Overlap or Conflict in Real-Time Antimalware Applications

Discussion in 'other software & services' started by mallen1, Jun 5, 2007.

Thread Status:
Not open for further replies.
  1. mallen1

    mallen1 Registered Member

    Joined:
    Aug 30, 2006
    Posts:
    41
    I'm putting together a new computer on an XP-Pro OS and anticipate installing the following group of 24/7 real-time antimalware applications. Would you be so kind as to take a look and let me know if you notice any counterproductive overlap, conflict or incompatability. Are they fixable issues or should I delete specific programs from my list? In general terms, is it overkill, or did I leave holes in my security? My proposed list includes:

    1. Eset NOD32 antivirus
    2. Webroot Spy Sweeper
    3. Prevx1
    4. SUPERAntiSpyware
    5. Agnitum Outpost Firewall Pro
    6. Ella Outlook SpamFilter

    Thank you for your time.

    -Mark
     
  2. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    hello mallen1,
    is superantispyware the free or pro version?
    which of the apps are realtime and which or on demand?
    if you have spysweeper already just use it for on demand since the realtime is to heavy IMO.
    if you havent already brought spysweeper then dont.
    i think for realtime nod32+prevx and outpost would be more than enough.
    lodore
     
  3. the Tester

    the Tester Registered Member

    Joined:
    Jul 28, 2002
    Posts:
    2,854
    Location:
    The Gateway to the Blue Hills,WI.
    2,3, & 4 would be interchangable.
    You anticipate installing the programs on your list,does that mean that you already purchased them?
    If not,I would choose between SAS Pro or SpySweeper.
    I don't think that you need both-Overlap.

    Or you could go with Lodore's recommendation.
    Prevx is free until it finds something,unless something has changed recently.
     
  4. mallen1

    mallen1 Registered Member

    Joined:
    Aug 30, 2006
    Posts:
    41
    lodore - thanks for taking the time.

    1. Everything is the commercial, full version.
    2. My ideal would be to run everything in real-time, within reason re system's prowess (see below). I'd like to have a 24/7, proactive, interwoven meshwork of security suites that limits unnecessary overlap that overtaxes system resources.
    3. I own Spy Sweeper but would gladly toss it if it were disadvantageous to my overall goal. As with everything, security apps have a risk/benefit profile. As you know and as I'm learning the benefit is security, the risk is threefold: incompatability, functional overlap and overtaxing system resources. The better one side is, the worse the other. I mean, I could run thirty-seven anti-malware utilities and watch Windows take 5 minutes to redraw itself. Or, I could play Quake4 online P2P lightening fast behind no security for 10 minutes until I got infected, crashed and burned.

    Where's my sweet-spot?

    Again, thank you very much for your advice.

    -Mark
    XP-Pro, Asus P5N-E SLI Mobo, Thermaltake Toughpower 12V/750W power, Intel Core 2 Duo E6600 Conroe CPU: 2.4GHz 4MB shared L2 Cache, Corsair 2GB (2 x 1GB Kit) 5300 DDR2 SDRAM, NVIDIA 8600 GT Video Card, PreSonus Firebox Sound Card/Audio Interface, Motorola SBG900 Cable Router. Pretty Box.
     
  5. mallen1

    mallen1 Registered Member

    Joined:
    Aug 30, 2006
    Posts:
    41
    People rave with equal passion about SAS and Spy Sweeper. Depending on which they own. What's your (collective) thought?
     
  6. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    Nice PC.
    i would have to sergest the folowing.
    nod32+prevx+outpost+superantispyware.
    keep the antispam.
    that is quite a light setup and covers all the bases.
    use an alternate browser such as opera or firefox.
    disable messenger service and remote registry service.
    you system should be blazingly fast with that security and your protected.
    if i was you i would ditch spysweeper.
    i have both spysweeper and superantispyware pro.
    superantispyware is lighter, has daily updates and is very stable.
    i would ditch spysweeper if it wasnt for my dad still liking it.
    if you didnt have any brought secuirty software i would of reccomended to use eiether f-secure internet secuirity 2007 or kis7.0
    since with your pc you wouldnt notice any slowdown with f-secure.
    for the record f-secure is a very decent security program.
    the problems i had withit are probaly due to the fact ive installed and uninstalled lots of programs. and not f-secure's fault.
    lodore
     
    Last edited: Jun 5, 2007
  7. mallen1

    mallen1 Registered Member

    Joined:
    Aug 30, 2006
    Posts:
    41
    lodore - thanks for the compliment. It's just emerging from Maingear. I hope that they put a big red bow around it. Jeez, I forgot. I have hard drives, too. I'm kind of old-fashioned w/ drives. Seagate's my company. Forever it seems. This time around I'm getting the 7200.10 series and physically separating out my OS/Apps from my docs/audio-vid libraries. It's a sporting thought. We'll see if it matters. I know a guy who put his OS on one drive, software apps on another, audio libraries on a third, etc, etc. He has, I think, five HDDs spinning around. One is eSATA I think. Why not?

