Anti-Virus issue

I guys I have an issue with a buddy's computer and I need some help to fix it.

Okay my buddy has a pentium 4 2.40Ghz processor with only 256MB of RAM
My buddy just can't go out buy upgrades for his pc since money is tight right now.
When I unstall all AV's and run with strictly windows firewall it performs great, but as soon as I install AVG 2011 or Avast 2011 it is so slow. I mean it goes from 3 seconds to 30 seconds just to open a program or launch a browser.

The performance however was good when I installed microsoft security essentials, but it did have a issue. When I rebooted the pc the service didn't auto start properly and it caused the system to be slow until I close the exe of the failed service. It was even slow for awhile after the service was launched and closed.

Please keep in mind that my buddy is using an old pentium 4 with 256MB on XP SP3. I know that I can't leave this system unsecured, but most of the AV's I have tried have slowed the system to a crawl. granted I am using all freeware stuff.

The system is also very slow anytime windows defender is turned on.

I can't leave him without proper anti-virus protection though.

 

Avira is one good option
PCTOOLS Firewall
MBAM and SAS free
and it will be fine
It was just like that for me when i had an old p4 with 512 ram

 

Thank you gery I will give these a shot.

Is there anything I can do with the avira configuration to make it more responsive so it doesn't eat up alot of resources?

 

Considering the amount of RAM, I'd skip antivirus and go for a different approach.

You may want to make your friend use a limited user account (if not already) and to ease things, whenever administrator rights are needed, install SuRun.

You could also install Sandboxie and sandbox web browser, media players, e-mail client, pdf reader.

Obviously, also advise him to open any Office documents downloaded from the Internet/-email in a sandbox as well.

If you know how to set it up and then explain it to your friend, and if he wishes to learn about it, then it will be easy for him to deal with it, honestly.

What XP version are we talking about? Pro version? If yes, you could set up Software Restriction Policies for him, using Group Policy Editor. If not using the Pro version, you can use Sully's tool Pretty Good Security (PGS) (search the forum for it, and you'll find about it).

If he's not willing/cannot afford to waste time on learning about Sandboxie, you could try to reduce the infections as much as possible by installing SpywareBlaster and Spybot - Search & Destroy (do not install TeaTimer), and apply immunizations. This way it will provide him a passive proactive protection.

On top of that, you could try to install AVG LinkScanner Free Edition. It will differ from system to system, but it won't consume more than 6MB of RAM. At least, that's the amount it consumes in some of my relatives systems. LinkScanner will protect against browser exploits, etc. It will protect regardless of the web browser.

If you try to restrict as much as possible any harmful content from reaching the system, and if your friend is careful and not a happy clicker, then he could live without an AV.
Install Malwarebytes Anti-malware free edition.

I almost forgot, and though it won't provide as much protection as it would for Windows Vista/7, install Microsoft EMET and place the web browser, pdf reader, media players, Java, office applications under EMET protection. (Search the forum for it, it has been mentioned a few times.)

 

I second the system hardening approach -- you'll never be happy using any traditional AV with 256MB. If he doesn't want to run from a LUA, you could install DropMyRights, which takes a little more setting up but accomplishes the same thing, more or less.

Also, be sure to route him through the Norton or ClearCloud DNS server. And install WOT, set at least to warn on yellow/red. Neither an alternate DNS nor WOT use any system resources.

And turn off Autorun -- Panda's USB vaccine is one way.

 

I installed Avira and its responsive once the guard and other stuff load, but as soon as I rebooted to test it. It took 8 minutes from the time system rebooted to the time it actually loaded the guard service. Its to bad that he can't run it.

Anytime it installs updates it takes forever to scan for update files, download, and then alot more time to install. I think it does a system scan at system startup which is one thing that this system doesn't need to do everytime he runs it. 8 minutes for anything in the system to respond even offline apps.

I guess its a compramise

I will try the system hardening option too

The only av's that I personaly use is nod32 and avira paid.
I tried zone alarm and avg. Then zone alarm and avast

Majorgeeks and download.com says that these are the most downloaded and popular setups for users around the world in system security.

Its XP SP3 home edition

the avira guard service stopped at load and I had to manually close it in task manager, then relaunch it.

Avira was fine by itself once it loaded, but when I added SAS and MBAM it went into crawl mode.

 

Try Panda Cloud Antivirus Free instead, since it uses a few less resources than Avira Free and is very easy to use for novice users. It is ideal for netbooks, so you should give it a try.

MBAM (Free version, yes?) shouldn't be running in the background unless you are doing a scan, so it should be causing any problems. Save Hitman Pro to a folder or in a thumbdrive, it is better than SAS and lighter on resources. Adding certain files/processes to the exclusions sometimes decreases the AVs resource usage a little.

