Nico@FMA

Level 27
Another big issue is that while one might be "THE" perfect all knowing computer user, todays malware comes in so many forms that anyone thinking that running a PC just on good surf and PC habits will do it for you. WRONG Death wrong guys.
Having a APP or browser extension or a collection of both sure helps no argue there. Fact is however that the majority of the latest infections walk right past any of these configurations. Did you not got hit yet? Good for you yet do realize that blog after blog and security after security magazine is reporting wave after wave of infected computers using exactly the same configurations as you can see here on MT and many other forums, and NO APP, Browser extension did anything to stop it. My point here is a few years ago we did have Trojans and malware popping up all over the place, think about netsky and that sort of crap. Now the last 3 years ransom crap is rampant and now you see more data collecting type of malware, hidden in legit files, injected into legit websites. One does not even have to click on a link. My point its not YOU that has to mess up. Now while Windows 10 seem to be reasonable safe, have you guys seen how many Windows 10 infections there are? its 3 times as much as when Windows 7 was around the same age as Windows 10. And the funky part about it is? That some of this malware cannot even be classed as malware since its so well hidden. A whole new generation of "dangers" is surfacing leaving all these fancy anti exe, app lock and browser extensions eating dust. None wants a Anti NSA setup, since you cannot achieve it anyway, one does not want to have a bunker hill type of defense either since it only bogs down the system. But the big draw back with all these security addons and such is that you got so many potentially weak links where a good Internet security suit does do better.
Everyone keeps focusing on light on resources, high detection rate yet most end up asking @TwinHeadedEagle for a clean up.

Just get yourself a GOOD Internet Security Solution then keep windows updated, use smart screen or Google malicious protection and use your brain. Beats any of these plugin based security apps.

Maybe a bit of topic and it may sound harsh but i am getting a little tired of always the same type of configurations that effectively do nothing much. (Still better then nothing obviously) But i am just saying, i see members here on the forum reply to these sort of topics and i am thinking guys you know better then that.
 

_CyberGhosT_

Level 53
Content Creator
Trusted
Verified
It sounds to me like you are striving for a lock-down security config with 99.999% reliability, that does not rely on a local or a cloud data base.
If that is the case, the best combo for you would probably be ReHIPS+AppGuard, or NVT ERP+AppGuard.
AppGuard is a bit expensive, and takes some getting used to, but it's very strong protection when configured properly. I am the wrong one to ask about how to configure it, but there are threads on MT you can read.
Of course, a user mistake will bypass any security config.
Thats why I quit posting, there are some very experienced minds here and he seems to want to debunk the ideas we offer.
Which is his right I guess, weather or not I take part in that charade is another question ;)
 
  • Like
Reactions: Axelrod Sven
H

hjlbx

Another big issue is that while one might be "THE" perfect all knowing computer user, todays malware comes in so many forms that anyone thinking that running a PC just on good surf and PC habits will do it for you. WRONG Death wrong guys.
Having a APP or browser extension or a collection of both sure helps no argue there. Fact is however that the majority of the latest infections walk right past any of these configurations. Did you not got hit yet? Good for you yet do realize that blog after blog and security after security magazine is reporting wave after wave of infected computers using exactly the same configurations as you can see here on MT and many other forums, and NO APP, Browser extension did anything to stop it. My point here is a few years ago we did have Trojans and malware popping up all over the place, think about netsky and that sort of crap. Now the last 3 years ransom crap is rampant and now you see more data collecting type of malware, hidden in legit files, injected into legit websites. One does not even have to click on a link. My point its not YOU that has to mess up. Now while Windows 10 seem to be reasonable safe, have you guys seen how many Windows 10 infections there are? its 3 times as much as when Windows 7 was around the same age as Windows 10. And the funky part about it is? That some of this malware cannot even be classed as malware since its so well hidden. A whole new generation of "dangers" is surfacing leaving all these fancy anti exe, app lock and browser extensions eating dust. None wants a Anti NSA setup, since you cannot achieve it anyway, one does not want to have a bunker hill type of defense either since it only bogs down the system. But the big draw back with all these security addons and such is that you got so many potentially weak links where a good Internet security suit does do better.
Everyone keeps focusing on light on resources, high detection rate yet most end up asking @TwinHeadedEagle for a clean up.

