Balancing Security and Performance????

Discussion in 'other anti-malware software' started by captainron, Oct 22, 2009.

Thread Status:
Not open for further replies.
  1. captainron

    captainron Registered Member

    Joined:
    Oct 22, 2009
    Posts:
    77
    I was just browsing the 'What is your security setup these days?' thread (https://www.wilderssecurity.com/showthread.php?t=111264&highlight=SECURITY SETUP)

    I was surprised to see how many real time security programs most of you run. Some of you must be running 15-20 processes just from 3rd party security software. The mix of all the programs, all the read/writes to the hard drive would slow any computer down to the point of annoying me. Any input with the rational, or how you factor in performance is appreciated. Nice Forum you guys have.

    What do you guys think about balancing security software with performance? It seems like most of you would error on the side of too many apps and a slower pc?

    Why do some of you disable UAC which is a great layer of protection that doesn't hinder performance, then enable all these background scanners that do hinder performance?

    cheers
     
  2. masqueofhastur

    masqueofhastur Registered Member

    Joined:
    Nov 19, 2005
    Posts:
    109
    I've thought about this too, and I'll get rid of any security software pretty quickly that causes me any sort of problem. I've been able to avoid malware for a pretty long time now without much software, so having security software in place that causes me as much trouble as the malware, except continuously instead of on rare occasions isn't worth it.
     
  3. Windchild

    Windchild Registered Member

    Joined:
    Jun 16, 2009
    Posts:
    571
    Performance is obviously important. I wouldn't buy a fast system if I didn't want to use all that performance. So, what I do is that I simply choose a decent operating system that has a decent security model and can take advantage of the power of the hardware, and then I use the security features of the operating system to get a reasonable level of security. I generally don't bog down the system with third party security software.

    In a (Windows) security forum there are always people who think security is only all sorts of security software, and they will load their systems full of all kinds of AVs, other anti-malwares, HIPS products, behavioural blockers, sandboxes, anti-rootkits and what have you. This is a good way to waste tons of performance and to create conflicts between all that security software and the OS that they manipulate with often unstable hacks. But for some of these people, performance is honestly irrelevant - their only intention is to play with the security software as a hobby, or sometimes they simply honestly believe that they need all that stuff to be secure and occasionally are so paranoid they think even that is not enough and they still need tons more security software (while increased understanding would really be much more useful than throwing more software at the problem).

    Personally, I strongly advise against taking the "What is your security setup?" threads as any kind of recommendation or guide as to what you should do to secure your systems. Those threads have all kinds of people with all kinds of setups, many of which are just plain bad choices for most people: you'll find people whose security setup consists only of their brain and the operating system's features, and you'll find people who have 15 different security software installed and still looking for more. For the average user, I'd recommend starting with moving to use limited user accounts and then learning some basic common sense: like being reasonably suspicious about installing new software or "plugins" when some site asks you to do it, or watching where you enter your credentials for anything from IM/email accounts to online banking.
     
  4. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    My impression is that the situation is complex. Many users develop that ethic following a violation of the machine, their private space. Going somewhat overboard is fairly typical here as anyone who has experienced a personal violation can attest (example - in my own case, my home being burglarized - it shakes your faith in the status quo and you can react in somewhat excessive fashion).

    Although some users will gladly surrender a performance hit for the sense of security, many won't.
    No idea. It's not a general ethic here (my own sort of base recommendation is here), but plenty of people continue to do it. Part of it is the tyranny of legacy software and poor design decisions made long ago, part of it is a somewhat misplaced desired to control.

    That's clearly a dynamic in play in general. How else can one explain the continuing stream of testing and challenging of setups with supposed malware, links to malicious/compromised websites, and so on.

    I do go one step further and suggest use of an AV, but it's more to serve as an expert system for malware evaluation than ultimate security feature. As such, it is very possible to dispense with it if heavy dose of common sense and adherence to discipline in surfing and downloading content is maintained (this can be harder than you think). However, when viewed in this light and used in this fashion, the excessive zeal for perfection in detection is relaxed and the differences among mainstream blacklisting products starts to diminish.

    Blue
     
  5. Windchild

    Windchild Registered Member

    Joined:
    Jun 16, 2009
    Posts:
    571
    Well, yes. I, too, suggest using an AV for everyone who isn't absolutely sure they don't need one, which is to say, just about everyone who is an average user running on Windows. In my previous post I was rather thinking that running AV kind of goes without saying even for many if not most of the average users who are being bombarded from everywhere by suggestions to run an AV - even the operating system actually complains if no AV is detected unless you turn off that warning! In my experience a lot of the average users already know about running an AV, and LUA would be, then, an addition to that and a huge boost to security. And learning to be careful with what you run and where you give out your info is arguably an even bigger boost. In a security forum like this, I think most of the people who come here to look for ways to better their security are already running an AV.
     
