What is your setup with NO blacklist (no antivirus - naked) setup

I was wondering how many were relying on HIPS, virtualisation, policy management protection alone.

Since mid 2010 I am running Safe-admin setup on vista/windows7 machines with Windows own FW setyp 2-way (see https://www.wilderssecurity.com/showthread.php?t=296391) I also added rightclick deny execute of downloads directory and data partitions with https://www.wilderssecurity.com/showthread.php?t=296391

Wondering about other settings with no realtime blacklist component

 

Whats in my signature for the last 2 years now.

 

On win7, I run as admin, with UAC at lowest or off. I use some of the Safe-Admin settings currently (low IL stuff and deny execute in downloads directory). I use Chromium almost exclusively now, and use Sandboxie.

That is it, nothing else.

Sul.

 

Smart one on XP: CTM for easy roll back of complete (I assume) OS-partition and GeSWall guarding threatgates and files downloaded by those threatgates.

 

Correct

 

I'm running Win 2000 with a bunch of HIPS. I gotta have 'em cuz I'm a hipsaholic! Can't help it. Born that way.

SSM 2.4.0.622
Process Guard FULL
WinSonar
WinPatrol
Sandboxie
Fortego All-Seeing-Eye

But I do run VirIT Explorer Lite and ClamSentinel ONLY FOR FUN!

A good policy with registry hacking and service wipeouts is probably all one needs IMH(Crazy)O. I've never had a problem with that other that finding tons of malware that cannot run. But it's a real hassle searching out those files for deletion unless one augments a folder monitor to catch the newly created crudware that can accumulate quickly and drone the drive. It's a weekly droneware search-and-delete. But HIPS are so much fun.

Dave

 

I wouldn't call it naked, unless you use nothing. Since you said no blacklist, I guess that means no ClearCloud, WOT, or the like as well.

Personally, I'll have:
Comodo Firewall
Default-Deny SRP, EMET, Silent UAC
Sandboxie
Sysinternals Autoruns
KC Softwares SUMo
Paragon Backup & Recovery Home Special Edition

 

J_L, I will have to refine that, otherwse people using IE9 are excluded (becasue of the smartscreen filter).

Off-PC blacklisting with no scanning of executables started outside the browser is also considered naked

- e.g. Panda or Prevx fall outside this refined defintion (they scan executables)
- AVG Linkscanner falls outside this refined definition also (it has a local blacklist)

- WOT - would be allowed to include
- Clearcloud - would be allowed to include
- IE9 smartscreen filter would be allowed to include

 

i am always looking to trim down my setup but i dont think i can go any further.

i run a standard account with UAC at max.
since my only worry is exploits and drive-by i use Chrome, which apparently has a very good sandbox.
and Norton DNS for a little extra protection.

Windows 7 Firewall Control is only there to stop programs that tries to install adware.

Shadow Defender is only used as a souped up uninstaller for testing
programs that dont need to reboot to complete their install.

 

@Kees1958: I see. Therefore I'll add both to my "naked" setup.

 

Vista HP 32 bit (teenage daughters)

Clearcloud DNS
Vista FW - no advanced rules
LUA
SRP (per Sully's excellent PGS)

That's it. 6 months now no infection although MBAM has found a few executables that were unable to run. Mostly toolbars etc - teenagers eh?.

Vista HP 32 bit (wife's)

Clearcloud DNS
Vista FW - some advanced rules (per Stems excellent post https://www.wilderssecurity.com/showthread.php?t=239750 )
EMET - all internet facing plus global DEP always on, SEHOP opt-out, ASLR opt in
SBIE - all internet facing, readers, Office, Media Players - start run/internet restrictions but open file paths to her work/college related folders
SRP deny policy on those open file path folders

Again 6 months with no infection, nothing found by OD scanners

Win 7 HP 64 bit

Clearcloud DNS
Win 7 firewall - no tweaks yet but planned
EMET - all internet facing plus global DEP always on, SEHOP opt-out, ASLR opt in
SBIE - all internet facing, readers, Office, Media Players - start run/internet restrictions but open file paths
AppGaurd to take care of what comes out of the sandboxes
Shadow Defender on-demand

Only the last few weeks but no issues to report yet.

External MACRIUM back-ups for all 3 and I-Drive for important stuff.

Black-listers are fine but not really needed real time IMO if you understand a bit about what malware does and how it infects and are willing to accept restrictions that won't let you 'click and run anything that offers you something'.

Lets face it if these set-ups can protect machines used by a click happy teenager and an IT illiterate wife then they should be good for most. Is it more hassle for me to update software and install new stuff? Sure but much less so than cleaning infections, a regular occurrence on my daughters machine (fully loaded with blacklisters), before this set-up.

Cheers

 

- Always behind a configured NAT/SPI Router.
- Sandboxie
- KeyScrambler
________________
On various PCs:
- Shadow Defender
- Rollback Rx
- EAZ-FIX
- AyRecovery

 

Sandboxie Experimental and Chrome. Mamutu at the moment, that's the one part of my set-up that I'm still working on, what to pair with Sandboxie.

 

emsisoft product is always made compatible with sandboxie
it might be related that sandboxie and EAM is sold as a bundle

 

Security by isolation, OS and application, file and registry, with some OS hardening and policy control.

So key words would be virtualization and sandboxing through hypervisor virtualization, app-vms.

 

AppGuard at 'high' protection level. I'd like to think of AppGuard as a very tight policy layer.

 

I looked at my recent security setup and found no blacklist. Oh no I'm naked

 

I wouldn't mind hearing about it. Even if you want to PM it. Never know, might give me some good ideas, and the more convoluted and complicated, the better

Sul.

 

I must say sorry to kees , that I made comment outside the OP question
But just to clarify : you can see at sandboxie.com and go to "buy" page
There u can see EAM+sandboxie 1 year sold for 40eur

EDIT : as malexous said... The bundle is gone

As for "naked", the most naked I've been is :
1. Using kees safe admin
2. Spyshelter premium

Does SS qualified for the "naked" term?

 

The bundle is gone. It was also available at the Emsisoft website: https://www.wilderssecurity.com/showthread.php?p=1731702

 

just the basics... I'm just lazy too type everything I did with SBIE thus the "hard to explain" was there.
sorry if that made you curious

btw I refunded my money last night from tzuk. I don't have Sandboxie license anymore
Sandboxie is excellent but I needed the money for something else.

 

No blacklist (AV) here.......

Zemana
Sandboxie
Look'n'Stop
KeyScrambler
Shadow Defender

 

DefenseWall
WinPatrol
Rollback Rx
Acronis True Image Home 2011
UAC + EMET

 

At moment:
NAT router
SUA + applocker + EMET + Windows firewall + UAC at max + plus manual GPO hardening (not using Microsoft security compliance manager) regarding Internet explorer and some other features like autorun, elevation for not signed files and so on.
On top, sandboxie free with custom shortcuts.

When not using this one, using this:
https://www.wilderssecurity.com/showthread.php?t=292484&highlight=bufferzone