What is your security setup these days?

man i didnt like sunbelt kerio at all deleted and replce it with edgeguard solo,i could get appguard work nice with malware defender so it is EdgeGuard Solo+Malware Defender in my xp2 laptop

 

Using only AppRanger on my server PC

 

appranger is fast and the scaners is cool good choice

 

ZONE ALARM INTERNET SECURITY SUITE
AVG LINK SCANNER FREE
SAS FREE
DR WEB CUREIT

 

Yo raven211,

Being this is a PC security website,I highly doubt posting that "image" is gonna fly with the moderators here

 

Okay, just thought it was fun. Deleted it.

 

Oh trust me,it was funny,but I was like Uh oh

Trust me,this place needs an off-topic section,but I doubt that'll ever happen.

 

Counterspy
MalwareBytes
Outpost firewall Pro (host protection active)
Sandboxie
Host modifications
Shadow Defender


Anything else i need?

 

ugh too lazy to type out my list again, so its my sig + testing out linkscanner

 

NAT Router

Resident:
OA Paid (Web and Mail Shied off)
Avira Premium (Guard set to write only)
LinkScanner Pro

Tiny Watcher on Startup

On Demand:
MBAM, SAS

Browsing:
Firefox w/NoScript, Adblock Plus
SandBoxie
Spyware Blaster

Restore/Recovery:
IFD
FD-ISR
Returnil

 

These two are uniquely interesting. Good idea, plus i found that oldie but goodie Trust No Exe on my PC recently and haven't really gave it any attention or use. I may have to try something similar with it and see.

The no execute of Recyclers is a good one i like. Takes the object away from Conficker just in case right?

 

I cheared to early, forgot that GW is no good running limited or Power user, you can only change status from untrusted to trusted when in admin mode.

 

You defintely hit on a good idea with ole trust-no-exe though. Running it now myself and reserving certain areas of deny as well as freedom. LoL

Does this thing have a command line syntax for extensions?

 

Can't find it in the manuak, but it stores it deny/allow list in the registy


PS what do you find the best script interception software

 

Hi, second try, most installers need temp, so had to allow execution with Trust-No-Exe also from TEMP, so changed linksanner for full AVG

In search for a lighter and low pop-up set up I cooked up policy based setup on my XP Pro: SP3 desktop (cheap E5200 dual core at 3.06Ghz with 2GB RAM)

Basics:
- Router HW Firewall (NAT/SPI) with highest wireless protection
- Offline external harddisk with paragon for image and syncback for data backup

Realtime protection
- Secpol: no execute of Recyclers, and shared directories, and IE program downloads plug-ins/active X and TEMP internet directory set to limited rights

- Trust-no-exe (oldie): with custom pop-up telling new programs should be installed from D:\Installs (also allowed D:\TEMP), I really like the ability for a custom message (SRP just says access denied), see PICTURE

- GeSWall Pro: with outlook mail folders, Wab, Program Menu auto run directories, task scheduler, network and D:\Install set to confidential in Resources, All Chrome access is limited to read only or redirected with D:\Downloads as only directory to have full access, LimeWire is rectricted to have write access to D:\LimeWire also.

- Rising PC Doctor: all enabled (scan only memory daily for on-line diagnostics, set all checked start ups to trusted manually and disabled URL filter of Internet protection URL alert)

- Browser Hijack Retailitor (also an oldie), set to deny changes to BHO, IE pages and HOst)

- Scriptdefender throws a pop-up for scripting files started, GW will contain untrusted script files (also embedded scripts).

- AVG Free Free with linkscanner for search rating in IE8 (disabled AVG taskbar without corresponding plug-in) and exploit protection in IE8 and Chrome. Told AVG resident shield to exclude all the "No Execute" directories of SRP and C:\Windows, C:\Program Files (now AVG does not allready installed executables). AVG silenty removes/quarantaines any threats dectected.

- Keyscrambler free for IE (using IE8 for on-line banking and shopping, checking site with smart screen filter before buying, daily browsing with Chrome).

On demand
- OSAM
- BitDefender Free and Ad-Aware free (because they update automatically)
- Panda Anti Rootkit

Bottem line
- Sneaky user space rootkits using recycler are contained with SRP, Risings PC doctor checks startups on a periodical basis, protects USG (like AVG) silently
- Installs first have to be set trusted when downloaded from untrusted source (GW) and moved by user to D:\Installs (TNE), Trust-No-Exe (TNE) tells user to scan the file with BitDefender + Ad-Aware (and move it to D:\Install), so a second/third blacklist checks intentional installs (AVG auto checks and removes silently)
- Router takes care of network, which is partioned, so other (wireless) PC's in the network can't access each other, GW limits untrusted to go outbound, old Windows FW deals with inbound
- Browsers are contained (Chrome even with internal sandbox), IE8's save as option is removed and the default download directory is fixed by GW, IE8 has XSS protection, Linkscanner checks on encoded web page exploits, Google also throws URL warnings, IE8 search is rated by Linkscanner and IE8's smart screen checks the URL realtime

Few pop-ups (only google warning and Linkscanner when visiting a malicious webpage, BHR when an BHO is added and ScriptDefender when a script is started), fast (minimal blacklist intervention), with admin functionality/ability to install applications from D:\Install directory (when executable started from other directory TNE throws a pop-up + custom message) after having set the download trusted with GW.

Regards Kees

 

kees how is the new threatfire?you have alot of experience with it and i want to test it again

 

Hi Kees

Is that D:\TEMP mapped to the system variable TEMP ?

I really like the look of the app myself - have posted a seperate thread about another config for it.

According to the website you can :

Did you consider doing that ?
Would that not be easier than giving exe's access to temp ?

I'd be very interested in your comments on my setup as well
https://www.wilderssecurity.com/showthread.php?t=239943




J

 

Back to basic:

Realtime:
DefenseWall 2.54 (beta)
Online Armor 3.5.0.9 (paid)

 

I do not use FF, so can't tell anything about it

 

I am so sick of promises and shoddy software. Going to use what I know has a solid development team behind them.

Vipres time has come.

 

From what I've seen it's too intrusive in its automatic operation by default, is that the case? I'm really demanding when it comes to that. Compare it to Norton where the pop-ups are small and self-fading once you get active or after some sec. depending on the situation.

 

Firewall--router firewall

Browser--Firefox w/noscript

Antivirus/HIPS--DriveSentry

All I need!

 

NAT/SPI Router hardware firewall
Windows Firewall
SandboxIE

Acronis True Image 2009 Home
Superantispyware
Dr.Web cureit

 

do you work for drivesentry(john)?

 

Runs great on the laptop of my wife (DefenseWall + ThreatFire with custom rules)