What is your security setup these days?

Last years seasonal holidays I played a little with the VMWare Workstation 6.5 beta and Unity...and been wondering what to do with myself when the new build of Windows 7 landed.

Mmm Windows 7, ie8...lets dance...

 

Ok, here is the setup on the PC I am mostly on:

Windows Vista Home Premium 32 bits with;
Keyscrambler Premium
Ad Muncher
Firefox with some security related addons.
As on demand applications I run shadowdefender and if I somehow feel insecure I use a steel cage in where no malware can survive; sandboxie.

On the 2 PC's the rest of my family is on:
Windows Vista Home Premium 32 bits and XP Home 32 bits.
LUA accounts
Avast professional
Windows Defender
Surfing is done with IE 7 and I even see them use Firefox sometimes.
They are pretty safe surfers, I haven't seen any infections since I used this setup.


Backups are made to a NAS, the program that is used is ShadowProtect.
There is a clean image of every PC+ One image with everything that is usually installed and I make sure every personal file is synced to the NAS with Syncback.
The entire network is behind a Router with NAT and SPI Firewall.
I'd like to highlight WOT too. Installed it on all PCs. Although there are some morons who just can't rate a site correctly, it still blocks most sites.

I think I have come a long way since I first discovered Wilderssecurity forums.
Any comments or suggestions are welcome.

 

i didnt feel like having program incompatibility issues.

 

Meriadoc, what gfx card does VMWare emulate? Are you able to install any security programs on 7?

 

switched out DriveSentry for Mamutu again.

 

I'm still checking it out and I want to go through the sub directories, there's some work to be done first. Workstation 6.5 is DX capable but emulates my hardware as SVGA II. Here's(MS) where Windows 7 goes to when naming security providers (to be expected) - but I will have a play soon.

 

First off, nice setup.

I like to know why you transferred over to Mamutu in place of DriveSentry. Since i've yet to even try DS, theres an obvious curiosity on my part whether you found drive sentry failed your tests or something else.

BTW, i am 100% sold on Mamutu myself right now even though i hold out some interest in ThreatFire once they release a few more versions, hopefully clearing up issues users have been reporting to them.

EASTER

 

well the reason i switched back to Mamutu from DS is because drivesentry is still somewhat buggy, its great software with awesome protection, but Mamutu is much more stable and doesnt slow down my system as much (a little less slowdown than with DS). The little patch that was posted for DS did help a lot, but it didn't fix all the issues. Once DS's bugs are all fixed (possibly with that new version coming out sometime soon) then id probably switch back to DS since i do prefer it. The 2 most annoying of these bugs are how much the memory fluctuates (starts at like 4mb then goes up to 32mb, then back down to like 6mb over the course of a day) and sometimes during start-up i get an error message saying DS failed to initialize, i get this maybe once ever 10 restarts (approximately).

But, ye, overall i love DS, they just gotta iron out the bugs and it will be perfect for me. It's my new favourite piece of software minus the bugs

 

Thanks firzen771

That's exactly the way i feel about ThreatFire. I like it a whole lot, especially to the point that a user can add rules into it, but there are some issues that i'm waiting for them to iron out and also add a DENY feature like Mamutu instead of just QUARANTINE or ALLOW feature on the more severe alerts.

EASTER

 

The major FP's and that DENY feature are basically the same reasons im not using threatfire.

 

Thx for the info.

Because DS protects a lot of HKU keys which are targetted more by malware nowadays, since users running LUA / UAC in Vista are more protected against HKLM changes.

Norton's UAC Tool and DS (with all its registry protection) is an increase of protection. Although DS protects against less process intrusions than Mamuto, an intrusion has to leaf a foot print to stay alive across different computer sessions. Obviously the registry and files are the place to go. Since UAC protects against a lot of things DS adds a lot of protection in practise. When I tried DS a while ago, I found that it had a good blacklist protection of the so called 'in the wild malware'.

With mamuto your theoretical protection is increased (and on an XP machine Mamuto is a very very good choice), but when using some protection (UAC + Norton's UAC tool) this is only partly relevant.

Cheesr

 

Forced into making a few changes but all systems remain behind Netgear Router and have Spywareblaster installed. All systems backed up using Drive Snapshot (with DriveSnap frontend).

