Additional Programs/PC Defence

[RockMaster92]

I would like to know if there are additional programs of defense software out there you guys use?

[ritchie58]

I do like to use a layered approach & not rely on just one app to keep my computer secure! Here's what I'm currently using for my Windows 10 Pro (Business Edition) x64 Operating System.

Antivirus/Antimalware protection: Panda Dome Advanced, Immunet (ClamAV disabled)

Zero Day Vulnerability protection: Malwarebytes Anti-Exploit Premium

Browser protection: No-Script extension (run only the scripts you want), Browser Protect extension (this protects your browser settings from being changed by outside sources)

[Scats]

Hey guys,

Like ritchie I like having a layered approach.  

Win10 64bit professional OS and Ubuntu on a bootable USB for testing. 

AV is microsoft defender ( group policy edited for a stop on first sight approach with MAPS enabled) since it plays nice with immunet, immunet with clam off. 

Browser is a mix of chrome and edge set up with strict security settings. with malwarebytes extension for both and HTTPS everywhere extension.

I also find having a good network setup is also important. I use Nextdns for it's network level protection with a hardware firewall. Having a good VPN is also a good idea. Overall the best approach is to play defensive computing/networking with a no trust policy and keeping thing up to date. 

 

 

[ritchie58]

Hey Scats,

I'd have to say you've got an awesome layered security set-up too!

That's something I forgot to mention, my modem/router also has a built in hardware based Firewall as well as using the Windows software based Firewall.

That's the reason I chose Panda Dome Advanced is that it has a built-in Virtual Private Network service that I use for on-line banking, shopping or sending sensitive data of any kind.

You're also right there, it is very important to keep your OS updated with the latest Microsoft security patches, fixes & improvements.

Another thing that can help keep you safe while on-line is to avoid, if possible, questionable web sites that don't use the https:/ URL encryption protocols or use risky browsing behavior such as accessing the dark web, illegal key-gen sites or peer to peer download hubs. "Some 'good ol' common sense' can go 'a long way' at avoiding a malware infection!"

Cheers, Ritchie... 

[zombunny2]

TL;DR Layered approaches are good, your behaviour is key, spyware/tracking/adware are also malware, if telemetry/personal data aren't collected, they can't be leaked/exploited, if unsolicited connections aren't made, you know your exposure and can trust your devices, you need to be able to trust the developers.

The long version:

I suppose how far you're willing to go depends on your threat-model. My defences are overkill for my minimal (ordinary guy) threat-model. The more defences you have, the more inconvenience you will experience, and the more your computers will get bogged-down. Also, more defences increases the likelihood of false positive detections, accidentally corrupting/deleting/losing-access to your data, etc. That said, layered defence is definitely the way to go. I'd also remark that security overlaps somewhat with privacy. Once you neutralise a threat to one, it often reduces a threat to the other. Additionally, security isn't just what packages you install. It's a whole philosophy and workflow. It's a method you have to constantly adhere to, not just something you can install and forget, or just do once.

I am primarily a GNU/Linux user, but I do occasionally boot Windows 10. My main most obvious defence methods are the following:

Platform-independent

• Pi-hole DNS-based blocking with a handful of well-known spyware/tracker, adware and malware-blocking lists. (Personally, I believe all of those are just "malware", but apparently some people distinguish between them). If scummy hosts can't connect in the first place, they can't infect you.
• Firewall/router disallows any outgoing connection not originating from the Pi-Hole, with a destination of port 53, to mitigate against creepy devices that try to use their own hardcoded DNS (e.g. other people's portable devices, possibly my TV even though I only use it as a "dumb" TV). (If it's not making an unsolicited connection and not contacting undesirable hosts, it's harder to exploit. Believe it or not, even smart light bulbs can be hacked to operate in botnets).
• All my passwords (except perhaps 1 or 2) are very long, randomly-generated strings of alphanumerics and symbols. I store them in a free and open-source password-manager (Keepass is a good option). If they're hard to brute-force, hard to guess, unique, and stored safely, it's harder for malware and crackers to get at them.
• I don't use "the cloud" for anything - although I do have a little bit of Nextcloud storage I occasionally use like a USB stick. It's encrypted with Cryptomator.
• I log out of everything the instant it no longer has my attention - i.e. I check my emails, then I sign out. I check my secondary emails, then I sign out. This should work for Facebook, Google Drive, virtually anything you use. If you're not signed-in, malware can't exploit your login as easily. You also can't be tracked as easily, and if you're not being tracked, that information can't be leaked and then exploited for phishing etc.
• Every time I sign out of something, I clear all browsing history, cookies, cache, the lot. I don't save anything in the browser - no addresses, payment-methods, passwords, nothing. The browser is a prime target for crackers looking to attack desktop users. If it isn't stored in my browser, it's harder for any malware that slips through to get it.
• Make sure as much of your software as possible is free/libre, or at least open-source - or that the developer is well-known, trustworthy, honest, and has a clear, plausible business model. If source-code is available, someone can vet it for malware; if the software is proprietary but has a good, transparent developer with a believable revenue-stream, the developer has little incentive to insert malware into their code.
• I don't install an app on any portable device, if the web site provides the required functionality, even if less convenient.

