Keep Running Windows 7 Safely for Years to Come

[CybertoothAskWoody Plus]

As Windows 7 approaches the expected end of monthly security patching next January, Windows 7 users who have hesitated to switch to Windows 10 face the critical choice of whether to accept Microsoft’s newest operating system; to switch to an altogether different platform such as Linux, Mac, or Chrome OS; or to look for a way to protect their favorite OS into 2020 and beyond.

In my case, I have decided to implement a multi-layered defense strategy which, I am confident, will make it possible to use Windows 7 without worries while I continue the slow transition to Linux (Kubuntu). The defensive layers include, in no particular order:

* Resident anti-virus software. My main Windows 7 machine is currently on BitDefender Free, but there are many other good free and paid AV solutions out there.

* Resident anti-exploit software. Several choices are available, such as Malwarebytes Anti-Exploit (MBAE) and Microsoft’s own EMET, but I use HitmanPro.Alert as it also offers keystroke encryption.

* On-demand scanners to catch any baddies that might have gotten past the main defenders. I cycle a variety of free scanners including Malwarebytes Anti-Malware Free (MBAM), Sophos Virus Removal Tool, F-Secure Online Scanner, Norton Power Eraser, and ESET Online Scanner. (Once again, there are others, free and paid.) At least occasionally, run the rootkit scanning feature, if available (usually requires a reboot).

* Use a Web traffic-filtering browser extension such as Norton Safe Web or Bitdefender TrafficLight, and/or a security-oriented public DNS resolver such as Quad9, for your Web browsing.

* Keep your router firmware updated, if possible, and consider increasing the router’s hardware firewall settings (it may come set to a medium level that’s less hassle, but offers lower protection). Learn how to block websites and URLs at the router.

* Use a software firewall that will explicitly ask your permission when new programs try to access the Internet for any reason. Over time, you will train the firewall to allow trusted programs and the number of notifications will fall to just new (and possibly unknown) programs. ZoneAlarm Free Firewall is set to ask you “out of the box.”

* Keep your browsers (plus their extensions/plugins) and other programs updated.

* Use ad-blocking extensions on your browsers, as malvertising is one of the main sources of infection nowadays. My main choice for this is uBlock Origin, although I’ve also used Ghostery.

* Change your Windows account from the default administrator account to a standard user account, which has fewer rights to install software and make changes to the system. (You will have to enter a password to do those sorts of things.) This prevents malware from exploiting your administrator status to make changes behind your back, and research suggests that this one measure alone prevents upward of 90% of attacks.

* Use an extensive Hosts file to stop your computer from being led to sites that serve up malware. I also use it to block Facebook, which some researchers claim follows you around the Web even if you don’t have a Facebook account. You can obtain ample Hosts files from here or here.

* Additional protections: I have installed OSArmor by NoVirusThanks and have had a good experience with it. The program, over time, builds a whitelist of programs that you have approved to run on your PC. I am also considering BlackFog Privacy and VoodooShield as useful, supplemental layers of defense; reports on the security community Wilders Security indicates a high degree of compatibility and satisfaction for both of these products.

* I am evaluating 0patch, by Acros Security. This is a service that injects on-the-fly patches to software that no longer receives updates from its vendor. I am currently using it on a Vista test machine and have experienced no problems, although I’m not sure yet how useful it might be as it has rarely kicked in to do its thing. For a more thorough test, I may need to install 0patch on my main Vista PC, but for now at least I’ve determined that it doesn’t make Vista crash or slow down. When Windows 7 goes EOS, 0patch could conceivably fill in for the bulk of security patches that Win7 will not receive.

* Finally, back up the PC (data and programs) regularly. If all else fails and you get infected, you will then have a reasonably current copy of your computer that you can install over the infected system. There are numerous image backup solutions out there; I use the free version of Macrium Reflect.

* * * * *
You might think that there is considerable overlap in the kinds of protection offered by the above set of measures. And you would be right: the defenses feature a moat, trenches, walls, minefields, sentries, snipers, archers, machine-gun nests, early-warning systems, Patriot missiles, deflector shields, and an escape tunnel. I have deliberately built redundancy into the strategy, so that whatever one misses another one will stop. I’ve neither experienced nor heard of any incompatibilities affecting computer usability. (The only caution is to avoid using multiple resident AV programs at the same time, for example BitDefender and Kaspersky.)

Is this paranoid? No more so than the folks who tell us that you must patch right now or you’re doomed, or that you must upgrade to Windows 10 when Win7 goes EOS or you’re doomed.

With this combination of defensive measures, I have every confidence that my Win7 box will remain well protected for as long as I care to use it. So long as security vendors continue to support Windows 7, and Win7 browsers continue to load websites, I don’t see any great impediment to keeping this Windows 7 system connected to the Internet for the foreseeable future.

 

Total of 24 users thanked author for this post. Here are last 20 listed.

FakeNinja, Chessie, Geo, Moonbear, Kaj4strom, DrRon, Steve, OscarCP, LHiggins, The Surfing Pensioner, Pierre77, anita.yk, Charlie, David F, LH, JohnW, Kranium, AlexEiffel, SueW, jburk07

[anonymous]

On the assumption that you/we are most likely to have problems when browsing online, you could also consider running your browser in a sandbox (most of the time).

I have long used Sandboxie for this and there was an introductory guide on the gHacks site recently if you are interested: https://www.ghacks.net/2019/10/29/how-to-use-sandboxie-for-browsing-downloading-and-installing-programs/

You will need to run your browser outside the sandbox occasionally to pick up and keep browser updates and any extension updates. I normally use Firebox and have its update setting to inform me when there is an update, but not to actually download and update, so that I can update after leaving the sandbox. I also have uBlockOrigin (uBO) automatic updates switched off, but start Firefox and manually update uBO every few days. For convenience I allow bookmarks saved in the sandbox to be retained on leaving the sandbox. I run Thunderbird for e-mail in a similar way.

I have no experience using Sandboxie to try out programs as the article suggests.

My only slight doubt mentioning Sandboxie is that after several changes of ownership its future development is unclear (see https://www.ghacks.net/2019/09/10/sandbox-program-sandboxie-is-now-freeware-soon-open-source/ ), particularly as I believe that Sophos itself is/may be changing ownership.

Some security products e.g. Comodo have their own sandbox features.

HTH. Garbo.

3 users thanked author for this post.

Kranium, wdburt1, Cybertooth

[CybertoothAskWoody Plus]

Thanks, Garbo. I have to admit that I haven’t given sandboxing a lot of thought. Maybe my logic is flawed, but the way I see it is that whatever I’m doing in the sandbox, sooner or later I’ll be saving or printing something, which means it has to come out of the sandbox (right?) and if that’s infected then it will try to attack my computer at that point anyway. I do a lot of saving of Web articles to PDF, so it’s not an unusual scenario for me.

Probably I don’t have an adequate understanding of sandboxing technology, but the above logic (for what it’s worth) is the reason I haven’t looked at it very hard.

