JM Safe

Level 38
Verified
So, what are the most important layers to cover when we deal with our security config?

  • Browser: the browser is very very important because it is the most direct software wich interacts with the web. In the web we can find malicious URLs, phishing URLs, malicious scripts, etc.
  • Real-Time/File Monitor: AVs, Anti-EXE, AntiMalware applications with realtime protection, etc.
  • On-demand scanners
  • Documents viewer: a lot of malware samples are macro malware and exploits (they infect via malicious documents, so please be sure to choose a secure documents viewer which permits also to disable macros)
  • Sandboxing/VM: it's good to browse the web with sandbox applications, like Sandboxie Free.
  • Backups: backups are fundamental in case of infection for example.
  • UAC, OS updates and SmartScreen: they are fundamental to prevent malware. OS updates can fix vulnerabilities and security problems.
  • Firewall: it's important to monitor our network.
Thanks for reading guys! :)
 
Last edited:

plat1098

Level 8
Verified
I'd put a firewall up there somewhere. If it contains Host Intrusion Prevention System (HIPS), even better.

In fact, before I joined Malwaretips the first time, I peacefully ran a modified firewall, hardened browser and had two good on-demands for several months. Then went back to a core antivirus, wimpy, right?
 

JM Safe

Level 38
Verified
I'd put a firewall up there somewhere. If it contains Host Intrusion Prevention System (HIPS), even better.

In fact, before I joined Malwaretips the first time, I peacefully ran a modified firewall, hardened browser and had two good on-demands for several months. Then went back to a core antivirus, wimpy, right?
Hi @plat1098 I didn't put this becase in practice all users use at least Windows Firewall, a more advanced firewall is even better. It's also important for who is involved in malware testing. Obviously yes it is an important aspect.
 

TairikuOkami

Level 23
Verified
Content Creator
Recent malware tests have shown, that common attack vectors are the browser and emails (links/attachments) as 65:35, the rest is less than 1%.
I open emails in txt and never open attachments, unless I am sure, they are safe, so I focus on browser protection only, mostly via extensions.

I'd put a firewall up there somewhere.
True, some malware hijacks DNS or tries to connect to nonstandard ports/proxies, a firewall with strict rules might help with that.
 

Arequire

Level 23
Verified
Content Creator
AVs also get hijacked sometimes and that is worse, considering, that malware gains SYSTEM privileges, but that does not mean, AVs are useless.

DoubleAgent: Taking Full Control Over Your Antivirus | Cybellum
The issue is that the only real protection you have against malicious extensions is what Google/Mozilla/Opera, etc. implement on their end, and that protection has been proven to be absolute garbage. There's no way to know about an extension you're using changing ownership or know if that new owner were to push an update to said extension which contained malicious code.
Frankly, if an extension isn't supported by a reputable, commercial entity then I'd argue it's undeserving of trust security-wise.
 

Brie

Level 9
Verified
So, what are the most important layers to cover when we deal with our security config?

  • Browser: the browser is very very important because it is the most direct software wich interacts with the web. In the web we can find malicious URLs, phishing URLs, malicious scripts, etc.
  • Real-Time/File Monitor: AVs, Anti-EXE, AntiMalware applications with realtime protection, etc.
  • On-demand scanners
  • Documents viewer: a lot of malware samples are macro malware and exploits (they infect via malicious documents, so please be sure to choose a secure documents viewer which permits also to disable macros)
  • Sandboxing/VM: it's good to browse the web with sandbox applications, like Sandboxie Free.
  • Backups: backups are fundamental in case of infection for example.
  • UAC, OS updates and SmartScreen: they are fundamental to prevent malware. OS updates can fix vulnerabilities and security problems.
  • Firewall: it's important to monitor our network.
Thanks for reading guys! :)
what about anti-ransomware like appcheck?
 

Thales

Level 5
Encrypted Backups.
SRP is still the best!
SUA: I would make it mandatory for everyone.
Firewall to block all unnecessary programs.

I think they are the best but I would never apply SRP and SUA on regular machines. People can't live with them.
 

Windows_Security

Level 23
Verified
Trusted
Content Creator
So, what are the most important layers to cover when we deal with our security config?
My take, everybody to its own preference because mileage may vary under different PC usage and User habits:

1. Backups
With everything becoming digital, a DATA backup is a must and a IMAGE backup advisable

2. Updates
Quick updates are the easiest way to keep vulnability windows as small as possible: so update automatically

3. Disable what you don't need (Harden)
Rich content enriches the digital experiences. Sadly most nasty infections often arrive via rich content in seemingly normal documents delivered through downloads and mails. Because this malware uses build-in execution, most AV's have a hard time blocking this stuff, so better disable those security holes. Use free software Syshardener and DocumentsAntiExploit to close these building front-doors.
a) Think of all remote/shared access stuff on your PC. Close this door to your PC when you don't use external support
b) Think of all OS-related shells and script engines and all Office-related macro's-dde-add-on-active-X stuff which most home users don't use anyway.

4. Go beyond the default settings of your Anti-Virus
In our home PC's we use Windows Defender with the excellent freebie Configure Defender to enable advanced options of Windows Defender exploit protection and protected folders option. When you prefer another AV, visit their support forum to get an idea of the advanced options (how easy-hard they are to set and use).

