Slashdot Mirror
Ask Slashdot: Light-Footprint Antivirus For Windows XP?
New submitter Bauermlb writes "I service computers for retired folks in my community, often older machines with modest speed (2 GHz Centron) and modest memory (512 MB). Adding AVAST to one of these machines slows it to a crawl. Any recommendations for a light-duty antivirus program with a low overhead? (These people do not tend to surf 'dirty' sites.)"
http://www.clamwin.com/content/view/18/46/
That's what they tell you, eh?
Liberty in your lifetime
Ad networks/common popular websites have been compromised repeatedly in the past and will be compromised repeatedly in the future. All sites could be considered "dirty sites".
There is no such thing as a safe website. These days any site can wind up hosting malware via banner ads that inject code.
AVG is relatively lightweight but I would suggest you test it and others on some of your target hardware.
I've seen way better performance with it than with McAfee, Avast, etc.
Detection benchmarks typically put it on par with the other free solutions, though it changes from month to month.
Do they *really* need Windows? Or would a lightweight distro with a windows-like interface do the job? Just asking :)
and change the browser to chrome - or better yet to opera or something more exotic than that.. and uninstall flash and java.
Seems a reasonable bet... http://www.pcpro.co.uk/reviews/software/379933/avira-free-antivirus-13
Do a good deed today. Uninstall an XP.
I have installed Microsoft Security Essentials. It's something but a lot of the software out there is just bloated and slow. I know it's not what you asked but a Linux live CD would be a better option if they don't need to save anything locally.
MSE was OK when I last tried it, but it made a footprint on a 1.8ghz single core proc machine. Of course anything will make a footprint on a low-enough-end machine. Previously I had used AVG which was also OK but the networking features tended to break Source engine games even if they were off (you had to deselect them entirely at AVG install time). Anyways not sure if the LATEST version of MSE supports XP still or not. You might be able to grab an older version that still does though.
Microsoft Security Essentials It's pretty heavy to install on a limited machine, but once you get it going you don't notice the performance hit and it's as good as any out there. Before MSE came along I recommended F-Prot. It is a subscription, but nothing I found could touch it on an old slow machine for low overhead AND effectiveness.
MS Security Essentials, backed up with on-demand Malwarebytes Antimalware. I geek for a living and that's what I use at home and recommend to clients for home use. No AV program is 100%, but I've always gotten good results from it, the price is right and it doesn't bog down an old machine. Good stuff, IMO. .High*Ping*Drifter.
"The computer tech-support business is a cruel and shallow money trench, a long plastic hallway where thieves and pimps run free, and good technicians die like dogs for reasons that are never made clear. There is also a negative side." (with apologies to Hunter S. Thompson)
I've been using it for the last 3 years on XP and now 7, very lightweight. No virus or adware problem (for now). From time to time I also scan my computer with adaware and spybot.
Try it! Library of Babel
Windows 7 not only be more secure, but run faster on the same hardware.
Then install the Microsoft Security Essentials and turn on updates.
Yeah, there is a good one out there that can handle all their facebook stalking needs. http://www.ubuntu.com/
Not that I'm promoting it as effective virus protection, but MSE has a light effect on my Windows partition. Seldom using Windows, but I surf on it ocassionally. Don't know if MS will continue to support it after XP dies, but looking at my parents computer and the 4 websites they visit, I really wonder how robust an anti-virus program someone who is elderly actually needs. Good experiment for somebody: use XP with NO virus protection for a month, visit the same websites these people visit, use a modern web browser (not IE 8), and see at the end of that period if you are actually infected.
Microsoft Security Essentials - http://windows.microsoft.com/en-us/windows/security-essentials-download - is free, quite light and actually good enough.
It's not so much a memory issue as it is the nature of the beast. Active scanning hogs hard disk performance. I would ask these people if they might want to get a Chromebook or similar. The aging hardware might soon go to PC heaven so they will need to replace the system anyway.
"Let us raise a standard to which the wise and honest can repair" - George Washington
Microsoft is killing updates for XP in a little under 9 months. Get them onto linux or a new PC or it may not matter how good of an antivirus you put on there after that.
Personally I'd rather have my idiots at home glued to the TV than out doing idiotic things
Yes, I know... it failed certification. But often what is used in certification is proof-of-concept or old and very rare samples that may not be "in the wild". It deliberately doesn't detect them to have a lighter footprint and be easier on resources. I use it on 1 GHz machines with 512MB of RAM with no noticeable slowdown. It doesn't miss the stuff that you're actually going to be at risk of getting infected with, in my experience.
You didn't state the OS you were asking about, but IIRC Avast is Windows-only. MSE may fit your requirements.
-- Insert witty one-liner here. --
Install Microsoft Security Essentials. It's super light weight, works really well, blindingly easy to use, automatically updates w/Window updates and generally a very night quality program. As much as I hate to admit, makes me slightly vomit in my mouth, I have to give credit to M$ for making a really excellent program. We install it on all the machines we service and everyone really likes it and are satisfied with it. I also use it on my gaming machine.
Microsoft Security Essentials is my goto anti-virus but it won't protect from the web as much as something like NoScript will.
Sempron, Celeron?
And if you have only 512 MB of RAM, you don't have an older machine-- you have an OLD machine!
Gamingmuseum.com: Give your 3D accelerator a rest.
#1: WTF is a Centron? Is it a low-end version of a Decepticon or something?
#2: Computers that old should be taken out behind the chemical shed and shot.
"But, but, they're still good!"
Nope, sorry, wrong. You're just gonna have to accept that. These things are connected to the Internet, which is vastly different now than it was when the machine was built. It's now obsolete and useless, and needs to be replaced.
'Celeron', surely?
No reason to go for anything other than MSE, IMO.
