What is your security setup these days?

Discussion in 'other anti-malware software' started by dja2k, Dec 15, 2005.

  1. Acadia

    Acadia Registered Member

    Joined:
    Sep 8, 2002
    Posts:
    4,102
    Location:
    SouthCentral PA
    Sandboxie
    ShadowDefender
    VoodooShield
    WindowsDefender

    and should those all fail me I could recover using (of course I would have to know that I am infected in the first place):
    Macrium
    Raxco InstantRecovery
    Windows built-in imaging
    Aomei
    Image For Windows

    If that is not enough then I give up. :eek:
    Acadia

    EDIT: forgot my first two defenses, my router and Windows10 built-in firewall.
     
    Last edited: Jul 1, 2018
  2. Moose World

    Moose World Registered Member

    Joined:
    Dec 19, 2013
    Posts:
    564
    Location:
    U.S. Citizen
    @guest

    https://www.youtube.com/watch?v=yEOJxUEApso


    Moose
     
  3. guest

    guest Guest

  4. gery

    gery Registered Member

    Joined:
    Mar 8, 2008
    Posts:
    2,079
    comodo firewall emsisoft antimalware NVTH OSArmor
     
  5. The Seeker

    The Seeker Registered Member

    Joined:
    Oct 24, 2005
    Posts:
    1,303
    Location:
    Adelaide
    Removed AdGuard. I like the software but I've found it slows down browsing just a little too much for my liking. Plus, I've grown too attached to using uBlock Origin in Medium mode.
     
  6. imdb

    imdb Registered Member

    Joined:
    Nov 2, 2011
    Posts:
    1,593
    ubo's unrivaled in class. :thumb:
     
  7. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    2,629
    Location:
    Canada
    Lenovo E580 Laptop, Windows 10 Professional:

    Full disk Bitlocker encryption aided with TPM v1.16

    Secure boot on

    Several Group Policy settings enabled or disabled for privacy and security enhancements - Attachment below

    SUA account with UAC at Default

    Windows Defender Security Center:

    Real Time Antivirus monitoring off

    All other settings at Default, except with Memory integrity set to on

    Latest beta version Chromium browser

    Extensions:
    • uBlockO; 3rd-party frames blocked

    • Windows Defender browser protection3rd-party cookies blocked

    Disk images using Image for Windows

    Group Policy Settings.PNG
     
    Last edited: Jul 4, 2018
  8. imuade

    imuade Registered Member

    Joined:
    Aug 4, 2016
    Posts:
    704
    Location:
    Italy
    OS: Win10 Home 64bit (Fresh Start of version 1803, build 17134.137)
    FW: Windows Defender Firewall + Sphinx-soft Windows 10 Firewall Control
    RT: Windows Defender Antivirus (tweaked by ConfigureDefender)
    BB: NoVirusThanks OSArmor
    BP: K9 Web Protection
    Hardening: Hard Configurator (Recommended SRP + Restrictions) + NoVirusThanks SysHardener
    On demand: HitmanPro, Zemana AntiMalware
    Browser: Chromium (uBlock Origin, OPSWAT File Security)
    DNS: Cloudflare
     
  9. imdb

    imdb Registered Member

    Joined:
    Nov 2, 2011
    Posts:
    1,593
    @imuade
    are you using osa with default settings? if not, what tweaks did you make?
     
  10. imuade

    imuade Registered Member

    Joined:
    Aug 4, 2016
    Posts:
    704
    Location:
    Italy
    I checked everything without any warning icon and with orange warning icon. I kept unchecked every item with a red warning icon
     
  11. imdb

    imdb Registered Member

    Joined:
    Nov 2, 2011
    Posts:
    1,593
  12. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    12,165
    Location:
    The Netherlands
    Yes but that's the thing, they are bashing on next gen AV, but once you allow malware to run, AG will probably fail to protect you from certain malware. For example, let's say a keylogger is allowed to run, it will be able to collect data and connect out, isolation won't help.
     
  13. mekelek

    mekelek Registered Member

    Joined:
    May 5, 2017
    Posts:
    513
    Location:
    Hungary
    no, cause Appguard is default deny, it will not let anything else than whitelisted stuff to run...
    that's the whole point of it
     
  14. guest

    guest Guest

    - The basics of AG is that you just need to know what is System-Space and what is User-Space. Anything in System-Space is allowed, anything in User-Space is blocked whatever it is a dll, an exe or a driver.
    - You install AG on a clean system (obviously), set your policy that fit your needs (basically adding/removing stuff from those Spaces) and forget it.
    - Then if you decide to install something new, you must be sure it is clean; it will be your fault if you install malicious stuff (reason why AG recommend the use of an AV alongside).

    That is what any SRP do.

    Now Appguard differs because it uses Memory Isolation (SMB version) plus Memory Protection (for Enterprise version).

    i don't say it is invulnerable, but if used properly, you have a quite strong protection, no prompts to answer and simpler than anti-exe to use.

