It's been a while since I felt I had anything substantial to say that warranted starting another thread. Now recently I've been thinking a lot more about the individual's security needs. So, thought I would create a semi-random thread that would encompass everything and see what you all have to say.

It seems that AV companies no days are asking for far too much faith from its users. Why I don't understand. ESET seems to be leading the way in this race to obscurity. Why must we trust that they will deliver a compitent future product. Of course Dr Web, having not released a new version in so very long, is not far behind. The argument has been made that they have done so in the past and thus we should have faith that they will again. That reasoning doesn't work for me. I want to know as much as I can about a product that I'm going to be using, especially with ESET's habit or not supporting past version. Dr Web has so far delivered only promises which have yet to be fulfilled.

It seems to me that many AV companies have forgotten that simple and effective can be a very good things. I have never understood Kasperskt's PDM, which flags and alerts the user for every little thing, to the point where I want to throw my system out the window. That's not smart. Intelligence lies in heuristics, as I assume we can all agree. It is important to have an engine that can detect as many pieces of malware as possible, without the need for signatures. But why is it that KAV has decided that is no longer enought. They now feel the need to include an HIPS with their sotware. You will learn that does not work. Quit trying to be the best at everything to the point where you where yourself thin.

Size matters. I have never bought the argument that because hard drive space is easy to come by, as is the case with RAM, that security companies do not need to keep themselves in check. The above may be true but it is not a licence to run all 'will nilly.' Keep yourself in check. VBA32, I will admit, has improved in this areas with 3.12.2. But there is more work that can, and should be done. Come on....your off that fat ass and do a squat every once and a while. NOD32 is another example of a fantastic AV that has lost its focus and is no longer worthy of being considered a low-impact solution. I'm not sure what happend to it, but lately it consumes a lot more RAM then it used to. True, the numbers for the processes that NOD32 directly controlls, nod32krn.exe and nod32kui.exe, do not appear to have inflated. However the commit charge says otherwise. Can anyone provide me with a valid argument why having a lean, yet mean, AV is a bad thing?

Does the perfect product exist? No. But in a world that seems to be content with sacrificing modern guis for effectiveness we have all lost our way. The perfect AV would have NOD32's effective version 2.7 interfece, VBA32's heuritics, Dr Web's compact definitions, and KAV's update frequency. This is a call, if you will, to stop blindly accepting what ever crap 'they' decide to put in front of you. You have the right to make an impact, you just need to decide to exercise it.

I don't understand why users are so obsessed with low memory impact of AV programs. Of course, you should not bloat the product. But keep in mind that the number of malware is increase in an *insane* way. To add detections, virus names, repair information etc. the AV program is doomed to use more memory - no matter what.
Same goes for scan speed and system impact. Of course a HTTP scanning module will slow down your system! You cannot perform lot more of scanning without having that impact. Everything comes for a price - and that is a surprise to the users?!?!?

Complaining about an AV program using 50-100 MB of RAM but using Vista at the same time... Yeah... ::)

I always ignored the ram consumption of any AV.
Only detection really matter to me.

{QUOTE-> I always ignored the ram consumption of any AV... <-QUOTE}

Same here.

if you have limited amounts of RAM then of course RAM usage matters. But of course, RAM is so cheap nowadays, not many people *should* have RAM troubles. I think the one that matters more is CPU usage and "freezes" -> where an AV tries to load its service at the same time as others, it might cause computers to freeze momentarily. Likewise, a high CPU usage AV will cause other apps to freeze every now and then.

edit: anyway regarding KAV's PDM, I don't find it intrusive at all. Rarely, infact, does it popup for me, maybe once a week. I actually appreciate it so much its the reason I stick with KAV despite it slightly higher CPU usage. Compared to other HIPS, its dead quiet. Of course it depends what sort of programs you have installed on your computer.

No, the perfect product does not exist. If it did, it would be a suite :gack: . I finally got away from suites last year and continue my search towards perfect. I also think that there is no perfect anything. A decent AV with a good AS/AM with HIPS/IDS and good firewall are close. Add a sandbox and or VM with a backup solution and your as close to perfect as humanly possible.

We all want programs to be better, run faster and use less memory. The question is, if it uses more memory, is it worth it? I worked hard to trim my machine down and I do give a darn about how many processes are running and how it impacts my performance.

I personally feel that AVs, AS, and AMs, ATs are all merging into one product. I don't know if this is a good thing or bad. It would seem to eliminate some of the layered components so highly recommended. I personally don't want any single program in control of my computers security.

