Discussion in 'other anti-malware software' started by dja2k, Dec 15, 2005.
renew my Eset Smartsecurity License
Sandboxie and WebrootSA.
I did something similar. Since my ESET NOD32 licenses were due to expire in a couple of days, I activated a couple of ESET Smart Security licenses I purchased 10 months ago during a holiday sale. I plan to do the same thing this coming holiday for next year.
Well I decided to go with G Data A/V instead. For 22.26 USD with tax, I couldn't pass that deal up. I'm definitely liking this anti-virus, and I'm also surprised how well Comodo Firewall, SecureAPlus, HitmanPro.Alart 3 work together with no conflicts. My only complaint with G Data is I wish had control over the heuristics settings. I also decided to keep SecureAPlus as well.
Windows 10 PRO security
- Block unsigned binaries to boot/install/elevate (GPO)
- Disabled risk-ware and user autoruns/startup (GPO)
- Deny execute Everyone in drive-by folders (ACL)
- Deny execute Basic User in user folders (SRP)
- EMET Office 2007 and ASR scripting-DLL's
- Set WFW default to block outbound also
Browser tweaking & tricks
- Blocked IE11 (SRP, WFW), set IE-zones HIGH
- Edge used as PDF-reader (blocked in WFW)
- Chrome Sandbox with uBlock (3rd-party)
- URL filters from OpenDNS and Google
I've been running the beta of the 2016 version of Avast for the last three days. It is exceptionally light, so much so, that I don't even notice it's installed.
It is one of the lightest antiviruses I've used in recent times.
My security setup
Malwarebytes Anti-Exploit (Premium)
DNSCrypt Proxy (OpenDNS)
Windows Defender = Off
Windows Firewall = On
Windows SmartScreen = On
Windows Update = On
UAC = Always notify
Security & Privacy tweaks applied
Adobe Flash = Ask to Activate
Security & Privacy tweaks applied (about:config)
Emisisoft Emergency Kit
Kaspersky Virus Removal Tool
O&O ShutUp 10
VPN (Occasional use on mobile devices)
Please can you list Firefox about:config tweaks.
Here you go...
network.websocket.enabled - boolean = false
network.dns.disableIPv6 - boolean = true
network.dns.disablePrefetch - boolean = true
network.prefetch-next - boolean = false
dom.event.clipboardevents.enabled - boolean = false
dom.battery.enabled - boolean = false
dom.storage.enabled - boolean = false - NOTE: This setting may reduce and or break functionality on certain web sites.
browser.safebrowsing.enabled - boolean = false
browser.safebrowsing.downloads.enabled - boolean = false
browser.safebrowsing.malware.enabled - boolean = false
browser.send_pings - boolean = false
browser.cache.disk.enable - boolean = false
browser.cache.memory.enable - boolean = false
browser.cache.offline.enable - boolean = false
browser.cache.offline.capacity - integer = 0
webgl.disabled - boolean = true
geo.enabled - boolean = false
geo.wifi.logging.enabled - boolean = false
geo.wifi.uri - string = http://127.0.0.1
datareporting.healthreport.service.enabled - boolean = false
datareporting.healthreport.uploadEnabled - boolean = false
toolkit.telemetry.enabled - boolean = false
beacon.enabled - boolean = false
loop.enabled - boolean = false
browser.pocket.enabled - boolean = false
media.peerconnection.enabled - boolean = false
media.eme.enabled - boolean = false
media.gmp-eme-adobe.enabled - boolean = false
camera.control.face_detection.enabled - boolean = false
camera.control.autofocus_moving_callback.enabled - boolean = false
device.sensors.enabled - boolean = false
security.tls.unrestricted_rc4_fallback - boolean = false
security.tls.insecure_fallback_hosts.use_static_list - boolean = false
security.ssl.require_safe_negotiation - boolean = false
security.ssl.treat_unsafe_negotiation_as_broken - boolean = false
media.peerconnection.enabled - boolean = false
media.peerconnection.turn.disable - boolean = true
media.peerconnection.use_document_iceservers - boolean = false
media.peerconnection.video.enabled - boolean = false
media.peerconnection.identity.timeout - integer = 1
I'll have to do some testing with these.
