3 more things i can do to harden my system?

JohnCoder

New member
Local time
3:22 PM
Messages
30
What are 3 doable things i can do to further harden my Windows 7 Ultimate 64 system? nothing too complicated even though i am a geek of many decades. This is for a personal PC, not a server. I already have a separate Superuser account so I can daily use a regular user account, strong passwords, Avast antivirus for realtime security as well as Windows Firewall on and Malwarebytes for additional scanning. Firefox has addons like DoNotTrack, Better Privacy, Ghostery. My email has Spamassassin. I don't open emails claiming to be from banks etc wanting account info, I do not open attachments that look suspicious (sometimes I have saved attachments to then scan just for fun to see they are indeed malware, then I shred them). I copy+paste usernames/passwords off a usb stick into forms on known financial accounts rather than type to avoid keystroke logging malware if it was on my system.

So, are there a few pretty simple things I could do to further harden my system?
 
Last edited:

My Computer My Computer

At a glance

Windows 7 x64 UltimateAMD Phenom II six core16GBASUS silent fanless graphics card
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Self-Built
OS
Windows 7 x64 Ultimate
CPU
AMD Phenom II six core
Memory
16GB
Graphics Card(s)
ASUS silent fanless graphics card
Sound Card
(motherboard onboard audio)
Screen Resolution
HD
Hard Drives
SSD
Cooling
fanless graphics card, ultra silent cpu fan
Keyboard
Razer Deathstalker
Mouse
Razer Naga
Browser
Firefox
Javascript can access the clipboard, so to use a good Password Manager would be safer than copy+paste.

My favorite Firefox security addon is NoScript. If you do not have it, at least check it out.

Sandboxie is a great protection, especially for browsers.

You could use an anti-exploit software. The easiest ones to use are not free for example Malwarebytes Anti-Exploit, and the great free one EMET (Microsoft) might be difficult to configure so it's compatible with all you programs. I don't mind a perhaps difficult configuration as long as the product is free.
 

My Computer My Computer

At a glance

Windows 7 Pro 32Intel(R) Core(TM) i5 CPU M 540 @ 2.53GHz4,00 GB (Usable 2,98)NVIDIA NVS 5100M
Computer type
Laptop
Computer Manufacturer/Model Number
HP Elitebook 8540p
OS
Windows 7 Pro 32
CPU
Intel(R) Core(TM) i5 CPU M 540 @ 2.53GHz
Motherboard
Hewlett-Packard 1521
Memory
4,00 GB (Usable 2,98)
Graphics Card(s)
NVIDIA NVS 5100M
Sound Card
NVIDIA High Definition Audio
Screen Resolution
1600x900
Hard Drives
INTEL SSDSA2CW120G3
Antivirus
F-Secure Internet Security
Browser
IE, Firefox, Opera
Other Info
Sandboxie,
SRP (Software Restriction Policy),
EMET (Enhanced Mitigation Experience Toolkit),
WFC (Windows Firewall Control by BiniSoft),
Malwarebytes Premium
I will add NoScript to Firefox. I know nothing about Sandboxie, will have to look at that.

I am not a fan of paid subscription software, can be hard to stop a software or service subscription sometimes depending on the vendor, etc.; unless using a disposable credit card. I love free software :) so I will take a look at EMET and if i can not figure it out I might get a disposable credit card for MB's Anti-Exploit software.
 

My Computer My Computer

At a glance

Windows 7 x64 UltimateAMD Phenom II six core16GBASUS silent fanless graphics card
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Self-Built
OS
Windows 7 x64 Ultimate
CPU
AMD Phenom II six core
Memory
16GB
Graphics Card(s)
ASUS silent fanless graphics card
Sound Card
(motherboard onboard audio)
Screen Resolution
HD
Hard Drives
SSD
Cooling
fanless graphics card, ultra silent cpu fan
Keyboard
Razer Deathstalker
Mouse
Razer Naga
Browser
Firefox
Hello JohnCoder:

  1. Backups, backups & backups. Update, update & update.
  2. If not done already, upgrade Malwarebytes' Anti-Malware to the fully enabled premium version. Prevention is always better than cure.
  3. Install, update, and keep current: Brightfort's free SpywareBlaster®.
  4. Populate your system's HOSTS file with http://***********.mvps.org/hosts.htm. Installing the free HostsMan - abelhadigital.com automates this nicely.
  5. Uninstall all current & past versions of Oracle's Java with the free JavaRa - SingularLabs.
  6. If you use Adobe's Flash Player plug-ins/extensions, try to update them the same day they are updated.
Do any three you wish. Then do the other three...