I'll also be honest. With an updated system, FireFox2 with goodies, a good firewall and some common sense, I'm not sure things are as bad as we may think they are ;). We mainly only need AVs/AMs during our rare weak moments. Of course, we are not your 'typical' users.

Sorry for the long rant and cheers,

innerpeace

{QUOTE-> I don't understand why users are so obsessed with low memory impact of AV programs. Of course, you should not bloat the product. But keep in mind that the number of malware is increase in an *insane* way. To add detections, virus names, repair information etc. the AV program is doomed to use more memory - no matter what.
Same goes for scan speed and system impact. Of course a HTTP scanning module will slow down your system! You cannot perform lot more of scanning without having that impact. Everything comes for a price - and that is a surprise to the users?!?!?

Complaining about an AV program using 50-100 MB of RAM but using Vista at the same time... Yeah... ::) <-QUOTE}

While this seems to make sense, and while I respect your opinion, Dr Web and F-prot are evidence to the contrary.

There isn't any price awarded for the "smallest" Antivirus. Ofc a solution blocking the whole machine while scanning is also a mess. But keep in mind that different av solutions using different technologies. If your AV solution doesn't consume more memory within weeks than before then you're doing something wrong. Because incrased database size HAS TO USE MORE MEMORY since you have to hold the sigs in memory for speed reasons and cannot load every single signature "on-demand" from the virusdatabase file for every file to scan. That should be pretty much self explaining.

And regarding interface / GUI memory use... What's the difference for using lets say 5 or 10 MB more memory than some other AV? And an answer like "but i have only 1 GB and need to run Vista" or "256/512 MB and XP" or "Old machine" simply doesn't count. The stuff (memory/hardware) is so cheap that you should really be able to extend your machine to a at least use-able machine with some sufficient amount of memory.

Some pretty formidable AV experts have weighed in on this thread, yet I am foolishly throwing in my thoughts.
{QUOTE-> It seems to me that many AV companies have forgotten that simple and effective can be a very good things. <-QUOTE}"Simple and effective" does not sell units. If I may draw a flawed analogy, it the situation is similar in the realm of digital cameras, where image quality does not sell units - megapixel counts do. Digital camera enthusiasts that know that 6 or 7 megapixels is enough for 98% of users, and after that image quality is paramount. But enthusiasts are a niche market, the average consumer doesn't care to know the nitty gritty of how image sensors work. They want the concept of "best" to be quantifiable, hence most have latched onto megapixel count, which is ridiculous.

The same goes here. Security enthusiasts may want simple and effective, but the average consumer wants "everything including the kitchen sink" protection, because it helps them choose a product (and cover their asses) without requiring them to study threads at Wilders for four to six months. It doesn't makes sense to many regulars here, but I think that Symantec could live without our business as long as it still sells to our moms, cousins, and in-laws.

Nah...you cannot add more than 2GB RAM to XP. I don't have enough RAM. I have the maximum of 2GB. I just had a popup while on a virtual machine saying that Windows was resizing my paging file because I was too low on virtual memory. Then I had no taskbar or Start menu. I actually wasn't low on memory (had almost 1GB free according to Task Manager which was the only program I could use since the taskbar and Start were missing) but Windows got itself in a twist about it and then nVidia TwinView caused a mess (it thought my virtual machine was a second monitor). But my point here is that 2GB RAM is simply not sufficient if you want to run more than one virtual machine and sometimes, like tonite, seems to be insufficient for one virtual machine. Dell informed me that this top of the line XPS machine cannot use any RAM beyond 2GB ...not even 3GB. Ridiculous. So, don't tell me just buy more RAM. I am at the limit currently and it not nearly enough. Even when I don't run any virtual machines I am pushing the limit on my RAM much of the time. Moving up to Vista is out of the question. I won't use that OS. A lot of us will never go to Vista so we are rightly concerned with an application that hogs RAM. Plus, many of us don't want Suites. I hate those. I want different applications ...layered. No Suites.

