What is your security setup these days?

Discussion in 'other anti-malware software' started by dja2k, Dec 15, 2005.

  1. Rompin Raider

    Rompin Raider Registered Member

    Joined:
    May 6, 2010
    Posts:
    1,253
    Location:
    North Texas
    He thought he could sneak one by....but we all have good memories! LOL:rolleyes:
     
  2. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,343
    Location:
    USA
    Thanks
     
  3. Home computer

    OS: Qubes 3.0 RC1 with Whoinx workstation & Gateway in seperate Qubes VM's with added Macchanger , 3 X Pfsense Qubes VM's connected to nested chain of VPN's (Thanks mirimir for the guide), VPN's which I'll detail later, Thunderbird with TorBirdy & Enigmail, FireFox 39.00 with NoScript 2.6.9.30 with all aditional restrictions checked and whitelisted sites removed, Adblock Plus 2.6.9.1 with all malware & country filters enabled, Tinfoil 0.7.1 set to full tinfoil mode, HTTPS EVERYWHERE 5.0.5, CanvasBlocker 0.1.6, Disable Plugin & Mimetype enumeration 1.1.5.1, Ghostery 5.4.5.1,

    Then I add to the mix OpenVpn 2.3.7-I602, then I add my personal VPN's starting with Perfect-Privacy.com VPN service 4 hops, Prq.se VPN service 1 hop, ZorroVPN.com service 4 hops, Tigervpn.com VPN service 1 hop, IVPN.net VPN service 2 hops, & multi-vpn.biz VPN service 3 hops.

    I like my VPN's if you couldn't tell. It's nice to have options :D

    Personal Mail Server

    OS: Debian 8.10 Jessie, Fail2ban with country bans on .RU, .RO, .FR, .SK, .IN, & all of Afrika & all of Asia & all of South America & lock out SSH wrong password after 1 wrong password for 48 hours, SSH port changed to different port, Grsecurity patches for the Kernal, SElinux patches for the system, IPtables rules set to strict guidlines blocking any traffic except port 443 & port 9050 & SSH port, Chkrootkit, Snort with updates ruleset, OpenVAS to check the server, I disable root logins i find this helps securing the server, Only allow login by public key NO login by password, TripWire is another tool I use to secure the server.

    Server location: China - about as bulletproof as you can get these days. I only use it for a personal email server so bandwith isn't an issue. China has crap bandwith if you didn't know. Server is registered to a .CN citizen so no ties to my personal life. It was a strugle getting them to load Debian 8.10 but I can speak decent Mandarin since I lived in Bejing for 3 years, so after a few emails they relented and loaded 8.10 on my box for 100 yuan fee.

    What do people think? Am I paranoid enough? Good? Bad? Room for improvement?
     
  4. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,343
    Location:
    USA
    Removed Avast & Adguard for now. I am so used to these extremely light anti-exe/whitelisting/virtualization apps, when I install an AV I notice the change in responsiveness very easily and it drives me nuts! I think for now I'll stick with my current config (laptop) and maybe install HMPA here soon.

    Voodooshield is an exception. I do notice a change in responsiveness when it's installed :thumbd:
     
  5. Have you measured program launch times with Apptimer? When you do launch your browser with lot of home pages, you can also measure the impact on browsing. Modern programs are useally so well developed that they add just 0.3 secs (on my dual core) launch time.

    When you stack up programs and the delay exceeds a second, you will start to notice it. The delay of VS and SBIE is probably as much or as little as the delay of AG and Avast. So the thumbs down or up is interchangeable IMO :)
     
  6. I would say there is rooom for improvement, how do you check nobody's is fiddling with your mail server?
     
  7. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,343
    Location:
    USA
    I will surely try it!

    EDIT:Just installed it:thumb:
     
    Last edited: Jul 16, 2015
  8. Room for improvement? Please explain? I can't know 100%. That is the problem. But I have Iptables so tight that not much can access the server. I also view detailed logs every day to see if anything is strange. At the end of the day that's the best you can do without hosting the server locally in your home.
     
  9. For paranoids there is always room for improvement. Now I planted this awfull thought in your head: "the best you can do without ..." :D
     
  10. alphonso

    alphonso Registered Member

    Joined:
    Mar 22, 2015
    Posts:
    15
    Avast Pro Antivirus, Voodooshield Pro, Sandboxie, Malwarebytes on demand scanner
     
  11. Sordid

    Sordid Registered Member

    Joined:
    Oct 25, 2011
    Posts:
    235
    Home computer? Huge waste of resources. & then to trust mail servers offsite/China and addons by some random cat named Chris Antaki.