Avast isn't heavy on CPU usage. It relies on fast HDD access. All antiviruses do and if it seems like they don't, they're simply not scanning as much as they should. Avast is the king resource usage vs detection rate so you should still use it.
Oh and to the couple morons above me recommending MSSE, you're completely out of touch with reality. It is the dead last worst rated antivirus in the entire world and a resource disaster. It's the last efficient scanner I've ever seen in my entire life and the disk IO is absurd.
Considering how old WinXP is and considering how well researched its many holes are, you would be better off with almost any other modern alternative.
Securing/protecting WinXP will give you nothing but grief, pain, frustration and a bill.
You will do more for retired folk if you get them on a modern OS than if you try to run some free AV solution on a half baked OS.
If these are many elderly/retired people they can pool together you might want to contact you local software provider for a bulk license. Or better yet, just install Ubuntu.
If it has to be Windows - Win 7 works well on older hardware. Change is also healthy for the mind and will help them when they have to use other hardware that is becoming increasingly computerized.
A 'singular oddity' is an event that cannot be explained and only happens when you are alone.
A "2 GHz Centron" huh? They glued a sempron to a celeron? Someone dumb enough to write that certainly is dumb enough to overestimate the impact Avast has on a system. And 512 MB of memory? That's not enough to run anything.
How about naming your celeron correctly, adding 512MB of DDR1 for about $4, and dropping in a socket 478 Pentium 2.8Ghz for about $9. That costs less than an antivirus license. Then keep Avast, since it's the best speed vs detection.
In my experience it is so much easier to avoid the whole problem of Windows malware, simply by installing Linux. I tell my friends that I don't do Windows. They then assume I use a Mac - I use a Mac too, so that isn't wrong. When I tell them that I can install something on their computer that will make it work almost exactly the same as a Mac, then they actually get interested and once they have Linux with XFCE running, they never look back.
Excuse me, but please get off my Pennisetum Clandestinum, eh!
John McAfee himself strongly recomends it, says it's like having a Bangkok prostitute do your taxes while you fuck your accountant:
http://www.theregister.co.uk/2013/06/21/quotw_ending_june_21/
"I want an elephant the size of a mouse, please"
Antivirus software sniffs the butt of ever filesystem write operation, as well as sniffing the but of every executable image load, as well as every browser plugin load; it also scans the contents of inbound network data, since it could have a known payload using an unknown zero day in the program requesting the data from the Internet.
Most of the code could be made significantly less overhead, but we are talking reducing it from elephant sized to water buffalo sized, rather than reducing it to mouse size. For example, if instead of checking the whole file when every write occurs, it could prevent the file being opened again until a scan-on-close occurred. Both Outlook and IE would hate that, and any browser that didn't operate "stage then interpret" would still have to be byte-stream interposed. As another example, it could decide to not react to every FS event; MacOS has this capability, since it integrates a mandator access controls (MAC) capability, but many OSs do not. And even on MacOS, most AV vendors don't take advantage of this, since it messes with their ability to use the same event streaming model as on their other platforms.
So: no such animal exists, if you want it to also be effective.
Seriously. It's amazing. I'm using it on a PIII 1.0 ghz 512 PC133 box that I use as a server. It impressed me so much that I switched from AVG (which was slowing down my Core i5 box) and now don't even notice a scan.
I cannot recommend Bitdefender enough.
Windows has detected an undetectable error.
Antiviruses are snakeoil tech. Last time I used one was over 10 years ago.
1gb memory stick for that computer is $12 on amazon. XP on 1.5 gb will run avast or mse just fine.
I would also like to vouch for AVG being lightweight. I run it on all my machines, including a 7-year-old XP box.
"Once we've identified and embraced our sickness, we'll have strength...and that's when we get dangerous." - John Waters
Maybe and just for some people, a lightweight Linux distribution might work.
I moved grandmother from Outlook/Word on a 486 to Gmail and Docs on a 2ghz athlon and she adapted fine. She is 92.
That's what the vendor tells you to. Why aren't you listening?
Money? Are you even allowed to use those old XP installs, anyway? What's the licence say? You could very well be in for a nice BSA raid, citizen.
The easy solution is to provide something that does what expected without the drawbacks. So what is expected? A bit of email, a bit of browsing, maybe a letter or two to the (grand)kids. So provide that, and do so without windows.
Note how I didn't say "use linux"; any other solution that isn't as horribly vulnerable as windows will do. You could be using haiku for all I care.
It's the services that count, and since you're using old hardware presumably you'd be using open source applications anyway--that, or you'll be in for another BSA raid. Do you really want your oldsters to run that risk?
Since you're supporting them, and if you do it right they probably won't notice just what you're giving them anyway, you're free to forego windows and thus forego all the virus and malware headaches.
Because, they may not be surfing pr0n sites, they will sure as fsck exchange the silliest things among themselves, and so one infection will get to most of the others.
Such an alternative solution can work pretty well, for example this outfit (site in Dutch, but you can read the links to s/w they're using) gives people a "simple pc" that pretty much is an appliance for the basic functions, complete with touchscreen menu GUI and nice and large icons and things for the elderly.
This got rolled out complete with helpdesk and user training, and was apparently succesful enough to end up being bought by the former state telco.
So change the question: Don't ask "how do I keep this horribly broken system afloat on underpowered hardware?", but ask "how do I provide what the people want me to provide, without the headaches to the standard bonehead solution?"
Keep backup images handy and re-blast them if something is fubar.
Invest in a Router with content filtering and botnet connection monitoring.
The machines are too old to support clever software and probably would croak if given a hard scrubbing with Bon Ami AntiVirus.
