Replacement for MSE with minimal overhead

Topic

New Reply

For background, I’m currently running MSE and MBAM Pro and will be adding MBAE Pro over the weekend after taking a backup. The O/S is Win7 64bit.

I’m pretty careful about the sites I visit and use NoScript with Firefox and delete email unread on the server unless I’m expecting a message.

I was getting a little concerned with the low detection scores MSE receives so bought a copy of Kaspersky IS 2015, which started giving me brief lockups which culminated in a total lockup on a restart. At that point I restored the backup which cured the lockups (I had followed carefully the exclusions notes but clearly there’s a problem with KIS and my setup).

One thing I did learn from that was always try a trial version first before buying, but I’ve never had a problem with AV before so was not expecting any problems. I suspect as well that was a lot more than I needed as running MBAM Pro I only really needed a basic AV.

So my question is, can anyone recommend an AV that is as unobtrusive as MSE but has better detection rates. Cost is irrelevant, I just want it to run properly without problems and a lot of fiddling around (and no PUP’s which I consider malware in any case which may rule out most of the free versions).

Reply | Quote

Replies

Bitdefender. It scores well in various tests and the only time you’ll know its there is when it blocks something or completes a scheduled scan. It is also free.

http://www.majorgeeks.com/files/details/bitdefender_free_edition.html

Reply | Quote

BitDefender Free uses an older engine than the main version and is about the least configurable AV I’ve tested.

A stripped down install of Avast Free, just the File System and Web Shields (I don’t install the browser plugin), should give you a relatively light AV with a good amount of configuration options with the main drawback being that some find the popups too intrusive – they can be controlled to some extent, I only see 2-3 a week.

Reply | Quote

Hmm, thanks both I’ll try Bitdefender though I’m always a bit wary of so called “free” versions of anything as there’s no such thing as “free”.

Looking at the paid versions of both of them, they seem to carry a lot of baggage that I don’t particularly want which was probably the cause of the problems I had with KIS. It’s very tiresome that you can’t just buy something basic anymore rather than having a load of add-ons that some marketing suit has decided to force on you.

The real annoyance is the time it takes, taking an extra backup uninstalling MBAM installing the AV reinstalling MBAM and setting up. As I discovered with KIS it takes some hours before problems become apparent, so then it’s back to reinstalling the restore.

Reply | Quote

This thread has some ideas.
http://windowssecrets.com/forums/showthread//167861-Good-anti-virus-software

cheers, Paul

Reply | Quote

I’ve seen where someone had to dump Bitdefender because it reduced the computer to a crawl, so it may be best to try before you buy with that one.

Reply | Quote

I’ve seen where someone had to dump Bitdefender because it reduced the computer to a crawl, so it may be best to try before you buy with that one.

Yep I’ll definitely take a stepped approach and use trial versions this time.

I’ve installed MBAE over the weekend and that’s behaving perfectly, though with Malwarebytes I wasn’t expecting problems in any case. I’ll leave things to run over the week to next backup cycle on Saturday and then try a new AV

Reply | Quote

https://www.emsisoft.com/en/software/antimalware/

Reply | Quote

https://www.emsisoft.com/en/software/antimalware/

I second this recommendation.

Reply | Quote

These three sites are a good place to start research…

http://www.av-comparatives.org/

http://www.av-test.org/en/home/?avtest%5Btype%5D=3

https://www.virusbtn.com/vb100/index

The information from these sites suggest that Kaspersky should not be the problem; best detection, light system effect…

Reply | Quote

The information from these sites suggest that Kaspersky should not be the problem; best detection, light system effect…

It all depends on your own computer usage and the last update

Reply | Quote

It all depends on your own computer usage and the last update

That truism would apply to any AV…my point was that Kaspersky has the best detection rates and a low footprint, according to the testing labs.

Reply | Quote

The information from these sites suggest that Kaspersky should not be the problem; best detection, light system effect…

I got too many lockups from KIS, the last was a total deadlock so I had to power cycle the pc. All the problems disappeared once I restored from backup which had MSE.

I do recall reading somewhere that there is an issue with KIS (and possibly Bitdefender) with Asus Motherboards (I have the X99-S) though as I don’t run the Asus software that handles monitoring I’m not convinced that’s the problem.

I’ll try another this weekend and see how things go

Reply | Quote

I got too many lockups from KIS, the last was a total deadlock so I had to power cycle the pc. All the problems disappeared once I restored from backup which had MSE.

Were both KIS and MBAM active at the same time? That might be the cause of your lockups.

