What is your security setup these days?

Salutations,

@Overkill
In the Realtime Security, What doe WPP stand for?
And can you provide a link?
And what happen AppGuard or did you remove it?

Kind regards,

 

Not provable i'm afraid. Also, FF isn't Google's baby. That's enough reason for me.
Outpost in manual everything mode.
Proxomitron with my own config.
Various FF extensions
Peerblock.
My wits.

 

Winpatrol Plus
I haven't used appguard very much, I prefer NVT

 

Salutations,

Any thoughts on Secure Folders? Anybody? For protection?
Also, thank you Overkill for the update!

 

Great discussion is in this thread.

 

It is not just about stealing, their products destroy PCs, they lie in adverts, they are as unprofessional as they can get. But people like their candy software.

 

@TairikuOkami Advanced SystemCare won't cause any harm. For example the registry cleaner gives no false positives when run using the standard settings and not the deep clean, and the sugested tweaks are safe. I consider it to be quite a useful product. IObit Uninstaller is free and is a very good alternative to paying for Revo, and there is a major new release which will be released very shorty. Driver Booster is one of the best driver update tools there is, and has never found any incompatible drivers.

I got an extended trial of ASC Ultimate as a giveaway. The trial license actually turns it into the full paid version.

Yes I am well aware that IObit has a history of a being a somewhat shady company, but I don't use their software because it looks nice, I use it because it works.

 

At least once a week I find a person, whose Windows was destroying by Iobit product, but as long as it works for you, nevermind. You have been warned.
I have tried their driver updater, people claimed, that it is the best, among other problems, it installed wrong update for my soundcard, it resulted in no sound.

 

@TairikuOkami I fail to see how any current IObit produt could destroy Windows, but I could see perhaps there being occasional minor issues arrising from using the deep cleaning in the registry cleaner (only available in the paid version of ASC).

Most driver update software installs incorrect drivers from time to time, but at least in my case Driver Booster has never done that.

Anyway, I'm still quite impressed by the AV module is ASC Ultimate.

 

Salutations,

@Solarlynx, appreciate the link! In post 36782!
@TairikuOkami, What about Kerish Doctor? Also, I would suggest Emsisoft Anti-malware portable!

 

My Windows7 Ultimate desktop 32 bits "Safe Admin" setup (grouped by defense layer)

1. Reduce attack surface of OS
- Disable risk ware (active desktop/gadgets, remote access/assistance and sharing)
- Disable guest user, limit network rights access to adminstrators and users
- Disable USB autorun and deny execute access of removeable disks

2. Reduce rights of internet aps
- Set windows firewall block in- and outbound with application exceptions on ports
- Set deny execute for Everyone on folders used by mail, browser, mediaplayer
- Hardened internet security zones settings (also used by Outlook and WMP)

3. Block user space execution, allow with consent
- Locked user task creation, startup folders and HKCU autorun entries
- SRP default level to basic user (block user space, allow run as admin*)
- Lock Chrome plug-ins/extensions (GPO) and click to play flash and pdf

4. Auto allow from certified sources, block others
- Allow only signed drivers/ActiveX/COM/Powerscripts/AppInit to install
- Allow only signed programs to elevate (UAC full, silent elevate*)
- Chrome uBlock third-party iframes and scripts (allow https)

5. Mitigate exploits (scripted content - memory vulnerability - shell access)
- Chrome browser with build-in sandbox and PPAPI Flash player & PDF reader
- Disabled HTML scripts in WMP and Outlook, using SumatraPDF (no scripts)
- disabled dotNet and Visual Basic & Macro's & Add-ins in Microsoft Office
- Force permanent DEP/SEHOP, run only software which is ASLR enabled
- Block access to 16 bits apps/DOS command shell and running scripts

[*] For the silent elevate to work only with right click run as admin, you must disable the UAC setting 'detect application installations and prompt for elevation'.

 

Could you please write in more detail, how did you setup those? Through GPO?

