Do I actually need an Antivirus on my netbook?

The problem is "new" mal-ware not yet id'd as a signature. So I like to have a real-time heuristic up front to give me some coverage against those new baadies. So as you have Eset (V4?) why not use it? The performance issue for me has never been persuasive where security is concerned. Fraction of second here or there who cares?

 

Prevx and some on demand scanners like malwarebytes or a-squared.

 

I would go with LUA+SRP

AppLocker is great and I better then SRP.
But:
1. You will need Ultimate edition of the Windows
2. http://code.google.com/p/chromium/issues/detail?id=10576
There is currently an issue of Google Chrome under AppLocker (actually issue with Google Chrome's internal sandbox)

I tried, I can't still find soulution for this
But it works fine under SRP. (currently using it)


And about Google Chrome's security don't worry too much.
It's Internal Sandbox is good enough.

 

58115, seems from your first post you are a common sense individual. I'd say "no" you don't need an av, at least not a resident scanner. On-demand for times when you may not be too sure about something, but otherwise no. I'm of the opinion resident av's are a kind of virus in themselves; they offer some coverage but at the considerable expense of stifling resources. I agree with others about adding SRP into the equation. It will bolster your setup nicely.

 

Online scanners are great. I recommend Panda ActiveScan. Download and use HostsXpert to block ad/malicious domains. Use NoScript as well. That's all you should need - that's what I did and all I got on my netbook was a "StartMenu.Hijack" (according to malwarebytes) after three months of wifi in a foreign country. And I was running as an admin in XP. That said, you should use limited/guest accounts.

 

I use the hosts file from http://someonewhocares.org/hosts but mainly for blocking ads.

 

To keep it in perspective, that article is on TechNet and written by a guy that doesn't work for MS (look at the bottom). The AppLocker part starts out with a false statement:

"Available since Windows 2000, SRP allows administrators to control whether a computer operates in default-allow or default-deny state."

SRP isn't available in Win2K and was introduced with XP and Server 2003. This may be nit-picking but it does make me wonder if anything else in his article is erroneous.

The blog posting from Mark Russinovich is of course interesting (his articles almost always are) but again, to keep things in perspective, the OP wants to secure his netbook and not a 2000 seat corporate network. Paying for an upgrade to Ultimate just to get AppLocker seems like overkill to me, but once again, that's an opinion.

 

The nice part about LUA & SRP is that you don't need signatures or heuristics. Where your limited account is allowed to write it's not allowed to execute. Where it's allowed to execute it's not allowed to write. You would have to have an escalation of privileges, such as a buffer overflow. If you have DEP enabled there's a good chance that will also be blocked.

When you look at the AV-Comparative retrospective tests, the best ones are doing around 70% and some are way under 50% so the chances of getting infected are still pretty good if you're running as admin. Then you have the factor of false positives with heuristics. With LUA & SRP you'll never get a popup (erroneously) telling you that winlogon.exe is a Trojan.

On a netbook with one these Atom CPUs and a slow FSB, etc, it might make more of a difference.

 

I have a netbook with XP Pro, Shadow Defender, and Avira Premium only with its main guard (I'm actually considering reinstalling it to have it only on demand ).

You could also trial Faronics Anti-Executable (similar to AppLocker), it is very light and it has just been updated for Windows 7, it's not free but I believe it is cheaper than an upgrade to Ultimate, nothing will execute without your approval. Shadow Defender alone is a power house, but you still need to check anything that you want to keep from the virtual session.

 

You don't have to reinstall it, just go to add-remove programs and select Avira. You have the choice to repair, modify or uninstall. If you select modify all you have to do is uncheck the parts you don't want anymore and it gets rid of them. You can add them back in the same way. Then you don't lose any of the settings you have already made.

Edit: spelling mistake

 

I have an EeePC 1005HA-PU17 with 1GB of ram and I'm currently using Avira AntiVir Free with no problems at all. Avast is also very light, I had it running before Avira. I think that if you use USB storage devices appart from the ones you own, you should deffinitely have some kind of deffense. In my country, USB devices cause most of PC infections.

 

Yes, Shadow Defender is great, and I like NAV 2010 also, as well as WinPatrol, all basically never giving headaches and light on system resources. WinPatrol is great for disabling and removing from start-up some processes, especially related to google chrome at times, a very good browser otherwise ( with extensions like: WOT, AdThwart, FlashBlock ).
Also Autorun Manager and AnVir Task Manager are worthy of consideration.
Malwarebytes', DrWeb CureIt and A-squared are good on demand scanners.

 

Thanks, I'll keep that in mind for future changes. The poster has actually raised a good point and I have uninstalled Avira from my netbook, and replaced it with the latest Anti-Executable which I had running on my main laptop. So far, no problems at all, and there is a definite perception of improved speed.

 

Most of the warez I've used in the last 10 years has been more reputable than anything by MS and Adobe!! You need a sandbox. And disable autorun while you're at it.

 

That is a crock load.

 

If you go by security vulnerabilities and the need for patches, it's probably correct, sad as that is to say. Adobe is starting to make MS look good in the vulnerability department, but I'll refrain from knocking the topic off-track further.

 

I'm sorry I agree with him. MS Patch's one hole just to turn around and had have to patch the patch they just released. XP has been out what 8 years. It takes about 4 hours to patch the system to a "Safe" State from SP1.

 

How about using just DefenseWall and running some on demand/online scanners every now and then??

 

Anyone running MSE on a netbook? A friend of mine just got a netbook and was wondering what to put on it. I think they have XP as their OS.

 

Would you switch Windows Defender on or leave it off? I think Windows Defender uses hardly any resources. Are there any recent tests on how effective it is?

 

MSE would be ideal for netbooks if it wasn't scanning archives on-access.
I don't have clue who was the idiot at MS that have thought that scanning archives on-access is a smart idea. It caused awful slowdowns on Intel Core i7 920, 6GB of RAM and fast Samsung F1 750GB HDD after downloading a freeware game (like FEAR Combat). It took ages to finish download because "smart" MSE was scanning the entire installed. Now imagine a weak Atom CPU, 6 times less RAM and HDD that has half the speed. I just don't get it. No other AV does that unless you manually enable this. Some don't even offer that. But MSE openly does that by default and doesn't offer ANY option to disable this crap.
And no, the archive checkbox in settings only applies to on-demand which i don't care about at all.

 

I can't believe there's no way to turn off the on-access archive scanning feature in MSE. At least there should be a setting to limit the size of the file to scan, just like GData and others do.

@OP,
You should try a few options first for choosing the right AV for your netbook. Compare the performance and usability between them.

 

Nope, there is no such setting. I've even tried replicating on-demand archive scanning tweak for on-access with no effect. It was still scanning archives.
Which is very lame. I really hope they'll add this setting, otherwise i'll be forced to use something else.

 

I would say running ThreatFire or Mamutu would be adequate against serious threats that could damage your system. To detect less damaging files, a weekly on-demand scan would be sufficient.

Some great suggestions already in this thread, but sandbox/virtualisation has the flip-side of updates not being installed correctly, or a slight inconvenience to the user.

I'm starting to wonder, what is the proportion of systems brought down by a malicious file versus a system needing to be re-built by installing too much software or incompatible software?

I'd say for every 2 out of 10 systems affected by malware, there'd have to be say 1 out of 10 being brought down by legitimate software (due to incompatibilities)/system tweaking by the user. Or maybe it's dead even!

 

I recommend Norton AV or Norton IS.

Extremely light on my netbook.

I also use Sandboxie in conjunction with NAV.