Hello, here's my config. Working on finding a good Windows HIDS/tripwire (free as in price required, as in freedom preferred) to complete my security setup. FOr extra lockdown, only my Windows 7 box is regularly connected to the Internet; I use it to scan and verify downloads before copying to a freshly formatted USB or SD to copy to my other boxes. I also own as Raspberry Pi 3 and Zero, which I connect to my WiFi network through Network Bridge mode on the 7 box and a crossover Ethernet cable.
nullanon's 3box setup
- Thread starter nullanon
- Start date
- Jun 24, 2016
- 636
Great set up @nullanon ...
It's pretty obvious that you know what you are doing.
I like that your OS updates are manual,although if you were a basic user instead of advanced then i would be recommending otherwise.
I am guessing that of your on-demand scanners that MB is for Windows and Clam is for Linux.
I use Glasswire as a "standalone" HIDS (as I have ZoneAlarm Firewall),so it may be of interest to you in conjunction with Windows Firewall perhaps.
It's pretty obvious that you know what you are doing.I like that your OS updates are manual,although if you were a basic user instead of advanced then i would be recommending otherwise.
I am guessing that of your on-demand scanners that MB is for Windows and Clam is for Linux.
I use Glasswire as a "standalone" HIDS (as I have ZoneAlarm Firewall),so it may be of interest to you in conjunction with Windows Firewall perhaps.
Great set up @nullanon ...
I like that your OS updates are manual,although if you were a basic user instead of advanced then i would be recommending otherwise.
I am guessing that of your on-demand scanners that MB is for Windows and Clam is for Linux.
I use Glasswire as a "standalone" HIDS (as I have ZoneAlarm Firewall),so it may be of interest to you in conjunction with Windows Firewall perhaps.
Thanks for the recommendation, I'll take a look at that. I actually do have ClamAV in the form of ClamWin on my Windows box, but I don't use it very often. I really lost it with automatic updates since Microsoft made every other one something to do with GWX, which I do not intend to do.
- Aug 2, 2015
- 4,286
Thanks for sharing and welcome.
Nice setup
Nice setup
Pretty unique setup, don't see many people using Sophos as their anti-virus. You should add HerdProtect to your setup as an on demand scanner it uses 68 anti-malware engines in the cloud to detect threats, that's even more engines then VirusTotal.
- Jun 24, 2016
- 636
Cool...I used to have "Immunet" (which uses Clam) as a complementary AV.I liked it but found it heavy,so I replaced it with "Crystal Security"
I feel ya regarding the updates.I did move to W10 in the end (from W8.1) but I still temporarily block OS updates until I have checked forums for "borks" before allowing them through..
Have you considered using "Voodooshield" as an Anti-EXE? I highly recommend it.
Cool...I used to have "Immunet" (which uses Clam) as a complementary AV.I liked it but found it heavy,so I replaced it with "Crystal Security"
I feel ya regarding the updates.I did move to W10 in the end (from W8.1) but I still temporarily block OS updates until I have checked forums for "borks" before allowing them through..
Have you considered using "Voodooshield" as an Anti-EXE? I highly recommend it.
I was just looking at that. I think that would be great for some of the systems I manage for others...
- Aug 30, 2015
- 1,928
Enable Windows Smartscreen and add Zemana Anti-Malware for scanning. Other than that great config!
- May 14, 2016
- 1,597
Nice Security Config, thanks for sharing
- Oct 23, 2012
- 12,527
Agree with this suggestion. ZAM is excellent! Definitely worth checking out.
Very nice config!! Thanks for sharing it with us
My main PC is Win7, so it only has IE Smartscreen and I don't use IE. As for the Win10 box, it is rarely connected to the internet and for the executable component you must "share anonymized information about the programs you download and install". I do use AppLocker on that system to control which programs can run.
Last edited:
If I was to recommend a password manager, LastPass is well-known for their cross-platform support. As an alternative, Master Password is also good if you prefer a decentralized system.
Clamwin can actually be run as a rudimentary real-time scanning system for any downloaded files using Clam Sentinel. It's quite old but it is very effective at doing what it says. It also adds a basic heuristic component to the AV that makes it a great compliment to commercial AVs. Lastly, downloading and utilizing SaneSecurity definitions makes ClamWin a monster at finding zero-hour malware. They provide a script on their website that is trusted.
The Policeman has significant overlap with uBlock Origin, NoScript is preferred instead if you wish to combine the two systems as both cover different holes and increase browser security significantly.
Overall, the system looks fine, the majority of malware won't get through.
Clamwin can actually be run as a rudimentary real-time scanning system for any downloaded files using Clam Sentinel. It's quite old but it is very effective at doing what it says. It also adds a basic heuristic component to the AV that makes it a great compliment to commercial AVs. Lastly, downloading and utilizing SaneSecurity definitions makes ClamWin a monster at finding zero-hour malware. They provide a script on their website that is trusted.
The Policeman has significant overlap with uBlock Origin, NoScript is preferred instead if you wish to combine the two systems as both cover different holes and increase browser security significantly.
Overall, the system looks fine, the majority of malware won't get through.
- May 14, 2016
- 1,597
I agree that Advanced users can disable Smartscreen, the job can be done another way
Last edited:
