Windows 7 Security
5 posters
Page 1 of 1
Windows 7 Security
Hello, as a new member I'm not sure I've handled things correctly, if so please advise. Creating a new topic, instead of hijacking an existing one, was potentially less offensive.
I've noticed that their has been a recent surge of "legitimate" malware attack vectors. In this instance I'm defining "legitimate" as either using a hacked certificate and/or taking advantage of a real software application's limitations to inject a malware payload of some sort. This has me concerned.
I've read through ssj100's security setup topic and understand it in broad terms. This approach makes sense to me both in regards to keeping costs down and with regards to running fewer resource intensive applications. The specific details of ssj100's approach have not been thoroughly understood or assimilated as yet. But I did notice that ssj100's security setup specifically states it is for Windows XP (SP3?). I just moved from XP Pro SP3 to Windows 7.
I'm wondering how much of ssj100's security setup can be implemented in that OS? Are any major changes (methods of accessing a feature and/or altered names/verbiage) to watch? Additional issues, concerns or features to pay particular attention to? I would appreciate any assistance or advice.
I think I can define myself as an above-average user (in terms of knowledge). I've been using Firefox with NoScript, AdBlock Plus, Better Privacy, Link Alert and Locationbar2 for several years. Currently have Comodo CIS. Knew of, but was not using, Sandboxie (didn't have time to delve into it). Prefer wired networks, instead of wireless, because I understand intrinsically that they're simply more secure.
Thanks for your help.
PS: ssj100, you've got a broken link in your Setup message. The 3rd link should be http://www.mechbgon.com/srp/index.html; currently the link results in a 404 error.
I've noticed that their has been a recent surge of "legitimate" malware attack vectors. In this instance I'm defining "legitimate" as either using a hacked certificate and/or taking advantage of a real software application's limitations to inject a malware payload of some sort. This has me concerned.
I've read through ssj100's security setup topic and understand it in broad terms. This approach makes sense to me both in regards to keeping costs down and with regards to running fewer resource intensive applications. The specific details of ssj100's approach have not been thoroughly understood or assimilated as yet. But I did notice that ssj100's security setup specifically states it is for Windows XP (SP3?). I just moved from XP Pro SP3 to Windows 7.
I'm wondering how much of ssj100's security setup can be implemented in that OS? Are any major changes (methods of accessing a feature and/or altered names/verbiage) to watch? Additional issues, concerns or features to pay particular attention to? I would appreciate any assistance or advice.
I think I can define myself as an above-average user (in terms of knowledge). I've been using Firefox with NoScript, AdBlock Plus, Better Privacy, Link Alert and Locationbar2 for several years. Currently have Comodo CIS. Knew of, but was not using, Sandboxie (didn't have time to delve into it). Prefer wired networks, instead of wireless, because I understand intrinsically that they're simply more secure.
Thanks for your help.
PS: ssj100, you've got a broken link in your Setup message. The 3rd link should be http://www.mechbgon.com/srp/index.html; currently the link results in a 404 error.
sopaiwefo- New Member
- Posts : 6
Join date : 2010-08-13
Re: Windows 7 Security
sopaiwefo wrote:Hello, as a new member I'm not sure I've handled things correctly, if so please advise. Creating a new topic, instead of hijacking an existing one, was potentially less offensive.
No problem. Welcome to the forum!
sopaiwefo wrote:I've read through ssj100's security setup topic and understand it in broad terms. This approach makes sense to me both in regards to keeping costs down and with regards to running fewer resource intensive applications. The specific details of ssj100's approach have not been thoroughly understood or assimilated as yet. But I did notice that ssj100's security setup specifically states it is for Windows XP (SP3?). I just moved from XP Pro SP3 to Windows 7.
I'm wondering how much of ssj100's security setup can be implemented in that OS? Are any major changes (methods of accessing a feature and/or altered names/verbiage) to watch? Additional issues, concerns or features to pay particular attention to? I would appreciate any assistance or advice.
Take your time to go through the setup/approach. The principles of it remain the same on Windows 7:
1. Instead of LUA, it's called Standard User Account (SUA). I've been told the latest SuRun Beta's work fairly well on Windows 7 too, although some potential problems remain ( https://ssj100.forumotion.com/windows-hardening-f5/sua-srp-some-questions-t228.htm#1693 ). However, SuRun is not as essential on Windows 7 as it is on XP when running as a limited/standard user.
2. SRP is the same, except if you are lucky enough to have the Ultimate edition, I'd recommend using AppLocker instead.
3. DEP remains the same.
4. Sandboxie remains the same.
5. Windows Firewall/NAT Router remains the same. Note that Windows 7's firewall has the ability to control outbound connections too (not that this is required).
6. I no longer use a "system virtualiser" (eg. Shadow Defender). I feel that if a suspicious file is suspicious enough (eg. it comes from a clearly dodgy source), it probably should be handled in a full blown Virtual Machine. The disadvantage of handling it via a sandboxed explorer.exe is that you may initially browse the file on your REAL system (eg. you recover the file out of the sandbox and on to your desktop). Most files these days are zipped/archived anyway though. Also, the chances of getting infected by files simply by browsing them is extremely small - the LNK exploit was a very rare attack vector (I don't think there's been any in-the-wild POC's or live malware like that since 2005). And anyway, SRP blocked that LNK exploit.
