[PANTUGGeneral] Win 7 system preoccupation
lefty
be polite. One of the processors seems to frequently be `busy' when I
want to do something so the cursor takes its time.
The machine is a recent Dell dual core AMD, 3g RAM, all bling turned
off- no Aero, no background, no exploding 16bit graphics.
Task Mgr isn't helpful. Process Explorer indicates that the resources
being used come under SYSTEM but isn't any more specific.
Any suggestions as to where to look further?
Thanks.
_______________________________________________
PANTUGGeneral mailing list: PANTUG...@lists.pantug.org
To remove your address or change your delivery options see:
http://lists.pantug.org/mailman/listinfo/pantuggeneral
For the searchable archives see:
http://groups.google.com/group/pantug/
Buce, Michael
Also, PANTUG folks have reported before that PCDecrapifyer (sp?) is very helpful with Dell bloatware.
--------------------------------------------------------------------------
NOTICE: If received in error, please destroy, and notify sender. Sender does not intend to waive confidentiality or privilege. Use of this email is prohibited when received in error. We may monitor and store emails to the extent permitted by applicable law.
JP Vossen
> My Win 7 box is starting to piss me off. The response is sluggish, to
> be polite. One of the processors seems to frequently be `busy' when I
> want to do something so the cursor takes its time.
Just *starting* to???
...
> Task Mgr isn't helpful. Process Explorer indicates that the resources
> being used come under SYSTEM but isn't any more specific.
Yeah, that's what I usually see in W2K and XP too, e.g. my recent "slow
computer" post (which I haven't really looked into much yet).
Does anyone use it besides you? Any chance of infection?
> Any suggestions as to where to look further?
Linux? <ducks>
Good luck,
JP
----------------------------|:::======|-------------------------------
JP Vossen, CISSP |:::======| http://bashcookbook.com/
My Account, My Opinions |=========| http://www.jpsdomain.org/
----------------------------|=========|-------------------------------
"Microsoft Tax" = the additional hardware & yearly fees for the add-on
software required to protect Windows from its own poorly designed and
implemented self, while the overhead incidentally flattens Moore's Law.
lefty
> lefty wrote:
>> My Win 7 box is starting to piss me off. The response is sluggish, to
>
Yeah, I know... you owe me.
> Does anyone use it besides you? Any chance of infection?
This thing is about as clean as clean can be.
When I run Ccleaner weekly, I come up with less than 4M of junk to
delete. It has a/v and a chatty firewall.
>> Any suggestions as to where to look further?
>
> Linux? <ducks>
I am about to transition from Manglement to Security. Since this is my
only Win box, it is getting ready to become airborne.
I followed Michael's suggestion to turn on Aero. I used the Win
troubleshooter to accomplish this, at which point the fireworks began.
I have a 3 monitor setup and I sat there watching two of the screens
alternately blinking on, going into power save, then back repeatedly.
The third screen seemed to be on its own schedule. There was some
notice about the video driver stopped responding then started again. I
called the entire crew over because I needed the validation.
This continued until the third screen blue-screened.
When it came back up, it had lost my settings and a shortcut I had just
placed on the desktop. When I went to put it there again, it came up
with a (2) appended. Windows saw a desktop shortcut that I didn't.
WINDOWS: IT'S NOT AN OPERATING SYSTEM - IT'S A VIRUS.
I finally got it tamed down - no noises, no transparency (bad acid
trip), and a single color desktop. Hoping Michael's suggestion is the
magic bullet. (thank you, Michael)
Will advise.
Jim DeCaro
Jake Gardner
Thanks,
Jake Gardner
Network Administrator
267-352-2020 Ext. 246
www.ttcdas.com
-----Original Message-----
From: pantuggene...@lists.pantug.org
[mailto:pantuggene...@lists.pantug.org] On Behalf Of Jim DeCaro
Sent: Tuesday, March 02, 2010 1:36 PM
To: PANTUG General Discussion (and technical Q&A)
***Teletronics Technology Corporation***
This e-mail is confidential and may also be privileged. If you are not the addressee or authorized by the addressee to receive this e-mail, you may not disclose, copy, distribute, or use this e-mail. If you have received this e-mail in error, please notify the sender immediately by reply e-mail or by telephone at 267-352-2020 and destroy this message and any copies.
Thank you.