A smart router with a good reputation "subscription" to one of the sender databases like SenderBase, Ironport or one of the WebSense type products would serve you best. These days though you have to assume you've some infected unruly mechanial kids in the mix.. so make sure you also have a router "botnet" connection detector.. it basically shuts off Internet connections to sites with a known history of botnet traffic and notifies you of the IP or MAC address of the local machine that went to the Red Light district.
It would also help when they get gifts or mobile devices connecting.. you don't have to install anything.
Badware these days tends to "behave" itself like the random Poltergeist.. if you cut off its lifeline to the Internet.. no use in sticking its head up if it might get chopped off. So squelch it at the router.. even a decent gaming router has many of the basic features you need.. so it doesn't have to be expensive.
Just remember your maintaining an "environment" not the "patients"
Triage.. not major Open Heart Surgey.. should be the order of the day.
Free (as in beer) and hassle free.
Microsoft Security Essentials... not the best one, but quite free and well integrated
...is worth a pound of cure. Install Firefox, AdblockPlus, maybe even NoScript if you wanna be hardcore, and 99% of malware is blocked in its tracks. Block the ability to download executable files and you'll be very close to 100%. No grandpa, you don't really need to install videoplayer.exe to see that porn clip.
I've not had any performance problems with MSE. Seems to do the job, is quiet about it and is free. I've moved the various family members I provide tech support for to it. http://windows.microsoft.com/en-us/windows/security-essentials-download
At one time, long ago, it was most often the sites themselves which were hacked, hijacked and made to serve up malware. But lately, the methods have become more sophisicated. Ad servers are more often targeted and those servers are accessed by requests delivered by a wide range of sites out there. The thing about his is that the original site which might be blamed for the malware, would be uncompromised. The ad servers seem to take a lot longer to detect such compromise.
If someone is interested in setting up a secure station for email and web, I would recommend a nice Linux distro. This is not for the reasons believed -- that Linux is invulnerable. It's not. But when a site sends a "setup.exe" the user is less likely to unwittingly run the code successfully.
It is possible to edit the Windows registry and block .exe , .bat, .reg, .com files. That would effectively make the computer immune to viruses. (Excluding zero day attacks and assuming the computer is not already penetrated). This can easily be achieved by simple registry modifications.
The trick is adding an exclusion list to allow some programs to run (the web browser, for example). This is achieved by telling the registry to run a checker program whenever an EXE is clicked. Basically, whenever an EXE is clicked, the checker program runs and the path of that EXE is sent as a parameter. The program has an exclusion list, if the EXE is white listed, it is executed, otherwise it is blocked. Such a checker program can be an extremely simple C program. Personally I programmed the checker like this: "If the parameter begins with c:\program files\, allow the EXE to run". This works great, all legitimate programs are in that folder, and all downloaded viruses are somewhere else (Usually the desktop / documents / downloads folder).
I think it will still work under XP. After the initial scan it should be pretty light on local resources.
None. Just don't use Outlook and IE. And teach the users not to click on anything they don't know. Works much better than antivirus programs which are viruses in themselves. They make your computer feverish and sluggish...
-- Cheers!
www.cloudantivirus.com
Light, no annoying popups, messages or sounds, i only remember he is there when i manually scan a file.
MSE is similar.
Use a Ramdisk operating system such as Puppy Linux. Firstly, it would greatly improve those old machines' performance. Secondly, Linux viruses are extremely rare. And thirdly, even if a virus somehow reaches the system, it will be cleaned upon reboot.
The learning curve would be extremely, especially if you install familiar software. (If they were used to Chrome on their old PC, install the Chromium browser).
Install Linux
Sent as ripples into the electromagnetic field. No single photon has been harmed in the process.
Maximum PC recently pushed out a article about 2013 antivirus, discussing system performance impact (but not providing any hard numbers). Could be useful.
http://www.maximumpc.com/article/features/best_antivirus_2013
I haven't really cared in a long enough period for my info to be completely out of date, but ESET's NOD32 product used to be the go-to solution for a lightweight, small-footprint AV scanner for Windows.
ditch it for Linux. So much of what we do on PCs now is through a browser, they won't really be able to tell a difference. Ubuntu is extremely easy to learn and does not need a powerhouse to run. Installation is a breeze and updates are as easy as on Windows.
The thing is, modern antivirus will not be satisfactory on single-core (single-thread) CPU, especially not Celerons, which are so low on on-die cache. First-generation Turion 2.0GHz is somehow still tolerable (if you are a buddhist), but early gen. (NW) Pentium-4 2.8GHz just sucks. Dual cores work wonders, except in case of Atom CPUs, where apparently nothing helps.
One must also forget about 512MB of RAM, which is often only 448MB, due to the effect of integrated VGA chips. Don't install Windows antivirus with on-access scan functionality under 768MB RAM and even then you will need patient. Practical minimum should be 1GB for WinXP or 1,5, rather 2GB for Win7 32-bit.
A big problem can be the regular (up to 4x workdaily) automatic updating of malware finger databases. Many AV vendors push these as delta-differentials, that kind of have to be recompiled with the already delivered database. When the database is 180-195 MB large, this can take almost all CPU for 3-4 minutes. Some AV vendors now have such memory problems that virus fingerprint databases loaded into do not even contain malware names. When a nasty object is found, the corresponding label (e.g. Trojan-Spy/YourMoneyGone.xyz) has to be read from disk, which can take suprisingly long.
All in all, a PC with a 2Gz Celeron CPU and 512MB RAM is no longer up to scrath to run Windows XP in a network-connected scenario. Please do not endanger other netizens by publishing such obsolete computers on the public net! I think they should be recycled the hard(ware) way.
Seriously. It's amazing. I'm using it on an 80386. I don't even notice it's there! /bin/true enough.
I cannot recommend
(Oblig. XKCD.)
