Windows 7 (no vm /non-multiboot) for Gaming+Banking setup help.

Yes. I need help setting up security for Windows 7 Pro 32-bit for banking and gaming in one SYSTEM.

• I can't run Virtual Machine.
• I don't want to multi-boot OS (one for gaming / one for banking)
• Classical HIPS is my last resort... but as much as possible I don't want HIPS
• Behavioral HIPS is acceptable such as MAMUTU. I have license for A2 Antimalware which have built-in MAMUTU but I'm open for free alternative.

but I want everything in place all my games but also allow me to bank online securely.
I'm saying these because I don't really trust online games / game clients to connect lan games thru internet. (because they're installing drivers and other suspicious behaviors.)

Prevx SOL does help alot in securing my banking details but I want something to filter out the behavior of my installs too or maybe something that would isolate my games from the system but allow them to run as admin.

Running UNDER LUA/UAC/SRP is not a problem, but my games always run as admin so it doesnt help a bit in the banking security.


My thinking goes like this:
My games are installed and they're on my system, I think they can do what they want and I dont trust them, that's why I feel insecured about my security setup.
If I could make this feeling go away, I think I'd stop changing security setup from time to time.

I'm running Win7 at 1gb RAM, I can't possibly have more than 1 or 2 3rd party apps running realtime.

 

i would recommend Avast Free and Trusteer Rapport.

Trusteer Rapport is free for end users.

Rapport is specially made to secure online banking and it supposedly offers great protection.

 

does trusteer rapport work on x64?

 

Avast! 5 [File Guard/Behavior/Network/Web] + PrevX SafeOnline + Windows Firewall with Advanced Security + LUA + SRP.

Protection simple and strong!

Could replaced the Behavior of Avast! using Mamutu, would be very good too, but lose a little performance.

Windows Firewall with Advanced Security help protect banks and would use some of your system.

Sorry for my english!

 

Simple setup- keyscrambler premium (if you think of privacy seriously) the free version is good too .. all your data secure that way.. just make sure nothing is terminating keyscrambler install a free hips product.. private firewall is free and got it and so so does spyshelter even the free version will help...

 

How do your games worry you?

 

It's possible he uses either A. Steam or B. Plays MMORPGs.
To someone who doesn't play MMORPGs or use Steam, this stuff can seem trivial, but to one who actually does, protecting your info is your number 1 priority.

 

i have no idea, i'm on 32 bits.

you can contact their support.
they are very fast to respond.

 

I would do it this way..

Install system fresh. Install browsers. Install Sandboxie. While NIC is disabled, configure browsers prior to running in Sandboxie - this sets your configs/options without worrying about "something" affecting the browsers or system prior to using the sandboxes.

Using Sandboxie, force browsers into seperate sandboxes (preferably). Be sure nothing but the browser can run or have net access in sandbox. Create one sandbox for generic browsing with one browser and create another sandbox for banking using a different browser. Yes, use a different browser for banking. Be sure the banking sandbox deletes it contents when the browser closes.

Run your games as you wish. Starting this process from a fresh install and always using Sandboxie and being sure to segregate banking and browsing in different browsers is my approach.

One program. Two browsers.

Sul.

 

I'm only trying to determine what he feels the games are doing that worry him, though I would guess the concern is how and where they are communicating on the Web. If this is the case, Win fw could be set up to block inbound by default and all outbound that don't match a rule by default, then rules can be created to restrict the games to selected remote ports and even ip addresses. This suggestion will likely elicit some snickering or rolling of eyeballs from some, but it is a possible solution (using an already built-in feature no less) for a valid concern. And no, I don't consider it trivial, either

I'd also endorse Sully's advice

 

I'm using Win7 firewall to do this... but... maybe I'm thinking too far but I was worrying that my "already installed" games can easily bypass the firewall because it always run as admin.

I dont really need to go all out to protect my game accounts lol... what I want to secure is my BANKING credentials while allong me to play my "untrusted" but lovely games. ^^

What if my installed games modified the browser on my real system?
Does it not matter to sandbox it if its already taken over?


I think the games should be the one ISOLATED from the system during installation, let it stay sandboxed and run isolated? but I think my games wont work because it need to install drivers and one of it requires IE.

 

I seriously doubt it, but you can test this simply by disabling the current outbound/inbound rules you have for them, and if you've set up the fw to block outbound that don't match a rule, then your games should not get online whatsoever.

 

I had the same concerns and tested numerous methods and security setups. I've tried the VM and dual-boot methods but since you do not wish to run these, I'll jump straight to another viable albeit restrictive option. Depending on the type of games you play, you might want to give MojoPac a try -- but you must be aware of the requirements and risks involved.