*******************************************************************
Jake Gardner
Thanks,
Jake Gardner
Network Administrator
267-352-2020 Ext. 246
www.ttcdas.com
-----Original Message-----
From: pantuggene...@lists.pantug.org
[mailto:pantuggene...@lists.pantug.org] On Behalf Of lefty
Sent: Tuesday, March 02, 2010 11:48 AM
To: PANTUG General Discussion (and technical Q&A)
***Teletronics Technology Corporation***
This e-mail is confidential and may also be privileged. If you are not the addressee or authorized by the addressee to receive this e-mail, you may not disclose, copy, distribute, or use this e-mail. If you have received this e-mail in error, please notify the sender immediately by reply e-mail or by telephone at 267-352-2020 and destroy this message and any copies.
Thank you.
*******************************************************************
Jim DeCaro
lefty
> You are sure he was using the Systernals app
Yes he is, thanks.
Antivir, Comodo FW.
Jim DeCaro
completely compatible.
Jake Gardner
;)
Uninstall Comodo, check for issue. If still present remove Antivir. If
it's gone now, install AVG instead and see if it returns.
Notice, I didn't say to reinstall comodo. I have never installed a
software firewall on a pc. AVG, however, does have higher level network
detection components.
Jim DeCaro
On Tue, Mar 2, 2010 at 11:48 AM, lefty <lefty...@gmail.com> wrote:
Buce, Michael
Turning on Aero should not be that difficult. I had a BSOD problem recently that was corrected by updating NVidia's nView Destkop Manager. Are you using a utility to manage the 3 monitors?
-----Original Message-----
From: pantuggene...@lists.pantug.org [mailto:pantuggene...@lists.pantug.org] On Behalf Of lefty
Sent: Tuesday, March 02, 2010 1:36 PM
To: PANTUG General Discussion (and technical Q&A)
Subject: Re: [PANTUGGeneral] Win 7 system preoccupation
Will advise.
--------------------------------------------------------------------------
NOTICE: If received in error, please destroy, and notify sender. Sender does not intend to waive confidentiality or privilege. Use of this email is prohibited when received in error. We may monitor and store emails to the extent permitted by applicable law.
lefty
With Aero/GPU enabled, the annoying lag I experienced seems to be gone.
That would be good, except the end result is that the lag seems to be
spread over everything now and Outlook(Exchange) takes up to 4 minutes
to send an email. The entire system is less responsive.
Gracias for the suggestions. I do not want to shoot the messenger.
(Just the manufacturer of the operating system.)
As for a/v and fw, I have an XP machine with the same configuration,
operating on lesser hardware that doesn't lag.
Anybody running W7 in a VM?
Jake Gardner
http://www.howtogeek.com/howto/windows-7/list-of-anti-virus-software-com
patible-with-windows-7/
However, seriously, really... Uninstall Comodo. At least try it.
Software firewalls are as good at killing a system as Symantec's entire
product line.
W7 is in no way similar to XP. The same config argument doesn't work.
Thanks,
Jake Gardner
Network Administrator
267-352-2020 Ext. 246
www.ttcdas.com
-----Original Message-----
From: pantuggene...@lists.pantug.org
[mailto:pantuggene...@lists.pantug.org] On Behalf Of lefty
Sent: Tuesday, March 02, 2010 3:16 PM
To: PANTUG General Discussion (and technical Q&A)
***Teletronics Technology Corporation***
This e-mail is confidential and may also be privileged. If you are not the addressee or authorized by the addressee to receive this e-mail, you may not disclose, copy, distribute, or use this e-mail. If you have received this e-mail in error, please notify the sender immediately by reply e-mail or by telephone at 267-352-2020 and destroy this message and any copies.
Thank you.
*******************************************************************
David Dows
David Dows
Eric
2010.
I suppose it might have to do with NIS 2004, 2005, 2006, 2007, and 2008.
I've had to remove most of these earlier versions of NIS from more than
a dozen computers. It was done to restore computers to a functional
state. Sometimes the uninstall process alone took nearly an hour. Many
others I've spoken with have similar experiences. To be fair, I've also
had to remove McAfee and other "suites" as well when they, like NIS,
suddenly decided that 99% of CPU 100% of the time was not quite enough
for them.
I never went back because the experience was too painful and costly.
Are you saying that NIS 2009 and 2010 are comparable with other
solutions (AVG, Avast, Blink from Eeye Digital Security and VIPRE from
Sunbelt Software come to mind.)? Tell me it's so and I might try a
copy. I just figured that Symantec was continuing to coast on the
Norton name by producing larger and larger bloatware packages in
ever-slicker yellow boxes to suck in the rubes.
