ssj100 Security Forums
Would you like to react to this message? Create an account in a few clicks or log in to continue.

Windows 7 Security

5 posters

Go down

Windows 7 Security Empty Windows 7 Security

Post by sopaiwefo 13/8/2010, 23:06

Hello, as a new member I'm not sure I've handled things correctly, if so please advise. Creating a new topic, instead of hijacking an existing one, was potentially less offensive. Wink

I've noticed that their has been a recent surge of "legitimate" malware attack vectors. In this instance I'm defining "legitimate" as either using a hacked certificate and/or taking advantage of a real software application's limitations to inject a malware payload of some sort. This has me concerned.

I've read through ssj100's security setup topic and understand it in broad terms. This approach makes sense to me both in regards to keeping costs down and with regards to running fewer resource intensive applications. The specific details of ssj100's approach have not been thoroughly understood or assimilated as yet. But I did notice that ssj100's security setup specifically states it is for Windows XP (SP3?). I just moved from XP Pro SP3 to Windows 7.

I'm wondering how much of ssj100's security setup can be implemented in that OS? Are any major changes (methods of accessing a feature and/or altered names/verbiage) to watch? Additional issues, concerns or features to pay particular attention to? I would appreciate any assistance or advice.

I think I can define myself as an above-average user (in terms of knowledge). I've been using Firefox with NoScript, AdBlock Plus, Better Privacy, Link Alert and Locationbar2 for several years. Currently have Comodo CIS. Knew of, but was not using, Sandboxie (didn't have time to delve into it). Prefer wired networks, instead of wireless, because I understand intrinsically that they're simply more secure.

Thanks for your help.

PS: ssj100, you've got a broken link in your Setup message. The 3rd link should be http://www.mechbgon.com/srp/index.html; currently the link results in a 404 error.

sopaiwefo
New Member
New Member

Posts : 6
Join date : 2010-08-13

Back to top Go down

Windows 7 Security Empty Re: Windows 7 Security

Post by ssj100 14/8/2010, 00:15

sopaiwefo wrote:Hello, as a new member I'm not sure I've handled things correctly, if so please advise. Creating a new topic, instead of hijacking an existing one, was potentially less offensive. Wink

No problem. Welcome to the forum!

sopaiwefo wrote:I've read through ssj100's security setup topic and understand it in broad terms. This approach makes sense to me both in regards to keeping costs down and with regards to running fewer resource intensive applications. The specific details of ssj100's approach have not been thoroughly understood or assimilated as yet. But I did notice that ssj100's security setup specifically states it is for Windows XP (SP3?). I just moved from XP Pro SP3 to Windows 7.

I'm wondering how much of ssj100's security setup can be implemented in that OS? Are any major changes (methods of accessing a feature and/or altered names/verbiage) to watch? Additional issues, concerns or features to pay particular attention to? I would appreciate any assistance or advice.

Take your time to go through the setup/approach. The principles of it remain the same on Windows 7:
1. Instead of LUA, it's called Standard User Account (SUA). I've been told the latest SuRun Beta's work fairly well on Windows 7 too, although some potential problems remain ( https://ssj100.forumotion.com/windows-hardening-f5/sua-srp-some-questions-t228.htm#1693 ). However, SuRun is not as essential on Windows 7 as it is on XP when running as a limited/standard user.
2. SRP is the same, except if you are lucky enough to have the Ultimate edition, I'd recommend using AppLocker instead.
3. DEP remains the same.
4. Sandboxie remains the same.
5. Windows Firewall/NAT Router remains the same. Note that Windows 7's firewall has the ability to control outbound connections too (not that this is required).
6. I no longer use a "system virtualiser" (eg. Shadow Defender). I feel that if a suspicious file is suspicious enough (eg. it comes from a clearly dodgy source), it probably should be handled in a full blown Virtual Machine. The disadvantage of handling it via a sandboxed explorer.exe is that you may initially browse the file on your REAL system (eg. you recover the file out of the sandbox and on to your desktop). Most files these days are zipped/archived anyway though. Also, the chances of getting infected by files simply by browsing them is extremely small - the LNK exploit was a very rare attack vector (I don't think there's been any in-the-wild POC's or live malware like that since 2005). And anyway, SRP blocked that LNK exploit.
7. Image backing up remains the same.

sopaiwefo wrote:I think I can define myself as an above-average user (in terms of knowledge). I've been using Firefox with NoScript, AdBlock Plus, Better Privacy, Link Alert and Locationbar2 for several years. Currently have Comodo CIS. Knew of, but was not using, Sandboxie (didn't have time to delve into it). Prefer wired networks, instead of wireless, because I understand intrinsically that they're simply more secure.