From http://www.mojopac.com/portal/content/sysreq.jsp, the requirements are:

and the risks are found here. Further risks are BSODs caused by pvm.sys (I don't have facts for this -- I simply experienced these BSODs while playing games like CS 1.6 and L4D2 on MojoPac). Apart from these risks, some games that employ GameGuard as anti-cheating mechanisms will not run properly in MojoPac.

Despite having said all that, I gave up on VM, dual-boot and MojoPac because all of these methods have some form of restrictions and setbacks (VM - lack of adequate 3D capabilities; dual-boot - a big setback to convenience; and MojoPac - BSODs, somewhat limited access to host pc and some games don't work).

I adopted the Live CD banking method. Less headache, less hassles. But I must say this may not work for you depending on the frequencies of your banking activities. Hope it helps.

 

If you start with a known clean system, you can use something like Sandboxie, with the correct settings, your browsing habits won't effect the real system.

If you further login with an account that is only a member of the "users" group, all you do is restricted to your profile. If you need to RunAs to play a game, so be it.

It is simple really for your stated requirements.

Sul.

 

IMO -

Easiest method - Go with what Sully mentioned.

Back when I was using Returnil,I would reboot the PC so everything that was accumulated during surfing was emptied,then I would do my banking.When I was finished,I would reboot,again flushing everything.This method worked for me and never had an issue.

What I do NOW is,I'll reboot the PC,with Deepfreeze on,flushing everything from surfing,etc.Once rebooted,I'll do my banking,shopping,etc. using Internet Explorer. Now I normally use Firefox for browsing,but for my banking I'll use Explorer for this ONLY.When I'm finished,I'll reboot and then continue to use Firefox for regular browsing.

 

My advice

Harden (is extra security without offering CPU cyles or Memory)

1. Use Windows Firewall 2-way (see Firewalls sticky look for STEM's post)

2. Use EMET2 to mitigate internet facing aps (remember you must close and restart the EMET-GUI to check your changes). See https://www.wilderssecurity.com/showthread.php?p=1750088#post1750088

3. Use IE8 for banking apply hardening
- https://www.wilderssecurity.com/showpost.php?p=1603239&postcount=2
- https://www.wilderssecurity.com/showpost.php?p=1603831&postcount=10
- https://www.wilderssecurity.com/showpost.php?p=1684382&postcount=29

4. Use Iron for daily browsing
- https://www.wilderssecurity.com/showthread.php?t=277949
- https://www.wilderssecurity.com/showthread.php?t=278011
- Add WOT and SiteAdvisor for Chrome as extentions

5. Use Sunbelts clearcloud DNS (besides IP-blocklist it adds a sort of smartscreen download security based on Vipre's Antivirus)
- http://clearclouddns.com/

6 Run UAC on default with intelligent installer detection disabled.
Now run REGEDIT and look what your settings are:
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System
locate the key "EnableInstallerDetection"

Set it to OFF (is Zero value "0")
When running a 32 bit installer program Windows7 will NOT detect it is an installer and will NOT prompt for UAC-elevation to Admin (Use Run ad admin to install).

Now run REGEDIT again and look what your settings are:
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows NT\Driver Signing
locate the key "BehaviorOnFailedVerify" 0=off, 1=warn (advise), 2=block

7. Seperate Programs from Data by using 2 partitions

On-demand Software
Sanitycheck and Hitman Pro (enable right click check in context menu)

Reduce UAC prompts
Use Elevate without UAC prompt to whitelist programs needing admin rights (e.g. CCleaner, Hitman Pro etc), by using UAC Trust shortcut from http://www.itknowledge24.com/

Install Comodo Time Machine
You are familiar with it

Install Facebook full version free of PrevXSafeOnline
You know how to set it up (max heuristics AFTER age/population, Set AGE to max and leave Population at default, disable MBR scanning and daily scans).

Summary
On IE8 you will have
a) Sunbelt Clearcloud check (in the cloud)
b) When you search with Google, the Google IP-blocklist (in the cloud)
c) Microsoft smartscreen filter (in the cloud)
d) PrevX IP-blocklist and Popularity Warning (in the cloud)
e) Prevx Behavioral Heuristics (on your PC, but due to AGE set to max and Heuristics after, only at new programs)

On Iron you will have
a) Sunbelt Clearcloud check
b) When you search with Google, the Google IP-blocklist
c) WOT (In the cloud)
d) PrevX IP-blocklist and Popularity Warning
e) SiteAdvisor for Chrome (in the Cloud)
f) Prevx Behavioral Heuristics

When PrevX throws a warning saying your a are infected, rollback with Comodo Time Machine. In comparison with A2 it cuts down on AV processing overhead and the IDS of A2 looks at all programs while PrevX only at new arrivals, also reducing CPU load on your PC

 

lol I already did this and has been my default setup after I've read your thread about safe-admin.

