Yet another recommend me a setup thread.

1. Asetup that will deny any installations/execution unless the programs are already installed and or is allowed by me.

2. A setup that "only I" can "easily" allow something to execute/install whenever I want.

3. those already installed should have security implementations in place so it would not be a threatgate.


there are times that a file is really "tempting" to execute so I want to have:
4. A setup that is quite safe and secure even after "forcefully" allowing an unknown/potentially unsafe execution.




***************************
MY EXPERIMENTAL SETUP
***************************

Standard User Account, maxxed UAC, disallowed SRP

1. Deny elevation request from users via GPEDIT.msc + SRP takes care of default deny setting.
2. SuRun makes it easily for "me" to elevate/execute/install + can remember password to automagically run specific app elevated.
3. probably GesWall or something...
4. I need help in this one
probably one of these: returnil, sandboxie, cis, trusteer rapport, spyshelter, webroot secureanywhere

 

Sandboxie or CIS for manually sandboxing suspicious files. IDK about the rest.

 

AppGuard (may give you some issues but is excellent) + Sandboxie(BSA analyzer)

Defensewall (only 32bit systems) + Sandboxie(BSA analyzer)

Comodo firewall (sandbox, HIPS and firewall, including the cloud behavior blocker and the cloud av) you can add here sandboxie if you want to use BSA analyzer.

Novirusthanks exe radar pro + Sandboxie(BSA analyzer)

Spyshelter + Sandboxie(BSA analyzer)

I would add to all the configs trusteer rapport just in case.

 

konata,
I think a combination of returnil and appguard (or maybe Faronics Anti-Executable) should give you the desired result.

 

Pretty much this...

 

the most surefire way for me is returnil and rapport but they are quite heavy for my 1GB RAM PC.
lightest would probably be webroot secureanywhere
or CIS with the manual sandbox and rapport... (last time I tried CIS, I have problem running apps in manual sandbox)

sandboxie is not an option for me because I don't have paid version and SuRun cannot elevate application run via Sandboxie.



I know rapport can protect from some of those new tough trojans but is that enough? I don't think so

 

I will go with Comodo Firewall with manual sandbox and trusteer rapport if you don't want to spend money, anyway even if you spend it you will not get anything "clearly better".

Although maybe there will be a free version of webroot including the same features that the old Prevx Safe Online Free that it uses less RAM than trusteer rapport, and probably the final version will not fail in the MRG tests.

Trusteer rapport protects your browser against almost any malware that need to use the browser to success, also it block, detects and clean if the computer is infected the modern banking malware like Spyeye and Zeus.
Try to install it and look at the advanced settings to configure it properly but take into account that only protects the websites that you tell him, and also protects the browser against attacks key capture...
http://www.trusteer.com/product/trusteer-rapport

 

if I use rapport... I cannot use GesWall to isolate my browsers, I don't want that.

Unless browsers have a way to BLOCK all addon/extension installations.


EDIT: thanks for the info about rapport guest but I already know about that and I have used rapport for a long time and I knew all about it's settings.

a free rollback/image software in addition to rapport may do but still looking for other options

 

If gesswall is not compatible with trusteer rapport probably it will not work either with Prevx safe online, (the same happens with sandboxie)

I guess that you need to choose btw geswall and safeonline or trusteer rapport. I don't know if geswall is able to block banking malware but since sandboxie fails doing it probably geswall too.

Since you are using a 32 bit system maybe you can go with Defensewall and forget everything else.

 

GesWall passed MRG tests I think...
DefenseWall is not FREE

since safeonline/webroot sa/rapport can't work with GesWall... only Comodo / Spyshelter left in my options

Spyshelter has option to auto-allow all microsoft signed and the option to auto-block suspicious behaviour is useful.

 

Consider, Ilya can arrange discount for your initial purchase. Yearly subscription is 9,95€ so it's not much i am very happy user, you wont be dissapointed! Lal, sorry about the marketing

Put Webroot SecureAnywhere and Returnil, DefenseWall into the mix and see how light it is?

 

lol Returnil alone can bake my PC after several hours of intense tasks, it's light but I'm aiming to do alot of tasks soon so

I don't have any source of income just leeching off my parents money and living in their house so buying software is

I'd buy myself a t-shirt if instead if I could ask for money

 

Ow i see life of a student isnt easy.

Thru net evrything is possible

Hm, so completely free setup is for you. Well try integrate Webroot SecureAnywhere into your experimental setup, as its very light and effective. If you would have Sandboxie Paid lifetime, that would be superb with forced folders etc.

 

Light footprint, use what is built into the OS. Perhaps SuRun if you want to get a little more serious with a USER account.

Applocker or SRP in a default deny setup, not much more you need.

For extra measures use a sandbox so that those "what if" situations are contained.

Or, you can use lots of other applications

Sul.

 

Hahaha. I just had to laugh at this comment

 

I agree - stick with what's in your OS whenever possible.

 

konata,
How about Bufferzone Pro, it is close to defensewall Maybe I am wrong


Thanks,
HP

 

Thats the only bad thing of Defensewall xD , with an x64 version and a lifetime license I would have buy some time ago.

I don't remember geswall being tested by the MRG banking test (but could be) also it has change a lot, and the geswall development I think that is quite stopped.
Do you really need geswall?
If you use Comodo you can run the browser in the manual sandbox.
With trusteer rapport or safe online you get the additional security, if they are compatible with Comodo sandbox (i'm not sure)
You can also use the light version of trafficlight of bitdefender.
The whitelist of Comodo is much bigger than the SS whitelist so you don't need to worry about that.

 

You can use Malware Defender for execution prevention. It's free and you can lock UI with password, so noone can execute anything that you haven't put on whitelist.

 

If only SuRun can elevate things executed in the sandbox. I'm done with my quest

it's bypassed on MRG tests.

I do. I always do.

yes I need geswall so I can rollback changes (extensions other users might install) in my browsers
actually I tested trusteer and geswall and found out that they work together... but Trusteer website says rapport and geswall are incompatible.

I still don't trust comodo sandboxing yet... most of the time it breaks things I don't want it to break my browser's (chrome) built-in sandboxing.
bitdefender trafficlight? I don't like extensions in chrome.
I prefer smaller whitelist as much as possible I want only microsoft signed applications whitelisted.


btw Rapport does not automatic update right? + everytime I download a new installer from their site every 2-3 days, it shows a newer version.

it's too full blown HIPS, too much for me.

 

Trusteer rapport has a updates notification system included, but I have never seen it updating because I have never look at the version number, but I will do to check it.

With Comodo you can remove all the trusted vendor except Microsoft, then using any of the options in the screenshot you can block the trusted vendor list from being updated.


When you said that Comodo sandbox breaks some apps you mean the manual or the automatic one? those are totally different.

If the trusteer website says that is incompatible with geswall I wouldn't use it.

 

I just use Kingsoft PC Doctor cause it's proactive, RoboForm, Hitman Pro running on startup and my common sense, works for me.

 

Yes, MD is really strong HIPS. But still with disabling/changing few rules you can easily "make" an app that will monitor only execution of processes

 

I remember the Kingsoft AV being quite weak when it has been tested, which part of the proactive protection that you mention (if there is any because I can't find it in the website) you think that deserve to run it?
According to the website don't seems to be a complete av http://www.kingsoftsecurity.com/product.shtml just an anti trojan engine, and don't even seems to work on real time.

 

it does has registry protection in real time