I'm looking for a safe, quick, free and easy-to-mantain security configuration.
Actually I'm using CIS, it seems a good balance between easy-to-use and all-in-one product, even if I find it very different from what I remember (version 5 or so).
Whitelisting and sandboxing make hips, imho the main suite power, almost useless:
if an app is trusted, can do almost everything -> no alert
if an app is untrusted, it is sandboxed -> no alert
Open to any suggestion or alternative configuration
I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.
I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.
You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)
I would consider some type of system/data backup solution.
Both Macrium Reflect & AOMEI backupper offer good free solutions.
Consider an additional on demand scanner(s).
You might consider enabling Smartscreen.
Other than the lack of a backup solution your config looks good.
Thanks for sharing it with us
This is my security config I just improved cuz i had an infection recently. Damn Usb flash drives.
If you have a particular issue with USB malware, consider MCSHIELD. Have you considered installing Windows 10? If not, why? Thanks for sharing your config.
I keep a casual security config. I don't keep a bullet proof security setup because it is cumbersome.
Also my device is slow and weak which further discourages anything elaborate.
After reading other configs, I decided to get a strong AV ie Kaspersky, changed my dns to Norton, maxed my Adguard settings and do monthly scans.
If you have a slow device than kaspersky should not be your security program of choice. It runs heavy! Especially if you have a laptop ; it sucks the lifeblood out of your battery. You would be better of with win defender , emsisoft anti malware or eset. Ad kb ssl enforcer to your browser as an extra security meassure. Also think about getting a backup program like aomei backupper standard , better safe than sorry Thanks for sharing your config!
Thanks for taking a look!
Thanks for taking a look!Click to expand...
Very good config.
A few notes and additions:
You might want to add a firewall application, since Avast Free Antivirus does not include any network firewall or HIPS (behavior blocker) components. These components are an essential extra layer of security.
For these tasks, I would personally recommend COMODO Firewall (free) which contains three powerful security modules:
1. Network Firewall (allows you to control connections coming in or going out of your computer).
2. HIPS ("Host Intrusion Prevention System" checks any file for suspicious behavior and allows you to create rules for how that file should run and what it can do on your computer).
3. Sandbox (virtual environment for isolating unrecognized or potentially malicious applications, so that they cannot harm your actual system or files).
COMODO Firewall is an extremely powerful application, and with a little bit of configuration it can become a very effective security layer. In case you run into any trouble configuring COMODO Firewall, there are many COMODO users here on MalwareTips who are all eager to help.
If you see that you do not like COMODO Firewall, you may use Sandboxie as a virtual sandbox application for isolating suspicious files and running applications (e.g. browsers) securely in an isolated and protected environment, without having to worry that any malicious files may harm your computer. (note that Sandboxie ... Read more
My current box:
HP netbook Atom N450, 2GB RAM, 1 TB HD.
Running a customized Windows NT 5.1 (XPSP3) patched with POSReady updates until EOL in mai 2019.
I only run my OS in stateless ramdisk mode for performance, security and privacy reasons.
Just started using security and antimalware software.
I used an unpatched XP with NO Firewall and NO antivirus for several months and I never got infected as far as I know. (The C drive gets flushed after reboot so it's hard to tell)
For a long time I exclusively used brain + ramdisk to stay out of trouble and I has worked like a charm.
At the moment I am busy hardening my OS to stay safe in the future.
Using my "obsolete" Windows XP daily for online payments and banking without any fear...
Best config I have seen in a long time = anti-executable + light virtualization + outbound network notifications ... I would not change a thing.
How do you have your RAM Disk configured ? Net cache only or have you added apps to RAM Disk image ?
This is my security config. At current time I am operating with one core so tHE PERFORMANCE IS POOR
Maybe you could use a anti-executable like NVT exeRadarPro , it uses low resources and then complement it with an On-Demand scanner like Hitman Pro ; so you will be protected without having a real-time AV eating up your resource usage.
**WARNING: Emulate this config with caution. If you practice unsafe or risky browsing or click habits this config may not suit your needs.
Consider using MBAM Premium as an on demand scanner only BTS is enough for real time protection.
You could also add an additional on demand scanner such as ESET Online Scanner
CCleaner or Privazer if not already installed
Some type of backup solution
If only for testing and you have another machine then you probably don't need all the above
Thank you for answer
What do you mean by "Sometimes"? It's highly recommend to add Real-time Malware protection. I would recommend you to add a free AV (there are many: Avira, Avast, AVG, Bitdefender free and more...). If you want to maximise your security, you can add an anti-executable, such as Voodooshield (it's free for home use). I highly recommend you to regularly backup your data!
I think that this Config Wizard is clearly favoring Windows over Linux...
I'm using Arch Linux, imo the safest distro, because u can tweak it as you like.
