Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Security configurations, may 2015

16 May 2015   #1
Trolleri

Windows 7 Professional
 
 
Security configurations, may 2015

What are your up-to-date ideas on how to secure a clean install of Windows 7 the most?

Discussion 1 - Internal configurations:
Besides constantly updating the system, using a regular user account instead of an administrator account for everyday use, setting UAC settings to maximum, and securing the web browser (https://www.us-cert.gov/publications...ozilla_Firefox), do you recommend a "fsutil behavior set encryptpagingfile 1" or maybe use BitLocker to encrypt the whole system drive entirely. Any other ideas on how to secure the system?

Discussion 2 - Third party security programs:
What programs and add-ons do you recommend? Will a local antivirus program ever be as good as virustotal.com or metascan-online.com? I believe the real security is in a proactive element. Comodo Internet Security is a good choice, and free (Results and comments - www.matousec.com). Regarding Firefox, I am a fan of Ghostery as well as Adblock Plus add-ons, but is it worth to install the NoScript add-on as well? In Windows firewall, is it worth to block all incoming connections, including those in the list of allowed programs, or should I simply use the firewall Comodo supplies?

My intentions for the system is all-round use, and I will be using Redo to make complete images of the system drive. While I try to keep the number of installed programs at a minimum, Secunia PSI counts around 50 programs currently installed on my system.


My System SpecsSystem Spec
.
16 May 2015   #2
ThrashZone

Win-7-Pro64bit 7-H-Prem-64bit
 
 

Hi and welcome to SevenForums,
I believe this subject has been beat to death
What's the Best Anti-virus?

See system spec's for what I use,
Cheers.
My System SpecsSystem Spec
16 May 2015   #3
Trolleri

Windows 7 Professional
 
 

Thanks for the link about anti-virus. Instead of waiting for any suite to be able to detect the malware once the damage is done, I am however more interested in how to secure the system itself, and avoid malware in the first place. Maybe Windows 7 have some hidden functions to tighten the security?
My System SpecsSystem Spec
.

16 May 2015   #4
ThrashZone

Win-7-Pro64bit 7-H-Prem-64bit
 
 

Hi,
Read the thread it's a rabbit hole of information don't let the title throw you off,
Start at the end if you wish
My System SpecsSystem Spec
16 May 2015   #5
Tookeri

Windows 7 Pro 32
 
 

Quote   Quote: Originally Posted by Trolleri View Post
I am however more interested in how to secure the system itself, and avoid malware in the first place. Maybe Windows 7 have some hidden functions to tighten the security?
In Win 7 Pro you have SRP(Software Restriction Policies) that is a great protection! Read this: Best protection against malware?

Encrypting page file, sure, I've done that. And disabled hibernate.

Bitlocker or other full drive encryptions are mainly to protect against physical theft of the PC. For a home PC that's maybe not that important. But why not?
I use a fingerprint boot program + encryption of certain folders with the Windows built-in EFS.

About NoScript, it has an option to allow Scripts globally, which is followed by the word "(dangerous)". That dangerous mode is the default mode in all popular browsers. It's not named dangerous for nothing.
And since FF also doesn't have any sandbox I run it with Sandboxie.

I think Ghostery does a great job together with NoScript so I have no need for an adblocker.

What else? An anti-exploit like EMET, MBAE(Malwarebytes) or HitmanPro.Alert 3

You shouldn't trust any anti-virus product too much. Nor Virustotal. Use good, multiple and different security layers. For example as mentioned above
My System SpecsSystem Spec
17 May 2015   #6
Trolleri

Windows 7 Professional
 
 

Thank you for your great suggestions Tookeri. I will look a bit into Software Restriction Policies
My System SpecsSystem Spec
17 May 2015   #7
Victor S

Windows 7 Ultimate x64
 
 

If you don't want to waste many hours of your time, do this:
1. Keep your system partition small, and image it.
2. Back up important data to an external hard drive, then unplug it.
3. Don't buy anti-virus software. Just use MSE.
4. If ANYTHING seems unusual or suspicious about how your computer is acting - restore your image.

Takes 5 minutes.
My System SpecsSystem Spec
17 May 2015   #8
Trolleri

Windows 7 Professional
 
 

Yes, I will do harddrive imaging with Redo, which can recover the system partition even if Windows cannot boot.

I also decided to try Epic Browser, since Firefox is not sandboxed, and Epic supports the only plugins I use. Epic have Adblock Plus included in the browser itself, and is accessed through the umbrella icon.
My System SpecsSystem Spec
17 May 2015   #9
Tookeri

Windows 7 Pro 32
 
 

I think Epic is more about privacy so still no sandbox I assume.

I use Firefox with private browsing mode always on, and I've made these tweaks(mostly privacy related). Click button to view.
 
browser.cache.disk.enable = false
browser.cache.disk_cache_ssl = false
browser.cache.memory.enable = false
browser.cache.offline.enable = false
browser.safebrowsing.enabled = false
browser.safebrowsing.malware.enabled = false
browser.sessionstore.privacy_level = 2 (default=0)
browser.urlbar.trimURL = false
datareporting.healthreport.uploadEnabled = false
dom.battery.enabled = false // fingerprinting
dom.event.clipboardevents.enabled = false
dom.indexedDB.enabled = false
dom.network.enabled = false // fingerprinting
dom.storage.enabled = false
geo.enabled = false
geo.wifi.uri = localhost
media.peerconnection.enabled = false //WebRTC
network.cookie.cookieBehavior = 1 (no 3rd party)
network.dns.disablePrefetch = true
network.http.sendRefererHeader = 0 (default=2)
network.http.sendSecureXSiteReferrer = false
network.predictor.enabled = false //prefetch
network.prefetch-next = false
webgl.disabled = true (or in NoScript)


Another great thing with Firefox + Sandboxie is that I disable all plugins. If I need to enable one when run through Sandboxie it means it's only temporary. When I close the sandboxed browser and it deletes the sandbox contents all changes are discarded. So next time I open the browser all plugins remain disabled. Plugins are high risk objects when it comes to exploits.

And NoScript doesn't just block scripts, but also plugins and attempts to access local resources like your router etc.
My System SpecsSystem Spec
17 May 2015   #10
Trolleri

Windows 7 Professional
 
 

Epic is based on Chromium which has somewhat a sandbox feature between tabs:
Sandbox - The Chromium Projects

I will consider your method with Sandboxie. Is it possible to try the program before buying?
Another solution is Browser in the Box | Sirrix Aktiengesellschaft
My System SpecsSystem Spec
Reply

 Security configurations, may 2015




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Microsoft Security Bulletin(s) for May 12 2015
Microsoft Security Bulletin(s) for May 12 2015 Note: There may be latency issues due to replication, if the page does not display keep refreshing Today Microsoft released the following Security Bulletin(s). Note: www.microsoft.com/technet/security and www.microsoft.com/security are...
Windows Updates & Activation
April 2015 security updates for Internet Explorer
Source: April 2015 security updates for Internet Explorer - IEBlog - Site Home - MSDN Blogs
News
February 2015 security updates for Internet Explorer
Source: February 2015 security updates for Internet Explorer - IEBlog - Site Home - MSDN Blogs
News


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 21:15.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App