Ask Slashdot: Light-Footprint Antivirus For Windows XP? 294
New submitter Bauermlb writes "I service computers for retired folks in my community, often older machines with modest speed (2 GHz Centron) and modest memory (512 MB). Adding AVAST to one of these machines slows it to a crawl. Any recommendations for a light-duty antivirus program with a low overhead? (These people do not tend to surf 'dirty' sites.)"
all sites are dirty sites (Score:5, Insightful)
Ad networks/common popular websites have been compromised repeatedly in the past and will be compromised repeatedly in the future. All sites could be considered "dirty sites".
Obligatory Linux evangelism (Score:5, Insightful)
Microsoft Security Essentials (Score:5, Insightful)
I've been using it for the last 3 years on XP and now 7, very lightweight. No virus or adware problem (for now). From time to time I also scan my computer with adaware and spybot.
MSE (Score:4, Insightful)
They all seem to kill performance (Score:4, Insightful)
Microsoft Security Essentials (Score:4, Insightful)
Yes, I know... it failed certification. But often what is used in certification is proof-of-concept or old and very rare samples that may not be "in the wild". It deliberately doesn't detect them to have a lighter footprint and be easier on resources. I use it on 1 GHz machines with 512MB of RAM with no noticeable slowdown. It doesn't miss the stuff that you're actually going to be at risk of getting infected with, in my experience.
You didn't state the OS you were asking about, but IIRC Avast is Windows-only. MSE may fit your requirements.
who wrote this? A Centron? (Score:2, Insightful)
How about naming your celeron correctly, adding 512MB of DDR1 for about $4, and dropping in a socket 478 Pentium 2.8Ghz for about $9. That costs less than an antivirus license. Then keep Avast, since it's the best speed vs detection.
"I want an elephant the size of a mouse, please" (Score:5, Insightful)
"I want an elephant the size of a mouse, please"
Antivirus software sniffs the butt of ever filesystem write operation, as well as sniffing the but of every executable image load, as well as every browser plugin load; it also scans the contents of inbound network data, since it could have a known payload using an unknown zero day in the program requesting the data from the Internet.
Most of the code could be made significantly less overhead, but we are talking reducing it from elephant sized to water buffalo sized, rather than reducing it to mouse size. For example, if instead of checking the whole file when every write occurs, it could prevent the file being opened again until a scan-on-close occurred. Both Outlook and IE would hate that, and any browser that didn't operate "stage then interpret" would still have to be byte-stream interposed. As another example, it could decide to not react to every FS event; MacOS has this capability, since it integrates a mandator access controls (MAC) capability, but many OSs do not. And even on MacOS, most AV vendors don't take advantage of this, since it messes with their ability to use the same event streaming model as on their other platforms.
So: no such animal exists, if you want it to also be effective.
Re:Clamwin (Score:5, Insightful)
ClamWin is "light footprint" because it's no footprint. It has no on-access scanning, which for most people is indistinguishable from not having antivirus installed.
Re:Obligatory Linux evangelism (Score:4, Insightful)
This.
A simple sylogism:
Any antivirus solution worth its salt will put a hook in the file open system call to scan each file as it is accessed.
Regardless of the footprint and efficiency of the program, anything that runs each accessed file through an additional filter will incur a significant performance hit.
Therefore, any antivirus solution worth its salt will incur a significant performance hit.
The solution is not to install an antivirus program. Ways to deal with potential virus infestations: (1) run with adblockers, noscript, and perfectly strict browsing discipline, or (2) don't use a virus-prone system, or (3) something else?
I do (1) and (2). What will do you?
Re:Obligatory Linux evangelism (Score:4, Insightful)
Microsoft Security Essentials (Score:2, Insightful)
Yes, seriously. It's lightweight, it's free, it's integrated into Windows Update so it's really easy to get updates, and best of all it doesn't continually hassle you and go LOOK AT ME! LOOK AT ME! the way most of the other antivirus apps do. It just sits in your icon bar and does its job.
It's not brilliant, security-wise --- it's merely adequate --- but if you want something that hides itself away and gets on with things with a minimum of user panic, it's definitely the way to go.