Layered security options

[mta]

I'm interested in what others are using to bolster their Windows defences?

 

Not in terms of 3rd party software like anti-viral/malware or removal programs like GMER, cwshedder etc but what one can do to help stop things happening that are inbuilt but maybe not well known.

 

For example, the HOSTS file and the SYSKEY (Win8) program.

 

What have others 'turned on' or tweaked in Windows?

[Hav0c]

I have disable unneeded services and AutoPlay capabilities.

[Winapp2.ini]

I also disable most of the windows services I don't use (spooler included)

 

Common sense may be your best asset though

[Andavari]

Other "built-in" things I've done, via downloads so this does actually require a third party:

• HOSTS File (I have my own entries I've been making since the early 2000s, and also the MVPS.org HOSTS file, and the MalwareDomainList.com HOSTS list.)

   

• Disabled NetBIOS, along with Printer File Sharing (using Windows Worms Doors Cleaner). I wonder if people even have to mess with doing this in Win7 or newer anymore? It was seen by many as a very critical thing to do in WinXP.

   

• Disabled RAW Sockets (using GRC SocketLock - seems to be completely discontinued with no download available anymore? maybe it was only ever valid on WinXP?)

   

• Set unnecessary services to Disabled or Manual - I've always leaned towards using the Manual option just in case something is actually needed.

   

Other things I've done:

Refuse to use Internet Explorer if possible, I will only use it on Microsoft.com sites - this I've done since about the year 2000 and have avoided any infections.

 

And there's probably a magnitude of other little things I've done but forgotten all about.

[DennisD]

Hosts File, handles by "Hostsman". (MVPS only)

 

"Windows Worms Doors Cleaner" (link above) passed to me by Andavari when XP was a sprightly youth.

 

Always "Sandboxed" when on-line.

 

Have various services disabled, originally as per "Black Vipers" recommendations for XP.

 

Never use IE and would be limited to IE8 if I did.

 

Strict control of Adobe Flash Player settings.

 

"Settings Manager". (On-line but a real time active settings manager).

[mta]

I have disable unneeded services and AutoPlay capabilities.

yeah, turning off AutoPlay is a good one, I've seen many a virus/malware infection on USB sticks with some autorun.ini variant.

[nodles]

Almost all previously noted, could say all except "sandboxing".

I also frequently check & update software & OS and I've tweaked some Firefox settings (+I've NoScript, ABP and HTTPS Everywhere).

[Hav0c]

Sitting and wonder if anyone even use Hardware security ex Hardware firewalls.

 

I know a router can be seen as Hardware protection but what else ?

[mta]

most modems/routers that come with hardware firewalls are pre-set to be probably all you want.

of course, always change the default login username/password and wifi SSID and passkey. (I'm constantly amazed at the number of people who don't)

but I've never needed to add any extra firewall rules or change the default settings in that area.

has anyone?

also MAC address allow/block list usage is another great security control.

[Andavari]

I turned on the hardware firewall in my DSL modem, I can only use the Low setting otherwise it completely disrupts all sorts of things from certain software to little portable gadgets used in the house. As for "extra rules" enabled in it I've inputted some widely used adservers to block such as DoubleClick, etc.

 

Also the only way to access my WiFi is if I've already manually inputted a device MAC address.

 

I do find it interesting when looking for a network with a WiFi device how so many neighbors have their network SSID broadcasting in plain view.

[Hav0c]

I use MAC filtering by only adding the MACs manually the other thing is using a long complex passkey. 

Yes Mta and Andavari it's shocking to see how people do not change the default login username/password, wifi SSID and passkey

 

Doest this count as "Layered security" ?