- Jul 21, 2011
- 669
Hungry Man's Setup
- Thread starter Hungry Man
- Start date
Very solid config.
For Mamutu, i allow nothing automatically, i prefer allow everything myself. i used to set CIS sandbox on restricted or untrusted and the firewall on Custom.
What addon (if any) do you use for chrome?
For Mamutu, i allow nothing automatically, i prefer allow everything myself. i used to set CIS sandbox on restricted or untrusted and the firewall on Custom.
What addon (if any) do you use for chrome?
- Jul 21, 2011
- 669
Thanks.
No security addons for Chrome. I find that the browsers built in security stands on its own.
I used Mamutu on Paranoid for a while but I've come to the point where I really feel so secure that it's a matter of trimming down now and not bulking up.
What I like about Mamutu is the performance against 0day malware. This is simply my "backup" layer if my CIS fails. Considering that sandboxing in CIS is not fully virtualized yet it is possible to bypass (we've seen this in 5.5) and it's nice to have Mamutu there to double check.
No security addons for Chrome. I find that the browsers built in security stands on its own.
I used Mamutu on Paranoid for a while but I've come to the point where I really feel so secure that it's a matter of trimming down now and not bulking up.
What I like about Mamutu is the performance against 0day malware. This is simply my "backup" layer if my CIS fails. Considering that sandboxing in CIS is not fully virtualized yet it is possible to bypass (we've seen this in 5.5) and it's nice to have Mamutu there to double check.
- Jan 24, 2011
- 9,378
Real-time protection
It's based on prevention which is very good but you might want to add VirusTotal Uploader to your security config , just to increase your detection ration.
What antivirus did you previously use?
On-demand scanners
Why don't you use MBAM as an on-demand scanner?
Additional browser protection:
I know that Chrome has a good built in security but it doesn't have a site advisor, which can be very useful sometimes , so I would strongly recommend that you add :
WOT (Free) - link
To help you avoid malicious sites you can use Web of Trust (WOT) a website rating browser plugin. After you add it to your browser make sure you only visit websites rated "Green" by WOT
Here are also some other plugins that could make your life better/easier :
Additional browser plugins
Adblock Plus for Google Chrome (Free) - link
Adblock Plus for Google Chrome is a content-filtering extension for Google Chrome. Adblock allows users to prevent page elements, such as advertisements, from being downloaded and displayed.
Ghostery (Free) -link
Ghostery is your window into the invisible web – tags, web bugs, pixels and beacons that are included on web pages in order to get an idea of your online behavior.
Ghostery tracks the trackers and gives you a roll-call of the ad networks, behavioral data providers, web publishers, and other companies interested in your activity.
You can read here a review on Ghostery
LastPass (Free/) - link
LastPass is an online password manager and form filler that makes web browsing easier and more secure.
Extra protection:
EMET 2 (Enhanced Mitigation Experience Toolkit) (Free) (Optional) - link
EMET provides users with the ability to deploy security features built into Windows to arbitrary applications. This helps prevent vulnerabilities in those applications from successfully being exploited. DEP, SEHOP and ASLR are such security features, if you want to learn more about what they do, you can watch this video from Microsoft TechCenter. To configure EMET you should follow this guide by rationallyPARANOID.
VTUploader (Free) - link
To upload a file to VirusTotal, you can visit the main analysis site, click the Browse button to select a file from your hard drive, and then click the Send file button. You can make this process even easier with the free VirusTotal Uploader utility. After installing it, you can simply right-click any file under 20MB and choose "VirusTotal" from the Send To Windows menu. The scan results will display in your browser as usual.
Anyway ,overall this is a solid config. +1 for the LUA.
It's based on prevention which is very good but you might want to add VirusTotal Uploader to your security config , just to increase your detection ration.
What antivirus did you previously use?
On-demand scanners
Why don't you use MBAM as an on-demand scanner?