I would recommend trying out Sandboxie. Take your time with it. Once you understand how it works and how to set it up nicely, you'll probably never look back. You can try the free version first before considering the full version (there's a life-time license available).

sopaiwefo wrote:PS: ssj100, you've got a broken link in your Setup message. The 3rd link should be http://www.mechbgon.com/srp/index.html; currently the link results in a 404 error.

Fixed it, thanks!
ssj100
ssj100
Administrator
Administrator

Posts : 1390
Join date : 2010-04-14

https://ssj100.forumotion.com

Back to top Go down

Windows 7 Security Empty Re: Windows 7 Security

Post by sopaiwefo 15/8/2010, 21:54

Yes, I do have Windows 7 Ultimate, although I have not heard of AppLocker previously. If you have any reading recommendations, I would appreciate the suggestion.

Currently I have SUA + DEP, Comodo CIS (Firewall + AV) set up.
SuRun betas are giving me an invalid link. I've downloaded the last stable version but it is not yet installed.
Sandboxie is downloaded, installed, but not configured.

Should the installation order be exactly as shown in your Setup topic? I notice that SuRun might have issues with software installed prior to it's installation.

sopaiwefo
New Member
New Member

Posts : 6
Join date : 2010-08-13

Back to top Go down

Windows 7 Security Empty Re: Windows 7 Security

Post by tnegjm 16/8/2010, 01:17


tnegjm
Member
Member

Posts : 37
Join date : 2010-04-20

Back to top Go down

Windows 7 Security Empty Re: Windows 7 Security

Post by ssj100 16/8/2010, 10:32

sopaiwefo wrote:If you have any reading recommendations, I would appreciate the suggestion.
See tnegjm's post. Thanks tnegjm.

sopaiwefo wrote:SuRun betas are giving me an invalid link.
You must have tried downloading from a translated page. Try here instead (Beta 14 is the latest - click on "SuRun1209b14.zip"):
http://forum.kay-bruns.de/post/2888

sopaiwefo wrote:Sandboxie is downloaded, installed, but not configured.
Take your time to go through it. Trial and error is a good way to learn it.

sopaiwefo wrote:Should the installation order be exactly as shown in your Setup topic? I notice that SuRun might have issues with software installed prior to it's installation.
I don't know much about SuRun on Windows 7. All I know is that the latest stable version didn't work for me at all (it didn't even install properly), but the Beta versions work fairly well.

In terms of the installation order, this is generally what I follow on Windows XP:
1. Install XP - 1 admin user
2. Install drivers
3. Update XP
4. Set up LUA
5. Install SuRun
6. Install everything else

I would presume the same would apply on Windows 7.
ssj100
ssj100
Administrator
Administrator

Posts : 1390
Join date : 2010-04-14

https://ssj100.forumotion.com

Back to top Go down

Windows 7 Security Empty Re: Windows 7 Security

Post by Sadeghi85 16/8/2010, 22:24

ssj100 wrote:
In terms of the installation order, this is generally what I follow on Windows XP:
1. Install XP - 1 admin user
2. Install drivers
3. Update XP
4. Set up LUA
5. Install SuRun
6. Install everything else

I would presume the same would apply on Windows 7.

Yes, same applies to 7.

I personally install everything with SuRun in LUA. Some softwares write to HKCU and create shortcuts only for current user, by using SuRun to install rather than using UAC(=installing in Admin account), that problem is solved.

Sadeghi85
Member
Member

Posts : 66
Join date : 2010-07-22

Back to top Go down

Windows 7 Security Empty Re: Windows 7 Security

Post by sopaiwefo 17/8/2010, 00:10

Thanks for the links tnegjm. Some interesting reading - although I must admit a few of the posts were technically over my head. I'm sure they will make sense once I'm more familiar with these applications/processes.

