtime security = NVTERP, NVTDRP, WPP, SBIE (paid version)
On Demand security = Shadow Defender (lifetime)
Browser + ext = Chrome (latest), WOT, uBlocko, Avira BS, HTTPE, Tampermonkey (anti-adware script)
DNS = Yandex via DNS Angel
Hostsman (MVPS, hpHosts ad servers list, Peter Lowe's ads list, Cameleon
OD Scanners = Zemana AM, HMP, MBAM, herdProtect, EEK