Keep CCleaner handy if you can/want. Is any "junk" or software on the PC?

 

Okay I went with the hardening method and its much better overall (zero slowdowns)

I have a few questions though

I setup his ie8 icon to run like so from the start menu
"C:\Program Files\Sandboxie\Start.exe" default_browser
"c:\program files\sandboxie"

I uninstalled chrome since it was set to be the default browser when opening sandboxie, but he always launches IE.

This way everytime he uses his browser it automatically opens it in sandbox.

What I am now trying to figure out is how to make WMP 11 the default video player so it is always sandboxed on every launch without asking.

Should I change "C:\Program Files\Windows Media Player\wmplayer.exe" /prefetch:1
to
"C:\Program Files\Sandboxie\Start.exe" default_player "not sure what it needs to say on the "default_"
"c:\program files\sandboxie"

Also with these always launching sandboxed whatelse do I need to after installing sandbox and setting these to always launch in a sandbox?

With these always launching sandboxed is it still neccessary to switch to a limited user account when I use the special DNS, Sandboxie, and the AVG link scanner?

thanks

 

what about pendrives? are them all clean? when you insert a flash drive into a computer how will this be checked.?

 

Regarding that, by disabling autorun most of issues are solved. This leaves us with some other vulnerability such as the ones that has been patched already (regarding lnk), and obviously the user opening some infected/infective file. This is where Software Restriction Policies and LUA come in.

If somehow the person in question is able to spend a very few amount of money for a lifetime license for Sandboxie, then it's also possible to have pendrives, CDs/DVDs forced into their respective sandbox. If there's any security application that I believe is worth paying for, that would Sandboxie (No, I get no commission. lol).

But, it's not necessary, though. LUA + SRP + disabled Autorun will suffice. By the way, Mike6080919395 make sure to search this forum for "kafu" (without the quotes.
If for some reason your friend wants Autorun enabled, you can install NoAutorun -http://sourceforge.net/projects/noautorun/
It has also been mentioned before in this forum, so just use the search form and you'll find it. It even allows to deny writing to pendrives.

 

Just wanted to drop by and say thanks. He's really happy with the hardening method. It worked great! The browsing speed is still fast and all of the programs respond how they should.

I have one more question
With sandboxie and the standard win xp firewall is he safe when doing online banking and making purchases online? I'm not sure if there is a better one which won't slow his system down.

 

Regarding that aspect (online banking and purchases), I'd create a dedicated limited account just for that. Then having a limited account just for general web browsing and other stuff. This way, if for some reason, an infections happens to this general web browsing limited account, it won't spread to the other account.

Just make sure he does online banking and purchases in a dedicated sandbox for the effect and that Sandboxie automatically cleans the sandbox when he closes the web browser.

Actually, I have all my sandboxes set to delete all contents when I close applications. Go to the sandbox settings - Delete - Invoke Delete - and put a check mark on the option to automatically delete contents. Also make sure that in this sandbox only the web browser process is allowed Internet access and to Start/Run.

I'm assuming we're also dealing with a clean system? That is, Windows freshly installed? Or, has your friend been using it before?

 

Mike6080919395, you getting sound advice for your friend. The only
thing that I would add to m00nbl00ds recommended set up will be
to enable Drop my rights setting within Sandboxie.

Bo

 

I actually did recommend it; just didn't call it by the real name (post #11).

Nonetheless, great thing you did call it by the name.

 

Allow me just to add the following, which I previously forgot.

I'd still install SpywareBlaster and Spybot - Search & Destroy (do not install TeaTimer). Why? Sandboxie's free version DOES NOT allow the user to automatically force a process to start sandboxed. This means if some other process initiates Internet Explorer, then your friend won't be covered by Sandboxie.

Both SpywareBlaster and Spybot - Search & Destroy immunizations do offer an extra protection in the setup I mentioned.

Your friend would have: Internet Explorer 8 SmartScreen + SpywareBlaster + Spybot - Search & Destroy + AVG LinkScanner. If some process initiates IE, then anything harmful that could happen would need to bypass these protections.

I'd also, as I mentioned, add Microsoft EMET. Search the forum for EMET. It has been widely discussed before. So, this would mean one more layer. Not as great as it would be on Windows Vista/7, nonetheless an additional layer.

Also make sure you disable Remote Access (I don't know how to disable it in XP, and I'm about to go to bed... But, I'll see what I can find or someone else will for sure say it.), disable unneeded and dangerous Windows Services (Google for BlackViper and check Windows XP SP3 services, see what they are and what are needed for. If in doubt, you can always here or some other thread, so that this one won't go off-topic.) But, straight away, I'd disable Remote Registry.

 

Maybe this would help -http://seconfig.sytes.net/- It is free and easy to use. Does not use any resources.