Academic Tour 4.5: Thoughts and Resources »

Looking for a faster antivirus

The antivirus is one of the most important software that should be on installed on any computer. I doesn’t matter if you’re using Windows XP, Vista or Linux. “Fences” like the UAC or sudo aren’t that strong because they’ll just ask if you want to allow a program to run in privileged mode, they won’t tell you what that program will do.

For the last 5-6 years, I’ve been a fan of Kaspersky Antivirus and I recommended it to everybody. Many friends replied that it uses to many resources and the PC runs slow, but the trick was to set the scanning to “performance” (low). That meant a faster system, with insignificantly less security due to the excellent algorithm. It also had some optimizations, like scanning only the modified files (not all) before running them.

But since the last revision, I noticed that it started to leave a heavier footprint on my system, especially on the web and mail scanning. It takes 30 seconds to 5-6 minutes to load a youtube video or the LinkedIn page. Even with the web scanning turned off, it still takes significantly more than with the program turned off.

Jeff Atwood, from CodingHorror.com realised this several months ahead and provides performance data from the quoted study:

Percent slower

Boot CPU Disk

Norton Internet Security 2006 46% 20% 2369%

McAfee VirusScan Enterprise 8 7% 20% 2246%

Norton Internet Security 2007 45% 8% 1515%

Trend Micro PC-cillin AV 2006 2% 0% 1288%

ZoneAlarm ISS 16% 0% 992%

Norton Antivirus 2002 11% 8% 658%

Windows Live OneCare 11% 8% 512%

Webroot Spy Sweeper 6% 8% 369%

Nod32 v2.5 7% 8% 177%

avast! 4.7 Home 4% 8% 115%

Windows Defender 5% 8% 54%

Panda Antivirus 2007 20% 4% 15%

AVG 7.1 Free 15% 0% 19%

As you can clearly see, the performance decrease is significant, especially for all you Norton AV users. But this is not all!

As Jeff points out in a later post, antiviruses are becoming less and less effective. Just look at the detection rate of new viruses, in the study done by Andreas Clementi [av-comparatives.org]. It’s between 3% and 81%, with an average of less that 40%.

Looking at these numbers, the idea of dropping the AV security doesn’t sound that bad. But it is bad! Why? Well, because from what I’ve seen, most infections explode after the solution is available. I myself got infected this year (the only time I know I’ve been infected unintentionally) with a virus +6 months old. And it happened because I did not have an antivirus.

The question regarding performance vs. security in an antivirus still stands. I am seriously thinking of installing a “better” AV. I think I’ll browse the net for reviews and perform some tests on the candidates, but if you know something good, please tell me.

This entry was posted by Tudor Vlad on April 6, 2008 at 16:52, and is filed under Software. Follow any responses to this post through RSS 2.0. You can leave a response or trackback from your own site.

Comments (20)
Pings (2)

#1 written by elisavmus (3 years ago)

I think the role of an antivirus on a linux system is mainly to stop the viruses from spreading to other windows operating systems.
On Windows xp 32bit I used NOD32 and on Windows XP 64bit I used avast!. (avast! was among the first antivirus solutions available for Windows 64 bit).

Reply Quote
#2 written by log (3 years ago)

Hey I face the same problem too! It’s really irritating. When it gets real bad, what I do is just run a computer check up. That usually does the trick in solving all these issues. You might want to give it a try too, i believe its free at http://www.pcaholic.com.

Reply Quote
#3 written by Tudor Vlad (3 years ago)

Hi elisavmus. Thanks for the AV tips. I currently set up Nod32 and in the future I’ll test Avast.
Regarding the Linux AVs, I understand what you are saying, i.e. there aren’t many but would be useful to have one if the Linux box is a file server (containing software for Windows).
But the thing is that there are viruses for Linux, as Wikipedia states here, and the number keeps growing, as the OS becomes more popular (it depends strictly on the market share).
Additionally, the rootkit originally appeared in Unix systems, as you can read here.
So you‘re not quite safe, unfortunately.

