What is your security setup these days?

Discussion in 'other anti-malware software' started by dja2k, Dec 15, 2005.

  1. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    2,315
    Location:
    Italy
  2. The Seeker

    The Seeker Registered Member

    Joined:
    Oct 24, 2005
    Posts:
    1,323
    Location:
    Adelaide
    How is he not missing anything? VBS provides greatly increased protection from vulnerabilities.
     
  3. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    6,892
    Location:
    USA
    From his setup he appears to be doing well enough without enabling something that will slow the machine and possibly introduce stability issues. 1 example, there are plenty of others.
    https://www.neowin.net/news/microso...-update-on-pcs-with-memory-integrity-enabled/
    I'd rather have a functional machine than break it to prevent an issue most will never encounter.
     
  4. The Seeker

    The Seeker Registered Member

    Joined:
    Oct 24, 2005
    Posts:
    1,323
    Location:
    Adelaide
    I have had this enabled for months with no slowness or stability issues. (The link you've shared is a year and a half old so may no longer be relevant.)

    Sorry to hear enabling VBS broke your machine.
     
  5. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    2,315
    Location:
    Italy
    Today I dedicated my day to better hardening Thunderbird and SumatraPDF portable that I use to open my PDFs offline.
    Maybe not everyone is aware that for example Fission is not enabled by default even in the latest version of Thunderbird.
    It bothers me that SumatraPDF portable has in my Standard account a value of IL medium.
    I inserted Sumatrapdf portable in the hidden LocalLow folder in this way the Integrity Level has the value low.
    Even though I had already blocked incoming/outgoing connections from the firewall.

    In this case the maximum rules in WD Exploit Protection are 12:


    Code:
    Block remote images - ON
    Block untrusted fonts - ON
    Control flow guard (CFG) - ON
    Data execution prevention (DEP) - ON + Enable thunk emulation - CHECKED
    Disable extension points - ON
    Force randomization for images (Mandatory ASLR) - ON + Do not allow stripped images - CHECKED
    Randomize memory allocations (Bottom-up ASLR) - ON
    Validate exception chains (SEHOP) - ON
    Validate handle usage - ON
    Validate heap integrity - ON
    Validate image dependency integrity - ON
    It is not possible to enter the rule:

    Code:
    Block low integrity images - ON
     
    Last edited: Jan 5, 2022
  6. Bertazzone

    Bertazzone Registered Member

    Joined:
    Apr 13, 2018
    Posts:
    435
    Location:
    Milan, Italia
    Applicable to Microsoft apps only, AFAIK.
     
  7. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    2,315
    Location:
    Italy
    Not true:

    Immagine.jpg

    ;):)
     
  8. Bertazzone

    Bertazzone Registered Member

    Joined:
    Apr 13, 2018
    Posts:
    435
    Location:
    Milan, Italia
  9. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    2,315
    Location:
    Italy
    This:

    Code:
    Code integrity guard - ON
    is applicable to Microsoft apps only
    .;):)

    14 rules for Microsoft Apps
    13 rules for other non-Microsoft apps.

    You are Italian like me so I can show you the error I get with SumatraPDF portable inserted in the LocalLow folder if I insert 13 rules:

    1.jpg
     
    Last edited: Jan 6, 2022
  10. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,929
    Location:
    The Netherlands
    Yes this is also the reason why I never used HMPA for a long time. It's one of the best from a technical point of view, but it gives too many problems when combined with other security tools and it seems there is no easy way to whitelist trusted software that it might interfere with.
     
  11. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    6,751
    Location:
    USA
    I have to agree. Also suppression of alerts. Often didn't stick.
     
  12. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    2,315
    Location:
    Italy
    Xubuntu 21.10 (PC my daughter)
    Strong password enabled
    Quad9 DNS
    UFW Firewall - enabled

    Google Chrome --disable-webgl
    • Javascript blocked for HTTP://*
    • Privacy Sandbox + FLoc disabled
    • Clears cookies and data from sites when you close
    • Search Engine and Home web-page DuckDuckGo
    • Always HTTPS
    • DNT enabled
    Chrome://flags - Enabled:
    • Anonymize local IPs exposed by WebRTC
    • Block scripts loaded via document.write
    • Strict Extension Isolation
    • Strict-Origin-Isolation
    • HTTPS-First Mode Setting
    • Privacy Review