7. Image backing up remains the same.
sopaiwefo wrote:I think I can define myself as an above-average user (in terms of knowledge). I've been using Firefox with NoScript, AdBlock Plus, Better Privacy, Link Alert and Locationbar2 for several years. Currently have Comodo CIS. Knew of, but was not using, Sandboxie (didn't have time to delve into it). Prefer wired networks, instead of wireless, because I understand intrinsically that they're simply more secure.
I would recommend trying out Sandboxie. Take your time with it. Once you understand how it works and how to set it up nicely, you'll probably never look back. You can try the free version first before considering the full version (there's a life-time license available).
sopaiwefo wrote:PS: ssj100, you've got a broken link in your Setup message. The 3rd link should be http://www.mechbgon.com/srp/index.html; currently the link results in a 404 error.
Fixed it, thanks!
Re: Windows 7 Security
Yes, I do have Windows 7 Ultimate, although I have not heard of AppLocker previously. If you have any reading recommendations, I would appreciate the suggestion.
Currently I have SUA + DEP, Comodo CIS (Firewall + AV) set up.
SuRun betas are giving me an invalid link. I've downloaded the last stable version but it is not yet installed.
Sandboxie is downloaded, installed, but not configured.
Should the installation order be exactly as shown in your Setup topic? I notice that SuRun might have issues with software installed prior to it's installation.
Currently I have SUA + DEP, Comodo CIS (Firewall + AV) set up.
SuRun betas are giving me an invalid link. I've downloaded the last stable version but it is not yet installed.
Sandboxie is downloaded, installed, but not configured.
Should the installation order be exactly as shown in your Setup topic? I notice that SuRun might have issues with software installed prior to it's installation.
sopaiwefo- New Member
- Posts : 6
Join date : 2010-08-13
Re: Windows 7 Security
Here are some links I recommend that you might find helpful.
Some Applocker links:
Applocker Implementation - Lucy
Maximising W7 security with Applocker under SUA
W7, Applocker, and related stuff ssj100 (Sandboxie forum)
Identify Potential Applocker Holes
A few other helpful W7 SUA links:
Config W7 for a SUA
LUA/SUA and highest UAC level overkill?
Avoid UAC prompts by using an elevated program launcher
How to avoid typing UAC credentials for selected programs
Some Applocker links:
Applocker Implementation - Lucy
Maximising W7 security with Applocker under SUA
W7, Applocker, and related stuff ssj100 (Sandboxie forum)
Identify Potential Applocker Holes
A few other helpful W7 SUA links:
Config W7 for a SUA
LUA/SUA and highest UAC level overkill?
Avoid UAC prompts by using an elevated program launcher
How to avoid typing UAC credentials for selected programs
tnegjm- Member
- Posts : 37
Join date : 2010-04-20
Re: Windows 7 Security
See tnegjm's post. Thanks tnegjm.sopaiwefo wrote:If you have any reading recommendations, I would appreciate the suggestion.
You must have tried downloading from a translated page. Try here instead (Beta 14 is the latest - click on "SuRun1209b14.zip"):sopaiwefo wrote:SuRun betas are giving me an invalid link.
http://forum.kay-bruns.de/post/2888
Take your time to go through it. Trial and error is a good way to learn it.sopaiwefo wrote:Sandboxie is downloaded, installed, but not configured.
I don't know much about SuRun on Windows 7. All I know is that the latest stable version didn't work for me at all (it didn't even install properly), but the Beta versions work fairly well.sopaiwefo wrote:Should the installation order be exactly as shown in your Setup topic? I notice that SuRun might have issues with software installed prior to it's installation.
In terms of the installation order, this is generally what I follow on Windows XP:
1. Install XP - 1 admin user
2. Install drivers
3. Update XP
4. Set up LUA
5. Install SuRun
6. Install everything else
I would presume the same would apply on Windows 7.
Re: Windows 7 Security
ssj100 wrote:
In terms of the installation order, this is generally what I follow on Windows XP:
1. Install XP - 1 admin user
2. Install drivers
3. Update XP
4. Set up LUA
5. Install SuRun
6. Install everything else
I would presume the same would apply on Windows 7.
Yes, same applies to 7.
I personally install everything with SuRun in LUA. Some softwares write to HKCU and create shortcuts only for current user, by using SuRun to install rather than using UAC(=installing in Admin account), that problem is solved.
Sadeghi85- Member
- Posts : 66
Join date : 2010-07-22
Re: Windows 7 Security
Thanks for the links tnegjm. Some interesting reading - although I must admit a few of the posts were technically over my head. I'm sure they will make sense once I'm more familiar with these applications/processes.
Yes, ssj100, I was trying to download from a translated page. Thanks for the tip. I was pretty sure it was user error, but I could not figure out how I was screwing up a simple mouse-click! I've downloaded and installed the latest beta.