Reply Quote
#4 written by Cristian KLEIN (3 years ago)

Hello Tudor,

Elisavmus is right. Viruses on Linux are a non-issue. There is no distro which delivers a realtime scanner, simply because it’s unnecessary. Antiviruses and firewalls on the desktop are IMHO „ducktape” to cover holes. Wouldn’t it be simpler not to have holes in the first place?

I’ll exemplify this by contrasting a default Ubuntu and Windows instalation:
1) no TCP / UDP ports are open in Ubuntu; RPC, DCOM, UPnP are all widely open (Windows „ducktapes” them with a firewall)
2) non-privileged accounts are created during installation in Ubuntu; Windows XP creates privileged accounts; luckly Vista doesn’t do that anymore
3) In Ubuntu, all programs are installed from a central repository, compiled, tested and signed by Ubuntu; Windows users have to install their programs from a lot of (often untrusted) sources.
4) In Ubuntu, the whole system is kept up-to-date; in Windows, only the core system is kept up-to-date.
5) (Biased personal opinion ) In Ubuntu updates are small and fast; in Windows they are huge, take a lot of time and almost always require a restart.

Anyway, all Linux users all comfortable without an anti-virus, can you say the same about Windows users?

Reply Quote
#5 written by Tudor Vlad (3 years ago)

Hey Cristi!

Thanks for the clarification. I agree with most of your comments, but as you said, that’s for XP vs Ubuntu( ~5-6 years between them).

My intent was not to attack Linux or the users, but to point out that there is a threat, even if insignificant at the moment. As the market share for Linux will grow, new threats will appear.

I can also say that up until this February, I had XP installed on my laptop, without AV protection, for +6 months and had no problem. After enabling anonymous sharing, I got infected with Alman.B and this happened only because I had .exe files shared (the virus scans the network for PC with shared folders and infects all available executable files). This was the only time I know I got infected without my intention (I did several other times, but when testing AVs )

Well, the idea of this post was to show the bad side of anti-virus software (performance and real detection rate for latest viruses) and ultimately find a product that would correspond to my necessities, i.e. for Windows.

Reply Quote
#6 written by vista (3 years ago)

so is the uac stupid or wht? why isnt good?

Reply Quote
#7 written by Doug Woodall (3 years ago)

Ive always had good luck with BitDefender on my XP machines. Im trying it on my new lappie with Vista right now.
I agree with the increased resource taking on alot of the products too. But the chart above show AVG doing better than Avast. Ive seen users lately leaving AVG and going to Avast.

Reply Quote
#8 written by bogdan (3 years ago)

i think that Cristi just wanted to bring a new perspective to your text – maybe make it more complete.

Reply Quote
#9 written by Tudor Vlad (3 years ago)

@log: thanks for the link! I didn’t know about that product, I only used CCleaner. But my problem was not quite on the entire system, but rather on the “web side”, due to KAV. The real-time scanning for files is still good.

@vista: I did not say that the UAC is stupid. It very good, gives a new layer of protection, but it is not suffice for long term. Its main role is to ask you if you agree to elevate privileges for a program. If let’s say notepad will want privileges, you should know that’s a virus. But if a driver asks for privileges, you won’t be able to tell if the program is clean or not.

@bogdan: that’s how I understood it also, and as I said, I agree with most comments. I just wanted to point out that there is no bullet-proof system and until it really happens to yourself, you won’t take it seriously (I speak from my own experience ) And that I was referring to AVs for Windows

Reply Quote
#10 written by Tudor Vlad (3 years ago)

Doug, thanks for the tips. I think Bitdefender would be the best choice, because I have free license for it (via magazines).
But even if I know it is an excellent AV product, in the past I felt it was slow, and I think it was mainly because of its UI. I found it a little annoying in use.
To speed things a little, I’ll setup Bitdefender on my laptop to see how it behaves there (slower PC). Hope it’s better!

Reply Quote
#11 written by Tudor Turcu (3 years ago)

Maybe I was lucky, but I hadn’t any virus/trojan infection in the last 4 years or so.. Nowdays, many trojans or viruses spread using email attachements, and this can be avoided with a bit of discipline (not opening unknown attachements in emails).

