Please excuse me while I go on yet another pointless rant. But let’s start from the beggining.
My brother was complaining that his rig was getting slow, so I decided to check out his machine. Turns out he was running Windows XP and Norton Internet Security with just 512 MB of RAM. Ouch. While the OS could run on that memory by itself, I do not recommend trying to actually run a “modern” AV suite and also try to run applications on it. And by “modern” I mean recent release of Norton or McAfee which is what he had.
I have a rule about running Windows boxes – the only applications and services allowed to run in the background are the ones I’m actually using all the time, or which must be running. My personal pet-peeve are the preloaders. Adobe got so revoltingly bloated lately that it actually loads some sort of pre-fetching app on startup so it can cut town the time users spend waiting for the the splash screen to show up down to around like 3 hours or so. How many times do a day do people actually use Adobe? Two? Three? Why is that shit running there.
Same goes for Quicklime which insists on having an icon in the task bar, and yet still takes like 4 hours to load the player. I swear, I can watch a movie using VLC or MediaPlayer Classic before Quicktime player actually starts up.
These kinds of apps are the first to go. Usually I prune them out of registry using the brilliant sysinternals app Autoruns. A nice thing about this application is that it lets you suppress registry entries without actually deleting them. So you can un-check bunch stuff you are not sure about, then restart, see if anything broke and re-enable it if needed.
Printers, scanners and other devices also love to install crappy always-on monitoring apps. Unless you need these running all the time, I always recommend switching them off since they tend to be buggy and can literally render your system unstable. For example, if the software captures the button press events on your all-in-one scanner-fax-copier you start it by double clicking the desktop icon before scanning, and then shut it down afterwards. No need for this software to be eating up your resources while you casually browse the web or create yet another tantalizingly awful MySpace layout (or whatever is that you do in your spare time).
In fact, any time that you see something that has an icon in the Autoruns list and is not a core Windows service you should ask yourself: “does this shit need to be running?”, “does it need to be on all the time?” and of course “can I use it as an on demand (turn on when needed) application instead?” In most cases, the answers are no, no and yes.
This brings me back to the main topic of this rant: Antivirus software. Does it need to be running? If you are running a WinXP box as an Admin (and you probably do) then yes. If you are not running as an admin, then maybe. Malicious code often includes privilege escalation exploits so just the fact you are not running as admin does not mean you are safe. If you are always patched up to date, you are behind a good firewall, are careful online and you scan your machine for viruses daily you might be ok without an AV running in the background.
Does it need to be running all the time? For the most part, yes. On-access protection is the only sure way to catch malicious code as it is executing and block it before it manages to 0wn your system, install a rootkit and disable your AV. This is your immediate first line of defense and lets you thwart the infection right at the onset instead of waiting for the nightly scan that may or may not happen.
Of course this protection only works if get hit by a virus that can be recognized via a known signature, or by applying heuristics or recognizing behavioral pattern. So you are still defenseless against brand new threats. So I guess the question here is, do you want to be protected from the known threats or not at all. Some of us may get away running without on-access protection, but I would not recommend doing this to anyone who does not list computer security as one of their areas of interest.
Unfortunately, AV software literally KILLS your performance. When I was disabling statup items on my brother’s machine I purposefully skipped all the services, active processes and registry hacks set by Symantec. He was actually astonished by how much shit NIS installed on his system. How many services does Norton really need? How many processes need to be kept in memory for it to actually do it’s job? What are they trying to do? Slow down your machine so much that the rogue virus process will have to wait 3 hours to actually get some CPU time due to all the Norton processes hugging the resources all the time? It’s fucked up. And I’m not the only person who notices this.
Back in September 06 folks from The PC Spy did a little investigation as to what really slows down your system. Their results:
And it seems to be getting worse. With every new version Norton and McAfee seem to be getting more bloated. First of all, who said that AV software needs eye candy graphics? Why does NIS 07 look completely different from NIS 06? Why did McAfee completely redesign the UI in Security Center 8.0? The 7.0 version had a relatively slim, and very intuitive interface. The 8.0 is a fucking mess. When it rolled out, people actually asked me if they could switch back to the old interface because the application became 10 times slower, and almost impossible to configure because of the convoluted controls.
It makes me wonder where do the resources are going. Maybe if these guys would take the money they spent on designing new interfaces, and instead concentrate on optimizing their code, and minimizing the memory footprint we would not have to deal with these monster apps eating our resources. It doesn’t really matter how these things look. AVG looks like crap but it is a great AV that I frequently install on low end machines. It works, and that’s all that matters.
Recently I installed Kaspersky Internet Security on couple of machines. I do not have a benchmark to back this up, but it actually felt much much leaner and faster than the recent releases of big N and big M. And this was their full blown AV + Software firewall suite.
So having established that most people need a good AV running in the background, and that most AV suites are resource hogs, which one would you recommend? Which one is your favorite, based on effectiveness and performance?
Price really doesn’t matter at least to me at the moment. Whether I pay the annual fee of $70 to Norton or $80 to Kaspersky doesn’t really make much difference. I’d rather pay few bucks more to get a decent AV that doesn’t slow down my system if needed. Besides, if I wanted to deploy it at work free is usually not an option due to licensing restrictions. So let me know, which one is running on all of your windows boxes? Which one rocks your world. If I missed a good one, please feel free to add it in the comments.
Or perhaps you are one of those brave people who do not run AV software on their system at all? How is that working out for you?
[tags]antivirus, norton, mcafee, performance, kasperksy, virus, speed, internet security[/tags]