Anti Virus Apps and Performance

Please excuse me while I go on yet another pointless rant. But let’s start from the beggining.

My brother was complaining that his rig was getting slow, so I decided to check out his machine. Turns out he was running Windows XP and Norton Internet Security with just 512 MB of RAM. Ouch. While the OS could run on that memory by itself, I do not recommend trying to actually run a “modern” AV suite and also try to run applications on it. And by “modern” I mean recent release of Norton or McAfee which is what he had.

I have a rule about running Windows boxes – the only applications and services allowed to run in the background are the ones I’m actually using all the time, or which must be running. My personal pet-peeve are the preloaders. Adobe got so revoltingly bloated lately that it actually loads some sort of pre-fetching app on startup so it can cut town the time users spend waiting for the the splash screen to show up down to around like 3 hours or so. How many times do a day do people actually use Adobe? Two? Three? Why is that shit running there.

Same goes for Quicklime which insists on having an icon in the task bar, and yet still takes like 4 hours to load the player. I swear, I can watch a movie using VLC or MediaPlayer Classic before Quicktime player actually starts up.

These kinds of apps are the first to go. Usually I prune them out of registry using the brilliant sysinternals app Autoruns. A nice thing about this application is that it lets you suppress registry entries without actually deleting them. So you can un-check bunch stuff you are not sure about, then restart, see if anything broke and re-enable it if needed.

Printers, scanners and other devices also love to install crappy always-on monitoring apps. Unless you need these running all the time, I always recommend switching them off since they tend to be buggy and can literally render your system unstable. For example, if the software captures the button press events on your all-in-one scanner-fax-copier you start it by double clicking the desktop icon before scanning, and then shut it down afterwards. No need for this software to be eating up your resources while you casually browse the web or create yet another tantalizingly awful MySpace layout (or whatever is that you do in your spare time).

In fact, any time that you see something that has an icon in the Autoruns list and is not a core Windows service you should ask yourself: “does this shit need to be running?”, “does it need to be on all the time?” and of course “can I use it as an on demand (turn on when needed) application instead?” In most cases, the answers are no, no and yes.

This brings me back to the main topic of this rant: Antivirus software. Does it need to be running? If you are running a WinXP box as an Admin (and you probably do) then yes. If you are not running as an admin, then maybe. Malicious code often includes privilege escalation exploits so just the fact you are not running as admin does not mean you are safe. If you are always patched up to date, you are behind a good firewall, are careful online and you scan your machine for viruses daily you might be ok without an AV running in the background.

Does it need to be running all the time? For the most part, yes. On-access protection is the only sure way to catch malicious code as it is executing and block it before it manages to 0wn your system, install a rootkit and disable your AV. This is your immediate first line of defense and lets you thwart the infection right at the onset instead of waiting for the nightly scan that may or may not happen.

Of course this protection only works if get hit by a virus that can be recognized via a known signature, or by applying heuristics or recognizing behavioral pattern. So you are still defenseless against brand new threats. So I guess the question here is, do you want to be protected from the known threats or not at all. Some of us may get away running without on-access protection, but I would not recommend doing this to anyone who does not list computer security as one of their areas of interest.

Unfortunately, AV software literally KILLS your performance. When I was disabling statup items on my brother’s machine I purposefully skipped all the services, active processes and registry hacks set by Symantec. He was actually astonished by how much shit NIS installed on his system. How many services does Norton really need? How many processes need to be kept in memory for it to actually do it’s job? What are they trying to do? Slow down your machine so much that the rogue virus process will have to wait 3 hours to actually get some CPU time due to all the Norton processes hugging the resources all the time? It’s fucked up. And I’m not the only person who notices this.

Back in September 06 folks from The PC Spy did a little investigation as to what really slows down your system. Their results:

What Slows You Down?

And it seems to be getting worse. With every new version Norton and McAfee seem to be getting more bloated. First of all, who said that AV software needs eye candy graphics? Why does NIS 07 look completely different from NIS 06? Why did McAfee completely redesign the UI in Security Center 8.0? The 7.0 version had a relatively slim, and very intuitive interface. The 8.0 is a fucking mess. When it rolled out, people actually asked me if they could switch back to the old interface because the application became 10 times slower, and almost impossible to configure because of the convoluted controls.

It makes me wonder where do the resources are going. Maybe if these guys would take the money they spent on designing new interfaces, and instead concentrate on optimizing their code, and minimizing the memory footprint we would not have to deal with these monster apps eating our resources. It doesn’t really matter how these things look. AVG looks like crap but it is a great AV that I frequently install on low end machines. It works, and that’s all that matters.

Recently I installed Kaspersky Internet Security on couple of machines. I do not have a benchmark to back this up, but it actually felt much much leaner and faster than the recent releases of big N and big M. And this was their full blown AV + Software firewall suite.

