What is your threat model?

[Handsome Recluse]

Why do you have that mitigation/damage control/recovery setup? Why do you do what you do? I realize for fun is an option but look deep into your heart, back to when you were a baby, why did you choose that security setup?

You can also include what you haven't done and why for a more detailed view of your mindspace.

 

[Deleted member 178]

ummm....

Basic setup
this setup is common to all my machines

- I just use native security in Win10 (SUA + UAC max + Smartscreen max + Win Def + Win FW ) customizing the settings to my needs (especially Win FW).
- Then i add some registry tweaks to close some potential gaps
- then once my base system (OS + needed softs) are installed and up-to-date, i do a system backup Image with Windows (built-in) Backup & Restore.
- Then i install Rollback RX , to reload in seconds a clean snapshot in case of potential issues; i also use RX as a foundation for my Advanced Setup.

Advanced setup
(because i like toying and im closed beta tester for them), so from RX baseline (which is made from basic Form).

- I add HMP.A , i like some features (encryption, etc...)
- I add Appguard , because it is "da best" SRP software, all i didn't whitelisted myself will be blocked.
- I add ReHIPS for its efficient hookless isolation & Application Control, because i don'y want stuff from my browsing get roots into my system.

In the past i used plenty of softs to make the almost perfect layered setup (older members knows what i'm talking about) but i ditched them for various reason, mostly because some are too much an hassle , other were redundant with my current setup, or i have now enough skills to not have to depend on them.


- AVs like Emsisoft AM , Webroot SA, etc... realtime scanner are obsolete to me and are just now a comfort feature.
- HIPS-based FW/Suite , like Comodo FW/IS or Online Armor Premium; HIPS are obsolete, you have more hassle by clicking useless prompts all the time; better use an SRP software.
- BBs-based software/suites like Emsisoft AM, Norton IS , Symantec EP, for the same reason as HIPS. but i rather use a BB than a HIPS.
- Anti-executables like NVT ERP, etc...they would be still useful to me for other machines but for my main , i have better ones.
- Antilogger like Zemana AL or Spyshelter. keyloggers won't even run on my basic setup.
- Keystroke Encryption like Keyscrambler , because i have HMPA , but this maybe the only soft i would consider adding to my advanced setup if i had it.
- Backup software like Paragon, Acronis, Macrium, etc... no need , Win10 gives me the proper tool; never failed me.


i think i sum it all.

 

[XhenEd]

In addition to Windows' built-in security setup:

1st stage: Pre-execution blocking [AppGuard and Kaspersky]
2nd stage: Post-execution monitoring [AppGuard, Kaspersky, and HitmanPro.Alert]
3rd stage: Post-infection remediation [Macrium Reflect]

I don't consider myself an expert at detecting malware, so I utilize the realtime scanner of Kaspersky to help myself decide.

 

[shmu26]

I am a relatively careful, low-risk user, and I keep backups, so computer security should really be the last of my worries in life. But I play around with my security config anyways, for no apparent rational reason.

 

[Deleted member 178]

I am a relatively careful, low-risk user, and I keep backups, so computer security should really be the last of my worries in life. But I play around with my security config anyways, for no apparent rational reason.

As we all do , the only real concerns are keyloggers/RATs; because they collect your datas without harming your system.

 

[shmu26]

As we all do , the only real concerns are keyloggers/RATs; because they collect your datas without harming your system.

right.
since I have startup sentinel installed, I should at least find out if something nasty like that happened to me, so I can get rid of it before I give someone the keys to my bank account.

 

[Wingman]

I realize for fun is an option but look deep into your heart, back to when you were a baby, why did you choose that security setup?

I can assure you that when I was a baby,security was the LAST thing I had in mind

Joke aside though, my security posture changes quite a few times and most of it because I was learning more and more about malware and OS capabilities. There are "good practises" that everyone need to follow (backups etc) even though not everyone does but apart from that it depends how *paranoid* (apologies for the phrase) you might be. Perfect security is killing productivity

What I normally look is the layer defence as a whole and not the silo product as what is important is not whether AV blocked the threat or another security defence but whether the was a successful mitigation.

 

[509322]

right.
since I have startup sentinel installed, I should at least find out if something nasty like that happened to me, so I can get rid of it before I give someone the keys to my bank account.

Monitoring startups is smart, but it's of no use against rootkits, bootkits, firmware infection, etc.

Block execution of unknown\untrusted files in the first place and save yourself from the whole range of potential failures by antivirus and internet security suites. In other words, lock-down the system after a clean install and maintain a relatively static system. It works.

 

[509322]

I can assure you that when I was a baby,security was the LAST thing I had in mind

LOL... when I read "look to when you were a baby" I thought it was Sigmund Freud talking.

 

[shmu26]

Block execution of unknown\untrusted files in the first place and save yourself from the whole range of potential failures by antivirus and internet security suites.

so that's the answer to Sigmund's question. 99% of what I do is to protect from the 1% chance of those potential failures

 

[Deleted member 178]

I can assure you that when I was a baby,security was the LAST thing I had in mind

When i was a baby, i had an HIPS (like everybody else ^^) , and i was called BB

 

[Handsome Recluse]

When i was a baby, i had an HIPS (like everybody else ^^) , and i was called BB

BB don't hurt me

 

[Ink]

To be honest, I don't have one. It's an eye-opener and something for everyone to think about. I don't generally think about when will malware run havoc, or why I allowed ransomware to run wild.

On my personal computer, I use Avast Premier combined with data stored on internal 1TB HDD which is separate to the 128GB SSD for the OS and Programs. I have used Windows Backup for OS partition, but it's a few months old and not something automatic.

An external 2TB HDD is planned for some form of backup, but no system in place. For n reasons;

1. Time
2. to go about it
3. Is it practical
4. Can it support multiple devices and platforms

Even with cloud-based storage and Web accounts, if you lose the device that is used for authentication, you cannot access your account or data. Looking into Multi-Factor Authentication.

In an event of a natural disaster or unseen property damage, all may be lost.

 

[509322]

I don't generally think about when will malware run havoc, or why I allowed ransomware to run wild.

Calm, measured approach. Not paranoid.

 

[509322]

so that's the answer to Sigmund's question. 99% of what I do is to protect from the 1% chance of those potential failures

And the 99 % that you do can be mostly "set-and-forget" after the initial configuration. Some maintenance now-and-then...

 

[Handsome Recluse]

@Umbra Your post seem to suggest there's a difference between keystroke encryption and antilogger. Also why the extra choice in NVT ERP on other machines?
Always wondered what Application Control meant.
@Wingman Were you even a baby?

 

[509322]

@Umbra Your post seem to suggest there's a difference between keystroke encryption and antilogger. Also why the extra choice in NVT ERP on other machines?
Always wondered what Application Control meant.
@Wingman Were you even a baby?

An antilogger encrypts keystrokes.

Application Control creates rules and policies for programs on the system. Rules = Allow, Block, etc. Policies = run with limited access rights. Rules and Policies can be considered equivalent; interchangeable. It's just a terminology thing.

 

[Deleted member 178]

@Umbra Your post seem to suggest there's a difference between keystroke encryption and antilogger. Also why the extra choice in NVT ERP on other machines?
Always wondered what Application Control meant.
@Wingman Were you even a baby?

Antilogger usually prevent data leaks by detecting & preventing the logger to execute and collecting datas, while key-encryptor doesn't care because they encrypt the keystrokes which even with leaks won't (in theory) tell what you are typing.

i did a test long time ago with Keyscrambler, all my keystroke were encrypted system-wide at driver level.

User Review - [Review] KeyScrambler v3 (All Versions)