 

[anonymous]

A more complete guide, and what was my tutorial to Sandboxie when I started with it, can be found at: https://www.techsupportalert.com/content/introduction-and-quick-guide-sandboxie.htm

It is true that you will want some downloaded files and data printed to PDF files to be recovered out of the sandbox, but you are in control of what these are. I download to the “Downloads” folder and always print (using CutePDF) to this folder (even if I’ll move the PDF file later). I have Sandboxie immediately prompt me whenever something is “downloaded” in this way so I can immediately decide what to do with it (recover/leave/delete) before I forget what I’ve been doing (at the end of session). Other stuff downloaded beyond what I have explicitly downloaded can be seen and filtered out before reaching the real PC. On exit anything left is deleted. (You can overwrite whatever is deleted for a more secure deletion e.g. using Sysinternals “sdelete”.)

Other changes the webpage may try to make to the system do not get outside of the sandbox unless you have allowed it in the settings. Beyond the default settings I have allowed bookmarks to be added/deleted, but this is a compromise. There are lists of possibilities for common programs in the settings.

I have been using it since 2013, so I no longer really think about it 🙂

HTH. Garbo.

 

1 user thanked author for this post.

Cybertooth

[CybertoothAskWoody Plus]

That does look like it would make a valuable addition to post-EOS Windows 7 computing. It’s a little work, but surely not more than using a standard Windows account instead of an administrator account.

I knew that Sophos might be bought by another company, but I didn’t know that Sophos had bought Sandboxie.

 

[AlexEiffelAskWoody_MVP]

I don’t think the biggest threat is the pdfs you download.

Sandboxing would be useful to help prevent some unrecognized threats, 0-days, drive-by downloads that automatically infect a vulnerable system without needing you to download anything. Fileless malware is a tricky one and sandboxing could add a layer of protection that would supplement what you already have. The anti-exploit is already a great step-up, but sandboxing is another useful tool to your arsenal that brings a different type of protection.

I use Firefox to read downloaded pdfs most of the time when it works, so it reduces the risk of being infected by some malware that would need some of Adobe’s capabilities or vulnerabilities to be triggered. Another little step to reduce the risk of being infected. Firefox could have different vulnerabilities of course, but the capabilities are limited and it is probably not the first target for pdf injected malware.

1 user thanked author for this post.

Cybertooth

[JohnWAskWoody Plus]

On the topic of browsing being the biggest risk, I have found that the comprehensive filter lists in uBlock Origin seem to be effective in preventing me from accidentally connecting to potentially dodgy website domains, when clicking on links in web pages or emails.

So that appears to be an excellent protection layer for keeping away from the scripted type of attacks lurking in some website code.

As a backup layer for that, anti-exploit software would be good idea for stopping an attack that was able to gain access to your system, and hopefully prevent encryption or exfiltration of your data before the damage is done.

And finally, making disk images that you can easily restore your PC from, if necessary, is a very effective way to remove a malware infestation. And get your encrypted data back.

5 users thanked author for this post.

Myst, Steve, alphacharlie, Charlie, Cybertooth

[CybertoothAskWoody Plus]

+1

And as a bonus, aside from uBlock Origin serving as one of the layers of defense, ever since installing it my Web page loads have gotten a lot faster, as the pages aren’t weighted down by flashing ads, autoplay videos, and assorted other bandwidth hogs.

3 users thanked author for this post.

Steve, Charlie, JohnW

[AscarisAskWoody_MVP]

Cybertooth wrote:

And as a bonus, aside from uBlock Origin serving as one of the layers of defense, ever since installing it my Web page loads have gotten a lot faster, as the pages aren’t weighted down by flashing ads, autoplay videos, and assorted other bandwidth hogs.

Not only that, but in a quick ‘n’ dirty test I ran some time ago, using uBlock Origin cut the RAM use in half on the same group of pages, and that’s really saying something.  The RAM consumed by the ads was greater than that of the actual content in the pages and the program code of the browser combined.

Group "L" (KDE Neon User Edition 5.17.5).

1 user thanked author for this post.

Cybertooth

[CharlieAskWoody Plus]

It seems you can’t get just the Malwarebytes Anti-Exploit alone.  I went to the website in the link and the Anti-Exploit has now been built into the Malwarebytes Anti-Malware program.  I’ve got Ublock Origin running in Firefox 70.0.1 and I’m not bothered by much.

Win 7 Home Premium, x64, Intel i3-2120 3.3GHz, Groups B & L

[JohnWAskWoody Plus]

It’s available here as a rolling beta standalone (has been this way for several years now):

https://forums.malwarebytes.com/topic/205865-malwarebytes-anti-exploit-113-build-125-released-nov-11-2019/

This is a full Beta version with premium features available to Free users.

 

4 users thanked author for this post.

LHiggins, Charlie, anita.yk, Cybertooth

[LHigginsAskWoody Plus]

JohnW wrote:

It’s available here as a rolling beta standalone (has been this way for several years now): https://forums.malwarebytes.com/topic/205865-malwarebytes-anti-exploit-113-build-125-released-nov-11-2019/ This is a full Beta version with premium features available to Free users.

I have tried downloading this several times and can’t seem to get it working on my Win 7 laptop. Maybe I’m missing something, but I click the download link and it downloads the installer exe. When I click on that, it looks like it starts to work – asks me if I want to install it, and then nothing – no hard drive activity, nothing. I’ve let it go for a few minutes, but it never seems to install.

Any suggestions on how to install it??

Thanks!

[JohnWAskWoody Plus]

Can’t imagine what’s blocking the installer. I just downloaded the latest “mbae-setup-1.13.1.127.exe” from that link, and the installer executed without any issues on my Win 7 Pro x64 machine.

Did you click through the Windows UAC prompts to the license agreement, etc.?

[LHigginsAskWoody Plus]

Hi John,

It never got that far – I did get to the UAC prompt, but no user agreement. I did download a trial version of Malwarebytes last week – the trial is up tomorrow. Maybe that is what is causing it not to work?

It was this one: Malwarebytes Anti-Exploit 1.13 Build 127 released – Dec 5, 2019

And the installer was only a small file – not sure exactly now, but not much. Maybe 2mb? So that isn’t the whole program, right?

I’m back in Mint now, but I will give it another try when I boot back into Windows. I also have my Win 7 desktop – I can try it there to see if it works.

Kind of strange behavior though…each time I clicked on the installer, it would give me the UAC prompt, start spinning and then nothing. I finally had to get into the Task Manager to delete the process there – but that seemed like it was tied to the browser, not to any actual program.

Thanks!

 

[JohnWAskWoody Plus]

Malwarebytes Premium (or Premium trial) includes the Anti-Exploit module. It’s possible the MBAE installer sees that and does not continue, because it is already installed.

There are two things you could try.

1. Let the trial expire and then run the MBAE installer again.
2. Or force the trial to expire by going to the account details tab under “settings” (the gear icon) in the app and ending the Premium trial.

Keep the free version of MBAM installed after the trial, as it is a good on-demand scanner for free.

1 user thanked author for this post.

LHiggins

[LHigginsAskWoody Plus]

JohnW wrote:

It’s possible the MBAE installer sees that and does not continue, because it is already installed.

Yes, that sounds like maybe that is what is happening.

JohnW wrote:

There are two things you could try. Let the trial expire and then run the MBAE installer again. Or force the trial to expire by going to the account details tab under “settings” (the gear icon) in the app and ending the Premium trial.

