Tutorial How to strengthen up your security configuration

  • Thread starter Deleted member 21043
  • Start date
Hi everyone,

With the rate of new security configurations being posted all the time, it is only a good idea for me to make a thread on how someone could go about improving their security configuration.

Firstly, I recommend you use a good Antivirus/Internet Security product. An Antivirus product does not usually contain a Firewall. If the Antivirus product you decide does not, then I recommend installing a Firewall alongside your Antivirus product.

I personally recommed either 1 of the 3 Internet Security products. However, this is based on my experience and testing. Everyone has a different opinion, the only person who can decide which product they want to use is YOU. No one else. You should use the trials and test each one to see which one you prefer.

1). ESET Smart Security - I personally feel that ESET have great signature-based/static-analysis detection. (The HIPS (Host Intrusion Prevention System) can perform better once configured correctly). As well as this they have the LiveGrid (cloud).
You can obtain ESET Smart Security from the official website, here: http://www.eset.co.uk/Home/Smart-Security

2). Emsisoft Internet Security - I personally feel that the Emsisoft Behaviour Blocker is good at preventing malware infections and has a good cloud network.
You can obtain Emsisoft Internet Security from the official website, here: http://www.emsisoft.com/en/software/internetsecurity/

3). Kaspersky Internet Security - the signature based detection is OK in my opinion, however they have a feature called Application Control which is quite well liked. As well as this they have the KSN (cloud).
You can obtain Kaspersky Internet Security from the official website, here: http://www.kaspersky.co.uk/internet-security?domain=kaspersky.com

For the money, I recon Emsisoft Internet Security is the best deal. However, I like all 3 products and all 3 are great in my opinion.

If you do not want an Internet Security product then I recommend getting an Antivirus product and then a firewall product alongside it. For Antivirus, I recommend the Antivirus version of the products listed below, however I will also mention some free alternative Antivirus products below, for anyone cannot currently purchase an Internet Security suite:

Paid:
1). ESET NOD32 (Antivirus)
Download: http://www.eset.co.uk/Home/NOD32-Antivirus

2). Emsisoft Anti-Malware
Download: http://www.emsisoft.com/en/software/antimalware/

3). Kaspersky Antivirus:
Download: http://www.kaspersky.co.uk/anti-virus

Free:
1). Avast Antivirus - Download: https://www.avast.com/en-gb/index

I expect someone will mention Qihoo in the comments, so I will mention it here, but not as a recommendation... Qihoo has a lot of users, however I personally do not think it's a fully polished product and I would certainly not trust it. Everyone has their own opinions. It's free; if you want to use it you can, however I do not recommend it and for this reason I will not include it in this thread. The product also seems to be promoted via a lot of adware. It's not always the vendors fault if their product is promoted via adware, however I see them promoted far too often than other vendors. Which is another reason why I have not included them in this thread.

For Firewall products alongside an Antivirus you could use a product like the free Comodo Firewall, however you can always just use Windows Firewall. If you use Windows Firewall, I recommend adding WFC (Windows Firewall Control) alongside it. There is also a program called "Glasswire" which is compatible with Windows Firewall.

Comodo Firewall - Download: https://www.comodo.com/home/internet-security/firewall.php
Windows Firewall Control - Download: http://www.binisoft.org/wfc.php
Glasswire - Download: https://www.glasswire.com/download/


Of course if you know of another Antivirus/Internet Security/Firewall product you want to use, you can feel free to use it. Those are just my suggestions for you.

Before I go off AV/IS and Firewall products, you may like Comodo Internet Security. It also supports "Auto-Sandboxing" with it's Sandbox feature.

After you have got your Antivirus & Firewall/Internet Security sorted out, you will need something people refer to as "on-demand scanners". An on-demand scanner is an application which scans the system without real-time/behavioural components. As we know an Antivirus product may consist of the Real-Time protection, Web Filter, Behaviour Blocker/HIPS... Only difference is an on-demand scanner is when you use a product to just scan the system. You shouldn't install another Antivirus and just disable the Real-Time etc. You shouldn't do this. So instead, there are products which are just for scanning, allowing you to keep your existing security software for real-time protection.

