Shukla44's Security Config (Desktop)

Status
Not open for further replies.

shukla44

Level 13
Thread author
Verified
Top Poster
Well-known
Jan 14, 2016
601
NOTE: Keep in mind, ONLY security-related programs on my system are mentioned above.

This is my current desktop security config. What do you guys think? Please give your honest opinions.


Previous Security Config (2016) - shukla44's Security Configuration (Desktop)


Vulnerable Processes on my system (Windows 7):

  1. shell32.exe*
  2. regsvr32.exe*
  3. rundll32.exe*
  4. cmd.exe**
  5. mshta.exe**
  6. wscript.exe***
  7. cscript.exe***
  8. powershell.exe***
  9. powershell_ise.exe***

All process's both paths (system32 & syswow64) included.

* - Reported/Logged
** - Monitored/Prompts
*** - Blocked/Disabled

Vulnerable Apps & Programs on my System (beside Windows 7):

  1. Browsers (Firefox 64-bit, Chrome 64-bit & IE)
  2. Microsoft Office***
  3. Thunderbird
  4. Foxit Reader***
  5. Adobe Photoshop 64-bit***
  6. Windows Media Player***
  7. uTorrent (3.3.2 Build 30586)
  8. VLC Media Player***
  9. K-Lite Mega Codec Pack With MPC-HC 64-bit***
  10. Microsoft .NET Framework
All programs are monitored in HMP.A (except uTorrent & .NET Framework).

*** - Internet connections (Incoming & Outgoing) are disabled in Firewall

Additional Info:
  1. I have 2 active user accounts - 1 admin (personal use only), 1 standard (friends & family use). The standard account enjoy the strict settings of kaspersky's parental control.
  2. For financial/banking protection, i use kaspersky's safe money. For safe money, i use ie 64-bit only with one addon kaspersky protection & all others DISABLED, also settings in ie 64-bit is modified for max protection.
  3. Firefox 64-bit is my primary browser. Chrome 64-bit is only used when vpn is needed. Internet explorer is only for banking.
  4. For exploit protection, i use hitmanpro.alert. Safe browsing (have safe money), keystroke encryption (have kaspersky secure keyboard input), webcam notifier (no webcam), badusb (have voodooshield) protections are DISABLED in hmp.a. Kaspersky exploit protection is also DISABLED for compatibility reasons.
  5. I use shadow defender (on admin account only) as a sandbox for testing new settings or unknown apps. All the malware-testing is done in vmware.
  6. In vmware, i have a number of guest os installed (temporarily), but only win7 sp1 ultimate 64-bit is permanent. Win7 guest os has rollback rx pro installed for rollback & testing purposes.
  7. Adguard desktop active filters - english filter, spyware filter, social media filter, annoyances filter, fanboy's enhanced tracking, anti-adblock killer reek, i dont care about cookies, nocoin. I use custom user filters as well. Phishing & malware protection is ENABLED. Stealth mode ENABLED. https filtering ENABLED. Allow search ads & websites self-promotion is DISABLED.
  8. Adguard protection is DISABLED on ie 64-bit. I have https scanning ENABLED in adguard & kaspersky both, so i need a seperate browser for banking only, where no conflicts should arise.
  9. All the internet connections (incoming & outgoing) are DISABLED in kaspersky firewall for apps/programs that doesn't depend on Internet. FYI, became very useful during the whole ccleaner debacle.
  10. All the important files/documents are backed up in a password-protected winrar archive file without the .rar file extension so that it cannot be encrypted by file-cryptors. For mbr-encryptors, it is also saved on the multiple cloud storage services.
  11. All the important passwords are kept in a password-protected doc file within a password-protected archive within a password-protected thumb drive. For emergencies, i keep some of them on a piece of paper hidden in my room. For the rest of the passwords, i use sticky password.

Suggestions & feedback's always welcome.
If you have questions about my configuration, i'll be happy to answer as much as possible.
 
Last edited:

shukla44

Level 13
Thread author
Verified
Top Poster
Well-known
Jan 14, 2016
601
Thanks a lot for all your replies.

My Kaspersky license will expire in 3 months or so, i am thinking of moving my config to CF (proactive) + VS Pro with Adguard (desktop maybe). What do you think of this?
 
D

Deleted member 178

a bit early to think about it ^^ in security, lot of things happens in 3 months.

With CFW + VS , you are opposing 2 concepts : simplicity (VS) and complexity (CFW) , personally if i decide to use Comodo , i would use CIS only, it covers all layers , you won't need VS.
 
D

Deleted member 2913

Thanks a lot for all your replies.

My Kaspersky license will expire in 3 months or so, i am thinking of moving my config to CF (proactive) + VS Pro with Adguard (desktop maybe). What do you think of this?
If you know how to work with CFW, I would say VS is redundant. And I would suggest go with CF (proactive), Adguard Desktop would be good too. I am running CFW proactive + customization with Adguard Desktop & no probs.
 

shukla44

Level 13
Thread author
Verified
Top Poster
Well-known
Jan 14, 2016
601
I think in three months you will think about, but good move :)

Yeah. Thanks:)

a bit early to think about it ^^ in security, lot of things happens in 3 months.

