What is your security setup these days?

Kees1958

For me theres no better choice for script catching/stopping then ole ScriptTrap, i use it. The drawback unfortunately i would like to see changed is user configured extensions of any sort, even a 2 letter one, but it doesn't because it's old and not been updated in eons, but i will try to reach the author of it and see if he might be interested if he's still around.

The reason i am so high on it is you can do two really important things with it. You can add either a ANTI-SPYWARE app to "first" probe & scan the script before allowing or denying it as well as setting it in a WHITELIST/BLACKLIST database with no more alerts, or like i do, use an AV like i use NOD32 to do the scans on the scripts it aborts to determine if the AV declares it safe or not.

EASTER

 

cool,thanks

 

Thx Easter

 

See your PM please.

EASTER

 

Just added Drive Sentry to my current setup, removed Mamutu, wasn't impressed.

Now current setup:

Comodo Internet Security 3.9 beta
Sandboxie
MalwareBytes' Antimalware
And DriveSentry(with the antivirus disabled)

 

No I do not.

 

having the name DriveSentry is a bit deceiving, might be better if u changed it and stop some confusion

 

Realtime :
DefenseWall HIPS
ThreatFire
Norton UAC
Vista Firewall

On Demand :
MBAM
AVZ
OSAM

 

What I use? Just check my sig. - that's what I update.

 

# AVG 8.5 Free (with LinkScanner)
# Router
# Spybot

Bye bye BloatFire!

 

Oh noes - what could "BloatFire" be? Too much features of a program with one function?

 

Below ... (Will be testing out FortKnox Personal Firewall and Spy Emergency 2009...)

 

Please vote here man Thank you!

 

I use GeSWall and CIS with Firefox add-ons Noscript, ABP, finjan, and WOT.

 

Hi, third try

Most installers need temp also, so besides Install I need to open my temporary directory also. I did not like the open TEMP, so I made some changed. Now Malware Defender is actually allowing everything, execpt 'direct' starts from TEMP (everything is denied, from disk to regsitry and network access), when an executable is created from teh D:\Install directory I have explained how to let it through

In search for a lighter and low pop-up set up I cooked up policy based setup on my XP Pro: SP3 desktop (cheap E5200 dual core at 3.06Ghz with 2GB RAM)

Basics:
- Router HW Firewall (NAT/SPI) with highest wireless protection
- Offline external harddisk with paragon for image and syncback for data backup

Realtime protection
- Secpol: no execute of Recyclers, and shared directories, and IE program downloads plug-ins/active X and TEMP internet directory set to limited rights

- Trust-no-exe (oldie): with custom pop-up telling new programs should be installed from D:\Installs (also allowed D:\TEMP), I really like the ability for a custom message (SRP just says access denied), see PICTURE

- GeSWall Pro: with outlook mail folders, Wab, Program Menu auto run directories, task scheduler, network and D:\Install set to confidential in Resources, All Chrome access is limited to read only or redirected with D:\Downloads as only directory to have full access, LimeWire is rectricted to have write access to D:\LimeWire also.

- Rising PC Doctor: all enabled (scan only memory daily for on-line diagnostics, set all checked start ups to trusted manually and disabled URL filter of Internet protection URL alert)

- MalwareDefender denies als direct startupos from D:\TEMP, afte rcreation of an executable from teh D:\Install it is passed. MD also denies changes of all search fields in HKU/Sodtware/Microsoft/InternetExplorer/Main (allowing other changes within Main). plus MD checks at internet traffic (allowed all internet facing manually, then set to deny).

- Scriptdefender throws a pop-up for scripting files started, GW will contain untrusted script files (also embedded scripts).

- AVG Free Free with linkscanner for search rating in IE8 (disabled AVG taskbar without corresponding plug-in) and exploit protection in IE8 and Chrome. Told AVG resident shield to exclude all the "No Execute" directories of SRP and C:\Windows, C:\Program Files (now AVG does not allready installed executables). AVG silenty removes/quarantaines any threats dectected.

- Keyscrambler free for IE (using IE8 for on-line banking and shopping, checking site with smart screen filter before buying, daily browsing with Chrome).