For on-demand scanners I recommend you either pick 1 - 3 of the following. If you want to extend to 4 then you can, however I recommend 3 as a maximum:

ESET Online Scanner
Malwarebytes Anti-Malware (free, the pro version adds Real-Time protection however this is unnecessary).
HitmanPro (this does cost money however you get a free trial beforehand)
Emsisoft Emergency Kit (EEK)

HerdProtect
Zemana Anti-Malware

Of course if you use ESET for real-time, then the Online Scanner would be pointless. Same for if you use Emsisoft as your main security product, the emergency kit would then be unnecessary.

There is a program called Unchecky. The aim of this program is to help keep potentially unwanted programs off your PC.
Download: http://unchecky.com/

Always make sure to have a backup plan. For backup I recommend using either Paragon & Recovery or AOMEI Backupper. As well as using one of these two pieces of software for backup/recovery, you can also try using cloud storage for your personal documents (of course if they are very important that no one else ever manages to get hold of them, don't use cloud storage since it's possible one day the cloud storage may be attacked) or storing them on an external device (external HDD, USB drive, blank DVD).

I also recommend you keep System Restore points for the future. You never know, even with backup for recovery it can be useful. With this in mind, I also recommend you keep a backup of your Registry. Before cleaning with CCleaner you can do this (if you decide to use CCleaner). If not you can do it manually.

If you like the thought of anonymity whilst browsing online, you may like the idea of using VPN (Virtual Private Network). I recommend: CyberGhost based on my experience.

I recommend an Anti-Exploit solution. A product like ESET will already contain Anti-Exploitation techniques, however if your main security solution does not contain such a feature then you may be interested in Malwarebytes Anti-Exploit.

You can download Malwarebytes Anti-Exploit here: https://www.malwarebytes.org/antiexploit/

You may be interested in installing HitmanPro.Alert. It contains many features such as: [check the spoiler]


    • Alerts the user when critical functions of the browser are compromised by known and new banking Trojans, like:
      • Zeus
      • SpyEye
      • Sinowal (aka Mebroot and Torpig)
      • Ice-IX
      • Citadel
      • Cridex
      • Carberp
      • Shylock
      • Tinba
      • and many others...
    • Passively vaccinates the computer to make sandbox-aware malware belief it is attacking an automated analysis system, causing the malware the disable itself.
    • Supports all popular web browsers: Internet Explorer, Chrome, Firefox, Opera, Maxthon, Comodo Dragon, Pale Moon, Tor Browser, Avant Browser, Baidu Spark Browser, SRWare Iron and Yandex Browser.
    • Future proof technology does not rely on malware signatures.
    • Compatible with all antivirus programs and runs alongside any other security software.

The system requirements are shown below:


    • Supported on 32-bit and 64-bit versions of Windows 8, Windows 7, Windows Vista, Windows XP, Windows Server 2012, Windows Server 2008 and Windows Server 2003.

It's CryptoGuard feature attracted many new users; you can more in-depth about it here: http://www.surfright.nl/en/cryptoguard
You can find more information about it at the following URL: http://www.surfright.nl/en/alert



I recommend that if you have an application you are unsure of or is new to you, you run it in a sandbox or another virtualized environment (such as a virtual machine) before your real system.

For the sandbox, I recommend using Sandboxie: http://www.sandboxie.com/
For the virtual machine I recommend VMWare, however VirtualBox will do: http://www.vmware.com/uk & https://www.virtualbox.org/

A suggestion of mine if you want to be extra secure is to install Sandboxie and then run your Browser sandboxed with Sandboxie.

Please be aware of "Anti-Sandboxing"/"Anti-Virtualization" techniques which may try to trick you.

If you do not want to do this manually yourself, you can upload an executable for online automated analysis with one of the following services:

https://www.hybrid-analysis.com (recommended)

https://malwr.com/
https://anubis.iseclab.org/

As well as this, you may wish to upload executables to a online scanning service like VirusTotal to check the score of other Antivirus engines you do not have access to on your main system.

