What are the lightest-weight antispyware and antivirus programs?
February 16, 2008 2:29 PM   Subscribe

What is a good lightweight anti-spyware/anti-virus application that wouldn't slow down an already old, slow computer, and would act as an extra layer on top of good behavior and careful Firefox usage?

My step-sister had an old laptop (celeron 1.2ghz, 256mb ram) that she put in storage some months ago because she got tired of how slow it became over time, likely due to spyware and general clutter. We found it and now I've reformatted it, but before I give it to her I want to try and make sure she doesn't slow it down again.

In my household, all of my computers are set up to always use Firefox (no IE here!), and I use a modified HOSTS file to try and block malicious websites at the lowest level possible (google "hosts file" for more info). However, for maximum performance, and because I don't generally need it, I don't use any anti-spyware or anti-virus software, so I'm out of date on the latest and greatest.

I'm going to make sure she does the same now (she used to use IE, eww!). So I know that the likelihood of spyware is low, but I still feel like there should be one more piece of automatic protection there, since I won't be able to keep track of what sort of spyware-infested things she might get into. Is there a good free anti-spyware/anti-virus software out there that wouldn't bog the system down noticeably, yet would provide that extra little bit of protection just in case? It doesn't need to be terribly reliable, but I'm talking about something that would hopefully stop her from (for instance) opening a bad attachment from a stranger, or stumbling upon a website that isn't covered by the hosts file and asks her to download a spyware-infested installer.

Oh, and even though I posed those examples that require real-time protection, feel free to help me out with a suggestion that requires manual running; I would certainly consider it!

posted by Ricket to Computers & Internet (16 answers total) 10 users marked this as a favorite
NoScript and Adblock Plus for Firefox should completely stop most browser-based attacks, except for exe/bat downloads and so on. For that, it's good to have file extensions always visible in explorer.exe.
posted by aye at 2:38 PM on February 16, 2008

Lightweight & reliable: Spybot Search & Destroy (+ Spywareblaster)
Install & Forget: Microsoft Windows Defender
posted by Foci for Analysis at 2:41 PM on February 16, 2008

Until about 6 months ago, I ran a 900mhz celeron laptop with XP. I used AVG free antivirus on it. You might also want to look into the noscript add-on for firefox. The best way to make that thing run faster is to get it's memory up to 512mb (assuming it's running XP). Mine ran much better after I did that. I also used spybot search&destroy and ad-aware for spyware scanning. I used the free zone-alarm firewall, but that might not be good for a less than expert user. You'll have to decide if these slow you down too much, but I found them acceptable. The most annoying thing was just the boot and shutdown times.
posted by DarkForest at 2:47 PM on February 16, 2008

Best answer: In my experience, Windows Defender causes more problems than it fixes; for instance, I've seen it slow machines down about the same amount as some of the more annoying adware. I have seen Windows boxes with both Norton Antivirus and Windows Defender installed, starting and running so slowly as to be pretty much unusable. Uninstalling both of these pieces of bloatware, and replacing them with Spybot Search & Destroy (used periodically when spyware presence is suspected) and AVG Antivirus 7.5 Free makes such boxes responsive and useful again.

There is really no need to have an always-on spyware detector if (a) Internet Explorer is not the default browser and (b) Windows is set up with separate admin and user accounts and the admin account is only used for occasional administrative tasks like installing software or doing defrags or full virus scans (rationale and help here).

The current version of Spybot Search & Destroy does a perfectly adequate job of cleaning up most spyware and adware. Its "immunization" feature will also set up that custom Hosts file for you, as well as blacklisting the same sites inside your browsers (supports both IE and Firefox). Make sure it's actually the genuine Spybot Search & Destroy that you download and install - there are loads of malicious packages with "Spybot" cunningly worked into their names to make you think you're getting something you're not. The real SS&D is freeware and does not require you to pay any kind of fee to remove the malware it detects.