With CFW + VS , you are opposing 2 concepts : simplicity (VS) and complexity (CFW) , personally if i decide to use Comodo , i would use CIS only, it covers all layers , you won't need VS.

If you know how to work with CFW, I would say VS is redundant. And I would suggest go with CF (proactive), Adguard Desktop would be good too. I am running CFW proactive + customization with Adguard Desktop & no probs.

Yes, i know how to work with CFW. I also know CFW/CIS will be enough, but i want to complement it with some backup solution (simple one, preferable - multi-engine scanner). I have used this combo before for a short period of time but this combo is light, efficient & complex enough to satisfy my security needs.

Besides, i am thinking about it & yes, a lot can happen in three months;):D
 

DracusNarcrym

Level 20
Verified
Top Poster
Well-known
Oct 16, 2015
970
Great security config, tight and strong. Malware trying to penetrate is like rain trying to crack mountain rock. :D

All I have to say is keep a backup image at the ready, in case all else fails. I bet you know the drill.

You're good to go, as far as I'm concerned.

Stay safe. (won't be a problem for you :D)
 

Parsh

Level 25
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Dec 27, 2016
1,480
@shukla44 awesome explanations and topiv coverage. Nice set of tools.
In case you want to run things out of box with less worries, a good AV will be great alongside CFW you're planning to have,
again for prevention. HIPS will then get its back :)
 

Winizsol

Level 2
Verified
Jan 19, 2017
70
NOTE: Keep in mind, ONLY security-related programs on my system are mentioned above.

This is my current desktop security config. What do you guys think? Please give your honest opinions.


Previous Security Config (2016) - shukla44's Security Configuration (Desktop)


Vulnerable Processes on my system (Windows 7):

  1. cmd.exe**
  2. regsvr32.exe**
  3. rundll32.exe**
  4. shell32.exe**
  5. mshta.exe**
  6. wscript.exe***
  7. cscript.exe***
  8. powershell.exe***
  9. powershell_ise.exe***

All process's both paths (system32 & syswow64) included.

** - Monitored
*** - Blocked
Vulnerable Apps & Programs on my System (beside Windows 7):

  1. Java JRE 8 32-bit (Used for Desktop Apps Only)
  2. Adobe Flash Player ActiveX (Used For IE 64-bit Only)
  3. Browsers (Firefox 32-bit, Chrome 64-bit & IE)
  4. Microsoft Office***
  5. Thunderbird
  6. Foxit Reader***
  7. Adobe Photoshop 64-bit***
  8. Windows Media Player***
  9. uTorrent (3.3.2 Build 30586)
  10. VLC Media Player***
  11. K-Lite Mega Codec Pack With MPC-HC 64-bit***
  12. Microsoft .NET Framework 4.6.2

*** - Internet connections (Incoming & Outgoing) are disabled in Firewall
ADDITIONAL INFO'S:
  1. I have 3 user accounts active - 1 admin (personal use only), 1 standard (friends & family use) & 1 guest (other stuff). The standard & guest accounts enjoy the strict settings of kaspersky total security parental control.
  2. For financial/banking transaction, i use kaspersky safe money. For safe money, i use firefox only with addons kaspersky protection and https everywhere & all the plugins disabled.
  3. I use shadow defender (on admin account only) as a sandbox for testing new setting or unknown apps. But all the malware testing is done in vmware.
  4. All the internet connections are disabled in firewall for apps/programs that doesn't depend on Internet.
  5. All the important files/documents are additionally backed up in a winrar archive file without the .rar file extension.
  6. All the important passwords are kept in a password-protected doc file within a password-protected archive within a password-protected thumb drive. For emergencies, i keep some of them on a piece of paper hidden in my room. For the rest of the passwords, i use sticky password.

Suggestions & feedback's always welcome.
If you have questions about my configuration, i'll be happy to answer as much as possible.
Nice config! Thanks for sharing it!
 

shukla44

Level 13
Thread author
Verified
Top Poster
Well-known
Jan 14, 2016
601
Have you given any thought to upgrading to Windows 10?

Yes, i have already tried upgrading, but had to revert back to Windows 7.
I don't think i can upgrade make Windows 10 work, not on this desktop anyway. The hardware, specifically graphic & sound cards, is legacy. Only supported till Windows Vista, so i was able to install it on Windows 7 after a lot of effort. But can't get it to work with Windows 10. Thanks anyway for your suggestion. I will surely install Windows 10, if i ever upgrade my desktop.

FF 64bit is stable enough with decent performance enhancements.

I know. Already tried it on VMware. But i am afraid i can't install it just yet. I use sticky password & FF 64-bit is NOT supported yet. Already pointed it out to the support. Hoping for support in the near future.
 
D

Deleted member 2913

I know. Already tried it on VMware. But i am afraid i can't install it just yet. I use sticky password & FF 64-bit is NOT supported yet. Already pointed it out to the support. Hoping for support in the near future.
I use Sticky Password with Firefox 64 Bits Portable And Sticky Password & Extension work fine here.
 
  • Like
Reactions: SHvFl and shukla44
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top