Appguard - Data Partition protected (read only), user profile folders not used for data storage
EMET 5.5 beta - maximum security, enforce all mitigations for critical apps e.g. browser
Terabyte Image for Windows - system backup archive stored on external harddrive not connected to the pc
OpenDNS - set up personal web filter and lock out critical web content
AMD Ramdisk - Temporary internet files
VirusTotalUploader2 - integrated into TotalCommander for easy file uploads
Process Explorer - VirusTotal tabs for running processes
Windows Defender & Windows Firewall
Opera 32 - Adguard Adblocker
Sure, no problem, hope that helps.
Have a good day!
This isn't just a Windows thread, right guys?
My security setup:
A custom Firewall (my signature);
Arch Linux with grsecurity (and softmode=0);
Firejail for jailing almost all my programs;
Iceweasel with NoScript, RequestPolicy, Disconnect, https-everywhere, and uBlock Origin;
e-Mail accounts at riseup.net and autistici.org;
No Google, Facebook, Yahoo, Outlook, accounts or service used;
Encrypted e-Mail when necessary;
Encrypted disk with LUKS, cipher twofish-xts-plain64, and an itter time of 5000: that's 10 seconds between each passphrase attempt, making brute-force attacks impossible while still having a simpler passphrase;
I also took a snapshot (fingerprint) with rkhunter of my recently-installed system, and I do regular checks to see if any system files were altered.
You're kidding me right? Can you post some screenshots, and what do you like about them?
EDIT: I always read bad things about SafenSoft SysWatch, so that's why I was surprised.
But it'd be boring if I post say my Chromebook's security setup (same browser profile as Windows and pretty much vanilla crouton).
Well, I could say I've got a yoube stick and a dog. Does that count here too?
Running what's in my sig
If I remember correctly Safensoft Syswatch is some sort of a hips program which offers a sandbox to execute suspicious files as well as a whitelist for the programs that are already installed on the computer. It also has the capabilites to identify threads as it uses Bitdefender engine I think. The problem that I had with Syswatch when I tested it was that the initial scan of the system for the whitelist creation took ages to finish. Also the sandbox feature on execute wasn't really helpful since the majority of files failed to run in the first place. There was no way to find out what exactly a suspicious file does because it didn't even run inside the Syswatch sandbox. So in the end the user had to decide if the file should be run without any restrictions or blocked. There was no in between.
It is quite an interesting approach that Safensoft does with this program but the implementation needs a lot of work still as the program leaves the user alone with his decision. You either trust a file completely or block it since the sandbox doesn't seem to work properly as explained above.
It could be that they have already fixed many of these issues as I haven't looked into Syswatch for quite some time.
Ahaha yeah alot of people are having issues with it but it always worked perfect for me.
I've always had problems with most other hips/anti-exe type of programs, everything from hiccups to major issues but as i said it always worked for me
This is correct, the initial scan has improved alot at least for me.
Yeah i wish they would improve/implement the sandbox at execute, it works more like a anti-exe at this point.
But you can always change application permissions later.
ZoneAlarm free AV+FW 14.0.522.000
On demand: Zemana AM
Backup: AOMEI Backupper
I'd say this is hardening done correctly. Maximal security with minimal overhead and fewest moving parts.
W7 Pro. Sandboxie - AppGuard - WFW - dnscrypt - 1806 - ublock orgin - netcraft - Tampermonkey, Reek.
I'm really happy with this setup. I don't have any slowdowns, no conflicts.
Windows 7 x64 Ultimate
• Windows firewall (inbound)
• Software Restriction Policies
• User Account Control on max
Macrium Reflect Standard
Emsisoft Emergency Kit, Avira PC Cleaner, Malwarebytes AM, ESET Online Scanner, HitmanPro
Thanks, I have to say that the GUI actually looks kinda nice. It almost makes me want to check it out. BTW, can you perhaps post some shots of the other tabs like "Process privileges" and "Interprocess interaction", what is that all about?
Yes perhaps it has been improved, who knows. I'm still looking for a good HIPS, Zemana and SpyShelter have been ruled out by me, because of several reasons.
Sandboxie has me back. Just when I thought I was out, it pulls me back in.