Notice that a lot of guys in here don't rate resident AV too highly, and I tend to agree that it causes nearly as many problems as it cures. That said, XP without some form of protection is a mite too vulnerable to attack. Might be worth mentioning a utility I coded for internal use, but then decided to release under the GPL, which you can download from sf.net/projects/softwarepolicy This gives XP (any SP2+ version) protection against the launching of potentially unwanted software from download folders, USB sticks, CD, etc. Unlike Win7's UAE there are no annoying popups, and when installing legit software you can turn-off the protection without rebooting, from a system-tray menu. Still in beta so use at your discretion. Although, has been in-use internally on a good number of computers for several months without any issues. Also works on Vista/7 32-bit provided that UAE is disabled first, and might be found preferable in some circumstances. The latest version should also work on all 64-bit platforms, though this has not been thoroughly tested. Installer MD5:B3A67C2D467F359A1F0589B36B01E6BA SoftwarePolicy.exe MD5:3F094761AEB34DBDE394F8A35941D3E1 Opinions/comments welcome.
one significant problem with trying to run xp users without administrative rights is that windows xp lacks the registry virtualization feature that vista and win7 have. this causes programs that try to write to the HKLM registry subtree to fail. about disabling uac in vista & win7, do keep in mind that only the professional, business, and ultimate versions of the operating system have the ability to turn off uac. the vast majority of computers that are purchased at big box retailers like bestbuy & walmart will come with either the basic or home premium versions of the operating system that do not let you turn off uac.
This doesn't turn your account into a limited user in the way that UAE does, hence it avoids those problems. What it does is to: -Define a set of folders from which programs can be launched. -Allow specified programs to be run with limited priveleges. For example, an executable in 'C:\Progam Files' will run when launched, but one within a 'Downloads' folder in the userprofile will not. Optionally, the launching of software from CD or USB memory can also be blocked, which covers another major source of malware. In many ways this offers better security than UAE, since in most cases it will prevent unwanted programs from launching, rather than just restricting what the malware can do to your computer. Control Panel apps and the like run under the account's standard priveleges, so if you are a local Admin you can adjust settings exactly as before. BTW on Win7 it's not essential to turn of UAE to use this. Leaving it on means you will experience a 'nag' at startup when the policy-applet is loaded, that's all.
Password-protection is already incorporated. This operates at two levels: The user-password can be required, to stop casual software-installation on an unattended computer, or the local Administrator password can be required, to block social-engineering attempts on business computers. As with the Unlock option there is a configurable timeout so you don't have to keep repeating the password ad-nauseam. As for preventing the stopping of processes, my feelings are that if malware has already gained a foothold then basically it's a question of either manually disinfecting, or (better) wiping the disk so you're sure it's clean. Plus, blocking the termination of processes (which might after all be impostors) makes disinfection a lot harder.
yes, reimaging a workstation is extremly effective at getting rid of unwanted malware programs. in enviroments like a public school computer lab with a couple dozen identical computers, running an automated disk clone script is easy and problem free. but in a business enviroment, things are more challenging. each computer in an office cubicle is typically used by just one person and contains a lot of private data, lots of custom software configuration, and lots of custom installed software. to top that off, many small businesses only replace one computer at a time as hardware fails. so if you've got a dozen workstations in the place, then you've got a dozen different motherboards each with it's own unique chipset. as for process termination, there are certain programs like taskmgr.exe and your antivirus suite that should be able to stop any process they want. but a legitimate program launching out of c:\users or c:\documents and settings generally does not need this ability. system cleanup can be really difficult when every application that you launch gets terminated before it can accomplish anything. and the malware programmers these days put a lot of time & effort into making their programs evade detection by virus scanners. so even if you pull the harddrive out of the workstation, install it into another machine and run a virus scan, you might not be able to find all of the malware code.