Post your security setup

So you run an admin account with UAC off? And nothing else implemented but common sense?

 

I'd be comfortable with that, except I'd add some sort of AV just to be sure.

 

yep.. seems like you dont know that much about security? Even if you only use the "save" files that you once install on your computer and NEVER install aynthing else and even if you only browse very known and big sites, there still is a chance to get you infected. Not to mention malware that spreads via usb,local network, sharing programs , p2p programs, messengers,....

Generally UAC at max settings offer a very good protection already. Still it won't protect you against everything.. and in case you run a setup.exe you will have to give it admin rights (in 99% of those installers) and then have you ever thought that even with the windows-inbuild iexpress.exe you can bind some random setup.exe with a malware.exe (and even checking the md5 hash of that file doesn't make it secure). So without some security product you will never find out that this setup.exe is infected. If it is some backdoor you might find its process / open internet connection and are able to block & remove it. If its some run-once information-stealer than you are already screwed. You simply need to click on the wrong link and you are already infected (drive-bys). Or a well known site gets exploited and infected.

I would understand if u tell me that Mbam pro is unnecessary but then I would just show you malware tests that I did so you would see that Mbam Pro is quite a nice addition to CIS (especiall the web filter). I have the main protection CIS (AV on stateful, fw & d+ as HIPS.. with auto sandbox enabled) and Mbam Pro which filters some web-sites already (pretty much like NortonDNS) and has a very great detection rate for malware. I could remove the AV from CIS but it doesn't really use any resources at all. EMET is a hardening program that you only run once. It offers great protection (you might want to search the thread here in the forum). Applocker & UAC are windows built-in security solutions.

 

my preferred setup

symantec endpoint protection - win2k-7 64bit. only downside is 64bit version has no rightclick scan for virus option and if standalone hard to define vpn firewall policies with network threat protection option

UAC, Windows Firewall, Defender OFF

spywareblaster
spybot immunize and ie resident no tea-timer
firefox +adblock plus default browser
latest Java JRE installed with any nasty prior bits removed prior with JavaRA

that's it. clean quick and light. avoiding IE, having a fresh Java install of only 1.6 10 that finally updates correctly in most cases should eliminate most nastys. for my users who persist to use IE i use IE7Pro addon

 

no UAC/Defender or Security senter service or firewall.

I keep MBAM on demand.
Avast! Free and Comodo Firewall and Defense+.
63char POP/HDD/Supervisor/Windows passwords, TC encrypted system drive
Keep all IO ports except USB shutoff, disable boot from USB.

Anonymousspeech for anonymous emails, and iVPN for any internet connection, home or away.

No IE. necessary adblock and noscript extensions and others for FF.

I find common sense (running questionable things in VM or sandbox mode) and a mix of these products good enough to add enough layers of security to make me feel my data is safe. Too bad it's all for naught, with out UAC I'll never be secure!

 

very nice setup ! I would still add UAC at max protection for even more protection

 

Just poking fun

On laptops I set up for others, I usually leave it on. I had had it on default settings on my laptop as well until I put on defense+. I just felt there was some overlap.

 

Malware is able to bypass/deactive UAC when its set to the default level. Thats why I always recommend it at max level or not at all

Actually D+ & UAC are somehow overlapping.. still Comodo D+ could get killed/bypassed by malware and then you would have UAC to protect you. Since it also is a windows built-in security feature I doubt that it would give any performance boost when disabling it.

 

UAC does more than just stop malware from elevating. Turning it off removes features and changes the entire token system.

 

My desktop currently has UAC disabled and chrome. Thats all it needs.

 

I'm sure UAC is good and all, but it's a poor implementation for the user. We're generally above average users and a good amount of us I think get annoyed by UAC. I can imagine (and have seen) everyday users want to throw their machine because UAC is constantly hounding them about thing's that are obviously secure. For example, the reason why I disabled it? The only time I got a notification from UAC... was when I got one from D+ regarding something trying to change the registry, reach a service, etc. So maybe it's doing extra stuff in the background, but from the users perspective, it's redundant and annoying (a notification box and a halt on whatever is going on is more than sufficient, I don't need the dim my screen, play the sound, and keep me from doing anything else). And that is so annoying that it negates any marginal security improvements it may provide that isn't covered by the rest of the security products we all use, so I would rather just turn it off. Next time microsoft needs to make it work more in the background, and smarter. D+ learns my system processes and behavior. But if I stick the same damn USB drivie with a boot.ini on it in to W7.. it will ask me over. and over. and over. everytime. If I really, really, positively want to run this. And when it DOES send me a notification, make it less big brother, less intrusive, more user friendly. Another thing..we're not all stupid. I run as administrator for a reason. I KNOW I am running as admin. I KNOW windows doesn't think it's a good idea for me to. But I don't want UAC constantly badgering me and reminding me that it's not a good idea to run as an admin. It's not a bad idea either. Nothing stupid happens unless you tell your computer to do something stupid as an administrator and it does it. It's a risk taken and I guess my point is theres no options for fine tuned control over what UAC monitors or doesn't. Maybe I want registry modifications monitored, but not system file changes... anyways, my point is until UAC matures more, it's just a PITA and it's functions are not integral to system security if you have other means of protecting your system from modification and aren't too clueless about what you're doing it.

That said UAC does have it's time and place to be used. I think it's great in corporate evironments to prohibit user actions etc. but for MY home/personal use its a PITA.

So anyone seen any good movies..

 

For me, UAC doesn't really notifiy me except when installing smth or running teamviewer (and that seems to be a bug on my pc.. other people don't get an UAC notification with teamviewer). And that's how it should be. UAC will only warn you when smth is trying to access sensible data (you can check on wiki which paths/registrys/..). Actually no program should need UAC access when running it. Most new programs won't even need admin rights (UAC -> yes) when installing. And that's how it should be.

I surely can understand that it gets annoying when you run a program/file/whatever all the time and even tough you know it's safe, windows will give you the UAC prompt. Since I have that with teamviwer, I can understand that this gets a bit annoying. But really.. its just one password (2 seconds) and I run teamviewer once every 7 days? So I don't mind it at all especially when thinking of the great security layer that UAC offers.

I always was against UAC (annoying annoying !) but I started trying it out a year ago.. and my experience:
If a program (when starting it) asks for admin rights then it is either a bad coded program or a malicious program.

But I think you are right when you say that there is still a lot to improve on UAC(-notifiactions).

 

Yeah I think one of the biggest things that they could add that would probably make it a much smoother, seamless service for me personally is adding exceptions. Maybe it is possible and I just don't know how. For example, my office is installation is legit, but the activation is done via an activator which tricks it into thinking it's a volume licensed product and it sets up a fake autokms checker to authenticate, UAC always interrupts me whenever I open an office document to ask me if it's ok for AutoKMS.exe to modify file/create a new process. AutoKMS looks like a "suspicious" exe but I know it's not. Yet there's no way for me to tell UAC to just ignore AutoKMS.exe. Anyways, I'm not trying to hate on UAC, these are just some of the improvements I would like to see.. more integrated and unobtrusive notifications, and more selective settings over what to monitor, and an exceptions/white list capability.