3.4 and how best to keep it company

[mallen1]

1. Is 3.410 beta?

2. I'm fixing up mom's computer, Dell Inspiron 8200 Laptop running XP SP2 (fully updated and patched w/ both critical and optional Microsoft customer releases) on Intel @ 2GHz w/ 1GB RAM. Her surfing habits are both safe and conservative.

Current 24/7 realtime protection (versions/definitions always up to date):
1. NOD32
2. Windows Defender
3. Windows Firewall
4. Microsoft Cloudmark Desktop
5. DCS ProcessGuard 3.4
Current perodic sweeps:
1. Spybot Search and Destroy (Mon nite)
2. Webroot SpySweeper (Thurs nite)

Question: I love my redundancy but am running into a system utilization bottleneck. Regarding my 24/7 realtime protection, what can I do without and what settings can I change to liberate system resources without compromising the robust nature of my system defenses? I want to have my cake and eat it too.

Thanks to everyone for your time.
-Mark

[Chubb]

Quote:

Originally Posted by mallen1

1. Is 3.410 beta?

3.410 is not a beta. It is a released version.

[Rico]

Hello Mallen1,

I'll take a stab at it:

If it were me, I'd consider dropping Windows Defender, & have Spysweeper resident. Do you have passive defenses also? Hosts file, or Spywareblaster, or IE-SpyAd, or SiteAdvisor etc.?

Take Care
rico

[Mele20]

I'd get rid of Windows Defender and Cloudmark. If your mom is conservative in her use, why does she need an expensive spam catcher that isn't even very good (according to ZDnet review)? I get very little spam and none in my main account because I made it "dictionary proof". Windows Defender is not very good. You have an excellent AV and you run two excellent antispyware applications on different days, and they complement each other, so why do you need Windows Defender running in real time? I'd put BoClean on instead if you want to stay with NOD32. Otherwise, switch to KAV 2006 which is surprisingly light on resources, even on my 98SE box (that amazes me), but also on my XP box. If you use KAV you probably wouldn't need BoClean also but you would be wise to add it if using NOD32 and get rid of Windows Defender. BoClean will use very little resources.

Have you considered that NOD32's IMON web filter possibly could be what is causing the slowdown? I had NOD32 for two years (several years ago) and beta tested the version that first introduced the web filtering. I found that brought my computer to a crawl no matter how I set the filtering. I moved to Bit Defender and then KAV 2006. I also cannot use KAV's web filtering as that too reduces my internet speed by MORE THAN ONE_HALF (from average of 4800kbps down to average of 2300kbps down).

[WSFuser]

i agree with mele on dropping windows defender and cloudmark. other than that, the setup is good for a safe surfer.

[mallen1]

Thanks, folks. If I drop Windows Defender, I'm left naked without a monitor/shield to prevent infection.

Please recommend a utility specifically and exclusively designed to immunize against all forms of malware. If none exist, should I revert to the resourse-heavy SpySweeper for this function?

Presently, my system is running at lightening speed. This is an important distinction: does Windows Defender's real time protection suck or is its more maligned identification and removal function to blame for its poor reviews?

Also, I've studied the fine print on BoClean, and unless I'm mistaken it has no immunization/monitor/shield function to prevent incipient infections, despite some clever use of language on its box and website. Please correct me if I'm wrong as this is critical.

Again, thanks,
-Mark

[WSFuser]

the best way to prevent infection is to practice safe hex and not partake in dubious or dangerous activities.

more or less, BoClean is an anti-trojan. like so many other anti-whatever it catches malware. are you looking for an HIPS instead?

[mallen1]

WSFuser,

I guess what I need is an education. Let me put my dilemma in terms that I can understand and ask you to fill in the gaps.

When I visualize my system, I see three concentric spheres. The inner sphere represents the kernel-level vulnerability which I perceive ProcessGuard working to insulate.

The middle sphere is my OS, registry and executables, the working sphere that I'm cognizant of now while I type to you, play solitaire and listen to Rhapsody music. It's what 99% of users think of when the consider their computer. This sphere is where missed traditional Malware hangs out post-infection and wreaks its havok (or not). This middle sphere is what I try to address with my periodic sweeps with Search & Destroy and SpySweeper.