Frankly, given the nature of computer security today[1] just switching
entirely to Linux might not be enough. It's depressing.
Eric
[1]
https://www.isecpartners.com/files/iSEC_Aurora_Response_Recommendations.pdf
--
# Eric Lucas
#
# "Oh, I have slipped the surly bond of earth
# And danced the skies on laughter-silvered wings...
# -- John Gillespie Magee Jr
Jake Gardner
commercial) and have had very little issue with it.
Jake Gardner
spent almost 10 years ripping Symantec and MacAfee products out of
systems due to their problems and lack of catching viruses.
David Dows
system and the last I noticed, AVG 8.x became as bloated as NAV used to
be until 3 years ago. Many people I know dumped it then. AntiVir is also
better at detection, especially for new threats.
I was never sold on McAfee when I had to support it for 50K users
worldwide, but we weren't satisfied with Symantec's enterprise
management tools. McAfee allowed us to cascade updates through a
hierarchical setup, whereas Symantec wanted us to use one global
distribution point. This was around 2000.
I have never had a system become compromised when NIS has been
installed, configured and updated properly, although I am no longer
satisfied to rely on it alone, as you probably saw in my recent post.
However, it's very effective and inexpensive to supplement it with
lifetime licenses for MBAM and SAS.
I also run Windows Defender, because I don't trust MS to share reported
exploit info with the rest of the anti-malware community, after their
failure to do so early on (this may have changed). In any case, their
startup monitoring, makes it unnecessary to install a separate product
for that.
Linkscanner and Secunia PSI also help keep my clients' systems secure.
Snoopfree is handy for those who know how to react to its warnings of
anything trying to Read the screen, Hook the keyboard or Read an unowned
window.
Jake Gardner
that pc's should use based on custom install and via hierarchical
configs (Global->Group->PC). I believe you can even set multiple update
servers for failover/load-balance as well.
lefty
> You should give AVG 9.x a whirl. You can set groups and update servers
With all due respect, I jettisoned AVG around 7 or 8 because it became
too bloated (admin issues aside). We chucked Symantec 3 years or so ago
for the same reason (plus Symantec is staffed by idiots, all with
different answers, including the web pages).
In the enterprise, we're using Kaspersky on desktops, which is also
getting fat. Using Trend on servers, which doesn't seem to cause any
trouble.
I put Antivir on my work desktop because it's the lightest I've found.
I like Comodo because it's chatty. This is a personal preference. I am
going to turn it off shortly to see if it is causing the delay.
David Dows
while it was still Wyeth. I deal with much smaller networks now.
For the user, are you saying the bloat is gone from 9.x, not that I
would abandon AntiVir where I use it for one client.
Avira is still one of the top 3 or so for detection at av-comparatives,
but AVG has always fallen down when it comes to new threats, as I
recall. The only negative with AntiVir is occasional false positives,
but those are easily compared against the other scanners at VirusTotal,
VirScan.org and Jotti's.
BTW, the other post re: "Symantec: then and now" is awaiting moderation.
I included some graphs that put it well over the size limit, so it may
or may not get through. Probably depends upon whether the moderator is
pro or con Symantec before and after reading it. :-)
Jim DeCaro
We are having our issues with Trend Micro now. I echo the sentiment about
Symantec and McAfee.
Jake Gardner
and trimmed a bit. Frankly, I never thought it was really that bloated
to begin with.
Maybe one of these days when I have some free time (heh, that's funny)
I'll setup a system and try the different vendors. I do get some
minimal lip from end users that occasionally see long load times for
Office docs. I think it's related to network based templates and macros
that AVG has to scan as well.
Jake Gardner
SG-1. That was probably the most over-used line.
It really is, to each their own, when it comes to these products. I've
been on quite a few mailing lists and website forums and I've seen just
about every argument for and against each piece of software.
Software firewalls are #1 on my checklist of things to check when things
don't work as expected. From experience, I have my reasons.
Thanks,
Jake Gardner
Network Administrator
267-352-2020 Ext. 246
www.ttcdas.com
-----Original Message-----
From: pantuggene...@lists.pantug.org
[mailto:pantuggene...@lists.pantug.org] On Behalf Of lefty
Sent: Wednesday, March 03, 2010 11:50 AM
To: PANTUG General Discussion (and technical Q&A)
Subject: Re: [PANTUGGeneral] Win 7 system preoccupation
***Teletronics Technology Corporation***
This e-mail is confidential and may also be privileged. If you are not the addressee or authorized by the addressee to receive this e-mail, you may not disclose, copy, distribute, or use this e-mail. If you have received this e-mail in error, please notify the sender immediately by reply e-mail or by telephone at 267-352-2020 and destroy this message and any copies.
Thank you.
*******************************************************************
David Dows
most of my systems and those of my clients. Until recently their
detection success and scan speeds compared favorably with Avira, ESET &
Kaspersky. Detection has fallen off enough that I'm hoping to see Vipre
tested at av-comparatives very soon.
However, I find that Norton co-resides with the resident protection of
Windows Defender, MBAM and SAS quite nicely, without bogging down the
machine. I don't know of a friendlier bi-directional firewall, that
automatically configures rules for minimal necessary access for each
program found. With all of that, and Secunia PSI for patch maintenance,
there isn't much exposed attack surface left.
I too became frustrated with Norton after 2002 through 2006. However, I
gave it another try after reading that Norton had improved somewhat in
2008, but it's improved by leaps and bounds in 2009 and 2010. Pre and
Post 2008 is like night and day.
I can only think of one recent day that ccsvchst.exe MAY have been the
cause of unusual drive thrashing, but still never exceeding 20-30% of
the CPU and even then, only in short bursts. I've been running with the
current license for 2009/2010 long enough that I have only 93 days
remaining on the subscription.
Typically, the % CPU load is in the low to mid single digits, even when
opening documents in an Office app or downloading email. Occasionally,
it gets up into the teens, when LiveUpdate runs, but that doesn't last
long either, especially if you have "burst" updates enabled.
When I run processor and disk intensive telecom billing software, using
Clarion to rate and sort through millions of call records, I find that
the job finishes in the same amount of time whether or not I disable the
NAV auto-protect.
There are no longer any scheduled scans, they simply begin after x
minutes of idle time, and stop immediately when the user takes over
again. Scans also bypass any files determined to be safe on the initial
scan, based upon comparison of a checksum or fingerprint to the 90M
known safe, unknown or malicious files in Symantec's Insight Network
database. 74% of the files on my system are known to be safe.
BTW, I don't recall when they started subscription mode for the app as
well as the signatures, but once you buy NIS, if a new version comes
out, the upgrade is a free download, which is why this license started
out as NIS 2009, but I'm now running NIS 2010 in the first year.
Below are typical CPU & Memory graphs from yesterday's activity with
Firefox/LogMeIn, Thunderbird, UltraVNC, DownThemAll and Master Volume
_open all day long_, with occasional Word, Foxit Reader, CSVedit,
NoteTab Lite, Process Explorer, Win32Pad, Paint, CMD and K-Meleon sessions.
Resident in memory are Secunia PSI, Windows Defender, SnagIt, ProcExp,
WinRoll, LogMeIn, MBAM, SAS, RoboForm, Core Temp, K-Meleon Loader,
SnoopFree, jusched, jqs.exe, GoogleCrashHandler, MXI SSDService.exe
(Secure Storage Device Application), LMabcoms.exe (Lexmark Printer
Communication System) and iPoint.
Note, the yellow specs, indicating Norton utilized the CPU measurably
about a dozen times, most often when the system was otherwise idle.
Likewise, memory was rarely impacted when the system was busy. These
graphs are also attached as PNG files for anyone reading this in plain
text. Although these graphs come from Norton reporting on itself, they
always jive with Sysinternals Process Explorer's reporting.
Eric
That's quite a thorough analysis. It seems that Symantec invested some
$ in trying to solve the issues with the earlier bloatware versions.
I'll try Norton the next opportunity that I have.
Thank you.
Eric
> ------------------------------------------------------------------------
David Dows
somewhere to upload them and forward the link when I get a chance. You
would be amazed.
lefty
> I only wish the images could have been included. I'll try to find
> somewhere to upload them and forward the link when I get a chance. You
> would be amazed.
I don't trust them any farther than I can throw them but I appreciate
your research.
David Dows
I don't waste my time relying on them for support, if that's what you
mean. However, any time I would do so, I was the one to arrive at the
solution before they did and it was often much less drastic than their
standard answer "Uninstall ALL Symantec products and reinstall".
If I needed them for support, I wouldn't use them, but I don't.
David Dows
haven't even had any problems to solve.
