lightest > heaviest av

[degarb]

Jan 2011: I read for 3 nights over thousands of post to see what is the lightest and best av. The problem I think is the placebo effect makes some rave about some products that do nothing, and, some people use 3.4 ghz w/ 2 gig ram and call that an old machine! To me, I have run XP sp3 in a virtual box with 256 meg of ram, 6 or 8 gig partition, and a Pentium 3 650mhz inside Ubuntu-with no problems. So a 650mhz/256meg ram should run xp fine, it should also be the machine to test the efficiency of AV code.

My conclusion: Scotty the watchdog (cannot forget this classic) + Bufferzone pro +threat fire = less .1% of a 2 ghz cpu and less than 8 meg of ram. So these are zero impact, no brainer saftey install for your windows machine. But reading and reading, some think norton light, others mccaffe, one must throw out some reports. At first it seems a tossup. But as you read on, themes emerge. In the end immunet and panda are constantly reported the resource light winners, with panda reports of cpu spikes only during scans. I tested both, panda cloud and immunet: immunet takes %3 average cpu with no great spikes on a 2 ghz machine with (agent.exe and iptray) taking about 60meg commit ram and under 10 physical ram. On a 650 mhz machine this would be about %10 cpu average, and borderline for any benefit over safe surfing, email, and firewall on such a computer. While Panda gets highest marks by pcmagazine and other testers for detection, it does spike to %85 cpu during scanning and averages %13 cpu during these period. But my first observations seem to be about same cpu and memory usage as immunet when not doing any special scanning. I do like the panda interface better; it is cleaner and more needed options. Also note panda and immunet are cloud based, meaning load is taken off your computer as signatures are pushed to cloud to analyze: this is the future (since more uptodate than served signature files). You can buy panda pro for off line scanning, or use malwarebytes for that.

Now, these seem to trump the more traditional av by user reports of system slowdown. Still many people will run 3 ghz single core machines with a ton of ram, and call these slow machines. Vipr, nod32, the newest Kaperski, Norton Corporate, Microsoft Security essentials, avast 7 (?) all contend for a light av crown. Nod32, is assembly language, but some users report not very good at detection. My experience with assembly programs is that they are astonishingly small, but still can grab significant win98 resources, and are more buggy, since fewer people can write in assembly. Some report Kaperski starts off light but bloats up. Avast is continually reported significantly heavier than panda. MSE is only reported to be moderately light (I think 175 megs after extras are downloaded in background) and still developmental (like immunet). My feeling, without testing these is that they might be too heavy for machines under 2 ghz and 1 gig ram.

While you can always upgrade the machine to avoid the real world worry of system slowdown, you are still stuck with programs with a mindset to continue poorly writing, in favor of gimmicks.

My hope is Microsoft Security Essential will keep them all honest with their free light weight av. It is unlikely the Justice department will come after them for securing their own Operating system. In the end, they are the only one's to blame for not doing a better job of sandboxing (they have improved on firewall, data execution prevention, application firewalling (asking users permission to run new or modified exes), allowing user to be blind of registry/startup/etc modifications, and allowing an endless number of processes to run that will confuse even the expert user.
_________________
Thnx. But really, adulation isn't required.
.
R-ights, I-nfrastructure, D-efense, S-afetynet 4 helpless: R.I.D.S--the limit of legislation. Not to grow, control, and maintain power.

[degarb]

Many report avira to be light, but just as many post claiming it slows their pc. Not as unanimous as Norton or the newest avg reports of slowdown.
_________________
Thnx. But really, adulation isn't required.
.
R-ights, I-nfrastructure, D-efense, S-afetynet 4 helpless: R.I.D.S--the limit of legislation. Not to grow, control, and maintain power.