Just get yourself a GOOD Internet Security Solution then keep windows updated, use smart screen or Google malicious protection and use your brain. Beats any of these plugin based security apps.

Maybe a bit of topic and it may sound harsh but i am getting a little tired of always the same type of configurations that effectively do nothing much. (Still better then nothing obviously) But i am just saying, i see members here on the forum reply to these sort of topics and i am thinking guys you know better then that.
I get you Nico@FMA... your points are well taken, but SRP which is every bit equivalent to Symantec Application Control (fully customized to the system - e.g. interpreters disabled, protected registry key modifications prohibited, vulnerable processes run with strict limited access rights, blocking of vulnerable file types, etc, etc) has kept the system clean. I have tried many, many times to infect system by using outdated, vulnerable programs and then visiting known exploit webpages. Admittedly only sometime the exploit succeeds, but when it does the system infection is blocked. Virtually nothing will run from User Space - and the directories in System Space that Windows allows writes - execution is prohibited from those locations. This is just a start of the policies.

You said it was a bear - and it is - but once you do it, you learn it, and it gets easier...

You have nobody to blame but yourself on this one, because I learned at least some of it from you. :D I picked some of this stuff up by carefully reading all your posts about Application Control many months ago...
 

Axelrod Sven

Level 3
Everyone on @MalwareTips has a different config. You'll be hard-pressed to find two people with the exact same config.

If you're playing Goldilocks by saying "That's too big, that's too small, that's too abcdefg, that's too Donald Trump" you'll never get anywhere.

Everyone on @MalwareTips like each other, respect each other's configs, disagree with the choices sometimes, but something everyone agrees on is... User Intelligence, Finding what is Comfortable with you, checking that your choices are Compatible with each other and your personal preferences and/or budget, and preparing for worst case (Back-up) then you'll be fine.

I would say...look at some of the best cited Configs. Try them out, switch in, switch out, try what works for you, use the forum to tweak those and stay happy with it. Nobody here will give a perfect answer, nobody here will give you a completely wrong answer. But on average, we are right 98 to 99.99% of the time, so you can't go far wrong by following the collective advice and opinions posted here and picking and choosing from them.
 
Another big issue is that while one might be "THE" perfect all knowing computer user, todays malware comes in so many forms that anyone thinking that running a PC just on good surf and PC habits will do it for you. WRONG Death wrong guys.
Having a APP or browser extension or a collection of both sure helps no argue there. Fact is however that the majority of the latest infections walk right past any of these configurations. Did you not got hit yet? Good for you yet do realize that blog after blog and security after security magazine is reporting wave after wave of infected computers using exactly the same configurations as you can see here on MT and many other forums, and NO APP, Browser extension did anything to stop it. My point here is a few years ago we did have Trojans and malware popping up all over the place, think about netsky and that sort of crap. Now the last 3 years ransom crap is rampant and now you see more data collecting type of malware, hidden in legit files, injected into legit websites. One does not even have to click on a link. My point its not YOU that has to mess up. Now while Windows 10 seem to be reasonable safe, have you guys seen how many Windows 10 infections there are? its 3 times as much as when Windows 7 was around the same age as Windows 10. And the funky part about it is? That some of this malware cannot even be classed as malware since its so well hidden. A whole new generation of "dangers" is surfacing leaving all these fancy anti exe, app lock and browser extensions eating dust. None wants a Anti NSA setup, since you cannot achieve it anyway, one does not want to have a bunker hill type of defense either since it only bogs down the system. But the big draw back with all these security addons and such is that you got so many potentially weak links where a good Internet security suit does do better.
Everyone keeps focusing on light on resources, high detection rate yet most end up asking @TwinHeadedEagle for a clean up.

Just get yourself a GOOD Internet Security Solution then keep windows updated, use smart screen or Google malicious protection and use your brain. Beats any of these plugin based security apps.