    Your well thought out advice is being internalized. It sincerely helps. I can focus my research this way and God willing, do something half way intelligent.

    -Mark
     
  8. eniqmah

    eniqmah Registered Member

    Joined:
    Jul 7, 2006
    Posts:
    391
    Outlook?
    People still use this POS?


    Sorry, now that I got it out of my system on to your system:
    If you bought Spysweeper, then run it on demand only. Use SuperAntiSpyware for realtime protection.
    If you haven't bought Spyseeper, use your money and buy something worthwhile.

    The rest looks fine. They will/should all integrate nicely without over lap.
     
  9. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,695
    Hello,

    Incompatibilities: depends on the system.
    Setup: Not something I would use.

    Holes: Only the ones in your head. Security setup X-Y-Z means NOTHING. It all comes down to what you do and how you think.

    Nothing can save you or any of us from ourselves.

    Specifically, I would do the following in your list:

    Replace firewall.
    Ditch Prevx, Spy Sweeper, and SpamFilter.
    Use only NOD32, if at all.

    Finally, use Firefox and as much non-MS software as possible. Firefox alone will provide you with 99% of passive security against exploits and such. Using non-MS apps, like Office, IM, email etc will take care of the remaining 1%.

    Mrk
     
  10. mallen1

    mallen1 Registered Member

    Joined:
    Aug 30, 2006
    Posts:
    41
    We all have areas of expertise. I happen to be an MD. Other physicians and myself drift health care forums giving appropriate health care information and direction. I would never insult someone's intelligence because they knew less medicine than me. I expect it 100% of the time. And if they have the stones to ask something, it's because they don't know the answer. Not because they are stupid, but because they don't have the same knowledge base that I have. And if I responded like you did, they'd never come back.

    I'm asking because I don't know. I am building a new system and I want to protect it to the best of my ability. My internet habits are limited and conservative. I practice safe hex: no P2P, porn, file sharing, et cetera and I'm behind a hard router. Behaviorally I'm likely in the 95th percentile for safety. Mrkvonik, you said, "Security setup X-Y-Z means NOTHING. It all comes down to what you do and how you think." I agree with half of what you imply. But if you have terrible software, you are hamstringing yourself unnecessarily. Why not combine quality security apps with intelligent behavior?

    It seems like folks here don't much like Webroot or Agnitum. What do you suggest for antimalware and firewalls? More importantly, why? Ditch Prevx, keep Prevx: why? Bad devepolment, bad company, don't like behaviorally based protection, why?

    eniqmeh - thanks for replying. Do you like SAS or just in comparison to Spy Sweeper? Is there a signature based software you prefer to either? One with a great library that never misses an update and has effective but light real-time protection? Effective and light on the CPU always seem to exisit in opposition. Which product does a good job of balancing this?

    Lodore and the Tester, thanks again for your feedback. It truly helps.

    Take Care,
    Mark

    XP-Pro, Asus P5N-E SLI Mobo, Thermaltake Toughpower 12V/750W power, Intel Core 2 Duo E6600 Conroe CPU: 2.4GHz 4MB shared L2 Cache, Corsair 2GB (2 x 1GB Kit) 5300 DDR2 SDRAM, Seagate Barracuda 7200.10 16MB Cache HDDs, NVIDIA 8600 GT Video Card, PreSonus Firebox Sound Card/Audio Interface, Motorola SBG900 Cable Router. Pretty Box.
     
  11. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    I tend to agree with you mallen, although from your description of activities you probably do need only minimal security software coverage.

    The classical AV vendors (Eset, Kaspersky, Norton, etc.) have incorporated much of the functionality provided by the niche applications (such as Webroot Spysweeper).

