Originally posted here by Synja
Security comes from the OS (and the user to a lesser extent), always has, always will.

If you look at the popular "security" programs that really take proactive measures... they do nothing more than adjust the manual settings that may be hard for the average user to find.

If you look at the "immunization" option in SpybotSD, all it really does is create system settings that prevent certain IP/hosts from being accessed, and denies all cookies from certain sites. There is no reason you can't do this on your own, it just makes it easier.

Bastille-Linux as another example. All it does is create the settings that will protect your computer, it doesn't "add" anything except a few cleanup scripts. All it does is changes the defaults to more restrictive settings. Sometimes causing unexpected side effects... but usually doing a good job.


There are a myriad of tools and preset configurations you can install, from a custom hosts file, to the NSA's Security Configuration Templates

There is not a single thing that can't be easily done by a competent user without the use of external tools.

My point is, that if you want security, you have to look at the system, not what you can download for it.

I agree with Synja - when I do system lockdowns, it consists of mostly making registry changes, implementing certain security policies by using either secpol, domain security policies, etc. I feel you can properly configure a system without the use of third party software in an effort to secure the box.....