Additional browser protection:
I know that Chrome has a good built in security but it doesn't have a site advisor, which can be very useful sometimes , so I would strongly recommend that you add :
WOT (Free) - link
To help you avoid malicious sites you can use Web of Trust (WOT) a website rating browser plugin. After you add it to your browser make sure you only visit websites rated "Green" by WOT
Here are also some other plugins that could make your life better/easier :
Additional browser plugins
Adblock Plus for Google Chrome (Free) - link
Adblock Plus for Google Chrome is a content-filtering extension for Google Chrome. Adblock allows users to prevent page elements, such as advertisements, from being downloaded and displayed.
Ghostery (Free) -link
Ghostery is your window into the invisible web – tags, web bugs, pixels and beacons that are included on web pages in order to get an idea of your online behavior.
Ghostery tracks the trackers and gives you a roll-call of the ad networks, behavioral data providers, web publishers, and other companies interested in your activity.
You can read here a review on Ghostery
LastPass (Free/) - link
LastPass is an online password manager and form filler that makes web browsing easier and more secure.
Extra protection:
EMET 2 (Enhanced Mitigation Experience Toolkit) (Free) (Optional) - link
EMET provides users with the ability to deploy security features built into Windows to arbitrary applications. This helps prevent vulnerabilities in those applications from successfully being exploited. DEP, SEHOP and ASLR are such security features, if you want to learn more about what they do, you can watch this video from Microsoft TechCenter. To configure EMET you should follow this guide by rationallyPARANOID.
VTUploader (Free) - link
To upload a file to VirusTotal, you can visit the main analysis site, click the Browse button to select a file from your hard drive, and then click the Send file button. You can make this process even easier with the free VirusTotal Uploader utility. After installing it, you can simply right-click any file under 20MB and choose "VirusTotal" from the Send To Windows menu. The scan results will display in your browser as usual.
Anyway ,overall this is a solid config. +1 for the LUA.
- Jul 21, 2011
- 669
Jack said:Real-time protection
It's based on prevention which is very good but you might want to add VirusTotal Uploader to your security config , just to increase your detection ration.
What antivirus did you previously use?
On-demand scanners
Why don't you use MBAM as an on-demand scanner?
Additional browser protection:
I know that Chrome has a good built in security but it doesn't have a site advisor, which can be very useful sometimes , so I would strongly recommend that you add :
WOT (Free) - link
To help you avoid malicious sites you can use Web of Trust (WOT) a website rating browser plugin. After you add it to your browser make sure you only visit websites rated "Green" by WOT
Here are also some other plugins that could make your life better/easier :
Additional browser plugins
Adblock Plus for Google Chrome (Free) - link
Adblock Plus for Google Chrome is a content-filtering extension for Google Chrome. Adblock allows users to prevent page elements, such as advertisements, from being downloaded and displayed.
Ghostery (Free) -link
Ghostery is your window into the invisible web – tags, web bugs, pixels and beacons that are included on web pages in order to get an idea of your online behavior.
Ghostery tracks the trackers and gives you a roll-call of the ad networks, behavioral data providers, web publishers, and other companies interested in your activity.
You can read here a review on Ghostery
LastPass (Free/) - link
LastPass is an online password manager and form filler that makes web browsing easier and more secure.
Extra protection:
EMET 2 (Enhanced Mitigation Experience Toolkit) (Free) (Optional) - link
EMET provides users with the ability to deploy security features built into Windows to arbitrary applications. This helps prevent vulnerabilities in those applications from successfully being exploited. DEP, SEHOP and ASLR are such security features, if you want to learn more about what they do, you can watch this video from Microsoft TechCenter. To configure EMET you should follow this guide by rationallyPARANOID.
VTUploader (Free) - link
To upload a file to VirusTotal, you can visit the main analysis site, click the Browse button to select a file from your hard drive, and then click the Send file button. You can make this process even easier with the free VirusTotal Uploader utility. After installing it, you can simply right-click any file under 20MB and choose "VirusTotal" from the Send To Windows menu. The scan results will display in your browser as usual.