My security configuration consists of:
ufw - great iptables frontend, tweaked settings in order to reduce attack surface
grsecurity - kernel patch for exploit and 0day protection
AppArmor - MAC, very simple rules configuration (I actually had to recompile my own kernel to allow it, default Arch kernel with grsecurity comes only with Tomoyo enabled - I've no idea how to use it and I'd also have to write my own profiles, so no thank you)
firejail - great sandboxing tool, essential for Firefox and vulnerable apps, comes with several predefined profiles
edithosts - interesting tool, blocks ads on HOSTS level, I tweaked it to block malware domains as well, doesn't slow down my browsing experience so far
rkhunter - decent tool, scans for generic rootkit files, reports suspicious files and most importantly stores hashes of essential OS files and then reports any tampering with them
It's a bit overkill for a desktop, but well... at least I feel safe.
Arch Linux is a good one, using Apparmor is a good move; you linux security setup is quite tight.
NOTE: Keep in mind, ONLY security-related programs on my system are mentioned above.
This is my current desktop security config. What do you guys think? Please give your honest opinions.
Spoiler: Vulnerable Process's List
Vulnerable Processes on my system (Windows 7):
All process's both paths (system32 & syswow64) included.
** - Monitored
*** - Blocked
Spoiler: Vulnerable Programs List
Vulnerable Apps & Programs on my System (beside Windows 7):
Java JRE 8 32-bit (Used for Desktop Apps Only)
Adobe Flash Player ActiveX (Used For IE 64-bit Only)
Browsers (Firefox 32-bit, Chrome 64-bit & IE)
Adobe Photoshop 64-bit***
Windows Media Player***
uTorrent (3.3.2 Build 30586)
VLC Media Player***
K-Lite Mega Codec Pack With MPC-HC 64-bit***
Microsoft .NET Framework 4.6.2
*** - Internet connections (Incoming & Outgoing) are disabled in Firewall
Spoiler: Additional Info
I have 3 user accounts active - 1 admin (personal use only), 1 standard (friends & family use) & 1 guest (other stuff). The standard & guest accounts enjoy the strict settings of kaspersky total security parental control.
For financial/banking transaction, i use kaspersky safe money. For safe money, i use firefox only with addons kaspersky protection and https everywhere... Read more
intel pentium D @ 2.6GHz
80 gb hardisk
RAM Corsair DDR3 4GB Desktop (CMV4GX3M1A1333C9)
gpu amd radeon hd 545
It helps us to help you with suggestions if you provide more details, such as what you have for real time security, on demands and privacy, what you use to block ads, trackers, ect.
I know my secureness is horribly low: a new entry is UAC on "non dim" (before was off).
The win updates, even if they're on "manual" are checked often.
I highly recommend you uninstalling SpyHunter ASAP. Google it and you'll learn why. You can keep Panda Free if you want as a real-time malware prot, but I would recommend you picking up an anti-executable like NVT Exe Radar Pro, Voodooshield, APPGUARD, ReHIPS, etc. The freebies are the first two options. I'll leave the rest to others. Thanks for sharing your config.
This Is my security config, Comments are welcome, Although the NS W Backup, Is being Used, I usually don't even run an AV beyond MBAM, as I do not go to any sites beyond my usual sites in windows. All other Web browsing is done on a iPhone.
Usual sites being:
Facebook (No links are ever clicked)
My schools website
Tumblr(Some crazy crap on there, Is funny to read)
Here, Lurked til recently
If not done on my iPhone, will be done in a Virtual Machine.
Nice and simple
Just added New Bitdefender Total Security 2016 , previously had Malwarebytes Pro along with Bullguard internet security. Not sure what second line security is needed /compatible with Bitdefender. Any Advice?
Have noted Bitdefender and Acronis Scheduler seem to have a conflict. both work sor far though.
Nice configuration, I would recommend you add some on-demand scanners...
Hi, Presently am having MalwareBytes AnitMalware Free and would like to add a secondary AntiMalware . Pls suggest me the Best along with A Full security software free .Read about Emsisoft in your thread . Looks convincing . How is Zemana Anti Malware ? Any Free GiveAways of security softwares with good rating and ease of use . Would like to try it for a few months . How good is K7 total security 2016 .
@Swathiravi Mod Edit Notes: Username in title.
You need real-time security protection, pronto.
Please fill in the forms with accurate information, you already use Malwarebytes Anti-Malware as an on-demand scanner.
Find external promotions, discounts and our own Giveaways at: Giveaways and Promotions | MalwareTips.com
My personal preference is Linux .
But my work requires me to have both Linux and Windows systems .
On Linux I generally do not use any malware protection although some
of my Linux systems have grsec as kernel hardening.
I decided to give my answers for Windows as my main system .....
.... at least that way I can give answers to most of the config questions
I think you forgot to add AV
Tiny Wall is a Firewall not a AV.@Myriad
Add some AV,other than it looks ok.
Hi, folks. Old reader of MT, novice as to community member. Good luck.
Looks good to me so far, but regarding "Non. I have them all in a word document" - I would use a password protected, even better 2FA protected PW manager, for e.g. LastPass, to prevent password stealing by trojans / data loss.
BTW there is a ZAM giveaway ATM, feel free to join in
- 360 TSE Security level(All engine on) instead of balanced, with pua enabled, all files are monitored by qihoo 360 isn't of just executables and documents.
