stablish's config

[stablish]

Addition stuff I use (wasn't sure where to put it in):

- EMET 5.5 with recommended settings

- VeraCrypt for encrypted containers (I'm not using system encryption)

- GlassWire Firewall combined with Windows Firewall

• GlassWire is basically to keep an eye on the traffic which goes out to the web

- Microsoft Network Monitor and Wireshark

• To keep an eye on the traffic aswell and to check if some shady file connects to some shady sites

- On a fresh installed Win10 I use Spybot anti-beacon combined with "Win10Privacy" and a custom made batch file to disable various stuff (such as windows built-in logging, disable scheduled tasks, disable Windows Error reporting, Windows services and various Windows optimizations such as faster shutdown, superfetch only for boot files and so on.)

- I also use VMware frequently with some Windows and Linux VM's. I sometimes like to check malware, I do it as an hobby and I'm far away from a professional, I sometimes reverse cheap "steam wallet" generators or some cheap "Game hacks" for games like DayZ, CSGO and other popular games.

- Sandboxie for using downloaded PDF's even when they are from a "trusted" source (Friend, work, etc.) I prefer to open them in Sandboxie, trust no one.

- DNS settings from OpenDNS put into IPv4

- IPv6 is disabled

- I don't use any realtime Anti-Virus tools. I think my last infection is now 5-6 years ago (when I started to play around with such things). When friends ask me what I recommend it is mostly Avast or none and use the "human" protection instead. I was working in a IT Solution company where we used Kaspersky, and we still had so many customers with infections.. I also have a friend who downloaded an attachment from his mail (scam) and opened the file with an AV, still got infected and his paypal and bank account were stolen, so.. I dont trust any AV Product.

- For Backups I use "Macrium Reflect" in the free version. Totally fine for me


That's it basically. Might be paranoia, but I can live with it and I can work with it
If you have more questions, feel free to ask them


Regards

 

[Ink]

You can add GlassWire and Sandboxie to your Real-Time Protection, instead of none.

Why do you recommend AVAST Antivirus to others? And what are your views on Windows Defender in Windows 10?

 

[stablish]

Avast seems to be decent one out of them all free ones. No one of my friends wants to pay for their security, so they ask for free products and avast made me happy in the past when used to use AV's, it has a decent protection, scanning the system is fast enough and it is actually pretty light on system resources.

I have never used Windows Defender in Win10, especially because it sends all the stuff to Microsoft and has a high usage on resources. When I reversed some cheap malware it didnt even detect a few of them while Avast detected them (The last example I can think of was a DayZ hack I downloaded from youtube like 4 months ago which wasnt even obfuscated).

 

[Noxx]

Microsoft can't improve Windows Defender unless you send data. It may also be high on resources, but I don't feel it and my computer is pretty average. Have you at least considered enabling smart screen?

 

[Exterminator]

As @Huracan suggested you should edit your config to include Glasswire & SBIE as real time protection.
I would also enable Smartscreen.
Defender is better than it was in previous operating systems and as @Noxx pointed it out it is difficult to improve something without sending some data.
Thanks for sharing your config

 

[stablish]

Added GlassWire and Sandboxie to Realtime protection.

Never fiddled around with Smartscreen, will enable it and see how it works, thanks for the suggestion

Yes, it is true, without getting data Windows Defender can't improve, but I never liked and my infection rate is actually pretty low to none. If a executable file is suspicious I upload it to Virustotal and malwr.com, if I'm still unsure I test it first in a prepared VM and do a quick-check. But as I said, will test smartscreen out

 

[Noxx]

If you don't want to play around with Windows Defender, maybe consider at least adding another on-demand scanner like Zemana AntiMalware or Emsisoft Emergency Kit. They have some of the best detection rates I know of.

 

[stablish]

Thanks, never used emsisoft, but heard good things about it like 1 year ago. Would you still recommend it over Zemana? (Never heard anything about it).

 

[Noxx]

I couldn't recommend one over the other. They both do really well in the malwarehub. I recommend you try both and come to your own conclusion. You can sign up for the Zemana beta, as you can get a 90-day trial key for the premium version. Emsisoft has a real-time version as well with a 30-day trial. The difference is one is more cloud-based, whereas the other is more signature based -- if that helps you.

 

[Deleted member 178]

Smartscreen disabled doesn't belong to paranoia

i suggest you to enable it, since it is system-wide.

 

[stablish]

Smartscreen disabled doesn't belong to paranoia

i suggest you to enable it, since it is system-wide.

Got it
Will definitely enable it.

 

[DJ Panda]

Enable smartscreen, add Malwarebytes Anti-Exploit for free protection. And use Zemana Ant-Malware as a cloud based scanner.

 

[stablish]

Enable smartscreen, add Malwarebytes Anti-Exploit for free protection. And use Zemana Ant-Malware as a cloud based scanner.

I've read EMET is better for a free product, even here on this forum, I think Umbra also mentioned it somewhere. Was something like:

HMPA > MBAE > EMET > MBAE FREE.

Also Malwarebytes only protects your browser?

 

[DJ Panda]

I've read EMET is better for a free product, even here on this forum, I think Umbra also mentioned it somewhere. Was something like:

HMPA > MBAE > EMET > MBAE FREE.

Also Malwarebytes only protects your browser?

Browsers and java are basically the best you can protect. Hitmanpro.Alert isn't that good unless you pay for it. And Microsoft products/software... If I were you I'd do MBAE

 

[jamescv7]

A policy based program like Appguard or Whitelisting technology of SecureAplus should help you complement the setup.

 

[_CyberGhosT_]

I agree with Noxx, Emsisoft's E-Kit and enabling smart screen and you should be good.
I can't go though without saying that disabling defender in trade for Avast would make me nervous.
PeAcE

 

[DJ Panda]

I can't go though without saying that disabling defender in trade for Avast would make me nervous.
PeAcE

Wait you think Windows 10 Defender is better than Avast? Out of curiosity.. I have been with Avast for many years and never fully gotten a taste on W10 defender.

 

[Duotone]

Agreed with their suggestion's..

• Enable Smartscreen as its already built-in;
• Add a second scanner like Zemana Anti-Malware(MBAM free is good but ZAM is better IMO);
• As for Sandboxie it has great protection/isolation adding some restrictions(ex: browser) would be better;
• Adding anti-exploit like Malwarebytes Anti-Exploit would be a matter of preference as SBIE already got you covered unless you always click shortened Url's, videos, etc... then anti-exploit would give you an additional "info/warning" a cue when to stop and delete the sandbox; and
• Adding policy based/whitelisting/anti-exe software like AppGuard would maxed out your setup, but due to the fact its now on annual license there are free alternative as @jamescv7 suggested SAP others are Voodooshield, and NVT ERP beta.

 

[stablish]

Awesome, thanks guys for all your feedback!

Will definitely look deeper into your suggested tools and will enable smart-screen, for sure

There's just a question left which just came into my mind: Custom DNS. Would you suggest to use a DNS such as OpenDNS, Comodo or Norton?

I used openDNS and havent noticed any speed difference (Internet speed is decent enough tho, 100 Mbps down, 20 Mbps up).

 

[Duotone]

@stablish
For DNS speed: GRC's | DNS Nameserver Performance Benchmark   try this then decide for your self, difficult to suggest due to our geographic location but after initial testing benchmark results finds OpenDNS the fastest in my area.

For added security: Simple DNSCrypt - Official Project Home Page