What Security Sofatware Are You Using?

[Guest Deleted_Account]

I thought it would be a good time to start a thread about this. So what Software do you use to secure your computer?

MINE:

Windows 7 Home Premium

Browser: Firefox w/ No Script CookieSafe, Adblook Plus (Anti-Malware list too), Ghostery, No Referrer, Request Policy, Last pass. and Sandboxed

and Chrome (Sandboxed) for watching Flash and Cnet live streams.

Realtime:

Comodo Firewall - Maximum/Paranoid and Defense plus (Sandbox disabled)

Avast Anti-Virus - All Shields set to Maximum and to scan everthing

WinPatrol - Watches Registry changes

SpyShelter - Anti-Keylogger (free version)

GesWall - IPS (Isolates potential threats using it to force Chrome, Firefox, and Xchat into isolation/Sandbox.

DecaffinatID - IronGeeks IDS for MITM Attacks

LAlarm - Anti-Theft Alarm W/ 4 wrong password wipe enabled (DOD method).

Secure Tray Util - Hot-key Self Destruct (DOD Wipe) of select files. Also remote wipe on LAN with Correct password.

On-Demand:

MBAM - Anti-Malware/spyware

Microsoft Defender - Anti-Malware (Does a great job at removal.

Macrium Reflect Free - Imaged HDD

Sandboxie - Sandbox applications (for everything GesWall doesn't like; somethings crash with GesWall)

Hardware Security:

Alpha Shield Firewall - Everything on my network is behind this. It is a great firewall if you dont want/can't set up your own.

D-Link router W/Firewall - Basic router firewall does it's job.

Other:

FDE W/34 Char. Password - Keep an image of MBR just in case someone tries to infect it. (But unless They are targeting me what are the chances?)

HDD LOCK and Bios Lock - This is a laptop and They seem "fairly" secure.

VM Virtual Box - For potentially dangerous programs.

1 TB External HDD for backups - Encrypted w/Cascading Algorithms =)

So what do you guys use?

[hexophrenic]

Assuming this is a home machine, where the hell do you browse/live that you need all of that for protection??? I guess my life is just not that interesting...

I use Windows firewall, microsoft security essentials, malwarebytes (used only when I remember to), and vmware. I use adblock plus for firefox and rarely use IE or chrome, and also use Peerblock for advertising and spyware/malware. I require a password to sign in, but nothing on BIOS or hard drive, no drive encryption but I do encrypt some documents as needed (tax returns and the like).

[Mr-Protocol]

Someone is a little paranoid. I'm sure having all that real time stuff running is bogging down the system A LOT. Not to mention they probably fight for CPU cycles and file access.

Fixing an MBR is pretty easy if you get a virus so having an image is not needed.

You could just clonezilla your OS as a backup every week if you are really having issues with infections.. or stop watching the pr0nz.

But honestly, you wont become a target because let's be honest, you don't have anything people want lol.

That and I can almost be positive that having that many programs actually make your security/protection worse than actually helping it.

[Guest Deleted_Account]

Someone is a little paranoid. I'm sure having all that real time stuff running is bogging down the system A LOT. Not to mention they probably fight for CPU cycles and file access.

Fixing an MBR is pretty easy if you get a virus so having an image is not needed.

You could just clonezilla your OS as a backup every week if you are really having issues with infections.. or stop watching the pr0nz.

But honestly, you wont become a target because let's be honest, you don't have anything people want lol.

That and I can almost be positive that having that many programs actually make your security/protection worse than actually helping it.

Not paranoid I was bored and wanted to see how much security software could run well. To be honest besides Comodo and Avast I barely get any dent in my CPU and memory. CPU is normally well bellow 20% and ram sits at about 30%. The only noticeable lag is during start up but after disabling skype and Windows Live it is a 30-45 Second boot (well from the logon screen at least). Most of the programs I use have a very light finger print. FireFox is also the main memory hog on this computer. As for MBR that is exactly why I don't think that attack is anything more than a POC as no one that is going to steal my laptop will take the time to do that they would just reformat it or in the event they could not bypass the bios lock through it out. Then again I am an IT/Security person and like finding and testing software. It may not be the most practical but I doubt I will be hit by a browser based attack anytime soon. I have a lot of layers for it to get through. That said I am probably going to ditch some of it (Secure tray util) as it seems like its just a gimmik and in real life it would not be that help full.

EDIT: Also if you think I am paranoid check out some of these setups: http://www.wilderssecurity.com/showthread.php?t=111264&page=539 lol

Edited January 31, 2011 by x942

[Mr-Protocol]

Comodo and Avast wont help you much. I had to help someone on IRC fix an infection last night and he had Comodo and AVG installed.