If you go with Firefox (and it's a fine choice), install the NoScript and Adblock Plus extensions that aye recommended, as well as IE View, then go to Add/Remove Programs->Add/Remove Windows Components and uncheck Internet Explorer. This will remove all the obvious ways to start IE.

Customize the Firefox toolbar to add the IE View button to it, and explain to your stepsister that this button is to be used as a last resort if she can't find any other way to make the site she wants render properly in Firefox.

To cover the bad attachments from strangers thing, sign her up with a Gmail account, use the Gmail settings page to register all her existing mail accounts inside the Gmail one, and make Gmail pull mails from them via POP3 if you can't set up auto-forwarding to Gmail from the other end. Then, install Thunderbird on her computer, and hook the Gmail account into it via IMAP. I am extremely impressed with the effectiveness of Gmail's spam filtering, to the extent of making myself look like a Google shill on MeTa about it.
posted by flabdablet at 3:23 PM on February 16, 2008 [4 favorites]

Oh, yeah: 256MB RAM is not really enough for Windows XP SP2 with current updates - it will hammer the hard disk fairly hard every time you launch anything. 512MB is much, much better.
posted by flabdablet at 3:24 PM on February 16, 2008

Also, on Zone Alarm: I used to install this on customer machines as a matter of course, until I repeatedly found customers who had inadvertently used it to break Windows Updates and/or printing. It's also big, slow, and tricky to uninstall completely (hint: you need to edit the properties of the Uninstall Zone Alarm shortcut in the Start menu, and add " /CLEAN" to the end of the command line).

Over time, I've found that the inbuilt firewall in XP SP2 is quite adequate, and because it doesn't do per-application outbound-connection blocking, unobtrusive.

Speaking of unobtrusiveness: if you're running separate admin and limited user accounts, and the user accounts are what's used for all the day-to-day stuff, you're better off with Spybot Search & Destroy's "Tea Timer" registry protection component turned off.
posted by flabdablet at 3:31 PM on February 16, 2008

Response by poster: Thank you for the long, detailed suggestions!

I did install Adblock Plus, but I think NoScript is a bad choice because it disables functionality of many websites.

Thanks for the suggestion about running as a limited user. I didn't think of it, but it sounds like a great idea to me. She should not be installing any new programs in her normal use of this computer (she's going to be using it casually for banking, iTunes, email, browsing... not much else) so I will set it up according to the 'nonadmin' website you linked me to and then give her a heads-up in case she wants to install anything in the future.

I will also take your advice on Spybot Search & Destroy - it sounds like you've had a lot of good experience with it, and I think she would feel safer with a program to run, even if only for the placebo effect. I'll disable the "Tea Timer" feature as suggested.

I will also suggest to her getting another 256mb of RAM, but I don't think she plans on spending money on this computer.

If anyone else finds this and has anything more to suggest, feel free to post and I'll read the responses, but I think this computer will be ready for her use now. Special thanks to flabdablet for the huge quantity of advice!
posted by Ricket at 5:08 PM on February 16, 2008

I asked a similar question a while back and the good folks at AskMe pointed me to AVG Free, which I run on two old laptops and like very much.
posted by wheat at 5:42 PM on February 16, 2008

avg + firefox + no script + separate user accounts FTW!
posted by Davaal at 6:24 PM on February 16, 2008

NoScript doesn't disable any useful functionality at all, as far as I know, once the sites you're using are in its whitelist. It's also very easy to add the current site to the whitelist (right-click on the NoScript toolbar button and select "Allow [sitename]". Your stepsister would need to be educated to do that, instead of downloading Flash again every time some random site says she needs to, but whose time would you rather use up - hers doing that a few times for her favorite sites, or yours fixing her machine up again?
posted by flabdablet at 10:03 PM on February 16, 2008

And, on a re-read, if she's going to be doing internet banking on this box, NoScript may well save her from being phished.
posted by flabdablet at 10:05 PM on February 16, 2008

Finally, for your amusement: I recently did a from-the-ground-up Windows install for a customer, while the customer watched me do it for the several hours it took and we chatted about what I was doing and why. The box ended up as I recommended above: XP SP2, one Admin account and three limited user accounts, Firefox as the default browser and IE access only via IE View, Adblock Plus (with subscriptions to EasyList and both its optional companions), NoScript, Spybot Search & Destroy and AVG.