I think that the trial does expire tomorrow, so I’ll check and try it again. And I do plan to keep the free version after the trial – I really wasn’t planning on downloading the trial to begin with, but that is what downloaded.

Thanks for the ideas and help!

[CybertoothAskWoody Plus]

Cybertooth wrote:

* Additional protections: I have installed OSArmor by NoVirusThanks and have had a good experience with it. The program, over time, builds a whitelist of programs that you have approved to run on your PC. I am also considering BlackFog Privacy and VoodooShield as useful, supplemental layers of defense; reports on the security community Wilders Security indicates a high degree of compatibility and satisfaction for both of these products.

Since the time I wrote that paragraph, I have installed VoodooShield to get a sense of how effective and practical it is to use. I have no complaints with its effectiveness, as it asks me to either “block” or “allow” any processes that it doesn’t know about. Think of it as an enhanced User Account Control system where you get to decide if the process is something you wanted and expected (i.e. the installer for a program you just bought), or–alternatively– if it seems to have popped up out of the blue.

That said, VoodooShield is not the easiest piece of software to use in the world. Trying to create “rules” for programs is reminiscent of the arcane and convoluted rule sets for firewalls, something that I wouldn’t touch with a 10-foot pole. Just set it on “Autopilot,” leave the settings at default value, and life will be much simpler.

Next step is to evaluate BlackFog Privacy.

 

[MicrofixDa Boss]

hmm, just came across this very interesting article by Martin Brinkmann over on Ghacks

Someone discovered a way to enable Extended Security Updates on all machines running Microsoft’s Windows 7 operating system…

Win7 Pro x64 | Win8.1 Pro x64 | Linux Hybrids x86/x64 | W10 x86 1909

2 users thanked author for this post.

Myst, Cybertooth

[CybertoothAskWoody Plus]

Wow, this development is certainly worth watching! From that Ghacks post:

The developers plan already to extend support to Windows Vista and to support the POSReady 7 SKU which will receive security updates until 2024.

Over the last couple of years, I’d read around the Web people wondering if there might be a POSReady version of Windows 7 as there is for XP. This is the first time I’ve seen such a version referred to as an actual fact and not just a hope.

I would even be willing to pay Microsoft a reasonable fee for these continued patches for my Home editions (but not $200 or $100 a year, forget it!).

 

1 user thanked author for this post.

Myst

[OscarCPAskWoody Plus]

MS is requiring that those users (not “Enterprise”) that want to extend the service beyond next month, must have installed the November S&Q Rollup. I can’t think of any reason that one needs to have that installed to qualify for extended support, when I have been getting the Windows 7 patches from MS, as Group B, and doing just fine that way, with no need to install the rollups. I think I smell a rat, but maybe it is just an olfactory hallucination?

Windows 7 Professional, SP1, x64 Group B & macOS + Linux (Mint) => Win7 Group W + Mac&Lx

[Susan BradleyAskWoody MVP]

As I understand it, these add a MAK/additional license ability hook.

Susan Bradley Patch Lady

[OscarCPAskWoody Plus]

Dear Susan, Patch Lady: Do you mean to say that having the November Rollup installed allows a Multiple Activation Key to be installed? Is that the whole reason?

Having a MAK, it seems to me, should be just an option. Particularly for someone like me, who dislikes rollups, among other reasons, because I have noticed that, usually, there are more complaints from those in Group A that install them than from those in Group B that don’t. There are some attendible reasons for this being so, they are just not persuasive enough to make me change my mind.

Windows 7 Professional, SP1, x64 Group B & macOS + Linux (Mint) => Win7 Group W + Mac&Lx

[jabeattyauditorAskWoody Lounger]

OscarCP wrote:

Having a MAK, it seems to me, should be just an option.

It IS just an option – unless, of course, you want to enable ESU on a particular PC or server.

[OscarCPAskWoody Plus]

jbeattyauditor: “It IS just an option – unless, of course, you want to enable ESU on a particular PC or server.”

Not entirely an option, as far as I am concerned, because it is tied to having to install the November  S&Q Rollup, which is not optional. And that is my point.

Windows 7 Professional, SP1, x64 Group B & macOS + Linux (Mint) => Win7 Group W + Mac&Lx

1 user thanked author for this post.

Kranium

[Pierre77AskWoody Plus]

JohnW wrote:

Malwarebytes Premium (or Premium trial) includes the Anti-Exploit module. It’s possible the MBAE installer sees that and does not continue, because it is already installed.

There are two things you could try.

1. Let the trial expire and then run the MBAE installer again.
2. Or force the trial to expire by going to the account details tab under “settings” (the gear icon) in the app and ending the Premium trial.

Keep the free version of MBAM installed after the trial, as it is a good on-demand scanner for free.

 

Yes, that is the way to go. I have MBAM Free and MBAE installed on 2 PCs. There is a catch which means when MalwareBytes update their main engine you will have a choice to run another trial for 14 days. The update also removes MBAE, so after the trial expires you will have to install MBAE again. My main PC has a paid version of MBAM installed. Hope this helps.

• This reply was modified 1 month, 1 week ago by  Pierre77. Reason: TYPO

2 users thanked author for this post.

LHiggins, JohnW

[JohnWAskWoody Plus]

You are correct, based on my experience,updating MBAM removes the MBAE beta.

But you can re-install it.

1 user thanked author for this post.

LHiggins

[Pierre77AskWoody Plus]

JohnW wrote:

You are correct, based on my experience,updating MBAM removes the MBAE beta.

But you can re-install it.

FYI Malwarebytes also have Browser Guard for Firefox and Chrome available. It will also run on the new development of Microsoft new Chrome Browser. I have it running on one PC without a problem.

1 user thanked author for this post.

LHiggins

[CybertoothAskWoody Plus]

* Additional protections: I have installed OSArmor by NoVirusThanks and have had a good experience with it. The program, over time, builds a whitelist of programs that you have approved to run on your PC. I am also considering BlackFog Privacy and VoodooShield as useful, supplemental layers of defense; reports on the security community Wilders Security indicates a high degree of compatibility and satisfaction for both of these products.

Since the time I wrote that paragraph in the opening post, I have additionally installed BlackFog Privacy. It seems to work well. The only cautions are that 1) BFP tends to be aggressive with its blocking of what it considers “fake news” sites (even if you have unchecked that item in the UI), although it’s easy to whitelist something you do want that they’d rather you didn’t see; and 2) it’s probably a good idea to go through the settings for potentially unwanted cleanup actions upon closing a browser.

Apart from these cautions, BlackFog Privacy looks like an excellent product, as far as I can tell. I have seen very few Web ads of any sort since installing this program.

Here is a screenshot of the settings UI:

By default, BFP blocks “egress traffic” to China, North Korea, Russia, and Ukraine (“geofencing”). You can uncheck any or all of these, and instead, if you prefer, block connections to Burkina Faso, Fiji, Greenland, and/or Liechtenstein among hundreds of other countries/territories.

Do note that this is a paid product. (I’m nearing the end of a 30-day trial.) But then, bear in mind that the objective is to keep our EOS Windows 7 systems safe going forward, and that may be worth something to you.

