What's your standard security loadout for a new windows PC?

[Ns1]

For my relatives, I'll generally default to win defender/malwarebytes/ad block/noscript, and an insistence on running Chrome or Firefox.

For myself, I don't even bother with malwarebytes.

I'm thinking I could do better, given that my uncle has been getting hit with increasing frequency as of late.

What about you guys?

 

[balloonshark]

Standard user account, Firefox with noscript and adblock running with Sandboxie and Avira or some other free AV. I used to run a firewall/HIPS program but I can't activate it any longer so I'll probably go with an anti-executable or anti-exploit.

I also scan all my downloads with virustotal, Avira, Malwarebytes and Hitman Pro before running them.

 

[Ns1]

Standard user account, Firefox with noscript and adblock running with Sandboxie and Avira or some other free AV. I used to run a firewall/HIPS program but I can't activate it any longer so I'll probably go with an anti-executable or anti-exploit.

I also scan all my downloads with virustotal, Avira, Malwarebytes and Hitman Pro before running them.

i don't think i could ever teach my relatives to do that consistently.

 

[balloonshark]

i don't think i could ever teach my relatives to do that consistently.

My relatives wouldn't take a few minutes to learn sandboxie and noscript but they can spend hours reading worthless facebook posts. They freak out every time they got a sandboxie pop-up (which is rare) and all they had to do was read and answer the pop-up.

When I update my nieces computer to Windows 10 I'll probably set her up as a standard user, install Chrome and Avira. I give up.

 

[HeXen]

Since my Windows PC does nothing else other than play games, I don't do much of anything special. I don't need to, it's just full of games.
Why should I worry about security on my computers when so many servers out there are letting my CC and other accounts get stolen?

Anthem insurance...yup, my SS # and other info was stolen and attempted to be used
Target...yup, they let my wife's card get stolen...and still never got supplemented like they said they would with that $10 million settlement.
Steam...yup, had to change my info because their shit was "compromised"
Honda Financial...yup, thanks guys for letting my CC get stolen requiring me to wait 2 weeks to get a replacement....6 months after you fucks knew it got stolen.
PSN...yup, same as steam plus they were shut down what like 6 months or something?
QVC...good job guys, that was the 3rd and last time my wife's CC #'s were stolen from you
and finally but not all listed...American Health Network...thanks for notifying me, 2 months later, about how my alleged "confidential" health records were stolen. For what reason i don't care but fuck, hire someone to secure your shit.

My computers? lol, I don't have hardly any info worth a damn on there compared to what corporate servers have on me. Security is a joke

 

[DarkWarrior2]

Windows Software Restriction Policy. Step by step here:

http://www.mechbgon.com/srp/index.html

Plus a free AV program and Malwarebytes.

 

[xgsound]

I also look after the relatives machines. The only thing I would add to your recipe is Bitdefender free which replaces Defender.

If you fix the uncle's machine with ADWCleaner, it produces a list of removed items to show him to avoid in the future. No guarantee it will help though!
He will need to re-input web site passwords.

Jim

 

[mikeymikec]

I also scan all my downloads with virustotal, Avira, Malwarebytes and Hitman Pro before running them.

If you're running an AV product on default settings, there is no need to run a separate virus scan, simply because when you scan a download with another program (such as malwarebytes), the anti-virus will be scanning it first automatically.

 

[KeithP]

Standard user account, Chrome, built-in AV or Kaspersky if a deal is available, EMET and no clicking on links in emails unless the sender is known AND the email is expected (in other words, the user did something that specifically generated the email in question).

-KeithP

 

[Ns1]

I also look after the relatives machines. The only thing I would add to your recipe is Bitdefender free which replaces Defender.

If you fix the uncle's machine with ADWCleaner, it produces a list of removed items to show him to avoid in the future. No guarantee it will help though!
He will need to re-input web site passwords.

Jim

thanks, seems simple enough. I'll give it a go next time.

 

[sourceninja]

I use bitdefender (paid version) and that is pretty much it. I've never had an issue. I let windows firewall do it's thing and I manage all settings from my domain controller with group policy.

 

[Ns1]

Any reason you guys are choosing BitDefender vs others?

 

[sourceninja]

Bitdefender and kaspersky are frequently in the top 2 spots for AV detection and performance. At the time there was a deal on 3 years of BD so I went that route. I just use their AV plus version as I feel that software firewalls are really more of a burden than a security feature. Also, BD has an anti-ransomware protection that works very well. You give it a list of folders that are not allowed to be encrypted and it prevents any attempt to encrypt files on those directories. http://www.bitdefender.com/support/how-ransomware-protection-works-in-bitdefender-2016-1549.html

I leverage an online password manager and 2fa for most everything, plus my DNS servers use openDNS for forwarding. Combine that with top tier IDS, content filtering, and anti-malware on my firewall and I'm about as secure as a home PC needs to be. I also separate my network into vlans and leverage firewall rules around those as well. Wireless authenticates to AD and guest wireless is on it's own vlan and can only talk to the internet. IoT devices are also isolated on their own network with internet only communication. Gaming systems, roku, etc are isolated with pinholes made for video streaming. Lastly I do both inbound and outbound firewall rules. This prevents unauthorized traffic from leaving my network.

 

[Ns1]

and you don't run MalwareBytes because BitDefender is sufficient, or because you feel that you are an experienced enough user to live w/o it, or...?

The second paragraph you have is good for me, but once again I'd never be able to set that up on a relative's network and have it work.

