What is your security setup these days?

No

 

it used to be but it changed e few years ago into simply TREND MICRO

 

Few years, to me it feels like ages ago like 10 years

 

Built-in Windows 7 Security + Geswall and Prevx SafeOnline.
Safe-Admin Tweaks + EMET.

 

My play PC

* Safe (or Lazy) -Admin settings
* Windows FW 2way
* CMT with AppGuard on one snapshot and GeSWall Pro 2.9 (only defending Iron and WMP, Outlook and Winmail) on another

 

it looks good kees but if you have appguard i think you dont need geswall i think as appguard also protects your browserwhat do youthink man

 

good news winsonar still active this year again
http://www.fewbyte.com/winsonar.html

windows seven ready

 

Switched from KAV to F-Secure AV 2011.

 

Yes, it does. At least, it is suppose to protect it.

 

Firewall:
Linksys NAT Router
DefenseWall Personal Firewall 3.07 (with Windows XP firewall)
Seconfig XP 1.1

Anti-Virus:
Emsisoft Anti-Malware 5.0.0.81
Malwarebytes Anti-Malware 1.46

HIPS/IDS/Blocking:
WinPatrol Plus 19.1.2010.0 Beta
SpywareBlaster 4.4 (with Ad-Aware custom blocking)
ClearCloud DNS
FF with WOT

Resident on Demand Scanners:
Hitman Pro 3.5.6 Build 115
Mischel TrojanHunter 5.3 (994)
Sophos Anti-Rootkit 1.5.4
Spy DLL Remover 4 Beta

 

He said that Appguard is on 1 snapshot and Geswall on another.

 

It is OR not AND, they are on different snapshots of Comodo Time Machine

CTM Snapshots
a) CTM + Safe-Admin (currently in use)
b) CTM + Safe-Admin + AppGuard
c) CTM + Safe=Admin + GeSWall Pro 2.9

Regards

 

Kees, what are the rules for Iron and WMP in GeSWall? I can't make Iron and WMP run properly isolated.
and is it possible to make Opera (browser) to always save in a specific "download location" and not ask where to save like Chrome/IRON?

just specifying downloads folder doesnt work

 

in Chrome you can set a default location for download if you go to Options/Under The Hood.

 

on my personal computer i only have a hardware firewall

on family's computer there is doctor web, my trusted companion for years plus windows firewall

im pretty happy with the setup actually

 

Safe-Admin tweaks / Windows 7 built-in security

• GeSWall FREE
• Winpatrol FREE
• Prevx SafeOnline FREE (facebook promo)
• Opera Browser

tsskk!.. If I can only install Comodo Time Machine for another snapshot for gaming sessions.

 

Active
Defensewall 3.07
Prevx 3.0.5.206

Light Virtualization
ShadowDefender 1.1.0.325

On-Demand
Gmer ~ CureIt ~ MBAM ~ Hitman

OpenDNS
Opera 10.62

 

Real Time Protection
WinPatrol Plus Beta 2010
Some Registry Tweaks

Ondemand
Hitman Pro

 

After a two month testing period my manual Safe-Admin with default UAV level prooved to be very strong while doing average internet work (Mail, Browse and share through USB), so until Safe-Admin (of Sully) is ready I am going a step further by decreasing UAC level protection

Safe-Admin recap (manually set)
a) Windows FW 2-way (thx Stem & Sparviero), outbound only application level

b) OS Hardening (mainly through UAC)
- set UAC to quiet (silently auto elevate without prompt )
- disabled intelligent installer detection
- allow only to elevate from safe locations (Windows & Program Files)
- allow only signed programs to run elevated
- disable auto run of USB
- manually removed rights from registry where UAC settings are stored

c) Threatgate hardening
- WinMail, Iron, Outlook and WMP have Medium Rights assigned through icacls
(this way they will never auto elevate, but stay in LUA)
- Applied EMET-2
- Assign RunAsInvoker trick to virtualise ThreatGates with Windows internal mechanism
- Set Download and Mail directory to deny execute through ACL
- Applied "1806" trick (deny execute of downloaded stuff and mail attachments)

d) Use Iron with Google DNS service, WOT and McFee SiteAdvisor (Iron instances run Low rights by default).

Only adhoc check is with Hitman Pro and only 'Go back Protection' is Comodo Time Machine (when Hitman finds something)

So entering next level with bad domain browsing. It seems that RMUS mantra "when it can't execute it can't hurt" works with a selective Deny Execute approach. Also complements to the Chrome browser the total isolation seems to work (happened a few times that Flash crashed, which supposes to happen when illegal accesses to user handles is stopped).

This is not a setup I say recommend, just testing how strong the weakest (Auto elevate without prompt) Safe-Admin setup is for people who have shut UAC off because it is to talkative / intrusive. Safe Admin will have the No-Execute-Up in stead of ACL deny execute and 1806 trick. This achives simular protection without the hassle

Regards Kees

 

What is the basic fundaa behind the Download and Mail directory to deny execute through ACL? It can also be achieved by using SRP..

 

very good setup with no slowdown i bet

 

Real-Time:
-Avast! Internet Security 5.0.677 (Disabled: Mail, Spam, IM & P2P Shields)
-Windows Defender

On-Demand Scanners:
-MBAM 1.46 Free
-SAS Portable
-DrWebCureIT Free

Firewall:
-Avast! Firewall
-Belkin Wireless Modem Router Hardware Firewall
Browsers:
-IE9 Beta
-FireFox 3.6.10 (AdBlockPlus and WOT) Sandboxed
-Google Chrome 6 (AdBlockPlus and WOT)

 

Windows 7 Home Premium x64:

Real-Time

• Norton Internet Security 2011 (Paid)
• Emsisoft Mamutu 3.0.0.16 (Paid)
• Malwarebytes Anti-Malware 1.46 (Paid)

On-Demand

• Emsisoft Emergency Kit 1.0.0.19

Windows Hardening

• Admin Account with Safe-Admin Tweaks
• Data Execution Prevention
• Structured Exception Handling Overwrite Protection
• Address Space Layout Randomization
• Enhanced Mitigation Experience Toolkit 2.0
• Drive-by Protection via 1806 Trick

Browser and Network

• Mozilla Firefox 3.6.10 (Adblock, Norton IPS, NoScript)
• Norton DNS (Block Malicious Websites)

* Using NIS with Heuristics/Sonar/Boot Time in aggressive mode, Mamutu on Paranoid mode, EMET configured for maximum security, UAC OFF.
* Tablet PC, Gadgets, Remote Registry, Remote Assistance, Remote Desktop and CD/DVD/USB Autorun are disabled.

 

Every version has it, without registry hacks, Safe-Admin will have a more sophisticated drive by protection wit simular effect.

 

Turned off MBAM real-time protection, put NOD32 back on just because it feels a little faster with fewer conflicts. This might be my long-term set-up.

WinPatrol is just sitting there, hardly a woof yet. I haven't changed any of the settings. It is interesting to see the information it gives about what is going on behind the scenes. I guess my next project will be reading up on WinPatrol.