Real-time Protection: security vs CPU utilization

Regarding the plethora of available antimalware utilities, I have three interrelated questions regarding their real-time protection:

1. which utility's real-time protection provides the most bulletproof security,
2. which is utility's real-time protection is easiest on RAM and CPU utilization, and
3. which strikes the best balance between protection and resource utilization?

I realize that especially #3 is quite subjective, but that's what I want: your opinions.

 

this queation is hard to reply,but i for my own experience can say that i utilize and be very secure and be productive is H.I.P.S security

 

HIPS, definitively.

 

It depends. An lightweight HIPS is secure if you know how to answer popups. Another way thats also lightweight is to use an virtualization program like Shadowdefender or Returnil. After a reboot every change made is gone but in the meantime you are not so secure.

 

Hello,

I have Windows XP SP2.

Use Memory:

Antivir Personal: avgnt.exe 1044Kb + avguard.exe 1840 Kb + sched.exe 520 Kb,
StartupMonitor: 192 Kb,
SpywareBlaster: nothing,
Seconfig XP: nothing.

That's all for me. Better - no miracles!

 

My opinion: a classic HIPS (like EqSecure, Real-Time Defender) and a sandboxing software (like SandboxIE, possibly Defensewall) will provide very close to bulletproof protection and is very light on resources.

 

A behaviour blocker like Mamutu and an anti-spyware like SUPERAntiSpyware or MalwareBytes Anti-Malware.

 

Both A2 Malware (on execution black list and IDS) and ThreatFire run very light on dual cores.

 

AppRanger should fulfill your requirement for 1, 2 and 3. They have CPU utilization watch built in that kind of shows at any point in time how much it is consuming compared to total system consumption. I find this feature rather accurate. For memory usage you would have to resort to task manager or something else. Give it a try.

 

Thanks for the replies.

Re HIPS, I used to have Prevx on an old system and was quite happy with it. Although not traditional HIPS, it does rely on behavioral traits to flag and compare with its server signature base. Thoughts?

How about realtime protection from a traditional antimalware (e.g. Malwarebytes, SAS). What are your opinions?

 

0) What is your definition of malware? Does this hold? Malware=Virus and Trojans and phone home software?

1) As you probably know, none are or ever will be 100% bullet proof, so todays "answer" will be different tomorrow. FWIW, I use paid versions of Nod32 and SAS with real time feature on and not conflicting. But I make no claims that these are THE most bulletproof. IMHO what you ask is not knowable.

2) Again, I don't know, SAS is considerably lighter on CPU and RAM compared to Nod32 V2. But I purchased the PC to run programs and I want them to use resources to give me some security. Security is more important than resource usage.

3) Probably a suite such as OA Free which has a HIPS based on a white list that will keep badies from executing, and the FW will help prevent them from arriving in the first place.

I know I haven't answered the way you expected.

 

Well, it's a little bit difficult question, however, the same came to my mind just about a few days ago. I must admit here that I agree with Escalader - in the times of multi-core CPU's and the price of 1GB RAM I think the overall security benefit is actually more important that system resources usage, especially bearing in mind the fact that having two - or even more - real time protection programs doesn't actually mean that you will get some noticeable slowdowns etc.
For example - at the moment my resident protection is as follows:Avira, CPF w Defense + enabled, Threatfire as well as BOClean, Returnil and SandboxIE all in the memory. After hitting CTRL-ALT-DEL and awakening Process Explorer I get most of the time: System Idle Process between 92-96%. Of course, all these programs do use system resources when in action, but on the other hand this is normal and somehow I am prepared for this.

Of course, you have to strike a balance, which also means that you should steer clear from resource-hungry software that actually does nothing to protect you (some specific products of some specific companies come to my mind now), yet still eats a lot of resources. I don't know how about real-time protection of SAS and A2, but I've been using free versions of them (as well as Prevx and MBAM) and - I stress here that this is just my subjective opinion based on my subjective testing and every-day evaluations - both SAS, MBAM, A2 and Prevx are light enough on system resources (especially SAS) that could be used in a complementary way (say A/V + SAS or A/V + MBAM/A2 or similar).

Bearing in mind the fact that this did was not a direct answer to you questions, I still hope that this will somehow help.

Best regards,
Swordfish

 

You folks have been quite helpful and I appreciate it. You are correct and I have a Q6600 quad core and 4GB of RAM so I shouldn't sweat it so much, but I still live in the mindset of emptying out the system tray, minimizing processes and running light background utilities. Old habits.

After much research here's version one of my security:

1. OA Firewall (paid)
2. Malwarebytes (paid)
3. NOD32 (paid) with w/ Blackspear's settings
4. Prevx2 (paid)

So far no conflicts and I don't notice them running. BTW, OA is $15 off until the end of today. It's funny - in the time it took me to download and install the security programs I picked up an (innocuous) piece of spyware.

I just hate wasting resources. It kills me. I have a dual-boot for a DAW (digital audio workstation) and that boot is isolated from the Internet so that I can avoid running security in the background. I want every clock cycle and bit of memory I can get of I feel wasteful - like our grandmothers said: there are people starving in rural China (running Asus Eees).

And thanks for the non-patronizing resposes. Things change a lot in two years and that's how long corporate has been handling my security. I've become incredibly ignorant in that interval of time.

 

Just a hint, to minimize the chance of conflict with your tools, have them all mutually exclude each other. I have 2 of your 4, OA and Nod32 so I know they allow users to set exclusions. It is possible to nullify security features in our layers of tools if they duplicate functions so exclusions help mitigate that issue. Your version 1 set up looks strong to my way of thinking!