Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: What protection programs are recommended?

21 Aug 2014   #11
Tookeri

Windows 7 Pro 32
 
 

I guess most people that use an administrator account and disable UAC because of the prompts probably don't know exactly how UAC works. UAC is more than only the prompts. UAC is "least user privilege" based which means programs that don't require admin rights will be launched as a standard user. Without UAC all programs basically run with admin rights, like in the old XP days. And UAC is required for IE's protected modes. And it also enables file and registry virtualization, another protection feature.
Instead of setting UAC to Never notify, it's better to set it to elevate without prompting in the group policy editor (Win 7 Pro, Ultimate, Enterprise). This way not all programs run with admin rights.
User Account Control in Windows 7 Best Practices

As for protection programs I think EMET + Sandboxie is unbeatable. But I usually only recommend EMET to tech savvy people as it can be difficult to configure on some systems. Sandboxie alone is a pretty good protection too. Besides the sandbox protection you can for example also block read access to folders, and configure what programs are allowed to access the internet. This can be useful if you have the Windows Firewall default setting to allow all outbound connections(which probably most have), especially since you don't need to know about general firewall configuration like protocols and ports.

Enhanced Mitigation Experience Toolkit (EMET)
And read my recent post in that thread with useful information regarding EMET 5.0 troubleshooting

Sandboxie Review - gHacks Tech News


My System SpecsSystem Spec
.
21 Aug 2014   #12
Tookeri

Windows 7 Pro 32
 
 

I forgot to add that if the reason for turning off UAC are the "annoying" UAC prompts, there's always the option to keep UAC enabled and set up scheduled tasks to get around the UAC prompts. This is how CCleaner does it. It has an option to bypass the UAC prompt. You modify your program shortcuts to let scheduled tasks launch the program instead since it's already running with admin rights = No prompt needed. Example:
Run UAC restricted programs without the UAC prompt - TechRepublic

And keep in mind that when UAC prompts it's actually asking for your admin password. But UAC simplifies this with an Allow button instead. When UAC is disabled it doesn't have to ask for your admin password because you're already running as admin. This was a big security issue in XP and that's why UAC was created.
My System SpecsSystem Spec
21 Aug 2014   #13
andrew129260

Windows 10 Pro
 
 

@groze


No offense taken Open dns does not make your internet slower. Quite the opposite, it makes it faster. Go to there page to learn more.

And def. read what was posted above about UAC. Tookeri gave an excellent recommendation/explanation in post 11. I disagree with one little thing though. Setting UAC to elevate without prompting in the group policy editor makes things less secure. Any program can then use that to elevate itself.

I set uac to always notify, which makes it more protective like vista was. Granted more prompts appear, but it is only one click and does not take a lot of time. Of course, if you fly through the prompts that will make it pointless anyway. Always read the prompt carefully when it appears. Vista was one of the most secure OS ever built. Then everyone complained about the prompts, so Microsoft lessened the security. If people would have understood why it was like that, viruses would be less common infecting PC's. But people chose to lessen their security for the sake of convenience which was not even that big of a deal. One click? Seriously? Anyways hope that explains things well.

My suggestions are just that. Suggestions. I do want to make you aware though, I help people fix their computers for a living. After following my suggestions completely, (or me assisting them in doing so) they do not ever get infected again. I never get calls again about security issues. So granted, it is your choice. But there is a strong reason I have my suggestions the way they are.
My System SpecsSystem Spec
.

22 Aug 2014   #14
groze

W7 32 bit, Linux Mint Xfce 18 64 bit
 
 

Sorry Layback Bear but I got to respond to Tookeri

Tookeri.
I know nothing about security by disabling uac. Only have 2 viruses over the lifetime using Windows 95. 98se, windows xp, windows 7. I still have an old computer with a dual boot system using windows 98se and windows xp sp3.

For windows 98se
I use clamwin antivirus windows & free outlook firewall and Spybot SD

For windows xp sp3
I use clamwin antivirus windows & windows firewall and Spybot SD

For windows 7
I use Microsoft Security Essentials (MSE), windows firewall, Spybot SD old version with teatimer enabled. Considering trying free avg then it would be Windows Defender instead of MSE

I use Norton's Ghost backup for Windows 98se & xp. Windows 7, I use Nti Backup ez had a few hiccups but got it working. It doesn't like Google Chrome though.

I have used Malwarebytes in the past. I tried it on Windows xp. I don't like you can't change the advance settings without having to buy the pro. My main beef is turning off the auto quarantine you can't do that in the free version and the paid version interferes with Avg. Startup option can be tweaked using a registry or other setting,

In the past until they become resource hogs or did major changes I used
Avast, Avg, Lavasoft adaware, spywareblasters (not sure on the name), Norton paid, McAfee paid.

Back to Windows 7.
I am also a tinker. I love trying everything I download, I know it is risky that is why I have backup. Some flash ads have pup. I also use some batch files that needs uac disabled.

By the way except for ICMP every system passed the shields up test at grc some isp needed ICMP allowed through.

MSE caught my own batch file I made to change the host file.

I also have the avg boot cd on flashdrive.