Thing is, if you do any real time scanning, you will get hit hard on CPU cycles because you are going to have many programs trying to fight to scan the file.

I'm not sure if you want to stop infections or prevent data theft. If i really wanted your data from your laptop i'd just take out the hard drive and use one of many forensic tools at my disposal to get the data :P.

I suppose in my opinion, all the software you have is a bit over-kill.

My Win7Pro box has F-secure Client Security, Wireless router/firewall (I use hard line not wireless), and my browsers have popup and script blocking. That is about all you need.

And as you said, VMs for testing potentially harmful software.

[Guest Deleted_Account]

Comodo and Avast wont help you much. I had to help someone on IRC fix an infection last night and he had Comodo and AVG installed.

Thing is, if you do any real time scanning, you will get hit hard on CPU cycles because you are going to have many programs trying to fight to scan the file.

I'm not sure if you want to stop infections or prevent data theft. If i really wanted your data from your laptop i'd just take out the hard drive and use one of many forensic tools at my disposal to get the data :P.

I suppose in my opinion, all the software you have is a bit over-kill.

My Win7Pro box has F-secure Client Security, Wireless router/firewall (I use hard line not wireless), and my browsers have popup and script blocking. That is about all you need.

And as you said, VMs for testing potentially harmful software.

I disagree about comodo and Avast as both have stopped plenty of attacks. Avast has never missed malware for me. As for you using forensic tools my HDD is encrypted with TC that wont help too much LOL (hibernate.sys too). I agree it is over-kill but as I said I was bored and decided to experiment =) I will probably drop back to AVast comodo and drop the rest but I am more suprised how smooth it is all running right now. I have been running Metasploit attacks all morning and haven't broken in yet. We will see what happens when I use armitage and some other attacks.

[Mr-Protocol]

armitage = metasploit

Metasploit wont really work vs patched systems. If you really want to test it compile a file with a metasploit backdoor and encrypt it to obfuscate it.

And if I were to say get your laptop while it was on... Cold Boot Attack :D. Memory image + strings = awesome.

[Infiltrator]

I disagree about comodo and Avast as both have stopped plenty of attacks. Avast has never missed malware for me. As for you using forensic tools my HDD is encrypted with TC that wont help too much LOL (hibernate.sys too). I agree it is over-kill but as I said I was bored and decided to experiment =) I will probably drop back to AVast comodo and drop the rest but I am more suprised how smooth it is all running right now. I have been running Metasploit attacks all morning and haven't broken in yet. We will see what happens when I use armitage and some other attacks.

+1 to that, Comodo may hog resources a little bit, but Avast that's what I use at home, never let me down. Avast may not be the best, but it surely does a lot better than most AVs, with exception for Kaspersky of course.

I use Avast 5, in my Win7 machine and I hardly notice any slow in performance. Even though it does real time scanning/monitoring.

If you want a secure enough system, you could install a box with Untangle, turn all the security essentials on and most importantly, keep the system up to date with the latest patches.

Don't open attachments from unknown sources and don't go visiting websites that are unsafe, use a VM if you have to.

Do not log onto any machine using an administrator account, use a limited account this will help minimize virus/worm damage to the system.

Use strong passwords and never use the same password for other things. (eg backing websites, Facebook), also change it once or twice a month.

[Guest Deleted_Account]

+1 to that, Comodo may hog resources a little bit, but Avast that's what I use at home, never let me down. Avast may not be the best, but it surely does a lot better than most AVs, with exception for Kaspersky of course.

I use Avast 5, in my Win7 machine and I hardly notice any slow in performance. Even though it does real time scanning/monitoring.

If you want a secure enough system, you could install a box with Untangle, turn all the security essentials on and most importantly, keep the system up to date with the latest patches.

Don't open attachments from unknown sources and don't go visiting websites that are unsafe, use a VM if you have to.

Do not log onto any machine using an administrator account, use a limited account this will help minimize virus/worm damage to the system.

Use strong passwords and never use the same password for other things. (eg backing websites, Facebook), also change it once or twice a month.

