CydMM's Configuration

[CydMM]

- Norton DNS
- Update Checker: Secunia PSI
- CCleaner
- FoxIt reader instead of Adobe Reader
- OpenOffice Suite instead of the Microsoft Office Suite
- UAC to highest security level
- Turn off Autoplay
- Encrypt the hard disk drive with Bit Locker
- Turn off Files and Printers sharing and disable NetBIOS Protocol
- SEHOP
- EMET
- DEP
- Set the Network type as Public
- Disable Remote Assistance and Remote Desktop
- Require CTRL+ALT+DEL to Login
- Setting Strong Administrator password to access the router
- WPA2 Wireless Encryption
- Enabling MAC Address Filtering (only my iPhone will be enabled)


Hi guys, I am submitting my security config to your attention in order to understand if there are weakpoints and where/how I can optimize this setup for a bulletproof system.

My level of security risk is high because I use to make a lot of banking operations from home and because I use to handle, due to my job, a lot of sensible data from home.

Thank you all in advance for any suggestion and comment.


-Configuration modified on October 13th 2011-

 

[Deleted member 178]

your config is solid, but if you want more, you can add:

-EMET for hardening your softwares: http://support.microsoft.com/kb/2458544
- Sandboxie for virtualizing your browsing and apps: http://www.sandboxie.com/
- Hitman Pro (http://www.surfright.nl/en) and/or Emsisoft Anti-malware free ( http://www.emsisoft.com/en/software/antimalware/) to your on-demand scans:

if you want install emsisoft tell me, i will give you an official link that will help me to get more days to my license (this is optional of course.)

 

[CydMM]

your config is solid, but if you want more, you can add:

-EMET for hardening your softwares: http://support.microsoft.com/kb/2458544
- Sandboxie for virtualizing your browsing and apps: http://www.sandboxie.com/
- Hitman Pro (http://www.surfright.nl/en) and/or Emsisoft Anti-malware free ( http://www.emsisoft.com/en/software/antimalware/) to your on-demand scans:

if you want install emsisoft tell me, i will give you a link that will give me more days to my license 'this is optional of course.)

Hi umbrapolais,

first of all thanks for your answer. So, the free version of Emsisoft Anti-malware differs from the "paid" version about the real-time protection?

I am really concerned about identity-theft, keyloggers, hackers attack, phising....any attack from outside meant to get banking data, password-steal....:s

 

[Jack]

You have a solid security configuration.To further increase it you could use a virtual environment when browsing the internet or running suspicious/unknown apps.

Virtualization:
Sandboxie (Free/Paid) - link
Sandboxie runs your programs in an isolated space which prevents them from making permanent changes to other programs and data in your computer.

---

Are you using any password managers?? If not you could install Lastpass (a browser add-on)

Additional browser plugins
LastPass (Free) - link
LastPass is an online password manager and form filler that makes web browsing easier and more secure.

Also you can install this great addon which will allow you scan any new download with +40 different scanners.
VTzilla (Free) - link
VTzilla is a Mozilla Firefox browser plugin that simplifies the process of scanning Internet resources with VirusTotal. It allows you to download files directly with VirusTotal's web application prior to storing them in your PC. Moreover, it will not only scan files, but also URLs.
The scanning options are embedded in Firefox's context menu and download dialog, making the analysis process as easy as clicking a single button.

---

Because you do a lot of internet banking you could replace keyscrambler with Zemana Antilogger.
We are hosting a giveway for this product , so you can get it for free.
It should be compatible with NIS 2012.

---

Additional On-demand scanners:

Hitman Pro (Trial) - link
An on-demand scanner using multiple anti-malware engines and cloud technology. It offers unlimited free scanning but once you use it to remove detected malware it switches to a 30-day trial version. I recommend using it after you've scanned your hard-drive with the other products you have installed.

Emsisoft Emergency Kit (Free) - link
With the Emsisoft Emergency Kit Scanner you have got the powerful Emsisoft Scanner including graphical user interface. Search the infected PC for Viruses, Trojans, Spyware, Adware, Worms, Dialers, Keyloggers and other malign programs.
Run the Emsisoft Emergency Kit Scanner with a double click on a2emergencykit.exe. Found Malware can be moved to quarantine or finally deleted.

---

Always keep in mind that you are the first layer of protection , If you have common sense than it's very hard to get infected. Here is what you need to know : http://malwaretips.com/Thread-How-to-avoid-malware

Welcome to malwaretips.com!

 

[Deleted member 178]

first of all thanks for your answer. So, the free version of Emsisoft Anti-malware differs from the "paid" version about the real-time protection?

exactly the free version is just a (pretty strong) on-demand scanner. but it allow you to try the full version for 30 days. you can check its potency on this forum in the community review section

http://malwaretips.com/Thread-Emsisoft-AM-v6-Final
http://malwaretips.com/Thread-Emsisoft-Anti-Malware-6-Test-by-winsevenholic-me (test done by a member of this forum)

I am really concerned about identity-theft, keyloggers, hackers attack, phising....any attack from outside meant to get banking data, password-steal....:s

for that i suggest you to add Zemana Anti-logger, you can easily win a license for it on this forum : http://malwaretips.com/Thread-Giveaway-Zemana-AntiLogger-Giveaway-Share-Receive

offtopîc : lol Jack, always faster than me

 

[Ink]

What reason for the High level of security risk?

Is your home network protected by a hardware (NAT) firewall?

