Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Generic User Avatar

Share your security configuration!


  • Please log in to reply
160 replies to this topic

#31 britechguy

britechguy

    Been there, done that, got the T-shirt


  •  Avatar image
  • Members
  • 12,652 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Staunton, VA
  • Local time:12:10 AM

Posted 11 February 2018 - 03:06 PM

Operating System:  Windows 10 Home, 64 bit, Version 1709, Build 16299.214  (as of the writing of this message)
 

Architecture:  AMD A12-9700 APU,  HP 15-ba011cy laptop
 

UAC:  Notify me only when apps try to make changes to my computer (default)
 

SmartScreen:  Warn for both "Check Apps & Files" and MS-Edge (which I do not use except as a tertiary browser)
 

Threat Protection (real time & on-demand):

  • Windows Defender (both)
  • Malwarebytes (most recent free version, on-demand)
  • Spywareblaster (most recent version - protects via changes to system files to block going to known bad sites)

Browsers & extensions:

  • Firefox Quantum (latest version), Extensions: uBlock Origin, HTTPS Everywhere, Lightbeam
  • Chrome Browser (latest version), Add-Ons:  uBlock Origin, uBlock Origin Extra, HTTPS Everywhere
  • Use only DuckDuckGo search engine, regardless of which browser I may be using.  Have added as default search engine

Privacy, Security, and Maintenance:

  • Secunia PSI
  • Unchecky
  • CCleaner (do not use the Registry Cleaner option)

Backup & Data Recovery:

  • EaseUS To Do Backup Free (backups done at least at every Windows 10 feature update and at any point where I have generated enough user data files [e.g. photos, Office documents, music, etc.] that I'd tear my hair out were I have to do the work over again to create them.)
  • Windows File History

Other Software  (Way too numerous to mention all):

  • Office 2010
  • Screen Readers (NVDA & JAWS)
  • System Utilities (CCleaner, SpeedFan, etc.)
  • Media Players (VLC, Kodi, Others)
  • MP3Gain

When it comes to best practices related to security and web browsing behavior (all of which I don't follow, but I follow a great many of them), no one has been better at enumerating these than our own quietman7:

 

What you must understand regarding computer security

 

 

 


Edited by britechguy, 11 February 2018 - 03:11 PM.
Added addendum regarding quietman7's recommendations

Brian  AKA  Bri the Tech Guy (website in my user profile) - Windows 10 Pro, 64-Bit 
    A lot of what appears to be progress is just so much technological rococo.
            ~ Bill Gray


BC AdBot (Login to Remove)

 


#32 Mark

Mark

    Malware Bleeps..


  •  Avatar image
  • Malware Response Team
  • 645 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:10 AM

Posted 21 February 2018 - 08:47 PM

Main machine I use : Win 7 Home x64, dual boot setup with Win 10 Pro x64 on a separate HDD, which for now I keep in case of a Win 7 drive failure (SSD). Win 10 also allows me to run my images from Macrium Reflect as virtual machines in Hyper-V if needed (can't do that in Win 7). This is a free feature, very cool. See below for Macrium Reflect version.

 

UAC : default

Antivirus / anti-malware : Panda Free antivirus (now called Panda Protection) and Malwarebytes Pro (protection : On)

Firewall : Win 7's and router are enough for me.

 

Browser : Firefox Quantum with NoScript and ABPlus. And a bunch of added goodies only FF offers.

 

My best protection feature : incremental backup images with Macrium Reflect v7 Home (paid version). This version now includes ransomware protection for backups/images. I keep backups on a separate internal HDD and copy them over to an external HDD (but not often enough...).

 

My other favorite security thing : keeping the dialogue open with family members and friends about good computing habits, recent threats and whatever else comes up. It works.

 

I also have a few different systems installed as virtual machines for testing and higher risk file handling.

 

typo edit.


Edited by Mark, 21 February 2018 - 08:48 PM.

Posted Image

#33 synergy513

synergy513

  •  Avatar image
  • BC Advisor
  • 1,089 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:12:10 AM

Posted 03 March 2018 - 06:42 PM

OSs x86 Multi-boot on DeLL Inspiron 530:

 

               Linux Mint Mate 18 with UFW and Firejail sandbox enabled on Firefox 52 and PaleMoon 27x with noscript and ublock  origin added on.