VirusTotal: https://www.virustotal.com/

For web browser extensions I recommend using HTTPS Everywhere. It won't work for every website, but it does for a lot. HTTPS encrypts the communication between your webbrowser and the website, which is always good for securtiy. You can read more about HTTPS Everywhere and the supported browsers at the official link: https://www.eff.org/https-everywhere

I also recommend 3 other extensions:

LastPass - good for storing passwords. You can read more about it at the offical link:
https://lastpass.com/ (there is an extension available. If you cannot find it, search on the store for extensions for your browser e.g. for Google Chrome users, you can go here: https://chrome.google.com/webstore/detail/lastpass-free-password-ma/hdokiejnpimakedhajhdlcegeplioahd and for Firefox users you can go here: https://addons.mozilla.org/en-us/firefox/addon/lastpass-password-manager/ ).

Click&Clean - good for cleaning your browser after your browsing session.
Download - Google Chrome: https://chrome.google.com/webstore/detail/clickclean/ghgabhipcejejjmhhchfonmamedcbeod?hl=en
Download - Firefox: https://addons.mozilla.org/en-us/firefox/addon/clickclean/


WOT (Web Of Trust) - website reputation. NOTE: Please be aware that the reputation results may not always be 100% accurate and true. Take the results from WOT with a grain of salt. However, it's a nice addition and can be helpful in some cases.
Download: https://www.mywot.com/

I really recommend using an Adblocker. You may already know, however Advertisements invade your privacy in a way - they can collect information (for example, they can track you). Blocking the advertisements prevents this. For an Adblocker I personally recommend using uBlock (however it isn't available for all browsers, sadly).

You can download uBlock for Google Chrome here: https://chrome.google.com/webstore/detail/ublock/cjpalhdlnbpafiamejdnhcphjbkeiagm?hl=en
You can download uBlock for Firefox here: https://addons.mozilla.org/en-us/firefox/addon/ublock/
You can download uBlock for Opera here: https://addons.opera.com/en/extensions/details/ublock/?display=en

Since uBlock is not available for Internet Explorer, if you are an Internet Explorer user you can use Adblock Plus. You can download Adblock Plus for Internet Explorer from the following URL: https://adblockplus.org/en/internet-explorer

If you are not using either of those web browsers but a web browser which does not support a adblocker like uBlock, then you can always resort to using something called the Hosts file. The Hosts file is a file stored in a Windows subdirectories which basically blocks connections to certain hosts. It can be modified to work as an adblocker and/or block websites. Please note that it can be tampered with by other software.

The file path to the Hosts file is: c:\windows\system32\drivers\etc\hosts
You may be interested in MVPS Hosts list which can be obtained from here: http://winhelp2002.mvps.org/hosts.htm

If you are someone who really wants to Lockdown their system and try to prevent malware infections, consider using AppGuard and a lightweight Antivirus for backup to that.

AppGuard: http://www.blueridge.com/index.php/products/appguard/consumer

For Privacy/Cleaning software I recommend CCleaner. My experience with CCleaner has been great, and so has most other peoples experience based on the feedback I've seen people give. Compared to other cleaning products which provide "registry cleaning" abilities, I have seen less encounters of "registry issues" when using CCleaner. It can also clear your browser traces in real-time (if the feature is enabled), clean software installed on the system etc.

CCleaner: https://www.piriform.com/ccleaner/download

If you are a very advanced user, I recommend PrivaZer. You can download it here: http://privazer.com/download.php
Just be extra careful and take caution when using it.

For uninstallations, I personally think that the software uninstaller is usually for the best. The developer knows how to make an uninstaller for the product they made. However, it may still leave traces, so if you hate traces being left behind you can try using Revo Uninstaller. Even with this product, traces may still be left behind. This is where CCleaner may come into place and find them and have them cleaned.