I placed the real administrative account as a SuRunner in error. Before I make any other changes, and possibly lock myself out, can I delete the real admin account from SuRun without harm?
Yes, ssj100, I was trying to download from a translated page. Thanks for the tip. I was pretty sure it was user error, but I could not figure out how I was screwing up a simple mouse-click! I've downloaded and installed the latest beta.
I placed the real administrative account as a SuRunner in error. Before I make any other changes, and possibly lock myself out, can I delete the real admin account from SuRun without harm?
sopaiwefo- New Member
- Posts : 6
Join date : 2010-08-13
Re: Windows 7 Security
sopaiwefo wrote:
I placed the real administrative account as a SuRunner in error. Before I make any other changes, and possibly lock myself out, can I delete the real admin account from SuRun without harm?
Yes, you can. First put the LUA account in SuRunner then delete the admin from the list.
Sadeghi85- Member
- Posts : 66
Join date : 2010-07-22
Re: Windows 7 Security
Thanks Sadeghi for the information. I deleted the real admin from SuRunners group.
Been busy the last few days with various tasks, but I've noticed a definite system slowdown since using this aproach. I am sure that a part of my issue is Windows 7 and 2Gb of memory (since Win7 is more resource intensive than XP - even if more intrinsically secure). But additionally I know that some of this is due to the security approach taken. Comodo CIS (AV, Firewall and sandbox) might also be a large player in this issue.
I have not really had time to tweak settings and determine what is optimal.
Been busy the last few days with various tasks, but I've noticed a definite system slowdown since using this aproach. I am sure that a part of my issue is Windows 7 and 2Gb of memory (since Win7 is more resource intensive than XP - even if more intrinsically secure). But additionally I know that some of this is due to the security approach taken. Comodo CIS (AV, Firewall and sandbox) might also be a large player in this issue.
I have not really had time to tweak settings and determine what is optimal.
sopaiwefo- New Member
- Posts : 6
Join date : 2010-08-13
Re: Windows 7 Security
You're welcome. BTW, I also use Win 7 with 2GB of RAM and except for SRP/Applocker's DLL rule there is no slowdown, even that, is hardly noticeable.
I've tried CIS a few times, but it was always too heavy for my machine, so that's probably the cause of slowdown.
I've tried CIS a few times, but it was always too heavy for my machine, so that's probably the cause of slowdown.
Sadeghi85- Member
- Posts : 66
Join date : 2010-07-22
Re: Windows 7 Security
Sadeghi85 wrote:I've tried CIS a few times, but it was always too heavy for my machine, so that's probably the cause of slowdown.
I was afraid of that. I was hoping to keep CIS in the mix until such time as I was sure things worked correctly.
My setup includes a potentially odd infection vector... I'm using a tethered mobile as my ISP, which precludes the use of NAT or router.
sopaiwefo- New Member
- Posts : 6
Join date : 2010-08-13
Re: Windows 7 Security
I would suggest you read all you can on UAC and LUA (SUA as ssj refers to it). You might enlighten yourself on SEHOP/DEP/ASLDR and EMET. You might want to check out Integrity Levels as well.sopaiwefo wrote:I think I can define myself as an above-average user (in terms of knowledge).
Coming from XP, if you skipped Vista like I did, there are quite a few things that will be different. I say this because the amount of tools/utilities you have been used to using in XP may not be needed in win7, depending on what and how you do things.
Either way, understanding what is going on can only help you understand where the strengths are and where your weaknesses might present themselves. That is always a good thing.
Sul.
Sully- Member
- Posts : 13
Join date : 2010-05-16
Re: Windows 7 Security
Thanks Sully for the advice.
Yes, I skipped over Vista. I was underwhelmed by it's functionality. Win7 seems to be a decent OS with enough improvements to make the switch worthwhile.
As to Win7 Security, I really have not seen/read very much. I've tried looking online for Win7 books, but have not seen anything that really deals with security specifically. All are either superficial or overly complex; I'm looking for something in the middle.
Unfortunately real life has not been kind in the last week or so. Just too much going on.
Yes, I skipped over Vista. I was underwhelmed by it's functionality. Win7 seems to be a decent OS with enough improvements to make the switch worthwhile.
As to Win7 Security, I really have not seen/read very much. I've tried looking online for Win7 books, but have not seen anything that really deals with security specifically. All are either superficial or overly complex; I'm looking for something in the middle.
Unfortunately real life has not been kind in the last week or so. Just too much going on.
sopaiwefo- New Member
- Posts : 6
Join date : 2010-08-13
Similar topics
» Windows 8 and Security Software
» ssj100's Security Setup updated for Windows 7 / 8 x86
» Disable Unneeded Services In Windows add security and performance!
» Matousec: KHOBE – 8.0 earthquake for Windows desktop security software
» Windows Vista/Windows 7 + Sandboxie + Integrity Levels
» ssj100's Security Setup updated for Windows 7 / 8 x86
» Disable Unneeded Services In Windows add security and performance!
» Matousec: KHOBE – 8.0 earthquake for Windows desktop security software
» Windows Vista/Windows 7 + Sandboxie + Integrity Levels
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum
|
|