For the record, I have made mistakes but learned from them
My System SpecsSystem Spec
22 Aug 2014   #15
groze

W7 32 bit, Linux Mint Xfce 18 64 bit
 
 

andrew129260, I explained to Tookeri why I disabled UAC. I am also knowledgeable so I know "what to look out for" yes, I made mistakes but learned from them. As running as administrator account even though I do that, I am mixed on that. For example some Seamonkey browser preference won't work unless it is run as administrator. By the way since it just two people here, I don't use a password to login into windows 7. My important data is not even on the computer.


Just for info
ubuntu doesn't prompt as much as windows 7 does.
My System SpecsSystem Spec
22 Aug 2014   #16
groze

W7 32 bit, Linux Mint Xfce 18 64 bit
 
 

Hmm. No offense guys but look what I found

Defeating UAC with a two-stage malware attack | ZDNet
My System SpecsSystem Spec
22 Aug 2014   #17
andrew129260

Windows 10 Pro
 
 

Quote   Quote: Originally Posted by groze View Post
Hmm. No offense guys but look what I found

Defeating UAC with a two-stage malware attack | ZDNet
Quote   Quote: Originally Posted by andrew129260 View Post
Vista was one of the most secure OS ever built. Then everyone complained about the prompts, so Microsoft lessened the security. If people would have understood why it was like that, viruses would be less common infecting PC's. But people chose to lessen their security for the sake of convenience which was not even that big of a deal. One click? Seriously? Anyways hope that explains things well.
See above
My System SpecsSystem Spec
22 Aug 2014   #18
Tookeri

Windows 7 Pro 32
 
 

@groze I'll edit the post to be more clear. What I meant was that most people that can't stand the UAC prompts and therefor simply disable it probably don't know exactly how UAC works. I shouldn't have used "probably don't know much about security".
The only thing that's visible are the prompts, but UAC is more than that. That was kind of my point.
I see you seem to have the protection all under control though.

@andrew129260 Elevate without prompting was a suggestion for people that are thinking of disabling UAC. That's better than disabling. I fully agree with you about the rest! Instead of asking for the admin password, UAC asks only for a simple one-click, and still some people think that's too much?!
My System SpecsSystem Spec
22 Aug 2014   #19
groze

W7 32 bit, Linux Mint Xfce 18 64 bit
 
 

Thank you Tookeri and sorry if I went overboard. I have been reading about running as administrator vs standard user not everyone agrees. Shouldn't you have at least one administrator account (Not the default that can be hidden or unhidden)? This one dell webcam software had to be installed 3 times. One in the default administrator account. My account and the other person that lives here. I doubt that would of worked if it was a standard account. Is there a list of software that doesn't work with a standard account?
My System SpecsSystem Spec
23 Aug 2014   #20
Tookeri

Windows 7 Pro 32
 
 

A standard user account can run most programs, but not install new programs, change global settings or run administrative tasks. For that you need an administrator account (not the hidden one). The hidden built-in admin account runs with full admin rights and no protection from UAC. Back in the XP days many programs required admin rights, but it's changed since then.

Now I'll try to describe UAC as simple and short as possible:
With UAC enabled and you log on with an admin account, all admin rights are disabled until UAC prompts you. So there's really no difference from running as a standard user if you set it to Always notify.

If you disable UAC the admin rights are not disabled and you lose all the security benefits of UAC.

If some programs require UAC to be off to work properly I would investigate that or replace them with better compatible programs. At least that's what I would do.
My System SpecsSystem Spec
Reply

 What protection programs are recommended?




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
How to edit a program name on the recommended programs list?
Del
Customization
Recommended PSU and GPU for this build.
Hello, i'm building gaming pc, so far the specs are Intel Core i5-3570K DDR3 Corsair Vengeance Black 16GB (2x8GB) 1600MHz HDD SATA 500GB Motherboard Asrock z77 extreme4 I'm wondering what Video card should i get for this setup card should be no more than 200$, also what power supply i...
PC Custom Builds and Overclocking
How to Remove Recommended Programs
Delete Unwanted Programs In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\*filetype*\OpenWithList Right. ? But After Try That. It's No Effect In Open with Window ... I Use Media Player Classic x64 Associate For All Videos Files But.. Windows Media Player...
General Discussion
Recommended PSU - Please Help
Hey guys. (Im not sure if i posted in the right place) I had a 750w Winpower PSU in my pc for about 3 years. Then the other night my machine went off then let our a huge bang/spark and i got a smell of burning from my PSU. After looking online about winpower PSU's they are not recommended by...
Hardware & Devices
Recommended Ram
Hi I am new too this forum very nice site and hope I'm posting this in the right spot I my self am running win 7 RTM Final and have 2gig's ddr MHz ram should i invest in getting 2 more gigs is it worth it ? Also would it be worth while to get a sata hdd ? this win7 works great after vista refused...
Hardware & Devices
Recommended IE8 add-ons?
You guys have any recommendation for Windows 7 Internet Explorer 8? Like download manager or security issued add-on. Anything you use and you found it useful.
Network & Sharing


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 03:43.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App