Anyway ,overall this is a solid config. +1 for the LUA.
Lots of detailed input here. Just what I want! =p Thanks so much.
Back when I was using an antivirus I used Microsoft Security Essentials. I personally believe that Microsoft is best suited to protect their OS because of its closed source nature... at least in an ideal world =p
I don't use MBAM because I can't find a proper portable version. I like to keep all of my scanners on a USB.
I find that whitelisting Javascript is a fair defense against any malicious site. Combining that with Sandboxing and a prompt before every Java app launch (and sandboxing Java as well) pretty much means I can visit any malicious site (and I have) and be fine. I have considered bitdefender's Traffic Light, which I would prefer to WOT because the community for WOT doesn't seem to know the difference between an annoying site and a malicious site =p
I used to use Adblock Plus. The developer builds work extremely well. At the moment my host file (on my router) is blocking ads across the network very well. I figure I can live with the "dns error" blocks on the page =p though Adblock Plus would remove those.
I don't mind being tracked by most sites. I'm in the "nothing to hide" category of users. I send crash statistics to Chrome and I send whatever else I can to them.
I'll consider LastPass. That could be very helpful... except didn't they get hacked a while back?
I use EMET 2.1 at the moment. All internet facing applications forced to run with it. Otherwise I have DEP in Opt Out and the rest on max.
I'll give VTUploader a look.
Thanks =p I feel very secure. I've thrown malware at this PC (exploits, trojans, all sorts) and between Comodo and Mamutu I've been very satisfied with the results.
I don't have anything to add, except do you have any backup plans?
In case of data loss from
In case of data loss from
- Corrupted OS
- Hardware failure
- Theft
- Jul 21, 2011
- 669
Not really. I had an external hard drive that I used to make an image once in a while but I can't find it haha I should really look harder...
But I use Google docs for my work/ school. And there's nothing on my computer that I would miss if I lost.
Updated my Security Setup to reflect some recent changes.
Firewall policy went from Safe Mode to Custom Mode. Removed "Create Rules for Safe Applications."
Disabled "This computer is an internet connection gateway" I have no idea why that was enabled by default.
But I use Google docs for my work/ school. And there's nothing on my computer that I would miss if I lost.
Updated my Security Setup to reflect some recent changes.
Firewall policy went from Safe Mode to Custom Mode. Removed "Create Rules for Safe Applications."
Disabled "This computer is an internet connection gateway" I have no idea why that was enabled by default.
Looks solid! I don't have anything to add either other then follow Earths suggestion, back up is always a good thing!
Hungry Man said:
Yes the custom mode and rules it is safer, good choice, when i install CIS i do the same right away. For the gateway i wonder it too, damn they force us to spend energy on that click
- Jul 21, 2011
- 669
- Jul 21, 2011
- 669
- Jul 21, 2011
- 669
Security addons? No.
A few others though:
Silver Bird -- Twitter
TPGoogleReader -- RSS feed for my blogs etc
Anesidora -- Pandora player that allows infinite skips
ForecastFox -- Displays weather and info
Gmail Checker -- Shows missed emails
3rd party for some site i go to
I also have a thin scrollbar in Chrome.