Attachments:

You must be logged in to access attached files.

[OscarCPAskWoody Plus]

I imagine those products Cybertooth has installed for detecting dodgy Web sites are one way and perhaps the only way of dealing with this widespread problem. But they have, in general, two important drawbacks that are worth noting:

(1) When they incorrectly either block or advise to avoid a site that is actually OK and belongs to some legitimate organization or merchant, the poor organization or merchant can become seriously victimized without the possibility of defending itself, himself, or herself in court, as it were. This I have seen happen and learned just how pitiful, loud and numerous the complaints of the innocent victims can be!

(2) If, again by mistake or by some small and harmless irregularity, a site with some much needed information that one is desperately looking for gets vetoed by the defensive software, one may either never, or not soon enough, be able to find that information somewhere else.

One can always white list a site, of course, if one (a) knows enough about it already to decide to do so, or (b) somehow can sense both its existence and its URL before discovering it during a Web search — not a very likely proposition, I should think.

So one must be aware that there are not just pros, but also cons with this as with anything else.

 

Windows 7 Professional, SP1, x64 Group B & macOS + Linux (Mint) => Win7 Group W + Mac&Lx

[CybertoothAskWoody Plus]

Yes indeed. This is a wise caveat.

The function of blocking certain websites is also performed by many (most?) antivirus applications, as well as by (at least) some DNS resolvers such as Quad9. There are also browser add-ons that perform a similar function, in that they warn you about sites instead of outright blocking you from reaching them. In my own experience, the AVs Norton Security and BitDefender have blocked sites that were actually safe.

Nothing’s perfect. Each of us has to weigh the drawbacks of possible false positives against the benefits of stopping real bad guys, and decide which choice is more desirable–or, perhaps, less undesirable. Don’t necessarily install everything I listed up there, I’m just presenting my own security cocktail. 🙂

 

[Paul TAskWoody MVP]

And then there are sites that become active exploiters but the “protection software” does not yet recognize this and lets you connect…

cheers, Paul

[CybertoothAskWoody Plus]

Yep, that’s the reason for a multi-layered strategy: if one line of defense fails (in this case, the website rater), then other lines come into action (the anti-exploit, behavior blocker, firewall, or anti-executable).

 

• This reply was modified 1 week, 5 days ago by  Cybertooth.

[OscarCPAskWoody Plus]

I would include as a potential problem also those sites one white listed and then, without one’s knowing, became infected. I suppose that all one can do is to setup one’s defenses, keeping in mind their potential pitfalls, so as not to be too trusty of their reliability — and hope for the best. The Web is becoming more and more like a guerilla war fought mainly with ambushes, surprise attacks and manipulative propaganda. So one has no better choice than to rise to the occasion, facing the situation as such. (Too bad for me I am too laid back to fight such war with all I’ve got.)

Windows 7 Professional, SP1, x64 Group B & macOS + Linux (Mint) => Win7 Group W + Mac&Lx

[CybertoothAskWoody Plus]

That’s another situation where the other lines of defense (those that combat the actual attacks, as opposed to globally allowing/blocking a website) should spring into action. On my list, this function would be served (depending on the nature of the attack) by the AV, the anti-exploit, the software firewall, OSArmor, and/or VoodooShield. They don’t care from what website the attack is coming, only that it’s taking place and needs to be stopped. (Actually, the last three may not even care if it could be an attack; what they do largely is to tell you that a new process is running and ask you if you want to let it run, giving you the chance to kill it).

 

1 user thanked author for this post.

OscarCP

[jabeattyauditorAskWoody Lounger]

Just wondering – after you stack all of these defensive products on an aging Windows 7 PC, what percentage of the CPU will you have left to use for actual work?

Is there ever a point where the cure is more of a problem than the disease?

[CybertoothAskWoody Plus]

Process Explorer shows the security processes that are running on my Windows 7 PC (including some others that I didn’t list in the original post) to be using a total of 0.75 percent of CPU cycles. This will of course spike up occasionally when, for example, BitDefender searches for and installs virus definition updates; but we know that will happen once in a while regardless of what AV or which OS we’re using.

 

[wdburt1AskWoody Plus]

I am about five days into researching and implementing steps to harden my Win7 computers against attack.  I knew from the start that @cybertooth‘s initial post here, and the comments that followed, would be worth revisiting.  Now that I am wrapping up, and my head is swimming with this stuff, I am a bit surprised to find that I basically came back to what @cybertooth has proposed.  Hats off to you.

On the internet-facing computer:

• I will shortly replace the router with a Pepwave Surf SOHO Mk3, which I plan to configure as recommended by Michael Horowitz’s “Router Security” web page.  Being able to have more control over what the router is doing is a long-sought goal.
• I will replace the modem with a Netgear CM500 (this is more about performance than security–that and eliminating the bright flashing lights at night.)
• I already use Firefox with UBlock Origin and NoScript; and Brave, which I understand incorporates something like UBlock Origin.  I haven’t figured out how to add NoScript or equivalent to Brave.
• I have created a password-protected Admin user account and demoted the existing one to Standard (and wondered why I didn’t do this on both machines long ago).
• I will add either Microsoft EMET or HitmanPro.Alert.
• I already have Bitdefender and a “proactive” scanner, Heimdal Thor Foresight.
• I will try Voodooshield and see if it works for me.
• Windows Firewall is on the job, but I need to revisit how it’s configured.

I am not planning to get into sandboxing right now, but might in time.  I’m interested in 0patch or any other third-party service that can supply security patches, but need to learn more.  As for backups, I have had that covered for awhile now.

A lot of the list above is also being applied to the non-internet computer.

Thanks again for bringing the subject into focus.

4 users thanked author for this post.

LHiggins, Myst, Cybertooth, Microfix

[AscarisAskWoody_MVP]

wdburt1 wrote:

I already use Firefox with UBlock Origin and NoScript; and Brave, which I understand incorporates something like UBlock Origin. I haven’t figured out how to add NoScript or equivalent to Brave.

Raymond Hill, the developer of uBlock Origin, also offers uMatrix, which offers all of the functionality of NoScript (and even greater granularity), and is available for Firefox and Chrome (which would work with Brave).  The display is information-dense and is a little bewildering at first, but once you begin to use it, you see it makes perfect sense, and I like the UI more than that of NoScript (classic addon edition).  I’d recommend that for Chromium-based browsers, and you may also want to use it in Firefox.  I was happy with NoScript, but when I started experimenting with Chromium recently, I wanted as much of an apples-to-apples comparison as possible, so I used NoScript.  After I got used to it, I wanted it in Firefox too!

Group "L" (KDE Neon User Edition 5.17.5).

3 users thanked author for this post.

Myst, JohnW, wdburt1

[AscarisAskWoody_MVP]

Ascaris wrote:

I was happy with NoScript, but when I started experimenting with Chromium recently, I wanted as much of an apples-to-apples comparison as possible, so I used NoScript. After I got used to it, I wanted it in Firefox too!

I’m sure it’s obvious given the context, but the second instance of NoScript should be “uMatrix.”

Group "L" (KDE Neon User Edition 5.17.5).

