Speeding up AMON/Risk assessment

I'm using happily NOD32 on my XP Pentium M@1.6Ghz notebook.

In the past I've used to complitely disable antivirus monitors, to speed up my PC and scan on demand suspect files. Till a few month a go, when I've discovered my PC had some trojans.

So I've changed my antivirus (was using a freeone) to NOD32, took a while to clean up my disk, even if booting in safe mode blablabla. I had to use Kaspersky rescue disk CD ROM to boot and clean the infamous trojans left out.

Then I've unistalled KAV, installed NOD32, indeed enabling AMON. Zone Alarm free also.

Now I'm back again to speeding up my PC and I was thinking about AMON: what if disableing 'read/execute' and leave 'write' option?

It should be enough protection or is it too risky?

What am I risking?

 

Sounds a little risky to me. I use nod32 on a laptop as well and i've found no noticeable performance increases by trying to tweak certain nod32 settings.

 

What risks?

 

It is too risky . You disable essential part of NOD32's overall protection and you risk of being infected . Since you had trojans (which are installed because as said "the client wanted them") it seems you are not a safe surfer .

What you risk ? You risk of being infected again , loose your data , no privacy and many other things

NOD32 is unique softwares which uses no more than 20 mb RAM of the whole RAM , one core for all the protection . With cimputer 1.6 Ghz you will notice no change with or without NOD .

You can read more about computer threats ,what are they and what could happen if not protected here

To sum-up I strongly recommend you don't touch the default settings and leave it work for you .

 

I didn't say I want to disable AMON. I've said I could customize AMON, leaving only the 'write' scan....

Doing so you should speed up 'reading' processes like application launch (thousands dlls and other files envolved, 14,000 since this morning boot), boot time, etc.

Nevrtheless I would retain the 'write' scan: it means that all data written on the hard disk is checked out. The only thing to be aware is execution of remote apps, like stuff on network drives.

I am a safe surfer! But I was relyng on a not-soo-good antivirurs! I always used to check suspect files, never allowed execution of script from the internet, blablabla....

 

It's a pretty high risk. Imagine that NOD32 wouldn't detect a particular threat, but it would with the next update. So in your scenario AMON wouldn't block the threat upon execution.

 

Humm..... :|

 

if AMON is slowing your down on your 1.6Ghz laptop, I'd look at other causes for the bottleneck - like the disk.

I run NOD32 with all modules enabled except EMON (no exchange mail used) on a 500Mhz laptop running win2k - it's a star... I really don't have any performance issues that I can attribute to the AV solution at all...

hth

Greg

 

Maybe it is enough to schedule a weekly scan (deep) of your PC. Doing so you would trap threats sooner or later. In this case you would only have one week risk.....

 

I would never do that as there is no noticeable impact on system performace with AMON running. Better to be fully protected.

 

My travelstar 7K100 @ 7200RPM definitely isn't the problem!

NOD is fast (and it's one of the main reasons I've decided to stick to it)
Nevertheless, it is perceivable the overhead of AMON, once enabled, on application launch and boot.

 

Your right, probably not your hardware, but some software you run that could be the issue of the slowness you state. NOD seldom has issues in terms of speed, with both AMON and IMON setup. At the end of the day though, it's your hardware, your choice, so do what you deem right for your setup, but when something goes wrong, don't blame NOD, you can be a safe surfer and still get hit with junk, that's the net now days.. But then again you may never have any other issues and still get that less then 1 percent speed advantage your looking for, that's a joke of course, good luck, and you made the right choice moving to NOD by the way,

 

Surely your IDE controllers are set up in the Windows Device Manager to use DMA transfer modes for your hard disks and other devices? I assume they are, but I thought I would ask, just in case....

 

You are effectively crippling the on-access scanner by disabling any of these.

You are risky your data

 

Guys, I didn't explain it properly!

My system was performing as a lightning since I was hit by trojans and do something.

Iv'e moved to NOD32 with AMON fully enabled and set up Zone Alarm.

Boot now is slower, and it propbabily depends on Zone Alarma and NOD doing the job.

Once booted up application launch seems slighlty slower..

Ok I'll setup a small benchmark playing with boot, application launch with ZoneAlarm and NOD32 enabled/disabled and post results!

 

if you worried about slow down ditch zone alarm that is what is making your boot time slow it is known for it. keep nod32 because it isn't slowing you down. you could try comodo firewall.

 

Yes ZoneAlarm probabily slows down boot, but not application launch...

 

could you uninstall it and try something else?

 

This sounds very much like a Winsock issue, seen it happen before with this combination, repairing Winsock and IMON should resolve this issue for you.

Cheers

 

Oh yes it does... It's called program monitoring (you know, those pop ups that tell you program X is trying to access the internet/local network/system services).

Leave NOD alone, it's not doing anything to slow your pc down. Remove it/change AMON settings if you want but then please dont come back here complaining that NOD has let nasties through.

 

...........

 

IMON is disabled on my pc... I'll check Winsock with the suggested utility

 

Back again on this topic. Today I've been working on our picture archive, moving pics around our server, creating thousands thumbnails, browsing.

As a result, browsing pics, even if using good ol'n'speedy ACDC 3.2, is noticeably slower.

What if configuring AMON to check on execute/write only? Skip read.

Still to risky? If so, why?

 

I guess that is less risky than the original method, since most viruses need to be executed in order to actually do anything. This option will still let you pass the virus along to somebody else (copy virus to the server, for example), but at least you will be somewhat protected.

Another option may be AMON --> Detection --> Extensions, if there is a certain extension you do not want NOD32 to scan (for example, tell it not to scan .jpg files).

By the way, so you notice the slowdown mainly with network files, or are local files on your hard drive just as slow?

 

This is a really bad idea since there is much malware with .jpg extension.