What is your security setup these days?

So why don't you use what you think is the best ?

 

Maybe he is still searching for the best

 

The point is: You consider third-party security software to be poor security. If they are poor security, then why have something that provides poor security, in the first place?

Wouldn't you say that AppLocker and Windows Firewall with Advanced Security provide strong security, considering that they belong to Windows, in opposition to a third-party application/third-party applications?

Don't take me wrong, but what I don't understand is why you say what you say about third-party security software, regardless of These ideas are fairly accepted by everyone I've talked to in the industry., and yet you don't use AppLocker. AppLocker operates at kernel level.

So, you already got something provided by the operating system. You complain about third-party security software, which are poor security, yet you use them, and ditch AppLocker.

Question: So, why do you say one thing and act differently?

Using your own thoughts, if you were to use AppLocker, you'd have built-in security, operating at kernel level, without increasing the attack surface. Yet, there you go using third-party security software.

-edit-

AppLocker by no means is a lousy implementation. It simply cannot defeat user stupidity... but what can? lol

 

Better than none. Windows has no methods for doing what I want to do.

No. Applocker may be built into windows but that doesn't mean it's better. It just means it's designed better. (EDIT: This isn't very clear. I don't mean that it's somehow programmed better - just that it fits into the overall scheme better.)

Security should be built into the OS. The fact that it isn't means I have to look elsewhere. Applocker is, unfortunately, not a replacement for other security methods that are not in the OS.

"Security" is not a thing. Applocker may be an application aimed at securing the OS but that does not make it the same as Comodo or Mamutu just beacuse their end-goals are the same. If Windows had a "Security" application that spat out the DVD drive every 5 minutes it wouldn't be better for being kernel level.

My point is that the security just isn't there; it should be but it isn't.

 

I totally agree on that one!

Having been an old COMODO user, I for sure can say with 100% certainty that Defense+ and AppLocker are totally different.

But, I can tell you I can achieve, and do achieve, a way better and silent security, without increasing my attack surface, using built-in stuff. It goes from AppLocker to integrity levels, messing with the registry... You just need to find your way. Could it be better? Yes, it could. Is that bad? No, it isn't. Even if you got no AppLocker, user Kees1958 posted some excellent threads about the Safe-admin concept/project, using built-in stuff. Very rock solid, without increasing the attack surface.

One has to use what one considers to be the "best", I suppose.

 

Ugh I typed up a response and hit "back" by accident.

Anyways, I'll cut out the fluff. I don't know your security setup so I really have no idea if what you're saying is true.

Kees1958 has the right idea. I am not saying "Stop using 3rd party software" at all. I'm just saying that security should, in an idea world, only come from the kernel level and only run in kernel space.

 

The thing is, I agree with you. Security should be built-in. Microsoft has done a lot of progress, from sandboxing Internet Explorer (others can take advantage of the same security measures, of course), providing isolation to a certain degree, AppLocker, etc.

What surprises me is that you DO have AppLocker at your disposal, yet you don't consider of even using it... considering that you consider third-party security software poor security.

I just find it odd, that's all.

If I had your thought, and I do have it, I'd rather use AppLocker, and I do use it... It does its work, silently. I can check the logs whenever I want. It operates at kernel level. It won't increase the attack surface. And, it actually works great.

 

I agree.

Applocker provides nothing that I need - a poor security measure is not made better by being implemented in the kernel. If windows somehow had an AV built into the kernel I wouldn't choose to use that because AV's are a poor security method (in my opinion.)

From what I understand of AppLocker it's basically a default deny that lets you either block a program or run it. How is that helpful? If I put a program on my system I want it to run and if I'm suspicious about it I learn nothing by blocking it.

Perhaps there's more to applocker than what I know? Is it more fine tuned than simply blocking or allowing things?

 

Well I know when I was using applocker I auto-generated rules for directories I wanted which added them to rule lists. Once that happen, I enforced those rules. Anything not allowed in those rules, are not allowed to run. I hope I explained that right

 

And if you add something to your system, what do you do?

You either allow it to run or you block it. No middle ground. Not very strong in my opinion.

 

When you say adding something, do you mean for example you want to try new software? The way I used it is just one example. I just did this one because it seemed the easier way to try applocker at the time You can create broader rules than what I did. I'm no expert at applocker so maybe someone else can explain it better Whatever knowledge I have about applocker, I gained by looking thru the applocker thread To me an applocker setup is good only if you don't make frequent changes to your system otherwise it can be a pain IMO.

 

Yes, new software or a new file or a new anything.

My point about applocker not being very helpful is that it is a "yes or no" kinda deal. It's a very small layer and the user bypasses it easily. Once bypassed it offers no protection whereas there are other security methods that are not just "yes or no" and allow you to run malware without hurting your system, or detect that it's malware at least.

