Best choice between real-time protection options

Discussion in 'other anti-malware software' started by IcePanther, May 22, 2007.

Thread Status:
Not open for further replies.
  1. IcePanther

    IcePanther Registered Member

    Joined:
    May 28, 2005
    Posts:
    308
    Location:
    (nearby) Paris, France
    Hi,

    I know it's the N-th thread about "what is the best product ?" thread, but please don't bash me... yet. :rolleyes: Let me just explain the situation : I've been testing both KIS 7 and ESS for few last months, and before that, I used to be protected with SSM + Nod32 + Outpost. I have licences for Nod32, OP, SSM (because I translated it to French), and KIS (from another machine that I no longer use it on). The computer's not so powerful : a Compaq laptop, with an Ahtlon XP-M 3000+ (1.6 Ghz), 1GB ram (DDR PC3200) and a 80GB 5400 RPM hard-drive, and runs XP Home SP2 (full updates). Firefox 2 is my browser, with NoScript! (disables JS except on sites I choose), CookieSafe(same for cookies) and SecureLogin(opera-style "wand" that disables JS when logging in) extensions.

    So, as I said before, I tested three configurations, which I'll detail :

    • Nod32 + OP + SSM + SpamBayes : Must be the more balanced of the three. Fast, and efficient. Only Outpost is known to have weaknesses, and there are sometimes network problems due to HTTP scanning by IMON. Also, ths configuration eats more space (disk, RAM) and CPU when idle (never falls to 0%, amazingly, whereas it does with the other two configs). The layered security approach should allow for more security.
    • ESS + SSM : The lightest, but ESS has it's problems, network wise (with the firewall.). Also it won't detect leaktests. But SSM is here.
    • KIS 7 : Well, it may (or may not) be the one that provides the best protection, but it's heavy. Not on the network, which is the fastest of the three configs, but on the HDD / CPU. I know theoretically it should become faster with time due to iChecker / iSwift, but it doesn't really (for some applications the start-up time goes up to 200+ % the time they take with the first (nod/op/ssm, the standard one) configuration). Except from that issue, it's truly a great product IMO,the most complete I've seen.
    All of the software are configured to their maximum security options (except for KIS7's real-time protection, because it slows down the system way too much when on maximum settings).

    My wonder is, which one of these (mostly KIS and the combo, not ESS since it's still beta) provides, in your opinion, the best security ? For me they're more-or-less equivalent, but I'd like to know if protection with SSM/OP/Nod is sufficient and equivalent as KIS7's, because this solution is without a doubt lighter, but if it isn't, I'll keep KIS.

    Thanks for your answers, please don't flame me too much :D:rolleyes:
     
  2. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    what type of network problem with imon?
    the combo is good and covers the bases.
    but kis7.0 is more complete and is all under one easy to use hood.
    no network problems with kis7.0 is due to the redesigned network driver.
    lodore
     
  3. IcePanther

    IcePanther Registered Member

    Joined:
    May 28, 2005
    Posts:
    308
    Location:
    (nearby) Paris, France
    Hi lodore and thanks for the reply,

    I know what you're talking about, since I tested KIS7 too (and still use it right now), and there is no network problem, my only issue is a noticebale slow down when using applications (in fact it's the real-time scan, and AIC when hashing new DLL's, that are slowing down the computer).

    With IMON, the problem is, when there is a large number of simultaneous HTTP connections (for example opening several tabs in Opera or in firefox, or in Opera, just loading some page with several images), the images get all messed up, and it's not a browser issue, since it happens on both browsers, which have different engines (and I don't use IE :p :D)
     
  4. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    did you post a message in the nod32 forum about the imon problem?
    you probaly did but i dont know.....
    the only problems i have with kis6.0 are the really high cpu after allowing a new connection which should of been fixed in 7.0 which i will install on friday.
    and really high cpu when updating.
    lodore
     
  5. IcePanther

    IcePanther Registered Member

    Joined:
    May 28, 2005
    Posts:
    308
    Location:
    (nearby) Paris, France
    In fact I didn't because I believed it was Opera's fault until recently when I was connected through my university's access point (which is slow) and it happened on firefox.
    But, since at the time, ESS beta already started and Nod32 v3 will use the same engine as it, and I don't encounter with ESS (since it uses, like KIS7, a NDIS minifilter instead of inserting into the winsock layer like IMON did), it seemed pointless at the time I made such a discovery, to post on their forum, since the next version already fixes it.
     
  6. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    i do see your point.
    there is no point posting about a problem that is fixed in the lastest beta.
    btw kis7.0 is better at removing malware than ess.
    are you the same ice panther as the one on kaspersky forums that replyed to my post earlier?
    lodore
     
  7. IcePanther

    IcePanther Registered Member

    Joined:
    May 28, 2005
    Posts:
    308
    Location:
    (nearby) Paris, France
    Yes, I'm the same guy.
     