HTH :)
 

My Computer My Computer

At a glance

W7
Computer type
PC/Desktop
OS
W7
... EMET (Microsoft) might be difficult to configure so it's compatible with all you programs. I don't mind a perhaps difficult configuration as long as the product is free.

Installed! :)
 

My Computer My Computer

At a glance

Windows 7 x64 UltimateAMD Phenom II six core16GBASUS silent fanless graphics card
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Self-Built
OS
Windows 7 x64 Ultimate
CPU
AMD Phenom II six core
Memory
16GB
Graphics Card(s)
ASUS silent fanless graphics card
Sound Card
(motherboard onboard audio)
Screen Resolution
HD
Hard Drives
SSD
Cooling
fanless graphics card, ultra silent cpu fan
Keyboard
Razer Deathstalker
Mouse
Razer Naga
Browser
Firefox

My Computer My Computer

At a glance

Windows 7 Pro 32Intel(R) Core(TM) i5 CPU M 540 @ 2.53GHz4,00 GB (Usable 2,98)NVIDIA NVS 5100M
Computer type
Laptop
Computer Manufacturer/Model Number
HP Elitebook 8540p
OS
Windows 7 Pro 32
CPU
Intel(R) Core(TM) i5 CPU M 540 @ 2.53GHz
Motherboard
Hewlett-Packard 1521
Memory
4,00 GB (Usable 2,98)
Graphics Card(s)
NVIDIA NVS 5100M
Sound Card
NVIDIA High Definition Audio
Screen Resolution
1600x900
Hard Drives
INTEL SSDSA2CW120G3
Antivirus
F-Secure Internet Security
Browser
IE, Firefox, Opera
Other Info
Sandboxie,
SRP (Software Restriction Policy),
EMET (Enhanced Mitigation Experience Toolkit),
WFC (Windows Firewall Control by BiniSoft),
Malwarebytes Premium
About EMET I should add that it's when you try to start programs protected by EMET you might experience problems. Usually EMET alerts with a message of which mitigation wasn't compatible with a program. You can then go into Apps in EMET and uncheck that mitigation for the specific program. Then restart the program that crashed to see if it works.
 

My Computer My Computer

At a glance

Windows 7 Pro 32Intel(R) Core(TM) i5 CPU M 540 @ 2.53GHz4,00 GB (Usable 2,98)NVIDIA NVS 5100M
Computer type
Laptop
Computer Manufacturer/Model Number
HP Elitebook 8540p
OS
Windows 7 Pro 32
CPU
Intel(R) Core(TM) i5 CPU M 540 @ 2.53GHz
Motherboard
Hewlett-Packard 1521
Memory
4,00 GB (Usable 2,98)
Graphics Card(s)
NVIDIA NVS 5100M
Sound Card
NVIDIA High Definition Audio
Screen Resolution
1600x900
Hard Drives
INTEL SSDSA2CW120G3
Antivirus
F-Secure Internet Security
Browser
IE, Firefox, Opera
Other Info
Sandboxie,
SRP (Software Restriction Policy),
EMET (Enhanced Mitigation Experience Toolkit),
WFC (Windows Firewall Control by BiniSoft),
Malwarebytes Premium
About EMET I should add that it's when you try to start programs protected by EMET you might experience problems. Usually EMET alerts with a message of which mitigation wasn't compatible with a program. You can then go into Apps in EMET and uncheck that mitigation for the specific program. Then restart the program that crashed to see if it works.

Yup, already happened to me; i added Firefox and then i could not get Firefox to run, so I went in an removed Firefox from the apps list in EMET. I guess i need to RTFM lol. But at least it was painless to install EMET and just go with the automagic default install for now, I feel a bit more secure until i read the fine manual on EMET. :) Never heard of EMET before, thanks for sharing this resource!
 

My Computer My Computer

At a glance

Windows 7 x64 UltimateAMD Phenom II six core16GBASUS silent fanless graphics card
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Self-Built
OS
Windows 7 x64 Ultimate
CPU
AMD Phenom II six core
Memory
16GB
Graphics Card(s)
ASUS silent fanless graphics card
Sound Card
(motherboard onboard audio)
Screen Resolution
HD
Hard Drives
SSD
Cooling
fanless graphics card, ultra silent cpu fan
Keyboard
Razer Deathstalker
Mouse
Razer Naga
Browser
Firefox
... Uninstall all current & past versions of Oracle's Java ...
. Don't I kind of need Java on my PC for games and other software?
 