On demand
- OSAM
- Ad-Aware free (because it updates automatically and checks on rootkits)
- Panda Anti Rootkit

Bottem line
- Sneaky user space rootkits using recycler are contained with SRP, using temp are denied by Malware Defender, Risings PC doctor checks startups on a periodical basis, protects USG (like AVG) silently
- Installs first have to be set trusted when downloaded from untrusted source (GW) and moved by user to D:\Installs (TNE), Trust-No-Exe (TNE) custome message tells how to install, but first scan with Ad-Aware, so a second blacklist checks intentional installs (AVG auto checks and removes silently, but Free is supposed to have no rootkit protection as far as I know)
- Router takes care of network, which is partioned, so other (wireless) PC's in the network can't access each other, GW limits untrusted to go outbound, MD deals with other aps (easier than GW, MD increases Ping with 3msecs)
- Browsers are contained (Chrome even with internal sandbox), IE8's save as option is removed and the default download directory is fixed by GW, IE8 has XSS protection, Linkscanner checks on encoded web page exploits, Google also throws URL warnings, IE8 search is rated by Linkscanner and IE8's smart screen checks the URL realtime

Few pop-ups (only google warning and Linkscanner when visiting a malicious webpage, and ScriptDefender when a script is started), fast (minimal blacklist intervention), with admin functionality/ability to install applications from D:\Install directory (when executable started from other directory TNE throws a pop-up + custom message) after having set the download trusted with GW.

Regards Kees

 

damn kees!

 

Very cool kees !

 

Yeah,

It is a weird setup, never thought I would use an anti-executable like Trust-No-Exe with two deliberate holes in it. The holes are for ease of use with a threshold. I do not like the TEMP hole, so Malware Defender (a classical HIPS) sits there doing nothing but, denying all direct startups/file/registry/network access. Because MD has the possibility to assign a different rule set for child processes, I can distingis between installs launced from TEMP and installs launched from D:\INSTALL which create a child process in TEMP.

Both TNE and GesWall use XP internals, so they eat very CPU cycles. I have gotten the lisence of Xiaolin to test MD, so it does not feel as waisting the capacities of a fine classical HIPS like MD.

It woud have been easier (without the optional create process pop-up of MD), when MD also had the ability to inherit registry/file/network rules of child processes. I will PM Xiaolin with a request.

Cheers Kees

 

yay finally i got appguard and malware defender together without any problems

 

Behind a Router:

Laptop: vLited Vista SP1 (UAC and Windows Defender Disabled)

Mainly used for work, banking, gaming and occasional p2p use

Norton Antivirus 2009
Outpost Firewall Pro
SandboxIE (Paid)
Firefox (AdblockPlus, NoScript, SpywareBlaster installed)
Backup: Drive Snapshot

Desktop: vLited Vista SP1 (Windows Defender Disabled)

Used only for general browsing and work.

KIS 2009
IE7 (IE7Pro, SpywareBlaster installed)
Backup: Acronis True Image

Desktop: nLited XP SP3

Heavy p2p use, software testing etc

Avira Antivir Premium
LooknStop
Defensewall
Firefox (AdblockPlus, NoScript, SpywareBlaster installed)
FD-ISR

No conflicts, no bloat, very light and pretty much bulletproof protection after considering what each system is used for.

 

Real-time
Windows Firewall
Avast Home
GesWall free

On-demand
Norton Security Scan and Clean
Returnil Personal Edition

Backup
Paragon Drive Backup Express
Syncback free

Browsing
Firefox with WOT, AdblockPlus, NoScript
SRWare Iron

 

Hi, fith try

Basics:
- Router HW Firewall (NAT/SPI) with highest wireless protection
- Offline external harddisk with paragon for image and syncback for data backup

Realtime protection
- Secpol: no execute of Recyclers, and shared directories, and IE program downloads plug-ins/active X and set to limited rights

- GeSWall Pro: with outlook mail folders, Wab, Program Menu auto run directories, task scheduler, network and D:\Install set to confidential in Resources, All Chrome access is limited to read only or redirected with D:\Downloads as only directory to have full access, LimeWire is rectricted to have write access to D:\LimeWire also.

- Rising PC Doctor: all enabled (scan only memory daily for on-line diagnostics, set all checked start ups to trusted manually and disabled URL filter of Internet protection URL alert)

- PrevX 3.0 free, with everything of heuristics set to medium, and perform heuristcs AFTER age popularity, to safe CPU cycles (afterall it makes sense to only look at recent files, see PIC)

- Scriptdefender throws a pop-up for scripting files started, GW will contain untrusted script files (also embedded scripts).

- AVG Linkscanner Free for search rating in IE8 (disabled AVG taskbar without corresponding plug-in) and exploit protection in IE8 and Chrome.

- Avira Free set to check at writes only (for performance reasons). heuristics high, check all files

- Another oldie Browser Hijack Retailitor, to silently block changes of the search, blank and home page, Host file and Browser Extensions (GeSWall like XP internals does not seem to have the granularity to control on value level, I seem to be able to specify only at key level)


- Keyscrambler free for IE (using IE8 for on-line banking and shopping, checking site with smart screen filter before buying, daily browsing with Chrome).

On demand
- OSAM
- Panda Anti Rootkit

Regards Kees

 

testing Telus Security Service from telus.com

 

Should I choose Comodo's AV if I have the rest of CIS and Prevx, or would a different AV still be better? CAV does still have false positives and only packer heuristics.

 

Avast or Antivir