What is your security setup these days?

Avira Premium Security Suite
SUPERAntiSpyware Pro

 

behind NAT router
Sandboxie
Boclean
Returnil

on demand SAS and Cureit.

recovery : FDISR and Shadow Protect(CD)

 

Why is DefenseWall getting the jump on Prevx2 these days?

Mark

 

Getting the jump?

I think you're hearing so much about DF because it's a good program with excellent support. Add to that there is a great deal of interest in HIPS/sandbox approach to security, as definition based detection continues to struggle under a growing flood of new malware and zero-day attacks. Prevx had a great deal of attention as people discovered, then became familiar with it, so now is DF.

There was a bit of confusion regarding Prevx2 being neglected or replaced because of, and by CSI, https://www.wilderssecurity.com/showthread.php?t=202759&highlight=prevx2
but Marco pointed out that these are 2 different programs.

 

Still going strong with the same setup.

Online Armor AV+
Norton Antibot
Sandboxie
Returnil 2008

I usually do any updates and changes to my system daily then I enable Returnil's Session Lock for the rest of the day. I run all browsers inside Sandboxie.and also use the Online Armor's "run safer" option for all Web Browsers, Email Clients, Messengers, P2P Clients, MS Office, and Media Players.

dja2k

 

dja2K - I'm curious. I also use Returnil (Plus Deepfreeze + Shadow Defender on other machines). what extra benefit do you feel you get by using Sandboxie ?
The probability of infection in everyday use is quite low - if something bad gets on it is gone with a Returnil reboot and even if that is defeated a clean image will fix things. I have so far found the initial lag with Sandboxie irritating but this is something I could live with if it really added significant extra protection rather than being just another layer just in case Returnil couldn't cope.

 

Greetings,

Two computers at home, currently building a third...

Personal home PC #1:
Context : somewhat oldish (Athlon 1900), occasionally risky surfing (I guess), lot of software testing, P2P (bittorrent, PerfectDark)

OS Virtualisation :
- PowerShadow (also Testing Returnil on another machine)
- LUA + SuRun, with Browser scripts hardening.
This combo fits my needs better than using sandboxing applications, and is lighter on system ressources.

NAC :
- Ghostwall + Autohotkey scripts (*)
(*) : actually less used as a pure firewall, ironically perhaps, than as a selective IP blocker for P2P ; being far ligher on the system than software of the Peerguardian familly)

Intelligent HIPS :
- ThreatFire (Level 4, + custom rules)
- Drive Sentry (but mostly set to protect usb removable drives)
(yes, no more resident/Active classic AV / AS for me. So far, so good)


AHK script scheduling on demand AV/AS scans :
- Dr.Webb CureIT, PrevxCSI,
- SAS4, EwidoMicro.

==================================
2nd machine : LapTop
context : far less risk exposure, yet shared between 2 users (one being less comp/security savvy.) :

Returnil
PC Tools Firewall+
SSM
Threatfire (lvl 3)
PC Tools AV
(I'm considering trialing MicroPoint in place of previous two products).

===============================
Common/shared between both machines :

- Backup/Disk tools : ShadowProtectDesktop & Paragon(got a free licence of the "special edition")

- Hardening : classic OS selective hardening, and some settings from automation tools like SafeXP, XSPY, HardenIt.

Lastly, I recently ditched without regret : Comodo FW 3 (good product for most, maybe, but first I don't really need it, second it's not friendly with my oldish machines, and last it won't go on my new PC with it's terrible latency/ping performances for online gaming). I also trialed and uninstalled ESS 3 (some frustrating features, and same concern, performance wise ).

 

I started using first Sandboxie, so that stays no matter what. Retrunil is just an extra layer that's it. I don't know if its an extra benefit or not, but I just have it installed and it helps for testing too. I have no system lag with either of the two installed running at the same time.

dja2k

 

I'm interested in your Autohotkey scripts. Could you explain this with more detail (or send me a PM to avoid getting offtopic)

Good choices for on-demand automated scanning.