Maybe a bit of topic and it may sound harsh but i am getting a little tired of always the same type of configurations that effectively do nothing much. (Still better then nothing obviously) But i am just saying, i see members here on the forum reply to these sort of topics and i am thinking guys you know better then that.
Big thumbs up for you, not a lot of people from here understand this. They still think that having X products you are safe. I would also add signed RAT's (or other signed malware), using apps that are common flagged as malware to inject the payload and many more.
 

Nico@FMA

Level 27
I get you Nico@FMA... your points are well taken, but SRP which is every bit equivalent to Symantec Application Control (fully customized to the system - e.g. interpreters disabled, protected registry key modifications prohibited, vulnerable processes run with strict limited access rights, blocking of vulnerable file types, etc, etc) has kept the system clean. I have tried many, many times to infect system by using outdated, vulnerable programs and then visiting known exploit webpages. Admittedly only sometime the exploit succeeds, but when it does the system infection is blocked. Virtually nothing will run from User Space - and the directories in System Space that Windows allows writes - execution is prohibited from those locations. This is just a start of the policies.

You said it was a bear - and it is - but once you do it, you learn it, and it gets easier...

You have nobody to blame but yourself on this one, because I learned at least some of it from you. :D I picked some of this stuff up by carefully reading all your posts about Application Control many months ago...
Point well taken but i was not talking about your sound advise. My issue is not with the things you or other longtimers said and advised.
Its more then some are so much into i do not want a complete solution so lets try to form a complete solution based upon browser extensions and other third party software. In the end its a maze of programs. And what does it add? Nothing special and nothing that cannot be done by one good solution.

That being said everything you said is true and yes you are right but i was not talking about your advise. Its more that i was reading some of these topics and noticed that most of these new members are learning a exotic security mix, yet they got for example UAC disabled, they use some funny placebo security program while the "good" security program is either turned off or totally forgotten. My point is that some of the newer generation members look for some GREAT security config and they learn how to put it together yet and here does it come: They have NO clue what it is doing. And after reading this topic i replied with the comments i made. But for the same money i could have replied in a different topic since my comment was based upon a collection of topic's
Sorry for hijacking this topic that was not my intention but just wanted to speak my mind.
Anyway sorry for the confusion.

Kind Regards,
Nico
 
D

Deleted member 178

@Nico@FMA i totally agree , i saw too many users stockpiling softs without having any clues to how set them for optimal protection (some even let them as default) while discarding all Windows security built-in features in the name of "i dont need them, my soft is rated by X test lab"...

If i really want i can discard all security apps im using, and just using some personal tweaks and i won't get infected.

True security is by knowledge of your system, not by the number of protection you may have.
 

_CyberGhosT_

Level 53
Content Creator
Trusted
Verified
@Nico@FMA i totally agree , i saw too many users stockpiling softs without having any clues to how set them for optimal protection (some even let them as default) while discarding all Windows security built-in features in the name of "i dont need them, my soft is rated by X test lab"...

If i really want i can discard all security apps im using, and just using some personal tweaks and i won't get infected.

True security is by knowledge of your system, not by the number of protection you may have.
I agree Umbra, its like wearing 3 condoms, its redundant and then, there goes your usability :rolleyes:
rofl, ok I'l quit, but you have to admit you laughed :p
 
H

hjlbx

In the end its a maze of programs. And what does it add? Nothing special and nothing that cannot be done by one good solution.
Only someone with lots of experience would make a statement such as this...

You once told me - I don't recall, but it was something similar to these words - "control as much of the code on the system as possible, don't introduce unknown\untrusted code, audit system, reduce attack surface, learn and apply intelligent OS tweaks, keep softs updated, and protect network."

That pretty much covers everything.

At that time (a year or more ago ?) I thought to myself: "Good Lord Almighty... it's too much for me..."

I got everything except protect network -- I think I need an FMA hardware solution on that one because nothing I have tried seems adequate :D (very easy sale for you... if I only had the loot) -- Windows with its funky default network settings (so I harden) -- but then again, I don't use any risky networks and my system sits behind a decent NAT. I tried port-forwarding with various firewalls, but meh..., it didn't seem so great when I tested using CORE.
 