    Also
     
    Last edited by a moderator: Jul 7, 2018
  15. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    12,165
    Location:
    The Netherlands
    Correct, but my point is that isolation without AV and behavior blocker is pointless, because you need to know if some app is malicious is not. For example, it wouldn't have protected against the CCleaner attack, unless it was marked as untrusted.

    Exactly, so don't bash on next gen AV and behavior blockers! Isolation is mostly effective against exploits and certain type of malware that perform code injection. I do believe that Memory Guard is very useful, it would be cool to test it against aggressive code injection methods. Does AG protect against process hollowing?

    https://www.endgame.com/blog/techni...-technical-survey-common-and-trending-process
     
  16. mekelek

    mekelek Registered Member

    Joined:
    May 5, 2017
    Posts:
    513
    Location:
    Hungary
    isolation is for people that install apps they need and then never install again
    or companies

    i agree with your statement, i find isolation to be useless for 90% of the people that don't just live in box.
     
  17. Eru

    Eru Registered Member

    Joined:
    Mar 23, 2010
    Posts:
    100
    Location:
    Poland - Sosnowiec
    Windows 10 Pro 64bit + NVT OSArmor + Sandboxie + SimpeWall (Windows FW Disabled) + Enpass.
     
  18. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,581
    Samsung Laptop
    Windows 10 / 64bit

    Kaspersky Security Cloud
    AppGuard Solo
    Shadow Defender
    AdGuard
    Raxio Instant Recovery
     
  19. imuade

    imuade Registered Member

    Joined:
    Aug 4, 2016
    Posts:
    704
    Location:
    Italy
    OS: Win10 Home 64bit (version 1803, build 17134.165)
    FW: Windows Defender Firewall + Sphinx-soft Windows 10 Firewall Control
    AV: Panda Dome Free
    OD: HitmanPro, Zemana AntiMalware
    BB: NoVirusThanks OSArmor
    HIPS: ReHIPS
    Misc: NoVirusThanks SysHardener, Windows Privacy Dashboard, O&O ShutUp10, K9 Web Protection, uBlock Origin, OPSWAT File Security
    DNS: Cloudflare
     
  20. The Seeker

    The Seeker Registered Member

    Joined:
    Oct 24, 2005
    Posts:
    1,303
    Location:
    Adelaide
    Switched from Quad9 to Cloudflare for my DNS lookups. Also reinstalled AdGuard and have noticed browsing is more snappy than last time, I suspect due to the aforementioned DNS change.
     
  21. ReverseGear

    ReverseGear Registered Member

    Joined:
    Mar 21, 2010
    Posts:
    1,549
    Location:
    Mumbai
    Removed ublock origin and added back adguard premium as the speed of adguard has now improved considerably since last time
     
  22. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    12,165
    Location:
    The Netherlands
    No, I didn't say isolation is useless, I say it's not enough to protect against all kinds of malware attacks. Like I said, AppGuard will not fully protect the system once malware is allowed to run, so you should always combine it with AV/behavior blocker. I'm still waiting on guest's answer regarding process hollowing.
     
  23. guest

    guest Guest

    i think people misunderstand the isolation part in Appguard (i talk about the SMB one, not the Enterprise version).
    AG doesn't act like a classic sandbox, it just has some containment capabilities.
    A Guarded Application (one in user-space or in system-space and susceptible to be a vector of attacks like cmd or powershell) cannot modify protected OS components (Windows and Program Files folders, some registry keys and those eventually added by the user) and process memory.
    Also, Guarded Apps are MemoryGuarded so they can't read or alter the memory of another process.

    AG can prevent exploited interpreters to execute unless the malware managed to get SYSTEM rights, then there is nothing AG (or any security softs) can do.

    In the latest version Solo v6 , lsass.exe is MemoryProtected so running processes can't modify it.

    Check this video to get an idea how AG works, AG installed in an infected system then blocking (not remove) the infection.

    https://www.youtube.com/watch?v=yEOJxUEApso
     
    Last edited by a moderator: Jul 14, 2018
  24. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,566
    That doesn't make sense. Of course once malware is running you have a problem. But when I was testing against live malware, nothing got by it to run. Not a single failure
     
  25. moredhelfinland

    moredhelfinland Registered Member

    Joined:
    Mar 31, 2009
    Posts:
    40
    AV: Emsisoft (got it free)
    HIPS: Spyshelter Premium(custom ruleset)
    Firewall: Zonealarm Pro(the best for blocking low level boot time connections, use wireshark to check)
    Anti-Ransomware: Hitman Pro Alert(disabled keystroke encryption, because Spyshelter covers this a lot better)
    Others:
    - Blackfog Privacy(conflict with HMPA if using DoD 3 deletion pass, works with 1 DoD deletion pass)
    - Process Lasso Pro (because i just want to support one man quality softwares)
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.