This story's been up for an hour and nobody's posted the standard comeback "dude... Windows XP *is* a virus!"
I have setup a number of machines, both young and old, for retirees and in my experience they have been quite comfortable migrating from their clunky old Windows environments to whichever version of the Ubuntu Live CD I happen to have demoed (and subsequently installed)
the single most frequent feedback I hear from them is an appreciation for not having to bother with ANY antivirus software...
Very fast, very high testing marks. Not free but you get what you pay for - it is worth it.
www.blueapples.org
http://knopper.net/knoppix/knoppix701-en.html
Join the Slashcott! Feb 10 thru Feb 17!
so many people love to bash norton and/or symantic, but those people clearly have NOT used norton antivirus since prior to 2009.
since that revamp in 2009, norton antivirus is the lightest-weight, smoothest running antivirus on older, slower windows computers. period. yes, norton. not microsoft mce, not avast, certainly not avg, bit defender, kaspkersky, eset, or any others. norton.
download and try it.. i dare you to honestly, truly find an antivirus for an older windows computer that runs better... you wont. sorry to disappoint you norton haters. there isn't one.
http://us.norton.com/support/redirects/redirect.jsp?type=latestnav
in addition to this.. firefox + adblock with easylist, easylist privacy, and malware domains subscriptions. a must on any internet-connected pc.
Despite your specific question, I will instead tell you you're wrong (AVAST won't slow down your computer, even if you already saw it doing so), suggest upgrading your hardware (if you really are serving the community, you should foot the bill for computer upgrades), tell you to switch to Linux (anyone who still uses Windows should be shot; if they can't learn a new distro, they don't deserve to be using a computer), or simply criticize other people's suggestions and comments without adding anything and changing the topic.
Sincerely, /. commenter
every
P.S. I would offer a suggestion of a good antivirus, but the score on my post would drop faster than if I just said "linux sucks, Windows ME 4ever!"
I recommend Eset nod 32 for exactly this reason. They wrote portions of the program in assembler in order to be lighter.
Not antivirus...
Open DNS with moderate filtering will keep them from dirty sites
Firefox with NoScript should stop the injected script
Linux LiveCD.
No Antivirus, no configuration, no breaking of stuff, no installing updates, no nothing. Just turn it on and tell them to double-click "Firefox". Take the money you would have spent on AV licenses (It's a company, so you don't qualify for "free for home use" ones like Avast, AVG etc) and buy a stack of 1GB DDR1 memory for your systems and put it in instead of / as well as the memory already installed.
Finally had enough. Come see us over at https://soylentnews.org/
Putting any kind of antivirus on requires CONSTANT maintenance... and is not reliable even then.
Use something else that is relatively immune.
Any Linux distribution... Even BSD would be better than Windows.
Get rid of always-active scanning software. Just go naked. With Windows XP you will get infected either way, so why take the performance penalty before infection? Then just clean the machine every so many months, or when it gets bogged down enough to bother the user. In between cleanups, run as fast and free as possible without any background processes slowing down every single thing you do.
Option 1:
Pay $30-50/year for AV software
Suffer perfomance penalty of AV software
Risk AV software breaking network stack
Get infected
Pay to have pro clean up infections twice a year
Option 2:
Get infected
Pay to have pro clean up infections 2-3/year.
You are infinitely better off just trying to source some old memory chips from someone and upgrading the boxes. My parents had a perfectly good P4, but it ran like molasses, even after I disabled everything I could disable.
The problem is that modern problems are flat out memory hogs. Just running MS-Word and a web browser at the same time will suck up all the ram on the machine. You reach a point where you just have to say, "It's not worth my time struggling to make this work."
My company was sitting on a small stack of old DDR chips that were basically worthless, so they let me have a few, I upgraded my parents PC, and it started humming nicely again. I can handle multiple apps and antivirus without a problem now.
There is no such AV that will do the job.. The only protection you can use a is os image lock down.
http://www.faronics.com/en-uk/products/deep-freeze/enterprise/
This resets the PC back to perfect on reboot.
Simple.
Ergo, no security updates for XP = AV not enough anyway.
If you must use Windows you should setup the computers to simply re-image themselves nightly into a clean state and forgo any anti-virus at all.
Can you give me some IP addresses of these XP machines you are doling out? I need to add some more XP zombies to my botnet.
Yes, seriously. It's lightweight, it's free, it's integrated into Windows Update so it's really easy to get updates, and best of all it doesn't continually hassle you and go LOOK AT ME! LOOK AT ME! the way most of the other antivirus apps do. It just sits in your icon bar and does its job.
It's not brilliant, security-wise --- it's merely adequate --- but if you want something that hides itself away and gets on with things with a minimum of user panic, it's definitely the way to go.
On every machine I've setup for a user, I will always use Cloud Antivirus from Panda which is both light, fast and has it's definitions in the cloud so no annoying huge daily updates to worry about: http://www.filehippo.com/download_cloud_antivirus/
NOD32, in part the code is run in assembly. Very lightweight.
Everything has an end of life, including computer hardware. It's time to put those creaky ancient machines out to pasture.
I do not fail; I succeed at finding out what does not work.
And with Wine you can run most basic native Windows Applications these days.
If we're talking sniffing butts, I would be happy if it were dog sized instead of elephant sized.
More music, fewer hits
I tell em that MS is dropping support after tax day next year for their beloved XP and the following tax-day, they'll be killing Windows Activation for all XP systems. In other words, you're now in the enviable position that your computer will not run after tax-day 2015.
What options do you have?
1) I can build you a new system for $(x) with Win7 on it
2) I can convert your current system to Linux
a) Keep in mind that your system is obsolete by most standards (You've got a 3 on the tree stick) and few people even know how to fix it anymore.
b) any new hardware you buy from Walmart & etc. will not work with XP (no drivers as support was dropped when Win7 was released) so you are going to have to upgrade at some point.