5. Use what is already in the OS (Tweaks for advanced users)
Have a look at HardConfigurator or Simple Software restriction policies when you don't dare to tweak your system yourself.
a) UAC - deny elevation of unsigned programs
b) SRP - at least run as basic user (allowing admin to install stuff)
c) ACL - Access Control List - by adding a deny execute/traverse folder for Everyone on your documents/music/pictures/video and download folder, you are creating a zero-overhead deny execute with zero functional impact

6. Firewall
Learn how to use Windows firewall or use free third party like TinyWall or SimpleWall

7. Last but not least
Use a browser with build-in sandbox (edge-chrome-opera) when on Windows 10
 
Last edited:

JM Safe

Level 38
Verified
My take, everybody to its own preference because mileage may vary under different PC usage and User habits:

1. Backups
With everything becoming digital, a DATA backup is a must and a IMAGE backup advisable

2. Updates
Quick updates are the easiest way to keep vulnability windows as small as possible: so update automatically

3. Disable what you don't need (Harden)
Rich content enriches the digital experiences. Sadly most nasty infections often arrive via rich content in seemingly normal documents delivered through downloads and mails. Because this malware uses build-in execution, most AV's have a hard time blocking this stuff, so better disable those security holes. Use free software Syshardener and DocumentsAntiExploit to close these building front-doors.
a) Think of all remote/shared access stuff on your PC. Close this door to your PC when you don't use external support
b) Think of all OS-related shells and script engines and all Office-related macro's-dde-add-on-active-X stuff which most home users don't use anyway.

4. Go beyond the default settings of your Anti-Virus
In our case we use Windows Defender and use excellent freebie Configure Defender to use these advanced options like Windows Defender exploit protection and protected folders option. When you prefer another AV, visit their support forum to get an idea of the advanced options (how easy-hard they are to set and use).

5. Use what is already in the OS (Tweaks for advanced users)
Have a look at HardConfigurator or Simple Software restriction policies when you don't dare to tweak your system yourself.
a) UAC - deny elevation of unsigned programs
b) SRP - at least run as basic user (allowing admin to install stuff)
c) ACL - Access Control List - by adding a deny execute/traverse folder for Everyone on your documents/music/pictures/video and download folder, you are creating a zero-overhead deny execute with zero functional impact

6. Firewall
Learn how to use Windows firewall or use free third party like TinyWall or SimpleWall

7. Last but not least
Use a browser with build-in sandbox (edge-chrome-opera) when on Windows 10
Good suggestions, hardening it's important also for example to disable some types of extensions that could be dangerous, and if a user doesn't need this type of files it's useless keeping them, for example .scr files. Only a thing: about point 7 I would use a sandbox like Sandboxie to isolate my browser, not only browser built-in sandbox. Unfortunately in security configs sometimes I see no backups used or UAC also disabled!
 
Last edited:

Windows_Security

Level 23
Verified
Trusted
Content Creator
@JM Security a
I know SysHardener has the option to disable 'dangerous' fie extensions, but to my knowledge there is no program which assists the user in determing whether they need those file extension.

@NoVirusThanks feature request :) as a new years present to us all, Andreaas, would it be an option to include in SysHardener, e.g.

Based on a build in list of dangereous file extensions of SysHardener, SH would check registry for installed default programs using these dangerous file extensions. For exery unused extension set notepad as the default program. In the past WinPatrol had an option to locjk the file extensions. When possible provide that as an option also.
 

Andy Ful

Level 46
Verified
Trusted
Content Creator
Good suggestions, hardening it's important also for example to disable some types of extensions that could be dangerous, and if a user doesn't need this type of files it's useless keeping them, for example .src files. Only a thing: about point 7 I would use a sandbox like Sandboxie to isolate my browser, not only browser built-in sandbox. Unfortunately in security configs sometimes I see no backups used or UAC also disabled!
For most users, the most important security factor (except AV and web browser) will be restricting/disabling Windows scripts. All AVs have good protection against malicious EXE files, and poor protection against the scripts. Normally, the user has very low chances to be infected by EXE files, especially on WIndows 10 (when respecting the SmartScreen alerts). There are also well known software portals (Softpedia, MajorGeeks, etc.).

In fact the average user has five times greater chances to execute the malicious script (including scripts run by macros) than the malicious EXE file. The scripts are ideal in the spam campaings, because they are very small, so can be delivered to the victims much quicker.
 
Last edited:

Arequire

Level 23
Verified
Content Creator
I always use verified and popular extensions developed by trusted sources, for now I only use uBlock Origin and HTTPS Everywhere, I will add Netcraft in the near future. Without extensions, browsing the web could be dangerous because of malicious URLs, scripts, etc.
I still have reservations about uBlock Origin personally. Gorhill's invested a lot of time and effort into uBO and he seems to deeply value his user base, but I don't know him well enough to definitively say that he wouldn't be willing to sell his extension to the highest bidder if he ran into financial woes. That makes me nervous.
 
  • Like
Reactions: Gandalf_The_Grey

JM Safe

Level 38
Verified
For most users, the most important security factor (except AV and web browser) will be restricting/disabling Windows scripts. All AVs have good protection against malicious EXE files, and poor protection against the scripts. Normally, the user has very low chances to be infected by EXE files, especially on WIndows 10 (when respecting the SmartScreen alerts). There are also well known software portals (Softpedia, MajorGeeks, etc.).
In fact the average user has five times greater chances to execute the malicious script (including scripts run by macros) than the malicious EXE file.
Just disable Windows Script Host.