Shukla44's Security Config (Desktop)

[shukla44]

NOTE: Keep in mind, ONLY security-related programs on my system are mentioned above.

This is my current desktop security config. What do you guys think? Please give your honest opinions.

Previous Security Config (2016) - shukla44's Security Configuration (Desktop)

Spoiler: Vulnerable Process's List

Vulnerable Processes on my system (Windows 7):

1. shell32.exe*
   
2. regsvr32.exe*
3. rundll32.exe*
4. cmd.exe**
5. mshta.exe**
   
6. wscript.exe***
7. cscript.exe***
8. powershell.exe***
9. powershell_ise.exe***

All process's both paths (system32 & syswow64) included.

* - Reported/Logged
** - Monitored/Prompts
*** - Blocked/Disabled

Spoiler: Vulnerable Programs List

Vulnerable Apps & Programs on my System (beside Windows 7):

1. Browsers (Firefox 64-bit, Chrome 64-bit & IE)
2. Microsoft Office***
3. Thunderbird
4. Foxit Reader***
5. Adobe Photoshop 64-bit***
6. Windows Media Player***
7. uTorrent (3.3.2 Build 30586)
8. VLC Media Player***
9. K-Lite Mega Codec Pack With MPC-HC 64-bit***
10. Microsoft .NET Framework

All programs are monitored in HMP.A (except uTorrent & .NET Framework).

*** - Internet connections (Incoming & Outgoing) are disabled in Firewall

Additional Info:

1. I have 2 active user accounts - 1 admin (personal use only), 1 standard (friends & family use). The standard account enjoy the strict settings of kaspersky's parental control.
2. For financial/banking protection, i use kaspersky's safe money. For safe money, i use ie 64-bit only with one addon kaspersky protection & all others DISABLED, also settings in ie 64-bit is modified for max protection.
3. Firefox 64-bit is my primary browser. Chrome 64-bit is only used when vpn is needed. Internet explorer is only for banking.
4. For exploit protection, i use hitmanpro.alert. Safe browsing (have safe money), keystroke encryption (have kaspersky secure keyboard input), webcam notifier (no webcam), badusb (have voodooshield) protections are DISABLED in hmp.a. Kaspersky exploit protection is also DISABLED for compatibility reasons.
5. I use shadow defender (on admin account only) as a sandbox for testing new settings or unknown apps. All the malware-testing is done in vmware.
6. In vmware, i have a number of guest os installed (temporarily), but only win7 sp1 ultimate 64-bit is permanent. Win7 guest os has rollback rx pro installed for rollback & testing purposes.
   
7. Adguard desktop active filters - english filter, spyware filter, social media filter, annoyances filter, fanboy's enhanced tracking, anti-adblock killer reek, i dont care about cookies, nocoin. I use custom user filters as well. Phishing & malware protection is ENABLED. Stealth mode ENABLED. https filtering ENABLED. Allow search ads & websites self-promotion is DISABLED.
8. Adguard protection is DISABLED on ie 64-bit. I have https scanning ENABLED in adguard & kaspersky both, so i need a seperate browser for banking only, where no conflicts should arise.
9. All the internet connections (incoming & outgoing) are DISABLED in kaspersky firewall for apps/programs that doesn't depend on Internet. FYI, became very useful during the whole ccleaner debacle.
   
10. All the important files/documents are backed up in a password-protected winrar archive file without the .rar file extension so that it cannot be encrypted by file-cryptors. For mbr-encryptors, it is also saved on the multiple cloud storage services.
    
11. All the important passwords are kept in a password-protected doc file within a password-protected archive within a password-protected thumb drive. For emergencies, i keep some of them on a piece of paper hidden in my room. For the rest of the passwords, i use sticky password.

Suggestions & feedback's always welcome.
If you have questions about my configuration, i'll be happy to answer as much as possible.​

 

[Deleted member 2913]

Well covered, no nonsense & excellent config...I like it

 

[Winter Soldier]

Great config under every point of view, not an easy life for malware around.
Thank you for sharing

 

[shmu26]

you got it covered!

 

[shukla44]

Thanks a lot for all your replies.

My Kaspersky license will expire in 3 months or so, i am thinking of moving my config to CF (proactive) + VS Pro with Adguard (desktop maybe). What do you think of this?

 

[Winter Soldier]

Thanks a lot for all your replies.

My Kaspersky license will expire in 3 months or so, i am thinking of moving my config to CF (proactive) + VS Pro with Adguard (desktop maybe). What do you think of this?

I think in three months you will think about, but good move

 

[Deleted member 178]

a bit early to think about it ^^ in security, lot of things happens in 3 months.

With CFW + VS , you are opposing 2 concepts : simplicity (VS) and complexity (CFW) , personally if i decide to use Comodo , i would use CIS only, it covers all layers , you won't need VS.

 

[Deleted member 2913]

Thanks a lot for all your replies.

My Kaspersky license will expire in 3 months or so, i am thinking of moving my config to CF (proactive) + VS Pro with Adguard (desktop maybe). What do you think of this?

If you know how to work with CFW, I would say VS is redundant. And I would suggest go with CF (proactive), Adguard Desktop would be good too. I am running CFW proactive + customization with Adguard Desktop & no probs.

 

[shukla44]

I think in three months you will think about, but good move

Yeah. Thanks

a bit early to think about it ^^ in security, lot of things happens in 3 months.