  8. IcePanther

    IcePanther Registered Member

    Joined:
    May 28, 2005
    Posts:
    308
    Location:
    (nearby) Paris, France
    Anyone else with an opinion / analysis of the options ? I'd like to have several ones regarding this before I decide on whether to keep KIS despite it being heavier on my system, or returning to my previous configuration.
     
  9. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,046
    Hi IcePanther

    I'd go with KIS 7.0. It is slightly slower on start up, but once up I find it light on the system. Initially quite a few pop's if you have full blown PDM turn on, but it's excellent protection.

    Pete
     
  10. IcePanther

    IcePanther Registered Member

    Joined:
    May 28, 2005
    Posts:
    308
    Location:
    (nearby) Paris, France
    Thanks for the reply Peter2150 :)
     
  11. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    Overall, I think KIS would provide teh best protection.
     
  12. IcePanther

    IcePanther Registered Member

    Joined:
    May 28, 2005
    Posts:
    308
    Location:
    (nearby) Paris, France
    Thank you WSFuser, Peter2150 and lodore for your answers, guess I'll stay with KIS for now then...
     
  13. IcePanther

    IcePanther Registered Member

    Joined:
    May 28, 2005
    Posts:
    308
    Location:
    (nearby) Paris, France
    <bump>

    Hi,

    Sorry to resurrect this old thread :rolleyes: but some "parameters" have changed, and I'll let you know below the new situation :

    First, from the time of last post, I've used KIS, but there are bugs I find rather annoying, and problematic. I've of course reported them in the appropriate bugthread, but nevertheless, I need to find a solution that's more stable : First, AIC doesn't properly detect some DLL's/EXE's except when I untick the "automatically add digitally signed modules to trusted list" option. Okay, that's fine with me.
    What's not fine with me, is KIS freezes the ocmputer when trying to go to hibernate mode and when waking up from sleep mode. What is annoying, because my machine is a laptop, and I use both of these modes often (plus the computer goes into hibernate automatically when it hasn't got anymore battery power).
    Also, KIS didn't get any lighter and is sometimes very heavy on the machine. The 5+ hour full scan didn't help...:rolleyes:

    Then, my license will run out in less than a month for Nod/KIS, and a few months for OP. (the SSM licence is unlimited for now, so...)




    Anyway,

    I'm left in the same situation than one month before, but I can't use KIS because it's too heavy and buggy (for now, regarding sleep/hibernate on a laptop). So I want to ask all of you what would be the best configuration that would give me the same (or a better) security level as KIS (with full configuration options).

    Antivirus options I can think of : Avira antivir PE Premium / Nod32
    Firewall options I can think of : Outpost Pro / Comodo
    HIPS/BB/Proactive shields I can think of : SSM (full) / (I need a behavior blocker, too, that would be lightweight, and am open to suggestion for other software which would complement / supplement SSM)
    Antipam I can think of : SpamBayes / (again, open to suggestion, but I'd prefer an Outlook plugin that a traffic filter)

    I use Firefox with NoScript! and CookieSafe with no exceptions (except this form, KL forum, and my own site), and have deactivated all useless services, I also ran the WWDC doors cleaner. No ports open, and I'm behind a NAT router.

    So my question is : From the above lists, what would be the best configuration to secure this machine without taking up too much resources (cpu cycles, network speed, ram) ? You can answer with the items on the list, or other if you think they're better...

    Thank you in advance for your answers, I regard this community, and hope you'll help me solve this once and for all :rolleyes::D
     
  14. tamdam

    tamdam Registered Member

    Joined:
    Feb 8, 2007
    Posts:
    88
    for AV: Avira or NOD32 are both fine
    FW: probably Comodo, unless you like the other stuff they add to OP - personally I hate it but whatever floats your boat
    HIPS: I'd recommend DefenseWall if you were after a light non-intrusive HIPS, although its a sandbox HIPS and not a behaviour blocker (i.e. no prompts, untrusted apps are blocked automatically from critical areas). DW seems just as strong, if not stronger, than SSM in terms of protecting the system (according to technical tests anyway) although it doesn't come with some of SSM's neat stuff like cpu usage monitors and all that.
     
  15. Antarctica

    Antarctica Registered Member

    Joined:
    Feb 25, 2003
    Posts:
    1,617
    Location:
    Canada
    Hi IcePanther,
    On my main computer I'm using KIS 7.0 and it is working very light and without any problems on MY PC, now it may be different on your PC.;)

    Right now I'm testing other configurations (Thanks to FD ISR!) which is Antivir PE Premium, Comodo, DefenseWall. I also tried Antivir PE Premium, L'n'S and SSM.

    Like tamdam said above, DefenseWall is less intrusive than SSM but both configuration are running fine and not using too much resources.:)
     
  16. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,697
    Hello,
    Either one will do - or won't. It's up to you. Go with what you like most.
    A secret - you don't really need any of those...
    Mrk
     
  17. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    AV: NOD32
    FW: Look n Stop (or wait for Comodo v3, itll be lighter and more powerful)
    HIPS: SSM
    AntiSpam: Im not very familiar with AntiSpam, but you could try Spam Terrier or K9 AntiSpam.
     