[degarb]

What would I recommend for people like me that run extra firewalls, but have been av shy because of the tentacles into the OS that cannot be removed often with uninstall? Well, between immunet and panda cloud? Well, on upstairs 1.6 mhz computer immunet worked fine, while panda seemed to slow it down. On downstairs computer, immunet almost failed to install at all (service needed to be started and had trouble starting). But panda seems to have killed my usb hard drive from sharing (fixed with  http://support.microsoft.com/default.aspx?scid=kb;en-us;177078  ) and now with panda on the 2 ghz desktop, the startup seems rather sloooowww. Otherwise fine. Unsure exactly if the slow start is pandas fault, as I did try upgrading IE to attempt fixing immunet, and installed one sp3 update on my xp.
_________________
Thnx. But really, adulation isn't required.
.
R-ights, I-nfrastructure, D-efense, S-afetynet 4 helpless: R.I.D.S--the limit of legislation. Not to grow, control, and maintain power.

[degarb]

Another point of confusion is that panda antivirus is a completely different product from panda cloud. So, comparisons with panda av, is not comparison with panda cloud.
_________________
Thnx. But really, adulation isn't required.
.
R-ights, I-nfrastructure, D-efense, S-afetynet 4 helpless: R.I.D.S--the limit of legislation. Not to grow, control, and maintain power.

[plodr]

You have to install to see.
I run Avira on all my windows computers with no problem. I brought my nephew's two computers here to fix (hardware), patch and cleanup. They are both Dell Dimension 2400 models and my husband uses a Dell Dimension 2400. On one computer with 256MB Avira was okay. The computer is slow so there is no getting around that. On the other that I added a 256MB stick to so the computer now has 512MB, Avira slowed the computer down terribly. Getting the programs to show when I clicked the Start button and getting the right click menu to appear was agonizing. I remove Avira and replaced it with MS Security Essentials and I do not see the slowdowns.
I can't explain why on three computers of the same model, Avira works fine on two of them but doesn't on the third.

[nevadacrab]

I use Avast on an old Dell Inspiron 1100 with 640 Megs of RAM with a very small performance hit. I have 2 even lower powered laptops with Panda Cloud that show no noticeable hit. I put Panda Cloud on another older laptop for a friend. I do not know for sure how reliable it is (have had a couple of false positives) but it is sure better than nothing (coupled with "safe surfing" habits).
I recommend Avast overall, though.

[degarb]

plodr wrote:

You have to install to see. I run Avira on all my windows computers with no problem. I brought my nephew's two computers here to fix (hardware), patch and cleanup. They are both Dell Dimension 2400 models and my husband uses a Dell Dimension 2400. On one computer with 256MB Avira was okay. The computer is slow so there is no getting around that. On the other that I added a 256MB stick to so the computer now has 512MB, Avira slowed the computer down terribly. Getting the programs to show when I clicked the Start button and getting the right click menu to appear was agonizing. I remove Avira and replaced it with MS Security Essentials and I do not see the slowdowns. I can't explain why on three computers of the same model, Avira works fine on two of them but doesn't on the third.

Interesting. I bet some incompatibility with installed components comes into play, as well as machine specs. Been reading up on this. My trigger finger on the install the downloaded avira file. I decided I didn't like the panda cloud cpu numbers, and noticeable os startup slowdown and added 2 or so seconds starting various aps. I went back to immunet. I also read some people saw MSE use too many cpu percentage, so I was steering away from trying that one. Avira seemed to get mostly reviewed as memory and cpu light. One major av independent tester rated it the lightest free and forth lightest (ahead of eset and behind sophos, k7, and escan, but didn't test vipr or immunet or threatfire or panda cloud) of all its tested, and well ahead of MSE. However, immunet is claimed to be 35 times lighter than conventional AV--main complaint is no rootkit detection, but that is covered by incredibly light threatfire. I get feeling by reading immunet is immature, and likely far behind the protection signture detection of panda or avira. But, the point is no cure worse than the virus.
_________________
Thnx. But really, adulation isn't required.
.
R-ights, I-nfrastructure, D-efense, S-afetynet 4 helpless: R.I.D.S--the limit of legislation. Not to grow, control, and maintain power.