Jim

Reply | Quote

Kaspersky does seem to be the top of the heap at the moment but has already been tried and rejected.

Reply | Quote

Kaspersky does seem to be the top of the heap at the moment but has already been tried and rejected.

Until recently I have had a lot of respect for Kaspersky. But during the past two weeks I have cleaned up three customers’ computers that had Kaspersky ISS yet each were infected with 8-66 rootkit objects and several hundred PUPs/malware objects. All three customers had renewed their subscriptions within the past six months and their Kaspersky ISS installations were up-to-date.

Reply | Quote

Until recently I have had a lot of respect for Kaspersky. But during the past two weeks I have cleaned up three customers’ computers that had Kaspersky ISS yet each were infected with 8-66 rootkit objects and several hundred PUPs/malware objects. All three customers had renewed their subscriptions within the past six months and their Kaspersky ISS installations were up-to-date.

My experience is the opposite, I’ve never had a rootkit or PUP infection since using Kaspersky…on my sytem it automatically does a rootkit scan daily and I scan with Malwarebytes and ESET online from time to time as a further precaution. So far I’m impressed with Kaspersky and it is very light on system resources.

Reply | Quote

Until recently I have had a lot of respect for Kaspersky. But during the past two weeks I have cleaned up three customers’ computers that had Kaspersky ISS yet each were infected with 8-66 rootkit objects and several hundred PUPs/malware objects. All three customers had renewed their subscriptions within the past six months and their Kaspersky ISS installations were up-to-date.

Just curious, what software did you use to detect the rootkits and PUPs?

Reply | Quote

Just curious, what software did you use to detect the rootkits and PUPs?

Rootkits were detected and removed using Combofix from http://download.bleepingcomputer.com/sUBs/ComboFix.exe Note this program is intended for use by competent computer professionals or very advanced computer users. Do not attempt to use combofix unless you know exactly what you are doing.

PUPs were removed using MalwareBytes Anti-Malware (latest version), SpyBot Search and Destroy (in most cases v2.4, but in some cases v1.6.2), ADWCleaner (latest version), and Junkware Removal Tool (latest version).

Reply | Quote

For my clients I install the free version of Panda. Together with Malwarebytes Pro, both running real time, I believe your objectives are met.

Reply | Quote

Apparently Combofix does not work on Windows 8.1 at this time…

Reply | Quote

ESET’s Nod 32 will be the first one I’ll look at when upgrading to Win 10. It [paid version] was very good and very light before MSE became a decent alternative. I hope its lack of mention here doesn’t mean it’s gone downhill.

Lugh.
~
Alienware Aurora R6; Win10 Home x64 1803; Office 365 x32
i7-7700; GeForce GTX 1060; 16GB DDR4 2400; 1TB SSD, 256GB SSD, 4TB HD

Reply | Quote

Recently replaced MSE on XP machine with Emsisoft Antimalware, very impressed.

Reply | Quote

Slorm,

Were KIS & MBAM active at the same time? That might be the cause of the lockups.

Reply | Quote

Hi Slorm,

Don’t make things more complicated than needed. I would suggest that you stick to MSE + Malwarebytes anti-malware pro and run Housecall Trend Micro from time to time when necessary.

Reply | Quote

Hi Slorm,

Don’t make things more complicated than needed. I would suggest that you stick to MSE + Malwarebytes anti-malware pro and run Housecall Trend Micro from time to time when necessary.

The OP was concerned about detection rates and so wanted to move from MSE :rolleyes:
jwoods has posted several links to independent testing labs’ results of various AV applications.
I don’t suffer from the obsession with free software, rather believing that everyone has to make a living, so those sorts of tests will always be my criteria for choice.

Reply | Quote

Unfortunately, those tests do not replicate a typical “day in the life of” anyone but a tester that’s hooked into those methods.

I’ve not yet had time this year to test out a group of free/trial packages but for the last 3 years I’ve settled on (a limited install of) Avast Free to fill the AV role on my computers. Most of the others didn’t stay loaded for more than 24 hours here.

Reply | Quote

Unfortunately, those tests do not replicate a typical “day in the life of” anyone but a tester that’s hooked into those methods.

I’ve not yet had time this year to test out a group of free/trial packages but for the last 3 years I’ve settled on (a limited install of) Avast Free to fill the AV role on my computers. Most of the others didn’t stay loaded for more than 24 hours here.

So what tests do you carry out to make your choice?

Reply | Quote

Unfortunately, those tests do not replicate a typical “day in the life of” anyone but a tester that’s hooked into those methods.

I’ve not yet had time this year to test out a group of free/trial packages but for the last 3 years I’ve settled on (a limited install of) Avast Free to fill the AV role on my computers. Most of the others didn’t stay loaded for more than 24 hours here.

Was the free version of Comodo in those trials Andy ?

Reply | Quote

Was the free version of Comodo in those trials Andy ?

Sorry Tom, if you meant whether I’d tested it in the last 2-3 years, the answer is yes, about 3 years ago but it was too time-consuming and clunky, difficult to confine it to either AV/AM or firewall/HIPS only at that time. Might have been ‘better’ in silent mode but that’s no good to me, I need to see what’s blocked/flagged and be able to check and unblock/whitelist without needing to refer frequently to a help file or fora. The gizmo link, if kept updated, should be fine, the author’s a moderator on the Comodo forum so he should know how best to set it up for most users.

Onto my ongoing trial of Panda Free AV, the only real hit I’m seeing/feeling is still when downloading or checking for updates for some software, there’s a significant dropout of data after a few seconds on data download commencement, typified by the dip in the lefthand graph below:

Resource usage is still very low, between 30-40MB Working set during my rare checks, Peak Working set might be as high as 150-160MB. Handles counts I’ve seen are in the 1000 range, that feels very low, even suspiciously low – given the time/energy, I’d want to dig deeper into that. Disk space is currently ~125MB.

I bumped into what looked and acted like a Ukash scam page (safe link) last week and none of my active security programs were triggered – I put that down to my passive blocks, some of which are System-wide, doing what they’re supposed to do, rather than any failure of the installed software. I didn’t try to activate the trigger, as I wasn’t in a ‘hunt the exploit’ mood and also quite tired.

Overall, I’m quite impressed by Panda’s free offering currently. Unfortunately, I picked up on a (probably unrelated) problem/bug that needs troubleshooting recently, that means reverting to Avast Free and a multitude of other changes away from my normal setup in the hope that I can pin down the trigger and report it for fixing.

Reply | Quote

That makes them completely artificial.

Reply | Quote

Real world tests, my real PC in normal use. It always has plenty of useful ‘PUPS’ to test with, plus some which are often wrongly classified purely by the the packers used, etc.

Simple tests on downloading and scanning to see how well the settings work, if at all, impact on the PC, impact on the user.

If a software doesn’t do what it says on the tin, or slows a machine down noticeably, stops a user in his tracks for something it’s set not to do, etc. – it gets kicked off the field.

A 100% hit rate on some artificial test isn’t going to impress someone who feels his machine has been crippled or his work rate/concentration is noticeably worse since installing it, people are much more intolerant these days – instant gratification, etc.

I’m currently testing Panda Free Antivirus, you’ll be pleased (or not, as the case may be) to know, early impressions are – interesting – but I need to finish my regular suite of software before a reboot and reassessment.

Reply | Quote

Real world tests, my real PC in normal use. It always has plenty of useful ‘PUPS’ to test with, plus some which are often wrongly classified purely by the the packers used, etc.

Simple tests on downloading and scanning to see how well the settings work, if at all, impact on the PC, impact on the user.

If a software doesn’t do what it says on the tin, or slows a machine down noticeably, stops a user in his tracks for something it’s set not to do, etc. – it gets kicked off the field.

A 100% hit rate on some artificial test isn’t going to impress someone who feels his machine has been crippled or his work rate/concentration is noticeably worse since installing it, people are much more intolerant these days – instant gratification, etc.

I’m currently testing Panda Free Antivirus, you’ll be pleased (or not, as the case may be) to know, early impressions are – interesting – but I need to finish my regular suite of software before a reboot and reassessment.

If one has the expertise to rely on empirical evidence, then fair enough.
I have to rely on other evidence and having read the rationale of the testing labs mentioned previously, it seems to me that the tests are a reasonable examination of the efficacy of the various AV products.
As far as Panda Free Antivirus is concerned, “you’ll be pleased (or not, as the case may be)to know”…that it gets a very good rating with AV-Comparitives’ latest tests :fanfare:

Reply | Quote

I was well aware of the AV comp details, Trev.

Quick and dirty update for you:

Feels pretty good so far, I have a few reservations: FP/misclassifications, not always honouring settings (removing files without first asking) slower than my regular Avast Free in some circumstances (it’s Cloud-based, expected), not convinced that it’s checking more than .exe files on download – but I’m still working with/testing it.

