Jump to content
CCleaner Community Forums
mta

Layered security options

Recommended Posts

I'm interested in what others are using to bolster their Windows defences?

 

Not in terms of 3rd party software like anti-viral/malware or removal programs like GMER, cwshedder etc but what one can do to help stop things happening that are inbuilt but maybe not well known.

 

For example, the HOSTS file and the SYSKEY (Win8) program.

 

What have others 'turned on' or tweaked in Windows?

Share this post


Link to post
Share on other sites

I have disable unneeded services and AutoPlay capabilities.

Share this post


Link to post
Share on other sites

I also disable most of the windows services I don't use (spooler included)

 

Common sense may be your best asset though :)

Share this post


Link to post
Share on other sites

Other "built-in" things I've done, via downloads so this does actually require a third party:

  • HOSTS File (I have my own entries I've been making since the early 2000s, and also the MVPS.org HOSTS file, and the MalwareDomainList.com HOSTS list.)

     

  • Disabled NetBIOS, along with Printer File Sharing (using Windows Worms Doors Cleaner). I wonder if people even have to mess with doing this in Win7 or newer anymore? It was seen by many as a very critical thing to do in WinXP.

     

  • Disabled RAW Sockets (using GRC SocketLock - seems to be completely discontinued with no download available anymore? maybe it was only ever valid on WinXP?)

     

  • Set unnecessary services to Disabled or Manual - I've always leaned towards using the Manual option just in case something is actually needed.

     

Other things I've done:

Refuse to use Internet Explorer if possible, I will only use it on Microsoft.com sites - this I've done since about the year 2000 and have avoided any infections.

 

And there's probably a magnitude of other little things I've done but forgotten all about.

Share this post


Link to post
Share on other sites

Hosts File, handles by "Hostsman". (MVPS only)

 

"Windows Worms Doors Cleaner" (link above) passed to me by Andavari when XP was a sprightly youth.

 

Always "Sandboxed" when on-line.

 

Have various services disabled, originally as per "Black Vipers" recommendations for XP.

 

Never use IE and would be limited to IE8 if I did.

 

Strict control of Adobe Flash Player settings.

 

"Settings Manager". (On-line but a real time active settings manager).

Share this post


Link to post
Share on other sites

I have disable unneeded services and AutoPlay capabilities.

yeah, turning off AutoPlay is a good one, I've seen many a virus/malware infection on USB sticks with some autorun.ini variant.

Share this post


Link to post
Share on other sites

Almost all previously noted, could say all except "sandboxing".

I also frequently check & update software & OS and I've tweaked some Firefox settings (+I've NoScript, ABP and HTTPS Everywhere).

Share this post


Link to post
Share on other sites

Sitting and wonder if anyone even use Hardware security ex Hardware firewalls.

 

I know a router can be seen as Hardware protection but what else ?

Share this post


Link to post
Share on other sites

most modems/routers that come with hardware firewalls are pre-set to be probably all you want.

of course, always change the default login username/password and wifi SSID and passkey. (I'm constantly amazed at the number of people who don't)

but I've never needed to add any extra firewall rules or change the default settings in that area.

has anyone?

also MAC address allow/block list usage is another great security control.

Share this post


Link to post
Share on other sites

I turned on the hardware firewall in my DSL modem, I can only use the Low setting otherwise it completely disrupts all sorts of things from certain software to little portable gadgets used in the house. As for "extra rules" enabled in it I've inputted some widely used adservers to block such as DoubleClick, etc.

 

Also the only way to access my WiFi is if I've already manually inputted a device MAC address.

 

I do find it interesting when looking for a network with a WiFi device how so many neighbors have their network SSID broadcasting in plain view.

Share this post


Link to post
Share on other sites

I use MAC filtering by only adding the MACs manually the other thing is using a long complex passkey. 

Yes Mta and Andavari it's shocking to see how people do not change the default login username/password, wifi SSID and passkey

 

Doest this count as "Layered security" ?

 

Virus.jpg

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...