Is this security routine overkill?
 

Here's what I currently do for security (and to try to keep crud from building up in the Registry)

1. Am running Microsoft Security Essentials (have tried the other freewares, and even though I didn't want to like it, MSE gives the least performance hit by far)

2. Every time I uninstall a program (and once a week anyway) I run CC Cleaner to cleanse the Registry and the detritus from programs (temp files, etc.)

3. I run SpyBot Search and Destroy once a week, and also have its TeaTimer function engaged along with passive immunization (I am also using their .hosts file to divert crapware calls)

Even thought my ThinkPad x100e (Windows 7 Home Premium) is speedy for its form factor, I want as little overhead in terms of services, etc., but not at the expense of security.

Is the SpyBot routine overkill? Ever since starting to use MSE, Spybot very seldom finds any spywares.

Any other suggestions?

Install Ubuntu. It will double your speed and reduce security risks to almost zero. It can setup a dual boot for windows if you want.

Thank you, but that really isn't going to be an option here.

Sounds pretty much like my routine. I used to run Spybot, Adaware, and Spyware Blaster regularly, along with CCleaner and NIS 20XX, but after at least two years of finding nothing but cookies I'm down to NIS and CC, along the Linksys router's protections.

This sounds pretty normal and about what I do. I actually add a bi-weekly scan with malwarebytes to the mix and I use web root spy sweeper instead of S&D since I found that it picks up slightly more stuff and the run time overhead seems negligible. No issues in years.

Sounds normal for anyone using IE :p
I find Spybot S&D to be useless when you are already running Malwarbytes & a Top Rated Virus/malware program. CCleaner is a good bi-weekly run.
Of course none of this is matters if your not updating them weekly at a minimum.

Threads like these make me glad I do not waste countless hours trying to find and delete viruses and spyware from windows.

sounds like overkill to me. All I do is daily MSE scans. I also fully re-install Windows every 6 months just to keep things fresh.

As always, the prime source of spyware and visruses is yourself - keep your OS up to date, don't download stuff from weird locations and avoid crappy browsers like IE.

Lemme guess - you use a Mac?

The steps the OP outlined are not "countless hours". With the exception of running CC cleaner, it all happens behind the scenes and scheduled. I spend no more than 5 minutes a month on my AV/spyware software.

No Mac here. Two old Dell laptops running Ubuntu. They run faster than your Core i5s with all that AV/spyware running in the backround.

I'd call it a bit of overkill for a cautious, savvy user. Spybot S&D doesn't work nearly as well as Malwarebytes these days, and I've found TeaTimer to be intrusive. On my desktop machine, I run Norton AV 2010 behind a good hardware firewall/router (Netopia ENT-3386), and every other week or so I run Malwarebytes. I also have a modified HOSTS file to speed up page loading. On my laptop (dual-boot Vista Business / Windows 7 Pro) I run Microsoft Security Essentials.

Oh, I do keep a desktop computer, separated on its own VLAN, that I use to try risky web things or run risky programs, and I sometimes mount other hard drives in it to scan them (e.g., they have a Trojan or virus that prevents them from booting or running normally).

If it's working for you I say stick with it. Teatimer brings my machines down to zero speed and 100% utilization, so that wouldn't work for me.

The spybot on top of the MSE may be a bit overboard for a normal system in non high risk use, but if it's working for you I say stick with it.

I am completely opposed to using any program that requires itself to be continually running in the background for AV / security. I haven't run any in at least 5 years and have never once found anything even remotely suspicious on any Windows PC I run. I do one-off scans every few months as a precaution but I've yet to come across anything to be concerned about.

The number one priority has got to be to stop running IE. With a modern OS (eg: Win7) plus a modern browser such as Firefox, you really have to go out of your way to let any sort of spyware get onto a PC. A few generations back (XP / IE7 / FF2) I'd only recommend this approach for people who were very aware of what they were doing, but these days I think the situation is somewhat different.

The performance drain caused by any of these "active" scanners is still simply too great, even on a relatively high-performance machine, IMHO.

Which is quite different from not having a nice collection of nasty stuff on the hard drive, of course :rolleyes:

But you have a point in the fact that you COULD have a nice collection of nasty malware even with a continuously running AV.

I don't get your point - I certainly don't have a collection of "nasty stuff" on the hard drive. Nor do I see why you view it as "different"?

I've always lived by this system too - until I installed MSE. It runs so smoothly in the background that it is the first app I don't mind running.

I'd feel perfectly safe without it, but I don't mind running something that doesn't bother me.