    Extensions:
    • UBO - Hard Mode - with TLD by Kees1958
    • Decentraleyes
    • Trace - (Only enabled) - Google Header Removal + Alternate Error Page + Webform Autofill + SafeBrowsing Extended Reporting
    • Stream Recorder
    • VideoDownloadHelper

    P.S. Any feedback is welcome, unfortunately I am forced to leave Chrome :thumbd: as default browser
     
    Last edited: Jan 13, 2022
  13. tuvalu_tt

    tuvalu_tt Registered Member

    Joined:
    Apr 28, 2013
    Posts:
    50
    Location:
    Finland
    My testing continues.
    Win 10: Emsisoft Anti-Malware removed and ESET NOD32 Antivirus installed.
    VoodooShield Free and HitmanPro.Alert is also used.

    Later i'am gonna install VoodooShield to that Win8.1 machine and then June 2022 i will swap AV to NOD32.
    Currently Emsisoft is used on that, like in all my other computers i maintain.

    edit: all this testing and AV swap is because Emsisoft is gonna stop definition updates to Win 8.1 June 2022.
     
    Last edited: Jan 13, 2022
  14. Bertazzone

    Bertazzone Registered Member

    Joined:
    Apr 13, 2018
    Posts:
    435
    Location:
    Milan, Italia
    No longer being developed because dev "just doesn't have time right now"!

    Many Chrome "privacy" extensions will be useless with Manifest V3.
     
  15. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    2,315
    Location:
    Italy
    :thumb:
    True, in fact some protections do not work.
    Can you suggest any other alternative for removal:

    Thanks for the feedback.:)
     
  16. Bertazzone

    Bertazzone Registered Member

    Joined:
    Apr 13, 2018
    Posts:
    435
    Location:
    Milan, Italia
    No suggestions.

    The clock is ticking and Google hasn't even addressed basic issues like this years-old bug:
    https://github.com/EFForg/privacybadger/issues/2273
     
  17. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,692
    Sphinx Firewall - AppGuard Solo - DeepFreeze
     
  18. Moose World

    Moose World Registered Member

    Joined:
    Dec 19, 2013
    Posts:
    774
    Location:
    U.S. Citizen
    Salutations/Greetings,
    @LoneWolf

    * Are you still using Instant Recovery?
    * Any problem with AppGuard Solo with other software any conflicts?
    * And why did you pick DeepFreeze over Sandboxie Plus and Shadow Defender, just curious?

    Always the best, Kind regards,

    P.S. I am looking for a software with great rollback
    Anyone can answer and no Crypto Miners.
    For example, Malwarebytes, Webroot.......
     
  19. imdb

    imdb Registered Member

    Joined:
    Nov 2, 2011
    Posts:
    3,378
    hi, moose. ag solo has no known conflicts.
    as for the "great rollback sw" you're looking for, i'd say go with mac-ref paid. it's the most reliable solution.
    but if all you need is a static work station, then you should go with deepfreeze.
     
  20. Moose World

    Moose World Registered Member

    Joined:
    Dec 19, 2013
    Posts:
    774
    Location:
    U.S. Citizen
    @imdb
    Can you provide a link for mac-ref paid? So that I can look into, please?
    Appreciate the info.....

    Kind regards,
     
  21. imdb

    imdb Registered Member

    Joined:
    Nov 2, 2011
    Posts:
    3,378
  22. Moose World

    Moose World Registered Member

    Joined:
    Dec 19, 2013
    Posts:
    774
    Location:
    U.S. Citizen
  23. imdb

    imdb Registered Member

    Joined:
    Nov 2, 2011
    Posts:
    3,378
    you bet, moose. :thumb:
     
  24. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    9,366
    Location:
    Among the gum trees
    Due to terrible VPN speed I have dumped Norton on one machine and reinstalled KSC.

    HMP.A is off because of this:

    #16660

    KSC doesn't like MB, so on this machine:

    KSC + OSA + Blackfog Privacy.
     
  25. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,692
    1-Yes.
    2-None that I'm aware of, running smooth as silk.
    3-I haven't used Sandboxie in some time.
    I do however have a license for both ShadowDefender and DeepFreeze, which is why I find myself switching from one to the other from time to time.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.