  6. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,133
    Location:
    USA
    .
    Personally I find UAC pretty annoying. It doesn't impact performance like background scanners, but it can be intrusive depending on what you're doing. In Vista I use the Norton UAC tool which helps a lot and is much better then turning UAC off. Unfortunately the Norton UAC tool does not work in Windows 7 (that may change in the future). Windows 7 has refined UAC though and the default setting is less intrusive. Still, I would prefer to use the highest setting for UAC in Windows 7 in combination with the Norton UAC tool so hopefully they will support it eventually.
    .
    It's important to remember that the most important security tool in the equation is the user. All the software products are secondary, and are only effective if the user practices safe computing. People who go looking for trouble on the internet will eventually find it even though they're running lots of security software.
     
  7. LaserWraith

    LaserWraith Registered Member

    Joined:
    Apr 23, 2009
    Posts:
    38
    Location:
    Under your bed!
    I disable UAC because: first, it is annoying when I only get alerts about stuff I'm doing and want to do, like change settings; and second, I think CIS's Defense+ is better...much better.


    And as for AVs...I don't have any. I disabled the AV in CIS, and currently just use the D+ and firewall. Going to install GeSWall soon (I just reformatted and installed Win7).
     
  8. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    You seem to have emerged unscathed!

    Whether or not various programs impact performance would depend on the type of program. Many just sit in the background keeping watch, and don't use much CPU. So, just looking at the number of processes running may not be a good indicator.

    Security is a state of mind.

    We bolster our defenses based on our perceptions of threats, or the likelihood of being exploited by this or that type of threat.

    And so, (excluding the "hobbiests") you find people who install many things, and those who run nothing more than a firewall and a secured browser. In both cases, they feel comfortable in their own minds that they are protected. Who is to argue otherwise?


    ----
    rich
     
  9. captainron

    captainron Registered Member

    Joined:
    Oct 22, 2009
    Posts:
    77
    Thanks for all the great responses you guys. I want to make it clear that I'm not here to be a jerk or to ridicule how anyone likes their security setup. I find it good discussion.

    Rmus even if a background scanner sits in the background and doesn't really increase cpu usage it does increase memory usage, cause possible conflicts with other apps or installations, may have scheduled scans that run when you don't want, and most importantly will scan every read and write to your hard drive, then if you have several programs scanning every read/write to the hard drive that is going to add up to significant slowdowns.

    Those types of slowdowns would bother me, maybe not others, but its a major consideration with security software that you decide to purchase/install. This is why I focus on ways of securing your PC without apps that involve real time protection.
     
  10. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    I can't imagine anyone letting something run when not wanted. But if that is the case, then you have a good point.

    It would be interesting to take a poll in that thread to see how users have set things up and if they feel they experience performance slowdown.

    ----
    rich
     
  11. captainron

    captainron Registered Member

    Joined:
    Oct 22, 2009
    Posts:
    77
    sure you can turn off scheduled scans if you want, main performance concern is how the real time protection will scan every read/write to your hard drive, the slowest part of the computer. In my experience multiple background apps especially real time scanners will be slower than a normal windows installation, and its most noticeable when running demanding programs, games, or multi-tasking. Whether or not someone notices depends on how many background apps they have, their computer, and what they use their computer for.
     
  12. Rico

    Rico Registered Member

    Joined:
    Aug 19, 2004
    Posts:
    1,703
    Location:
    Texas
    Wow! Maybe I'm missing something, I don't understand the necessity of multiple security apps., when ShadowDefender & Returnil are available. You could play with malware, with either or, & nothing else. FYI 2 years malware free using just SD. Why go through all the layers & performance hits, when SD & RVS are thereo_Oo_O

    Take Care
    Rico
     
  13. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    4,222
    I agree completely, with the coming of age of virtualizers, sandboxes, imaging programs, a lot of security applications have become to say the least redundant.

    Not being able to reinstall or restore a system (there are cases where the installation CD is lost, and still the vast majority of users have no backup images) using "traditional" tools to clean up systems seems the only alternative available.

    Captainron, you should read out of curiosity some of the posts from 2006 of the thread you are mentioning (page 4-5 were typical at the time) and compared them to what people are generally using nowadays at Wilders.