Just an FYI I use this in my "chrome.css"
/* Center Images */
body[style="margin: 0px;"] {
display: -webkit-box;
-webkit-box-pack:center;
-webkit-box-align:center;
background: -webkit-radial-gradient(white, #999) fixed;
}
/* Scrollbar */
::-webkit-scrollbar {
width: 3px;
height: 3px;
}
::-webkit-scrollbar-thumb {
background: #777;
border-radius: 3px;
box-shadow: inset 0 0 7px #444;
}
::-webkit-scrollbar-thumb:hover {
background: #888;
}
::-webkit-scrollbar-thumb:active {
background: #666;
}
::-webkit-scrollbar-track-piece:vertical {
background: -webkit-linear-gradient(left, #BBB, #FFF);
}
::-webkit-scrollbar-track-piece:horizontal {
background: -webkit-linear-gradient(#BBB, #FFF);
}
/* Wide YouTube player */
#watch-video.wide #watch-player {
width: 970px !important;
height: 576px !important;
}
A few others though:
Silver Bird -- Twitter
TPGoogleReader -- RSS feed for my blogs etc
Anesidora -- Pandora player that allows infinite skips
ForecastFox -- Displays weather and info
Gmail Checker -- Shows missed emails
3rd party for some site i go to
I also have a thin scrollbar in Chrome.
Just an FYI I use this in my "chrome.css"
/* Center Images */
body[style="margin: 0px;"] {
display: -webkit-box;
-webkit-box-pack:center;
-webkit-box-align:center;
background: -webkit-radial-gradient(white, #999) fixed;
}
/* Scrollbar */
::-webkit-scrollbar {
width: 3px;
height: 3px;
}
::-webkit-scrollbar-thumb {
background: #777;
border-radius: 3px;
box-shadow: inset 0 0 7px #444;
}
::-webkit-scrollbar-thumb:hover {
background: #888;
}
::-webkit-scrollbar-thumb:active {
background: #666;
}
::-webkit-scrollbar-track-piece:vertical {
background: -webkit-linear-gradient(left, #BBB, #FFF);
}
::-webkit-scrollbar-track-piece:horizontal {
background: -webkit-linear-gradient(#BBB, #FFF);
}
/* Wide YouTube player */
#watch-video.wide #watch-player {
width: 970px !important;
height: 576px !important;
}
- Jul 21, 2011
- 669
No longer whitelisting Javascript. Allowing it all. Also blocking all 3rd party cookies. Put MPCHC into sandbox.
- Jul 21, 2011
- 669
Happy to say I've tested this configuration (on my real machine, no VM) against dozens of Java exploits as well as "0-day" malware (none older than 48 hours) and it performed incredibly well.
I figured that Java exploits were my biggest threat because my only protection is Mamutu prevention manipulation, EMET, and a Comodo sandbox..., which actually seems like a lot now that I type it all out/ have seen it in action =p
I'm not sure if EMET helped or not, virtually all of the tested exploits launched. Same goes for Mamutu, don't know if it helped. Sandboxing definitely did. I have sandboxing automatically to Restricted for Java and not a single file got through.
I figured that Java exploits were my biggest threat because my only protection is Mamutu prevention manipulation, EMET, and a Comodo sandbox..., which actually seems like a lot now that I type it all out/ have seen it in action =p
I'm not sure if EMET helped or not, virtually all of the tested exploits launched. Same goes for Mamutu, don't know if it helped. Sandboxing definitely did. I have sandboxing automatically to Restricted for Java and not a single file got through.
LaserWraith
Level 1
- Feb 24, 2011
- 497
Hey ho. I noticed you said you thought LastPass was recently hacked, a while ago. What happened: Someone managed to get a small part of the encrypted database (or "blob" is what one site called it). Most everyone was safe, and if you had a medium to strong master password (as should be obvious) you were totally safe.
So it wasn't much of a hack. A LastPass employee admitted that they probably overreacted (which is only bad for publicity, I guess).
So it wasn't much of a hack. A LastPass employee admitted that they probably overreacted (which is only bad for publicity, I guess).
- Jul 21, 2011
- 669
Thanks for the info. That's good to know.
Still, I have my passwords sync'd with Chrome and I trust Google's security very very much.
Still, I have my passwords sync'd with Chrome and I trust Google's security very very much.
- Jul 21, 2011
- 669
Trying out paranoid mode for Mamutu. Also lowered "automatically block a program if x users did" to 85% from 88%.