I'm only missing CTM because of the "COMODO Time Machine cannot initialize system information" during install.
I wonder why I can't find another freeware alternative ROLLBACK software.
I wish I did not uninstall CTM few months ago.

about chrome/iron extensions... i think i saw an article saying chrome's extensions are a security/privacy risk? like they can get personally identifiable infos? is it false? if true.. is it fixed?


@Sully
I can't do much with sandboxie free

 

In that case, use Windows Defender as light form of Intrusion Detection.

Disable: daily scans, on-execute check (reduces CPU load, PrevX got this tackles) and drivers and services (to weak to stop it really and UAC plus driver signing compensates for this) and become advanced spynet member (so WD warns you with the Icon in system tray plus questionmark on changes).

Note the Sunbelt clearcloud is new, it works really good. You can also set a deny ACL on your mail directories.

 

Yes!

 

Hi Sully,

Out of curiosity, if the original poster has been on x64 architecture, would have you been confident enough about Sandboxie x64 to advise the same security setup? Or prefer to go for only make use of OS' own tools (as for myself, I'll be using 7x64 Ultimate)?

Thanks.

 

I haven't followed the 64bit Sandboxie topic much because I don't use it. I haven't seen a topic that I can recall that said "SBIE 64bit is vulnerable- DON'T USE IT". I have seen mention of it not being as secure as 32bit, but don't know exactly where it stands. So with that in mind...

If I were using x64 I would implicitly trust Sandboxie for what I do and how I do it.

If I were advising someone to use Sandboxie on x64, and they logged in as admin with UAC off, I would assume SBIE x64 would be secure enough. I would also assume if the person has turned UAC off they have a reason to do so. Running as full blown admin without a clue is no way to be secure.

If I were advising someone to use Sandboxie on x64, and they logged in with UAC or used a true LUA account, I don't think there is an issue. Maybe I'm wrong, but haven't seen any information to think otherwise.

So for yourself, do you know how you will become compromised? Do you plan on using chrome/IE in protected mode? Do you plan on using LUA? Do you plan on applying a Low Integrity Level to all browsers? If so, then what does Sandboxie really do? For me, it is extra insurance. I take care of things in the OS as much as possible. Sandboxie is my first layer, the OS is the fallback should Sandboxie fail. But I also believe Sandboxie, either version, to be good enough to use alone and still sleep well knowing it is doing what it is supposed to.

How many other programs can I say that about? None. Sandboxie is alone in that category. That is why I have no problem recommending it. It might not be flawless, but it is the closest thing to it that I know of in terms of being secure.

Good question BTW.

Sul.

 

Thanks Sully for your helpful reply. A lot of food for thought in there. But I will need time to digest all this x64 bone's meat! I don't want to hyjack this thread, so I will only try to say here where I am on this 7x64 novelty (for me).

So, I am now on XP pro x32, from a long time ago. And I have to study and familiarize myself with Win 7 & x64 first, before to migrate to it next week. I will start afresh, on a virgin hd. And for the little I know now, I will probably go for an Admin account with UAC full on, using SuRUN or RAAC to take care of the little aspirities on the system's setup building road.

I already own a Sandboxie license and I want to run it on x64. I will also use Terabyte products for image backups (ShadowProtect being another open option), and bring FD-ISR Classie and ShadowDefender with me, to always keep an eye on the little back mirror, on my trip...

My browser of choice should be Opera (with Chrome as a fail back, and IE only for testing and OS' updates). I know nothing about browsers' "Protected mode" and "Low integrity levels" (any good references welcome) and I will have to gain a grip on all those new internal operating system tools, to decide if I have a need for some of them or not.

I think that I will probably not need any HIPS but want to keep Malware Defender at hand anyways. Btw, even behind a router, I want to use Look 'n' Stop and experiment with Windows 2-way internal firewall because, heuh, because I like play with fws!

After that it should be mainly learning by tries and errors...

And, also, your reassuring confidence on Sandboxie is enough to make me go try the more I can do to use its great capabilities on this new x64 setup.

Thanks much.

--
Some grammarian edition.

 

Bonne chance!

 

Marci, 'stie !

 

I think those highlighted points are main things that should be addressed.
You are running under LUA with SRP so you are quite good protected from drive-bys and etc.

So in my opinion the best solution for your problems and paranoia is taking away admin rights from your games but at the same time allow them to run. right?

So what do you think fellow wielders members, how this can be accomplished?
I do have some guesses but I am not sure how to track it.

I think if we give Limited user full control for files, folders and registry entries which the game needs to edit/create/delete in order to operate, we can make it run under LUA without privilege escalation?
I am trying to do similar thing, but problem is I don't know how to track what files/registry entries LUA doesn't have access that software is trying to access.

Is this the correct solution?