Best choice between real-time protection options

Hi,

I know it's the N-th thread about "what is the best product ?" thread, but please don't bash me... yet. Let me just explain the situation : I've been testing both KIS 7 and ESS for few last months, and before that, I used to be protected with SSM + Nod32 + Outpost. I have licences for Nod32, OP, SSM (because I translated it to French), and KIS (from another machine that I no longer use it on). The computer's not so powerful : a Compaq laptop, with an Ahtlon XP-M 3000+ (1.6 Ghz), 1GB ram (DDR PC3200) and a 80GB 5400 RPM hard-drive, and runs XP Home SP2 (full updates). Firefox 2 is my browser, with NoScript! (disables JS except on sites I choose), CookieSafe(same for cookies) and SecureLogin(opera-style "wand" that disables JS when logging in) extensions.

So, as I said before, I tested three configurations, which I'll detail :

• Nod32 + OP + SSM + SpamBayes : Must be the more balanced of the three. Fast, and efficient. Only Outpost is known to have weaknesses, and there are sometimes network problems due to HTTP scanning by IMON. Also, ths configuration eats more space (disk, RAM) and CPU when idle (never falls to 0%, amazingly, whereas it does with the other two configs). The layered security approach should allow for more security.
• ESS + SSM : The lightest, but ESS has it's problems, network wise (with the firewall.). Also it won't detect leaktests. But SSM is here.
• KIS 7 : Well, it may (or may not) be the one that provides the best protection, but it's heavy. Not on the network, which is the fastest of the three configs, but on the HDD / CPU. I know theoretically it should become faster with time due to iChecker / iSwift, but it doesn't really (for some applications the start-up time goes up to 200+ % the time they take with the first (nod/op/ssm, the standard one) configuration). Except from that issue, it's truly a great product IMO,the most complete I've seen.

All of the software are configured to their maximum security options (except for KIS7's real-time protection, because it slows down the system way too much when on maximum settings).

My wonder is, which one of these (mostly KIS and the combo, not ESS since it's still beta) provides, in your opinion, the best security ? For me they're more-or-less equivalent, but I'd like to know if protection with SSM/OP/Nod is sufficient and equivalent as KIS7's, because this solution is without a doubt lighter, but if it isn't, I'll keep KIS.

Thanks for your answers, please don't flame me too much

 

what type of network problem with imon?
the combo is good and covers the bases.
but kis7.0 is more complete and is all under one easy to use hood.
no network problems with kis7.0 is due to the redesigned network driver.
lodore

 

Hi lodore and thanks for the reply,

I know what you're talking about, since I tested KIS7 too (and still use it right now), and there is no network problem, my only issue is a noticebale slow down when using applications (in fact it's the real-time scan, and AIC when hashing new DLL's, that are slowing down the computer).

With IMON, the problem is, when there is a large number of simultaneous HTTP connections (for example opening several tabs in Opera or in firefox, or in Opera, just loading some page with several images), the images get all messed up, and it's not a browser issue, since it happens on both browsers, which have different engines (and I don't use IE )

 

did you post a message in the nod32 forum about the imon problem?
you probaly did but i dont know.....
the only problems i have with kis6.0 are the really high cpu after allowing a new connection which should of been fixed in 7.0 which i will install on friday.
and really high cpu when updating.
lodore

 

In fact I didn't because I believed it was Opera's fault until recently when I was connected through my university's access point (which is slow) and it happened on firefox.
But, since at the time, ESS beta already started and Nod32 v3 will use the same engine as it, and I don't encounter with ESS (since it uses, like KIS7, a NDIS minifilter instead of inserting into the winsock layer like IMON did), it seemed pointless at the time I made such a discovery, to post on their forum, since the next version already fixes it.

 

i do see your point.
there is no point posting about a problem that is fixed in the lastest beta.
btw kis7.0 is better at removing malware than ess.
are you the same ice panther as the one on kaspersky forums that replyed to my post earlier?
lodore

 

Yes, I'm the same guy.

 

Anyone else with an opinion / analysis of the options ? I'd like to have several ones regarding this before I decide on whether to keep KIS despite it being heavier on my system, or returning to my previous configuration.

 

Thanks for the reply Peter2150

 

Overall, I think KIS would provide teh best protection.

 

Thank you WSFuser, Peter2150 and lodore for your answers, guess I'll stay with KIS for now then...

 

<bump>

Hi,

Sorry to resurrect this old thread but some "parameters" have changed, and I'll let you know below the new situation :

First, from the time of last post, I've used KIS, but there are bugs I find rather annoying, and problematic. I've of course reported them in the appropriate bugthread, but nevertheless, I need to find a solution that's more stable : First, AIC doesn't properly detect some DLL's/EXE's except when I untick the "automatically add digitally signed modules to trusted list" option. Okay, that's fine with me.
What's not fine with me, is KIS freezes the ocmputer when trying to go to hibernate mode and when waking up from sleep mode. What is annoying, because my machine is a laptop, and I use both of these modes often (plus the computer goes into hibernate automatically when it hasn't got anymore battery power).
Also, KIS didn't get any lighter and is sometimes very heavy on the machine. The 5+ hour full scan didn't help...

Then, my license will run out in less than a month for Nod/KIS, and a few months for OP. (the SSM licence is unlimited for now, so...)




Anyway,

I'm left in the same situation than one month before, but I can't use KIS because it's too heavy and buggy (for now, regarding sleep/hibernate on a laptop). So I want to ask all of you what would be the best configuration that would give me the same (or a better) security level as KIS (with full configuration options).

