- Jan 9, 2013
- 1,457
The associated guide may contain user-generated or external content.
you can, in addition, follow my layered security guide
- May 17, 2015
- 22
I've been using 1password for awhile now and really like it's feature set, but I might have to give that one a try.
- Jul 6, 2016
- 16
intereseting post . im using bitdefender and malwarebytes 3 and for years my computer "maybe" clean and also blocking ads and website who force installing extension
- May 31, 2017
- 42
I recommend you checkout this post which was written by a staff member here: Umbra's Concept of Layered Config - its better than this guide IMO and covers more.
I recon you'll be fine using Bitdefender and Malwarebytes 3.0, just make sure you apply good safe practices when using your system too, otherwise nothing will help you! (e.g. be careful on what links you click, check email senders, don't download and run without performing check-ups, etc.).
- Dec 29, 2014
- 1,716
Took me a long time to understand how to cover all of the vulnerable areas of Windows to a satisfactory degree. I give @Umbra's layered config thinking the credit for realizing the protection scope required and for changing my view of matching security software. It's possible to match software to achieve acceptable protection. Moreover, I also feel there is enough good software that a configuration should never come with a sacrifice, performance or security-wise. Layering makes all of this possible. That said, it has become fundamentally clear to me that there is one single invisible baseline of protection for Windows that must be satisfied even to have started to secure a system. Yes, there is more that can be done sometimes, but baseline security should 100% handle normal security circumstances.
Guess if I had to sum up baseline security in a single program it wouldn't be possible at this point. KIS is probably as close as I could get, but secured backup should be in there too imo. To learn how to improve security, I second @Visa's suggestion to read @Umbra's work and focus on the vectors of attack. Then start with the area of the greatest vulnerability based on your usage. Address that, then move on to the second one (if it wasn't already addressed with the first choice), then the third, and so on. With determined research, shouldn't be a need to overlap protections and sacrifice performance.
The best foundation for a security config is:
1. A good quality, secure (properly configured) router from a vendor that issues security patches regularly; and
2. A good backup strategy
If you keep nothing on a system which you will regret losing, then the need for 2 is debatable
Build a layered security configuration on top of the foundation
At the same time a layered configuration does not have to be 6, 7 or more security programs piled on top of each other
Protected process can be enforced on lsass.exe via a registry hack in Windows. It is used mostly for pass-the-hash protection in a client-server setup.
For testing purposes I have created and enabled the key on the system I am using to create this post. It has been enabled for a long time and I have seen no adverse effects. There are reports on the web that enabling the key might cause issues.
For testing purposes I have created and enabled the key on the system I am using to create this post. It has been enabled for a long time and I have seen no adverse effects. There are reports on the web that enabling the key might cause issues.
not saying average users don't even need to use this hack , how high are the chances they will be hit by such kernel attacks? almost 0.01%.
meteors exist , sure, doesn't mean i will get hit by one every day.
I just put it up there since @Visa has been playing around with code injection into protected processes. On client endpoints and servers, lsass.exe is a protected process.
- Jun 9, 2013
- 6,720
Similar threads