RAM usage is good, demand scans only use ~25% of my i3, I’d prefer more to be used for a faster scan. 20 drivers loaded by it is interesting but they’re all quite new, New Year’s Eve 2014 is the oldest one.

Not studied the W7x64 System/Applications logs for anomalies yet.

I opted out of the browser plugin.

Reply | Quote

What sort of RAM usage figures are you getting?

Reply | Quote

Uptime ~7.5 hours, Peak ~270MB, current Private ~12MB!, Commit ~130. Principle use so far is just browsing with a few checks with utilies in between to ‘see’ how active it is.

Post boot it looks much the same as Avast did, within a couple of minutes it reduces usage (clears the Working Set?) so it’s lower.

2nd and subsequent runs of software that show significant (up to ~5x slower) slowdowns seems to be vastly reduced, still probably not as good as Avast but the differences feel pretty slight, maybe ~20%.

Disk space ~124MB, scans can push that over a GB.

During browsing I’m really not noticing it, default install includes a browser plugin, that might cause a slight hit (and increase the Cloud data transfers).

Overall, I’m liking it, I might try some gaming tomorrow.

Reply | Quote

Interesting…I look on Task Manager to see basic information on resource usage, but how did you get those other stats?

Reply | Quote

From Task Manager, Trev

My current TaskMan setup:
Applications tab – default.
Processes tab: Options > Select columns > PID, User name, CPU usage. Memory: Private Working set, Peak Working set, Commit size. Handles and Description. You can drag columns by their headers to place them in the order you want.
Services: Default.
Performance tab: View > CPU history = one graph per CPU, Show Kernel times. Normally scaled to minimum width and to show 10 squares high for quick % comparison of peaks, troughs and Kernel activity.
Networking: Bytes Sent and Bytes Received only checked.

Various of these might be switched around, depending on what I’m looking for during that period. TaskMan is the very first thing I open after boot, as soon as I can – I use it as a boot timer! – it stays open all session, which is frequently a few days to ~12 (a normal browser session here is ~3-5 days).

Reply | Quote

I’m on Windows 8.1, can’t see any of the options you’ve listed…:confused:

Reply | Quote

I’m on Windows 8.1, can’t see any of the options you’ve listed…:confused:

Go to the Details tab, right click on the column title bar and click on Select Columns. You will find most of these options there.

Jerry

Reply | Quote

It hasn’t appeared in Real-World Protection Tests by AV Comparatives during the last 2 years, Tom. I’ve not rechecked the other test/comparison sites.

Trev, you might be able to find similar stats by digging deep into Resource Monitor in W8/8.1?

The ‘wonderful’ new W8 TaskMan was a major reason why I dismissed W8 during Beta testing, it might have been a useful crossover into W7’s Resource Monitor territory but it made it less useful and more clunky for me.

Reply | Quote

It hasn’t appeared in Real-World Protection Tests by AV Comparatives during the last 2 years, Tom. I’ve not rechecked the other test/comparison sites.

I’ve been considering the free version of Comodo for when my Norton 360 expires as it’s getting a right pain whenever I have to restore.

Just spent nearly 3 hrs recovering from a sfc unable to repair some files following a much edited WU reinstall and had to reinstall Norton twice because the first one was unable to activate because it was blocking Internet connectivity.

Reply | Quote

Thanks JW – I’ll check that out later.

Reply | Quote

Panda has never really appealed to me.

Finally got around to reading JW’s link http://www.techsupportalert.com/best-free-anti-virus-software.htm but I’m not sure I would want an AV that was “chatty” but when the time comes I could give CIS a try out.

Reply | Quote

I don’t find Panda chatty, it doesn’t say anything for weeks at a time, then pops up a note about a virus – usually a web page.

cheers, Paul

Reply | Quote

I don’t find Panda chatty, it doesn’t say anything for weeks at a time, then pops up a note about a virus – usually a web page.

cheers, Paul

I was talking about Comodo as in JW’s link that I’d reproduced.

The reference to Panda was in response to Andy’s report on it.

Reply | Quote

SUPERAntiSpyware is also pretty good MSE replacement on Windows XP.
already a day before 7/14/2015 and I already removed MSE off of my old XP computer.

Reply | Quote

SUPERAntiSpyware is also pretty good MSE replacement on Windows XP.
already a day before 7/14/2015 and I already removed MSE off of my old XP computer.

SAS isn’t an AV program.

As far as I know, Avast Free and AVG Free are still XP supported, but I’d avoid AVG as it has been known to stop Windows Firewall from running after it was uninstalled.

Reply | Quote