    This is really enough if you are not retaining anything from your virtual session, but if you want to commit something to disk while you are in the shadow session an updated scanner is the only way to ascertain (with a reasonable doubt) if the file is infected or not.
     
  14. 1000db

    1000db Registered Member

    Joined:
    Jan 9, 2009
    Posts:
    718
    Location:
    Missouri
    With Windows 7 now available and its security features (SRP, Applocker, configurable IN/OUT FW), a properly configured OS and trusted scanner to check downloads; the average user would not reeally need anything else. One of the best security improvements I have made was setting up OpenDNS on my router. I do alot of gaming so performance is paramount and my security needs to just do its job quietly.
     
  15. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    My siggy has seen me through quite a few gigs of malware samples without any performance hit be it XP, Vista or Win 7 32bit full admin mode with everything ms system security related either deleted or turned off. :thumb:

    Have I ever been infected? Yep, probably a million times. LOL. :D
     
  16. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    They say 'different strokes for different folks', and this forum is full of evidence to that statement ;)

    How many here would agree that computer security tends to develop in 'phases'? Where initial phases consist of some hips type programs to control threats after you have been compromised or simply learn of the need.

    Phase two I would say many here are in, where you try many combinations always looking for that 'holy grail' of security, based on your own preferences/criteria.

    Phase three being a slow fade from the need for phase two, finalizing on either a certain set of tools.

    Phase four would be getting back to the simplistic ways of computing like you did before phase one, only in this phase you strive to still keep the security without the involvement. That is where I am personally.

    This strike a cord with anyone?

    Sul.
     
  17. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    lol, it means when you first start using hips and firewalls and such, you are eager to see the pop-ups because you really want to control everything. After some time, you begin to tire of all the 'involvement' that those types of programs require. You begin to see that you can still be plenty secure without all that effort. Transparent and silent, but still secure.

    Sul.
     
  18. SammyJack

    SammyJack Registered Member

    Joined:
    Aug 19, 2009
    Posts:
    129
    I thank a lot of people have a huge amount of RAM,and really powerful processors,so they probably do not experence the kind of of slowdown from their security posse I would with 1gb RAM.

    I have,in the past, on my current system ran a "modern" HIPS eqiped firewall,a realtime AV,and a realtime antispyware.

    Also Firefox with five or six security related add-ons,and all XP default services enabled.
    At the time I did not notice the system drain,as I did not know
    any other way.
    Ultimately,it was the the dreck and drama of updating,that led me to seek a different approach.

    The speed increase brought about by disabling unneeded services,and streamlining security,was a delightful windfall.
     
  19. DevilFrank

    DevilFrank Registered Member

    Joined:
    Jul 20, 2003
    Posts:
    108
    That´s the way to think about it. Why should I trust any 3rd-party solution(s) if I can have the same solution(s) if I configure and use my OS properly? I don´t need this because this 3rd-party solutions can´t it better - in my eyes, this solutions are tearing holes in the OS, breaking the secure-rules of the OS because they want to have root-rights to install and run their drivers and many things more..... I have to harden the OS (software-policy, DEP, LUA, UAC, browser-configuration, windows-firewall etc.pp.) and the benefit is, it is secure and will fly. I did decide for me to go this way. No more HIPS and suites and whatever. Only MSE as a last line is running on all my machines (XP-Home, XP-Pro, VistaHomePremium_x86, Vista Ultimate64).
     
    Last edited: Oct 23, 2009
  20. SammyJack

    SammyJack Registered Member

    Joined:
    Aug 19, 2009
    Posts:
    129
    DevilFrank said:

    "in my eyes, this solutions are tearing holes in the OS, breaking the secure-rules of the OS because they want have root-rights to install and run their drivers and many things more....."

    That is quite a eye opener.
    I never thought of it in that perspective before.

    Thanking along those sames lines,what do the patch's/service packs/etc do to the operating system?

    Is it kind of like the "Peters Principal"?

    OS's are patched,upgraded etc,till the point of instability?

    Maybe the 98 diehards are not really that far off base.
     
  21. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Well let's call the the Security State of Mind Maturity Model, based on Capability Maturity Model (IT), Learning cycle of Kolb, presented by you by Sully and Rmus.

    CMM see http://en.wikipedia.org/wiki/Capability_Maturity_Model
    Kolb see http://images.google.nl/imgres?imgu...ing+cycle&hl=nl&rlz=1C1CHNG_nlNL350&sa=X&um=1

    Edit: Because people start from a different learning/experience point, there are so many solution angles.

