What is your security setup these days?

Discussion in 'other anti-malware software' started by dja2k, Dec 15, 2005.

  1. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,686
    Sphinx Firewall
    AppGuard Solo
    Spyshelter Silent
    DeepFreeze
    Raxco InstantRecovery
     
  2. moredhelfinland

    moredhelfinland Registered Member

    Joined:
    Mar 31, 2009
    Posts:
    118
    Location:
    Finland
    Main PC (gaming, surfing etc):
    McAfee Endpoint Security (heavily customized settings, because defaults are crap)
    McAfee Web Boost for Chrome (for disabling those annoying autoplay videos)
    KeyScrambler Premium (keystroke encryption)
    HiBit Startup monitor (really good for monitoring lots of different autorun entries, task scheduler entries, service entries. McAfee can do these too, but it has no "ask mode")
    Ublock
    ClearUrls
    System Restore disabled
    Macrium Reflect (full backups, takes about 2 min to create a backup of my system drive. Restore via Macrium USB stick if needed)

    Malware testing laptop with Macrium Reflect full baseline backup to external drive and USB restore, if system gets heavily infected/encrypted, MS Office installed:

    Currently testing Trend Micro Max Security 6 months trial.

    And when i'm testing malwares (bazaar samples), i test them without any VM, i prefer live environment, because some malwares are VM aware/ can escape.
    Testing laptop is not connected to my router, i use old Xcover 2 phone as a hotspot with prepaid sim card.

    I've been testing (one week/one AV solutions) against new bazaar samples. So i check new bazaar samples several times a day, download them and run them.

    Webroot with defaults:
    -System heavily infected, encrypted (full restore needed)

    Webroot with max settings:
    -A lot better, because of it does online webroot "whitelist check" aka so called anti-exe.

    Dr Web Security Space Beta, defaults:
    -Average detection in general. It does have really powerful DPD(Process Dumper) and DPH(Process Heuristic)

    Dr Web Security Space Beta, max settings:
    -It does have really good predefined HIPS settings, but defaults are bad. You can customize those setting, for you own liking(allow, ask mode, auto block)

    What i observed, when i tested one ransomware sample against Dr Web SS Beta. One of Dr Web HIPS component alerted that "xxx.exe" wants to use "low level disk access". Allow or Deny?
    I did not click "allow" or "deny", but ransomware was still encrypting files in the background. Until i clicked "deny", and then whole system crashed. I did not "stop" abusing process.

    Trend Micro Max Security:
    4 days of testing, several kind of bazaar samples, Trend Micro nailed all tested so far.
     
  3. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    9,731
    Location:
    U.S.A. (South)
    Your going to be as bad as @Peter2150 and myself in brutally testing these security programs :D

    I am EXACTLY the same way. Why be skiddish right? Test those vicious crapwares on a LIVE system and get the up close and personal REAL FEEL to their tricks and Real-Time results, not in VM's like a beekeeper's suit.

    I like and admire your extreme ambition on that. Beta Testing Ransomoff and others I put them into a dedicated LIVE machine to run amuck with ready backups in case of the need. :thumb: TIDBIT: I run them with ShadowDefender unleashing gobs of file infector and the most notorious ransomwares like Petya, Locky, etc and well, i have a whole what i call a Zoo of horrifics. Never once did any prevent SD from dumping them completely after testing. Some even encrypted Shadow Defender's folder of files, seized up the machine forcing a Hard Reset. Upon reboot, it was like nothing ever happened! Only way to see how strong or weak both windows and the security programs really are.

    On HiBit- Man I couldn't be any more satisfied with that app. Its Amazing!!!