    For firewalls, I tend to recommend a suite type solution (ESS when it emerges from beta, KIS, Avira suite, NIS, etc.). For those determined to use a separate firewall, my personal preference is LooknStop for low system impact.

    I actually like Prevx, but I'd configure it to Query on unknown applications (I believe the default is Allow). The only downside (potential) is the extensive hooking of the SSDT, although I've not encountered a single incompatibility issue myself, so they must be doing it well.

    Blue
     
  12. mallen1

    mallen1 Registered Member

    Joined:
    Aug 30, 2006
    Posts:
    41
    Blue, thanks for taking your time to respond. I sincerely appreciate it.

    Prevx - I like it, too. This is just anecdotal, but since I added it to my old system, I went two years without an incursion. My ignorance is in determining how much of a performance hit I'm taking as it runs quite often. I'll explore the query options.

    LooknStop - can you tell me more about why you like (beyond system impact)? I've been reading great stuff about them as well as Outpost Firewall Pro 4.0 and I need to render a decision.

    Eset - I love it. I have NOD32 configured for minimal impact: under "AMON" whatever that stands for, you can instruct it to avoid wasting time examining your installed antimalware that's always running. Just drag&drop the address, e.g. Spysweeper's folder, from Browse to Add.

    Norton - It always screws up my system. That and ZoneAlarm Firewall. Don't know why, can't fix it. It (Norton) seems to corrupt my registry by commandeering certain .dll files as they are "not found". Maybe it's just me.

    If you have a sec, what's the lowdown on SAS (SUPERantispyware)?

    I can afford somewhat of a performance hit as my only superintense application is my DAW (Digital Audio Workstation). The OS/Apps for my DAW I have isolated on its own HDD (dual-boot), and the library/samples/working tracks (audio data files) are plopped on another HDD which is simply NTFS formatted. I have four HDDs. Don't tell anyone; it's embarrassing.

    Again, thanks,

    Take Care,
    -Mark
     
  13. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,695
    Hello,

    My goal was not to slight or insult you. If I had, apologies.

    When I said holes in your head, I meant holes in EVERYONE's head.

    One of the ideas I have been trying to convey for quite a long time is that people need to invest in understanding how things work, rather than installing software that is supposedly supposed to substitute their thinking. Because such software does not exist.

    When you ask firewall x or firewall y, you miss the real question. What is firewall? How it works? What does it do? What functionality differences are there between product a and b and how they reflect or impact my knowledge, habits, hardware, software etc.

    When I suggested you ditch certain products, it is because I have tested them and found them cumbersome, not beautiful enough, too many questions etc. You will get these kinds of answers when you ask such questions. There is NO consensus on the ultimate program in any field. Everyone has their share of killer apps.

    So when you ask such a question, you miss the real point. Why do you think you need something? Why do you think you can get infected? What do you fear? How do you think you can handle such a problem?

    Approach that as a research of a medical condition. And then, you will draw your conclusions regarding your needs.

    And then, you can ask:

    I need a firewall that uses less than 5MB memory, I need HIPS because I must control registry, I need anti-virus that updates every 6 hours etc., then you will be able to narrow down to what is really suitable for you - plus the reality test on your own hardware, on your own terms.

    BTW, both my parents are doctors.

    Cheers,
    Mrk
     
  14. mallen1

    mallen1 Registered Member

    Joined:
    Aug 30, 2006
    Posts:
    41
    Mrkvonic, thanks for getting back to me. I had misunderstood you and felt lousy. I feel much better knowing where you are coming from as you are right.

    Thanks as well for the added insights. I misjudged you, sized you up all wrong. I hate ill-will and greatly prefer civility. Thanks.

    Take Care,
    -Mark
     
  15. mallen1

    mallen1 Registered Member

    Joined:
    Aug 30, 2006
    Posts:
    41
    An extension to my original question. I have Windows Task Manager open and am looking at my real-time Performance with my security apps running. Which parameters, or perhaps ratio of parameters should I focus on in search of a threshold (for lack of a better term) that indicates to me my CPU/RAM is taking an excessive hit?

    I'm a scientist. Give it to me in numbers, percentages and statistics. I love statistics.