    :argh: :argh: :argh:
     
    Last edited: Oct 23, 2009
  22. masqueofhastur

    masqueofhastur Registered Member

    Joined:
    Nov 19, 2005
    Posts:
    109
    I think it goes up and down.

    You can see these waves repeating themselves in several fashions.

    Windows 95 comes along with something new and has problems

    Windows 98 is really not all that different from Windows 95, just all the 95 changes in one neat package. 98SE is just a further refinement of that.

    Windows Me comes along and tries adding new features to that neat package and things start breaking.

    Similarly with NT. 3.51 starts off. NT 4 kinda refines that. 2000 really brings it together for usability. XP comes along and starts throwing features in that start making it break down just like Me did for 98.

    Vista comes along with a new feature set and has problems, 7 comes along and refines it so it's stable. Then we're looking at 8 or whatever likely starting to break things again, or perhaps it'll be something like 98 to 98SE.

    Mac OS had the same thing.

    It seemed to really be refined around 7.5.5/7.6.1, while being a little iffy with 6 and 7. 8 started introducing new features and was breaking things and 9 just got ridiculous.

    OS X same deal. 10.0 horrible, 10.1 not quite as horrible, 10.2 passable, 10.3 finally usable and 10.4 refined, then 10.5 breaks things and 10.6 brings in the guest account bug.

    The 98 die hards might have a point to a degree, but particularly now 2000 is more viable than 98/SE and Windows 7 by all appearances will take that over. I don't think I could really take someone who prefers 98 over 2000 in a modern environment that seriously.
     
  23. SammyJack

    SammyJack Registered Member

    Joined:
    Aug 19, 2009
    Posts:
    129
    masqueofhastur:

    Agreed.

    Evolution,rather than Revolution with trail and error thrown in.

    Maybe not exciting,but the only game in town that works.(sort of)(so far)..

    fishing on lake Hali this Saturday.
     
  24. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    I rely on a firewall and HIPS as a front line defense. There's only 2 reasons that these would need constant interaction from the user.
    1. The user hasn't finished the rulesets. They either haven't taken the time or they haven't learned how to make effective rules.
    2. The applications and/or processes on the users PC are constantly changing which requires new rules to be made for those apps.
    Rule based firewalls annd HIPS do require an initial time investment to set them up properly. Once that's finished, they fall silent until something changes. That would be patch day and new installs. Except for user skill, how that PC is used is the most important criteria in deciding whether these types of apps are suitable as a front line defense. They're at their best on systems that are equipped and configured the way the user wants it, in which case they function as "anti-change" software. They're the wrong choice for users who always want to try something new. On my PCs, they're silent during normal usage and when others are using it.

    IMO, the biggest problem most users have when choosing their "holy grail" of security is that they're starting with the security software, comparing features, tests, recommendations, etc. This should be one of the last steps in building your security package, not the first. The first step should be choosing a base security policy and modifying it to suit your needs. Once that policy is worked out, then choose the tools best suited to enforce it. These can be built in Windows tools, 3rd party software, or both.

    For me, default-deny is the pinnacle of security and performance. Processor power and system resources aren't wasted scanning for all the malicious and undesirable code in existence. Checking the integrity of one or two hundred known good executables on your system and allowing only those to run uses almost no resources at all. My primary PC changes very little from week to week, or month to month. Updating and patching is done manually, at most once a month when I get around to it. Immediate patching of vulnerabilities isn't as critical as it would be on systems with default-permit based security. Default-deny will prevent the execution of any malicious payload that enters through an unpatched vulnerability. This makes my HIPS and firewall enforced default-deny policy almost maintenance free.
     
  25. wat0114

    wat0114 Guest

    Close in my situation, except I've done this to feed an addiction, never mind being a hobbyist :D :p

    Very slow fade for me , but eventually it happened :)

    Kind of where I'm at too, except computing was never simplistic for me, right from the get go :D

    Finally, I am at a very comfortable and satisfying conclusion in my epic journey testing different security software and combinations. Similar to ssj, I'm also very happy with using what's built into Windows for the majority of my security needs, supplementing it with SandBoxie only, although the vm is a little different, but that's used for different purposes, mainly testing software and the odd malware. It's really been a lot of fun and a tremendous learning experience, though, a journey that will probably not end any time soon, and that matters the most to me :)
     
Loading...
Thread Status:
Not open for further replies.