I have never really thought about it, 2 gigs always seemed fine for me. Although, I have never ran a VM.

http://support.microsoft.com/kb/555223

{QUOTE->
Here's a list of how much RAM the various Windows versions and editions support (as of Nov 2004):

Windows NT 4.0: 4 GB
Windows 2000 Professional: 4 GB
Windows 2000 Standard Server: 4 GB
Windows 2000 Advanced Server: 8GB
Windows 2000 Datacenter Server: 32GB
Windows XP Professional: 4 GB
Windows Server 2003 Web Edition: 2 GB
Windows Server 2003 Standard Edition: 4 GB
Windows Server 2003 Enterprise Edition: 32 GB
Windows Server 2003 Datacenter Edition: 64 GB
<-QUOTE}

{QUOTE-> I have never really thought about it, 2 gigs always seemed fine for me. Although, I have never ran a VM.

http://support.microsoft.com/kb/555223 <-QUOTE}

Yeah...but that is misleading. XP Pro is what I have and it will not see 4GB RAM on anyone's machine. Most it will see is about 3GB and Dell says the XPS 600 won't even see that or may see it but won't use it.

You should be able to see a max of about 2.8 plus or minus. Unfortunately a limitation in 32 bit OS

Hi Nate. :)

{QUOTE-> The perfect AV would have NOD32's effective version 2.7 interfece, VBA32's heuritics, Dr Web's compact definitions, and KAV's update frequency. This is a call, if you will, to stop blindly accepting what ever crap 'they' decide to put in front of you. You have the right to make an impact, you just need to decide to exercise it. <-QUOTE}

You initial post goes fine, and those random thoughts are all OK, but what's this? A call? To arms? A revolution? You sound a bit like Martin Luther King ;D Sorry buddy, but what exactly do you propose here? That us, users, should appeal with 4 vendors to join their forces and produce us one super-anti-virus? I can't see exactly where you're coming from, n8...

{QUOTE-> I have never understood Kasperskt's PDM, which flags and alerts the user for every little thing, to the point where I want to throw my system out the window. <-QUOTE}My experience differs to you. I hardly get any PDM alerts. Initially when KIS was installed, I got a few alerts that's for sure, but not received any more for the same programs.

I should also mention I do not have the AIC component enabled. It is disabled by default, but if one enables it, there will be more alerts relating to shared .dlls and such like. This may be confusing to some.

{QUOTE-> I always ignored the ram consumption of any AV.
Only detection really matter to me. <-QUOTE}

Effect on performance is as important as detection rate.

With 2 GB memory, I am quite happy to use a top tier AV that used 50-100 MB RAM but had no effect on the speed of my computer.

{QUOTE-> Yeah...but that is misleading. XP Pro is what I have and it will not see 4GB RAM on anyone's machine. Most it will see is about 3GB and Dell says the XPS 600 won't even see that or may see it but won't use it. <-QUOTE}

This a restriction imposed by the mother board not the OS.

I agree with BC - I don't care if a AV uses 50-100 M B of RAM as long as the impact on the system is low.

@Mele - 2.8-3.1GB of RAM is what you will normally see in a 32bit OS, you will still see this even if you run a 64bit OS without one of the chipsets mentioned in the MS kb article.
{QUOTE-> The chipset must support at least 8 GB of address space. Chipsets that have this capability include the following:
• Intel 975X
• Intel P965
• Intel 955X on Socket 775
• Chipsets that support AMD processors that use socket F, socket 940, socket 939, or socket AM2. These chipsets include any AMD socket and CPU combination in which the memory controller resides in the CPU.
• The CPU must support the x64 instruction set. The AMD64 CPU and the Intel EM64T CPU support this instruction set.
• The BIOS must support the memory remapping feature. The memory remapping feature allows for the segment of system memory that was previously overwritten by the Peripheral Component Interconnect (PCI) configuration space to be remapped above the 4 GB address line. This feature must be enabled in the BIOS configuration utility on the computer. View your computer product documentation for instructions that explain how to enable this feature. Many consumer-oriented computers may not support the memory remapping feature. No standard terminology is used in documentation or in BIOS configuration utilities for this feature. Therefore, you may have to read the descriptions of the various BIOS configuration settings that are available to determine whether any of the settings enable the memory remapping feature.
• An x64 (64-bit) version of Windows Vista must be used. <-QUOTE}

I also don't understand why people want their RAM to be empty 3/4 of all time.
RAM is there to be used doh. It's like always filling your car gas tank only to 1/4 while leaving other 3/4 unused. Sure your car is lighter but your mileage will be smaller... Bottom line, you don't profit much of of it...