[JohnWAskWoody Plus]

I was a long time fan and user of NoScript, but since I bounced between Firefox and Chrome, I wanted the same extensions in both browsers. So I started using uBlock Origin and uMatrix.

NoScript is a fine program, but I eventually decided that uMatrix worked better for me. I eventually preferred that it would allow 1st party scripts, images, etc. to run by default, which generally allows the page to render (unbroken), but still blocks (potentially untrusted) 3rd party elements by default.

1 user thanked author for this post.

Ascaris

[anonymous]

If you find the uMatrix UI too “bewildering” and are familiar with uBlockOrigin (uBO), then it is possible to run uBO in “Medium Mode” (less “bewildering, but with less “granularity”?).

According to the uBO site, Medium Mode is “roughly similar to running AdblockPlus with many filter lists + NoScript with 1st party scripts/frames automatically whitelisted.” – see https://github.com/gorhill/uBlock/wiki/Blocking-mode:-medium-mode

I use this in Firefox, although comparing my filter lists I have a few more selected than the 6 listed at the link above. For example as a past user of the Disconnect add-on I remember selecting the Disconnect lists in uBO.

There is also a “Disable Javascript” (by default) option in the uBO Settings. Javascript can be re-enabled on a temporary basis using the lower right corner setting in the uBO main drop-down. (I usually run Firefox inside a Sandboxie sandbox, so for me such tweaks are usually temporary anyway.)

From memory (I haven’t checked while writing this) in Palemoon which uses an older version of uBO or a fork of an older version of uBO, this “Disable Javascript” option is not present there. Again from memory “Medium Mode” is available in Palemoon.

I don’t have any Chromium based browser, so I don’t know if it works the same with any of those (Chrome, Vivaldi etc).

HTH. Garbo.

PS: uBO also has a “HardMode” if you want to tighten up even more (and a “Nightmare Mode” – I haven’t checked this). There are links to these on the right hand side of the link above.

 

1 user thanked author for this post.

Ascaris

[wdburt1AskWoody Plus]

After more than a week of working on it (off and on), this is where I have landed:

• Router–The Pepwave router has arrived but is not yet installed.  I’m still using the old Netgear R6250.  Installing the Pepwave with the right settings is the last big task.
• Software firewall–I installed ZoneAlarm Free thinking, per some erroneous Internet advice, that it would disable Windows Firewall.  It didn’t, and while the two engaged in a fistfight for priority the computer bogged down and froze a few times.  ZoneAlarm recommends disabling Windows Firewall, and at least in one place Microsoft also recommends against running competing firewalls.  Further research turned up a school of thought that Windows Defender is highly competitive with third-party firewalls.  The one problem Cybertooth mentioned above is that it does not ask permission when new programs try to go online; and in fact it is set by default to allow outbound connections.  But potentially this can be resolved by adding a lightweight little piece of freeware, Windows Firewall Notifier.  Once Windows Firewall was disabled, ZoneAlarm Free worked quietly in the background, but if Windows Firewall was a viable option, it seemed better to use it rather than have a disabled, built-in piece of software waiting to be abused.  My first attempt to uninstall ZoneAlarm Free did not go well, leaving it still present in Control Panel > Programs and Features and six of its services still present in msconfig.  An uninstall .exe file buried deep in the program did the trick, though.
• User accounts–I converted the existing Administrator-level account to Standard (fewer privileges) and created a new password-protected Admin account for use when needed.  One thing I learned is that each account will have its own desktop, which means that opening the new Admin account means leaving behind the familiar desktop, GUI, etc.  But I also learned that it really isn’t a problem, because when the need for Admin privileges arises and the dialog box pops up asking for the password, the Admin account opens in the background and I am still looking at the familiar desktop.  I don’t have to jump into the other desktop unless I deliberately open it.
• AV program–Bitdefender Antivirus Plus was already installed.
• Anti-exploit program–The hardest part here was to sort out what constitutes an anti-exploit program.  Definitions vary and there is a lot of overlap among programs.  I already had Heimdal Security in place and decided to stay with it for now.
• Hosts file–I downloaded the hosts file supplied by mvps.org.  Down in the fine print on that web site is the warning that a host file larger than 135 KB will usually cause the computer to slow down.  The one I downloaded was 405 KB, and the computer hard drive began to rev up and down unpredictably, which obviously was not acceptable.  The fine print goes on to recommend unchecking DNS Client in msconfig > Services.  DNS Client is required for Network Discovery, used in Home and Work networks.  If you uncheck it you are basically deciding to call your network a Public network.  That was OK with me, because somewhat counterintuitively a Public Network is the most secure setting.  Disabling DNS Client put an end to the roaring hard drive.
• Hosts file, Part 2–I found online some text that could be cut and pasted into the Hosts file to block Facebook.  It worked great!  While I plan to continued installing Hosts file updates periodically issued by mvps.org, it’s good to know that I can edit the file if I have the correct text to insert.  It’s just a .txt file, after all.
• Whitelisting programs–Cybertooth included OSArmor in this group.  I am not sure that’s what I would call it, but I liked what I saw and installed it.  I also installed VoodooShield and so far it has operated without inconvenience.
• On-demand malware remover–I downloaded and saved Norton Power Eraser.  The other options are all available online when needed and for the most part are not designed to be permanently installed.
• Browsers–I already had Firefox (with NoScript, among other plugins) and Brave.  Just having two separate browsers for distinct uses provides a level of protection, I think.
• Web traffic-filtering browser extension and DNS resolver–I added Bitdefender Traffic Light to Firefox and installed the Quad 9 DNS resolver.  So far, I have been unable to figure out how to keep the Internet computer from changing the DNS address back to what it was before.  I’m thinking that the router may be doing it, and when I change the router we’ll see what happens.
• Ad-blocker–I already had uBlockOrigin in Firefox.  Brave supposedly includes similar software.
• Backups–I already have a “rule of three” backup plan in effect using Macrium Reflect and a well-known online provider.

The computer runs quietly and smoothly, with no sign of slowdown.  What the mvps.org web site says is probably right: Changes to the Hosts file lighten the workload, offsetting the burden of the additional software.

I drew up the foregoing list to better understand the layering of defenses mentioned by Cybertooth and the extent (if any) to which they might conflict.  In practice, so far, I don’t see much conflict, actually, although at times it seems a bit like having competing fire companies rushing to the scene.

 

• This reply was modified 5 days, 4 hours ago by  wdburt1.

1 user thanked author for this post.

Cybertooth

[CybertoothAskWoody Plus]

@wdburt1, thanks a bunch for the extensive and detailed reporting on your experience! <thumbs up>

About what kind of software to call OSArmor, some of these programs do defy clear-cut categorization and “whitelisting” may indeed not be the best term for it.

I have a question for you. You reported that your DNS resolver keeps getting set back to what it was before. You also wrote that you’re using Heimdal Security as part of your protection strategy. The DNS address that you keep getting put back to, does it begin with 127.7 ?

If it does, then Heimdal Security may be the reason. Here’s a note in a whitepaper by Heimdal (see p. 30, just before section 5.19 starts):

*in order for the Heimdal Traffic Filtering option to work properly, Heimdal should be able to set its own DNS address (127.7.7.3), that’s why the client should have the DNS address set on automatic.