  18. IcePanther

    IcePanther Registered Member

    Joined:
    May 28, 2005
    Posts:
    308
    Location:
    (nearby) Paris, France
    Actually, I feel I do, not because of my habits at home, but because at the university the network isn't the safer out there, and my classmates don't have very secure setups too (no protection software at all, all ports open, connected by USB modem to DSL) and some times we have to exhange files over either the network or USB keys.

    So... it may be needed after all.

    Or did I misunderstand you ?

    ___________________________

    Now can I run DefenseWall (or GeSWall, I heard they pretty much did the same thing as sandboxes, and GeSWall is free) with SSM or do they have conflicts ? is it useful, if I already run SSM, to add defensewall/geswall ?
    ___________________________

    WSFuser, I'll try spam terrier (not K9 because it's a proxy filter from what I understand and I don't want it to be "resident"), thanks for pointing it out.
     
  19. Antarctica

    Antarctica Registered Member

    Joined:
    Feb 25, 2003
    Posts:
    1,617
    Location:
    Canada
    I would say that they complement each other. DefenseWall is also acting like a sandbox as it runs Iexplorer,Firefox and your P2P program as untrusted applications.

    On my test PC, I've been running them together without any conflicts.:)
     
  20. IcePanther

    IcePanther Registered Member

    Joined:
    May 28, 2005
    Posts:
    308
    Location:
    (nearby) Paris, France
    Mmmh, I don't know what it was, but Comodo +DefenseWall = big slowdown on my machine. So I'll try other compbinations (firewall : LnS, OP) to see if that's related to the fw or defensewall (I didn't have an AV installed at the time). I'll also test antivir pe premium if i find a trial key.

    Anyway, thanks everyone for the answers :):D
     
  21. MaB69

    MaB69 Registered Member

    Joined:
    Dec 9, 2005
    Posts:
    540
    Location:
    Paris
    Hi all,

    You can request a trial key for antivir here

    Regards,

    MaB
     
  22. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Ice Panther;

    Try ordinay Windows firewall, plus Antivir (free + heuristics high and scan on write only) + A2 Malware (with behavior IDS) + GeSWall Pro

    You can set up GeSWall pro with confidential folders and exceptions on a per basis untrusted application (for instance giving your untrusted e-mail client access to your mail folders). Together with the A2 smart protection this will cover outbound traffic sufficiently (A2 passes for instance trojan demo and trojan simulator with ease).

    Downside is that you will have to pay for A2 and GesWall. In my test GW was just a bit faster than DW (DW is absolutely prblem free, GW needs some tuning). The combi Antivir + A2 + Defensewall was considerable faster than Antivir + SSM + DW, so A2 is fast.

    Regards K
     
  23. MaB69

    MaB69 Registered Member

    Joined:
    Dec 9, 2005
    Posts:
    540
    Location:
    Paris
    Hi all,

    I am using since more than a month, a similar combo : Antivir Premium + OA2 + GeSwall Pro.

    This combo run very light on my comp and i feel very well protected ( FW + HIPS + Web/Mail Filtering for OA, Heuristic and Blacklist for Antivir and Sandbox and virtualization for GeSWall Pro )

    Regards,

    MaB
     
  24. Tony

    Tony Registered Member

    Joined:
    Feb 9, 2003
    Posts:
    722
    Location:
    Cumbria, England
    I had a big slowdown on my machine and i thought it was prevx as it seemed to be using a lot of memory along with my browsers.

    Windows was also reporting that kis7 was disabled even though it was running with full protection.

    After uninstalling i still had the big slowdown and i could not reinstall prevx even though i was running it as trusted.

    I uninstalled Defensewall and my system sprang back to life, kaspersky was no longer reporting disabled and prevx installed ok.
     
  25. IcePanther

    IcePanther Registered Member

    Joined:
    May 28, 2005
    Posts:
    308
    Location:
    (nearby) Paris, France
    Thanks for the informations regarding DW.

    BTW, justout of curiosity I reinstalled KIS and found the source of my problem : In fact what prevented the hibernate mode to function was a driver that wanted to load but was prevented by AIC since I disabled the "add automatically signed modules ....." option. I enabled it, did tests with sleep and hibernate modes, and seems to be OK. Now I disabled it back again, and it still works (since the driver/dlls are loaded in the shared list).

    Stupid me...:'(

    I'll nevertheless test avira + ssm + (geswall pro) + some firewall (OP or LnS, depending on what runs best, Comodo is too awful at making rules for now, I hope v3 will be better, because it's an otherwise excellent firewall), and see what suits me best.

    At the time I tested OA, it noticeably slowed down the machine when launching an application and surfing, I may try the new version if I have time, though, because it must have evolved (I tested it one year ago). But I won't use Windows firewall, because it has no leaktest and no outbound protection, and I deny some connections to be safer, so I need something a little more configureable.

    Once again, thanks all for your answers and suggestions :)
     
Loading...
Thread Status:
Not open for further replies.