Browser

• I use Mozilla Firefox, GNU Icecat, or Pale Moon with a variety of about:config tweaks, detailed at spyware.neocities.org, restoreprivacy.com and privacytools.io.
• I also use Vivaldi on occasion, but never, ever Chrome under any circumstances.
• Useful extensions include Ublock origin, Cookie Autodelete, Decentraleyes, Privacy Badger, HTTPS Everywhere, CSS Exfil Protection, Privacy Oriented Origin Policy, and either Trace (Vivaldi) or ClearURLs (Mozilla-based) to cover the remaining tracking-methods not already covered by about:config tweaks or other extensions. If you don't mind taking ages to fix broken web sites the first time you visit them, then NoScript would boost your security immensely, but it's not for the faint-hearted or beginners.
• I shutdown any PC or tab whenever I'm not using it.
• I'm very wary of browser extensions, especially if they're not released under a free/open-source licence, and the developer doesn't have a good reputation/online-presence.
• I periodically make sure none of my extensions haven't been sold to new developers (like what happened to Nano).
• Ad and tracking networks have distributed malware several times in the past. If a site asks you to disable your content blocker, tell the webmaster to go to hell and then navigate to a better site.
• Don't use an adblocker that participates in any sort of "approved ads" programme (or at least disable the whitelisting of such ads).
• If data about you isn't collected, and a piece of code isn't allowed to run in your browser, that's one less way for your name and credit-card details to be leaked, and one less way for malware to infect you.

Linux-specific

• Don't run any proprietary packages, for instance Skype or Zoom - use the web versions (where available) instead.
• Only use the distro's official repository - not even semi-official user-contributed repos.
• AppArmor enabled.
• Always sandbox anything internet-connected (e.g. browser, mail client, instant-messenger) with Firejail.
• I use additional databases for ClamAV - the SecuriteInfo ones, and a subset of the ones provided by Sane Security. I used to also use the rfxn databases, but they caused a lot of false positives when used in conjunction with the other databases.
• I have ClamAV on-access scanning on my /home /media /mnt and /tmp directories for fast machines. For slow machines I just run a full ClamAV scan of my home folder every time I finish using the internet.

Windows-specific

• I install all my software from Chocolatey because it's a bit like a Linux package-manager, so everything stays up to date. Additionally, the packages are all subjected to at least a small degree of checking/verification.
• O&O Shutup10 to disable as many of the Windows spyware functions as possible. If unsolicited connections don't happen, they can't be exploited. Additionally, if someone isn't able to collect your data, they can't lose it when they eventually make an error or get hacked.
• For AV/antimalware, I use F-Secure AV + Malwarebytes Premium (i.e. their paid version) + Immunet with ClamAV enabled. To get them to play nicely, I have gone into the "exclusions" settings for each, and excluded the program-files and program-data folders for the other two. Believe it or not, using all 3 real-time solutions doesn't bog-down anything but the slowest of old machines. Windows itself is so bloated and heavy that anything you install on top of it is negligable in comparison. (If you don't believe it, try to install W10 on an atom-powered netbook and watch how long it takes to do things like display the start menu).
• For behaviour-blocker, Voodoosoft Voodooshield or NoVirusThanks OSArmor are absolutely fantastic. Truth be told, they can almost function as the sole protection in their own right, and they consume negligable resources. I prefer OSArmor as it is less "noisy" with alerts, and has less false-positives. I also think its interface is neater and cleaner. That said, Voodooshield is more well-known, older/more-established, and still offers a free version.

I have been using computers for over 30 years, and been an internet user for around 25 of them. I've never detected an infection or experienced symptoms indicative of an infection, on any computer in my household or workplace. This isn't a boast, issuance of a challenge to potential crackers, or an invitation for fate to give me a kick in the pants, it's just an indication that a moderate degree of effort and inconvenience that doesn't significantly-interrupt daily life or use of most sites/services, seems to have worked over time. Obviously my approach and software-choices have evolved over time, but the above should at least give you a hint of the type of philosophy/approach I've always taken.

Sorry for the massive essay, but hopefully something in it will be useful to you.

[Scats]

Wow Zombunny!!!

 

I am very impressed with your setup and practices!!! 

One thing that I think is way too over looked and that you brought up was your Smart IoT devices. With the growing amount of internet connected devices, with very little usually no security, it's a huge hole in any network. I will go out of my way to not buy smart devices till the industry brings up security with them. I have seen network hacks through smart TVs, Home cameras, even Smart fridges. Too often we look at defensive computing/networking and not how to prevent them from happening by taking an offensive approach like you. I may even have to take some notes from your approach:)

Stay safe...