Netbook Av's

Yes, seriously! I always enjoy reading your posts, so I would like to hear your thoughts if you give CIS a try. On family machines I set them up with CIS, a limited user account and turn them loose.

For my personal limited use netbook, I probably have the same Lenovo that Ro4dRuNn3r has, which for me seems to have it's own unique performance issues. That's the only reason I took CIS off that machine.

 

Just a small tip about avasts mail shield... I suggest to keep it on even if you do online email (like gmail)

The mailshield watches for outbound mail that goes from your pc..you don't have to have thunderbird\outlook installed for it to take effect. The malware program itself could simply send the emails.

 

If you have a 2 way firewall, it should detect something like this.

 

Thanks.

I have kind of given up on CIS for now though unfortunately. I took a few hours late last night and did some testing with about 150 malware links. CIS didn't do very well at all in the tests. Even with the sandbox fully operational, several pieces of malware really took control of the system and made quite the mess. One rather nasty piece of malware took over the full screen and would not allow me to get back to Windows at all (no matter what I tried). Both Avast and ESS stopped this malware before it even got there.

While I like Avast, everytime I install if, it seems to play havoc with the Internet connection on my system as well as email. They just become "wonky". There is no better way to explain it. At one point last night, I uninstalled CIS and installed Avast alone. I was then unable to check email through Thunderbird (no prompts or anything) and everytime I started the system, Windows Firewall would tell me it's not on. Even though it was on when I rebooted. I then turned it on and lost connectivity to the Internet. This did not happen before Avast was installed.

I'm now back to ESS and it is working great, very light on the system and no issues with email or Internet connectivity. I think I might just get another license for ESS and install it on the netbook.

 

So they've finally removed that crap for real? If true, that's pretty good.
Might gonna check it out again.

 

For testing CIS did you restart the computer to clear out the sandbox?

 

I have asus eeepc 900, with 1gb ram and a very slow ssd drive...The best-lightweight choises for me is Avira personal and winpatrol...try them...

 

I just bought a netbook and was usung Norton Netbook AV. Super light and if you read the latest AV-Comparatives Whole product long term shoot out and Norton had the least compromised of all the AV tested.

 

Smart man. Thats what I did. On my wifes Toshiba netbook, no slow down that is noticable. Going be a good year for Eset so that is why I upgraded to the suite.

 

Yes, of course.

Lots of remnants left behind and several things running in memory...not to mention how poorly it dealt with malware before the reboot. The computer was unusable and had to be hard booted.

Just wasn't all that impressed with how it dealt with it. Avast and ESET did a much better job. While not perfect, much, much better than CIS.

 

I will take your word for it but I really dont understand.. It can be your experience or a matter of choice but I dont see even if CIS in default settings the vendors you mentioned can do better..if the user didnt intentionally clicked allow to something thats even the popup msg said is malicious.. You know I have seen a lot of folks do that and say that the average user is going to allow it.. Getting infected should be a sport someday . Anyways good to know ESS and avast doing good dealing with zero day stuff..

 

CIS running with default settings. About 150 zero to 1 to 2 day malware links. Any pop up message, if it said it was malware, Clean was chosen, if it said the program should be sandboxed, that was chosen. The system became so unstable, a hard boot was required and when rebooted, there were a ton of things left over on the desktop, folders created and left over malware.

 

@TheIgster - willing to consider a setup without a realtime AV or is that too far OT?

 

+1
Of course if OP will be ready for this big step

 

As in using what?

 

Well, if you want a really light approach using what you have in the your OS already you could try the following:

1. Set up a LUA account
2. Set up parental controls ("Allow or Block Specific Programs") on the LUA account. Parental controls uses the same mechanisms as Win 7 Pro's Software Restrictions policy, excluding DLL protection
3. Install Hitman Pro and set up a scheduled daily scan
4. Disable Autorun on removable drives

LUA+SRP provides you with very strong protection - nothing can execute outside of Program Files and Windows Folders, and being an LUA account nothing can install to Program File or Windows folders. And you get daily scanning with 4 top notch anti-virus scanners. Most of all you get zero overhead. For even higher security you could add Sandboxie or Defensewall or Bufferzone.

 

As in using the same thing I suggested in post #25. A lot of people here don't seem to believe that simply not running as admin will cover 90+% of the malware out there. Add a software restriction policy and you have the userland malware covered as well. Plus, it uses little to no resources, requires no updates and is guaranteed 100% compatible since it's part of the OS. Read this, it's informative.

 

IME, Vipre AV + Win FW should suffice your protection needs while providing a minimal overhead on your netbook.

 

I didn't see that post of yours originally, but I agree. LUA+SRP+on-demand antivirus is the way to go. And with Win7 there's no more "but I haven't got the Professional version of Windows", because SRP is available via parental controls.

Also, adding in EMET is a good idea as well. This little lot would provide far stronger protection than a realtime AV for a fraction of the resource usage.

 

Well, thanks guys, but I prefer simply having a real time AV installed.

 

totally agree and understand.

 

Just out of curiosity, what is your rationale? Not running as admin is considered best practice if you ask people that know what they're talking about, like Mark Russinovich or Aaron Margosis, who posted on his blog that you're better off running as a limited user without AV than you are running as admin with AV.

Considering this is supposed to be a security forum I find it interesting that there is so much resistance to LUA. A lot of lip service is paid to "layered approaches", but at the end of the day what is meant is adding even more security apps. Least privilege and default deny is one of the best layers you can start with, but it seems to be widely ignored. This could lead to the conclusion that a lot of people here aren't really interested in security, they just like dorking around with security software.

Not trying to pick on you personally, but I would be interested to know the reasoning behind your statement above.

 

No , it is not one of the best , it is the best , actually.

Don't want to accuse anybody , but Johnny123 is right . Many people who think they understand of security just understand how to install many security applications which makes them even more vulnerable and gives them false sense of security.

As for trjam particularly , although he tends to change his security products too often , he seems to have knowledge of security

 

Hey Johnny, I appreciate your question. We have to keep in mind that there are many factors that weigh into an individuals perception of what is "security" and what is "doable".

There are many here that use just a AV and have never had issues. But there are many here, like myself, who have become better educated on PC security and realize what you are talking about gets me from the 20 yard line to the 10. But it is that individuals understanding, that gets him from the 20 to the 10 that becomes a problem.

I told Kees, that product Sully is working on, along with Kees posts, I have yet, to understand a bit of what they are talking about. It sounds good, but unless they come live with me to handle situations as they arise, it, well, becomes a pain in the ass, to me. "To me", being specific in nature.

I have 4 computers, 2 teens, one is a nut, and a wife that all have different demands of their computers. I would love to put a chastity belt on all computers, especially the 16 year girl,, but I cant. It makes their computers no longer "doable".

Yes I could set up all differently, but I am not going to. Time goes faster the older you get and right now 10 minutes went by and I didnt even see it.

Yes, one solution, all running Admin with a product like Eset does me fine. I have at least learned from this place to use something like FD-ISR and you know what, I am at the 20 yard line and fine and happy. Getting to the 10 just doesnt matter to me.

3GUSER, thanks.

 

I agree with you there, a lot of that stuff makes my brain hurt when I read it. I understand quite a bit of it, but it's strenuous. FWIW, LUA + SRP is actually a no-brainer compared to Kees's complicated schemes, although I must say, I admire his ability to think of this stuff.

Uh oh. Now I understand