What is your security setup these days?

Right now MSE is using about 90mb of ram, but i/o read and writes are very low for me. You could put MSE there but I would add something in addition to MSE.

 

Installed OA++ along Avira free and Sanboxie.I assume it's far more better to use SBIE instead Run Safer option of OA.

 

I would say you assumed correct

 

=p Always better to be prepared. Not that I'm insecure right now but I'd like to really lock down any attack vector be it local or not.

 

Use both RunSafer and SBIE, if you'd like.
There may be times you wish to start a browser (for example) unsandboxed, and you will still have the reduced rights of RunSafer.

 

What is Run Safer?

 

Runs an app with limited account restrictions.

 

Very similar to Sandboxie's DropRights.
RunSafer

 

Interesting. Thanks.

 

Thank you guys for your replies.

 

Haha that's not gonna happen Maybe he could ask the school principal kindly

 

Removed WSA beta. soon will come back


Eset Nod32 v4
Look n Stop
Appguard
Rollback RX
Norton DNS
Sandboxie
Hitman Pro
SUMo

 

I hear if a person has Windows UAC enabled there is no reason for "run safer". Is this correct?

 

remoed radar pro and my new system shield is Peg2

 

LOL J. Changed again huh I thought PEGuard development was slowed

 

removed peg2,spyshelter and got a new set up and now it is very light and fast

 

no.

 

Added GeSWall for Chromium only

At last Safe-Admin on Windows 7 is as good as with Vista, running Windows 7 x 32 Ultimate

Real time
1. Border medium rights (LUA) to high (Admin)
a) UAC full
- Disabled installer detection
- Only allow signed applications to elevate
b) Beyond trust power broker, run as LUA (unable to elevate)
- Internet facing aps (IE9, WMP, Mail)
- Office 2003 programs (Word, Excel, Powerpoint)
c) Virtualizing WMP MAIL through RUNASINVOKER (also set WMP and MAIL with mandotory Medium rights with no write up through CHML.EXE)

2. Medium rights world protection (also applicable for admins and untrusted users )
a) Deny Execute for all users
- For all drives containing data (D, E) through icacls.exe
- For Download directory, Program Auto start and Public Users directory through icacls.exe
- For Local intranet and Restricted sites zones through SRP
- For USB drives through SRP
b) Drive by protection for Mail and Browsers (IE9 and Chrome)
- 1806 default deny block of downloaded executables (removable with right click properties)
- This closes gap for all unsafe user directories on C-drive (e.g. Users\Kees\etc)
c) Taken away write access of all HKCU autorun entries for users with REGIL.EXE (only admin may change them)

3. Border from low to medium rights
a) Running IE9 hardened through Group Policy (no user changes allowed, forced in zone and allways running Protected Mode)
b) Running Chromium with --safe-plugins switch (Chromium is unsigned has internal sandbox containing tabs in low rights, job objects and alternate desktop = total isolation), using McFee site advisor extension

4. Chromium guarded by GeSWall Pro, saving to C:\Downloads, moving to D:\Install removes the geswall block, but still keeps the 1806 block

5. Windows FW 2 way

6. EMET 2.1
- Internet Facing: E9, Chrome, Mail, WMP
- Office Aps: Word, Excel, PPT
- Acrobat Reader

On demand
1. Antivirus scans
a) Hitman Pro
b) Bitdefender extension for Chrome
c) Jiotti upload for Chrome

2. Backup
a) Paragon for Image Backup
b) Syncback for Data Backup


Third Party real time BTSERVICE (of Beyond Trust) uses less than 0.001 percent of CPU capacity (so not complete Windows only ), using UAC full (have allowed CCleaner, Auturuns, ProcesExplorer, Paragon Image Backup and HitmanPro to elevate without prompt through Beyond Trust Power Broker). When I want to install an application I move it to Temp and remove 1806 block (got all the flexibility of running admin with LUA/denny execute security), check it with HMP and Jotti

Links for background info
1. Beyond Trust see
- https://www.wilderssecurity.com/showp...11&postcount=1
2. Safe-Admin see
- https://www.wilderssecurity.com/showp...17&postcount=2
- https://www.wilderssecurity.com/showp...18&postcount=3
- https://www.wilderssecurity.com/showp...24&postcount=5
__________________

 

I thought you were already using it?

 

Yeah for a test drive, but did some darkside browsing and liked what the GeeSWall log showed was blocked. So updated setup.

There is one funny thing on Chromium though. Normally when I have Chromium without the Chrome pdf plug-in, it downloads pdf files. With the rule

\Device\NamedPipe\AIPC_SRV\AcroSBL
File - Allow

It displays the PDFs

 

Oh! jmonge when will you find solace and feel content with what you have? Beside, why being a security nomad? When will you find your security peace of mind and finally rest? Oh! jmonge. .

Wait a minute I've got an idea listen to: "La Folie des Grandeurs: Theme D'amour" by Michel Polnareff. Maybe that music will give some hints on how to find your security peace, since it is such a beautiful composition. If thou google it thou should find it. .

Thanks.

 

Hehehe I thought so. I was looking at your posts in that Geswall thread.

 

care to explain? BTW I have UAC on highest settings if that makes any difference in the discussion.

 

Autosandboxing off until V6. I don't trust my setup enough to test it since there's no sandboxing =p but that's alright.