    Thanks,
    -Mark
     
  16. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    Hello mallen,
    to start with i would get process explorer from the link below
    http://www.microsoft.com/technet/sysinternals/utilities/ProcessExplorer.mspx
    its a tool like task manager but better.
    its a a non install program.
    just double click the .exe file and it will lanch.
    once you open it i would go to view,coloums,process memory then put a tick in both working set size and peak working set size.
    the easy way of working out what is using the most cpu it to open process explorer then do what you normaly do on the computer.
    then you can open process explorer and look at the cpu history coloum.
    all black means a process hasnt used much cpu recently.
    and all green means it has used alot recently.
    hope this helps.
    lodore
     
  17. ccsito

    ccsito Registered Member

    Joined:
    Jul 27, 2006
    Posts:
    1,579
    Location:
    Nation's Capital
    There are a few utilities that will display the real time memory usage of your running programs (such as the previously mentioned Process Explorer).
    It should list things like CPU and memory overhead. It can be used as a basis of comparison of how much a particular program is taking up memory. The definition of being "excessive" can be a subjective one. The total memory used by a group of programs might not make a perceptible difference with other programs that use a much smaller amount. If your hardware setup has a large amount of space included, then having "too many" or "too few" programs may not be noticable at all. I think when you have limited RAM and a slower CPU, then factors like CPU and RAM usage become more significant. Nobody wants to have overlapping program functionality or to "load the system to the teeth" if they can help it. If your main access is to medical websites, that I would think that an antivirus, firewall, and antispyware (on demand) should be sufficient. Many people say it is better to be proactive and stop all attacks when you come upon them. While I agree with that, I also think that a backup or mirror of your system offers a better "complete" protection "as a last resort".
     
  18. mallen1

    mallen1 Registered Member

    Joined:
    Aug 30, 2006
    Posts:
    41
    Thanks, I just installed it. In case you were worndering why it took me 3 weeks to say thanks, I just discovered that my ISP was blocking all my email notifications. Not, my spam, mind you - just the email I depend on.

    Thanks,
    -P220ST
     
  19. eniqmah

    eniqmah Registered Member

    Joined:
    Jul 7, 2006
    Posts:
    391
    Hi again,
    Love your rig btw. Them c2d puppies are such a godsend. You don't really need to worry about overloading THAT system; I doubt you can really overload it. If you can, well I'm sure you know how to make it work a little harder.
    Regarding Webroot, I have used their software faithfully for about 3 years, but never as a real time protector until my recent hardware upgrade just because it does not run very light. SAS Pro, on the contrary, is quick, light, and vicious. I run SASPro on start up just to be a little more "secure".
    Regarding the delicate little balance, I hardly think you will find something that really clamps things down for you and at the same time, does not tax you to death. It is my opinion that you can, given your stated "safe" surfing habits and the strength of your hardware, get away with running whatever you want without much of a hiccup. Instead of pointing you to something that is the be-all end-all, I might ask you to consider the following things:
    1. Update and harden your OS
    2. Secure your hardware firewall
    3. Install a soft FW. - If you want Most Secure-I believe Comodo will do the job. If you want the lightest-I only know about the one I use -Mcafee's desktop FW 8.5 a whopping 12MB RAM-passed all port probes-failed a few leaktests.
    4. Use some sort of a HIPS-Why? Cause its about time some one teaches the user what the hell is running around on his/her system. But more than that, it will give you the illusion of being more secure. - System Safety Monitor Free Ed - Another 9MB RAM

    5. Realtime Antispyware ?---Sure why not. SASPro- I haven't really monitored this app's update history, but it has made a few pretty pop ups telling me I'm doing something bad. So, again, reinforce your illusion with this one.
    6. Oh, AV- At this point, you really probably, most likely don't need an AV. But just to feel a little bit more secure, Nod32. So light, so fast, so pretty; I mean, have you seen the girl on the add for Nod32?
    7. So, if you're still not feeling secure, back up the system. Test it a few times and mess it up bad to see what it can survive, then stick with what works for you. - I hate Acronis' software and the headaches that it has given me in the beginning, but once I tamed it, it's been flawless....I equate this process to my marriage. And I'm happily married. Ergo, this is a proven successful process.
    8. If STILL you don't like what you got, try Deep Freeze. Deep Freeze, my friend, is like having a free pass to a guilt free affair.
    9. If you STILL don't ,..oh whatever...just disconnect from the internet and don't surf pron.

    Right, so lets get back to your post. I would keep the Spy-weeper for on demand. In fact, you could also use AVG's free AS app as well. But again, on demand. By on-demand, I mean: install it, then kill all the services until you want to use the app to scan.
    I would reconsider your usage of Outlook and consequently the need for an anti-spam. Mark, meet Google. But if you must, your rig can handle it.

