Status
Not open for further replies.

Nheo_Linkin

Level 1
This is my 2017's config. Not a highly security protection but it's good for performance (just a bit slow down on boot caused by Comodo)

- Reason for disabling UAC and Smartscreen Filter is for performance and privacy.
- Comodo Firewall is setup with Firewall and File Rating only.
- Any file downloaded is scanned with VT Hash before execute.

I also use OOShutup10 for other privacy problems.
 
Last edited:

Parsh

Level 24
Verified
Trusted
Malware Hunter
It's important to have a system backup s/w in case of corruptions or when all security measures fail. EaseUS Todo, Macrium Reflect or Veeam Endpoint are nice free tools to support that. You can automate backups.
Protection setup looks great. If you constantly deal with unknown/risky files, you can benefit from the Auto-sandbox feature of Comodo FW, or just manually sandboxing risky applications. If not, enabling OS file reputation (SmartScreen) is crucial as warning.
Consider adding 'HTTPS Everywhere' addon for Chrome/Opera and Zemana AntiMalware as on-demand scanner. It has a good cloud detection.
 

Nheo_Linkin

Level 1
It's important to have a system backup s/w in case of corruptions or when all security measures fail. EaseUS Todo, Macrium Reflect or Veeam Endpoint are nice free tools to support that. You can automate backups.
Protection setup looks great. If you constantly deal with unknown/risky files, you can benefit from the Auto-sandbox feature of Comodo FW, or just manually sandboxing risky applications. If not, enabling OS file reputation (SmartScreen) is crucial as warning.
Consider adding 'HTTPS Everywhere' addon for Chrome/Opera and Zemana AntiMalware as on-demand scanner. It has a good cloud detection.
I am considering to use Macrium Reflect actually.
HTTPS Everywhere make my browsing time slower a lot. That's why I can not use even know how good it is.
And about "Zemana AM", I've never used it before. Does it have good offline signature? I don't trust "cloud detection" very much.
 

Parsh

Level 24
Verified
Trusted
Malware Hunter
HTTPS Everywhere make my browsing time slower a lot. That's why I can not use even know how good it is.
And about "Zemana AM", I've never used it before. Does it have good offline signature? I don't trust "cloud detection" very much.
I didn't notice a considerable delay by HTTPS Everywhere myself. Are you sure it is the one causing slowdowns in loading pages?
Well, its time to change your mind regarding cloud protection. Multi-engine Zemana works on cloud only and has good detection ratios, specially for trojans, adware, spyware and other riskware that AVs generally miss. In fact, its paid real-time protection uses Pandora Technology that offers enhanced protection, but at the cost of some FPs.
 

Winter Soldier

Level 25
Good realtime combo and on demand scanner tools.
I don't want to emphasize what is already said about the backup policy, but it is really necessary, if all of us had a good backup plan, the ransomware would have no reason to exist.
Thanks for sharing, nice setup :)
 

DracusNarcrym

Level 19
Verified
You're fine as far as real-time protection is concerned.

It is advisable, however, that you use some sort of system imaging software to create backup images of your system.
System images can be used to restore your system to its exact state, as it was when you created the backup image. That can save you a lot of time, plus, since it's a full backup, it also backs up all installed applications/updates and even configuration/registry changes, which means you can get your computer up and running again within ~20 minutes.
Combined with data backups for your files (which you already have in your configuration), you are very well protected from nearly any malware attack (or software malfunction).

I recommend one of the following backup methods/software (Windows Backup and Restore is usually enough, unless you want extra options):
OR
OR
 

Rolo

Level 18
Verified
I never ran UAC at all with Windows 7; I hated the unnecessary prompts. However, it isn't the hassle it used to be and since using Windows 10 and UAC on max, I've gotten used to it. For things your run frequently, you can always bypass it with Task Scheduler (I do that with MyDefrag).

Without a bare-metal restore capability, you have to be comfortable with the idea of either going without your PC until you can rebuild it or be prepared to drop everything in order to rebuild it without notice. I have a desktop and a laptop, so I'm OK with losing one until I rebuild it; after a year or so, I want to reformat/reinstall rather than do a bare-metal restore anyway.

Like you, I use the cloud for irreplaceable files. You want some type of versioning, however, for if the files get scrambled/corrupted, they'll just synch to the cloud. I use MEGA manually for archives but pCloud and Windows File History for real-time versioning backups. (I've actually used that to recover from corrupted game saves).

I don't understand why almost nobody uses Windows' backup tools. They require next to zero effort but provide precisely what one needs and they're already paid for.

SmartScreen: why not?
 

Nheo_Linkin

Level 1
I don't understand why almost nobody uses Windows' backup tools
The third- party app can manage what to be backup easier than windows back in my opinion.

SmartScreen: why not?
I set CF to block and isolate any unrecognized file already and also the 2 browsers I use are Chrome and Opera. Can Smartscreen do anything with them? I think not.
Do I underestimate Smartscreen too much?
 
  • Like
Reactions: DracusNarcrym

Rolo

Level 18
Verified
Can Smartscreen do anything with them? I think not.
Do I underestimate Smartscreen too much?
I thought the same thing until recently. SS works at the filesystem level as well as with IE & Edge. Even if we don't use IE/Edge, SS will still work on files upon access rather than upon download.

Additionally, there are programs (and I would expect malicious ones especially) that use IE/Edge components or will launch IE specifically, irrespective of default browser settings. This is why I have AdBlockPlusIE installed even though I don't use IE.
 
  • Like
Reactions: DracusNarcrym

Nheo_Linkin

Level 1
Additionally, there are programs (and I would expect malicious ones especially) that use IE/Edge components or will launch IE specifically, irrespective of default browser settings. This is why I have AdBlockPlusIE installed even though I don't use IE.
And Smartscreen can stop those kinds of program? There is a fact that if Smartscreen can block them, then AdblockPlusIE has nothing to do.
 
  • Like
Reactions: DracusNarcrym

Rolo

Level 18
Verified
And Smartscreen can stop those kinds of program? There is a fact that if Smartscreen can block them, then AdblockPlusIE has nothing to do.
You're mixing two different things: AdBlockPlus blocks ads. SmartScreen prompts/blocks unknown/malicious files from being executed.
 

Nheo_Linkin

Level 1
You're mixing two different things: AdBlockPlus blocks ads. SmartScreen prompts/blocks unknown/malicious files from being executed.
No, I'm not. You mentioned about some programs (expecially malicious ones) will launch IE, etc right? Is that why you use Adblock to block them from openning mallious websites?
That's why I said if Smartscreen could block those programs then Adblock had nothing to deal with.
 

Rolo

Level 18
Verified
No, I'm not. You mentioned about some programs (expecially malicious ones) will launch IE, etc right? Is that why you use Adblock to block them from openning mallious websites?
That's why I said if Smartscreen could block those programs then Adblock had nothing to deal with.
No. AdblockPlusIE is to....block....ads...in.....IE.

Too many people treat adblockers as anti-malware solutions; they are not. The do block SOME malicious sites but by not means an anti-anything solution. For clients, I use it more for a "don't click on stuff" measure. (As in, don't click on stuff you aren't visiting that site for.)

Let's say, for the sake of argument, that there is a lot of overlap: it isn't 100%, so having both isn't completely redundant. It's not like you install uBlock Origin (et. al.) and then decide that you don't need any other security software since nothing unwanted will get through.

This is called "fortress mentality" and it is a vulnerability that, when exploited, guarantees the keys to the castle.
 
Status
Not open for further replies.