Yes, ssj100, I was trying to download from a translated page. Thanks for the tip. I was pretty sure it was user error, but I could not figure out how I was screwing up a simple mouse-click! I've downloaded and installed the latest beta.

I placed the real administrative account as a SuRunner in error. Before I make any other changes, and possibly lock myself out, can I delete the real admin account from SuRun without harm?

sopaiwefo
New Member
New Member

Posts : 6
Join date : 2010-08-13

Back to top Go down

Windows 7 Security Empty Re: Windows 7 Security

Post by Sadeghi85 17/8/2010, 00:14

sopaiwefo wrote:

I placed the real administrative account as a SuRunner in error. Before I make any other changes, and possibly lock myself out, can I delete the real admin account from SuRun without harm?

Yes, you can. First put the LUA account in SuRunner then delete the admin from the list.

Sadeghi85
Member
Member

Posts : 66
Join date : 2010-07-22

Back to top Go down

Windows 7 Security Empty Re: Windows 7 Security

Post by sopaiwefo 21/8/2010, 21:03

Thanks Sadeghi for the information. I deleted the real admin from SuRunners group.

Been busy the last few days with various tasks, but I've noticed a definite system slowdown since using this aproach. I am sure that a part of my issue is Windows 7 and 2Gb of memory (since Win7 is more resource intensive than XP - even if more intrinsically secure). But additionally I know that some of this is due to the security approach taken. Comodo CIS (AV, Firewall and sandbox) might also be a large player in this issue.

I have not really had time to tweak settings and determine what is optimal.

sopaiwefo
New Member
New Member

Posts : 6
Join date : 2010-08-13

Back to top Go down

Windows 7 Security Empty Re: Windows 7 Security

Post by Sadeghi85 22/8/2010, 00:22

You're welcome. BTW, I also use Win 7 with 2GB of RAM and except for SRP/Applocker's DLL rule there is no slowdown, even that, is hardly noticeable.

I've tried CIS a few times, but it was always too heavy for my machine, so that's probably the cause of slowdown.

Sadeghi85
Member
Member

Posts : 66
Join date : 2010-07-22

Back to top Go down

Windows 7 Security Empty Re: Windows 7 Security

Post by sopaiwefo 24/8/2010, 07:37

Sadeghi85 wrote:I've tried CIS a few times, but it was always too heavy for my machine, so that's probably the cause of slowdown.

I was afraid of that. I was hoping to keep CIS in the mix until such time as I was sure things worked correctly.

My setup includes a potentially odd infection vector... I'm using a tethered mobile as my ISP, affraid which precludes the use of NAT or router.

sopaiwefo
New Member
New Member

Posts : 6
Join date : 2010-08-13

Back to top Go down

Windows 7 Security Empty Re: Windows 7 Security

Post by Sully 24/8/2010, 12:57

sopaiwefo wrote:I think I can define myself as an above-average user (in terms of knowledge).
I would suggest you read all you can on UAC and LUA (SUA as ssj refers to it). You might enlighten yourself on SEHOP/DEP/ASLDR and EMET. You might want to check out Integrity Levels as well.

Coming from XP, if you skipped Vista like I did, there are quite a few things that will be different. I say this because the amount of tools/utilities you have been used to using in XP may not be needed in win7, depending on what and how you do things.

Either way, understanding what is going on can only help you understand where the strengths are and where your weaknesses might present themselves. That is always a good thing.

Sul.

Sully
Member
Member

Posts : 13
Join date : 2010-05-16

Back to top Go down

Windows 7 Security Empty Re: Windows 7 Security

Post by sopaiwefo 28/8/2010, 10:51

Thanks Sully for the advice.

Yes, I skipped over Vista. I was underwhelmed by it's functionality. Win7 seems to be a decent OS with enough improvements to make the switch worthwhile.

As to Win7 Security, I really have not seen/read very much. I've tried looking online for Win7 books, but have not seen anything that really deals with security specifically. All are either superficial or overly complex; I'm looking for something in the middle.

Unfortunately real life has not been kind in the last week or so. Just too much going on.

sopaiwefo
New Member
New Member

Posts : 6
Join date : 2010-08-13

Back to top Go down

Windows 7 Security Empty Re: Windows 7 Security

Post by Sponsored content


Sponsored content


Back to top Go down

Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum