Real-time Protection: security vs CPU utilization

Discussion in 'other anti-malware software' started by MarkW, Oct 28, 2008.

Thread Status:
Not open for further replies.
  1. MarkW

    MarkW Registered Member

    Joined:
    Dec 24, 2006
    Posts:
    48
    Regarding the plethora of available antimalware utilities, I have three interrelated questions regarding their real-time protection:

    1. which utility's real-time protection provides the most bulletproof security,
    2. which is utility's real-time protection is easiest on RAM and CPU utilization, and
    3. which strikes the best balance between protection and resource utilization?

    I realize that especially #3 is quite subjective, but that's what I want: your opinions.
     
  2. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,885
    Location:
    Canada
    this queation is hard to reply,but i for my own experience can say that i utilize and be very secure and be productive is H.I.P.S security:thumb:
     
  3. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    2,755
    Location:
    Europe
    HIPS, definitively.
     
  4. rolarocka

    rolarocka Guest

    It depends. An lightweight HIPS is secure if you know how to answer popups. Another way thats also lightweight is to use an virtualization program like Shadowdefender or Returnil. After a reboot every change made is gone but in the meantime you are not so secure.
     
  5. PROROOTECT

    PROROOTECT Registered Member

    Joined:
    May 5, 2008
    Posts:
    1,102
    Location:
    HERE ...Fort Lee, NJ
    Hello,

    I have Windows XP SP2.

    Use Memory:

    Antivir Personal: avgnt.exe 1044Kb + avguard.exe 1840 Kb + sched.exe 520 Kb,
    StartupMonitor: 192 Kb,
    SpywareBlaster: nothing,
    Seconfig XP: nothing.

    That's all for me. Better - no miracles!
     
  6. TVH

    TVH Registered Member

    Joined:
    Aug 9, 2007
    Posts:
    227
    My opinion: a classic HIPS (like EqSecure, Real-Time Defender) and a sandboxing software (like SandboxIE, possibly Defensewall) will provide very close to bulletproof protection and is very light on resources.
     
  7. emperordarius

    emperordarius Registered Member

    Joined:
    Apr 27, 2008
    Posts:
    1,218
    Location:
    Who cares
    A behaviour blocker like Mamutu and an anti-spyware like SUPERAntiSpyware or MalwareBytes Anti-Malware.
     
  8. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Both A2 Malware (on execution black list and IDS) and ThreatFire run very light on dual cores.
     
  9. catcherintherye

    catcherintherye Registered Member

    Joined:
    Oct 28, 2008
    Posts:
    13
    AppRanger should fulfill your requirement for 1, 2 and 3. They have CPU utilization watch built in that kind of shows at any point in time how much it is consuming compared to total system consumption. I find this feature rather accurate. For memory usage you would have to resort to task manager or something else. Give it a try.
     
  10. MarkW

    MarkW Registered Member

    Joined:
    Dec 24, 2006
    Posts:
    48
    Thanks for the replies.

    Re HIPS, I used to have Prevx on an old system and was quite happy with it. Although not traditional HIPS, it does rely on behavioral traits to flag and compare with its server signature base. Thoughts?

    How about realtime protection from a traditional antimalware (e.g. Malwarebytes, SAS). What are your opinions?
     
  11. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    0) What is your definition of malware? Does this hold? Malware=Virus and Trojans and phone home software?

    1) As you probably know, none are or ever will be 100% bullet proof, so todays "answer" will be different tomorrow. FWIW, I use paid versions of Nod32 and SAS with real time feature on and not conflicting. But I make no claims that these are THE most bulletproof. IMHO what you ask is not knowable.

    2) Again, I don't know, SAS is considerably lighter on CPU and RAM compared to Nod32 V2. But I purchased the PC to run programs and I want them to use resources to give me some security. Security is more important than resource usage.

    3) Probably a suite such as OA Free which has a HIPS based on a white list that will keep badies from executing, and the FW will help prevent them from arriving in the first place.

    I know I haven't answered the way you expected. ;)
     
  12. Swordfish_

    Swordfish_ Registered Member

    Joined:
    Aug 1, 2008
    Posts:
    63
    Well, it's a little bit difficult question, however, the same came to my mind just about a few days ago. I must admit here that I agree with Escalader - in the times of multi-core CPU's and the price of 1GB RAM I think the overall security benefit is actually more important that system resources usage, especially bearing in mind the fact that having two - or even more - real time protection programs doesn't actually mean that you will get some noticeable slowdowns etc.
    For example - at the moment my resident protection is as follows:Avira, CPF w Defense + enabled, Threatfire as well as BOClean, Returnil and SandboxIE all in the memory. After hitting CTRL-ALT-DEL and awakening Process Explorer I get most of the time: System Idle Process between 92-96%. Of course, all these programs do use system resources when in action, but on the other hand this is normal and somehow I am prepared for this.

    Of course, you have to strike a balance, which also means that you should steer clear from resource-hungry software that actually does nothing to protect you (some specific products of some specific companies come to my mind now), yet still eats a lot of resources. I don't know how about real-time protection of SAS and A2, but I've been using free versions of them (as well as Prevx and MBAM) and - I stress here that this is just my subjective opinion based on my subjective testing and every-day evaluations - both SAS, MBAM, A2 and Prevx are light enough on system resources (especially SAS) that could be used in a complementary way (say A/V + SAS or A/V + MBAM/A2 or similar).

    Bearing in mind the fact that this did was not a direct answer to you questions, I still hope that this will somehow help.

    Best regards,
    Swordfish
     
  13. MarkW

    MarkW Registered Member

    Joined:
    Dec 24, 2006
    Posts:
    48
    You folks have been quite helpful and I appreciate it. You are correct and I have a Q6600 quad core and 4GB of RAM so I shouldn't sweat it so much, but I still live in the mindset of emptying out the system tray, minimizing processes and running light background utilities. Old habits.

    After much research here's version one of my security:

    1. OA Firewall (paid)
    2. Malwarebytes (paid)
    3. NOD32 (paid) with w/ Blackspear's settings
    4. Prevx2 (paid)

    So far no conflicts and I don't notice them running. BTW, OA is $15 off until the end of today. It's funny - in the time it took me to download and install the security programs I picked up an (innocuous) piece of spyware.

    I just hate wasting resources. It kills me. I have a dual-boot for a DAW (digital audio workstation) and that boot is isolated from the Internet so that I can avoid running security in the background. I want every clock cycle and bit of memory I can get of I feel wasteful - like our grandmothers said: there are people starving in rural China (running Asus Eees).

    And thanks for the non-patronizing resposes. Things change a lot in two years and that's how long corporate has been handling my security. I've become incredibly ignorant in that interval of time.
     
    Last edited: Oct 30, 2008
  14. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Just a hint, to minimize the chance of conflict with your tools, have them all mutually exclude each other. I have 2 of your 4, OA and Nod32 so I know they allow users to set exclusions. It is possible to nullify security features in our layers of tools if they duplicate functions so exclusions help mitigate that issue. Your version 1 set up looks strong to my way of thinking! :cool::cool:
     
Loading...
Thread Status:
Not open for further replies.