What is your security setup these days?

rapport is very good did u try prevx safeonline? heard good things about that too

 

I may disable automatic sandboxing by Comodo and instead right click and run items in Sandboxie...

Not sure if it's really worth it. But until Comodo gets full virtualization I don't trust the sandbox enough.

 

Hungry man howz mamutu keeping up with the mighty comodo D+

 

I like it because if something bypasses Comodo it'll be caught by Mamutu. I also have a lot of .exe's and files protected with Mamutu from being patched, which is the feature I like the most.

I'd feel really safe with just Comodo and my other system hardening but Mamutu was free and it's so damn light I can easily justify having it installed.

 

good setup man

 

Thanks. Always looking to improve it though.

 

Hungry what you use for backup and restore if you need?

 

I used to have an external hard drive with a disk image. Can't find it though.

So at the moment I have system restore and that's it.

 

eh u better find that hard drive boy..if you need chaotic and J can go over and help you find it..lol JK

 

Haha, yeah well I could use the help =p

I don't really need a backup image that badly but the drive has a lot of stuff on it that I want.

 

I think I'll give PCAV a go on my netbook.

 

I tried the latest version of zeus (very new version, only a few hours old I believe) and it was sandboxed as Limited. Comodo's heuristics did not pick it up. Mamutu on Paranoid did not pick it up. I had 3 files, zeustracker.abuse.ch on my system after.

Not sure if it was a proper infection or not. I would have hoped that Mamutu would have stopped it since that's basically why I have it.

 

Network
DDWRT Router running recommended build
DDWRT firewall turned on
MVPS Host File stored on router for network wide adblocking
Google DNS

Realtime Protection
Mamutu Behavioral Blocker
Beta updates
Paranoid Mode On
Multiple applications gaurded
Allow program if 92% of community members allowed it.
Deny program if 85% of community members allowed it.

Comodo Firewall and Defense+ 5.8 Beta
(Password Protected)

Comodo Firewall: Safe Mode, Alert Settings Low
-- Ports Stealthed
-- Enable IPv6 filtering
-- Do Protocol Analysis
-- Block Fragmented IP datagrams
-- no monitoring NDIS protocols other than TCP/IP

Comodo Defense+: Safe Mode
-- Autosandbox as Limited
-- Force Java into Restricted Sandbox, clean it out once in a while
-- Force Digsby into Partially Limited sandbox
-- Force Vaio Event Service/ Battery Manager and IE9 into Partially Limited sandboxes

System Hardening -- Windows 7 64bit Ultimate
UAC on Max
EMET: DEP Opt Out, SEHOP Opt Out, ASLR Opt In. All internet facing applications forced to run with EMET.dll and a few others as well.
Downloads folder and all contents forced at Low Integrity
NiNite for updating
Disabled some services
As few programs installed as possible. Only what I need and when I'm done with something it gets uninstalled and I make sure that everything is gone.
Digsby and MiPony's .exe's set to LowIL.

Browser -- Chrome Beta
Block 3rd Party Cookies
Built in malware protection/ download scans
Default PDF reader -- no adobe necessary

Backup Browser -- IE9
Max security settings via IE9's default options

Portable On Demand Scanners/ Tools -- USB Drive
TDSS Killer
JavaRa
RKILL.com
AVZ4
Dr Web Cureit
SuperAntiSpyware Portable
Hitman Pro
Emsisoft Emergency

 

@ Hungry Man,

All you need to do is ditch all that 3rd party Comododo and other 3rd party real-time "protection", and instead enable and configure the built-in Win firewall and AppLocker, then you'll have, combined with your above defences, outstanding security, and you'll impose far fewer resource and potential conflict impact on your machine.

 

Shameless =p

I wish I could do that. One day soon I hope Windows will have enough built in protection for me to rely on it. Integrity levels are great but I want to see further restrictions on applications.

