Can Microsoft secure your PC?

[Jack]

1. Can Microsoft with it's own programs and softwares keep your PC safe?
2. Any tweaks that you recommned or the default level is ok?
3. Any other Microsoft tools that you would use and aren't in the the bellow list?

• OS: Windows 7 ; 64 bit
• Real Time : Microsoft Security Essentials with Windows 7 Firewall
• EMET
• UAC
• Running under "Limited User Account"
• IE 9
• System Restore
• Windows Backup

In my case Microsoft can very well secure my PC, I would :

• UAC on High Settings
• Make sure that IE9 has Smart Screen Filter Enabled
• EMET at max
• Autorun disabled
• Windows Firewall with Advanced Security
• Create a system image with Windows 7 Backup

 

[jamescv7]

Yep that's a secure thing tweak the settings for having more secure and having a LUA will surely safe.

 

[MrXidus]

I can see good coming out of this if more users world wide used such setup as this... Makes me want to test this setup for myself, Probably will in spare time with VM.

 

[Jack]

I do think that if UAC is enabled and running under a "Limited User Account" , plus the other things...even on default settings.....someone with a little "common sense" ...should be safe.

 

[iPanik]

Using a LUA is essential in my world.
If you tweak windows enough, you don't even need an av
Also worth a note is SRP and AppLocker. If you use LUA, UAC and AppLocker correctly then no malware can touch you.

If you really want to get your knees dirty there is Group Policy and registry tweaks.
A worthy mention is pairing Google Chrome and the 1806 registry tweak. That effectively eliminates drive-by downloads.

A good source for these hacks is posts by Kees1958 at Wilders, f.ex:
http://www.wilderssecurity.com/showthread.php?t=278014

 

[bogdan]

I am all for using Windows 7 built in security. But nothing is bullet proof so having some knowledge and a backup is essential. And some 3rd party products are more comfortable to use.
LUA + UAC: I prefer to use this instead of 3-rd party auto-sandbox (that lower an application rights/no virtualization) modules from COMODO or avast, but it might be harder to use since pop-ups appear on every program that needs administrative privileges. Hopefully Win8 will introduce some sort of whitelising/blacklisting to it.
Built in firewall: 3rd party firewalls might be easier to set-up and use.
Windows Backup: works good but it is slower than some alternatives.
Software Restriction Policy (only makes sense on a limited account) is great but it needs some tweaking to make some software work. Among the software I use daily, Chrome and DropBox needed some Additional Rules to work as expected under SRP.

Conclusion: Microsoft can secure your PC, but you will need to tweak some things and understand what those tweaks do because in some cases you will receive an error message while trying to do common things like installing a program you just downloaded. Tightening security in windows somewhat limits your own actions since there is no whitelist. Security policies are enforced on good software as well.

 

[moonshine]

Windows 7's got Good built-in security, MSE works better on 7 too. Enable the Built-in Security and Use Windows Firewall with Advanced Security and MSE and You're well protected, I can stick to this config after getting 7.

 

[iPanik]

I hope they make AppLocker available to more versions in win8.
It works like SRP but is much easier to maintain. It works like the trusted vendors list in Comodo. For example you whitelist google on the list and everything signed by google is allowed to run by default ( you can of course create more specific rules).
This makes it easier to manage then SRP that relies entirely on application paths.