My Computer My Computer

At a glance

Windows 7 x64 UltimateAMD Phenom II six core16GBASUS silent fanless graphics card
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Self-Built
OS
Windows 7 x64 Ultimate
CPU
AMD Phenom II six core
Memory
16GB
Graphics Card(s)
ASUS silent fanless graphics card
Sound Card
(motherboard onboard audio)
Screen Resolution
HD
Hard Drives
SSD
Cooling
fanless graphics card, ultra silent cpu fan
Keyboard
Razer Deathstalker
Mouse
Razer Naga
Browser
Firefox

My Computer My Computer

At a glance

Windows 7 Pro 32Intel(R) Core(TM) i5 CPU M 540 @ 2.53GHz4,00 GB (Usable 2,98)NVIDIA NVS 5100M
Computer type
Laptop
Computer Manufacturer/Model Number
HP Elitebook 8540p
OS
Windows 7 Pro 32
CPU
Intel(R) Core(TM) i5 CPU M 540 @ 2.53GHz
Motherboard
Hewlett-Packard 1521
Memory
4,00 GB (Usable 2,98)
Graphics Card(s)
NVIDIA NVS 5100M
Sound Card
NVIDIA High Definition Audio
Screen Resolution
1600x900
Hard Drives
INTEL SSDSA2CW120G3
Antivirus
F-Secure Internet Security
Browser
IE, Firefox, Opera
Other Info
Sandboxie,
SRP (Software Restriction Policy),
EMET (Enhanced Mitigation Experience Toolkit),
WFC (Windows Firewall Control by BiniSoft),
Malwarebytes Premium
i added Firefox and then i could not get Firefox to run, so I went in an removed Firefox from the apps list in EMET. I guess i need to RTFM lol.
Yes obviously, because that way Firefox isn't protected by EMET anymore :o

I wrote some general advice here regarding the new EMET 5.0 that might help if you run into problems
http://www.sevenforums.com/tutorial...on-experience-toolkit-emet-7.html#post2857216

Very useful thank you! I have Firefox running now with EMET. Used your info post to uncheck some of the mitigations in the EMET GUI. Also EMET popped up something about SimExecFlow mitigation error when I tried to run Firefox so I unchecked that mitigation also. I mirrored the settings for Firefox with some other apps I added to EMET (Gimp2, 7zip, Libreoffice, etc), so at least they will run; I can gradually check more mitigations with time.
 

My Computer My Computer

At a glance

Windows 7 x64 UltimateAMD Phenom II six core16GBASUS silent fanless graphics card
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Self-Built
OS
Windows 7 x64 Ultimate
CPU
AMD Phenom II six core
Memory
16GB
Graphics Card(s)
ASUS silent fanless graphics card
Sound Card
(motherboard onboard audio)
Screen Resolution
HD
Hard Drives
SSD
Cooling
fanless graphics card, ultra silent cpu fan
Keyboard
Razer Deathstalker
Mouse
Razer Naga
Browser
Firefox
Don't I kind of need Java on my PC for games and other software?
If you don't need Java at all, you are that much better off. If you do require Java, Use JavaRa to rid your system of older vulnerable versions. Then, understand that Java will likely always be a weakness in your system.
 

My Computer My Computer

At a glance

W7
Computer type
PC/Desktop
OS
W7
I agree. Java is one of the most vulnerable programs nowadays. If you absolutely need it verify that it's protected by EMET. If you used the recommended setup for EMET it should've added Java's executables.

One more advice: Free Computer Security - Personal Software Inspector (PSI) - Secunia
It checks most of your installed programs for security updates. That's the great thing about it, it doesn't update a program only because there's a new version available. But only if the current version is vulnerable and it's fixed in a new version. And it has a huge list of programs it watches. The default configuration is to update automatically so you might want to change that to manual if you want full control.
 