The rest of the threats can be avoided with a good firewall which blocks by default all incoming ports (stealth), so I can open only the ports which are necessary (like 80 if a run a public web server etc..), and only using a safer web browser (like Firefox).

With this precautions, I can fell safe to disable some of the antivirus components in order to improve the performance – as dangerous as it might seem, I disable scanning of all read or written files and the scanning of web pages / JS scripts (using only Firefox helps with this), leaving only the scanning of email attachments on.

Reply Quote
#12 written by Tudor Vlad (3 years ago)

That’s true! If you’re decently disciplined, you can avoid viruses & trojans without full AV protection.

Regarding the mail threat, I use Yahoo, Hotmail and Gmail and I never had problems. I don’t worry too much about open ports either because I’m behind a NAT (natural firewall).

But I’m curious what antivirus you are using and how you “tweaked” it.

Reply Quote
#13 written by Tudor Turcu (3 years ago)

I am using at home the AVG Free Edition – last time I checked it was among the few antiviruses which were both free and officialy compatible with Vista..
About “tweaking” it’s nothing special: I think most if not all antiviruses have some option to disable the file scanning engine and to leave only other components enabled (email scanner, etc.)

Reply Quote
#14 written by Tudor Vlad (3 years ago)

Today all respectable antiviruses work well with Vista. I only had problems with ZoneAlarm.
Ok, so no real-time protection at all? (for files). I don’t want to do that
I prefer it on, because I download a lot, but tweaked for performance instead of comprehensive scanning.

Reply Quote
#15 written by Cosu (3 years ago)

Try Microsoft Forefront Client (i you can get access to it). I’m running it on my pc’s and notebooks and it works great. It gets it’s updates through windows update and it’s light enough on the resources.

Reply Quote
#16 written by Tudor Vlad (3 years ago)

I think I received it last week. I’ll try it, along the others.
Thanks!

Reply Quote
#17 written by tom (3 years ago)

[…] the full story here Der Beitrag wurde am Monday, den 22. October 2007 um 14:43 Uhr veröffentlicht und wurde […]

Reply Quote
#18 written by wsdcent (3 years ago)

Why dont try avast antivirus, is a free antivirus software with real time protection
Download link:
http://wsdcent.com/freeware/download-tag-1-IDS-1964.html

Reply Quote
#19 written by AVG AntiVirus Free 8.0.138a1332.exe (3 years ago)

With this free distribution version of the popular AVG Anti-Virus system, you will get a reliable tool for your computer protection against computer viruses.

Reply Quote
#20 written by shahadin (3 years ago)

Metadefender ClamWin SDK provides application developers with an easy way to integrate ClamWin AntiVirus detection engine into their applications to perform real time virus scanning. Metadefender ClamWin SDK uses the native port of Clam AntiVirus (ClamAV), which allows direct calls to libclamav.dll (without using clamd daemon).

Reply Quote
Type your comment

You may use these HTML tags: <a> <abbr> <acronym> <b> <blockquote> <cite> <code> <del> <em> <i> <q> <strike> <strong>
Comment Feed for this Post

	Percent slower
	Boot	CPU	Disk
Norton Internet Security 2006	46%	20%	2369%
McAfee VirusScan Enterprise 8	7%	20%	2246%
Norton Internet Security 2007	45%	8%	1515%
Trend Micro PC-cillin AV 2006	2%	0%	1288%
ZoneAlarm ISS	16%	0%	992%
Norton Antivirus 2002	11%	8%	658%
Windows Live OneCare	11%	8%	512%
Webroot Spy Sweeper	6%	8%	369%
Nod32 v2.5	7%	8%	177%
avast! 4.7 Home	4%	8%	115%
Windows Defender	5%	8%	54%
Panda Antivirus 2007	20%	4%	15%
AVG 7.1 Free	15%	0%	19%

Looking for a faster antivirus

Archives

Tags