Author Topic: Windows 7 Secure setup  (Read 2883 times)

0 Members and 1 Guest are viewing this topic.

Offline winguy

  • NULL
  • Posts: 4
  • Cookies: 0
    • View Profile
Windows 7 Secure setup
« on: January 23, 2014, 05:37:13 pm »
Hello guys.
I started learning about security related stuff not long ago.
I really like to play games with windows, which is kind of hard to live with, if you want security.
So I decided to try to setup the best secure yet operatable setup for win7 that I could come up with.
I wanted to hear your suggestions before I implement it.
Here is what I thought about:

1) Clean install win 7 64 bit
2) Create a "Secure" folder for my internet downloads (only r &w not exec)
3) VM to test files that look suspicious
4) Antivirus Avast + malwarebytes (I want free tools)
5) Nod32 trail on the vm + trackwinstall + what chanhed + sysinternals
6) Secure boot (UEFI)
7) no shares enabled
8 ) NAT for fw
9) AUTO run disabled.

Any major problems? and suggestions for the set up?
Thanks in advance.

« Last Edit: January 23, 2014, 08:08:41 pm by proxx »

Offline proxx

  • Avatarception
  • Global Moderator
  • Titan
  • *
  • Posts: 2803
  • Cookies: 256
  • ФФФ
    • View Profile
Re: Windows 7 Secure setup
« Reply #1 on: January 23, 2014, 08:08:02 pm »
Thats not "secure"
I suggest you run a BSD/nix vbox with a real firewall and route the traffic through that.
Run snort, blacklisting etc.
Move homefolder to other partition.
Amongst a couple other things I cant name right now.
« Last Edit: January 23, 2014, 08:08:25 pm by proxx »
Wtf where you thinking with that signature? - Phage.
This was another little experiment *evillaughter - Proxx.
Evilception... - Phage

Offline Kulverstukas

  • Administrator
  • Zeus
  • *
  • Posts: 6627
  • Cookies: 542
  • Fascist dictator
    • View Profile
    • My blog
Re: Windows 7 Secure setup
« Reply #2 on: January 23, 2014, 08:28:50 pm »
That does not sound secure and is completely unneeded. You will never be secure if you don't know what you are doing, no matter how much AV's and FW's you install.
Basically you only need malwarebytes to do a scan once a month or so, everything else is replaced by common sense.
Set downloads folder to only be written? no, that is not how windows attributes work.
Secure boot? that won't help if you get a rootkit.
No shares enabled? makes life harder. Just set a password, or only share stuff when you need stuff shared...
The VM for unknown crap and disabled autorun are the only wise decisions IMO.

What I can suggest is read more on social engineering, windows filesystems, learn a bit of coding and develop a common sense. Also you might want to look at ProcessHacker, it's awesome.
And 64bit? only if you have 4+GB of RAM, otherwise you don't need 64bit.
Might as well consider using online file scanners to check an executable, fuck virus makers, I hate malware actually, when the sole purpose of it is to mess the system up...
« Last Edit: January 23, 2014, 08:31:48 pm by Kulverstukas »

Offline Traitor4000

  • Knight
  • **
  • Posts: 191
  • Cookies: 8
    • View Profile
Re: Windows 7 Secure setup
« Reply #3 on: January 24, 2014, 04:16:28 am »
I did not know secure and Windows could be used in the same sentence  :o
The most vulnerable part of an impenetrable system is those who believe it to be so.

Offline winguy

  • NULL
  • Posts: 4
  • Cookies: 0
    • View Profile
Re: Windows 7 Secure setup
« Reply #4 on: January 24, 2014, 07:14:53 am »
Thats not "secure"
I suggest you run a BSD/nix vbox with a real firewall and route the traffic through that.
Run snort, blacklisting etc.
Move homefolder to other partition.
Amongst a couple other things I cant name right now.
Move homefolder to other partition. - why does this help?
"blacklisting"? of what? ips?