Revo Uninstaller: http://www.revouninstaller.com/index.html

Make sure UAC (User Account Control) is enabled. The default settings are good for use. Next time you try to open a program and get a UAC alert on your screen asking if you want to run it as Administrator, make sure you know what the program is before allowng it. The amount of people who complain about UAC not being good because they decided to allow a program to run with Administrative rights which was new to them which then turned out to be malicious software... The security features can only do what they are programmed to do. The user still needs to do his work by doing research on new programs before giving them administrative permission on the system.

Before you allow a program to run with Administrative rights, check if it's digitally signed. I am not saying to just allow any program which is digitally signed.

If Microsoft SmartScreen is on your system (for example Windows 8) make sure to keep it enabled.

No matter what people may tell you, UAC and SmartScreen are GOOD features and they do WORK.

Make sure to keep all your software up-to-date as much as possible. If you see a update, get it done. Don't think "Later" because by later you may have already been affected by a exploit which was not caught which was pathced up in the update you decided not to install...

With that in mind, always keep Windows up-to-date. Should you ever have a bad, faulty update (which has happened in the past), you have a backup solution for a reason. It's not just in case of malware infections, but for a case where anything bad goes wrong. You don't have to install "optional" updates, but the security updates I recommend you always install. If you are paranoid about faulty updates, you can have Windows download the updates but not install them, allowing you to wait a few days and wait for any bad news for the updates before allowing them to install.

On top of everything mentioned above, if you are using a browser which offers security, then make sure it's enabled!

If you are a very advanced user, then you could use Windows Defender/MSE with Windows Firewall and be fine... Please do not just assume you are an "advanced" user because you know how to do something like show hidden files on your disk or think you know what you are doing. I have seen many people who have thought this and then become infected by something as bad as ransomware, and then lost all their files since they didn't make a backup (because they felt so confident they'd be fine).

Make sure not to use 2 Antivirus programs at the same time. They can cause system slowdowns, or in the worst cases even detect each other (although whitelisting should fix the detection issue). Multiple Antivirus software is not required, either.

Just remember, no Antivirus can protect you. It's down to you just as much. Think before you visit a website, think before you download and run a new program... If you are click happy and run anything then you're bound to become infected sooner or later. I know people who haven't used any secuirty products like Antivirus/Internet security for years and haven't ran into any issues.

Please note that depending on your hardware (RAM for example) may limit what you can use on your system.

Always remember that any change you make on your system is up-to-you. If you do not want to use something (let's say somebody suggested something), then of course you do not have too. Just remember that we are here to help you!

You could have the most minimal setup and never become infected. You could have the most minimal setup and become infected. Or you can stay infection-free with the most advanced setup or even become infected with that.


After reading this this thread, I recommend reading some comments since other members may give their suggestions for you below.

Cheers. ;)

EDIT: Added note about WOT, fixed grammar mistake and removed EAM compatibility opinion.
 
Last edited by a moderator:

WinXPert

Level 25
Verified
Trusted
Malware Hunter
Jan 9, 2013
1,461
I don't use LastPass but I use Password Hasher

plus I have this Secutiry Settings in Firefox

2i1nqpz.jpg
 

ahity

Level 1
May 16, 2017
43
intereseting post . im using bitdefender and malwarebytes 3 and for years my computer "maybe" clean and also blocking ads and website who force installing extension
 
  • Like
Reactions: AtlBo and Visa

Visa

Level 1
May 31, 2017
42
intereseting post . im using Bitdefender and Malwarebytes 3 and for years my computer "maybe" clean and also blocking ads and website who force installing extension
I recommend you checkout this post which was written by a staff member here: Umbra's Concept of Layered Config - its better than this guide IMO and covers more. :)

I recon you'll be fine using Bitdefender and Malwarebytes 3.0, just make sure you apply good safe practices when using your system too, otherwise nothing will help you! (e.g. be careful on what links you click, check email senders, don't download and run without performing check-ups, etc.). ;)
 
  • Like
Reactions: frogboy and AtlBo

AtlBo

Level 27
Verified
Content Creator
Dec 29, 2014
1,699
I recommend you checkout this post which was written by a staff member here: Umbra's Concept of Layered Config - its better than this guide IMO and covers more.

