I've Windows 7 with latest updates without any antivirus software.
I use ZoneAlaram Free Firewall to restrict application from accessing Internet without my knowledge (every new application requires ok/cancel in firewall's popup).
Administrative account is locked with password and for everyday usage I use restricted Windows account.
Also I've enabled Application whitelist policy in
secpol.msc
snap-in. Only applications fromC:\Windows
andC:\Program Files
are allowed to run. When I download something (from trusted sources, of course) what I want to install I place installer intoC:\Program Files
and start it from there (this happens rarely). I've added.js
,.ps1
,.vbs
into list of executables in security policy to prevent attacks from 'viruses' which encrypt user's files (idea from https://www.bleepingcomputer.com/tutorials/create-an-application-whitelist-policy-in-windows/In google chrome I've disabled all plugins, removed extensions.
Except zero-day or any other unknown vulnerabilities in Windows, Office, Google Chrome what should I be afraid of? I know my method is not 100% secure, from time to time I download free one time antivirus software (drweb cureit) and verify my system. What do I miss?
If I want to use some application (skype, etc.) and want to be sure that it does not have access to my files is it safe to run it under special account (create restricted account, for example, skype-user, and start skype using runas
)?
P.S. I've replaced taskmgr with process explorer, disabled through sysinternals autoruns
utility everything what I do not think is required to the extent of working system, of course.