    Have a really good day @moredhelfinland
     
    Last edited: Jul 25, 2021
  4. moredhelfinland

    moredhelfinland Registered Member

    Joined:
    Mar 31, 2009
    Posts:
    118
    Location:
    Finland
    @EASTER
    Yeah, i do like HiBit monitor. It monitors a lot of registry autorun entries. For example, Webroot seems to monitor only the basic "currentversion\run" where HiBit monitors a lot of more autorun entries and task scheduler entries.
    And i sure understand, why most of the AV solutions does not monitor these. They can add this "monitor", but how mommy and papa can answer to a popup, when installing a sofware, that adds autorun entry and mebbe even task scheduler entry.
    Mighty popup window comes, "do you want to add this to..." Mommy and papa of course click "deny". That is why, for example, F-Secure does not use its own firewall, it relies windows own firewall. Funny thing, is that F-Secure does not even protect Windows Firewall to gettin abused and disabled.
    F-Secure processes are easily killable via Task Manager, some other avs easily killed too.
    PsExec, cant kill. Of course not, some AV processes are running with SYSTEM privileges.

    Nirsoft Advrun is a great sofware, to test, to kill an av processes.
    -sepik
     
  5. Moose World

    Moose World Registered Member

    Joined:
    Dec 19, 2013
    Posts:
    744
    Location:
    U.S. Citizen
    @moredhelfinland

    Let me know that you find out with your testing, ect.....
    I am really interested in your finding, ect...

    Alway's the best,
     
  6. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    9,731
    Location:
    U.S.A. (South)
    I still not covered all the available features it sports. Just awesome, and very very safe and I love the Registry Restore feature but haven't needed it not once! The added benefit not only as a power user but also fancy dancy customizer that Context Menu feature thru me for a loop! Saves you tons of time from having to fish thru the registry to reduce fly-out lines that may be a bit much. A very comprehensive context menu editor way better than any I EVER found! Talk about fine tune granularity.

    Heck I haven't even explored that it MONITORS like that yet. Incredible well thought out portable and the developer is continuously refining the things that make it sharper.
     
  7. moredhelfinland

    moredhelfinland Registered Member

    Joined:
    Mar 31, 2009
    Posts:
    118
    Location:
    Finland
    Yeah, and some one said "windows firewall is enuff".
    F-Secure cant prevent, example: malware uses(s) lolbins to download malware.
    Outbound and Inbound are allowed So you're a part of a botnet.
    Someone said here, stay at "windows firewall".
    Trend Micro and its Firewall Booster is great, hardcoded ips oh well
     
  8. plat1098

    plat1098 Registered Member

    Joined:
    Dec 19, 2018
    Posts:
    1,154
    Location:
    Brooklyn, NY
    Well, my computer security configuration over at Malwaretips took a hit and went from Secure/Complete to At Risk. It's because of Windows 11. Haven't changed any security--it's still the same as in my signature but I sharpened my senses a little more and am keeping a closer watch on the developements of Windows 11.

    The two Windows Security bugs (Virus sample submission off at every restart and "Standard hardware device security not supported" have been fixed on here but that doesn't preclude anything else, now and in the near future.
     
  9. Melionix

    Melionix Registered Member

    Joined:
    Jun 22, 2020
    Posts:
    31
    Location:
    Earth
    Sorry for a late response, I was on vacation.

    That does seem to be the correct procedure, yes.
    https://github.com/sandboxie-plus/Sandboxie/issues/259
     
  10. Melionix

    Melionix Registered Member

    Joined:
    Jun 22, 2020
    Posts:
    31
    Location:
    Earth
    Is this really a good idea? Isn't Catsxp Chinese?
     
  11. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    8,044
    It is and it is open source. I see no good reason not to use Chinese software. I'm running two Chinese antiviruses, on my Chinese laptop, as well as using other Chinese software.

    Currently, I'm using Slimjet as my browser. Prior to that, I was using Cent and before that, 360 Extreme Explorer. They are also all Chinese. If I have reason to believe a particular piece of software is untrustworthy, I won't use. Aside from that, I have no issue with using software from any region.
     
  12. Buddel

    Buddel Registered Member

    Joined:
    Apr 28, 2015
    Posts:
    1,578
    +1
    I don't trust China more or less than any other nation.
     