[degarb]

Also, I would pay for av, if: 3+ computers for 5+ years for <$40.

But, the pricing for AV is out of their freakin minds! They think we are so scared, we will pay anything. Which is probably largely true for most professionals (teachers, lawyers, dotors, etc.) who use windows.
_________________
Thnx. But really, adulation isn't required.
.
R-ights, I-nfrastructure, D-efense, S-afetynet 4 helpless: R.I.D.S--the limit of legislation. Not to grow, control, and maintain power.

[degarb]

Testing avira now. My first impression is it uses a good chunk of ram, most it seems to page out here, and I am very impressed with low cpu numbers I am seeing. I don't see any launch or slow down yet. If this keeps up, I will keep it, hopefully along side Immunet, threatfire, and bufferzone. Yes, all compatible.
_________________
Thnx. But really, adulation isn't required.
.
R-ights, I-nfrastructure, D-efense, S-afetynet 4 helpless: R.I.D.S--the limit of legislation. Not to grow, control, and maintain power.

[degarb]

One freebie that I may have over looked is Comodo suite! Probably, because it was reported to use much cpu when p2p or many connections and it weaves into the registry/uninstall doesn't fully remove all traces/so updating often doesn't work. It didn't rank http://www.av-comparatives.org/ in top 4 like avira for system responsiveness; I don't think they tested it. I read it was a complicated firewall to setup. I also read the av signature detection wasn't that good. Also read threatfire possible conflicts. And sandbox was impractical.

I didn't realize it was fairly light for many users not runing p2p, or that it was exceptional at firewalling, hips, sandbox, behavioral and heuristics. All in all a perfect single step av solution. And, free! I assumed at first glance only the firewall was free.

http://www.youtube.com/user/languy99 he uses comodo. Nothing he tries is %100 effective, really. Really shows how you need all the below. Returnil sandbox worked well, but eventually you would want to let stuff out....

----------------------
My unedited sketched notes after seeing languy99 demo the weakness of all PC protection products:

1. Use firewall. This will prevent keyloggers, adware, or hacking into your machine. New firewall analyze traffic for suspicious behavior. Basic firewalls, like windows built in fw, just setup rules for allow and deny traffic to paticular aps that are checksum verified for changes.. Win 7 built in firewall in and out. Xp built in firewall in. Most routers have built in firewalls, where users hide internal ip. (Ex: xp sp2 or up, or kerio. ) Indeed XP service pack 1 had huge holes where a new machine would be come hacked in minutes of connecting to Internet, if no third party firewall is installed, before it can download the more secure service pack 2 or better, 3. DOWNSIDE: However outgoing svchost problems, making outgoing firewalls pretty useless) The router firewalls seems to routinely be breached.
2. Auto update windows xp or 7. (control panel) DOWNSIDE: I know none, unless your XP/7 is not geniun
3. System anneal. Close unneeded, dangerous services. DOWNSIDE: Could break things that might not be discovered for week (system restore will fail), and cause system to not boot.
4. Use a H.I.P.S program, formerly called application firewalls. (Monitors everything (sig changes/startup/dll hooks/injections/systemfiles/regkeys/even disk writes) and all processes are required to get permission to go pee. Ex. Malware defender w/ firewall. DOWNSIDE: Too technical and pain in butt, but effective. Also, if you don't understand everything, you could block useful and begnine programs or allow too much stuff like firewall risk.)
5. Virtual sandbox. Boom, most AV problem solved! (Ex. trustware.combufferzone pro is my beloved favorite, returnil or virtualbox.org DOWNSIDE:(Stuff can break out, unless using virtalbox.org, which requires a very good computer. Also some stuff will not run under virtualbox.org machine.) Also, user will let out potential stuff.
6. Real full roll back or snapshot. ( arconis or returnil) DOWNSIDE: I have seen and read about many instances where these rollback programs blows up a machine's OS. Kinda dangerous.
7. Process guarding: Simply forbid exe's from creating or modifying exes, dlls or sys files. Boom, AV problem solved! Ex. process guard or peguard DOWNSIDE: No downside with my tried peguard 2, other than a user may easily let stuff run on accident or temporarily block needed aps. Naggy, perhaps.
8. Behavioural Antivirus. Ex. Threatfire. DOWNSIDE: They will miss stuff, many false positives once set to useful level. Threatfire on normal mode has so far served me well and did well with languy99 testing. Moreover, it will say "you have a high threat!" and not "you have conflicer.hkl virus" So, it signature AV methods will always get better reviews.
9. Just scan for signatures on demand. DOWNSIDE: Doesn't secure machine with many users. with other clever exploits, you could concievably get stuff in meantime.
10. Heuristic AV. They might run executables in the background in a sandbox and see it mods certain areas of OS or memory. DOWNSIDE: I can see high cpu and memory usage, and it is known for a lot of false positive and many misses.
11. Signature Antivirus. This is most popular method since it should tell the user the suspected name of the virus/malware. Take their recommendations with a grain of salt. DOWNSIDE: Too many to list. If you ever did hex editing and compression/encyption decompiling, then you know there is no code that the AV is really analyzing. The signature comprizes of mere the file name, size, author, and no mutating code. If one is tripped, the file is flagged for quaranting. Signature files that most AV use are always outdated and contain nothing but old and not in wild signatures The new more uptodate method is cloud, but there are now authentification problem and driver that don't load is isp is out. Signature based AV offers alot of false positives (for me about 7 to 20 falsies to one real threat), and they will misses alot. They miss a lot not only because it takes too long for the company to write the new signature for a new virse, but also an intelligently written mutating virus that reencrypts itself would be invisible to any signature. Anyone with basic language skills could write a malevolent program in 20 minutes that will be invisible to signature for months. Anyone that chooses particular languages to author with may have a third of scanners flag "hello, world" compiled exes as virused.
12. Anti adware and antispyware programs. More AV are including this, since there is big money in it. Spyware is a big problem though, bigger than virus problem, because a virus file will never be available for download by companies or most sites. Many companies must find creative revenue streams, and can only survive in a world where no one will pay modestly for stuff that takes thousands to hundreds of thousand hours to write--some taking these alternatives too far by changing browser behavior and loading bulky aps in startup. Downside: like signature, they are classified by user hunches. Someone has a hunch that the traffic is not an auto updater or registration verification, rather some malicious adware, keylogger. Based on nothing more, it may be flagged, when author was only trying to make their stuff uncrackable, or more useful.


Conclusion: Nothing is ideal.(BZ is close) Do what you can of all 8 that doesn't hit your system resources. Virtualbox.org would be best solution but need faster computer than I have. Linux is great for second computers, but is still missing a ton of stuff for the main desktop (among other things, voice in, voice out, automation, and compatibility). Also, there is no commandline free linux (which means typos will plague most people, as will outdated googling), while most windows maintenance is one click fixing.

Currently running these whole hearted endorsed products: BufferzonePro (free %100 protection per all tests in reviews, super light, near perfect scheme); Immunet (now free version has clam. Super light, would be used with Avira, except Avira noticeably slows down my machines); PEguard 2 (not perfect, but super light, free, and protects your system files.). Winpatrol (not really hips or av, but good at keeping legit aps in line)....For techies, I recommend malware defender to know everything your programs modify or control.

rejected av: Avira (slowed two machines down. Don't know why, she had low cpu and acceptable memory. Just menus would take 5 seconds to open with it installed.); threatfire (cpu thrashing when doing bat files. Has heart attack with ping.), comodo (looks promising, but leftover bits in registry after uninstall isn't my cup of tea), MSE with her cpu thrashing. Panda (cpu thrashing)..
_________________
Thnx. But really, adulation isn't required.
.
R-ights, I-nfrastructure, D-efense, S-afetynet 4 helpless: R.I.D.S--the limit of legislation. Not to grow, control, and maintain power.