D

Deleted member 178

I got everything except protect network -- I think I need an FMA hardware solution on that one because nothing I have tried seems adequate :D (very easy sale for you... if I only had the loot) -- Windows with its funky default network settings (so I harden) -- but then again, I don't use any risky networks and my system sits behind a decent NAT. I tried port-forwarding with various firewalls, but meh..., it didn't seem so great when I tested using CORE.
i wish BlackIce Firewall was still alive...
 

Nico@FMA

Level 27
Only someone with lots of experience would make a statement such as this...

You once told me - I don't recall, but it was something similar to these words - "control as much of the code on the system as possible, don't introduce unknown\untrusted code, audit system, reduce attack surface, learn and apply intelligent OS tweaks, keep softs updated, and protect network."

That pretty much covers everything.

At that time (a year or more ago ?) I thought to myself: "Good Lord Almighty... it's too much for me..."

I got everything except protect network -- I think I need an FMA hardware solution on that one because nothing I have tried seems adequate :D (very easy sale for you... if I only had the loot) -- Windows with its funky default network settings (so I harden) -- but then again, I don't use any risky networks and my system sits behind a decent NAT. I tried port-forwarding with various firewalls, but meh..., it didn't seem so great when I tested using CORE.
Lol FMA hardware solution would suit you fine yet a WEEEEEEEE bit overkill don't you think?

i wish BlackIce Firewall was still alive...
Maybe it is maybe it isn't lol but then again there are still people who believe Elvis did not leave the building.
Whahahaha.
 
  • Like
Reactions: DardiM
H

hjlbx

i wish BlackIce Firewall was still alive...
I tried finding good network solution. The only thing that seems like it might fit the bill is IDS like SNORT or similar, but I'm not gonna spend 3 months - or probably longer - to figure that whole rigmarole out...

An updated, improved BlackIce would probably be my first pick today. It's too bad development stopped...
 
  • Like
Reactions: _CyberGhosT_
H

hjlbx

Lol FMA hardware solution would suit you fine yet a WEEEEEEEE bit overkill don't you think?
Sure, but you could use the money...hjlbx brings you a big, fat stack of euro-cash - everything in-full, up-front. Complete package with support, paid travel time, install service, expenses + 49 %. You know, support the cause... :D

Wish all your clients were like that...
 
  • Like
Reactions: _CyberGhosT_

HarborFront

Level 46
Content Creator
Verified
Thats why I quit posting, there are some very experienced minds here and he seems to want to debunk the ideas we offer.
Which is his right I guess, weather or not I take part in that charade is another question ;)
I'm not here to dispute or please great minds. I'm here to find answers to my needs.

Like I mentioned if suggestions (great for you) but don't meet my requirements in the opening post then I'll not accept them because my needs are different from yours.

A newie here does not mean his new everywhere. It's just that I joined the MT forums yesterday. Do not underestimate all newies. Remember this.

Thanks for your postings and if I did not accept your suggestions (and by others) most probably they don't meet my needs. No hard feelings and I do hope you can accept this.

Continuous improvement is one of my strong traits.
 
Last edited:
  • Like
Reactions: _CyberGhosT_

shmu26

Level 80
Content Creator
Trusted
Verified
Good for you yet do realize that blog after blog and security after security magazine is reporting wave after wave of infected computers using exactly the same configurations as you can see here on MT and many other forums
that's interesting. maybe I am brainwashed by MT.
do you see reports that users of voodooshield, or AppGuard, or NVT ERP, are getting infected?
 
  • Like
Reactions: _CyberGhosT_
H

hjlbx

Have You change Adguard on Ublock orginal ?
Regards
I have 3 systems, so I get to try different things on different systems.

On primary system I still use Adguard. The element picker\blocker works a little better. uBlock Origin is probably the best freeware alternative, unless you want to bugger yourself with uMatrix or NoScript (both ugh in my experience... too much work and alters webpage too much).

Notice in the image I am using W7 on a puny, underpowered Pentium system - hence uBlock Origin instead of Adguard - which starts with Windows.