Just had to clean up a computer with the paid version of zone alarm installed - anti-virus, anti-spyware as well as the firewall.
The computer is a laptop, turion at 800, with a gig of ram running xp home sp2 (because apparently sp3 stopped the internet).
It was running like a dog, went to system information and looked at the loaded modules.
Three-quarters of the dlls loaded were zone alarm, 3x more than the windows dlls.
Now the laptop is a lot faster (went from 52 processes to 21 by uninstalling crap (hear me google?)).
Uninstalling zone alarm first made the never-ending uninstalling of everything else so much quicker (been there, done that)
Next step is to put on the microsoft one and scan. This is one move by microsoft that I agree with, get rid of the proliferation of AV companies :bdg
it's not just all the crap they have to run to hook the system
they are continually downloading updated databases
at the end of the day - they don't stop anything
a waste of time and money (and internet bandwidth)
the MS one won't be much different - although, it may not be such a resource hog (they have it dialed in better - lol)
the best AV is no AV and make a disk image that can be quickly restored
oh - and make a backup copy of the clean MBR so you can restore that, as well
I run a copy of win2000 in a virtual machine (virtualpc) and just revert to the previous snapshot when I'm finished.
That's for porn (heh) and questionable sites, I still do internet banking via my normal xp home and ie8 with no av, since I am lazy (and not rich).
My computer is a gaming machine, don't need some steenking av slowing it down.
Anyway, the ms scan so far has found a couple of reg keys and a dll or eight that zone alarm must have missed :lol
i don't think zone alarm tries to claim to be an AV - more of a firewall
they are useless as tits on a bore hog also - lol
the problem is - anything the firewalls/AVs do - the virus authors find a work-around for it
it's like watching a game of championship Pong - lol
Zone Alarm Pro TM is anti-virus and anti-spyware as well as the free firewall! It has anti-phishing as well!! They make money from it!!!
Firewalls went out when everyone went from dial-up (direct IP address) to using a router (private IP address).
Funny how even the free version of za bloated up.
Zone Alarm was a good product for the first few years of its life. I started using the free version after I learned the hard way that a firewall was a necessity even for a dialup. I eventually moved to the paid version, but it soon became apparent that the developers/marketers didn't know where enough ended and too much started.
NAT in routers knackered a lot of the stuff that was around 10 years ago. On IRC you could not survive without a manually configurable firewall, my favourite was Conseal PC Firewall and no-one ever got through it although many tried on IRC. ZoneAlarm was a lemon even back then alongside a real firewall, it was aimed at the idiot fringe, auto protection from a range of known internet hacks in the dialup days.
For me last night's effort with the TDSS rootkit made the point in that nothing detected it and while I knackered it spreading or downloading more junk, it did enough damage to warrant a disk image overwrite. I think Dave's approach would have been worthwhile but I did not know enough about what it was. AV scanners are becoming less and less effective over time and I think its the wrong approach as it generates more problems than its worth and it does not provide the protection it claims.
I am still basically of the view that you secure a machine as best you can, don't develop bad habits and have a disk image ready if it gets damaged. I think it was Kaspersky that had a toy around a while ago where you set the permissions on what could access the internet and simply block the rest, I know people who have used it and it apparently works well.
As Sinsi said, a VM is another good way to live dangerously then just shut it down and overwrite the VHD file. Much the same effect as whacking the real machine with a disk image but with less hassle. :bg
Quote from: hutch-- on May 11, 2010, 02:50:46 PM
As Sinsi said, a VM is another good way to live dangerously then just shut it down and overwrite the VHD file. Much the same effect as whacking the real machine with a disk image but with less hassle. :bg
Oh, man, there is the snapshot functionality for that, you don't have to overwrite the virtual disk image file. :bg
(mainly talking about Virtualbox here)
You can also use the Returnil package to virtualize changes to the real machine and avoid using a VM, it's fool-proof.