With CFW + VS , you are opposing 2 concepts : simplicity (VS) and complexity (CFW) , personally if i decide to use Comodo , i would use CIS only, it covers all layers , you won't need VS.

If you know how to work with CFW, I would say VS is redundant. And I would suggest go with CF (proactive), Adguard Desktop would be good too. I am running CFW proactive + customization with Adguard Desktop & no probs.

Yes, i know how to work with CFW. I also know CFW/CIS will be enough, but i want to complement it with some backup solution (simple one, preferable - multi-engine scanner). I have used this combo before for a short period of time but this combo is light, efficient & complex enough to satisfy my security needs.

Besides, i am thinking about it & yes, a lot can happen in three months

 

[DracusNarcrym]

Great security config, tight and strong. Malware trying to penetrate is like rain trying to crack mountain rock.

All I have to say is keep a backup image at the ready, in case all else fails. I bet you know the drill.

You're good to go, as far as I'm concerned.

Stay safe. (won't be a problem for you )

 

[Deleted member 2913]

shukla44,

If you would like to continue with Kaspersky, I have something you may or may not like...if you would like to know, PM me.

 

[aragornnnn]

Very good config... exactly what i thought

Thanks for sharing!

 

[JM Safe]

I see nothing wrong in this config, congrats! You are protected.

 

[Parsh]

@shukla44 awesome explanations and topiv coverage. Nice set of tools.
In case you want to run things out of box with less worries, a good AV will be great alongside CFW you're planning to have,
again for prevention. HIPS will then get its back

 

[Winizsol]

NOTE: Keep in mind, ONLY security-related programs on my system are mentioned above.

This is my current desktop security config. What do you guys think? Please give your honest opinions.

Previous Security Config (2016) - shukla44's Security Configuration (Desktop)

Spoiler: Vulnerable Process's List

Vulnerable Processes on my system (Windows 7):

1. cmd.exe**
   
2. regsvr32.exe**
3. rundll32.exe**
4. shell32.exe**
5. mshta.exe**
   
6. wscript.exe***
7. cscript.exe***
8. powershell.exe***
9. powershell_ise.exe***

All process's both paths (system32 & syswow64) included.

** - Monitored
*** - Blocked

Spoiler: Vulnerable Programs List

Vulnerable Apps & Programs on my System (beside Windows 7):

1. Java JRE 8 32-bit (Used for Desktop Apps Only)
2. Adobe Flash Player ActiveX (Used For IE 64-bit Only)
3. Browsers (Firefox 32-bit, Chrome 64-bit & IE)
4. Microsoft Office***
5. Thunderbird
6. Foxit Reader***
7. Adobe Photoshop 64-bit***
8. Windows Media Player***
9. uTorrent (3.3.2 Build 30586)
10. VLC Media Player***
11. K-Lite Mega Codec Pack With MPC-HC 64-bit***
12. Microsoft .NET Framework 4.6.2

*** - Internet connections (Incoming & Outgoing) are disabled in Firewall

Spoiler: Additional Info

ADDITIONAL INFO'S:

1. I have 3 user accounts active - 1 admin (personal use only), 1 standard (friends & family use) & 1 guest (other stuff). The standard & guest accounts enjoy the strict settings of kaspersky total security parental control.
2. For financial/banking transaction, i use kaspersky safe money. For safe money, i use firefox only with addons kaspersky protection and https everywhere & all the plugins disabled.
3. I use shadow defender (on admin account only) as a sandbox for testing new setting or unknown apps. But all the malware testing is done in vmware.
4. All the internet connections are disabled in firewall for apps/programs that doesn't depend on Internet.
5. All the important files/documents are additionally backed up in a winrar archive file without the .rar file extension.
6. All the important passwords are kept in a password-protected doc file within a password-protected archive within a password-protected thumb drive. For emergencies, i keep some of them on a piece of paper hidden in my room. For the rest of the passwords, i use sticky password.

Suggestions & feedback's always welcome.
If you have questions about my configuration, i'll be happy to answer as much as possible.​

Nice config! Thanks for sharing it!

 

[Exterminator]

Nice config seems like you have everything covered!
Have you given any thought to upgrading to Windows 10?
Thanks for sharing your config

 

[Vasudev]

FF 64bit is stable enough with decent performance enhancements.

 

[shukla44]

Have you given any thought to upgrading to Windows 10?

Yes, i have already tried upgrading, but had to revert back to Windows 7.
I don't think i can upgrade make Windows 10 work, not on this desktop anyway. The hardware, specifically graphic & sound cards, is legacy. Only supported till Windows Vista, so i was able to install it on Windows 7 after a lot of effort. But can't get it to work with Windows 10. Thanks anyway for your suggestion. I will surely install Windows 10, if i ever upgrade my desktop.

FF 64bit is stable enough with decent performance enhancements.

I know. Already tried it on VMware. But i am afraid i can't install it just yet. I use sticky password & FF 64-bit is NOT supported yet. Already pointed it out to the support. Hoping for support in the near future.

 

[Deleted member 2913]

I know. Already tried it on VMware. But i am afraid i can't install it just yet. I use sticky password & FF 64-bit is NOT supported yet. Already pointed it out to the support. Hoping for support in the near future.

I use Sticky Password with Firefox 64 Bits Portable And Sticky Password & Extension work fine here.

 

[shukla44]

I use Sticky Password with Firefox 64 Bits Portable And Sticky Password & Extension work fine here.

Will install it once again, FF 64-bit & check if it is working for me or not.
Thanks a lot for the info.