                Windows XP (disconnected)

                 Windows Vista x86 (disconnected)

                   Windows 7 Pro x86 (disconnected)

 

      OSs x64 x2:  Dual Boot on HP Envy 700-214 and Custom Content Production (DCC) Workstation:

                                           Linux Mint Mate 18.1 with  UFW and Firejail enabled on Firefox 52 and PaleMoon 27x with noscript and ublock origin added on

                                            Windows 8.1 with Classic Shell Metro UI Neutralizer (disconnected)


Edited by synergy513, 03 March 2018 - 07:50 PM.

sudo apt-get purge ms && sudo apt-get install liberation

 


#34 MarkMackerel

MarkMackerel

  •  Avatar image
  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:06:10 AM

Posted 10 March 2018 - 07:43 PM

Operating System:  Windows 10 Home, 64 bit, Version 1709, Build 16299.214  (as of the writing of this message)
 

Architecture:  AMD A12-9700 APU,  HP 15-ba011cy laptop
 

UAC:  Notify me only when apps try to make changes to my computer (default)
 

SmartScreen:  Warn for both "Check Apps & Files" and MS-Edge (which I do not use except as a tertiary browser)
 

Threat Protection (real time & on-demand):

  • Windows Defender (both)
  • Malwarebytes (most recent free version, on-demand)
  • Spywareblaster (most recent version - protects via changes to system files to block going to known bad sites)

Browsers & extensions:

  • Firefox Quantum (latest version), Extensions: uBlock Origin, HTTPS Everywhere, Lightbeam
  • Chrome Browser (latest version), Add-Ons:  uBlock Origin, uBlock Origin Extra, HTTPS Everywhere
  • Use only DuckDuckGo search engine, regardless of which browser I may be using.  Have added as default search engine

Privacy, Security, and Maintenance:

  • Secunia PSI
  • Unchecky
  • CCleaner (do not use the Registry Cleaner option)

Backup & Data Recovery:

  • EaseUS To Do Backup Free (backups done at least at every Windows 10 feature update and at any point where I have generated enough user data files [e.g. photos, Office documents, music, etc.] that I'd tear my hair out were I have to do the work over again to create them.)
  • Windows File History

Other Software  (Way too numerous to mention all):

  • Office 2010
  • Screen Readers (NVDA & JAWS)
  • System Utilities (CCleaner, SpeedFan, etc.)
  • Media Players (VLC, Kodi, Others)
  • MP3Gain

When it comes to best practices related to security and web browsing behavior (all of which I don't follow, but I follow a great many of them), no one has been better at enumerating these than our own quietman7:

 

What you must understand regarding computer security

 

 

 

 

 

 

nice post. Copying your set up. Cheers



#35 Sneakycyber

Sneakycyber

    Network Engineer


  •  Avatar image
  • BC Advisor
  • 6,229 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ohio
  • Local time:01:10 AM

Posted 10 March 2018 - 08:33 PM

Operating System: Windows 10
Architecture: x64
UAC: Always Notify
SmartScreen: Enabled
Threat Protection (real time & on-demand):

  • Windows Defender
  • Eset Node 32

Browsers & extensions:

  • Photobucket Image Enable
  • Lastpass for Chrome/Firefox
  • uBlock Origin for Firefox

Privacy, Security, and Maintenance:

  • 2FA enabled on all Google and Facebook Accounts using Yubikey Neo
  • 2FA enabled on Lastpass account
  • Financial Docs secured with Bitlocker
  • Laptop Secured with full disk Bitlocker

Backup & Data Recovery:

  • Acronis Trueimage 2016 with offsite dump to Amazon S3

Other Software/Hardware

  • Lastpass
  • Wireshark
  • Yubikey Neo
  • Yubikey 4

Firewall:

  • Cisco ASA 5506-X (firepower disabled)

Router:

  • Unifi Edgerouter X

Wireless

  • Unifi AP-AC-PRO
  • Separate VLAN for IOT

Edited by Sneakycyber, 10 March 2018 - 08:34 PM.