-------------------------------

That does not sound secure and is completely unneeded. You will never be secure if you don't know what you are doing, no matter how much AV's and FW's you install.
Basically you only need malwarebytes to do a scan once a month or so, everything else is replaced by common sense.
Set downloads folder to only be written? no, that is not how windows attributes work.
Secure boot? that won't help if you get a rootkit.
No shares enabled? makes life harder. Just set a password, or only share stuff when you need stuff shared...
The VM for unknown crap and disabled autorun are the only wise decisions IMO.

What I can suggest is read more on social engineering, windows filesystems, learn a bit of coding and develop a common sense. Also you might want to look at ProcessHacker, it's awesome.
And 64bit? only if you have 4+GB of RAM, otherwise you don't need 64bit.
Might as well consider using online file scanners to check an executable, fuck virus makers, I hate malware actually, when the sole purpose of it is to mess the system up...
What about an AV? which one do you consider good? are there any good free ones?
About the dl folder when I tried to execute an exe from a folder with only r&w it didn't let me, so i considered it another step into a more secure zone.

What about dual boot - one secure partition and one for crap software?

Offline Kulverstukas

  • Administrator
  • Zeus
  • *
  • Posts: 6627
  • Cookies: 542
  • Fascist dictator
    • View Profile
    • My blog
Re: Windows 7 Secure setup
« Reply #5 on: January 24, 2014, 07:28:01 am »
No AV is "good" and I don't use any... only malwarebytes to scan stuff from time to time. Dual boot just to test weird executables would be an overkill... a VM is enough, but keep in mind modern malware usually have methods for breaking out of VM's and sandboxes and stuff. A Dual boot would be better for this.... but like I said, all that could be reduced to common sense... until that tho, this is good.

Offline winguy

  • NULL
  • Posts: 4
  • Cookies: 0
    • View Profile
Re: Windows 7 Secure setup
« Reply #6 on: January 24, 2014, 08:12:56 am »
No AV is "good" and I don't use any... only malwarebytes to scan stuff from time to time. Dual boot just to test weird executables would be an overkill... a VM is enough, but keep in mind modern malware usually have methods for breaking out of VM's and sandboxes and stuff. A Dual boot would be better for this.... but like I said, all that could be reduced to common sense... until that tho, this is good.

So after reading your takes on my set up here is the new version:
- VM (vbox)
- Autoplay disabled
- 2 Users (day to day will be a standard user)
- NAT
- No shares (i don't need them)
- Snort + Wireshark
- ProcessHacker
- Secunia
- Malwarebytes + Microsoft security essentials.
- EMET

Sounds better?
Thanks for the help!

Offline karsa

  • Peasant
  • *
  • Posts: 117
  • Cookies: 44
    • View Profile
Re: Windows 7 Secure setup
« Reply #7 on: January 24, 2014, 01:06:52 pm »
Take a look at malwaretips, I think it's what you're looking for.

Offline Kulverstukas

  • Administrator
  • Zeus
  • *
  • Posts: 6627
  • Cookies: 542
  • Fascist dictator
    • View Profile
    • My blog
Re: Windows 7 Secure setup
« Reply #8 on: January 24, 2014, 02:40:06 pm »
Take a look at malwaretips, I think it's what you're looking for.
Oh wow, that's a cookie worth material man!

@winguy: 2 users? snort? wireshark? yeah it's ok to begin with, but I guarantee you're gonna get so fed up with it later in life. The way I see it you don't need snort unless you have a huge network and servers on it...
All in all, I don't even know, I'm not such a huge security dude, but what I do works for me to not get infected yet... it seems to me you're just too paranoid.
« Last Edit: January 24, 2014, 02:40:23 pm by Kulverstukas »

Offline proxx

  • Avatarception
  • Global Moderator
  • Titan
  • *
  • Posts: 2803
  • Cookies: 256
  • ФФФ
    • View Profile
Re: Windows 7 Secure setup
« Reply #9 on: January 24, 2014, 02:57:28 pm »
Oh wow, that's a cookie worth material man!

@winguy: 2 users? snort? wireshark? yeah it's ok to begin with, but I guarantee you're gonna get so fed up with it later in life. The way I see it you don't need snort unless you have a huge network and servers on it...
All in all, I don't even know, I'm not such a huge security dude, but what I do works for me to not get infected yet... it seems to me you're just too paranoid.