So having established that most people need a good AV running in the background, and that most AV suites are resource hogs, which one would you recommend? Which one is your favorite, based on effectiveness and performance?

What is your favorite Antivirus?
View Results

Price really doesn’t matter at least to me at the moment. Whether I pay the annual fee of $70 to Norton or $80 to Kaspersky doesn’t really make much difference. I’d rather pay few bucks more to get a decent AV that doesn’t slow down my system if needed. Besides, if I wanted to deploy it at work free is usually not an option due to licensing restrictions. So let me know, which one is running on all of your windows boxes? Which one rocks your world. If I missed a good one, please feel free to add it in the comments.

Or perhaps you are one of those brave people who do not run AV software on their system at all? How is that working out for you?

[tags]antivirus, norton, mcafee, performance, kasperksy, virus, speed, internet security[/tags]

This entry was posted in sysadmin notes and tagged , . Bookmark the permalink.



21 Responses to Anti Virus Apps and Performance

  1. Starhawk UNITED STATES Mozilla Ubuntu Linux says:

    I’m vote number 2 for AVG. lol. I maybe should’ve voted for Avast as it is what i currently use in windows, but truthfully I prefer AVG. I switched to Avast just to check it out and because at the time I had a virus AVG didn’t detect nor did it remove. (An online scan found it ) Actually the only virus i’ve got in the last 4 or 5 years. I seldom use windows but I’m actually considering stopping using Anti virus programs ot at least not running one in the background all the damn time. I don’t need it and i can deal with whatever problems that might possibly cause me.

    And btw price does matter to me so i always go with free if at all possible and AVG and AVst are both very good programs and better than most commercial progs imho ;)

    Reply  |  Quote
  2. Matt` UNITED KINGDOM Mozilla Firefox Windows Terminalist says:

    Occasionally I decide to clear some of the clutter from my startup, then find that most of it is stuff I do want to be running… things like peerguardian or logmein take a little more deliberation over whether they really need to be running, but I end up leaving them on.

    Norton is banished. It brought our older computer to a total standstill. AVG on the same box, and you don’t notice the difference (you might if you were looking for it, and installed/uninstalled a few times to get a proper comparison, or benchmarked it, but it still runs fine)

    and is it just me, or does Quicktime somehow re-enable itself if you turn it off in MSconfig? I swear I have turned that thing off before, but I still see it in my tray. Adobe at least has the common decency to listen when you tell it to go die in a fire.

    Reply  |  Quote
  3. Starhawk UNITED STATES Mozilla Ubuntu Linux says:

    and is it just me, or does Quicktime somehow re-enable itself if you turn it off in MSconfig?

    No Matt` it’s not you, Quicktime does that to me too. Piece of shit program. lol

    AVG on the same box, and you don’t notice the difference

    And yep that’s why i like AVG ;)

    Reply  |  Quote
  4. Luke Maciak UNITED STATES Mozilla Firefox Ubuntu Linux Terminalist says:

    @Matt` – the only sure way to banish Quicktime from systray is to right click on the icon, go into Properties, Advanced and un-check the system tray icon. Why does Apple restore the auto-run settings when you simply remove them from registry is beyond me. In a way this reminds me of the tactics most of viruses and trojans use to avoid deletion.

    Actually, Quicktime Alternative + Media Player Classic > Quicktime. :)

    @Starhawk – I actually paid for AVG at one point. Their non-free suite has a slightly more polished look, and more features but it is still pretty ugly. ;)

    Reply  |  Quote
  5. Miloš UNITED STATES Mozilla Firefox Windows says:

    Kaspersky for the win! lol that was actually my security word this time :)

    Well, so far I’ve used the following AV’s:

    McAfee (loved it before they started including HIPS and other crap); it got to fat!

    Nortons (ALWAYS hated it) – too clunky, slow, has its own way of blocking valid stuff without letting you know it did that – example which stands out in my mind is when dozens of faculty couldn’t send e-mails from their Thunderbird clients – single common denominator: Nortons (it blocked outgoing SMTP protocol cause it felt like it).

    Trend Micro – used it for a year or so on my home desktop (XP) it was light and it worked; one thing I did notice was that it’s DAT file updates were a bit behind others…sometimes by a couple of days.