By explaining it to them, I'm finding that by sticking with a $300 budget, most of them can find the money for the new build (it may take a while). The first thing is to lock in the Motherboard and CPU to avoid issues and with the cost of ram being down yet, I generally get a 4GB stick of memory for it. The only area that gives me fits is moving their data from the old drive to the new one. Thankfully, I finally bought an IDE to USB bay for that reason.
One thing that tends to make folks happy is that I throw in a cheap flash drive (I buy in quantity anyhow) that's used by Windows for backup. Saves my ass when I need to wipe and reinstall due to virus/malware as all of their settings and such are stored on it. Boot from my install flash drive and reinstall takes me less then 20 minutes and then use the flash drive and restore from backup for all their settings and such - usually takes longer to reinstall all their software and Win Updates though I tend to keep the flash drive up to date with latest image from MS.
Mod me up/Mod me down: I wont frown as I've no crown
for when XP is EOLed and there's a mad scramble to switch to ReactOS.
I'm not trolling. Perhaps the best A/V for the clueless grandparent user is Linux.
A modern Linux with the LXDE window manager configured to look like/work like a Windows desktop using Firefox to web surf and access Gmail plus whatever the latest iteration of LibreOffice is for word processing has been a winner for me in similar circumstances. The biggest problem is when they have some obscure win32 app they are tethered to. In those cases, spend the only $$ you need to spend and use Crossover.
I usually try them out with a custom run-from-CD distro with the appropriate configurations and apps and do a regular install if they like it.
Most of them don't even know they aren't using Windows and receive in return fast, reliable performance free from most of the problems they have had before. The one or two that this is not a good solution for can be reverted to Windows. BONUS: your tech help burden is lessened and simplified.
"I believe in Karma. That means I can do bad things to people all day long and I assume they deserve it." : Dogbert
Forget virus protection.
Just boot from a LiveCD image on optical media. If that doesn't suit your hardware, just make it quick to re-image the local drive from a DVD or CD image. Best of all worlds would simply re-image the whole system on each boot. Instruct your users to that when there is any issues power cycle and wait for it to come back. You could PXE boot if you really wanted too and had another machine that you could lock away someplace.
Virus infections would happen, but would fix themselves on the next boot.
Their history will show otherwise.
Once serviced a PowerMac G4 that had sticky notes with URL's taped inside the case.
I've literally never had an active AV running, not a single virus, not a single worm, not a single anything since ever. Nothing stolen either since I hover those stupid skiddie lists.
Get sandboxing software (Sandboxie works well for me), run anything internet related inside them. Run once. Make backup image of all files. (I just put them in the root sandboxie folder under _backup)
Get a script to automatically erase the sandbox folder of whatever was running, then rewrite the backup image.
Bookmarks? You'd be lucky if they knew how to sneeze without breaking their back, they won't know about that crap.
But if you really want to keep bookmarks, Sandboxie in particular automatically detects certain files in locations. There is a settings tab for that where you can set automatic recovery from sandbox to the actual folder. So it can recover config files, bookmarks and whatever else.
Now delete any shortcuts to anything related to any Microsoft programs. Every single one of them. Install software or scripts to instantly terminate any of them if they start. Run that damn thing at realtime priority if need be. And get Chrum or Firefail since Internet Explorer is just one ride of pain compared to how bad both of them are.
Delete everything. Hell, never run Explorer, delete it. Run your own launcher script or program as the shell, which literally is just a launcher for Email (browser launches straight to email, keep this separate from the web browser!), Browser, Games (the preinstalled ones, and maybe some more you feel are pretty cool and offline), Paint and maybe a couple other things.
The above things can easily be done using something like Autohotkey, as well as the GUI creator for it to make the launcher.
Now get some advanced service software, turn EVERYTHING OFF. You'll never need file sharing, or printers, or anything like that.
All of these pretty god damn invisible services are all attack vectors thanks to Microsoft. And barely anyone knows they even exist, even people in things like software related industries.
Harden-It and Secure-It can lock down a considerable amount of XP. Both free too.
Now buy a decent router. (aka, anything not crappy Belkin)
Something that has a bunch of active security measures. Every one of them on. Automatic restarting and auto-connect without active computer preferred since I assume this will be always online connection and never touched until it needs repaired.
Blacklist websites in there, I mean really terrible and abusive ones. That includes abusive advertisers, such as almost everyone that uses Flash ads.
Ideally make your own router out of a netbook so you can secure the absolute hell out of every connection remotely before it even gets to a client computer.
Done, finished, no hacking, no viruses, no worms, no nothin'.
The only way they will even remotely get hacked to the externals of the sandbox is if they piss on some government or actual hacker, and that is unlikely to ever happen.
Or just put a WinXP-like Linux on it and skip all parts up to the router.
These tests evaluate the impact of anti-virus software on system performance, as programs running in background – such as real time protection antivirus software -
AV-comparatives performance chart
For more in depth see:
Performance-Test (AV) May 2013 PDF
NOD32 is very fast, its core is written in assembly. source from NOD32, see performance
The computer that made me spawn this post has not been running any virus checker for a number of years. No evidence of viruses when I checked it out. I left it running without one because AVAST brought it to its knees. The gentleman using this machine is tech savy (retired engineer, not EE), mid-to-late 70's, but not a computer power user. Mostly he uses it to check email (browser only), and write letters. My experience with users of that generation is that they get comfortable with what they have been using, but changing to MAC or LINUX would make them very uncomfortable, in spite of the fact that they use only a browser (usually IE) and a word processor.