Hello,
I have to say that the PDM is kis7.0 does really annoy me sometimes.
when installing stuff it popups up like 20times on almost the same thing.
there was alot less alerts with kis6.0 and i guess the extra alerts are ment to be more protective but alot more annoying.
there is no perfect product.
with anything you have to choose a product that protects you while at the same time doesnt ask you questions you cant answer and doesnt slow you down.
i dont think nod32 is much heaver than it used to be.
i can still install the lastest version of it on my test pc with basically no difference in speed than without it installed.
the test pc is a pentium 3 with 256mb of ram.
the reason i choose kaspersky over nod32 was because kaspersky has a better interface and is better at removing malware if any gets through.
lodore

just to reply to the "nod32 getting fatter" issue...

i've used nod since version 1 and its lightness has always been welcome, but is certainly not the be all and end all of it.

Stefan Kurtzhals makes the best point when he says that system resources are bound to be affected by the AV as the amount of malware increases and the work the AV has to do increases.

back in the day of nod v1 pcs were a lot less impressive than they are today, as was the malware. the growth of the internet has meant that there is more malware around, but luckily the advance of computers has meant desktops and laptops are a lot more powerful than they were in those days. So who cares if an antivirus is taking up more space/memory/cpu when we have so much more available?

if the enemy is getting bigger, then the army must increase too.

hmm, ive never noticed my AV use more RAM just because more signatures are added. ???

{QUOTE->
I personally don't want any single program in control of my computers security.
<-QUOTE}

Well for the workplace PCs in my case, there is only ONE security program, Symantec Antivirus Corporate Edition. No software firewall nor AS nor HIPS of any kind. Before that there was only McAfee Antivirus.8)

{QUOTE-> This a restriction imposed by the mother board not the OS. <-QUOTE}

That doesn't make sense to me. This is a 64-bit, 3.8GHz Intel 670 processor on a Nvidia Nforce 4 SLI x16 motherboard. Dell had told me originally back in December 2005-January 2006 that I would be able to run XP Pro 64 bit and that all 4GB of RAM would seen and used. I had asked because at the time I was seriously thinking of moving to XP Pro 64 bit and I knew I needed more than 2GB Ram even on 32bit XP Pro because the Dell I had then had two GB RAM and it wasn't enough to comfortably run more than one virtual machine at the same time. I should be able, on a powerful machine, to run at least 2 or 3 virtual machines simultaneously and give each machine a decent amount of RAM and still have sufficient RAM for the host. These were Dell Supervisors I was dealing with in the Small Business Resolution Center and they understood what I needed and assured me that this chip and board would be able to address those needs.

However, after I got the machine, I saw in the owner's manual that it would support only 2GB RAM. I asked, along with others who had been mislead also by Dell, in the Dell forums, and was told that 2GB was the limit although the machine might use 3GB it would not report it, and would not see or use 4GB, but the others asking did not have my CPU ...they all had Pentium D's. I was assured that this specific Pentium 4 on this nVidia board could, and would take, and use 4GB RAM. So, I don't know who to believe. There are a number of reviews floating around on the internet of this machine, in this configuration, saying the machine can do XP Pro 64 bit and use 4GB RAM so I am totally confused. I mustn't complain too much though because this machine was an exchange for a 22 month old Dimension 8300 that fell apart and this is obviously a superior machine. However, with the 8300 had I increased the RAM from 2GB (it also was a hyperthreading, dual channel Pentium 4 at 3.0GhZ) to 3GB, it would have seen and used that. The board chip on that machine was Intel ...Dell never used anything else until the XPS 600.

Sorry for the confusion, I meant chip set not the mother board, see the post right after mine for a better explanation.

I am using an AMD X2 with NForce4 chipset board, 4 GB RAM and Win XP Pro 32 Bit. Because of using the 32 Bit version of windows, actually only 3.5 GB RAM are available because my video card uses 512 MB of the 4 GB to map it's video ram. Windows logic to use it's virtual memory is one of the most stupid things I have seen - even if you have several GB of free memory, it starts putting large amount of data into the swap file. The file caching algo is also a joke. It starts to swap out memory of active applications (!) just to put additional data into the file cache. And there is no way to tweak this behaviour of Windows. :(

People that complain about low memory usage should get Sysinternals Autoruns and disable all the unnecessary auto-start entries (QuickTime, Java, ...) that eat up memory and slow down system start.

BTW, even a behaviour blocker (PDM) does slow down your system. Every additional API hook you place slows down the OS.

anyone with a 'decent' machine should have no problems using/installing any antivirus or suite out there, they aint that bad, even the highest ram ones.

ram issues only enter as a factor (and sometimes not even then) when on >512mb ram machines.