Antivirus options I can think of : Avira antivir PE Premium / Nod32
Firewall options I can think of : Outpost Pro / Comodo
HIPS/BB/Proactive shields I can think of : SSM (full) / (I need a behavior blocker, too, that would be lightweight, and am open to suggestion for other software which would complement / supplement SSM)
Antipam I can think of : SpamBayes / (again, open to suggestion, but I'd prefer an Outlook plugin that a traffic filter)

I use Firefox with NoScript! and CookieSafe with no exceptions (except this form, KL forum, and my own site), and have deactivated all useless services, I also ran the WWDC doors cleaner. No ports open, and I'm behind a NAT router.

So my question is : From the above lists, what would be the best configuration to secure this machine without taking up too much resources (cpu cycles, network speed, ram) ? You can answer with the items on the list, or other if you think they're better...

Thank you in advance for your answers, I regard this community, and hope you'll help me solve this once and for all

 

for AV: Avira or NOD32 are both fine
FW: probably Comodo, unless you like the other stuff they add to OP - personally I hate it but whatever floats your boat
HIPS: I'd recommend DefenseWall if you were after a light non-intrusive HIPS, although its a sandbox HIPS and not a behaviour blocker (i.e. no prompts, untrusted apps are blocked automatically from critical areas). DW seems just as strong, if not stronger, than SSM in terms of protecting the system (according to technical tests anyway) although it doesn't come with some of SSM's neat stuff like cpu usage monitors and all that.

 

Hi IcePanther,
On my main computer I'm using KIS 7.0 and it is working very light and without any problems on MY PC, now it may be different on your PC.

Right now I'm testing other configurations (Thanks to FD ISR!) which is Antivir PE Premium, Comodo, DefenseWall. I also tried Antivir PE Premium, L'n'S and SSM.

Like tamdam said above, DefenseWall is less intrusive than SSM but both configuration are running fine and not using too much resources.

 

Hello,
Either one will do - or won't. It's up to you. Go with what you like most.
A secret - you don't really need any of those...
Mrk

 

AV: NOD32
FW: Look n Stop (or wait for Comodo v3, itll be lighter and more powerful)
HIPS: SSM
AntiSpam: Im not very familiar with AntiSpam, but you could try Spam Terrier or K9 AntiSpam.

 

Actually, I feel I do, not because of my habits at home, but because at the university the network isn't the safer out there, and my classmates don't have very secure setups too (no protection software at all, all ports open, connected by USB modem to DSL) and some times we have to exhange files over either the network or USB keys.

So... it may be needed after all.

Or did I misunderstand you ?

___________________________

Now can I run DefenseWall (or GeSWall, I heard they pretty much did the same thing as sandboxes, and GeSWall is free) with SSM or do they have conflicts ? is it useful, if I already run SSM, to add defensewall/geswall ?
___________________________

WSFuser, I'll try spam terrier (not K9 because it's a proxy filter from what I understand and I don't want it to be "resident"), thanks for pointing it out.

 

I would say that they complement each other. DefenseWall is also acting like a sandbox as it runs Iexplorer,Firefox and your P2P program as untrusted applications.

On my test PC, I've been running them together without any conflicts.

 

Mmmh, I don't know what it was, but Comodo +DefenseWall = big slowdown on my machine. So I'll try other compbinations (firewall : LnS, OP) to see if that's related to the fw or defensewall (I didn't have an AV installed at the time). I'll also test antivir pe premium if i find a trial key.

Anyway, thanks everyone for the answers

 

Hi all,

You can request a trial key for antivir here

Regards,

MaB

 

Ice Panther;

Try ordinay Windows firewall, plus Antivir (free + heuristics high and scan on write only) + A2 Malware (with behavior IDS) + GeSWall Pro

You can set up GeSWall pro with confidential folders and exceptions on a per basis untrusted application (for instance giving your untrusted e-mail client access to your mail folders). Together with the A2 smart protection this will cover outbound traffic sufficiently (A2 passes for instance trojan demo and trojan simulator with ease).

Downside is that you will have to pay for A2 and GesWall. In my test GW was just a bit faster than DW (DW is absolutely prblem free, GW needs some tuning). The combi Antivir + A2 + Defensewall was considerable faster than Antivir + SSM + DW, so A2 is fast.

Regards K

 

Hi all,

I am using since more than a month, a similar combo : Antivir Premium + OA2 + GeSwall Pro.

This combo run very light on my comp and i feel very well protected ( FW + HIPS + Web/Mail Filtering for OA, Heuristic and Blacklist for Antivir and Sandbox and virtualization for GeSWall Pro )

Regards,

MaB

 

I had a big slowdown on my machine and i thought it was prevx as it seemed to be using a lot of memory along with my browsers.

Windows was also reporting that kis7 was disabled even though it was running with full protection.

After uninstalling i still had the big slowdown and i could not reinstall prevx even though i was running it as trusted.

I uninstalled Defensewall and my system sprang back to life, kaspersky was no longer reporting disabled and prevx installed ok.

 

Thanks for the informations regarding DW.

BTW, justout of curiosity I reinstalled KIS and found the source of my problem : In fact what prevented the hibernate mode to function was a driver that wanted to load but was prevented by AIC since I disabled the "add automatically signed modules ....." option. I enabled it, did tests with sleep and hibernate modes, and seems to be OK. Now I disabled it back again, and it still works (since the driver/dlls are loaded in the shared list).

Stupid me...

I'll nevertheless test avira + ssm + (geswall pro) + some firewall (OP or LnS, depending on what runs best, Comodo is too awful at making rules for now, I hope v3 will be better, because it's an otherwise excellent firewall), and see what suits me best.

At the time I tested OA, it noticeably slowed down the machine when launching an application and surfing, I may try the new version if I have time, though, because it must have evolved (I tested it one year ago). But I won't use Windows firewall, because it has no leaktest and no outbound protection, and I deny some connections to be safer, so I need something a little more configureable.

Once again, thanks all for your answers and suggestions