    Sophos – AV of “choice” at Montclair State – initially it really sucked, memory hog, delayed IDE files (Sophos calls their DAT files IDEs), had trouble finding well knows viruses from a location I placed them in (this was scary). Nowadays, they seem to be a bit better, but I will hold off on my complete evaluation until I test their v.7.x (which includes HIPS)

    Reply  |  Quote
  6. Kiyu UNITED STATES Safari Mac OS says:

    I think that all of the anti-virus suites are bloated and terrible on resources, as your chart points out. However, I don’t really feel that this is entirely due to bad coding, software bloat, etc. Though they are adding more and more features (which seem to be the cause of many problems I have to service these days), I think that to some degree they are necessary. The programs have to run at a lower level than the viruses against which they are supposed to guard; the file checks they are having to run just to open a single file are tremendous. If the algorithms for doing this weren’t highly optimized, running all the checks they do would definitely take significantly longer than the few additional seconds they add.

    Still, the performance cut is really annoying. My solution wasn’t on the poll, so I post it here: No Anti-Virus.

    I run a MacBook Pro with OS X 10.5. I also use Parallels to run all of my windows apps. The windows I have configured in that image is lean and fast, but I am very careful what I do in it. No email, I use IE just to check the websites I’m building. I use Microsoft Access to work on some databases I built ages ago for customers. I have a couple of other windows-only apps which I run in the image. Everything else I do on the Mac side. Email, surfing, chatting, programming – all the stuff which might expose me to something undesirable.

    The “Coherence” mode in Parallels allows my Windows XP apps to float right in the stacking order with my other native Mac apps. Only the window decorations tip me off as to which is which. The performance hit I experience from running a virtualized OS is dramatically less than the hit I take running just about any Anti-Virus app. My MacBook Pro is a Core Duo with 2Gigs of RAM; I allocate only 384 Megs to Windows XP and, amazingly, it sings. Truthfully, I am VERY happy with the performance and stability of my Windows apps – and when I say “happy” I don’t mean in that sort of “happy, given the circumstances” way, I mean “happy” as in I’d be pleased regardless.

    I get all of the benefits of a faster, more stable Windows experience AND a better OS for most of my work, running on some of the fastest hardware I could buy.

    -Kiyu

    Reply  |  Quote
  7. Ian Clifton UNITED STATES Mozilla Firefox Ubuntu Linux says:

    I don’t use one and it’s working out well ;) I usually suggest Avast to people and that’s what I used to use, but it wasn’t recognized by campus when I first used the residential network a couple of years ago, so I was forced into McAfee.

    I often forget the thought of anti-virus these days; I wonder how much that contributes to Linux (and OSX) just working? I never worry about opening “too many” applications or files, because Linux obviously manages things better, but I wonder how much anti-virus programs compound the problem.

    Reply  |  Quote
  8. vacri AUSTRALIA Mozilla Firefox Ubuntu Linux says:

    I run without antivirus at home on XP, and have for years. Have had exactly one problem time, which was my own damn fault for visiting an extremely dodgy site in search of cracks without taking proper measures. Apart from that, never had problems with system slowdowns or money disappearing from my account, so it hasn’t affected my experience.

    But when I have to reinstall someone else’s machine, AVGFree gets put on it. If I’m setting up a new machine for someone, Norton is removed, AVG is put on. I reason with them this way: Norton will affect your system in much the same way as a virus – slow and unresponsive. You don’t want it. You certainly don’t want to pay for it, which is something else that happens when you get virussed :)

    Reply  |  Quote
  9. Teague UNITED STATES Internet Explorer Windows says:

    I use AVGfree, based on recommendations from my “computer guy buddy”, who is in IT at work and has a side business working on computers. FWIW, it seems to work like a charm on mine, and he puts it on all the privately-owned systems he works on.
    I’m going to give Autoruns a look, based on what I read here.

    Reply  |  Quote
  10. mbainter UNITED STATES Mozilla Firefox Linux says:

    I don’t have any desktop windows systems myself – so i definitely use nothing. However, on my wife’s machine I run ClamAV. I made this choice as a compromise between effectiveness, system impact, and cost.

    My second choice for those types of personal well-protected machines would probably be AVG.

    For anything at greater risk, or corporate machines I definitely recommend Kapersky. It’s far faster and more effective than any of the others. (You might want to check out Untangle‘s test results from last year’s linuxworld for more on this.

    Reply  |  Quote
  11. Luke Maciak UNITED STATES Mozilla Firefox Ubuntu Linux Terminalist says:

    @Miloš – hey, I forgot about Sophos. Funny thing is that they don’t even show up on all the major benchmarks and etc… How did we end up using them in the first place? I guess they gave us a good deal or something.

    @Kiyu – I wouldn’t run an AV on a mac either. Btw, I love how it turns out that Windows apps are actually safer an more stable on a virtualized OS running under a Mac. :P

    @vacri – good point. Although I’d still run something like ClamAv which doesn’t do anything untill you tell it to scan the system just in case.

    @Teague – most of the Sysinternals apps are awesome. Mark Russinovich knows more about what makes Windows tick than most of Microsoft engineers. This is why MS bought him and his site few years ago.