All of this is pretty much default on linux :P
Silly windows users.
« Last Edit: January 24, 2014, 02:57:44 pm by proxx »
Wtf where you thinking with that signature? - Phage.
This was another little experiment *evillaughter - Proxx.
Evilception... - Phage

Offline karsa

  • Peasant
  • *
  • Posts: 117
  • Cookies: 44
    • View Profile
Re: Windows 7 Secure setup
« Reply #10 on: January 24, 2014, 03:21:13 pm »
Oh wow, that's a cookie worth material man!
Not sure if sarcasm or not, but it seemed appropriate. I'm not saying it's some treasure trove of great info but it might help OP. That being said, consider switching to another operating system and learn as much as you can about it. Installing shitloads of programs doesn't really help if you don't know what you're doing. Changing the users habits and trading a bit of conveniency for more control goes a long way.

Offline Kulverstukas

  • Administrator
  • Zeus
  • *
  • Posts: 6627
  • Cookies: 542
  • Fascist dictator
    • View Profile
    • My blog
Re: Windows 7 Secure setup
« Reply #11 on: January 24, 2014, 06:07:38 pm »
Not sure if sarcasm or not, but it seemed appropriate. I'm not saying it's some treasure trove of great info but it might help OP. That being said, consider switching to another operating system and learn as much as you can about it. Installing shitloads of programs doesn't really help if you don't know what you're doing. Changing the users habits and trading a bit of conveniency for more control goes a long way.
Oh no that was not sarcasm, sorry if it sounded like sarcasm. I totally bookmarked that site!

Offline noob

  • Knight
  • **
  • Posts: 202
  • Cookies: 29
    • View Profile
Re: Windows 7 Secure setup
« Reply #12 on: January 25, 2014, 02:47:00 am »
This guy put a nice effort to describe how to harden windows 7 machine:
Code: [Select]
http://hardenwindows7forsecurity.com/Harden%20Windows%207%20Home%20Premium%2064bit%20-%20Standalone.html
« Last Edit: January 25, 2014, 02:47:46 am by noob »

Offline Darkvision

  • EZ's Fluffer
  • VIP
  • Royal Highness
  • *
  • Posts: 755
  • Cookies: 149
  • Its not a bug, It's a Chilopodas.
    • View Profile
Re: Windows 7 Secure setup
« Reply #13 on: January 25, 2014, 04:25:30 am »
This guy put a nice effort to describe how to harden windows 7 machine:
Code: [Select]
http://hardenwindows7forsecurity.com/Harden%20Windows%207%20Home%20Premium%2064bit%20-%20Standalone.html


never used EMET before, ill have to look at it. The rest of it is rather good. One point to stress along with this guide though, turn off EVERYTHING you dont use. Uninstall components you dont use(like IE). Unfortunatly for some of the best performance tweeking/security you will need to familiarize yourself with the registry. Unfortunatly(as far as i know) windows stopped releasing their dev developed tools after XP(these were amazing) so you really need registry knowledge to do everything(not that you could even with their tools, just that you could go a lot quicker for some of the reg only stuff). I would estimate that 95%(minimal) programs out their designed to tweek/secure you PC actually make your PC LESS secure than doing it yourself. For instance ive only ever found ONE "booster" that actually gave my performance a boost and they quit updating it after XP, and the only reason it gave me a boost was because it was a heavily modified windows kernel. Any other program ive ever seen gives "boosts" by applying a pre-approved set off off/on for services(mainly) and sometimes a few reg keys. The issue with that is that if you know what your doing it will end up turning on services/changing keys that you have already changed.(worsening performance and making you more vulnerable). So at the end of the day the best solution would be to learn fundamentals...then get into a book or two thats heavy into the internals of windows.
The internet: where men are men, women are men, and children are FBI agents.

Ahh, EvilZone.  Where networking certification meets avian fecal matter & all is explained, for better or worse.

<Phage> I used an entrence I never use