The outer sphere is the universe at large, the internet in specific. Here is where I get confused. I wish to protect my inner two spheres from malevolent risks lurking in this third outer sphere. Here is where I am in search of real-time protection (or so I believe). Here is where I wish to intervene with a shield or immunizing function to protect the inner two spheres of my system. When I visualize my system, I see malicious code marauding about this third, outer sphere searching out vulnerabilities through which to infect. To extend this metaphor one final step, I wish to innoculate against this incipient infection.

In the language of these three spheres, explain to me how to weave together a coherent and cogent plan of defense. Philosophy is great, but I need product names with brief, concrete explanations. My habits are safe and sound. From that springboard drag me forward intellectually toward a practical strategy.

Thanks so much for all of your time,
-Mark

[SpikeyB]

Malware from the outer sphere cannot infect you without first executing. The primary function of Process Guard is to stop unknown executables from executing. If you do not allow any unknown executables to execute then Process Guard will protect you in real time against threats from the outer sphere.

In exactly the same way as described above, Process Guard will protect all of your spheres.

[Carver]

The first thing that should go is the Windows Firewall anything would be better (even the free ones like ZoneAlarm), the second is Windows Defender.

[Rico]

Hi Guys,

Remember me post #3? Mallen you never commented about the passive defenses I mentioned. These items will help keep you away or aware of bad places, so you do not, partake (like Mr Fuser states) in dangerous activity.

While Spysweeper may run heavier, than others, it's still top rated, by the likes of Mr. Howes, PC World, & PC Mag. I have SpySweeper 5 running as I type.

Also do you have a NAT'd router? (presume DSL or Cable). What about backup strategy, you can have all the protection in the world & still lose your OS & data.

Also you should check out the excellent post by Mr. Blackspear. See:

http://www.wilderssecurity.com/showthread.php?t=78484

Take Care & may the bad 1's & 0's not visit you!
rico

[mallen1]

Hey Rico,

To by perfectly honest, I don't understand what passive defenses are, unless you mean avoiding peer to peer file sharing and porn sites. Pornography has just never done it for me and the tought of strangers trapesing all over my hard drive gives me hives. But honestly, tell me what passive defenses entail as I really do not understand.

Regarding backup, I gave mom an external Maxtor One-Touch for Christmas with Acronis 9.0 currently doing the dirty work. The Dantz Retrospect Express that came with it kind of sucked.

So, how's this for mom's final solution. No, not a nursing home. This:
1. SpySweeper, real time shielding
2. NOD32 AntiVirus
3. ProcessGuard
4. Windows Firewall
5. Cloudmark Desktop SpamFilter

Take Care,
-Mark

[WSFuser]

By passive defenses, rico is referring to security programs that do not run as background program. some examples include spywareblaster, a HOSTS file, an antiphishing toolbar, etc.

[Rico]

Hi Mark,

Download "Site Advisor" recently purchased by McAfee. When you do a search, a little green check mark will be beside safe places, & a red x for nasty plases. See

http://www.siteadvisor.com/download/ie.html

Also one of the best hosts files, which will keep you from accidentally, or intentionally getting to nasty places. See:

http://mvps.org/winhelp2002/hosts2.htm

Which version of Spysweeper do you have 4.5 will not protect a large, hosts file while ver 5 will protect it.

Also be sure to get "SpywareBlaster" from Javacool - who can get there from Wilders. I like this one so much I donated!

Take Care
rico

[Brother Esau]

LINUX

[mallen1]

Rico, thank you for the information. I guess I am a computer ninny. After running approximately 20 hours on HijackThis and five different anti-malware suites and even chkdsk, I finally got into Dell's pre-boot diagnostic menu and confirmed the worst of my fears. My hard drive is mechanically ruined. The good news is twofold. One is that I run Acronis True Image v9.0 and have an image and an differential archives. The other is that it is still under warrantee (for another month) and my new hard drive is in the mail from Dell. I have to give Dell 5 stars. They diagnosed the problem quickly and sent the new hard drive out in the same day's (yesterday's) mail.

[Rico]

Hi Mallen,

Your welcome! Good luck with your new drive & may all your 1's & 0's be happy!

Take Care
rico