Desktop: nLited Windows XP SP3

Avira Antivir Premium 8
OA 3 Free (still not 100% sure about this due to welcome screen lag)
SandboxIE 3.32 (Paid)
FD-ISR 3.31.233
Firefox 3.05 (with Adblock and NoScript)

Desktop: vLited Windows Vista SP1 (UAC and Windows Defender Disabled)

KIS 2009

Laptop: vLited Windows Vista SP1 (UAC and Windows Defender Disabled)

NAV 2009
Defensewall 2.45
Outpost Firewall Pro 2009
Firefox 3.05 (with Adblock and NoScript)

All systems running light and IMO are very solid. On demand scans run weekly with Superantispyware and RootRepeal.

 

Might try new PCTools FW Version 5

 

well since my transition to vista, ive noticed one thing, vista's performance is much slower than XP. so im trying to make a bit of a lighter approach to security. so i was just wondering if this combination would be effective enough? id also like to know, since windows defender comes built into vista, does it create any system slowdown to keep it on?

Real-Time:

Avira PE Premium
Norton UAC Tool
Rollback Rx

any tips on keeping it light for vista are appreciated.

 

sure..first off disable windows defender,go to control panel and then set power managment to high performace..

Do the "tweaked" setting in here http://www.blackviper.com/WinVista/servicecfg.htm

and if you run a multicore cpu with a few ram i am sure you will think like me of the XP as the OS to be left to dust in the shelf

 

windows defender is running on low RAM usage, but does keeping it enabled really add some slowdown? and plus would the combo posted above be enough? it seems u can only download the safe and default configs, to do the tweaked one do i need to look at his list and do it manually then?

EDIT

i just added all the "tweaked" settings and my system does feel a bit faster. but isnt there some kind of downside to disabling all those services? like stability

 

After running Malware defender in learning mode from some time changed setup

XP Pro Home PC (behind a router)
1. limited user with SRP (no execute) of temporary, internet and P2P directories
2. Malware Defender V2 Beta
a) registry protection groups are network, startup, my extra startup group
b) general rule permit execcute, ask on everything else
c) contained applications (IE7, Iron Portable, Outlook Express, LimeWire), meaning default deny all with selected permits (file, rgistry, other rules) plus prevent those applicationsfrom being accessed by others)
3. Avast with check at write only (only execution control on dll's, dos and 16 bit aps)

Even lighter than the previous one, only with outbound control of MD!

Cheers Kees

 

no as the critical ones were set to manual thus system can start them if it needs them somehow(nah)..its the most stable guilde in vista ever..also a MAJOR boost in speed is obtained through these settings( read all it has to say,i have enabled them because i use a UPS power balancing device)

http://www.imageshack.gr/files/gvo239ryesz2zl60n8lr.jpg


Above setup is great..although i'd throw in sbie..with the latest versions of it you will not even notice it.and i just can't tell you how much more safe u'll be.

 

How much ram do you have? To a lesser extent, what processor? You may need more ram for vista to feel snappier if it's an older machine.

My newest setup, think I will stick with it for awhile:

Windows Vista Ultimate SP1
avast! antivirus Home Edition
Comodo Internet Security 3.5 w/SafeSurf
Sanboxie Free
Spyware Blaster 4.1

 

intel core 2 duo 2.4ghz
2 gigs of RAM

my machine is a little over a year old.

 

I second the 'tweaked' setting. Had it running for several months since reading about it from this site, and had no stability issues.

 

i wish they would give a downloadable file for the tweaked settings as well instead of just the safe settings. would be helpful instead of doing it by hand...

 

Its really better to read all the descriptions and then manually arky all the tweaks you think is good for you. Or else you could end up with some of your applications not working, and you would not know which service its fault it is.

 

My new setup is very light (no real-time AV), I quite like it.

Sandboxie free

On-demand scanners
a-squared 4 free
Malwarebytes Antimalware free

Firefox with Adblock PLus, NoScript and WOT

SyncBack free

 

Kaspersky Internet Security 2009
Ad-Aware Free
Spyware Doctor
Firefox+Adblock plus