This should be OK: Heimdal is performing the same DNS security function for which I’d suggested Quad9 as a possibility.

Thanks again for the rundown, I learned a lot!

 

1 user thanked author for this post.

wdburt1

[wdburt1AskWoody Plus]

@cybertooth, thanks for the good suggestion.  The DNS that it keeps reverting to is indeed 127.7.7.X, where X varies between 3 and 5.  I installed Quad 9 on the right hand (non-internet) computer as well, and on that machine the Quad 9 DNS address is stable.

I guess maybe I can uninstall Quad 9 on the internet computer.

 

1 user thanked author for this post.

Cybertooth

[wdburt1AskWoody Plus]

Edit: No need to uninstall Quad 9.  Just let the computer find the DNS address automatically, as Heimdal requires.  (Quad 9 “installation” consists merely of entering their DNS address.)

1 user thanked author for this post.

Cybertooth

[wdburt1AskWoody Plus]

I installed Windows Firewall Notifier a couple of days ago.  It generated a lot of notifications that it was blocking various installed programs, and it didn’t seem to be “learning” anything when told to Allow.  I disabled it until this morning, when I tried again.  Same story.

As mentioned previously, WFN does not install, but runs from an .exe file in a saved folder.   Supposedly it also creates a Scheduled Task that springs to life when needed.  It “uninstalls” by opening the program and disabling notifications regarding outbound connections to the web, after which the program folder supposedly can be deleted in its entirety.  In case that doesn’t work, there is a separate .cmd file that can be used to disable the program.  None of that worked for me, though at various points I saw various confirming messages mixed with error messages.  This software is still beta and acts like it.  All I can say is that I think I disabled it.  I never did see evidence of a scheduled task.

In hope of finding a Windows Firewall add-on that would “learn” what rules to apply, I installed Windows Firewall Control, which is a product of Binisoft but also carries the Malwarebytes label.  This one installs in the traditional manner and has a more useful interface and setup options, including a learning mode, which automatically creates “allow” rules for digitally signed programs and displays notifications only for unsigned programs.  When you get a notification, the choices are more clearly explained.  After a few initial notifications, things have settled down and are running normally.  The plan will be to run it in learning mode awhile, then shift to the stricter “display notifications” mode, which displays a notification whenever an outbound connection is blocked, except for user-specified exceptions.

So the end result is that I continue to use Windows Firewall with a nifty little add-on that improves the interface.

 

1 user thanked author for this post.

Cybertooth

[LHigginsAskWoody Plus]

I have a question about adding a NoScript-type extension to my Opera browser. I am currently running Opera 66.0.3515.36 and after reading though this discussion, think that adding a such an extension might be a good idea. Has anyone had any experience with one they call SafeScript? It is an extension for Opera. Or is there an Opera version of one of the others that might be recommended?

Also as an update regarding 0patch…

wdburt1 wrote:

I’m interested in 0patch or any other third-party service that can supply security patches, but need to learn more.

…some of those interested in 0patch may have seen Woody’s reference to it in his recent article in Computer World about it.

To add to that, I did email Mitja at 0patch to ask when the Win 7 EOS patches would be available from 0patch. His reply – also in the CW article was:

“Post-EOS micropatches will become available as we become aware of vulnerabilities that: (1) affect Windows 7 / Server 2008 R2, (2) pose a high risk (see Which vulnerabilities does 0patch provide micropatches for?), and (3) we have a proof-of-concept or exploit for it so we can analyze it. Having access to the patched code (from Extended Security Updates) will help a lot but will not suffice to compensate for #3.

That said, we expect the first micropatches will be issued sometime after the February Patch Tuesday, after we have reviewed what was patched in Windows 7 ESU, and whether any other vulns might affect Windows 7 / Windows Server 2008 R2. It may happen though that there will be no Win7/Srv2008 micropatches in any particular month based on the above-described criteria.”

As to getting the January patches, Mitja also said:

” It is sub-optimal to use 0patch for Windows 7 security micropatches if you don’t have all official Windows 7 updated applied.”

Still sorting through my other options for protecting my Win 7 laptop. Thanks for so much great advice.

2 users thanked author for this post.

wdburt1, Cybertooth

[LHigginsAskWoody Plus]

LHiggins wrote:

I have a question about adding a NoScript-type extension to my Opera browser. I am currently running Opera 66.0.3515.36 and after reading though this discussion, think that adding a such an extension might be a good idea. Has anyone had any experience with one they call SafeScript? It is an extension for Opera. Or is there an Opera version of one of the others that might be recommended?

As a follow-up to my own question – after reading the warning about Opera, I have just gone ahead and switched over to Firefox, so I’ll look into those extensions for FF.

1 user thanked author for this post.

Cybertooth

[MicrofixDa Boss]

@wdburt1, as for the firewall, if you use the Windows Firewall there is a small utility which may be of help I recently assisted a member and done a quick walkthrough on WPD for Win 8.1 and this also applies for Win 7 Have been using this for a few years on Win7/8 to good effect

Win7 Pro x64 | Win8.1 Pro x64 | Linux Hybrids x86/x64 | W10 x86 1909

1 user thanked author for this post.

wdburt1

[MoonbearAskWoody Lounger]

@cybertooth

Thank you for linking to the Host file lists, I’m looking at using the lists from someonewhocares.org but I’m stuck on one thing.

Do I simply copy and paste the parts of the lists I want into the Host file or is there another step?

[CybertoothAskWoody Plus]

@moonbear, here’s a brief set of instructions for editing the Hosts file. But I would add some points to that write-up:

You are right to suspect that it’s not as simple as just copying and pasting the lists you want into the file. There are three tricks–

1. As a precaution, before doing anything else, make a copy of the current Hosts file and add something to the copy’s name, for example “Hostsbackup” or anything that you’ll remember. That way, if anything goes wrong with your file editing, you can always put things back the way they were by renaming that file back to “Hosts” (note that the file has no filename extension).
2. You need to open the Hosts file by first launching the program you’ll be using to edit the file (for example, Notepad) , making sure to right-click on it in order to run the program as an administrator. Then you open the Hosts file from within that program.
3. When you’re done, make sure in the “Save As” area that there is NO filename extension associated with the file you are about to save. Otherwise, you’re liable to end up with a file named (for example) “Hosts.txt”, which will not replace your current Hosts file.

Give it a try and let us know how things go!

 

1 user thanked author for this post.

Moonbear

[MoonbearAskWoody Lounger]

I’ll be testing this out this evening.

I have one more question.

How do I get the parts of the lists I want from someonewhocares.org?

Do I copy & paste the list entries from the site into a text file and then add that into the Hosts file or do I need to download something?

[CybertoothAskWoody Plus]

What I would do is to copy the desired parts right off the webpage and paste them to the Hosts file. For instance, you could place your mouse pointer at the beginning of the line that reads

#<localhost>

and then press the Control, Shift, and End keys in succession while keeping the previous one(s) pressed. You will end up with all three keys pressed at the same time. This will select everything down from that point in that long file. The selected text will be highlighted on your screen, probably in white since that webpage is dark.