 

I started with Reurnil and it stays no matter what. By system lag I mean the first time firefox or IE is used. Sandboxie has to do some initial preparation. It is true that on faster machines the time may be minimal and not noticed but there is an initial overhead. The next time the browser starts no lag occurs.

 

Ok so I thought I try Sandboxie one more time and I still feel I dont need it. I surf the same sites everyday and never been infected in over 5 years. I did find out that when I go to the "dark side" of the internet I do feel safer. I can browse P___N till my hearts content and not worry about a thing. Then I emply the sandbox like nothing ever happened. My set for my laptop and desktop:

Anti Virus Provided by = Avira Premium
Hardware Firewall Provided by = 2Wire
Software Firewall Provided by = Comodo
HIPS Provided by = Comodo
Virtualization Provided by = Sandboxie ( in use only when visiting the dark side)
On Demand Spyware Scanner Provided by = SuperAntiSpyware
Harding Provided by = Spyware Blaster

 

True, but there have been no updates to Prevx2 in several months and no reponses on their Castlecop forums from Moderators in several weeks. It appears they are either going out of business or just pushing CSI.

 

Vista 32 SP1 set-up "changes" in bold as of 3/25/08:

Resident:

DefenseWall HIPS v2.30 beta(Compatible w/Vista SP1)
Netgear RP614 v2 Router w/NAT & SPI
Primary Response SafeConnect v3.0.0.1443
Vista Firewall

Other "Paid" Security Applications at My Disposal(Not currently installed):

DriveSentry Full
LinkScanner Pro
Look'n'Stop
Norton AntiBot
RegRun Platinum
Shadow Defender
SuperAntiSpyware Pro
Task Catcher
WinPatrol Plus

On-Demand:

Autoruns
AVZ Antiviral Toolkit
Deep Freeze Std.(For testing purposes);[Installed]
GMER
Prevx CSI+
Process Explorer
RegRun Reanimator
Returnil 2008 Personal Edition(For testing purposes)
RootKit Hook Analyzer
SUPERAntiSpyware Free

System Hardening:

Applied manual system hardening tweaks
Disabled non-essential Vista services
Enabled Software DEP for all programs and services
Disable UAC with TweakUAC
Disabled Windows Defender
Uninstalled Java Runtime Environment
Windows Worms Door Cleaner

Backup:

ERUNT(registry)
Paragon Drive Backup

Miscellaneous:

Primary Web Browser - Opera v9.26(w/UserJS scripts; Java disabled, JavaScript enabled(userscripts only), but with options disabled, Iframes disabled and plug-ins disabled);(https://www.wilderssecurity.com/showp...02&postcount=6)
Email Client - The Bat! Home


Peace & Gratitude,

CogitoErgoSum

 

I have a fast machine so maybe that's why I don't noticed it that much.

dja2k

 

I have even dumped Sandboxie and just going with the new Avira Suite. It really is all I need on my main computer.

 

Déjà vu?

/C.

 

You mean for today right!

dja2k

 

well, tonight to.

 

LOL!

 

AlphaShield
Look'n'Stop
Avira AntiVir Premium
GeSWall
LinkScanner Pro
MalwareBytes AntiMalware
WinPatrol Plus

Using Firefox with NoScript
Or sometimes Opera

 

Today were chugging along with this nice combo:

DefenseWall

EQSecurity

SandboxIE

Returnil

Perfectly compatible!

 

No sign of Comodo. Any problems?

 

Nope. None at all. COMODO is running fine as wine, on a different Hard Drive i should add.

This is just another combination i choose to put together in a chain of security apps to determine their respective strengths from weaknesses in comparison.

EASTER

 

Avira classic
Comodo with Defense+
Norton Antibot
A-Squared Antimalware - OnExecution Scan enabled - Malware-IDS Disabled
Spywareblaster
Mvps hosts

Hows my security setup?

 

I would enable Malware-IDS.