You may not have noticed it. I have lots of mapped network drives
with drive letters assigned to most of the alphabet. Installing Ghost
(and I believe, some other Norton products) disables some of the
networked drives.
It does so by changing reg key:
HKLM\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters\IRPStackSize
to some number (15?) that chokes the network stack. You may not
notice if you don't have the alphabet soup of drive letters. I'm not
sure why they would do that, but you can get quite a few google hits
on the subject. A small sample:
http://tinyurl.com/cy8a5
I've also seen Ghost9 *not* change that key (on a laptop install w
minimal mapped net drives) so I'm not sure what their logic is.
I'm concerned about runtime also. I've grown tired of machine stalls
and crashes, just to find that it was my antivirus software running in
the background. I had Norton AV on a laptop and it did seem to slow
down unpredictably. McAfee's site used to look like Times Square, and
merited its own popup blocker, but I see they've cleaned it up now (or
my popup blockers have). I'm still left with the impression that
they're one of the more obtrusive programs.
It does seem early to load this, but I've heard that it has caught
stuff that got by McAfee and Norton. Of course they may have been
false triggers.
Understood, but I've heard that some of the AV programs are
incorporating AntiSpy as well. It would make sense, as the lines are
somewhat blurred these days. Spyware can knock a machine out as
effectively as a virus, and the infection techniques are often more
insidious. After so many years of growing problems, you'd think that
the legal system would be going after virus/spy writers aggressively.
The links are appreciated. (I've trimmed the following, so anyone
reading via google, refer to Shenan's original post for complete
links).
Have you tested these, or are they provided as reference? Your
comment "Untested by me" after one of them would seem to imply that
you've tested a bunch . I haven't tried too many AVs, so I don't know
how they compare. I'd love to hear capsule comments on these:
I have run many of the 'antiMalware' mentioned above at one time or
another. CWShredder failed to shred CW encountered on one machine.
I don't trust anything that's not highly recommended cause, as you
know, there are many spyware programs masquerading as antispyware.
Hijack This! is a great program, but it's indirectly responsible for
hundreds of false google hits due to people posting long lists of
their BHOs. I recently found a site that auto-analyzes Hijack This
output. That would have been a nice feature in the original program.
(If anyone is interested, I'll try to find that link)
Thanks for the comprehensive list, Shenan! I presume that all are
known safe, so I'll look into them.
A couple possibly useful additions: I normally keep close track of
anything installing into registry 'run' keys. Lately I've been using
Winpatrol to do this, and for monitoring running services, etc.
See
http://www.winpatrol.com.
And for the hard-core who want to view running processes: Process
Explorer (ProcExp.exe) from
http://www.sysinternals.com. I've often
spotted CPU-hogging runaway processes with ProcExp. Usually innocuous
stuff (or antispyware making its rounds <g>), but it's nice to know
what's currently running.