I don't believe in EMET either by the way... nor MSE. It should be packaged into the kernel. Security should not be handled by kernel and userspace, just kernelspace. If something exploits a vulnerability I don't want an application to crash I want the system to crash.

 

I also think it's wise to harden your OS as much as possible. If you eliminate the vulnerability at the OS level first, your security software doesn't need to do much. In fact, mine pretty much never do anything. It's been 5 years since I got an alert from my AV. Since I trust everything on my computer, the HIPS isn't doing much good.

That's why a light footprint is such a priority for me, because I know it'll probably never be needed anyway, it's just there for peace of mind pretty much.

I do like having an outbound firewall though, and since I'm still running XP I have no built-in solution for that. If I were running Win7, I'd probably ditch Comodo and just use Sandboxie and scan with HMP/MB/SAS before moving things to data. That and an imaging/backup plan, and that'd be pretty much it.

 

I could run my computer with absolutely no 3rd party security software and still feel completely safe. But where's the fun in that?

 

I think you've got the right idea here personally. And a lifetime subscription for Sandboxie can be had for $43 last I looked. That's a steal. I'm thinking about doing this now myself.

I hate the auto-sandbox feature of Comodo. All it ever does is break installs for me, as it sandboxes files as the program is trying to install itself. This can create problems worse than any malware. I think it's really poor judgment to now allow users to turn this feature off. I won't let something onto my computer in the first place unless I know it can be trusted, and I scan the installer with 3-4 different things before it gets out of the sandbox. I only want the manual sandbox feature.

I hope that Sandboxie doesn't work the same way in regards to auto-sandboxing. If I can control this aspect of it, then I'm buying it like right now.

 

Not willing to pay for 3rd party security.

I like the autosandbox for certain things. But I often just end up disabling it because without full virtualization it just ends up breaking most things.

 

Well I used to think that the "detect installers and run them outside of the sandbox" tick-box prevented this from happening. But I guess this only applies to manually sandboxed programs?

It doesn't even work then though anyway. My Firefox updates never stick when I'm running Sandboxed, even though I hear they're supposed to by ticking that box. Some people claim it works for them... not me.

The more I think about it the more I'm leaning toward getting Sandboxie and just using the FW of Comodo. What would be another good, light program to add to the mix?

 

Should apply to automatic ones. I usually just start the installation and then if it's sandboxed I'll cancel it and restart it.

I don't sandbox my browser. Breaks sandboxed plugins if I do and Chrome sandboxes itself.

I'd use Comodo to sandbox your plugins/ other programs. You can disable the autosandboxing and have it instead just run cloud-based heuristics/ scans on unknown files and check for buffer overflow.

If you get Sandboxie there's not a ton of use for Comodo. But sandboxie doesn't offer the scanning.

 

Avira Guard/Proactive will take care of the scanning. I don't use the cloud in Comodo anyway. I've done that too with installations (unsandbox, cancel, then start again)... but then it starts sandboxing individual files while the thing's installing and breaks it.

You say you can disable the autosandboxing. How? Do you just mean by setting "Sandboxing Security Level" to "disabled" altogether? Or is there a way to allow yourself to manually sandbox programs but disable it from auto-sandboxing things? That's what I'd like to do.

 

I haven't had issues with installing software thankfully.


Under Execution Control Settings just uncheck "Treat unrecognized files as _____"

After this you can continue to manually sandbox whatever you like.

Once V6 comes out this hopefully won't be necessary.

 

Sandboxie does not work like Comodo when you are installing something. If
you are running an installer and you don't want it sandboxed, it will install
normally and nothing will be auto sandboxed. With SBIE you have complete
control of what gets sandboxed at all times and the only programs and
folders that get auto sanboxed/forced sandboxed are chosen by you.

Sandboxie does not sandbox anything unless you want to do so.

Bo

 

You always have the option in Comodo to disable autosandboxing and simply right click and sandbox. But I would suggest sandboxie for that -- it's sandbox is superior in terms of compatibility.