You make some very good points. Comodo is the biggest memory hog on my PC followed by FireFox so I am hoping they bring it down a notch in the next update. Avast has never let me down and as long as it keeps making PC mag's top free AV I will use it. Kaspersky is great but I don't want to pay for an AV. One thing Avast is not so great at in my experience is removal and that is why I use Microsoft's Defender it does a much better job. I have been wanting to setup an Untangle box just dont have anything with 2 NICs (also is it possible to have the modem plug into untangle box and then plug the Wireless router into the other NIC and have wire less that way?). On windows I hate using a limited account so I use an account with admin privs and use dropmyrights and sandbox internet facing applications. On linux I find it much easier and seamless to use a non-root account. MS should do that in windows 8 as they them selves preach the whole use a limited account thing. Which is great but Windows is a lot more susceptible to privilege escalation attacks in my experience at least. Thats why I set UAC to ask for credentials as well as sandbox. It basically is like a Limited account without having to be bothered to switch to do somethings (the majority of what I use my computer for needs admin privs). Maybe there is a way to make it more seamless I dont know. Passwords I use multiple password generators (in case one is flawed) and mix and match to make one 15 + char. password which I store in keypass and protect with one very long and strong password and key file. So I only need to memorize 3 passwords (FDE for my hard drive, Encrypted External, and Keypass) the rest are auto filed in with key pass or last pass :)

[Infiltrator]

You make some very good points. Comodo is the biggest memory hog on my PC followed by FireFox so I am hoping they bring it down a notch in the next update. Avast has never let me down and as long as it keeps making PC mag's top free AV I will use it. Kaspersky is great but I don't want to pay for an AV. One thing Avast is not so great at in my experience is removal and that is why I use Microsoft's Defender it does a much better job.

In my experience with Avast, it has the ability to remove infected items on the next pre-boot. Even though it may fail to remove at first, whilst Windows is still running. It does however remove the virus if you schedule it to run a full scan at the next time the computer boots up. I don't know if you have experimented with that, but it does a good job in removing viruses.

I remember once, a friend of mine asked me to help her get rid of some virus off her computer. While Avast was unable to remove while Windows was running, it did remove when the machine was rebooted, it managed to find and remove over 1000 trojans.

I have been wanting to setup an Untangle box just dont have anything with 2 NICs (also is it possible to have the modem plug into untangle box and then plug the Wireless router into the other NIC and have wire less that way?).

Yes it is possible, you will need to specify during the installation process or during the configuration which NIC shall be used for connecting the modem to and which NIC shall be used for connecting to the LAN.

On windows I hate using a limited account so I use an account with admin privs and use dropmyrights and sandbox internet facing applications. On linux I find it much easier and seamless to use a non-root account. MS should do that in windows 8 as they them selves preach the whole use a limited account thing. Which is great but Windows is a lot more susceptible to privilege escalation attacks in my experience at least. Thats why I set UAC to ask for credentials as well as sandbox. It basically is like a Limited account without having to be bothered to switch to do somethings (the majority of what I use my computer for needs admin privs). Maybe there is a way to make it more seamless I dont know. Passwords I use multiple password generators (in case one is flawed) and mix and match to make one 15 + char. password which I store in keypass and protect with one very long and strong password and key file. So I only need to memorize 3 passwords (FDE for my hard drive, Encrypted External, and Keypass) the rest are auto filed in with key pass or last pass :)

I find it quite easy to use a limited account and if an application requires admin access, its just a matter of running it in administrator mode.

Its a lot more safer to use a limited account, than an administrator account. Not becouse of virus damages but even for preventing yourself from accidentally deleting or modifying files or settings that you shouldn't be in the first place. And which could lead to stability issues or even being unable to start up properly.

Edited February 1, 2011 by Infiltrator

[Guest Deleted_Account]

In my experience with Avast, it has the ability to remove infected items on the next pre-boot. Even though it may fail to remove at first, whilst Windows is still running. It does however remove the virus if you schedule it to run a full scan at the next time the computer boots up. I don't know if you have experimented with that, but it does a good job in removing viruses.

I remember once, a friend of mine asked me to help her get rid of some virus off her computer. While Avast was unable to remove while Windows was running, it did remove when the machine was rebooted, it managed to find and remove over 1000 trojans.

I am going to check that out. I knew avast had the preboot scan but I have never been infected (at least in the past 5 or so years) to test removal on my own pc. I will give it a try when I clean out my friends laptop this week. 1000 Trojans is impressive. and kind of scary that he had that many lol

Yes it is possible, you will need to specify during the installation process or during the configuration which NIC shall be used for connecting the modem to and which NIC shall be used for connecting to the LAN.

I am going to test this out on a old pc. If it works well I will invest in a new box.

I find it quite easy to use a limited account and if an application requires admin access, its just a matter of running it in administrator mode.

Its a lot more safer to use a limited account, than an administrator account. Not becouse of virus damages but even for preventing yourself from accidentally deleting or modifying files or settings that you shouldn't be in the first place. And which could lead to stability issues or even being unable to start up properly.

I am usually cautious with settings and system files. Before installing or modifying anything I image my drive with Marcium Reflect. Takes about 20 minutes but it is well worth it in case something does go wrong

[mux]

I'm thoroughly confused how you guys think Comodo is a resource hog. I was running the CIS which is the firewall, av, ids, and sandbox rolled into one. When I did my baseline testing it averaged 22 MB of ram, but I digress.