Took me a long time to understand how to cover all of the vulnerable areas of Windows to a satisfactory degree. I give @Umbra's layered config thinking the credit for realizing the protection scope required and for changing my view of matching security software. It's possible to match software to achieve acceptable protection. Moreover, I also feel there is enough good software that a configuration should never come with a sacrifice, performance or security-wise. Layering makes all of this possible. That said, it has become fundamentally clear to me that there is one single invisible baseline of protection for Windows that must be satisfied even to have started to secure a system. Yes, there is more that can be done sometimes, but baseline security should 100% handle normal security circumstances.

Guess if I had to sum up baseline security in a single program it wouldn't be possible at this point. KIS is probably as close as I could get, but secured backup should be in there too imo. To learn how to improve security, I second @Visa's suggestion to read @Umbra's work and focus on the vectors of attack. Then start with the area of the greatest vulnerability based on your usage. Address that, then move on to the second one (if it wasn't already addressed with the first choice), then the third, and so on. With determined research, shouldn't be a need to overlap protections and sacrifice performance.
 
5

509322

Took me a long time to understand how to cover all of the vulnerable areas of Windows to a satisfactory degree. I give @Umbra's layered config thinking the credit for realizing the protection scope required and for changing my view of matching security software. It's possible to match software to achieve acceptable protection. Moreover, I also feel there is enough good software that a configuration should never come with a sacrifice, performance or security-wise. Layering makes all of this possible. That said, it has become fundamentally clear to me that there is one single invisible baseline of protection for Windows that must be satisfied even to have started to secure a system. Yes, there is more that can be done sometimes, but baseline security should 100% handle normal security circumstances.

Guess if I had to sum up baseline security in a single program it wouldn't be possible at this point. KIS is probably as close as I could get, but secured backup should be in there too imo. To learn how to improve security, I second @Visa's suggestion to read @Umbra's work and focus on the vectors of attack. Then start with the area of the greatest vulnerability based on your usage. Address that, then move on to the second one (if it wasn't already addressed with the first choice), then the third, and so on. With determined research, shouldn't be a need to overlap protections and sacrifice performance.

The best foundation for a security config is:

1. A good quality, secure (properly configured) router from a vendor that issues security patches regularly; and
2. A good backup strategy

If you keep nothing on a system which you will regret losing, then the need for 2 is debatable

Build a layered security configuration on top of the foundation

At the same time a layered configuration does not have to be 6, 7 or more security programs piled on top of each other
 
5

509322

Protected process can be enforced on lsass.exe via a registry hack in Windows. It is used mostly for pass-the-hash protection in a client-server setup.

For testing purposes I have created and enabled the key on the system I am using to create this post. It has been enabled for a long time and I have seen no adverse effects. There are reports on the web that enabling the key might cause issues.
 
  • Like
Reactions: Oxygen and Visa
D

Deleted member 178

Protected process can be enforced on lsass.exe via a registry hack in Windows. It is used mostly for pass-the-hash protection in a client-server setup.

For testing purposes I have created and enabled the key on the system I am using to create this post. It has been enabled for a long time and I have seen no adverse effects. There are reports on the web that enabling the key might cause issues.
not saying average users don't even need to use this hack , how high are the chances they will be hit by such kernel attacks? almost 0.01%.
meteors exist , sure, doesn't mean i will get hit by one every day.
 
  • Like
Reactions: Visa
5

509322

not saying average users don't even need to use this hack , how high are the chances they will be hit by such kernel attacks? almost 0.01%.
meteors exist , sure, doesn't mean i will get hit by one every day.

I just put it up there since @Visa has been playing around with code injection into protected processes. On client endpoints and servers, lsass.exe is a protected process.
 
  • Like
Reactions: Visa

frogboy

In memoriam 1961-2018
Jun 9, 2013
6,719
Kram7750 was banned for a rudeness incident in 2015. He came back as Wave in 2016 and voluntarily left in 2017. Then he was banned for using an account duplicate which had 1 post after he left a few months ago. Is a shame..
Yes sadly he is no longer a member here at MT. :(
 
  • Like
Reactions: Coca-Cola
Top