What is your security setup these days?

I dislike HIPS too anymore, especially classic HIPS, so I know what you mean.
I converted KIS' HIPS to serve as an Anti-Executable though, so the only HIPS alerts I get now are if something has changed.

 

Windows XP SP3 Pro (MINIMALIST NO-AV Setup)

• LUA
• ACL
• DEP
• SRP

Realtime

• PCTools Firewall Plus (Public Profile) [GLOW="green"]added!![/GLOW]
• Peerblock [GLOW="green"]added!![/GLOW]
• Sandboxie
• Deepfreeze (I need it somehow.) [GLOW="green"]added!![/GLOW]
  

Browsers (Forced to run sandboxed)

• Google Chrome (Incognito, Javascript not allowed to run, Plugins not allowed to run, block all cookies, block 3rd-party cookies always)
• IE8 (All settings: HIGH, SmartScreen Filter: ON)

note: All download locations are sandboxed too.

On-demand:

• Macrium Reflect Free
• Random AV scanners.

Everything looks pretty strict but my setup is still open for some light software.
DAMN! I can't make Geswall to work in LUA environment.

 

I run a Chromium profile similar to that one, just more restrict, when I'm searching the web and I never know where I'll end up.

Then I use two more profiles:

- Incognito mode + cookies blocked. To use when I know which sites I'll visit; and that do not need any cookies to be allowed.

- Incognito mode. To access my e-mail account, and other sites, which I trust, and where I need to login.

 

You should always block 3rd party cookies.. most of the time those cookies were unneeded.

 

Yes, I do block them. The profile where I allow cookies, do not include third-party ones.

 

How did you do that?Only in application control,assign the status Untrusted?Or another tweaks?

 

Tried using Applocker but after seeing i had to make rules for every single program MANUALLY i was like screw this man

 

Noob lol

 

Yes.
Application Control > Assign the following status automatically = Untrusted.

 

Really, i though it would be like most programs were a pop up shows and you set it while using your PC, but AppLocker requires you to set it manually to every .exe or process.
I'm not going to even try this mess

 

Noob i know

 

How did you make Peerbock run in limited user Account?
I have tried this, but it says Peerblock need adminright to run...

 

I use SuRun to manage my Limited User Account

 

Ok thanks.

 

Thanks and yeah my lineup has been the same even when I was on 32-Bit Windows .

dja2k

 

Comodo Time Machine

BufferZone free 2.10-37 version for Opera with adopted XML file settings
- sandboxes ("Bufferzone") Chrome instead of Opera (ClientdEFS.XML)
- automatically tags files & new programs as untrusted when downloaded by
trusted programs (amclient.xml)
- set policy to bufferzone USB sticks (amclient.xml)
- enabled firewall, both for trusted as bufferzone(d) programs (amclient.xml)

PrevXsafeOnline Facebook Free, heuristics disabled, age and poplarity disabled (MBR scan deselected to resolve conflict with CTM)

Running admin with IE8, Outlook, OE, 7zip, Foxit, Office running basic user (LUA) trusted, default deny SRP on data partitions (leaving open Temp partition).

Using IE8 for normal browsing (like wilders) (security = Basic User + PrevX)

Using chrome for dodgy browsing (e.g. malware domain list url's), with plug-ins new tab behavior, adsweep, WOT and siteadvisor for Chrome (security = Basic User + PrevX + BufferZone virtualisation and Chromium's internal policy sandbox )

On XP Pro SP3

On demand Hitman Pro, no other AV

Regards Kees

 

Today's Setup

1. Zillya AV
2. Hitman Pro
3. Administrator Account
4. SandBoxIE

Shadow Defender & Comodo Time Machine

 

@Kees

How can I do the Default the deny on partition?

 

Added Immunet and Emsisoft AM 5.
Ditched MBAM real-time. Figured it would be too much w/ A2 and immunet running.
Downgraded to OA premium from OA++.