Scissors to cut the cord, and glue to glue the USB ports and glue the CD-drives shut.
Oh wait, you wanted the computer to be more than a paperweight? Better hurry up, April 2014 is coming.
Seriously, some of the other answers are realistic, but only until Microsoft ends support.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
I dunno, dogs are carnivores and their shit really stinks. Elephants are herbivores, I'd imagine their dung smells no worse than horseshit looking at it's composition.
Never, ever ever run an anti-virus program continuously in the background. NEVER. EVER.
Configure the OS appropriately for the user. Put the browser (and other essentials) in a sandbox. Install a decent firewall (one that can block by default anything the user stupidly allows to sneak on the system). In other words LOCK THE SYSTEM DOWN.
Now, what about viruses and trojans. Simple- allow the Microsoft monthly anti-viral update to install, run, detect and remove the nasties. Or, once a month test and flush the system with one of the many free alternatives.
The companies that produce the dreadful, expensive, power-sucking always-on anti viral products are crooks. Their crap never finds the newest trojans in time. Their automatic updates often trash the OS, requiring a re-install. They work in league with Intel (and Intel now owns one of the biggest) to use so much CPU power that users have an 'incentive' to upgrade to the newest Intel CPU.
Here's a true story. The latest vector of attack is for Bitcoin mining software to be installed on the unsuspecting users machine. If the computer has the 'right' generation of GPU, the computer becomes a 24hour furnace, which even destroys many computers that were not built for continuous high-performance 'gaming'. Users report that the 'professional' anti-virus packages refuse to categorise the bitcoin mining trojan as a problem. What a surprise.
Again:
1) install a decent firewall (the best are free)
2) put things like the browser in a sandbox if the computer is to be used by 'idiots' (rude word, but it cuts to the chase).
3) periodically SCAN for viruses and trojans, but NEVER leave any anti-virus program running in the background
funtoo or gentoo
How many systems are you talking about? If it's not a lot, I would recommend to the proprietors that they just replace the whole lot of them with cheap ChromeOS systems ($250 each if you go for the current Samsungs). That way, you won't be worrying too much about virii, the old folks can still surf matlock.com and you come out looking like a genius.
I've ran Microsoft Security Essentials for years and I forget it's there. Can't say it's great but I use other methods to protect me, it's only a first response. In reality though I believe the best security is preventative. Post XP OS security is much better, however I'd recommend getting software to block known malware sites. I use Advanced System Care Free (which also is a good maintenance tool) and Spyware Blaster. Both will drop connections to known malware sites. You can also use something like noscript in Firefox to stop loading of JavaScript for select domains. I have it set to only load from the current domain by default. This stops a lot of 3rd party stuff but most sites work pretty well. The best security though is running your browsers in something like Sandboxie (which insulates software from the rest of the system). At one time I had a virus running in there for months unbeknown to me and I made the mistake of running the software out of the sandbox once and it crippled my system. The sandbox however worked tremendously. However, it can cause confusion when installing software accidentally through the sandbox.
If you reduce the accounts they use to "User" instead of "Administrator" they, and anything they click on, will not have permission to add entries to the registry or system folders. This reduces the effect of any virus down to an annoyance that can be quickly eliminated by an Internet Explorer reset or restore using System Restore Points. Install Clamwin, or another scanner that is not on demand, and schedule it to run scans regularly at a time when users are not likely to be using the computer. Going one further, make a hidden partition and use a disk imaging program like Acronis TrueImage, to make an image of the primary partition. The image can be used to restore the system quickly if all else fails.
Hello,
> computers for retired folks in my community
As a european, I do not know how to interpret this situation in a particular american context. However if this is a retirement home block or a gated community of the elderly and there is a network topology that can be centralized, than maybe it is best to demote the Windows XP computers to semi-dumb thin clients.
Try to buy or sponsor a server with muscular hardware, that would run Windows Terminal Services (maybe a non-profit charity licence is available for a little money). From then on, the former WinXP computers will not run anything locally, but connect via remote desktop to the server, where browser instances (webmail, web games, IM) and Office suite programs (word processor, spreadsheet, e-mail client, etc.) are available. The elderly users will enjoy the usual Windows desktops they know.
Provided that the local peripheral use (mostly USB key) ban can be enforced on the former Windows XP computers, it is theoretically enough to provide the Terminal Services Server with antivirus protection. Locally attached printers can remain in place and are supported. The antivirus and possible content filtering protection of mail/web traffic (which is now only flowing between the public web and the Terminal Services server) should be handled by a separate security appliance placed as front-end. (I do not think the Terminal Services server handling 30 or 50 remote desktop users could shoulder that extra load...)
What do you think about this? Collectivism may be house un-american, but it is often effective. Maybe this is a "Greyhound" like solution for the 1957 Chevys on the information superhighway problem?
My company does almost nothing but GNU/Linux and and for customers on older computers we find Linux Mint 13 Mate Edition works really well. It's based on Gnome 2 (but updated) and has a stable Ubuntu base with long term support.
There are easy work arounds if you find hardware doesn't work. Usually this is something like a wifi card or similar.
http://www.thinkpenguin.com/
They sell all sorts of hardware specifically for free software operating systems. And they go far beyond what anybody else does by ensuring mainline kernel support so everything works pretty much out of the box, plus it's actually 100% free software. They don't even ship parts that are dependent on non-free firmware. IE distributions like Debian, Trisquel, and even Parabola GNU/Linux. And there is no worry about support going by-by like on MS Windows because the drivers/firmware can be supported by free software developers (as opposed to being dependent on a company tha has discontined the product and refuses to provide updated drivers).