 

[CydMM]

What reason for the High level of security risk?

Is your home network protected by a hardware (NAT) firewall?

As I wrote in my first post, the reason why I judged my level of security as "high" is because i use to make many bank operations with my home pc, as well as handling sensible data.

As far as the hardware firewall is concerned, I do connect to Internet through a USR9111 Wireless ADSL2+ Router and I thinks it is NAT one.
I mean...I am not 100% sure but i guess so

 

[Ink]

Hmm.. I missed that from the first post.

Sensitive data can be encrypted or stored externally in a secure location. Though encryption can be useful losing the password key will make the data useless and possibly impossible to recover.

 

[CydMM]

Hmm.. I missed that from the first post.

Sensitive data can be encrypted or stored externally in a secure location. Though encryption can be useful losing the password key will make the data useless and possibly impossible to recover.

I totally agree with you.

In fact I am using TrueCrypt in order to store my personal data (e.g. passwords) in an encrypted external volume.
The password to access this volume is created through a random password generator and I keep it in my USB key.

The problem is when I do use online databases, softwares for bank movements, exchanging financial data, using sensible information.

This is why I am using FF 7 with all those extensions....

I am trying to thing that once NIS 12 trial licence expire I could switch to Comodo Internet Security with highest security settings....the HIPS inside that software maybe would grant me bulletproof protection?

 

[Deleted member 178]

the HIPS inside that software maybe would grant me bulletproof protection?

yes sure, if you know your system enough and can handle some popups.

 

[Ink]

Nothing is bulletproof, not even Comodo Internet Security and the security is only as good as the end-user.

Before Comodo, I would suggest you trial out Avast! Pro or Internet Security (and check the Comparison in link below):
http://www.avast.com/en-gb/pro-antivirus#tab4
- SafeZone is good for online banking

 

[CydMM]

Nothing is bulletproof, not even Comodo Internet Security and the security is only as good as the end-user.

Before Comodo, I would suggest you trial out Avast! Pro or Internet Security (and check the Comparison in link below):
http://www.avast.com/en-gb/pro-antivirus#tab4
- SafeZone is good for online banking

Yes, I guess a bulletproof system is achievable only when, and as long as, the end-user of the system itself acts with good-sense.

From my past experiences with Avast I am not relying on this band for my system security....three years ago I found out my system full of malware even with my Avast intalled, which reported no alams of threats.

And now I am really doubtful about if it is better to put the matter either on the hands of an Internet Security suite (NIS 2012 seems to be the best one nowadays) or installing a very good standalone antivirus software and Comodo Personal Firewall on the other side...and maybe surfing through Sandboxie...

 

[Deleted member 178]

three years ago I found out my system full of malware even with my Avast intalled, which reported no alams of threats.

yes me too, with avast 5 many computers i checked were infected, but since v6 i see a big change; try it for a while or watch some video malware tests on this forum (community video review section ).

 

[win7holic]

i never use avast in version 5, my friend offering me for 1 year license.
BUT, i'm not accept it. not sure about avast quality.
you can watch video testing about AV software ,on this forum by me or other people on youtube.
thanks.

 

[Ink]

In 3 years Avast has changed a lot, with many new features (though all not needed) and now includes a Sandbox. You should consider reviewing the changes before having doubts.

As said before, your computer security is only as good as the user using it.

Sandboxie is a good choice too.

Cheers

 

[CydMM]

In 3 years Avast has changed a lot, with many new features (though all not needed) and now includes a Sandbox. You should consider reviewing the changes before having doubts.

As said before, your computer security is only as good as the user using it.

Sandboxie is a good choice too.

Cheers

I have read reviews that document a number of improvements and some sort of new philosophy behind new version of Avast and probably they heard the huge quantity of complaints coming from older versions' users and applied revisions and fixes.

Maybe it should deserve a try....doesn't it?

 

[CydMM]

What reason for the High level of security risk?

Is your home network protected by a hardware (NAT) firewall?

As I wrote in my first post, the reason why I judged my level of security as "high" is because i use to make many bank operations with my home pc, as well as handling sensible data.

As far as the hardware firewall is concerned, I do connect to Internet through a USR9111 Wireless ADSL2+ Router and I thinks it is NAT one.
I mean...I am not 100% sure but i guess so

As regards maximum security when doing online banking..what about conducting my financial affairs on the Internet via a self-booting Linux Live CD running Firefox?

Since a Linux Live CD is read-only media, the environment (running entirely in RAM), should be much more secure than Windows.

What do you think about that?

 

[win7holic]

from this site?
http://billmullins.wordpress.com/2011/07/28/secure-your-online-banking-with-a-linux-live-cd/


yes. i thought.
if you use it. it will be safe. because , from that site i read.
after you reboot the machine. it will gone all information you created same like you create new again.
because;

Since a Linux Live CD is read-only media, the environment (running entirely in RAM), will be much more secure than Windows.

it just run in RAM.

so, in my point, it's more SAFER than windows OS.

 

[CydMM]

Exactly from that site.

I think it's a safe way to handle online banling, isn't it?

The point is that Firefox through that Live CD cannot be "equipped" with the security addons like ADBlock Plus, NoScript, Ghostery, and so on....

 

[win7holic]

ADBlock Plus, NoScript, Ghostery
why need it?
since you use liveCD , and all run on RAM, it's no problem without of them.
when you reboot the machine. it will gone all error or even bad files.
and, it will not touch the Hard Disk. so, it SAFE.