Can not really tell, I focus on freeware only, from this category, that would be: WiseCare, GlaryUtilities, SlimCleaner, WinUtilities and obviously CCleaner.

 

Yes through GPO and an extra GPO template (copy below to notepad, save as extra.adm and import in group policy

--------------------
CLASS MACHINE
CATEGORY "Extra Security"
POLICY "Require App_Init Signing"
KEYNAME "SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows"
EXPLAIN "Enable to load only code-signed DLLs used by App_Init.."
VALUENAME "RequireSignedAppInit_DLLs "
VALUEON NUMERIC 1
VALUEOFF NUMERIC 0
END POLICY

POLICY "Safe DLL Search Mode"
KEYNAME "System\CurrentControlSet\Control\Session Manager"
EXPLAIN "Enable safe DLL search mode."
VALUENAME "SafeDllSearchMode"
VALUEON NUMERIC 1
VALUEOFF NUMERIC 0
END POLICY

POLICY "Enable PowerScripts"
KEYNAME "Software\Policies\Microsoft\Windows\PowerShell"
EXPLAIN "configure the script execution policy"
VALUENAME "EnableScripts"
VALUEON NUMERIC 1
VALUEOFF NUMERIC 0

PART "Execution Policy" DROPDOWNLIST NOSORT
VALUENAME "ExecutionPolicy"
ITEMLIST NAME !!AllScriptsSigned VALUE "AllSigned"
NAME !!RemoteSignedScripts VALUE "RemoteSigned"
NAME !!AllScripts VALUE "Unrestricted"
END ITEMLIST
REQUIRED
END PART
END POLICY

END CATEGORY

[strings]
AllScriptsSigned="Allow only signed scripts"
RemoteSignedScripts="Allow local scripts and remote signed scripts"
AllScripts="Allow all scripts"

 

Thanks, going to study it. Going to do it via registry, if possible, I like reg more than GPO, but needed to know the what to look for.

 

@TairikuOkami
User task creation = GPO and ACL (remove user create/write rights)
Startup folders = ACL only

 

Refused from Avast as sometimes it grabs an innocent file and it cannot be opened or moved.
Tried Panda Cloud Free but after reboot my PC got dumb - something wrong with audio device as popup read when I tried to use Media Player or change PC sound volume. I'm reluctant to find out what's wrong, decided to go without AV.

Eaz-Fix (Rx clone) enables me to tweak and twist my PC with impunity

Comodo FW
-FW Custom
-HIPS Clean PC
-AutoSandbox Block Unrecognized

MBAE with additionally shielded all internet faced and routine apps

 

Much appreciated the link as well.

With regard to Kerish Doctor I have been using it for a while now without any glitch or problem.It`s also not as intrusive as iobit and I would also be wary of iobit`s
driver updater as it once messed up one of my XP machines.

Nice set-up Solar, with Eaz-Fix you dont really need an AV.Just wondering do you use MBAM or something similar for the occasional "peace of mind" scans ?

Regards Eck

 

You are welcome.

For occasional scans I use mostly EEK.

 

Yeah, EEK has excellent detection rates.

Regards Eck

 

Changed to BitDefender Free,Comodo Firewall and Toolwiz Time Machine.

 

Real-time:
Webroot SecureAnywhere 9
VoodooShield

Manual:
MalwareBytes Free

Firefox Latest (LastPass, looking for ad blocker)

 

Still TrustPort Antivirus

 

Malwarebytes Anti-Exploit premium, Chrome with ublock,Disconnect and Vanilla cookie manger.Plug-ins click to play

AppGuard(Paid) and Windows firewall control(Paid)(http://binisoft.org)

On demand- Malwarebytes Pro,Hitmanpro and Zemana AntiMalware

Portables: KeePass,Autoruns,Everythng,ProcessExplorer,Regseeker,Wise Disk Cleaner,Ccleaner,wnetwatcher,xyplorer_full-portable,Tcp View and MPC-HCPortable

I am done

 

Removed Toolwiz Time Machine.Added back my old trusting Wondershare Time Freeze.

 

Why? Is it bad?