I can't say the same for their online store, but they did
over-compensate for problems with their license metering by giving me an
extra seat and a one year extension.
I don't recall whether that was Digital River or Symantec I was dealing
with, but I did come away pleased.
In one of the cases, they were especially accommodating, because it was
actually my client who ordered NAV instead of NIS by mistake, and they
gave him an extra year of NIS. He also failed to remove the "Extended
Download" rights from his cart before checking out, so this is how they
made it up to him. He was very pleased.
Drew Lehman
down to a crawl. They had at least 2 updates where legitimate files
were deleted without question. This lack of QA means their updates
can't be trusted.
David Dows wrote:
> Don't trust them in what sense?
>
> I don't waste my time relying on them for support, if that's what you
> mean. However, any time I would do so, I was the one to arrive at the
> solution before they did and it was often much less drastic than their
> standard answer "Uninstall ALL Symantec products and reinstall".
>
> If I needed them for support, I wouldn't use them, but I don't.
>
_______________________________________________
Troy Sorzano
Troy
David,
I the middle of this conversation about AntiVirus. I learned you are using Clarion to do telecom report processing. I was a big time clarion developer in the 90's. I ran a development shop and even brought my lead developer to my current ETA.
Are you actively coding in clarion?
Troy
David Dows
numerous products, including MBAM, AntiVir, AVG, McAfee, SAS, A-squared,
Prevx among others, consider my legitimate installations of some
utilities to be a threat.
I have either had to deny their removal, if I had the scanner setup to
prompt me, or I had to restore them, if I didn't, and they "were deleted
without question". Among those utilities were UltraVNC, LogMeIn, and
various "Asterisk" password recovery tools.
Files can be "legitimate" on one system and not on another. It just
seems to me that Symantec has become such a popular punching bag that we
only get these comments about them, whether or not the same rare
occurrences happen with the others.
David Dows
provisioning system with Clarion. I only work with the infrastructure,
security and occasionally help out with processing. The were also using
ClarioNet, but had to ditch it for Go-Global when it started to cause
too many problems.
Bob Sherman (M13)
360 product.
I had problems with AVG 8, Ad-Aware, and SpyBot and no longer use them.
Swore off MacAfee a long time ago.
AntiVir was ok, but not as encompassing as NIS.
I supplement with WinPatrol and Malwarebytes.
Comodo has been ok, but not for all clients.
Secunia PSI is interesting, but gives a lot of false positives. Sometimes
it will say that something is not patched when it is patched, and it
persists with that false information until some magic happens.
The shine on FireFox has worn off. It has been compromised one too many
times and it's not safe without a few security add-ons.
Clearly, the main problems with system speed continues to be multiple
security watch dogs that tie up other system processes or that thrash for
ascendency, too many preloads, too many background processes, too much
foreground clutter in the form of desktop storage or menu items that demand
preloads, network chatter, undetected hardware problems (disk errors, memory
errors), insufficient secondary storage for system structures (or
insufficient isolation of that space), bloatware, bad drivers, way too many
calls to the registry, too many programs that have to phone home before they
will deliver, etc.
Anybody look in the event viewer?
David Dows
Bob Sherman (M13) wrote:
> NIS 2009 & 2010 fixed a lot of problems with Norton. I still won't use the
> 360 product.
>
I'll second that re: Norton 360; it's too dumbed down and loaded with
extras I don't need nor want to be nagged about.
> I had problems with AVG 8, Ad-Aware, and SpyBot and no longer use them.
>
As Gizmo Richards (techsupportalert.com) pointed out, there isn't much
for Ad-Aware or Spybot to find, after scanning with MBAM and SAS. I only
use the inoculation in Spybot and the free SpywareBlaster.
> Swore off MacAfee a long time ago.
>
> AntiVir was ok, but not as encompassing as NIS.
>
I use AntiVir (Free) for it's very high detection rate (as well as MBAM,
SAS and multiple RootKit scanners) when I believe a system has been
compromised and for one client who refuses to pay for software. The
false positives are easy enough to sort out with VirusTotal and Virscan.org.
> I supplement with WinPatrol and Malwarebytes.
>
> Comodo has been ok, but not for all clients.
>
That's for sure! Which is why the self-configuring firewall in NIS is so
great, even if it doesn't compare well with HIPS oriented products
highly rated by Matousec.
> Secunia PSI is interesting, but gives a lot of false positives. Sometimes
> it will say that something is not patched when it is patched, and it
> persists with that false information until some magic happens.