A week later, he was complaining that AVG wasn't working. I asked him how he knew that, and he said "because when I run a scan it never finds anything!"

He had become so accustomed to needing to clean crap off his computer that it had never even crossed his mind that there might truly be no crap there to remove :-)
posted by flabdablet at 10:13 PM on February 16, 2008

AVG is slow. My boyfriend and I use Avira Antivir, and it works good so far.
posted by divabat at 1:06 AM on February 17, 2008

Avira Antivir is indeed quick and lightweight, but its false-positive rate is annoyingly higher than AVG's (or was, last time I checked), updates are not released as often (Grisoft releases one or two AVG updates per day) and the update files are bigger than AVG's and hence slower to download.

A full AVG scan is indeed fairly slow by default, but this is largely because AVG deliberately runs it as a low priority process and sleeps for a configurable time (50ms default) between each file scanned. This means that given a reasonable amount of RAM, you can be running a full AVG scan and still have a fairly responsive computer.

If you just want AVG to scan as fast as possible, you can tell it to run at normal priority and not sleep between files.

Another free AV worth looking at is Avast! which a lot of people prefer to AVG. I prefer recommending AVG to my own customers because its update policy is less trouble than Avast! which requires manually reacquiring a licence key (free of charge) every couple of years; by the time people need to do that, they've often forgotten how it's done.

AVG Free used to be a bastard of a thing to get hold of, with download keys and email confirmations and god knows what. Smartest thing Grisoft ever did was get rid of all that fluff. I don't understand why Alwil (which makes Avast!) still requires its customers to jump through hoops to use its free offering.

To round out the recommendation pack, NOD32 is still the one to go for if you actually want to spend money on antvirus. Reasonably priced, small, fast and reliable. In a rational marketplace, it would have wiped Norton and McAfee out years ago.
posted by flabdablet at 2:48 AM on February 17, 2008

> since I won't be able to keep track of what sort of spyware-infested things she might get into.

I just built an XP machine for my son, who lives in another town. I wouldn't offer to do this for anyone I didn't love dearly but for him and a couple of other non-geeks on my I-love-you-dearly list I check in remotely from time to time and just have a look for anything that needs attention, and am available if they call for help on any specific occasion.

For doing this, the simplest and most robust remote access method I've tried is a Hamachi VPN between my box and theirs. It really is zero-configuration, though there are some things you can tweak if you want to. It connects fine between my PC (behind a NAT router, behind a DSL modem) and my son's (behind a NAT router, behind a cable modem.)

If I have booted XP I can see the other PC using remote desktop. (If I'm on the linux side ultraVNC does the same job, but the ultraVNC server that has to be running on the remote end would be just another drain on your sister's older PC, and if you're both running XP you won't need it.) Access by telnet works also and is very fast compared to any GUI, if you're comfortable with working from a command line.

Hamachi has been bought by LogMeIn but there's still a free version that supports VPN networks of up to 16 computers. I set hamachi to run as a service on my son's PC so he won't have to remember to start it up. The free version has the "run as a service" button disabled but ServiceEX does the same thing almost as easily as clicking a button.
posted by jfuller at 9:40 AM on February 17, 2008

P.S. if anyone was wondering--no, hamachi doesn't require opening any ports, on either end.
posted by jfuller at 9:42 AM on February 17, 2008

« Older Which (Verizon) Mobile Phone to Choose?   |   How to ask someone out? No, literally, how the... Newer »
This thread is closed to new comments.