    For the rest of your suggested set up-again, looks fine.
    Ok that wraps up my rant. Sorry for my smartass sarcasm. I wasn't born that way, my wife made me.
    PS: Firefox, Noscript, AdblockPlus, CookieSafe
     
  20. mallen1

    mallen1 Registered Member

    Joined:
    Aug 30, 2006
    Posts:
    41
    Cracks me up. When your in med school you're taught that during the initial patient encounter to ask about the patient's drinking habits. Whatever they say, you are tought to triple it in your head. "Oh, a couple beers after work" - think nightly 6-pack.

    Hey no harm no foul. My wife who I love beyond words can be a raving bitch at times and I blame her for all my personality faults which are manifold.

    Take care,
    P220ST
     
  21. Rico

    Rico Registered Member

    Joined:
    Aug 19, 2004
    Posts:
    1,694
    Location:
    Texas
    Hi Mark,

    I run Prevx, Comodo FW, NOD32, & RegSeeker, have yet to be infected.

    I also count on passive defenses to keep the realtime apps from doing anything. I'm a big fan of MVP's hosts, Spywareblaster, IE-SpyAd. Also I like SeconfigXP, & SiteAdvisor for those wild crazy searches, also along the lines of SiteAdvisor, but much more powerful is LinkScanner. LinkScanner scans web sights 'real time' & renders its verdict, & blocks malware before it gets on the machine, keeping Prevx & NOD napping. I'm a fairly safe surfer, except for those crazy searches. So this works well for me.

    Take Care
    Rico
     
  22. kennyboy

    kennyboy Registered Member

    Joined:
    Oct 4, 2006
    Posts:
    404
    Nice to always see such friendly and genuinly helpful replies in this forum.

    @ Mallen1. For my own part, I don't think you can go wrong with Nod32 and SAS. I also have found Comodo F/W very reliable. Think these form the basis for many good security setups. HTH.

    Ken
     
  23. mallen1

    mallen1 Registered Member

    Joined:
    Aug 30, 2006
    Posts:
    41
    kennyboy-good point. I guess I'll keep doin' what I'm doin' but get a more tough-guy F/W than Windows Firewall which I've turned on. Comodo or Outpost. I'll toss a coin. the way I surf, it likely don't matter much: I just want one that is stable, compatable w/ the rest and doesn't bug the heck out of me every time I click my mouse. I know it's learning, but it drives me nuts to get command:response prompts every three minutes when I'm working. Breaks my train of thought An MD, I do research which does require long-term, uninterrupted concentration Despite what you'd think should you ever try to hold a conversation with an MD researcher, they are thinking up there somewhere. Avoid talking with them at all cost.

    Thanks guys and gals.

    -Mark

    24/7 CURRENTLY
    SAS
    Prevx2
    NOD32
    Ella
    Windows F/W
     
  24. eniqmah

    eniqmah Registered Member

    Joined:
    Jul 7, 2006
    Posts:
    391
    If I may, the annoyances are usually just in the beginning period of training the applications. That's the price you have to pay to know what is lurking around in your comp. As for the searching, here are a few time saver extensions for firefox. Well, I'll just load a screen shot of all my extensions instead of typing them out. The extensions relevant to safe and convenient searching are highlighted in green.
     

    Attached Files:

    • y.jpg
      y.jpg
      File size:
      286.5 KB
      Views:
      5
  25. mallen1

    mallen1 Registered Member

    Joined:
    Aug 30, 2006
    Posts:
    41
    Of course you may, we are civilized here, polite and . .:eek: Oh f*c*, s**t on a stick - Kenny's dead!!

    Oh, well. Can I ask, is there anything about firefox that you dislike, or to put it anotherway, anything you miss from Interntet Explorer (if you ever used it)? I still have IE7, have used it forever (since Netscape was the more popular choice before Microsoft thought to violate the Sherman Anti-Trust act just for kicks.

    I can change, I'm just not very good at it.

    Speaking of which, I misspoke (mistyped?) earlier: I use Outlook Express, not Outlook for my email because I could teach my wife how to use it and she didn't yell at me so much (motivation for 94.6% of my actions). Now I'm used to it and it's simple. What are its faults/flaws from your perspective?

    Take Care,
    -Mark

    -Mark
     
    Last edited: Jun 27, 2007
Loading...
Thread Status:
Not open for further replies.