Chad Mockensturm 
Network Engineer
Certified CompTia Network +, A +

#36 opera

opera

  •  Avatar image
  • Members
  • 1,300 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:10 AM

Posted 11 March 2018 - 12:27 AM

By the way Secunia PSI (Personal Safety Inspector) will become End of Life on April 20th 2018 and will need to be uninstalled.

 

 

This product is reaching End-of-life on April 20, 2018, and therefore, no longer available. On April 20, 2018, existing installations of PSI will no longer function and should be uninstalled.

 

https://www.flexera.com/enterprise/products/software-vulnerability-management/personal-software-inspector/



#37 britechguy

britechguy

    Been there, done that, got the T-shirt


  •  Avatar image
  • Members
  • 12,652 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Staunton, VA
  • Local time:12:10 AM

Posted 11 March 2018 - 09:18 AM

By the way Secunia PSI (Personal Safety Inspector) will become End of Life on April 20th 2018 and will need to be uninstalled.

 

 

This product is reaching End-of-life on April 20, 2018, and therefore, no longer available. On April 20, 2018, existing installations of PSI will no longer function and should be uninstalled.

 

https://www.flexera.com/enterprise/products/software-vulnerability-management/personal-software-inspector/

 

 

Interesting.   You would think, given the nature and purpose of the software, that they'd have it be giving some sort of notification about this starting about now.  So far it's silent as silent can be.   There are going to be a lot of very upset people if it just stops working on 4/20/2018 and there has been no notification from the software itself that this was coming.


Edited by britechguy, 11 March 2018 - 09:19 AM.

Brian  AKA  Bri the Tech Guy (website in my user profile) - Windows 10 Pro, 64-Bit 
    A lot of what appears to be progress is just so much technological rococo.
            ~ Bill Gray


#38 MarkMackerel

MarkMackerel

  •  Avatar image
  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:06:10 AM

Posted 12 March 2018 - 01:53 PM

 

By the way Secunia PSI (Personal Safety Inspector) will become End of Life on April 20th 2018 and will need to be uninstalled.

 

 

This product is reaching End-of-life on April 20, 2018, and therefore, no longer available. On April 20, 2018, existing installations of PSI will no longer function and should be uninstalled.

 

https://www.flexera.com/enterprise/products/software-vulnerability-management/personal-software-inspector/

 

 

Interesting.   You would think, given the nature and purpose of the software, that they'd have it be giving some sort of notification about this starting about now.  So far it's silent as silent can be.   There are going to be a lot of very upset people if it just stops working on 4/20/2018 and there has been no notification from the software itself that this was coming.

 

 

Exactly how good is it and are there any alternatives?



#39 britechguy

britechguy

    Been there, done that, got the T-shirt


  •  Avatar image
  • Members
  • 12,652 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Staunton, VA
  • Local time:12:10 AM

Posted 12 March 2018 - 02:33 PM

Secunia PSI is very good at what it does.   I am not aware of any functional alternatives but I also lived without Secunia PSI for several decades as I tend to apply updates to anything and everything religiously as they are issued.

 

There are almost certain to be other alternatives that are similar, though.


Brian  AKA  Bri the Tech Guy (website in my user profile) - Windows 10 Pro, 64-Bit 
    A lot of what appears to be progress is just so much technological rococo.
            ~ Bill Gray


#40 ranchhand_

ranchhand_

  •  Avatar image
  • Members
  • 5,156 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest
  • Local time:11:10 PM

Posted 12 March 2018 - 03:27 PM

My setup (note that I equate privacy with security):

Windows 7 Ultimate / Windows 10 Pro, on two separate drives. Main use OS is Windows7.

Panda free AV. I use the shell AV scanner on all downloads, even from reputable origins such as Microsoft, Panda, Asus, etc.

Web Access:  Firefox, DuckDuckGo browser. Firefox add-ons: NoScript, UBlock Origin, Privacy Badger, Adblock Plus, Google Analytics Blocker, Cookie Auto Delete.

Firewall: Zone Alarm. All programs that are reputed to "phone home" are blocked or require my confirmation. This in addition to my router's firewall.