    Eh, I remember the good old days when Process Explorer had a “Google this” context menu item. Now all his tools send you to Live Search which is worse than useless. :P

    @mbainter – thanks for the link! I was actually looking for a benchmark like that. Nice!

    Reply  |  Quote
  12. Teague UNITED STATES Internet Explorer Windows says:

    I had something vaguely relevant to say about a non-game computer topic!
    Wheee!

    Reply  |  Quote
  13. Zack UNITED STATES Mozilla Firefox Windows says:

    All I have to say is, I used to use AVG free on all my clients machines that had the mcafee or nis crap on it. But recently BitDefender started offering a FREE version of their antivirus suite. All I could say was SA-WEET! I like it much better than AVG. The updates and scan’s go on in the background (actually in a small window in the bottom right corner) instead of popping up all the time being annoying and BIG! I would suggest everyone that runs AVG Free to give Bit Defender free a try. It runs just as fast, not a system hog, and I think it is better at catching nasty stuff.

    http://www.bitdefender.com/PRODUCT-14-en–BitDefender-8-Free-Edition.ht ml

    Reply  |  Quote
  14. jambarama UNITED STATES Opera Windows Terminalist says:

    I didn’t see any mention of Symantec Corporate. That’s been my AV of choice for sometime now. It doesn’t seem to cripple performance like the consumer grade garbage Norton sells.

    I run as a limited user on my XP desktop, the few programs that need admin privileges can be launched from an admin console I keep lying around. I have AV updates scheduled, and I occasionally check the windows updates that automatically download (but don’t automatically install).

    Virtually nothing starts up automatically (except my virtual desktop manager and slickrun). The machine boots in about a minutes (I’ve timed it) but I rarely reboot. The XP install has been on the machine for 2+ years now, no need for a reformat yet, its still virus free and responsive.

    Reply  |  Quote
  15. Miloš UNITED STATES Internet Explorer Windows says:

    Lowest bid my friend…it came with anti-spam module as well…like I said not what I would have chosen from technical perspective, but who knows how things look on top when you have to consider other factors as well.

    Reply  |  Quote
  16. Luke Maciak UNITED STATES Mozilla Firefox Windows Terminalist says:

    @Zack – I used BitDefender on my Linux box. On day I decided to download bunch of malware from the spam MySpace profiles and see if I can figure out what kind of crap they are pedling. ClamAV found nothing. So I grabbed BitDefender and it detected 2 trojans in the executable.

    When I uploaded it to some of those “scan this file with multiple AV programs” services and no one found more infections than BitDefender. I will need to check out their free endition.

    @jambarama – hmm, good point. I think this is actually what is running on our Windows servers. I don’t see huge performance penalty, but then again these things are pretty powerful so who knows.

    @Miloš – heh.. It’s funny how we are trying to save money on security. In fact, most managers out there realize that you can’t really save that much money on security products. AV, Anti Spyware, firewalls and etc is the stuff that is easiest to get approved in most places. You just say “we need it, this is the best stuff out there, and I believe we should be using the best tools to protect our business, bla bla bla whatever” :P

    Reply  |  Quote
  17. Jake UNITED STATES Mozilla Firefox Ubuntu Linux says:

    Well, on Linux I use ClamAV… if I have it installed. It isn’t installed on my desktop right now. I usually install AVG or Avast on other machines though.

    And about performance, I too hate programs that sit in the memory needlessly. All I keep running are Yakuake (always available terminal), Katapult (launcher), OpenOffice.org preloader (I use it a good amount), and KGet (I download files enough that it seems worth it. Thanks Flashgot!).

    Reply  |  Quote
  18. Teague UNITED STATES Internet Explorer Windows says:

    Well, as is usual with the non-game computer posts, it’s all Geek to me, but I guess I can feel comfortable having AVG with the amount of props it has gotten here. Thanks, all!

    Reply  |  Quote
  19. Luke Maciak UNITED STATES Mozilla Firefox Windows Terminalist says:

    Yeah, AVG seems to be the clear winner. :)

    Reply  |  Quote
  20. ths GERMANY Mozilla Firefox Windows Terminalist says:

    I use Avira’s Antivir, it’s free for personal use, and it got top marks in the recent c’t test (the leading IT magazine in Germany).

    Reply  |  Quote
  21. To my mind, avast has the most user-friendly interface out of all free antivirus programs I know of, and its updates come absolutely silent. Some PC users insist that it has a poor detection rate, but AV comparatives lists avast! over Norton, so there must be a sound reason behind that.
    Since version 4.8 avast! claims to have anti-spyware protection included as well. I personally know a home user who switched from ESET (paid) to avast! (free), and not because NOD’s subscription expired.

    Reply  |  Quote

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>