My Computer My Computer

At a glance

Windows 7 Pro 32Intel(R) Core(TM) i5 CPU M 540 @ 2.53GHz4,00 GB (Usable 2,98)NVIDIA NVS 5100M
Computer type
Laptop
Computer Manufacturer/Model Number
HP Elitebook 8540p
OS
Windows 7 Pro 32
CPU
Intel(R) Core(TM) i5 CPU M 540 @ 2.53GHz
Motherboard
Hewlett-Packard 1521
Memory
4,00 GB (Usable 2,98)
Graphics Card(s)
NVIDIA NVS 5100M
Sound Card
NVIDIA High Definition Audio
Screen Resolution
1600x900
Hard Drives
INTEL SSDSA2CW120G3
Antivirus
F-Secure Internet Security
Browser
IE, Firefox, Opera
Other Info
Sandboxie,
SRP (Software Restriction Policy),
EMET (Enhanced Mitigation Experience Toolkit),
WFC (Windows Firewall Control by BiniSoft),
Malwarebytes Premium
Don't I kind of need Java on my PC for games and other software?
If you don't need Java at all, you are that much better off. If you do require Java, Use JavaRa to rid your system of older vulnerable versions. Then, understand that Java will likely always be a weakness in your system.

DO i need java? I really do not what if any software requires Java. I use my Windows system for word processing, spreadsheet, some gaming (Skyrim via Steam, Battlenet/Diablo/etc, Unreal Tournament), screenwriting, web/internet/email; music composing with software like PLAY, Kontakt, Cubase, Reaper; video editing with Adobe After Effects and Sony Vegas. Maybe I do not need Java? I guess worst case I remove Java and if an app needs it then i install it at that point in time?
 

My Computer My Computer

At a glance

Windows 7 x64 UltimateAMD Phenom II six core16GBASUS silent fanless graphics card
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Self-Built
OS
Windows 7 x64 Ultimate
CPU
AMD Phenom II six core
Memory
16GB
Graphics Card(s)
ASUS silent fanless graphics card
Sound Card
(motherboard onboard audio)
Screen Resolution
HD
Hard Drives
SSD
Cooling
fanless graphics card, ultra silent cpu fan
Keyboard
Razer Deathstalker
Mouse
Razer Naga
Browser
Firefox
I'm sorry, but I'm not the least bit familiar with which of your applications might require Oracle's Java Runtime Environment (JRE).

But that reads like a good plan anyway, and if JavaRa is properly used, you could be assured of the removal of obsolete and vulnerable remnants.
 

My Computer My Computer

At a glance

W7
Computer type
PC/Desktop
OS
W7
... Uninstall all current & past versions of Oracle's Java ...
. Don't I kind of need Java on my PC for games and other software?

Java is almost never needed nowadays, and if you do have it installed, at the very least keep it updated constantly, and disable it in your web browser.

Adobe reader is unnecessary, as most browsers have built in pdf support. If you have chrome, you can uninstall adobe flash as it is built into chrome and is constantly updated.

That eliminates the 3 most common attack types right there.
 

My Computer My Computer

At a glance

Windows 10 ProAMD Ryzen 5 2400G Processor with Radeon RX Ve...G.SKILL Ripjaws V Series 16GB (2 x 8GB) 288-P...2047MB NVIDIA GeForce GTX 1060 6GB (EVGA)
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Custom Built
OS
Windows 10 Pro
CPU
AMD Ryzen 5 2400G Processor with Radeon RX Vega 11 Graphics
Motherboard
ASRock X470 Master SLI/AC AM4 AMD Promontory X470 SATA 6Gb/s
Memory
G.SKILL Ripjaws V Series 16GB (2 x 8GB) 288-Pin DDR4 SDRAM D
Graphics Card(s)
2047MB NVIDIA GeForce GTX 1060 6GB (EVGA)
Sound Card
Motherboard Built in
Monitor(s) Displays
Acer R240HY bidx 23.8-Inch IPS HDMI DVI VGA (1920 x 1080) Wi
Screen Resolution
1920 x 1080
Hard Drives
1TB Sandisk SSD PLUS (Main drive)
500 GB Seagate 7200 RPM (Games)
500 GB Western Digital 7200 RPM (Virtual Machines)
PSU
CORSAIR TX Series TX650M 650W 80+ Gold Modular Power Supply
Case
CORSAIR CARBIDE SPEC-02 Mid-Tower Gaming Case, Red LED Fan
Cooling
220mm, two 120mm, and four 60mm fans
Keyboard
Wired Dell keyboard
Mouse
Wireless Logitech mouse
Internet Speed
250mb down, 30mb up
Antivirus
Panda Cloud Antivirus
Browser
Chrome-ish x64
Other Info
Your awesome for reading this.
Back
Top