Now you can let go of the Ctrl-Shift-End keys. You will probably see the bottom of the webpage. If not, then use the scroll bar off the right edge of your browser window to reach the bottom of the webpage. (If you use the mouse to scroll down, the highlighting may disappear and you’ll have to start the process over again.) The last line that’s highlighted gives a time and date. Press your Shift key (only) and, while keeping it pressed, hit the Up arrow on your keyboard to un-highlight the lines to just above the line that reads

#<Windows10>

…unless you want to keep those Acknowledgments in your Hosts file  🙂  as well as the Windows 10-related addresses.

If you only want to add a certain portion of Dan Pollock’s list to your Hosts file (say, the hijack sites section), then simply highlight the desired portion by dragging the left mouse button over that section, then proceed as in my next paragraph.

Now you can copy the highlighted text by using Ctrl-C, change the focus on your screen to the Hosts file that you opened in Notepad, go to the end of the file, and press Ctrl-V to paste the copied text into the Hosts file.

Once you’re satisfied that you’ve made the changes you want and that they were done correctly, you can save the Hosts file as described in my previous post.

You can add listings from additional Hosts file maintainers, although some people may warn you that an excessively long Hosts file could impact your PC’s performance. (I am not sure of that one way or the other, but am mentioning it here just in case.)

 

[MoonbearAskWoody Lounger]

This may be a silly question, but does it matter if I copy and paste with the mouse instead of the keyboard?

Also while I’m thinking about it, how would I know if I had messed up with editing the host file?

(I haven’t done anything yet, just doting t’s & crossing i’s before I begin.)

[CybertoothAskWoody Plus]

No, as long as the text you want to copy has been successfully highlighted, it doesn’t matter how you select it.

Other than the filename extension being incorrect, there’s not much to go wrong with when editing the Hosts file. Just make sure that every line starts either with a “#” (for lines that are merely comments) or with one of the numerical dummy addresses (127.0.0.1 or 0.0.0.0).

If you wish, after saving the Hosts file you can test the effectiveness of what you did by trying to reach one of the sites that you have banned. (I have Facebook.com in my Hosts file, and it’s nice to see a “can’t connect to Facebook” error when I try it.) However, be aware that this could be risky if you do the test with an out-and-out malware site!

 

[MoonbearAskWoody Lounger]

Thank you very much for the clarification. I have Cerebral Palsy which in my case means I can’t really use my right hand so whenever I see “use multiple keys to do X” it leads nothing but frustration.

I will report back with my results soon.

 

1 user thanked author for this post.

Cybertooth

[MoonbearAskWoody Lounger]

I added everything I wanted but when I clicked save as I got a warning that the encoding was wrong, what do I do now?

[CybertoothAskWoody Plus]

This was a new experience for me, too. I use Spybot’s Hosts file with manually typed additions, so I’d never run across that issue before.

The error that you ran into, does it look like this:

If this is what you’re getting, then try changing the character encoding when you save the file. This choice will be near the bottom edge of the Save dialog:

The screenshot didn’t include it, but in the drop-down menu off the bottom edge there will be three other choices. Select “Unicode” (nothing more) and save the file. (Please note that I’m using a test text file here, so other settings that you see in the screenshot will differ from yours.)

As a test, I would suggest adding a known site (that you never visit) to the Hosts file, such as facebook.com, then saving the file and trying to visit Facebook. If you can’t get to the site, then you know that the Unicode file save worked. If you’re OK with Facebook, then you can go back into the Hosts file and remove facebook.com from your list.

Others reading this who may be more familiar with the nuances of ANSI vs. Unicode encoding, are invited to provide more details. Shouldn’t this be a hurdle that’s addressed on Dan Pollock’s page?

 

Attachments:

You must be logged in to access attached files.

1 user thanked author for this post.

Moonbear

[MoonbearAskWoody Lounger]

That’s the exact error I was getting.

Before I replied, I tried something:

Howtogeek has a tutorial on editing the hosts file where they also use facebook as an example. I copied & pasted their example and changed the 0.0.0.0 to 127.0.0.1 then instead of clicking save as I just clicked save.

It seems to have worked as when I tried to reach Facebook.com, Chrome threw up a

this site can’t be reached screen with err_connection_refused. (I have it sitting in another tab as I type this.)

• This reply was modified 5 days, 13 hours ago by  Moonbear.

1 user thanked author for this post.

Cybertooth

[GeoAskWoody Plus]

Security Now 744 VPN-geddon Denied   In this episode of Security Now , Steve Gibson mentions about the Win7 hobbyists already hacked the win 7  extended updates and the link to their forum.  The cat and mouse begins.

1 user thanked author for this post.

Cybertooth

[Alex5723AskWoody Plus]

Geo wrote:

Security Now 744 VPN-geddon Denied   In this episode of Security Now , Steve Gibson mentions about the Win7 hobbyists already hacked the win 7  extended updates and the link to their forum.  The cat and mouse begins.

Someone found a way to bypass Windows 7 Extended Security Updates checks

https://www.ghacks.net/2019/12/07/someone-found-a-way-to-bypass-windows-7-extended-security-updates-checks/

[CybertoothAskWoody Plus]

For better or worse, viewing that MDL thread now requires getting an account there and signing in.

 

[KraniumAskWoody Lounger]

Cybertooth wrote:

For better or worse, viewing that MDL thread now requires getting an account there and signing in.

 

For better. That thread is now overflowing with the same questions over and over and over again. Terrible to sift thru for actual relevant info & updates. This will help, albeit not enough.

Group B for WIN7 w/ ESU, plus trying out Linux builds in dual boot.

1 user thanked author for this post.

Cybertooth

[MoonbearAskWoody Lounger]

@cybertooth

Should I add the someonewhocares.org #<localhost> portion into my host file?

What does it do?

Once I figured out how to make the host file save this morning, I went back and added everything I wanted but I skipped the localhost portion in case it was part of why the file wouldn’t save correctly last night.

[CybertoothAskWoody Plus]

Yes, you should definitely add the <localhost> section to your Hosts file.

I’m no expert on computer networking, but if I have it right, then this section is what prevents your browser from actually reaching the websites you want to block. For example, assuming that you have included that section in the Hosts file, then when you set facebook.com to 127.0.0.1, essentially what you’re doing is to tell your browser to look for facebook.com on your PC (“localhost”), which of course it won’t find and give you that “can’t connect to facebook.com” message.

For some additional information, see this page, especially the “Site Blocking” section, and this Wikipedia entry.

Networking connoisseurs are welcome to correct or expand on my explanation!

 

1 user thanked author for this post.

Moonbear

[MoonbearAskWoody Lounger]

Thanks, I’ll do that right now.

[jabeattyauditorAskWoody Lounger]

The localhost section isn’t needed; 127.0.0.1 *is* localhost.

The entry mentioned above has a comment tag (#) before localhost which means the OS won’t even see the word.

Your hosts file needs nothing other than the IP address followed by the site you wish to associate with it. (You can use this to provide fixed IP links to other systems on your LAN, btw, and avoid using SMB1 in the process.)

1 user thanked author for this post.