 

Well I will let someone else respond to that. I can't really respond much to applocker seeing I only used it very short time.

 

Fair enough.

If I thought that my system was never going to change... I'd use applocker. But I download new portable applications, games, etc quite often. And I honestly would not feel all that secure with applocker.

 

I understand what you mean.

 

There already is near perfect security in the computing world.. it is called the USER group. Some versions are better than others, or really you could say some services running with high rights are not as vulnerable. Some OS's are better, whether that is due to better code or just not being as targeted might be up for debate

The problem is not can you use a computer and be secure, the problem is can you use your computer, and do admin tasks, and still be safe. If I were to be your admin, and you were only a user, I would wager a months worth of pay that you would never get infected, and in general never have a problem. You would also never be allowed to make your own decisions

It is those who like being admin, and those users who must at some point perform admin functions that see the breakdown of security. And now with user accounts becoming more common, we see social engineering becoming the preferred tool, some being able to operate in user space where admin rights don't come into play.

It all boils down to something really simple IMO. If you are going to use a computer online, and are going to be an admin or perform admin tasks, you are going to have to learn some basics. The more you know, the less likely you are to have issues. It doesn't matter whether you use all inbuild OS tools or choose to use lots of 3rd party tools, if you don't know how to stay problem free, you won't. If you do know how, then you can really use any tool you like, and it doesn't have to match anyone elses prescription, you just need to know how to use it effectively.

I don't see how there will ever be an OS that is super secure yet also does not require user knowledge. Not if the user wants to do whatever they want, such as installing new programs or surfing with thier choise of browser to thier choise of websites. You know that spiderman quote "with great power comes great responsibility"? Sounds like it was made for anyone who performs admin tasks. If you get a super secure OS, but you can't make any decisions yourself so that you remain safe, would you really buy it? Kind of like working for "the man" lol.

Sul.

 

Well said Sul. Despite all the changes I went thru with my security setup, I have not been infected in awhile while the rest of my family and friends have been. Then they call me to play cleanup man

 

Well said Sully. Nice to see someone around here with a good head on his shoulders as these forums are waaaay too tiring / boring anymore otherwise.

 

Well security is boring and can be tiring

 

And what would you say the reason is?

A. you used the right combination of tools that save your bacon

B. you know enough now to utilize the best tool for you to stay problem free

C. the force was with you, you shall live long and prosper

D. you keep forgetting what day it is, and we cannot trust your memory, so you very likely had infections like your family, and in fact, you probably still do

Sul.

 

Microsoft can explain it best here in the Executive Overview.

That is why you would probably scan it first before installing it. Realistically I can tell you from my own experience is that if you obtain a program from a trusted source, scan it even once with an updated av, and it comes out clean, it is 99.999% clean. Very sweet odds. Remember, if you keep recent images, you simply restore if you don't like what's happening after you install a new program, or you remove it, but I like to restore an image because that way there's no potential crud leftover from an removal.

 

LUA is not a silver bullet. You can still get infected without admin rights. And just as much you can still get hacked - exploits still exist.

I am not saying that a computer running 3rd party applications is less secure than a computer not running 3rd party applications. I am saying that in an ideal world all security would be handled by an OS.

And yes, I do believe that a user should not need knowledge of their computer in order to stay safe on it. I also don't know if I believe in perfect security - I don't know enough and I'm not going to even guess right now because, frankly, I'm a freshman and I'm a terrible programmer at this point in time and I don't think I can really talk about something so in depth without knowledge like how programs work way low down.

But I think that if you had the ideas of things like sandboxie, defensewall, chrome, and windows attached to the OS by default you'd see a lot fewer infections. The methods implemented are based around restrictions, which is very similar to LUA. If enough restrictions are implemented OS wide as well as to specific applications we'd have a lot less to worry about.

But that's another converseation I think.

No, no one has to make their security setup conform to any one elses notions. No one should. I'm just saying that I think security needs to start at the lowest level possible. And I really do believe that users should have very little part (if not no part at all) in security, but I think I'm one of the few people who believes that (pretty much everyone I've talked to doesn't haha.)

 

I would say a combination of A & B. A earlier in my security setup search and more B now.

 

A few responses since I started typing haha

wat, I'm not saying your setup is ineffective. I think you actually have a very keen sight on what is and is not effective. But your merit isn't even being called into question here =p your setup works for you and that's all that matters.

Thank you for the link.

 

Oh wow I know this is offtopic but I just reached 1,000 posts. Just noticed it Back on topic, actually I was following alot of wat's tutorials per say in applocker thread when I was using it. So I say thanks wat without you knowing you did