Completely securing a computer without using programs

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
-Smartscreen is mostly a reputation features alerting about downloaded executables system-wide (means not coming from removable devices)
good explanation Umbra, we are on the same page, maybe you didn't understand my post right because my English prose is pretty complicated.
Anyways, I am all in favor of utilizing the native windows tools of WD+SUA+UAC+SS.
And that is what I do on my own production machine. But I add ERP with my own home-brewed lenient recipe, to protect myself from stupid or sleepy moments.
 
D

Deleted member 178

good explanation Umbra, we are on the same page, maybe you didn't understand my post right because my English prose is pretty complicated.
Anyways, I am all in favor of utilizing the native windows tools of WD+SUA+UAC+SS.
And that is what I do on my own production machine. But I add ERP with my own home-brewed lenient recipe, to protect myself from stupid or sleepy moments.

and you are totally free to use 3rd party apps, just don't compare what is not comparable. ;)
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
@shmu26 What's the benefit over Smartscreen. Don't downloads to those folders require manual execution anyway? How common are unseen downloads downloading to these areas over the person being socially-engineered to execute them?
Hi, as regards the benefit over Smartscreen, I think that issue was sufficiently discussed in the previous posts.

About the need for manual execution, yes, you are right about that. However, one of the greatest things about a default/deny app such as ERP or Voodoo is that it shakes your brain awake when you are about to manually execute a suspicious file.

So even if you were socially engineered into executing it, when you see the serious-looking prompt that pops up in front of your face, you will think twice. This is especially true if the file was supposed to be nothing more than a PDF or a pic, and all of the sudden you see solemn security warnings. I would immediately run for the nearest bomb shelter if that happened to me...
 
W

Wave

So even if you were socially engineered into executing it, when you see the serious-looking prompt that pops up in front of your face, you will think twice. This is especially true if the file was supposed to be nothing more than a PDF or a pic, and all of the sudden you see solemn security warnings.
But relying on an Ai system to auto-detect suspicious PE execution attempts is not a good idea nor reliable, why not just watch what you're doing and not make dumb decisions by trying to run an unknown download in the first place?
 
  • Like
Reactions: shmu26
5

509322

Umbra there are different versions of AppGuard, I've got version 5? What's the difference home version, pro/ent?

Version 4 and 5 are essentially the same at this time. 4 is End-of-Life. Enterprise is a managed service; the user is, by default, locked out of the system. All policies for Enterprise are created and maintained remotely and then distributed to the local system.

For your purposes, use version 5.
 
5

509322

It must be impossible to secure a system without using any software, virtualization, AppGuard etc., is the way forward and offer advanced protection. AppGuard is well priced, follow adding additional settings and rules, lock down mode is very secure!

Hacks and such can increase WIndows' security above its default configuration, but still they aren't going to cover all the bases. In a nutshell, hardening the OS is disabling settings, features, rules, etc that aren't needed or making them use the more secure option available.

Hardening the OS along with informed IT security behaviors goes a long way to improving security, but it isn't going to protect against all potential security issues.
 
Last edited by a moderator:

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
But relying on an Ai system to auto-detect suspicious PE execution attempts is not a good idea nor reliable, why not just watch what you're doing and not make dumb decisions by trying to run an unknown download in the first place?
voodoo does not rely on Ai alone to rate files. For instance, even if Ai says file X is okay, voodoo will still recommend you to block it, if file X is unsigned and it has 1 or more detections in VT.
In other words, voodoo does recognize the limitations of Ai detection.
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,598
... For instance, even if Ai says file X is okay, voodoo will still recommend you to block it, if file X is unsigned and it has 1 or more detections in VT...

In most cases (sadly) those VT detections come from other AI machines, too. Nothing is perfect.:)
So in the end, it looks like the total detection heavily depends on AI's and digital signing. For now, it means that Voodooshield must have many false positives (until AI's will be much smarter).:(
 

Handsome Recluse

Level 23
Verified
Top Poster
Well-known
Nov 17, 2016
1,242
In most cases (sadly) those VT detections come from other AI machines, too. Nothing is perfect.:)
So in the end, it looks like the total detection heavily depends on AI's and digital signing. For now, it means that Voodooshield must have many false positives (until AI's will be much smarter).:(
At least we now have multiple AI's working together which would then promptly take over the world.
You can only be part of the borg to be part of this world.
 
  • Like
Reactions: Andy Ful

shukla44

Level 13
Verified
Top Poster
Well-known
Jan 14, 2016
601
voodoo does not rely on Ai alone to rate files. For instance, even if Ai says file X is okay, voodoo will still recommend you to block it, if file X is unsigned and it has 1 or more detections in VT.
In other words, voodoo does recognize the limitations of Ai detection.

VS is a superb product. Very nice addition to your traditional AV (IMO). One thing that made me switch is it's command line & restoring settings/snapshot feature. Restoring the settings and whitelist doesn't restore (cause there is no backup, i think) command-lines.
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
In most cases (sadly) those VT detections come from other AI machines, too. Nothing is perfect.:)
So in the end, it looks like the total detection heavily depends on AI's and digital signing. For now, it means that Voodooshield must have many false positives (until AI's will be much smarter).:(
in my experience, there are indeed many false positives, and sometimes even silent blocking of safe things like chrome updates.
Basically, if voodoo says it's okay, it is. If voodoo says it isn't okay, think twice.
 

Rengar

Level 17
Verified
Top Poster
Well-known
Jan 6, 2017
835
using software is the easier route to the goal.

relying only on native windows features is a bigger challenge, and ultimately provides you with less control over fine-tuning your protection.

for those who find default/deny apps to be somewhat of a headache, like I do, so here's the aspirin:
1 install NVT ERP free beta, set to alert mode.
2 in the vulnerable processes list, delete all entries except for the powershell processes and wscript and cscript
3 in safe file locations, add C:\*
(You are done with tweaking ERP)
4 Now, move your downloads folder and your desktop to a location that is off the C drive.
5 do the same for email client storage folder, and torrent client download location.

Now you will have peace of mind to just use your computer, but at the same time, anything you download or run from removable storage will be met by a default/deny prompt.

Just make sure you trust the programs you have already installed.

this idea can be adapted to voodooshield, if you have pro version.
So with this config there is no need for an antivirus or WD or even anti-malware??? Just NVT?
 
D

Deleted member 178

if you have Win10 better keep WD. if you are on Win7, an AV is not needed; just remember nothing is 100% bullet proof is the user is careless.
 
  • Like
Reactions: Andy Ful and Rengar

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
So with this config there is no need for an antivirus or WD or even anti-malware??? Just NVT?
yes, windows 8 is similar to 10. I do recommend leaving WD enabled.

This minimalist config that I suggested is best used together with WD and smartscreen and UAC and standard user account and common sense.

And keep in mind, as others have rightly commented, this is not a "lockdown" config, but rather a no-headache config that provides strong protection.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top