As a follow on to my prior post about the Process Explorer, here are few other comments and tips about the task of diagnosing / fixing / optimizing PCs that are running slower than they should be. If anyone else has any suggestions in this area, please share them.

One useful tip that I encountered along the way: the -b switch to netstat, e.g. netstat -a -b . This shows (after a long delay) which executable is associated with each socket. (Often the biggest culprit and the biggest fear is that one or more rogue processes have opened up internet connections and are sending all kinds of data between your machine and Romania; being able to associate the connections with the executables is a big step in determining which ones are valid and how to disable them.)

Security suites: From my perspective, the jury is still out on which is more responsible for slowing down the typical computer: spyware/adware/malware, or security-ware. I have been pretty happy with the basic AVG anti-virus package myself, and have not run into any problems in a long time with malware, although I am always connected behind at NAT router, and rely on common sense to not open suspicious email attachments or access many "networking" (social, file-sharing, etc.) websites.

But most of the time when I get asked to help someone clean up their PC, it is running some Security Suite, which creates the problem of determining whether it is causing more harm than good. Right now I have one with the CA Suite, and after fooling with it for an hour or so last night, determined (from the Process Explorer) that it was the single biggest CPU user, and (by disabling it) that it was completely interfering with most web activity to the extent that I couldn't even get Windows Update to operate.

This is one of these "deluxe" firewalls that combines many layers of protection, and is frequently popping up ominous warnings about some process XYZ trying to communicate with UDP port 12345 and asking if I should allow it. I have a hard enough time deciphering those questions, and am somewhat experienced. I really don't know how "normal" people can hope to answer correctly, and my guess is that the end result is that people disable the very services (like Windows Update) that are most useful for dealing with security threats in the first place.

So I'm wondering what the general consensus is on these "deluxe" security suites, and any other suggestions on how to avoid giving back all the time that computers are supposed to by saving us, just trying to keep them running.

Quick opinion (sorry)

I never had any problem regarding Virus/Malware/Spyware/Addware/... in any of my computers, and almost never have installed any antivirus locally, or if installed, it's with the lowest level of security just to check pen drives/CD/DVD's/...
But my e-mails are checked on the server side (Exchange), and we are about to move this check to outside servers.

I entirely agree with your considerations, and will just reinforce it:
Rule #0 Windows Update: Allways turned on in maximum power to not miss any, and receive all asap
Rule #1 Email: Shift-Del to any unknown received e-mail
Rule #2 Websites: Avoid to navigate into any website of the kind you mentioned (social, file-sharing), and particularly key crackers
Rule #3 Download: Even less install download managers from content sites or file sharing

99% of the infected Pc's are caused by human curiosity (that don't kill the cat, but the Pc )

But it's very hard to convince everybody to follow this so, obviously we have antivirus installed in our customers Pc's trying to keep them secure, but at the same time we must not hang their Pc's, to what we follow other basic rules:
1 - Do not mix windows firewall with antivirus firewall, we never use the antivirus firewall (and keep all computers fully updated regarding all software in use)
2 - Adjust antivirus settings to not scan on reading files, but on writting (how to handle this may vary depending on which antivirus you're using)
3 - Special attention to not scan folders related to printer spool (most antivirus already do this by default, but...)
4 - Again updates, antivirus must be updated to both virus lists and particularly the engine. Very often, antivirus hang (wasting high CPU) during a non well succeded update

I've never had any good experiences with the "deluxe security suites". They use too much RAM and CPU, and honestly they are a reactionary type of security. Which means that they generally only tell you about new threats after they detect that you've got one. I've also always had to use some other tool to remove the malware or virus.

I think that security companies are doing the best they can; however, it's an extremely complicated environment. The best approach is for us as informed technology users is to teach our customer's and friend's responsible ways to use the internet.

One thing I've found is helpful here is a combination of Firefox 3 and the plug-ins NoScripts and McAfee SiteAdvisor. Firefox is inherently much more secure than IE7. NoScripts is a plug-in that lets you choose what javascript is executed for every site you vists. This can be somewhat cumbersome, but given that there are now more attacks on browser vulnerabilities than OS vulnerabilites it is a worth while annoyance. Thirdly, the McAfee plug-in makes an educated guess about the safety of a site based mostly on the safety of the sites it links to.

Thanks for the feedback - it pretty much confirms my instincts, but confirmation is always nice. It's an interesting (and valid) comment that the biggest vulnerability (assuming a fully-updated OS) is the browser, and the best place to start there is with the fully updated Firefox. I'm going to experiment with the suggested plug-ins.

As an aside, although the security suite was consuming a lot of RAM and CPU, it turns out the #1 performance problem on this laptop was that somehow the drive had been set into PIO instead of DMA mode. I would have never thought of that if it hadn't come up while browsing bulletin boards on the subject of slow drives. The performance difference for sequential reads and writes was a factor of more than 10x!

If you suspect your drive is too slow, you can check the mode in the Device Manager by selecting the IDE controller, right click on the relevant channel, Properties, Advanced Settings, and look at the Current Transfer Mode. If set to PIO, you might be able to just set it to DMA if Available. If that doesn't work, then you might benefit from this Dell utility, which forces it back into DMA mode:

http://support.dell.com/support/dow...eleaseid=r53986&formatcnt=1&fileid=63977

It worked like magic for me - otherwise I was about the recommend a new disk drive. (Note, the Dell phone techs don't seem to know about this utility - I found it on another BBS.)

BTW, I installed the Site Advisor and NoScript plug-ins and am pretty happy with them so far. (I'm pleased to see that both MicroSabio sites get green ratings, and run fine even without adding them to the NoScript White List.)

I did, however, run into a problem in getting them installed, which is apparently common to Firefox installations that have undergone many updates - the extensions.cache, extensions.ini, and/or extensions.rdf files apparently got corrupted during one of the updates, with the result that you get a 203 error when trying to install a new extension. The recommended solution (of just erasing those three files) solved it nicely though. (The are found in a subdirectory of %APPDATA%\mozilla\firefox\Profiles)