What is your setup with NO blacklist (no antivirus - naked) setup

Discussion in 'other anti-malware software' started by Kees1958, Apr 8, 2011.

Thread Status:
Not open for further replies.
  1. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Last edited: Apr 8, 2011
  2. Boost

    Boost Registered Member

    Joined:
    Feb 2, 2007
    Posts:
    1,293
    Whats in my signature for the last 2 years now.
     
  3. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    On win7, I run as admin, with UAC at lowest or off. I use some of the Safe-Admin settings currently (low IL stuff and deny execute in downloads directory). I use Chromium almost exclusively now, and use Sandboxie.

    That is it, nothing else.

    Sul.
     
  4. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Smart one on XP: CTM for easy roll back of complete (I assume) OS-partition and GeSWall guarding threatgates and files downloaded by those threatgates.

    :thumb:
     
  5. Boost

    Boost Registered Member

    Joined:
    Feb 2, 2007
    Posts:
    1,293
    Correct :thumb:
     
  6. dw2108

    dw2108 Registered Member

    Joined:
    Jan 24, 2006
    Posts:
    480
    I'm running Win 2000 with a bunch of HIPS. I gotta have 'em cuz I'm a hipsaholic! Can't help it. Born that way.

    SSM 2.4.0.622
    Process Guard FULL
    WinSonar
    WinPatrol
    Sandboxie
    Fortego All-Seeing-Eye

    But I do run VirIT Explorer Lite and ClamSentinel ONLY FOR FUN!

    A good policy with registry hacking and service wipeouts is probably all one needs IMH(Crazy)O. I've never had a problem with that other that finding tons of malware that cannot run. But it's a real hassle searching out those files for deletion unless one augments a folder monitor to catch the newly created crudware that can accumulate quickly and drone the drive. It's a weekly droneware search-and-delete. But HIPS are so much fun.

    Dave
     
  7. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    I wouldn't call it naked, unless you use nothing. Since you said no blacklist, I guess that means no ClearCloud, WOT, or the like as well.

    Personally, I'll have:
    Comodo Firewall
    Default-Deny SRP, EMET, Silent UAC
    Sandboxie
    Sysinternals Autoruns
    KC Softwares SUMo
    Paragon Backup & Recovery Home Special Edition
     
  8. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    J_L, I will have to refine that, otherwse people using IE9 are excluded (becasue of the smartscreen filter). :oops:

    Off-PC blacklisting with no scanning of executables started outside the browser is also considered naked :D

    - e.g. Panda or Prevx fall outside this refined defintion (they scan executables)
    - AVG Linkscanner falls outside this refined definition also (it has a local blacklist)

    - WOT - would be allowed to include
    - Clearcloud - would be allowed to include
    - IE9 smartscreen filter would be allowed to include
     
  9. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    i am always looking to trim down my setup but i dont think i can go any further. ;)

    i run a standard account with UAC at max.
    since my only worry is exploits and drive-by i use Chrome, which apparently has a very good sandbox.
    and Norton DNS for a little extra protection.

    Windows 7 Firewall Control is only there to stop programs that tries to install adware.

    Shadow Defender is only used as a souped up uninstaller for testing
    programs that dont need to reboot to complete their install.
     
  10. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    @Kees1958: I see. Therefore I'll add both to my "naked" setup.
     
  11. chris1341

    chris1341 Guest

    Vista HP 32 bit (teenage daughters)

    Clearcloud DNS
    Vista FW - no advanced rules
    LUA
    SRP (per Sully's excellent PGS)

    That's it. 6 months now no infection although MBAM has found a few executables that were unable to run. Mostly toolbars etc - teenagers eh?.

    Vista HP 32 bit (wife's)

    Clearcloud DNS
    Vista FW - some advanced rules (per Stems excellent post https://www.wilderssecurity.com/showthread.php?t=239750 )
    EMET - all internet facing plus global DEP always on, SEHOP opt-out, ASLR opt in
    SBIE - all internet facing, readers, Office, Media Players - start run/internet restrictions but open file paths to her work/college related folders
    SRP deny policy on those open file path folders

    Again 6 months with no infection, nothing found by OD scanners

    Win 7 HP 64 bit

    Clearcloud DNS
    Win 7 firewall - no tweaks yet but planned
    EMET - all internet facing plus global DEP always on, SEHOP opt-out, ASLR opt in
    SBIE - all internet facing, readers, Office, Media Players - start run/internet restrictions but open file paths
    AppGaurd to take care of what comes out of the sandboxes
    Shadow Defender on-demand

    Only the last few weeks but no issues to report yet.

