Looking for a faster antivirus
The antivirus is one of the most important software that should be on installed on any computer. I doesn’t matter if you’re using Windows XP, Vista or Linux. “Fences” like the UAC or sudo aren’t that strong because they’ll just ask if you want to allow a program to run in privileged mode, they won’t tell you what that program will do.
For the last 5-6 years, I’ve been a fan of Kaspersky Antivirus and I recommended it to everybody. Many friends replied that it uses to many resources and the PC runs slow, but the trick was to set the scanning to “performance” (low). That meant a faster system, with insignificantly less security due to the excellent algorithm. It also had some optimizations, like scanning only the modified files (not all) before running them.
But since the last revision, I noticed that it started to leave a heavier footprint on my system, especially on the web and mail scanning. It takes 30 seconds to 5-6 minutes to load a youtube video or the LinkedIn page. Even with the web scanning turned off, it still takes significantly more than with the program turned off.
Jeff Atwood, from CodingHorror.com realised this several months ahead and provides performance data from the quoted study:
Percent slower Boot CPU Disk Norton Internet Security 2006 46% 20% 2369% McAfee VirusScan Enterprise 8 7% 20% 2246% Norton Internet Security 2007 45% 8% 1515% Trend Micro PC-cillin AV 2006 2% 0% 1288% ZoneAlarm ISS 16% 0% 992% Norton Antivirus 2002 11% 8% 658% Windows Live OneCare 11% 8% 512% Webroot Spy Sweeper 6% 8% 369% Nod32 v2.5 7% 8% 177% avast! 4.7 Home 4% 8% 115% Windows Defender 5% 8% 54% Panda Antivirus 2007 20% 4% 15% AVG 7.1 Free 15% 0% 19%
As you can clearly see, the performance decrease is significant, especially for all you Norton AV users. But this is not all!
As Jeff points out in a later post, antiviruses are becoming less and less effective. Just look at the detection rate of new viruses, in the study done by Andreas Clementi [av-comparatives.org]. It’s between 3% and 81%, with an average of less that 40%.
Looking at these numbers, the idea of dropping the AV security doesn’t sound that bad. But it is bad! Why? Well, because from what I’ve seen, most infections explode after the solution is available. I myself got infected this year (the only time I know I’ve been infected unintentionally) with a virus +6 months old. And it happened because I did not have an antivirus.
The question regarding performance vs. security in an antivirus still stands. I am seriously thinking of installing a “better” AV. I think I’ll browse the net for reviews and perform some tests on the candidates, but if you know something good, please tell me.
-->
April 6th, 2008 at 18:15
[…] Read the rest of this great post here […]
April 6th, 2008 at 22:46
I think the role of an antivirus on a linux system is mainly to stop the viruses from spreading to other windows operating systems.
On Windows xp 32bit I used NOD32 and on Windows XP 64bit I used avast!. (avast! was among the first antivirus solutions available for Windows 64 bit).
April 7th, 2008 at 1:57
[…] Read the rest of this great post here […]
April 7th, 2008 at 8:14
Hey I face the same problem too! It’s really irritating. When it gets real bad, what I do is just run a computer check up. That usually does the trick in solving all these issues. You might want to give it a try too, i believe its free at http://www.pcaholic.com.
April 7th, 2008 at 8:57
Hi elisavmus. Thanks for the AV tips. I currently set up Nod32 and in the future I’ll test Avast.
Regarding the Linux AVs, I understand what you are saying, i.e. there aren’t many but would be useful to have one if the Linux box is a file server (containing software for Windows).
But the thing is that there are viruses for Linux, as Wikipedia states here, and the number keeps growing, as the OS becomes more popular (it depends strictly on the market share).
Additionally, the rootkit originally appeared in Unix systems, as you can read here.
So you‘re not quite safe, unfortunately.
April 7th, 2008 at 13:55
Hello Tudor,
Elisavmus is right. Viruses on Linux are a non-issue. There is no distro which delivers a realtime scanner, simply because it’s unnecessary. Antiviruses and firewalls on the desktop are IMHO „ducktape” to cover holes. Wouldn’t it be simpler not to have holes in the first place?
I’ll exemplify this by contrasting a default Ubuntu and Windows instalation:
1) no TCP / UDP ports are open in Ubuntu; RPC, DCOM, UPnP are all widely open (Windows „ducktapes” them with a firewall)
2) non-privileged accounts are created during installation in Ubuntu; Windows XP creates privileged accounts; luckly Vista doesn’t do that anymore
3) In Ubuntu, all programs are installed from a central repository, compiled, tested and signed by Ubuntu; Windows users have to install their programs from a lot of (often untrusted) sources.
4) In Ubuntu, the whole system is kept up-to-date; in Windows, only the core system is kept up-to-date.
5) (Biased personal opinion :D) In Ubuntu updates are small and fast; in Windows they are huge, take a lot of time and almost always require a restart.
Anyway, all Linux users all comfortable without an anti-virus, can you say the same about Windows users?
April 7th, 2008 at 14:32
Hey Cristi!
Thanks for the clarification. I agree with most of your comments, but as you said, that’s for XP vs Ubuntu( ~5-6 years between them).