I agree, it's a great solution though you have to find an OS (linux based?) to act as the RDP thin client - with those USB, storage, printer features which aren't that trivial. You also need to pay some big $$ for the Server 2012 license, plus CAL, plus special remote use licenses which usually aren't even listed - but we can expect about $100 per thin client.
So it ain't cheap. And it's useful for a retirement establishment, not for retired people living in their own homes.
I have a couple of old netbooks which have slightly better specs than the ones you mentioned. Panda was the smallest CPU footprint AV I tried. It was still too big. Now, I run Malware-Bytes every couple of days, and rely on Chrome to catch the most obvious malware attempts in the websites I visit.
Really you have to let it go. You can spend days and weeks setting up antiviruses, wasting your time scanning disks, reinstalling Windows XP from scratch to get rid of infections etc. and by April all your work will have gone to waste.
It's hopeless. You may consider an upgrade to Windows 7 32bit for computer that have 1GB memory or more (that people will have to pay of their own pockets), maybe upgrading the memory is an option in some case, as well as a new HDD or even (better) an SSD. I'd say a old P4 based computer with 1.5GB ram and SSD makes a capable Windows 7 machine. But you might miss a SATA connector..
Instead, I think you should standardize on e.g. Linux Mint 13 Xfce. It's a LTS version, so supported till 2017 (based on Ubuntu 12.04). It's the lighter and easier to use, Windows 98/XP like variant though the discontinued LXDE edition was lighter.
There are slightly boring aspects, Duck Duck Go search by default in the browser rather than Google, and an outdated flash version. If you feel it's important, learn to change it and reproduce the changes in a few minutes after a new installation. Mint 15 Xfce is an option too but support will run out soon (stupid 9 month Ubuntu). Use it for brand new hardware, like a new rig with Ivy Bridge Celeron maybe?, or new printers/scanners.
Mint 13 is pretty nice and has about everything needed out of the box, you can add Google Earth to have something fun, impressive and useful.
Don't let them run as Administrator. That alone should cut down on infections.
In the long run, moving to Linux seems like a good idea.
Avast is lightweight... I am ruining it right now on 450mhz pentium 2 with 384mb of ram. Avast is the only free av that didn't slow this machine down.
---- GENERATION 26: The first time you see this, copy it into your sig on any forum and add 1 to the generation.
Just remember if you install some of those AV programs they will try and install a toolbar and crap when they ask to update themselves in the future. Do you want them to install new version of program or ask for help when it asks?
I think it was AVG that got dumped when i eventually missed unchecking the box once on a machine and got a new search provider and other stupid shit :/
MSE is not so hot but it doesn't play silly games either
Learn to do everything for yourself and you free yourself from dependency on people you may or may not be able to trust.
BTW, changing your engine timing is really easy.
ESET NOD32 is the way to go. Very lightweight (the scanning engine is written in assembly...) and frequently updated. Well worth the price of admission.
I run MS Security Essentials on an old 1.2Ghz Celeron with 512mb RAM used as a standard-def media pc. Granted it doesn't see internet usage but I've never really noticed the anti-virus making trouble.
stop fighting already. installed the biggest virus called linux and you're all set. it's even free. and you can make copies. you can even infect other computers with it over the network >: D
... if you know how malware works. Usually it stays FUD long enough to not be detected by any of the above mentioned anti-virus solutions. Anti-virus is a joke. Better give them linux. Install debian base with gnome-classic and they are set to go. Make a shortcut to a browser, install apache openoffice (and throw shortcuts on desktop)
They will notice the difference... It won't randomly lag like windows!
I know this is not the thing you originally asked, but I think you should consider whitelisting-software. You just set all programs which you need allowed and the rest of the programs are automatically denied. It is not antivirus and not firewall either, but it does the job which was your original problem.
Linux
The virus-makers realized that your computer has a value for them.
For example:
- stealing your credit cards
- spam forwarding
- DDOS attack
- filesharing
- bit-coin mining or passwords cracking
etc...
So the virus now don't try to destroy your computer, but they try to find the best value of it.
So I would recommend that you install a program to alert you when an unknown program is trying to send some data on the Internet.
Wikipedia lists a few options:
http://en.wikipedia.org/wiki/Category:Firewall_software
Personally, I use Comodo Personal Firewall version 5, since I don't like version 6.
If you really want an antivirus, you can disable the continuous scan, and only manually scan files that seem to connect somewhere.
I still run 3 Win2K machines, with 8 to 10 yrs old approximately, and for a few years I had a (free) Avira installed, until it stopped supporting Win2K and, more importantly, until the machines knelt down because of it. As time goes by, antivirus become fantastic CPU hogs.
:-).
:-), so I don't need AV heavy stuff ...
Don't blame me for still using an unsupported OS. I'm not an IT pro but I'm proud of never having had to reinstall any OS (the only scar I have from virus attacks is a crippled Excel which was "quarantined" many years ago -- but I can live without Excel
So a few years ago after trying a couple of free AVs, I found this reanimator thing -- http://greatis.com/security/reanimator.html -- and now it is what I use in all my PCs (even some newer ones with Win 7), helped by MS firewall and built-in security tools, and recommend it to family and friends. And it never let me down. But its not a real-time scanner/monitor: you can scan filesystem and memory for malware as with a regular AV, and I use it a lot to kill nasty startup processes that burn resources (Adobe and Java updaters, etc...). Reanimator's database and executable are updated very often. I don't even remember that it is there...
But, anyway, the most dangerous site I surf is Slashdot
Reanimator is not heavy and works either a "fire extinguisher" if you suspect you are infected or as a scan tool. In a couple of minutes I teach people how to use it (anyone without severe age damage can learn) and it is effective. However, I do not have experience in dealing with elder retired people.