- Malwarebytes rootkit scan enabled, enabled self-protection module, and I'm notified if Malwarebytes is outdated for more than 2 days.
Privacy for windows
- Anti spy bot beacon
- Shutup 10
Not a bad config. Thank you for sharing.
Hi, although I tried various antiviruses and I'm considering myself as a fan of this stuff, lately I'm somehow bored and I stay with Windows 10 and its default antivirus, firewall...
Thinking about change for a few weeks already but did not decided yet. Hope I get some inspiration here ;-)
Why SmartScreen disabled? It is absolutely recommended to enable it to avoid infections. Windows Defender is improved with the latest version, but I recommend to add also ZAM Free and MalwareBytes.
Add HTTPS Everywhere, add at least CCleaner Free for System Utilities.
Add Macrium Reflect Free or AOMEI Backupper.
Thanks for sharing.
Nothing fancy at all.
Avast free with Web and File Shields. I don't bother with CC in Avast as it seems half-baked.
Hardened mode is currently off.
Maybe add a password manager such as Lastpass and uBlock Origin.
Thanks for sharing with us.
Daily backups off to Raid-5 NAS.
I got nothing to say, looks amazing, thanks for sharing your config! All software you are running seems like an Enterprise setup, must have cost quite a bit....Grab Shadow Defender if you haven't, my most used app right now...
It's a pretty light and simple setup. No annoying pop-ups
you can ad emet or malwarebytes anti exploit for system hardening https everywhere as extra browser extension. the rest looks ok to me ( not a mcafee fan ) since download malware samples I do suggest the use a virtual machine for that ( vm ware ) , or shadow defender or rollback rx ( disaster recovery )
I tend to test a lot of security software both in VM and on my host machines. So My configs are forever changing. Sorry about the DP but my old Config thread was basically broken. It gave me an error every-time I tried to update it regardless of what I did it gave me the "Something Went Wrong" Error. So feel free to delete that thread if possible admins Thank-you for the fantastic mods and the fantastic website and it's members.
Again sorry for the double but this is the config thread I will be updating and adding onto since I have several configs on desktops, Laptops Etc. Each having their own unique config based on hardware specs age, OS, etc. I will post some of those configs as well.
Very nice Configuration, i have nothing to add
Chrome Security Tweaks:
AppContainer Lockdown (Enabled)
PPAPI Win32k Lockdown (All Plugins)
Extension Content Verification (Enforce Strict)
Java, Flash, Silverlight: Uninstalled
Heyo, not sure if there's any conflict between AVAST and MBAM. Maybe consider removing one or the other and replace it with an anti-executable? Enable OS File Reputation, as it's a critical security component of Windows 10. Leave the rest for others, thanks for sharing.
What is the Security Configuration Wizard (MalwareTips.com)
Here you can share your PC security configuration with other members. Sharing your security set-up may help others too. You will receive feedback on how to improve your security and other advice if you ask. We politely ask not to hijack other members' config threads with off-topic posts. Your posts may be removed.
Where shall I post?
We ask all members to post in the Security Configuration Wizard forum only.
Members are advised to keep 1 active topic for their current config.
You can read on How to update your security config without creating a new thread! as provided by @Jack
Before Posting Your Config.
Naming your thread
Thread titles must include your username, for example, Jack's Security Config or Jack's Config.
If you use "My Config" your thread may be altered or removed.
Warning: This may affect your eligibility for MalwareTips Giveaways.
Operating System - Do you use Windows, Mac OS X or Linux? Provide details about any Updates or Service Packs.
OS Architecture - Determines the capabilities of your OS. Are you unsure? Find out for Windows.
Last Malware Infection - When you were last infected with a virus, worm, adware, spyware, ransomware etc.
Malware and Phishing sites - Are you a high or low risk web user?
Number of Users for this PC - Have you set-up adequate protection for these accounts against unauthorised use?
User Access Control ... Read more
*** BUMP ***
All members are required to refer to this topic for How to Post their Config threads.
Avoid using "My Config" as a thread title, instead include your username. It makes your thread so much easier to find in the future!
I thank you all for the Giveaways
Thanks for sharing your config, but you have an anti-all pc, well is not a good idea, if i were you i would use malwarebytes into passive mode /free mode/ uninstall comodo firewall and xvirus as bitdefender total security cover what those programs does. And i would recommend you to uninstall and leave only the necessary extensions, due to the fact that they consume a lot of ram and make the browser more unstable and some time they may crash. in resume just use what you need. is not true the fact that with many antimalware soft you will be protected, it is the opposite.
Comodo and bitdefender are not good friends... having them on at the same time will cause a hole in your firewall... because none of them will be able to work correctly
Infected with CIS Hips off full virtualization then changed config .-)).
I really like your conf., but i think you would do better with Online Armor free that is a powerfull firewall with HIPS defense not provided by your antivirus and very easy to use.
Thanks for reading guys have a good nite yall !
I would like to suggest some form of backup for the future, you could give either Macrium Reflect or Aomei Backupper a try. Both have a free and reliable version so that if something happens in the future you can restore your machine as easy as 1 2 3 and you will be up and running again.