    External MACRIUM back-ups for all 3 and I-Drive for important stuff.

    Black-listers are fine but not really needed real time IMO if you understand a bit about what malware does and how it infects and are willing to accept restrictions that won't let you 'click and run anything that offers you something'.

    Lets face it if these set-ups can protect machines used by a click happy teenager and an IT illiterate wife then they should be good for most. Is it more hassle for me to update software and install new stuff? Sure but much less so than cleaning infections, a regular occurrence on my daughters machine (fully loaded with blacklisters), before this set-up.

    Cheers
     
  12. PJC

    PJC Very Frequent Poster

    Joined:
    Feb 17, 2010
    Posts:
    2,959
    Location:
    Internet
    - Always behind a configured NAT/SPI Router.
    - Sandboxie
    - KeyScrambler
    ________________
    On various PCs:
    - Shadow Defender
    - Rollback Rx
    - EAZ-FIX
    - AyRecovery
     
  13. justenough

    justenough Registered Member

    Joined:
    May 13, 2010
    Posts:
    1,509
    Sandboxie Experimental and Chrome. Mamutu at the moment, that's the one part of my set-up that I'm still working on, what to pair with Sandboxie.
     
    Last edited: Apr 8, 2011
  14. blasev

    blasev Registered Member

    Joined:
    Oct 25, 2010
    Posts:
    763
    emsisoft product is always made compatible with sandboxie
    it might be related that sandboxie and EAM is sold as a bundle
     
  15. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    Security by isolation, OS and application, file and registry, with some OS hardening and policy control.

    So key words would be virtualization and sandboxing through hypervisor virtualization, app-vms.
     
  16. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,363
    Location:
    Sweden
    AppGuard at 'high' protection level. I'd like to think of AppGuard as a very tight policy layer.
     
    Last edited: Apr 8, 2011
  17. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,544
    I looked at my recent security setup and found no blacklist. :) Oh no I'm naked :eek:

     
    Last edited: Apr 8, 2011
  18. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    I wouldn't mind hearing about it. Even if you want to PM it. Never know, might give me some good ideas, and the more convoluted and complicated, the better ;)

    Sul.
     
  19. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,042
    I don't believe that is correct. EAM and OA are sold as a bundle, but I don't know of anything that is bundled with Sandboxie. Anyone?
     
  20. blasev

    blasev Registered Member

    Joined:
    Oct 25, 2010
    Posts:
    763
    I must say sorry to kees , that I made comment outside the OP question
    But just to clarify : you can see at sandboxie.com and go to "buy" page
    There u can see EAM+sandboxie 1 year sold for 40eur

    EDIT : as malexous said... The bundle is gone

    As for "naked", the most naked I've been is :
    1. Using kees safe admin
    2. Spyshelter premium

    Does SS qualified for the "naked" term?
     
    Last edited: Apr 8, 2011
  21. malexous

    malexous Registered Member

    Joined:
    Jun 18, 2010
    Posts:
    828
    Location:
    Ireland
  22. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,544
    just the basics... I'm just lazy too type everything I did with SBIE thus the "hard to explain" was there.
    sorry if that made you curious :D

    btw I refunded my money last night from tzuk. I don't have Sandboxie license anymore :)
    Sandboxie is excellent but I needed the money for something else. :)
     
  23. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408
    No blacklist (AV) here.......

    Zemana
    Sandboxie
    Look'n'Stop
    KeyScrambler
    Shadow Defender
     
  24. Francis93

    Francis93 Registered Member

    Joined:
    Feb 1, 2011
    Posts:
    311
    DefenseWall
    WinPatrol
    Rollback Rx
    Acronis True Image Home 2011
    UAC + EMET
     
  25. s23

    s23 Registered Member

    Joined:
    Feb 22, 2009
    Posts:
    263
    At moment:
    NAT router
    SUA + applocker + EMET + Windows firewall + UAC at max + plus manual GPO hardening (not using Microsoft security compliance manager) regarding Internet explorer and some other features like autorun, elevation for not signed files and so on.
    On top, sandboxie free with custom shortcuts.

    When not using this one, using this:
    https://www.wilderssecurity.com/showthread.php?t=292484&highlight=bufferzone
     
Loading...
Thread Status:
Not open for further replies.