 

Windows XP SP3 Pro (MINIMALIST NO-AV Setup)

• LUA
• ACL
• DEP
• SRP

Realtime

• PCTools Firewall Plus (Public Profile) [GLOW="green"]added!![/GLOW]
• Peerblock [GLOW="green"]added!![/GLOW]
• PrevX CSI Free/SafeOnline(Disabled Advanced Heuristics, HTTP/HTTPS protection set to MAX)
• Sandboxie
• Deepfreeze (I need it somehow.) [GLOW="green"]added!![/GLOW]
  

Browsers (Forced to run sandboxed)

• Google Chrome (Incognito, Javascript not allowed to run, Plugins not allowed to run, block all cookies, block 3rd-party cookies always)
• IE8 (All settings: HIGH, SmartScreen Filter: ON)

note: All download locations are sandboxed too.

On-demand:

• Macrium Reflect Free
• Random AV scanners.

Everything looks pretty strict but my setup is still open for some light software.
DAMN! I can't make Geswall to work in LUA environment.

 

Dude, that is total overkill. Unless you're planning on experimenting with malware, in which case you want to use an isolated box instead of your main system (because no security software is enough once malware is actually executed).

This alone is honestly all you need. Barring some kind of concerted attack on your machine, nothing will get through it, so long as the permissions are set up right.

PrevX Free doesn't block anything AFAIK, and isn't useful for you anyway. PCTools FW is probably overkill, but may be handy I guess (if you disable ESV which doesn't like LUA). Peerblock is like putting a bayonet on a Gatling gun.

Sandboxie I guess could be handy if you mess with a lot of software and want to keep your system clean, though I wouldn't really bother. Deepfreeze on the other hand is just a waste of money for you, so no, you don't need it.

Good luck enjoying the web with this setup... Again: nothing is going to get past a proper LUA/SRP setup, because downloaded malware simply will not be able to execute. It doesn't have to be sandboxed, it doesn't have to be contained, it just won't run.

Macrium Reflect is wonderful and on-demand AV scanners are useful, but that's really all I'm giving you.

Seriously: I am getting a bit concerned seeing so many people use LUA and SRP plus active realtime security plus a dozen other things. It just isn't necessary. For a lot of people LUA + SRP is not feasible due to needing portable apps or whatever, but if it is feasible for you, and you set it up right, you do not need anything else unless some evil person is targetting you specifically. And it disturbs me that so many seem to be spending money on software they don't really need.

I get that this security thing can become something of a hobby. But I think we're seeing, in general, an unhealthy level of involvement here. When you start spending money on software you don't need to supposedly add to the security of an already very secure setup, you're wasting your time, and I hate to say it but you do not have that much time.

And yes, I realize I should be the last person to say this, with my habit of changing my security setup on at least a weekly basis. But I do think a lot of people here are basically wasting their precious time with stuff they don't need, and I want to help them realize that.

My suggestion, for those who find they're actually spending money on this stuff when they don't need to, is this: learn as much as you can about malware, how it works and how it hides and how to detect and remove it, and turn your efforts to helping other people with their malware problems. That's putting your time and knowledge to good use. Running a dozen different security apps, including paid ones, when you don't need half of them... is not.

[/end rant]

 

Trying this, actually I do feel really safe:

Linksys WRT54G2 router

Microsoft Windows 7 Home Premium 64-bit;
Windows Firewall: enabled, Windows Defender: enabled, UAC: always ask and wait for answer, DEP: on all programs and services, SEHOP: enabled

Internet Explorer 8

Hitman Pro 3.5 (Quick Scan at startup)

So actually out of the box Windows 7 with UAC one level higher, SEHOP enabled and DEP on all programs and services instead of system services only together with Hitman Pro out of the box.

And of course: using common sense while browsing and an up to date pc.
And using Windows 7 integrated functions: System Restore Disc, System Restore Points and Backups.

 

"Bulletproof" Windows

http://bulletproof-windows.blogspot.com/

 

Re: "Bulletproof" Windows

Interesting link, I have most things already setup like that site suggests but definately a good blog item, thank you. Bookmarked. Are you using that setup also?

 

http://www.belarc.com/free_download.html