Security configurations, may 2015

Page 1 of 2 12 LastLast

  1. Posts : 6
    Windows 7 Professional
       #1

    Security configurations, may 2015


    What are your up-to-date ideas on how to secure a clean install of Windows 7 the most?

    Discussion 1 - Internal configurations:
    Besides constantly updating the system, using a regular user account instead of an administrator account for everyday use, setting UAC settings to maximum, and securing the web browser (https://www.us-cert.gov/publications...ozilla_Firefox), do you recommend a "fsutil behavior set encryptpagingfile 1" or maybe use BitLocker to encrypt the whole system drive entirely. Any other ideas on how to secure the system?

    Discussion 2 - Third party security programs:
    What programs and add-ons do you recommend? Will a local antivirus program ever be as good as virustotal.com or metascan-online.com? I believe the real security is in a proactive element. Comodo Internet Security is a good choice, and free (Results and comments - www.matousec.com). Regarding Firefox, I am a fan of Ghostery as well as Adblock Plus add-ons, but is it worth to install the NoScript add-on as well? In Windows firewall, is it worth to block all incoming connections, including those in the list of allowed programs, or should I simply use the firewall Comodo supplies?

    My intentions for the system is all-round use, and I will be using Redo to make complete images of the system drive. While I try to keep the number of installed programs at a minimum, Secunia PSI counts around 50 programs currently installed on my system.
      My Computer


  2. Posts : 20,583
    Win-7-Pro64bit 7-H-Prem-64bit
       #2

    Hi and welcome to SevenForums,
    I believe this subject has been beat to death
    What's the Best Anti-virus?

    See system spec's for what I use,
    Cheers.
      My Computer


  3. Posts : 6
    Windows 7 Professional
    Thread Starter
       #3

    Thanks for the link about anti-virus. Instead of waiting for any suite to be able to detect the malware once the damage is done, I am however more interested in how to secure the system itself, and avoid malware in the first place. Maybe Windows 7 have some hidden functions to tighten the security?
      My Computer


  4. Posts : 20,583
    Win-7-Pro64bit 7-H-Prem-64bit
       #4

    Hi,
    Read the thread it's a rabbit hole of information don't let the title throw you off,
    Start at the end if you wish :)
      My Computer


  5. Posts : 1,049
    Windows 7 Pro 32
       #5

    Trolleri said:
    I am however more interested in how to secure the system itself, and avoid malware in the first place. Maybe Windows 7 have some hidden functions to tighten the security?
    In Win 7 Pro you have SRP(Software Restriction Policies) that is a great protection! Read this: Best protection against malware?

    Encrypting page file, sure, I've done that. And disabled hibernate.

    Bitlocker or other full drive encryptions are mainly to protect against physical theft of the PC. For a home PC that's maybe not that important. But why not?
    I use a fingerprint boot program + encryption of certain folders with the Windows built-in EFS.

    About NoScript, it has an option to allow Scripts globally, which is followed by the word "(dangerous)". That dangerous mode is the default mode in all popular browsers. It's not named dangerous for nothing.
    And since FF also doesn't have any sandbox I run it with Sandboxie.

    I think Ghostery does a great job together with NoScript so I have no need for an adblocker.

    What else? An anti-exploit like EMET, MBAE(Malwarebytes) or HitmanPro.Alert 3

    You shouldn't trust any anti-virus product too much. Nor Virustotal. Use good, multiple and different security layers. For example as mentioned above
      My Computer


  6. Posts : 6
    Windows 7 Professional
    Thread Starter
       #6

    Thank you for your great suggestions Tookeri. I will look a bit into Software Restriction Policies :)
      My Computer


  7. Posts : 325
    Windows 7 Ultimate x64
       #7

    If you don't want to waste many hours of your time, do this:
    1. Keep your system partition small, and image it.
    2. Back up important data to an external hard drive, then unplug it.
    3. Don't buy anti-virus software. Just use MSE.
    4. If ANYTHING seems unusual or suspicious about how your computer is acting - restore your image.

    Takes 5 minutes.
      My Computer


  8. Posts : 6
    Windows 7 Professional
    Thread Starter
       #8

    Yes, I will do harddrive imaging with Redo, which can recover the system partition even if Windows cannot boot.

    I also decided to try Epic Browser, since Firefox is not sandboxed, and Epic supports the only plugins I use. Epic have Adblock Plus included in the browser itself, and is accessed through the umbrella icon.
      My Computer


  9. Posts : 1,049
    Windows 7 Pro 32
       #9

    I think Epic is more about privacy so still no sandbox I assume.

    I use Firefox with private browsing mode always on, and I've made these tweaks(mostly privacy related). Click button to view.
     
    browser.cache.disk.enable = false
    browser.cache.disk_cache_ssl = false
    browser.cache.memory.enable = false
    browser.cache.offline.enable = false
    browser.safebrowsing.enabled = false
    browser.safebrowsing.malware.enabled = false
    browser.sessionstore.privacy_level = 2 (default=0)
    browser.urlbar.trimURL = false
    datareporting.healthreport.uploadEnabled = false
    dom.battery.enabled = false // fingerprinting
    dom.event.clipboardevents.enabled = false
    dom.indexedDB.enabled = false
    dom.network.enabled = false // fingerprinting
    dom.storage.enabled = false
    geo.enabled = false
    geo.wifi.uri = localhost
    media.peerconnection.enabled = false //WebRTC
    network.cookie.cookieBehavior = 1 (no 3rd party)
    network.dns.disablePrefetch = true
    network.http.sendRefererHeader = 0 (default=2)
    network.http.sendSecureXSiteReferrer = false
    network.predictor.enabled = false //prefetch
    network.prefetch-next = false
    webgl.disabled = true (or in NoScript)


    Another great thing with Firefox + Sandboxie is that I disable all plugins. If I need to enable one when run through Sandboxie it means it's only temporary. When I close the sandboxed browser and it deletes the sandbox contents all changes are discarded. So next time I open the browser all plugins remain disabled. Plugins are high risk objects when it comes to exploits.

    And NoScript doesn't just block scripts, but also plugins and attempts to access local resources like your router etc.
      My Computer


  10. Posts : 6
    Windows 7 Professional
    Thread Starter
       #10

    Epic is based on Chromium which has somewhat a sandbox feature between tabs:
    Sandbox - The Chromium Projects

    I will consider your method with Sandboxie. Is it possible to try the program before buying?
    Another solution is Browser in the Box | Sirrix Aktiengesellschaft
      My Computer


 
Page 1 of 2 12 LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 06:09.
Find Us