>
Many of those apparent false alarms are pointing to an unused copy of a
program. Often CD installs copied to a folder on the HD include an old
version of acrobat or flash. In one case, someone kept accusing Secunia
of a false positive on his system until he realized the file being
flagged as on his D: drive. The only problem I have had was with the
PowerPoint viewer included with PP, so I just deleted the file. MS
Update kept telling me there is nothing to update, even when I manually
downloaded the file from the KB.
> The shine on FireFox has worn off. It has been compromised one too many
> times and it's not safe without a few security add-ons.
>
I still feel safer with FF/NoScript/Linkscanner/WOT and the IP
Protection by MBAM than with IE/ActiveX any day.
Bob Sherman (M13)
>> Bob Sherman wrote:
>> Secunia PSI is interesting, but gives a lot of false positives.
>> Sometimes
>> it will say that something is not patched when it is patched, and it
>> persists with that false information until some magic happens.
>>
> Many of those apparent false alarms are pointing to an unused copy of a
> program. Often CD installs copied to a folder on the HD include an old
> version of acrobat or flash. In one case, someone kept accusing Secunia
> of a false positive on his system until he realized the file being
> flagged as on his D: drive. The only problem I have had was with the
> PowerPoint viewer included with PP, so I just deleted the file. MS
> Update kept telling me there is nothing to update, even when I manually
> downloaded the file from the KB.
You can tell PSI to ignore (Ignore Rules on the Settings tab) drives,
folders, or files, and I do for some stuff (like the UBCD-4-win.) I would
have told it to ignore the Power Point Viewer unless I thought that would
somehow threaten me. It'll tell me that Windows XP is not updated when I
know it is. To recheck that, you have to kick off a huge scan that looks at
everything instead of just at the system file that needed updating--and that
takes forever.
David Dows
such as the Sygate firewall on one client's systems.
Since I have the complete PowerPoint and have no need for the standalone
viewer, it was a no-brainer to delete it. The version of the viewer
found was not the version MS Update & the Office KB Update should have
delivered. Hence the failure was at Microsoft, not Secunia. I did feel
it threatened me unnecessarily, since I didn't need it, and the
unpatched version was rated a Cat 4 or 5 threat.
If I really need a standalone PP viewer, I can always download the free
one from MS, but it's more likely someone else would need it for a file
I might send them. They can download it themselves.
When Secunia persists with false information, it's usually because file
monitoring is turned off, and "some magic happens" when the next
scheduled full scan occurs, usually weekly. If the false indication
bothers me, I kick off that HUGE scan, but it doesn't take forever to
scan a 160GB drive that's half full, including 289 patched programs,
with only 4 ignore rules.In any case, I continue doing whatever I was
doing before I kicked off the full scan.
As with the example I already gave, nearly anything that appeared to be
a "false positive" at first glance, turned out to be a case of
overlooking the location of the file being flagged. All that was
necessary was to hover over the name of the program with the mouse
pointer and carefully look at the path indicated, look at the
Installation Path in the details, or click the folder icon to open the
container.
If you want Flash OCX updates to be reflected without rebooting, simply
click the folder icon to open it's container (usually
C:\WINDOWS\system32\Macromed\Flash), exit Secunia's tray icon (because
it uses Flash ActiveX) and exit any other program that might use the
Flash OCX, e.g. IE, then delete the old Flash OCX. If you have file
monitoring turned off, you'll have to rescan the file. Otherwise, give
it a minute and magic happens.
There may have been some actual false positives while PSI was still
considered a beta version, but I can't recall any for a long time now.
Bob Sherman (M13) wrote:
> You can tell PSI to ignore (Ignore Rules on the Settings tab) drives, folders, or files, and I do for some stuff (like the UBCD-4-win.) I would have told it to ignore the Power Point Viewer unless I thought that would somehow threaten me. It'll tell me that Windows XP is not updated when I know it is. To recheck that, you have to kick off a huge scan that looks at everything instead of just at the system file that needed updating--and that takes forever.
>
>> David Dows wrote:
>> Many of those apparent false alarms are pointing to an unused copy of a program. Often CD installs copied to a folder on the HD include an old version of acrobat or flash. In one case, someone kept accusing Secunia of a false positive on his system until he realized the file being flagged was on his D: drive. The only problem I have had was with the PowerPoint viewer included with PP, so I just deleted the file. MS Update kept telling me there is nothing to update, even when I manually downloaded the file from the KB.