    Cool start for privacy and/or anonymity..but that soon disappears when using the same computer for everything. Honestly, I don't know what you're even trying to accomplish using VMs and VPN chains for everyday usage from your own home.
     
  12. guest

    guest Guest

    only Sandboxie on Win10 RTM
     
  13. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,343
    Location:
    USA
    That's all you need :thumb:
     
  14. Solarlynx

    Solarlynx Registered Member

    Joined:
    Jun 25, 2011
    Posts:
    2,015
    What is your Avast tweaks?
     
  15. guest

    guest Guest

    will just wait a compatible version of SD.
     
  16. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,343
    Location:
    USA
    I had it @ default
     
  17. ropchain

    ropchain Registered Member

    Joined:
    Mar 26, 2015
    Posts:
    335
    I would even dare to say that exploit mitigation software is becoming a bit redundant when looking at Win10. Especially if you realize the following things:
    - Edge is now 64 bit and has an even stronger EPM sandbox (Additional hardening seems to have been employed that makes exploiting symlink sandbox escapes harder: https://twitter.com/tiraniddo/status/612948425995386880)
    - Flash exploitation using uint Vectors is dead and that was the main exploitation technique. (http://googleprojectzero.blogspot.com/2015/07/significant-flash-exploit-mitigations_16.html)
    - Exploiting Font bugs no longer as 'trivial' as in Win 8.1 and lower. (Can not that quickly find a reference anymore.)

    The auto-upgrade of Windows 10 will ensure that a large number of consumers will benefit from these changes (especially from the hardening of Edge). It is likely to assume that developing an exploit that targets Chrome or Edge on Windows 10 would now require multiple vulnerabilities. You can already see a shift in what kind of exploits are being found in the wild (besides the ones targeting Flash Player of course) In the past Internet Explorer was maybe the most targeted application out there. What happened a year ago? MS hardened the allocation of heap chunks and since then I am not aware of any - known - APT campaign that used a zero-day targeting IE.

    If you look at some of the zero-days that have been deployed in the past year then we can see an interesting development:
    - IE no longer seems to be targeted that heavily. (CVE-2014-6332 half-day is the most recent targeted vulnerability iirc)
    - Flash player took over the place of IE, but this will also change with the recent changes.
    - Logic flaws have even be used in 2014 (cve-2014-4114 and cve-2014-6352)
    - The first known Java 0day in two years has been found in the wild (cve-2015-2590)


    So which applications will be targeted the most in the upcoming years?
    By Exploit kits: I have no idea, maybe we will finally see attacks that employ sandbox escapes.
    By nation state actors: Maybe MS Office and Adobe Reader (IE/Edge, Chrome and Flash exploitation is quite hard nowadays)
     
  18. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,373
    Location:
    The Netherlands
    Wow, you're very optimistic about Win 10. But yes, it's getting harder and harder to exploit browsers. And apps like MS Office should always run restricted or sandboxed by HIPS.
     
  19. ropchain

    ropchain Registered Member

    Joined:
    Mar 26, 2015
    Posts:
    335
    The main reason has to do with IE being replaced by Edge which has a sandbox and is 64 bit by default.
    Although the primary focus of exploit mitigation software is of course older systems which do not receive regular updates.
     
  20. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,382
    Location:
    Slovenia
    I removed ESET and will go AV-free for some time. My current setup:

    OS: Windows 8.1 x64, Windows FW, UAC on max, SRP
    Browser: Google Chrome & uBlock Origin
    Backup: Macrium Reflect
     
  21. Solarlynx

    Solarlynx Registered Member

    Joined:
    Jun 25, 2011
    Posts:
    2,015
    What on-demand scanners do you prefer?
     
  22. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,382
    Location:
    Slovenia
    I use Emsisoft Emergency Kit, Avira PC Cleaner and Malwarebytes AM once a week.
    For daily scan I use HitmanPro.
     
  23. justenough

    justenough Registered Member

    Joined:
    May 13, 2010
    Posts:
    1,549
    Sandboxie
    AppGuard
    HitmanPro.Alert
     
  24. Solarlynx

    Solarlynx Registered Member

    Joined:
    Jun 25, 2011
    Posts:
    2,015
    Thanks. I didn't use Avira PC Cleaner from these scanners. I'll give it a try.
     
  25. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,373
    Location:
    The Netherlands
    The current IE also has a sandbox, at least on Win 8. But it's not as robust as the one from Chrome, from what I've read.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.