Regarding switching to Linux, it's a bad day to talk to me about it: my usual server (not maintained by me), an old PC built with "pro" material, which since a f
Install $LightWeightDistro, configure Firefox, Thunderbird and Skype, enable auto login and that's all they'll ever need.
Don't give me some bullshit that it's too confusing for them. Clicking this obvious, labeled button does this obvious thing, there's nothing you can do to screw it up.
"AVG is relatively lightweight" - ummm. i'm not sure what planet you live on but that's utter nonsense. there just simply isn't a 'lightweight' virus scanner. I would consider AVG to be a virus. You can't close the program once it's running - it's always running. you can only 'temporarily disable it' for 15mins MAXIMUM. Also, it takes up loads of cpu time under certain conditions and throws up more false flags than the US government.
I just love how people reply here with made up wisdom and 'facts'... idiots.
It's that simple. Most anti-virus load is I/O load. CPU should be fine. There is no such thing as centron, but most AMD semprons and Intel celerons should do fine with virus scanning load. Spinning hard drive is the bottleneck, easily fixed by SSD.
Makes sense only if it has SATA 2 or SATA 3, though. That will be true for most laptops from last 10 years.
Get a $60 SSD (60 or 90GB), replace hard drive with it. Replace the optical drive with the freed up hard drive. Put the optical drive in a USB enclosure, in case it is needed, though unlikely.
Bingo Dictionary - Pragmatist, n. A myopic idealist.
Check out http://www.simplicitycomputers.co.uk/.
They make computers specifically designed for novice and more elderly users. You can either get full computer systems, or a USB "homekey" to boot other computers. It's based on Linux Mint, by the way.
(You don't mention whether you volunteer or get paid to service computers. If you get paid, avoid this approach as you might be out of a job! But if you volunteer, it should cut your maintenance workload.)
Andrew Yeomans
I'm running Comodo Internet Security on a AMD Sempron 1.75ghz chipped PC, admittedly with 2GB of DDR2 RAM. ... and it's free for personal use.
In fact I'm running it on every Windows PC in the house, including Windows 8 laptops!
It runs fine, I've never noticed any slowing
Don't blame me, it's usually 2 in the morning when I post
In my feline opinion:
Use a data-freezing solution, as DeepFreeze or Shadow Defender. There will be nothing slowing down those coffeemakers by monitoring the even slower I/O relative to a slow machine. If anything weird happens, it will be just gone at next reboot. If necesary, let some folder/s /partition/s unfrozen to let users to save their data.
If there's need to do banking online, go Linux, srsly.
Also you could consider to filter the network traffic through a dedicated Linux server prepared with one of those machines. With that server you can filter, define policies, scan network traffic for malware & even optimize bandwith usage by caching.
As far as light-weight AV, I am running with MSE only because the others bog computers down too badly to be of any use. As another poster said, why haven't you switched them to some kind of Linux that looks like Win XP but isn't? That deadline of 8 April 2014 will be here soon and having a computer running XP on the internet on 9 April 2014 is a horrible idea.
Agrisea Tsunami - Epyc Servers... https://agrisea.net/products
Possible Recommendation: F-Secure, Kaspersky, or Sophos. According to AV Comparatives' testing, reported 6 May 2013 ("Impact of Anti-Virus Software on System Performance", info cut-off date April 2013), these three AV solutions (running with their default settings) showed the least performance impact out of 23 AV solutions tested. Performance areas tested: file copying, archiving/unarchiving, encoding/transcoding, installing/uninstalling apps, launching apps, downloading files. AVC 3-star AV: 0.4% impact: F-Secure, Kaspersky, Sophos. 0.6% impact: ESET. 1.3% impact: Symantec, Avast. 2.4% impact: BitDefender. AVC 2-star AV: 6.1% impact: AVIRA. 6.3%: Panda. 7.1%: AVG. 7.4%: Emsisoft. 8.2%: Trend Micro. 8.7%: BullGuard. 9.7%: Vipre. AVC 1-star AV: 13.2%: G DATA. 14.4%: Fortinet, McAfee. 17.4%: Qihoo. 17.5%: eScan. AVC 0-star AV (marked as "Tested"): 25.6% impact on performance - Kingsoft. Specific Notes/Issues: your issues concern older 2 GHZ CPUs and 512 MB RAM running XP, while the AVC test platform has a Intel Core i5 with 4 GB RAM running Win 7. Recommend you max-out the RAM on those machines, if possible. With an older system, there's also the possibility (or probability) that AV vendors may no longer cover it.
One factor that slows the machine down is the constant "updates"...
While the engine looks for one, you are running in molasses.
While the machine updates itself with the files it found, you are running in molasses.
Sometimes, the engines locks up (for X reason) while doing it's routine and you are running in molasses again.
The simplest solution I found to free up resources on a machine that has little is taking the antivirus engine out of the local box and put it in the cloud... (Panda)
www.cloudantivirus.com
They update the engine and virus definitions at their end... So you don't have to allocate resources to it.
With all the Slashdotters in here, I'm sure I do not need to extrapolate on the subjrect any further.
(Do I see flames???)
Forget Win XP, erase it and install Lubuntu 12.04 LTS ,supported til 2017 No antivirus app necessary .....and runs better on low spec machines than WinXP.
The users will be delighted.
Win XP will no longer be supported as from 2014
I am in charge of.a lab of 20 older Dells at a senior center with similar specs. I ended up uninstalling the antivirus since they had steadystate on them. This means whatever the virus does gets undone when the machine restarts, and of course they use user accounts . The seniors haven't complained much, only that the machines take awhile to boot up, and to get around that I have many machines start up automatically at 8am. Yes it's not secure, but it works.
VIPRE while not free is lightweight, fast and has great protection.
Use this. It only filters your web traffic but for your scenario it should be good enough. There's no point in giving up that much performance for an infection once a year