in message
I have used Norton and McAfee in the past. McAfee seems to run
heavily and
bogs down my system. HOWEVER, I would rather have something that is
"tried
and true" for my anti-everything. This, I realize, is beyond the
scope of
what this "community" if for but what anti-everything would YOU
suggest?
The problem with suites is that you rarely get the best of breed for
each component. You get so-so components that the bundler has tried
to make cooperate with each other. I am currently using McAfee's
suite because it is provided free from my ISP while I remain their
customer. Yeah, I know lots of folks want to pan McAfee, like saying
that it consumes too much memory, but by the time I compile my own
separate programs to include the same feature set (firewall,
anti-virus, anti-malware, and privacy control) I end up consuming the
same amount of memory. Also, it is not required to install everything
in a suite. For example, and unless you feel compelled to do so, you
do not need to install the privacy component of McAfee's suite.
Others claim that McAfee will slow down their host. ALL security
products will impact the responsiveness of a host. The more security
programs you have running means the more CPU cycles they consume and
the more interrogation of file read/writes and network traffic that
occurs. The only real problem that I've had with McAfee is
uninstalling it and then having to clean out all the remnant registry
entries. McAfee now has a cleanup utility that helps. Registry
editing shouldn't be done by amateurs.
If you want to build your own suite, the configurations that I've used
are:
- Firewall: Comodo or TallEmu.
All firewall versions from Comodo are free. TallEmu has a free
version of Online Armor but their paid version has more features (but
even I feel that they really aren't needed so I just use the free
version).
Comodo came out with version 3. It includes HIPS (host intrusion
protection system) to regulate what programs are allowed to load and
which programs can load what other programs. This level of control
can be daunting to security neophytes. You can disable Defense+ to
get rid of HIPS but then you lose what provides excellent control over
what can run on your host. Anti-virus programs and other security
software that is based on signature databases are helpless against
zero-day attacks for unknown pests, but if you see a new program that
you don't recognize then you can prevent it from loading until you
have time to investigate it. I still feel version 3 is a bit too
flaky for casual use. Visit their forums to see that users are having
too many problems with it. For typical users, I'd suggest using the
older version 2.4 of Comodo's firewall (although it does not include
HIPS).
TallEmu has their Online Armor. It started out as a HIPS program and
then they added a firewall in version 2. It is simpler to use than
Comodo. Although OA includes HIPS, it doesn't have the parent-child
control of Comodo's v3 product to regulate what program can call what.
The assumption is that you have other security programs to detect the
malware parent that is trying to call the child program, like when
malware attempts to use Internet Explorer to make connections to its
bad web sites.
Of course, for those that have a NAT router with a built-in firewall,
often that is all they need for a firewall. It isn't a great firewall
but it is better than nothing. With the firewall included in Windows
and the router firewall, you should be safe enough from outside
attacks but you won't get any control over good and malware programs
having network access. And not all "good" programs are necessarily
good to let run or let have a connection. Some good programs do not
provide user-configurable options to control what they run or if they
can connect elsewhere.
- Antivirus: Avira, AVG, or Avast!
These are all free. They are listed above in the order of their pest
coverage, not in order of their ease of use or in their absence of any
advertising. Avira has top coverage but the free version also nags
you to buy their commercial version. There are ways to eliminate
their avnotify.exe window that appears during an update and also
eliminate their splash window on loading. While Avira has top
coverage (as measured at
www.av-comparatives.org), I've also seen it
have more false positives than AVG and Avast!. False positives waste
my time but not having exclusion lists in AVG also wastes my time. If
my system setup consisted of only very well-known applications then
I'd go with AVG. If my system has lots of games or low-level
utilities, I'd go with Avira. However, I like that Avira lets me
define exclusion lists. If the product triggers on a false alert that
a good program is a pest, I don't have to report the false alert and
wait until someday when the company decides to update their signature
database so I can use my good program. I just add it to the exclusion
list. I like AVG for more casual users but the free version has no
exclusion list. You cannot run your good program while AVG is false
triggering on it until Grisoft eventually updates their signature
database, or you have to disable AVG to run the good program which
means you are left exposed to infection while you have AVG disabled
while you are running the good program. Avast! is okay but personally
I've experienced more impact to the responsiveness to my host than
when using AVG or Avira, especially if you perform a task of copying
thousands of files between hard disks.
- Anti-malware: Windows Defender, SuperAntispyware, Ad-Aware, Spybot
S&D, AVG AntiSpyware and AntiRootkit, SpywareBlaster, BOClean.
Several are listed but I only have Windows Defender running all the
time. Windows Defender does not have high coverage regarding what
pests it will detect, but then many users don't realize that all these
type of programs have low coverage, like 50% or less, and many have
even less coverage as to the number of pests that they can actually
successfully eradicate from your host without causing damage to the OS
setup. I really don't use Windows Defender (WD) for pest detection.
I use it to notify me when good and bad programs attempt to make
changes to my system setup. I don't need WD if I have another program
that does the same thing. Comodo's v3 firewall has some of WD's
checks but not all so I'd use both with the nuisance that sometimes
I'll get duplicate alerts regarding the same change. I'm using McAfee
which has its system guards which WD duplicates so I don't run WD when
using McAfee's suite.
For all the other anti-malware products that I list, I install them
but do NOT have them running all the time. I do NOT use them as
on-access scanners. I only use them as on-demand scanners; that is, I
occasionally update and use them to perform a manually initiated scan.
SpywareBlaster never runs continously, anyway. That's not what it
does well. It adds killbits to the registry to neuter ActiveX
controls that are known to be malware. It can also add sites to the
Restricted Sites security zone to neuter those should you ever happen
to visit them. The point of having multiple anti-malware programs
available (but not all running to avoid conflict and duplication of
effort and prompts and the incumbent impact on responsiveness of the
system) is to provide overlap. They all have low coverage but they
have slightly different coverage so, in total, they have an aggregate
higher coverage than using any one by itself.
BOClean is a resident anti-trojan scanner. It is getting a bit long
in the tooth but is still a good trojan detector. Comodo now owns it
and keeps promising to roll its functionality in with their anti-virus
program (which I won't use because it has been in beta status during
its entire existence and has very poor coverage, like 38% versus 93%
to 99% for the others that I mentioned). If you aren't using McAfee
or Avira then I'd probably add BOClean.
You can go with a suite, like McAfee, or you can roll your own suite.
However, when you get done rolling your own, there can be conflicts
between the components that you used. Also, when you monitor memory
and CPU consumption, the roll-your-own solution pretty much consumes
the same amount of resources and impacts the system responsiveness
just as bad as the suite solution. Of Norton and McAfee, I would NOT
recommend Norton products. I do like Symantec products but those are
enterprise solutions, not consumer-grade solutions. On my host OS, I
use McAfee. I have rolled my own suites but ended up back with
McAfee. In the virtual machines that I run under VMWare Server, I use
a roll-your-own solution, typically Online Armor, AVG, Windows
Defender are running with the other mentioned anti-malware programs
installed but used only for on-demand scanning (and I don't bother
with BOClean in a VM).