 

OS Backup: I consider regular backups as a major security procedure. Macrium Reflect free edition, full OS images twice monthly on the 1st and 15th of every month.

Backup Setup: I use a dedicated 1T SATA HDD in a docking station. The only time I turn it on is to make backups, then I turn if off. and it is totally isolated, both from the house electrical service as well as the internet. I also keep my password list only on that drive, so it is easy access but isolated. I have another HDD for my Windows 10 OS.

 

Email: I only use Outlook email client installed on my Windows OS's. With that, I use a great tool called Mailwasher to read all incoming directly off Comcast's server, and delete the ones that are obvious spam or virus. In addition, I have the option to bounce a system "no such address" message back to the sender, and eventually they remove me from their spam list. So...nothing comes in to my computer unless I approve it first. I have one "garbage" online email account that I use only for odd communications that require an email address or I cannot access them (such as vendors that I use rarely). I get approximately 65-80 spam a day in there. I rarely even check it.

I avoid porn and warez sites like Bubonic plague.  I am sure we all know why. If someone doesn't, they soon will be posting in the "Am I infected" forum.

 

Never had an infection, never been hacked. My wife's system is identical, never had an infection.


Edited by ranchhand_, 12 March 2018 - 03:37 PM.

If there are no responses to my post for 3 days I remove it from my answer list. If you wish to continue the thread after 3 days please PM me.


#41 cat1092

cat1092

    Bleeping Cat


  •  Avatar image
  • Helper Emeritus
  • 7,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:01:10 AM

Posted 12 March 2018 - 05:09 PM

Secunia PSI is very good at what it does.   I am not aware of any functional alternatives but I also lived without Secunia PSI for several decades as I tend to apply updates to anything and everything religiously as they are issued.

 

There are almost certain to be other alternatives that are similar, though.

 

+1! :thumbup2:

 

Secunia PSI has been a major part of my security portal dating back to the early Windows 7 years (PSI version 2). :)

 

This is going to be a great loss, as it automatically keeps browsers, Flash Player, Java & other software up to date & also notifies one of missing updates. Belarc Advisor is good for the latter, although creates a few false alarms (updates sometimes doesn't apply to one's OS), so it's not great. 

 

I for one will be missing Secunia PSI, as have several computers to upkeep & have installed the app on most every computer worked on for others, am sure that the phone will be ringing once EOL comes. The bottom line is likely that Flexera are likely concentrating on their business customers (there's no 'going out of business' notice) & leaving it's free customers to fend for ourselves. Personally, I see this as a huge mistake, my reasoning being that many business computers (not associated with Flexera) aren't connected to the Internet, this could have major security implications for us all. 

 

There is not a single positive I can see in this action, other than Flexera are waiting until after the annual US tax season to drop support. Yes it'll save some bandwidth traveling to & from the servers of Flexera, yet they likely have an unlimited plan anyway. They likely want more paying customers, it's a business decision, not a personal one & will prevent (some) businesses from 'freeloading'. Secunia PSI was intended to be free for home/student usage, not for small to mid size businesses looking to pinch pennies to beat the system, am sure this played some factor, whether or not they'll publicly admit so. The below are what they're supposed to be using. 

 

https://www.flexera.com/enterprise/products/software-vulnerability-management/software-vulnerability-manager/

 

Those with certain security software may see updates, last I recall, Avast done this for their free users. Don't know if it was a time limited offer or what, as I've ran Avast very little since MSE became a smashing success in the early Windows 7 years and when did, didn't install the optional component. 

 

There's also the FileHippo App Manager, link below (formerly FileHippo Update Checker) that we can install & run a manual scan with, a small piece of software w/out any 3rd party bloat. It shows updates to popular software that Secunia doesn't, although it's best to have Unchecky installed prior to downloading & installing software from their site. While not all of their software ships with garbage (where I've been obtaining Macrium Reflect Free from for a decade or longer w/out any junk), it's best to be prepared & still check through any boxes slow, as sometimes Unchecky also misses a few of these offers or PUP's. 