Cybertooth

[CybertoothAskWoody Plus]

What I understood by the question @moonbear posed, was that he was referring to the entire section labeled #<localhost>, i.e.:

#<localhost>
127.0.0.1	localhost
127.0.0.1	localhost.localdomain
255.255.255.255	broadcasthost
::1		localhost
127.0.0.1	local
::1		ip6-localhost ip6-loopback
fe00::0		ip6-localnet
ff00::0		ip6-mcastprefix
ff02::1		ip6-allnodes
ff02::2		ip6-allrouters
ff02::3		ip6-allhosts
#fe80::1%lo0	localhost
#</localhost>

Wouldn’t at least some of this need to be included, so that the blocking takes place as desired?

 

1 user thanked author for this post.

Moonbear

[MoonbearAskWoody Lounger]

So should I delete this section completely?

#<localhost>
127.0.0.1	localhost
127.0.0.1	localhost.localdomain
255.255.255.255	broadcasthost
::1		localhost
127.0.0.1	local
::1		ip6-localhost ip6-loopback
fe00::0		ip6-localnet
ff00::0		ip6-mcastprefix
ff02::1		ip6-allnodes
ff02::2		ip6-allrouters
ff02::3		ip6-allhosts
#fe80::1%lo0	localhost
#</localhost>
Or just the #<localhost> and #</localhost> and leave the rest?

[CybertoothAskWoody Plus]

There’s a technical discussion of this issue here.

Personally, I would leave the contents of the section intact as we see it in your post. But the two “#” lines that you specified are merely comment lines, markers for convenience to indicate where that section begins and ends; as @jabeattyauditor suggested, you can delete those two “#” lines and be just fine.

 

2 users thanked author for this post.

jabeattyauditor, Moonbear

[MoonbearAskWoody Lounger]

Cheers, I’ll do just that.

[MoonbearAskWoody Lounger]

I had a weird thought in regards to the # lines.

Wouldn’t it also be a good idea to delete the ones at the beginning and ending of the sections of the list for the things that are meant to blocked as well?

Or do those not matter?

[PKCanoDa Boss]

The comment lines designated by # serve the purpose of documentation. If you open the file a month (year) from now, it helps you to know what’s being done.

Don’t know if you’ve ever done programming, or particularly tried to read someone else’s code, but it is very hard to follow the flow of things without the commented documentation. I have always left comments in the code when programming. Six months later, it would be a nightmare for me to follow my own logic without them. And Heaven help anyone else trying to wade through the murk.

2 users thanked author for this post.

Moonbear, Cybertooth

[MoonbearAskWoody Lounger]

Ok, that makes sense.

I’ll leave them alone, it was just a brainstorm.

[OscarCPAskWoody Plus]

PK: “Six months later, it would be a nightmare for me to follow my own logic without them. And Heaven help anyone else trying to wade through the murk.”

Well said and so very true! I often have trouble figuring out my own code a few months after writing it, even with comments, and prefer not to think what it would be like if I had left those out. Particularly when it is more than a few hundred lines, with multiple loops, branching points, nested “if… then” structures, etc.

Windows 7 Professional, SP1, x64 Group B & macOS + Linux (Mint) => Win7 Group W + Mac&Lx

[TaskForce141AskWoody Lounger]

Another security tactic, for Home users who lack the application whitelisting abilities of Applocker in Win 7 Professional:

Use the Parental Controls applet in the Win 7 Control Panel for application whitelisting.

Select the user account you want to apply Parental Controls to, and then select the installed programs you wish to allow access to.  To simplify things, I picked ‘All’ (I did an all-files anti-virus scan beforehand to ensure a clean baseline).

Caveats:  some, but not all, programs that auto-update themselves may start complaining or not work at all.  I only saw this with the desktop software for Napster/Rhapsody music streamer.

 

2 users thanked author for this post.

Cybertooth, wdburt1

[GnutopianAskWoody Lounger]

I have to agree that the paranoia about patching is a bit over-done, but not getting anymore security patches is concerning. The main threat for casual “home” PC users is through their browser. I use Firefox with NoScript, uBlock Origin, and a number of other protective extensions. And have used the hosts file modifications, and the malware-filtering DNS, for years.

But I am considering some of these other options that you have listed. What is using OSArmor like? Does it prompt for every little thing you run at first? Does it have a “config file” that you can copy to another system? Or does every system have to build up a unique profile through usage?

You mention EMET. Have you actually installed it? Does it have any known compatibility problems with common applications?

• This reply was modified 4 days, 9 hours ago by  PKCano.
• This reply was modified 4 days, 8 hours ago by  Gnutopian.

[CybertoothAskWoody Plus]

OSArmor isn’t hard to use. Although it has a lot of sophisticated elements to it (many of them too sophisticated for me 🙂 ), you can use it at default settings and have a good experience. However, on those few occasions there’s been an alert, I’ve jumped out of my chair, as the warning sound is pretty creepy. In my mind it evokes an image of some evil crow. If you still use Adobe Flash on IE11, when updating it I recommend temporarily disabling OSA (you can right-click on its Notification Area icon) to avoid this scare.

Here are a couple of screenshots of the OSArmor GUI showing a sampling of its protections:

I’ve been using this program for more than three months now, and the alerts have been few and far-between.

Now regarding EMET, I don’t have it installed on my Windows 7 PC since I use HitmanPro.Alert on it, but I do have installed on a Vista machine and on my Windows 8 laptop. As with OSArmor, you can make your experience with it as simple or as complicated as you like; I tend to leave EMET set to default values. The only time it’s given me grief was at first when I tried to launch a browser (I think it was IE11) and it couldn’t due to one of EMET’s protections. It was so long ago that I can’t remember the exact details, but I do remember that the solution was to switch off “EAF+” protection for the problem application.

As with any new software that we’re trying, the Web is our friend when it comes to researching problems as they arise. 🙂 One very good, ongoing discussion for OSArmor that I monitor takes place at Wilders Security.

Good luck, and let us know how EMET and/or OSArmor work out for you!

 

• This reply was modified 3 days, 18 hours ago by  Cybertooth.
• This reply was modified 3 days, 18 hours ago by  Cybertooth.

Attachments:

You must be logged in to access attached files.

1 user thanked author for this post.

Gnutopian

[GnutopianAskWoody Lounger]

Wow, the “third-party” security world is much bigger than I realized. All those acronyms for various other utilities in the Wilders Security thread are confusing. Is there a list of these programs and their acronyms/abbreviations somewhere? 🙂 Long thread, too. It took quite a while to develop OSArmor to the point where it is now. I hope it is stable going forward.

Adobe Flash had become so notorious that I dropped it from my own systems more than a year ago. It will be discontinued by the end of this year, as I recall. Since Chrome has a built-in version, it’s not completely absent from my systems, but I leave it disabled even in Chrome.

I think it will be a while before I make the leap and install some of these things, though. There are many confusing issues, like possible changes in how I use my computers, possible conflicts among the various add-ons, and trust. Annoying that MS isn’t trustworthy themselves… just the OS creator, so we’ve had to trust them by more-or-less default even as they ramped up the “telemetry”. But it still makes me nervous to have to install third-party software at the “ring 0” level.

[Pierre77AskWoody Plus]

Hope this helps @gnutopian

https://www.webopedia.com/

[Author]

Posts