>>
>>> Bob Sherman wrote:
>>> Secunia PSI is interesting, but gives a lot of false positives. Sometimes it will say that something is not patched when it is patched, and it persists with that false information until some magic happens.
>>>
_______________________________________________
Art Alexion
> Well, that's probably true. Maybe a lot of us haven't used NIS 2009 or
> 2010.
>
> I suppose it might have to do with NIS 2004, 2005, 2006, 2007, and 2008.
>
> I've had to remove most of these earlier versions of NIS from more than
> a dozen computers. It was done to restore computers to a functional
> state. Sometimes the uninstall process alone took nearly an hour. Many
> others I've spoken with have similar experiences. To be fair, I've also
> had to remove McAfee and other "suites" as well when they, like NIS,
> suddenly decided that 99% of CPU 100% of the time was not quite enough
> for them.
>
> OK, new to my company at the time, I am asked to upgrade Symantec 10 to
11. The key is to upgrade the admin console first, then push out the
upgrade to the IT computers to test it out. Of course, other than the
directors and other top management, who don't actually use their computers
(other than printing their coupons of the day emails), the IT computers are
the newest and fastest. SAV 11 was not just a disaster in the way that it
brought the IT desktops to a halt, the worst was trying to remove the
version 11 admin console from the server to reinstall 10.
I was guided by a foreign, robotic support guy as I removed literally over a
hundred registry entries by hand. (Does anybody find it ironic that US
company Symantec's support center is in India, while Russian company
Kaspersky's support center is located in Boston?)
This whole mess, of course, further mangled the already tenuous connection
of the desktops to the admin server, which the following year created havoc
with the automated desktop removal as I pushed the replacement Kaspersky
out.
This may just be a result of commercial success and maturity. Kaspersky 6
was great, MR4 has become much more of a resource hog, not quite Symantec
11, but still a bit of a hog.
Some of my co-workers like Avira. I'm not putting adware on a computer to
fight malware. It's like hiring the Hell's Angels to provide security for
your show.
I find AVG to be better at false positives than blocking real malware.
Lately, for unmanaged computers, I am trying the MS Security Essentials.
Not enough experience to recommend its effectiveness, but it seems to offer
a bit of protection without the obtrusiveness of ads and CPU hogging.
--
artAlexion
sent unsigned from webmail interface
David Dows
characterization of computer usage among directors and top management.
2. What year in history are you recalling? Many of us have had bad
experiences with Symantec in the past. Please note that I limited
my favorable comments to NIS from 2008 on, nothing else from Symantec.
3. This is irrelevant to NIS, the consumer product.
4. How petty and dishonest can you be, calling the FREE version of
AntiVir "adware" and comparing Avira to the Hell's Angels. Antivir
doesn't distribute third party ads, nor do they break laws. The
quid pro quo is that you click OK once a day if you don't want to
buy the product. If you don't want the FREE version, pay for the
Pro version, just as you have for Symantec and Kaspersky. Then you
would be comparing apples to apples.
5. In my earlier reply to Eric, I conceded that I wouldn't use NIS if
I needed their support, but I don't. I agree, their support is
worthless and abhorrent. Thankfully, the product has improved so
much in the past 3 years, I don't know anyone who has needed
support for NIS, other than licensing issues, handled domestically.
6. As the beneficiary of the monopoly on such an insecure OS
platform, the least MS can do is offer MSE for free and they damn
well better not use it for further promotion. Where I find fault
with MSE is that you don't get the automatic updates immediately,
unless you also enable automatic Windows or Microsoft Update. They
shouldn't have linked MSE updates to Windows/Microsoft Update, IMNSHO.
7. What is MR4?
Art Alexion wrote:
> OK, new to my company at the time, I am asked to upgrade Symantec 10 to 11. The key is to upgrade the admin console first, then push out the upgrade to the IT computers to test it out. Of course, other than the directors and other top management, who don't actually use their computers (other than printing their coupons of the day emails), the IT computers are the newest and fastest. SAV 11 was not just a disaster in the way that it brought the IT desktops to a halt, the worst was trying to remove the version 11 admin console from the server to reinstall 10.
>
> I was guided by a foreign, robotic support guy as I removed literally over a hundred registry entries by hand. (Does anybody find it ironic that US company Symantec's support center is in India, while Russian company Kaspersky's support center is located in Boston?)
