Subscribe to Posts
Subscribe by EmailMalware sucks, Anti-Malware sucks nearly as bad.
Posted by Nicholas Brookins on 12 August, 2008
As for what it sucks, that would be system performance. It had been a long time since I’ve used Anti-Virus software on my Windows system, I hadn’t realized how bad the performance issue had gotten until I saw the benchmarks. I’d had more trouble with the Anti-Virus software itself than it could have possibly saved me, since well, it never found anything.
Part of the problem is that for quite a while now Spyware has been much more of a problem than conventional viruses, but the big boys like Norton and MacAfee have been slow to adjust and pick this up. Things are starting to change in that regard, but that leaves the issue of speed.
As Jeff Atwood dramatically pointed out in Choosing Anti Anti-Virus Software, AV is one of the most drastic speed reductions you possibly perform on your system. If it were only CPU utilization then I really wouldn’t worry - I sprang for a quad-core and rarely get too much over 50% unless I have a lot of VM action going on - but unfortunately most of the hit is with Disk performance and I/O latency. This means my full build goes from 4 minutes to about 12 minutes. Ouch.
Now I’m quite aware that I’m not the typical end-user in this arena, so I’m certainly not advocating that everyone dumps their trusty AV / Anti-Spyware. Unless it’s Norton - I hate to disparage, but wow that’s some awful stuff. If you are one of us careful downloaders though and speed is of the essence, then I do have a recommendation.
1. Install one of the free or inexpensive AV solutions.
Lifehacker has a good list to start with. I’ve been using Avira for a while with good results, many people like AVG as well. Of course this post is targeted towards Windows - ClamAV is the only choice for Linux.
2. Ok, now disable it.
Keep the updates scheduled, but turn off real-time protection. Now you have a super easy way to spot check files that may be under suspicion. Right-click any file you aren’t sure of, and choose “Scan for viruses” before trusting it. You can also schedule a full scan to run at night a couple times a week - SETI will barely notice your decreased contribution. There are free online scans, but I’ve found them to be cumbersome and slow for spot checking individual files - which means you’ll end up not using it reliably.
Some AV apps allow filters on real-time protection - if that’s the case, make sure you have a folder only for downloads and set your browser to use it automatically. Then add your temp folders and download folder to be scanned in real-time. The temp folder is important so that opened email attachments and the like get scanned.
I don’t personally worry as much about spyware, a high percentage of infections are caused by careless clicking or browsers that aren’t up to date. If you don’t trust yourself in that regard, or your system is shared with others, then you may want to consider something there. I also have the luxury of firewall and e-mail malware scanning at the server-level, while not perfect it is an extra layer. Jeff also mentions using a Virtual Machine for sand-boxing untrusted apps. I’ve thought of doing all my development in a VM, more on that to follow, but for now it isn’t feasible. In the meantime this works well for scanning all those little utilities or driver updates or test apps that you shouldn’t implicitly trust.
This isn’t exactly a ground-breaking revelation, but the bottom-line is if speed is a major factor, particularly for disk I/O, then this can make an enormous, noticeable difference - if you have the discipline to remember to scan potentially dangerous files. You could have three 15k SAS drives in a crazy-fast RAID 0 and get worse performance than a single run-of-the-mill SATA drive at 5,400 RPM - just by installing a speed-sucking Anti-Malware package.
April 23rd, 2009 a.t 4:15 pm
:O So mush Info :O ? THis Is he MOst AMAzing SIte DUDe?
August 22nd, 2009 a.t 6:51 pm
You have provided a lot of professional ideas about web hosting and specific comparison of linux web hosting plans.
August 22nd, 2009 a.t 8:13 pm
The points in your blog are quite similar to most people?s as I know, they are nice.
August 24th, 2009 a.t 5:52 pm
You are really clever!
March 12th, 2010 a.t 3:18 am
Good evening! How is it going today? It’s only that i dig your site so much, and that i believe you can start getting alot of money with it. I run a couple of winning blogs that i started making some money from lately. They are using a thing called a content hider widget, that makes visitors fill out a quiz inorder to get access to highly valued content or to download files that they want. And every time they do a easy survey i earn around a dollar. Pretty awsome eh? Been making lots more from this than google adsense! Feel free to email me, or you can check it out through my refferal link. http://tinyurl.com/yevwfst, Kind Regards, Henrik U. Hansen