  13. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    2,135
    Location:
    Italy
    I started the security/privacy setup of my new Lenovo W.10 x64 pc.:)
     
  14. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    2,135
    Location:
    Italy
    W.10 Home 21H1 x64 (PC my Daughter)
    Local Account - Standard user
    UAC Maximum - always notify
    Disabled many unnecessary services
    Web Search DDG
    Quad9 DNS
    Microsoft Defender
    MS Defender Firewall - rules hardened with H.C.
    MS Defender - All protections enabled - Ransomware protection disabled.
    Some softwares hardened with custom Anti-Exploit Settings.
    Hard Configurator - Some custom rules enabled

    Chrome x64 --cipher-suite-blacklist=0x002F,0x0035,0x000A,0x009C,0xC014,0x009D,0xC013 --disable-webgl

    Chrome://Flags

    • Block scripts loaded via document.write
    • Omnibox - Use HTTPS as the default protocol for navigations
    • Strict-Origin-Isolation

    Extensions:

    • uBlock Origin - Hard Mode
    • Decentraleyes
    • WebRTC Protect
    • Canvas Blocker - Fingerprint Protect
    • FontFingerprint Defender

    In this pc it is not possible to install W.11
     
    Last edited: Aug 1, 2021
  15. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,343
    Location:
    USA
    I decided to change my setup on my laptop from a dual boot with Linux Mint MATE and Windows 10 (slow as molasses) to Debian 10 GNOME which runs great and very stable! My Desktop is the same.
    Click the smiley for more info on Debian.
     
  16. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    3,319
    Location:
    Canada
    Hi @Sampei Nihira

    do you know anything about LocalCDN extension?

    https://addons.mozilla.org/en-US/firefox/addon/localcdn-fork-of-decentraleyes/

    Decentraleyes hasn't been updated for 9 months.
     
  17. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    2,135
    Location:
    Italy
  18. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    3,319
    Location:
    Canada
  19. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    9,731
    Location:
    U.S.A. (South)
    If I get tumed off for any reason by Windows 10 on my new rig this Linux release will be it's replacement. Oh I will still have Windows 8.1 super charged boxes to do the windows thing. And Linux MINT (My personal favorite and very familiar with it) is another strong STABLE choice.
    Down below siggy remains strongly in place and will be current for years on the Windows. WVSX really is sealed the deal for the 8.1 boxes and it's super nice on Windows 10-snappy and quietly available to guard network too now.
     
  20. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    2,135
    Location:
    Italy
    W.10 Home x64 21H1
    Local Account - Standard user - Limited permissions
    UAC maximum - Always notify
    Quad9 DNS
    Onedrive,Cortana,Advertising ID,Web Search - disabled
    Usage of location data for Cortana disabled
    Telemetry OFF
    Removed some Windows optional features

    Microsoft Defender Firewall hardened with H_C.
    Microsoft Defender hardened with Configure Defender

    • Ransomware protection - disabled
    • No run in a sandbox (Feature that appeared in 2018,fell into oblivion)
    • Core Isolation: Memory integrity - disabled *****
    • Some softwares hardened with maximum AE protection
    • All Windows Exploit Protection options - enabled

    Mozilla Firefox - about:config tweaked

    Extensions:

    • uBlock Origin - Hard Mode
    • LocalCDN
    First steps of my Security setup.


    ***** = With the feature enabled I get an annoying pop-up in the middle of the screen every time I boot that warns me to reboot because the hardware settings have changed.
    Have any W. members solved this, for me, annoying problem?
     
  21. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    9,028
    Location:
    Among the gum trees
    :confused:
     
  22. Moose World

    Moose World Registered Member

    Joined:
    Dec 19, 2013
    Posts:
    744
    Location:
    U.S. Citizen
    @LoneWolf
    Interest : Cost of Deep Freeze for a PC? And do you need to disable fast start?
    And do you need to disable Deep Freeze to Window Updates? If so how?
    Why not Shadow Defender with ( MBR) protection?

    Kind regards
     
  23. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    2,135
    Location:
    Italy
  24. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    9,028
    Location:
    Among the gum trees
    Understood. I've just installed LocalCDN in Firefox on my machines and am giving it a try.
     
  25. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    3,319
    Location:
    Canada
    The same here, installed yesterday in Firefox.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.