>
> This whole mess, of course, further mangled the already tenuous connection of the desktops to the admin server, which the following year created havoc with the automated desktop removal as I pushed the replacement Kaspersky out.
>
> This may just be a result of commercial success and maturity. Kaspersky 6 was great, MR4 has become much more of a resource hog, not quite Symantec 11, but still a bit of a hog.
>
> Some of my co-workers like Avira. I'm not putting adware on a computer to fight malware. It's like hiring the Hell's Angels to provide security for your show.
>
> I find AVG to be better at false positives than blocking real malware.
>
> Lately, for unmanaged computers, I am trying the MS Security Essentials. Not enough experience to recommend its effectiveness, but it seems to offer a bit of protection without the obtrusiveness of ads and CPU hogging.
>
Bob Sherman (M13)
Norman AV and didn't feel that either of them were on top of things. At the
time, I felt their response to security exploits was slow.
I worked with a Symantec (not Norton) server based Anti-virus product a lot
of years ago and it just plain sucked. I had nothing but problems with it,
and it demanded a lot of server resources. That's the only product that I
knew was carrying Symantec version numbers. Symantec support was of no help
then either.
NIS 2010 is NIS version 17-dot-sumthin-or-other. With the amount of attack
vectors being exploited at present, it's hard to see how any product that
offers comprehensive and effective protection can fail to hog some
resources. However, the claims of nay-sayers for Norton AV and NIS is that
"90% of system resources" and "80% of system resources" are claimed by those
Symantec products. Outside of the claims, they offer no proof of testing
nor to they spec the systems on which they supposedly see this kind of
performance. I wouldn't go so far as to say they were actually
manufacturing those statistics, but I haven't seen anything close that would
make me believe that those statistics have any basis in fact.
My observation is that on a P4-2.8 GHz (3 GB RAM) WXP system, most of the
time NIS 2010 is using 2% of system resources, does scanning in background
and gives priority to foreground processes. At other times while Norton
usage of system resources could spike to 25% to 50% of system resources, it
is a "spike" and doesn't last long--meaning as fast as I observe it, it goes
away. ...and those spikes are usually associated with arriving email, a
newly downloaded file, or some other event for which I am happy to give up a
smidgen of resources to assure security. It has not interfered with use of
applications on this system.
I have not had any problems installing or running NIS 2009 or NIS 2010 on
roughly 20 systems. I run MBAM and WinPatrol as ancilliary security
programs on most of those systems. NIS 2010 and WinPatrol appear to play
nice. None of those systems has had a security problem or malware problem.
In addition to its other featues, WinPatrol catches DLL installations
attempted by browser visits to web pages, on the fly, and gives the user the
option of refusing the installation (which is what my users do 100% of the
time by my instruction.) Most such attempts are to install DLL's signed by
Microsoft, but I still give them the cold shoulder. WinPatrol also will
offer the option to refuse installation of startups installed by application
installations by offering to disallow the registry entries--this has the
option of better informing me of what application installations are doing to
my system. MBAM is a leg up on scareware and spyware detection and removal,
but on my NIS systems, MBAM has never reported a problem. The two systems
on which I used MBAM to remove scareware (aggregious crap) were running
Avast and AntiVir (admittedly both were sadly out of date.)
The Norton anti-spam has its ups and downs, but it's usually better than 60%
effective at worse and has at times approached 85% effective. I rely on
users to avoid spam through a number of practices that all of you (I hope)
are familiar with. Mostly they do and for those that are successful at
that, the Norton anti-spam appears to be 95% effective or better.
NIS 2010 gets high marks from lots of certification entities and high marks
from testers and reviewers.
I leave automatic updates for everything turned on for my clients because
all of them are of the mind that the installation of security software is a
"set it and forget it" operation. As long as they follow my monthly
instructions, I leave Windows Automatic updating turned off. If they don't,
I turn it on.
I have not needed any support from Symantec except to straighten out some
licensing issues for NIS 2009. No problems at all with NIS 2010. While
Symantec support may suck, I find this to be generally true of most support.
I've received idiotic instructions from all points of the compass in that
regard.
This is all WXP anecdotal notes. I haven't run W7 since the beta.
I have no pony in the race to make Symantec rich.
David Dows
NIS 2010 Memory Usage
http://www.bild.me/bild.php?file=6534052Norton_Tasks_Memory.png"
NIS 2010 CPU Load
http://www.bild.me/bild.php?file=5892756Norton_Tasks_CPU.png
_______________________________________________