Sounds like you need to use *nix as your desktop OS, x942. :)

[Infiltrator]

I'm thoroughly confused how you guys think Comodo is a resource hog. I was running the CIS which is the firewall, av, ids, and sandbox rolled into one. When I did my baseline testing it averaged 22 MB of ram, but I digress.

Sounds like you need to use *nix as your desktop OS, x942. :)

I already have Ubuntu as my desktop OS, besides Windows. Moreover when I said, Comodo consumed a slight amount of RAM I was actually referring to my past experience I had with it. Since I haven't used Comodo for a very long time, I'd say they must have made a lot of improvements and enhancements to it.

i guess I will have to give it another try in order to change my views towards it.

[Guest Deleted_Account]

I'm thoroughly confused how you guys think Comodo is a resource hog. I was running the CIS which is the firewall, av, ids, and sandbox rolled into one. When I did my baseline testing it averaged 22 MB of ram, but I digress.

Sounds like you need to use *nix as your desktop OS, x942. :)

It may be because I have the settings cranked very high. On my machine it uses 35 MB of ram (only have a gig so that is a lot in my opinion). As for switching too *nix I use Linux for pentesting and Development but as my primary OS I just can not get used too it as much as I love Linux I use too many programs that are windows only and do not Emulate well.

[mux]

It may be because I have the settings cranked very high. On my machine it uses 35 MB of ram (only have a gig so that is a lot in my opinion)...

Simple solution; Don't use Windows 7. ;)

Edited February 1, 2011 by mux

[T3hGamerDK]

Been using Linux for quite a while.. Does that count as security? :D

Using a non-root account with an alphanumeric password completely random; Social Engineering won't work on this bitch 8)

[digip]

I have an old XP SP3 VM I was attacking last night. No firewall or anti virus software installed and updates haven't been done in like 2 years. Nothing worked against it short of unsafe url testing and an unpatched ms08_067 flaw, but the flaw wasn't working until I turned on certain services I normally had off to begin with, and I'm not 100% sure the combination that made it work(edit:enabling "workstation + server" service allowed the vuln to run, something I normally had off to begin with since I'm 1, not part of a domain, and 2, don't allow windows file sharing), but in a lot of instances you can mitigate attacks simply by having specific services off and not running to answer the attackers connections. Add to that a decent firewall that also hides all open ports that windows leaves open by default, and nothing should be able to get in short of surfing to a URL with exploit code.

Comodo is a decent product but anything can be bypassed to an extent, if not shut off in the process. Some attacks will even uninstall the anti-virus completely. Usually because of misconfiguration, or human error such as downloading something that 1, doesn't have virus definitions for it, and 2, might contain a 0-day that nothing can stop, but more importantly because not everything is 100% full proof.

There are things you can do to mitigate some attacks though. If you are on windows, I suggest using DEP in combination with Emet.

http://support.microsoft.com/kb/2458544

Didier Stevens is also working on a product similar to Microsoft's Emet, called Heap Locker, that goes a bit further than just blocking the attacks, but also notifying you of potential dangers inside files such as PDFs: http://blog.didierstevens.com/2010/12/06/heaplocker/

Use them in combination with a good (and well configured) firewall/virus scanner, and practice safe browsing habits and you should be safe from damn near anything short of being social engineered into opening something or visiting a 0-day exploiting site.

Edited February 1, 2011 by digip

[ParMan]

I run microsoft MSE. and when i download things i run them in a sandbox to test them out. other then that i dont go to sites that would give me viruses. (but i also dont just search the web all day.)

[mux]

What digip said.

Comodo is a decent product but anything can be bypassed to an extent, if not shut off in the process. Some attacks will even uninstall the anti-virus completely. Usually because of misconfiguration, or human error such as downloading something that 1, doesn't have virus definitions for it, and 2, might contain a 0-day that nothing can stop, but more importantly because not everything is 100% full proof.

^ This especially. One example I always give out is if someone is lucky enough to get a (meterpreter) shell on you after a 0-day release, all bets are off. It's pretty easy to not only kill processes at that point, but also easy enough to completely disable services as well. Even services that supposedly can't be disabled by default (ie; Most AVs). Setup a persistent backdoor, disable services, reboot if it's a Windows box, and the victim no longer has a firewall and/or AV running. The sky is the limit at this point.

[Infiltrator]

Been using Linux for quite a while.. Does that count as security? :D

Using a non-root account with an alphanumeric password completely random; Social Engineering won't work on this bitch 8)

I have acquired the thing you most love in your life, in exchange for your account login credentials. You have 24 hours to comply or else, you will never see the thing you love again.

[MRGRIM]

Prevx and ESET NOD32