My intent was not to attack Linux or the users, but to point out that there is a threat, even if insignificant at the moment. As the market share for Linux will grow, new threats will appear.
I can also say that up until this February, I had XP installed on my laptop, without AV protection, for +6 months and had no problem. After enabling anonymous sharing, I got infected with Alman.B and this happened only because I had .exe files shared (the virus scans the network for PC with shared folders and infects all available executable files). This was the only time I know I got infected without my intention (I did several other times, but when testing AVs
)
Well, the idea of this post was to show the bad side of anti-virus software (performance and real detection rate for latest viruses) and ultimately find a product that would correspond to my necessities, i.e. for Windows.
April 7th, 2008 at 16:35
so is the uac stupid or wht? why isnt good?
April 7th, 2008 at 21:41
Ive always had good luck with BitDefender on my XP machines. Im trying it on my new lappie with Vista right now.
I agree with the increased resource taking on alot of the products too. But the chart above show AVG doing better than Avast. Ive seen users lately leaving AVG and going to Avast.
April 7th, 2008 at 23:03
i think that Cristi just wanted to bring a new perspective to your text - maybe make it more complete.
April 8th, 2008 at 8:18
@log: thanks for the link! I didn’t know about that product, I only used CCleaner. But my problem was not quite on the entire system, but rather on the “web side”, due to KAV. The real-time scanning for files is still good.
@vista: I did not say that the UAC is stupid. It very good, gives a new layer of protection, but it is not suffice for long term. Its main role is to ask you if you agree to elevate privileges for a program. If let’s say notepad will want privileges, you should know that’s a virus. But if a driver asks for privileges, you won’t be able to tell if the program is clean or not.
@bogdan: that’s how I understood it also, and as I said, I agree with most comments. I just wanted to point out that there is no bullet-proof system and until it really happens to yourself, you won’t take it seriously (I speak from my own experience
) And that I was referring to AVs for Windows 
April 8th, 2008 at 8:26
Doug, thanks for the tips. I think Bitdefender would be the best choice, because I have free license for it (via magazines).
But even if I know it is an excellent AV product, in the past I felt it was slow, and I think it was mainly because of its UI. I found it a little annoying in use.
To speed things a little, I’ll setup Bitdefender on my laptop to see how it behaves there (slower PC). Hope it’s better!
April 9th, 2008 at 8:05
Maybe I was lucky, but I hadn’t any virus/trojan infection in the last 4 years or so.. Nowdays, many trojans or viruses spread using email attachements, and this can be avoided with a bit of discipline (not opening unknown attachements in emails).
The rest of the threats can be avoided with a good firewall which blocks by default all incoming ports (stealth), so I can open only the ports which are necessary (like 80 if a run a public web server etc..), and only using a safer web browser (like Firefox).
With this precautions, I can fell safe to disable some of the antivirus components in order to improve the performance - as dangerous as it might seem, I disable scanning of all read or written files and the scanning of web pages / JS scripts (using only Firefox helps with this), leaving only the scanning of email attachments on.
April 9th, 2008 at 12:08
That’s true! If you’re decently disciplined, you can avoid viruses & trojans without full AV protection.
Regarding the mail threat, I use Yahoo, Hotmail and Gmail and I never had problems. I don’t worry too much about open ports either because I’m behind a NAT (natural firewall).
But I’m curious what antivirus you are using and how you “tweaked” it.
April 9th, 2008 at 16:42
I am using at home the AVG Free Edition - last time I checked it was among the few antiviruses which were both free and officialy compatible with Vista..
About “tweaking” it’s nothing special: I think most if not all antiviruses have some option to disable the file scanning engine and to leave only other components enabled (email scanner, etc.)
April 10th, 2008 at 8:04
Today all respectable antiviruses work well with Vista. I only had problems with ZoneAlarm.
Ok, so no real-time protection at all? (for files). I don’t want to do that
I prefer it on, because I download a lot, but tweaked for performance instead of comprehensive scanning.
April 15th, 2008 at 16:30
Try Microsoft Forefront Client (i you can get access to it). I’m running it on my pc’s and notebooks and it works great. It gets it’s updates through windows update and it’s light enough on the resources.
April 16th, 2008 at 13:26
I think I received it last week. I’ll try it, along the others.
Thanks!
June 26th, 2008 at 3:59
[…] the full story here Der Beitrag wurde am Monday, den 22. October 2007 um 14:43 Uhr veröffentlicht und wurde […]
July 2nd, 2008 at 3:54
Why dont try avast antivirus, is a free antivirus software with real time protection
Download link:
http://wsdcent.com/freeware/download-tag-1-IDS-1964.html
August 16th, 2008 at 17:39
With this free distribution version of the popular AVG Anti-Virus system, you will get a reliable tool for your computer protection against computer viruses.
August 17th, 2008 at 17:55
Metadefender ClamWin SDK provides application developers with an easy way to integrate ClamWin AntiVirus detection engine into their applications to perform real time virus scanning. Metadefender ClamWin SDK uses the native port of Clam AntiVirus (ClamAV), which allows direct calls to libclamav.dll (without using clamd daemon).