 

[shimpster]

Cyberfox with adblock, Malwarebytes, 360 Total Security Essentials AV (includes Bitdefender and Avira av's), Malwarebytes Anti-Ransomware, Bitdefender Anti-Ransomware, EMET, simple firewall user interface such as ZoneAlarm Free.

Kin folx never infected....knock on sumthing

 

[sourceninja]

and you don't run MalwareBytes because BitDefender is sufficient, or because you feel that you are an experienced enough user to live w/o it, or...?

The second paragraph you have is good for me, but once again I'd never be able to set that up on a relative's network and have it work.

I've never had any issues just running BD. That said, I've never actually had any anti-malware tool detect anything on any of my computers besides cookies and other low risk items.

 

[TheGardener]

Not recommending this over other suggestions, but I use Norton IS. It is easy to use, and unlike years ago, it doesn't slow down the computer or give you a lot of popup advice or ask a ton of questions. But then again for me, it has only quarantined one virus in the last two years. Just tell your uncle to get off those damn porn sites or start paying for your time. 5 Norton licenses for $20 on Black Friday, works out to $4 a year per computer.

An ad-blocker ishelpful too. NoScripts may be too complicated. But if they are not complaining about it, fine. I find it takes some interaction, when visiting a new website.

 

[Ns1]

Not recommending this over other suggestions, but I use Norton IS. It is easy to use, and unlike years ago, it doesn't slow down the computer or give you a lot of popup advice or ask a ton of questions. But then again for me, it has only quarantined one virus in the last two years. Just tell your uncle to get off those damn porn sites or start paying for your time. 5 Norton licenses for $20 on Black Friday, works out to $4 a year per computer.

An ad-blocker ishelpful too. NoScripts may be too complicated. But if they are not complaining about it, fine. I find it takes some interaction, when visiting a new website.

I can't in good faith ever buy a Norton / Symanetc / McAffee product.

 

[nerp]

Since my Windows PC does nothing else other than play games, I don't do much of anything special. I don't need to, it's just full of games.
Why should I worry about security on my computers when so many servers out there are letting my CC and other accounts get stolen?

Anthem insurance...yup, my SS # and other info was stolen and attempted to be used
Target...yup, they let my wife's card get stolen...and still never got supplemented like they said they would with that $10 million settlement.
Steam...yup, had to change my info because their shit was "compromised"
Honda Financial...yup, thanks guys for letting my CC get stolen requiring me to wait 2 weeks to get a replacement....6 months after you fucks knew it got stolen.
PSN...yup, same as steam plus they were shut down what like 6 months or something?
QVC...good job guys, that was the 3rd and last time my wife's CC #'s were stolen from you
and finally but not all listed...American Health Network...thanks for notifying me, 2 months later, about how my alleged "confidential" health records were stolen. For what reason i don't care but fuck, hire someone to secure your shit.

My computers? lol, I don't have hardly any info worth a damn on there compared to what corporate servers have on me. Security is a joke

You speak the truth. My work is all in the cloud. If my company gets compromised, I'm compromised. But my hardware really is just a portal to everything else.

 

[HeXen]

You speak the truth. My work is all in the cloud. If my company gets compromised, I'm compromised. But my hardware really is just a portal to everything else.

What's also scary is your companies printer. They have hard drives and if someone wanted to swap it, usually scans of employee records are found complete with SS #'s.
I watched a show where they showed how easy it was to go into a business with a fake ID as a printer repair guy and swap out the drive, had some interesting things on it including a scan of some guys butt.

 

[xgsound]

Any reason you guys are choosing BitDefender vs others?

I installed it on my machine about 2/ 3 years ago. It is free and does not expire ever. It is very light and has needed NO intervention by me after I logged in and answered a verify email.
Since then I have added it to around 12 of the relatives' machines with the same results. I verify no more than 5 machines on each email account. I use the same password on each one in case a reinstall comes up.

Certainly add some adblocker software since it is a prime vector for malware. I use ADBlocker plus on each browser but take your pick. I use ADWcleaner first (5 to 10 minutes + reboot) and only if necessary then use Malwarebytes free (1 hour+, very thorough) in scan on demand mode without monitoring.

Jim

 

[bruceb]

For me it is Avast Free Antivirus (without the browser plug in or any other extra), SpybotSD, Spyware Blaster ... MalwareBytes is also installed, but not as real time, just in case of a need to get rid of something. I also test all the computers to be sure they will not respond to a PING Request and also run a Port Check at ShieldsUp ... sometimes the router needs to be set to deny the Incoming Ping ... Firefox browser with AdBlock Plus

 

[lxskllr]

I recently setup the secretary's machine, and am only using builtin WinX security. I'd like to use Immunet cloud/clam based av, but then WinX shuts down Defender, presumably to avoid conflict. Is there a way to override that behavior? I like Immunet cause it's ok to use it commercially, but I don't think much of it, and the same applies to Defender. Together should be an improvement, while not hammering the system.

I'm not a big believer in av, but I'll put it on a system if it's very low in annoyances.

 

[Ns1]

alright, so I tried to trim my uncle's machine to JUST BitDefender, with adwcleaner to clean up any existing malware.

Well, evidently my uncle has a knack for getting some slick malware or this setup isn't doing it, because malware still happens.

there's a variant of this, reimageplus, and this, to start. Not sure what my next steps are, don't really want to nuke it from orbit. Just updated to the win10 anniversary update in order to get adblock on edge too, but still, this shit is either finding a way to get through or isn't being totally removed/detected by adwcleaner + bitdefender.

 

[Chiefcrowe]

Did he get the malware running under a limited user account or is he admin? If admin, then i'm afraid that a wipe is probably your best bet to make sure everything is removed.