Ozone's config (multiboot)

Status
Not open for further replies.

ozone

Level 3
Thread author
Verified
Jan 17, 2017
97
I am multibooting Ubuntu 16.04, Windows 10 and Windows 7
My main OS for work is Windows 10, Ubuntu is for university, and Windows 7 is for testing.
I am using Firefox (stable, portable) Sandboxie with for work.
Cent (portable) with Sandboxie with container folder in ramdisk is for web browsing.
Firefox Nightly (portable) is for testing new functions.
ReHIPS isolates other apps (MS Office, PDF, ...
Extensions are tweaked to work well together.

Updates are automatic, but they are delayed for 1-3 days to avoid problems.
I am using mainly portable apps and I have USB "toolbox" which contains additional program/tools like scanners, archivers, editors, browsers, ...
thanks to this I can quickly restore backup "image" without using backup software.

Tools in USB "toolbox" won't be in config, only programs I have in PC are there.
Windows 7 Home Premium
Operating System: Windows 7 SP1
OS Edition: Home
OS Build:
OS Architecture:
64-bit
User Access Control: Always Notify
Firewall: Windows Firewall
OS Security Updates: Automatic Updates
OS File Reputation: Turned off
Type of User Account: Local Account
Recent Malware Attacks: No
Testing AV's with Malware Samples: No
Real-time Malware Protection:
On-demand Scanners:
Security Product Settings: Custom
Browsers and Extensions:
Preferred Search Engine: StartPage/DuckDuckGo
Password Manager: my mind
Content Blocker (Ads, Scripts, Trackers):
Simple DnsCrypt (Block and Blacklist)
Cent (Portable): uBlock Origin, uMatrix
Firefox (Portable): uBlock Origin, uMatrix, NoScript​
Frequently used System Utilities:
Frequency of Data Backups: Custom Backups
Frequency of System Image Backups: Manual / On-demand Backups
System Image Backup Software: Macrium Reflect Free
Windows 7 Tweaks:
Avast – Hardened mode
ReHIPS – Standard, lockdown mode – Without GUI only
WFC – Medium filtering, secure boot
DNS only via DNSCrypt or VPN
Cent browser can connect only via VPN (firewall rule)
Disabled IPv6
Disabled AutoPlay/Autorun
Disabled Remote Assistance
Disabled Remote Registry Access
Disabled Elevation for a unsigned applications
Removed Internet Explorer and other legacy components
Blocked/Monitored Processes: cscript.exe, wscript.exe, powershell.exe, powershell_ise.exe, vssadmin.exe

Ubuntu 16.04 (currently unavailable – HDD corrupted)
Operating System: Linux
OS Edition: Home
OS Build: Ubuntu 16.04
OS Architecture: 64-bit
User Access Control: Not Available on OS
Firewall: Linux Firewall
OS Security Updates: Manual Updates
OS File Reputation: Disabled
Type of User Account: Local Account
Recent Malware Attacks: No
Testing AV's with Malware Samples: No
Real-time Malware Protection:
UFW (GUFW)
Firejail​
On-demand Scanners:
ClamTK (ClamAV)​
Security Product Settings: Default
Browsers and Extensions:
Firefox: uBlock Origin, uMatrix, noscript, Decentraleyes, Smart Referer, No Resource URI Leak
Chrome: uBlock Origin, uBlock Origin Extra, uMatrix, ScriptSafe​
Preferred Search Engine: DuckDuckGo
Password Manager: my mind
Content Blocker (Ads, Scripts, Trackers):
Firefox: uBlock Origin, uMatrix, noscript
Chrome: uBlock Origin, uMatrix​
Frequently used System Utilities:
BleachBit
Frequency of Data Backups: Custom Backups
Frequency of System Image Backups: No Backups
 
Last edited:

ozone

Level 3
Thread author
Verified
Jan 17, 2017
97
Looks good! Hitmanpro Alert is no longer free? Why do you list it as free?

maybe I should write "not activated", I am using it mainly for keystroke encryption

Removed:
MBAE (free)
Added:
EMET

until MB release MBAE 1.10 (premium), I want to protect other programs
and EMET have better compatibility with sandboxie
 

ozone

Level 3
Thread author
Verified
Jan 17, 2017
97
Added:
Shadow Defender
Simple DnsCrypt
Stealth Mode extension

tweaked Chrome and extensions to increase compatibility, protection and privacy
trying Stealth Mode
 
  • Like
Reactions: ZeroDay

JM Safe

Level 39
Verified
Top Poster
Apr 12, 2015
2,882
Very good configuration, all layers are well covered, thanks for sharing!

You are protected.
 
  • Like
Reactions: Andytay70

ozone

Level 3
Thread author
Verified
Jan 17, 2017
97
Removed:
Stealth mode extension
Added:
Glasswire (free)
VS (free)
SoftEther VPN (VPN Gate)
Updated:
Chrome
Tweaks:
Replaced programs with portable ones
Organised filters in uMatrix and uBO, removed redundant filters
UAC set to default



Trying VS

Stealth mode – almost every functions are same or better in uMatrix/uBO or ScriptSafe.

Glasswire is on demand, only for network monitoring; autostart for services is disabled.
 

ozone

Level 3
Thread author
Verified
Jan 17, 2017
97
Removed:
VS (free)
Added:
Chrome (portable)
Updated:
Firefox
Tweaks:
Changed search engine to DuckDuckGo

Trying Chrome portable.
VS is delaying launching some programs even if whitelisted or VS is disabled.
Same problem with updating Chrome.
 
  • Like
Reactions: Parsh

ozone

Level 3
Thread author
Verified
Jan 17, 2017
97
Removed:
Chrome
Added:
/
Updated:
/
Tweaks:
Disabled unnecessary system services and components
Disabled unnecessary network components and protocols
Added firewall rules (IPv6)
Added filters from https://www.abuse.ch/ to uMatrix/uBO
UAC set to Always notify
Tweaked Chrome (portable):
chrome://flags/#disable-hyperlink-auditing
chrome://flags/#enable-appcontainer
chrome://flags/#enable-tab-audio-muting
chrome://flags/#prefer-html-over-flash


btw
should't "User Access Control: Always Notfiy" be "Always Notify" :)
 
Last edited:
  • Like
Reactions: Parsh

Parsh

Level 25
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Dec 27, 2016
1,480
Removed:
VS (free)
Added:
Chrome (portable)
Updated:
Firefox
Tweaks:
Changed search engine to DuckDuckGo

Trying Chrome portable.
VS is delaying launching some programs even if whitelisted or VS is disabled.
Same problem with updating Chrome.
Why not try Crystal Security as a mild replacement for VooDooShield?
It has monitoring options for
  1. Running processes
  2. files opened
  3. files saved
  4. scan on exploring
with multi-engine results, cloud analysis, heuristics and ofcourse blacklisting. You can select options based on what level of supplementary security you want.
 

ozone

Level 3
Thread author
Verified
Jan 17, 2017
97
Why not try Crystal Security as a mild replacement for VooDooShield?
It has monitoring options for
  1. Running processes
  2. files opened
  3. files saved
  4. scan on exploring
with multi-engine results, cloud analysis, heuristics and ofcourse blacklisting. You can select options based on what level of supplementary security you want.

Thanks I will try it later, for now I think I have all important layers covered
so I am currently focusing on performance
 
  • Like
Reactions: Parsh

Parsh

Level 25
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Dec 27, 2016
1,480
Thanks I will try it later, for now I think I have all important layers covered
so I am currently focusing on performance
You've a good amount of stuff already, not heavy though :D
Is it Avast hardened mode? BTW new Avast beta has come, if at all you're interested to test.
 
  • Like
Reactions: Sunshine-boy

BugCode

Level 10
Verified
Well-known
Jan 9, 2017
468
Thats a one heck of tweaking setup arsenal, i like it. Nothing to add nothing to give, u know what u r doin. stay safe dude!
 
  • Like
Reactions: Winter Soldier

sudo -i

Level 4
Verified
Jan 17, 2017
154
WFC / GlassWire
ReHIPS / Sandboxie
HMP.A / EMET
Are these 3 pairs not redundant? You could choose one from each pair.
 

ozone

Level 3
Thread author
Verified
Jan 17, 2017
97
WFC / GlassWire
ReHIPS / Sandboxie
HMP.A / EMET
Are these 3 pairs not redundant? You could choose one from each pair.

WFC – GUI for windows firewall
GlassWire – on demand, network monitor
ReHIPS – light anti-exe, sandbox for office and firefox
Sandboxie - only Chrome
HMP.A – anti-keylogger
EMET - anti-exploit

ReHIPS is free and beta – I cannot use it for chrome, and there is no auto-delete option
HMP.A also free – no antiexploit module
 
  • Like
Reactions: Handsome Recluse

ozone

Level 3
Thread author
Verified
Jan 17, 2017
97
You've a good amount of stuff already, not heavy though :D
Is it Avast hardened mode? BTW new Avast beta has come, if at all you're interested to test.

yes hardened mode
I know it has beta, but I've read it has some annoyances so I will wait for stable or RC
 
  • Like
Reactions: Parsh

ozone

Level 3
Thread author
Verified
Jan 17, 2017
97
Added:
Crystal Security
Decentraleyes extension (Firefox)
PrivaZer (portable)
Removed:
Crystal Security
Updated:
/
Tweaks:
/

Tried Crystal Security, not bad, but sometimes it freeze. I will use it as on-demand scanner; moved it to USB toolbox.

I think I will move from Chrome (portable) to Firefox (portable) or other non-chromium browser, because in chrome/chromium 57 there will be no control over plugins (DRM and NaCl). You can control only PDF and Flash.
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top