 

https://filehippo.com/download_app_manager/59899/

 

Bottom line, we need to keep our software updated, no matter how we have to. I'll do what's needed to keep my computers updated, and save the installers for quicker updates of all. There's no such thing as under emphasising the importance of having all software on one's computer up to date. Newer versions are often patched to prevent remote control execution & other exploits, to include pathways to Malware/Ransomware attacks. The bad guys never sleeps, it takes a lot of work by the good ones just to keep up, getting ahead is even harder. Running old software can pose great risks to our security, if needed, I recommend to use on a spare machine, not the one used for email, transactions & anything of importance. 

 

Bleeping Computer maintains a list of popular software choices, to my recollection, have never had issues with any 3rd party bundles being installed. Others, such as Adobe Flash for Firefox, has to be manually downloaded from their site, as does Java. It's recommended to uninstall older versions of Java before installing the latest,, since I've lived Java free for 5+ years, don't know how Secunia PSI handles the updates to this software choice. Used to be, most all computers shipped with it preinstalled, today this is unusual, because over 95% of computer users doesn't need this package installed, is now considered a liability if not needed. 

 

Final words on Secunia PSI, am glad that it was mentioned here, otherwise may had never known until the software no longer worked. I made it w/out Secunia for over a decade prior to discovery & will survive in the post era of their no longer free to use software. :)

 

Cat


Performing full disc images weekly and keeping important data off of the 'C' drive as generated can be the best defence against Malware/Ransomware attacks, as well as a wide range of other issues. 

#42 opera

opera

  •  Avatar image
  • Members
  • 1,300 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:10 AM

Posted 13 March 2018 - 01:06 AM

@cat1092

 

A couple of others you might consider are Sumo and Patch My PC Updater.  (both have ongoing dev support over on Wilderssecurity)



#43 STS-1

STS-1

  •  Avatar image
  • Members
  • 345 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:10 PM

Posted 22 March 2018 - 01:17 AM

Windows 10

12 character user password with mix of alphanumeric and symbols with UAC on "always notify"

Bitdefender Total Security

Malwarebytes 3.xxxx

Bios Master password with DVD and USB boot Disabled

TruCrypt Full Disk Encryption

 

( The last stable version released was 7.1 and to my knowledge the final statement was " Using TrueCrypt is not secure as it may contain unfixed security issues," text in red at the top of TrueCrypt page, and they recommend switching to Bitlocker....However TruCrypt 7.1a was independently audited April 2015 and "No significant vulnerabilities were found" and is still secure to use. If anyone is aware of updated information that states this is no longer the case please leave me a reply


Edited by STS-1, 22 March 2018 - 01:19 AM.


#44 cat1092

cat1092

    Bleeping Cat


  •  Avatar image
  • Helper Emeritus
  • 7,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:01:10 AM

Posted 22 March 2018 - 07:31 PM

@cat1092

 

A couple of others you might consider are Sumo and Patch My PC Updater.  (both have ongoing dev support over on Wilderssecurity)

 

@opera, thanks for the suggestions, will check out both options. :)

 

Any help with keeping software updated is better than none. Especially with several machines to upkeep. It's hard to remain secure while running 2-3 versions behind of common software & plugins. One that's often overlooked in 'Node.js', which is part of every NVIDIA GPU update. Only problem being, the version shipped is outdated as soon as installed, these are released a lot faster than newer Flash Player & Java versions. 

 

https://nodejs.org/en/

 

BTW, glad I just checked, 9.9.0 is the latest Node.js version, for those who wants more features over the LTS one. :)

 

Had Secunia scanned today, would had caught it, unless I do so manually, the default is weekly. Glad I caught it before the bad guys did! :P

 

Cat


Performing full disc images weekly and keeping important data off of the 'C' drive as generated can be the best defence against Malware/Ransomware attacks, as well as a wide range of other issues. 

#45 opera

opera

  •  Avatar image
  • Members
  • 1,300 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:10 AM

Posted 23 March 2018 - 12:46 AM

@cat1092

See the article here which mentions both PatchMyPC and Sumo

 

https://www.theguardian.com/technology/2018/mar/22/best-way-to-keep-microsoft-windows-programs-up-to-date-secunia-personal-software-inspector-discontinued






1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users