To me that's like saying you will only put your seatbelt on when you get into an accident, there's no need for it the rest of the time as you have gone years without needing it.

In the case of virus and malware, it's way better to deal with it before it gets to your machine, than it is to try to fix it later. I'm all for prevention instead of cure in this case.

No -to me it is like sitting in my car with no seatbelts on, when it is in the garage :)

I know where malware and spyware comes from, so if I don't drive into it, It won't infect me. I keep up to date on things that need patching.

How do you know, exactly ? Unless you are running a weird operating system where most malware cannot work (say, a customized version of QNX), possibly on customized hardware as well, or unless you never put any media on your machine and never, ever connected it to the Internet, there's no way on Earth you can know your machine is NOT infected.

You can know your machine is not BLATANTLY infected by COMMON malware. Which is a completely different thing than being sure you are not infected at all :)

You would be surprised at how some things out there are nasty, stealthy and quite good at tricking people into infecting themselve.

Agreed, but many have found that pure anti-virus and most commercial internet suite type products are not very good at catching and preventing Trojans, and Trojans (like the fake anti-virus programs) are creating more problems than viruses lately. Almost all the anti-malware products that can catch these seem to provide a major performance hit, as was previously mentioned regarding TeaTimer.

I'm glad MSE looks at both and seems to take little or no toll on performance. But I'm not yet certain how good it is, as I haven't seen it take on a serious Trojan or rootkit infestation. So I continue to recommend MSE with a weekly run of MalwareBytes.

Totally agree. Except that anti-viruses are not a very good seat belt ;)

A good security practice would be to run a less-common operating system (say, Linux, or BSD), possibly with a browser using a no-scripting extension.

Sadly, antiviruses today are less and less effective. A single antivirus will catch, on average, more or less half of the threats you may run into.

I could lecture on this for hours, mind you. It's my job :p

It's a generally difficult thing to say how good antivirus X is, or even how good it is compared to Y.

Let's say that, from what data I have, it is at very least in the league of all the major vendors.

But that's the purpose of scanning on a regular basis. I've made the determination that scanning every month or two and confirming what I already believe to be true (i.e. no malware exists on the PC) is sufficient, compared with the (often drastic) overhead of a continually running AV / anti-malware program.

Believe me - the risk of being infected by malware, on a modern OS kept up to date, with a modern browser kept up to date and on a typical LAN connected behind any half decent router running NAT is tiny. I really do mean it - you'd have to go out of your way to end up with malware on the PC.

To ScottC - interesting point about MSE - I'd looked at it when it first came out and was somewhat sceptical, I may re-visit this though.

You're obviously free to make your own risk assessments, but you seem to be working on some seriously wrong assumptions:

False. Witness the aurora incident:
http://www.symantec.com/connect/blog...-0-day-exploit

Those were all up-to-date pcs, running corporate antiviruses, behind a firewall and NAT.

Some of those were on state-of-the-art corporate networks (e.g., Google).

You are working under severely misguided assumptions. In today's corporate world, zero-day drive-by downloads are common and scary.

This is what I study for a living ;-)

I have a good technical knowledge of the subject, believe me :)

We could debate this all day, but the fact is that for the type of event you mention above, you have virtually the same issue regardless of what security software you are running (or not). And further to that - the risk is kept small by applying general common sense with regards to what links are clicked on, what websites are visited, etc.

On that basis, how are my assumptions misguided? :)

But wouldn't that one mean you'd need to be using IE? The first lesson in security is to never use IE.

Didn't realize this would provoke such a colloquy ;)

I also didn't mention that I don't use IE (but do use FF) because I simply can't imagine why anyone who is serious about not catching crap would ever use such a virus/malware magnet.

You new to this forum? :D

The only thing missing is someone telling you to "buy a Mac" :D

The day is young.

I completely agree on that, if you look back to my posts ;-)

What I take issue with is the other part of your assumption:

The risk is not really small. It is, indeed, quite significant. It may be subjectively acceptable to you, but for sure it would not be for any large organization employing you.

I.E. you would never be allowed anywhere near a network whose security policies I write :)

I agree with the suggestion :-)

However, no, on a general basis there's just as much risk* of running into an IE zero-day, as there is of running into a Mozilla zero-day.

The real lesson is, a machine based on a common operating system used for browsing should never be trusted to the point of saying "I know that this machine has no malware on it". You simply cannot know.

* = I am oversimplifying.

I'm anxiously waiting. That would make my day :-)