Do Virus Scanners Slow Down Your System?

[cleeve]

This article is laughable, where are all the free antivirus (you know, the ones most people run? Oh I forgot, toms is now a big infomercial).

Hmmmmm. AVG offers a completely free option the last time I checked. All of the testing was done with free trials.

Are you suggesting that other alternative, free anti-virus programs use completely different methods of scanning and that performance will magically be commpletely different?

The article isn't laughable, but your comment might be.

 

[tom thumb]

This article is laughable, where are all the free antivirus (you know, the ones most people run? Oh I forgot, toms is now a big infomercial).

+1, In retrospect, this article is completely useless to me. I've never paid for AV software simply because so many were available for free - and still got the job done. I'm also seeing that application load time can double, along with web page loading... this sucks. Maybe MSE isn't this bad.

 

[f-14]

[citation][nom]ddragoonss[/nom]Fip is right, cmon, it's not so easy to get a virus installed in your computer. Only real concern is about pendrive virus, otherwise, it's real hard get a virus actually, so just deactivate autorun and you're done.If you still think a Anti-virus is useful, look to the logs of your anti-virus, how much viruses have you executed? How much of these you wouldn't figured out even without any anti-virus? A computer virus it's not something invisible who will eat your computer's guts, it's just a program, and need to you to execute him at least one time.We aren't in 1996 with blaster or melissa. Tom's is supposed to be a site for tech guys, cmon, you aren't supposed to be a facebook brainless guy who don't know the difference betweek "naked gurls.exe" and "naked gurls.jpg".[/citation]

never got sucked into those even back in 1996. how ever we're gamers.it used to be nocd.exe and game mods, maps and units and bad sector cracks and emulators, private servers. now days it still nocd.exe and no internet cracks, maps, units, mods, private servers.

 

[wildwell]

Awesome test article. Very informative. Thank you Tom's.

 

[thechivalrous]

I loved this article but I think the conclusion is weak. The conclusion here that its an obsolete viewpoint that anti-virus software decreases performance is contradicted by the data. Look at McAfee!

There were no folder browsing /startup /memory tests included. I'd also like to see how the various software addresses network interaction and bogs and disrupts that.

Furthermore increasing delays of 2-7 seconds is a huge delay. Many people pay a good chunk of change for computer performance, to get them their faster, and the fact remains that the anti-virus software for the most part is a huge shot in the foot and functions like the governor chips in race cars, keeping you below where you could be. 2-7 seconds plus the 5 minutes added to startup (a bit of an exaggeration I know) but these delays seem like a lifetime. What good are all the groovy parts if your crippled by the AV software? Myself and many of Tom's fan following care about performance and those precious seconds amount to huge headaches for us. We tweak/hack and overclock to shave off those seconds, so the fact that there is a few seconds here, a few minutes there of impact matters a lot. Let's get some better metrics in there and draw more accurate conclusions.

There is no need to pander to or accept existing AV software scores compared to one another. Daring to dream of something better and demanding more drives innovation. I'd give all these products at best a C-. They're still pretty crippling when it comes to disruption and interference when it comes to performance and productivity.

 

[luke904]

[citation][nom]iam2thecrowe[/nom]before i read the article, my guess is Norton is the slowest and most useless....[/citation]
i was surprised that it was actually the fastest, but an article on maximum pc showed it to be insecure (they managed to install malware without detection)

 

[luke904]

i do nothing but scan like once a month and ive NEVER had a virus in my life

 

[kezix_69]

Avira has been rated as #1 freeware Antivirus for awhile as far as I knew... It would have been a great addition to this article.

 

[soliloquist]

Microsoft security essentials was probably not included because according to their license terms:

"disclose the results of any benchmark tests of the software to any third party without Microsoft’s prior written approval"

http://www.microsoft.com/security_essentials/eula.aspx

 

[ArgleBargle]

I used to work for a marketing company which was good with updating the computers the graphic designers used, but the bookkeeper got the short shrift with the 4 year old laptop (1 Gb RAM, Windows XP SP2).

The computer used Kapersky, and had to connect wirelessly to the Internet. Each and every time it connected to the Internet (I would turn off "automatic updates" but the manager would turn them back on after I left), the computer was useless for 10 minutes while Kapersky hogged most of the system resources to update itself. Updating the computer to 2 Gb helped a lot, and the performance hit was much less noticeable.

 

[Onus]

As a Comcast subscriber, I've installed the free Norton Internet Security suite. I'm careful, and am not worried about viruses, but my wife has gotten infuckted a couple of times so I like to be running mostly the same things she is. For what we run, any performance hit is not significant; we have 4GB and decent processors. If your AV is creating that big a hit, either something is grossly misconfigured, or you've got a bad bottleneck somewhere which could be relieved by a relatively minor upgrade (likely insufficient RAM, as my earlier post suggested).

 

[nebun]

have you heard of AVIRA? next time please include it in the test

 

[awood28211]

[citation][nom]geo_aoe[/nom]Well the biggest slowdown you will experience with antivirus software is when you open a folder full of exe files and explorer tries to show all the icons of the executables. There is a very noticeable slowdown in that case.Also i would have liked a startup benchmark, because the antivirus also slowdowns somewhat the startup process.[/citation]

Try opening a folder full of mpgs... 700mb ones... lunch break!

 

[dkant1n]

Excelent article. Congratz Don and thx for the info

 

[thartist]

Missed 3 really important: MSE, Avira Antivir and Avast. And even worse, the AVs weren't their latest versions. Awful.

 

[rohitbaran]

[citation][nom]iam2thecrowe[/nom]before i read the article, my guess is Norton is the slowest and most useless....[/citation]
No sir. Kaspersky has taken its place since last year. I switched to Norton because of this. Norton was a real resource hog in 2006, but they have improved a lot. Kaspersky on the other hand has gone the other way and become quite resource hungry. Kaspersky IS 2011 vs Norton IS 2011 => Norton anytime.

 

[noblerabbit]

I was hit with a very nasty virus last year, where the virus was leeching my Internet bandwidth FULL, I mean, I had a one day useage spike of over 32GB (with computer on for 6 hours). Few days before this, I noticed like "radio chatter" being emitted from my computer speakers, it was totally uncanny. Paranormal. It was also my fault for not having any resident AV installed, only the periodic Malwarebytes scan for that squeaky clean feeling of 0 items found. I google'd "top antivirus" and came across Viper. This 30 day trial totally fixed my computer. although expired, and a reinstall of windows anyway, I came across another article in a magazine, discussing this marvelous new Panda Cloud based Antivirus. It was love at first install.

 

[Guest]

Amazing how antivirus now runs without much slowdown - who'd have thought that applying 10x the CPU power and 10x the disk speed would make doing the SAME JOB as 10 years ago go faster?

 

[Guest]

I think this article is misleading. I had McAfee bundled with my Dell Inspiron (core i5, 4GB RAM, Windows 7 Home Premium 64-bit) and no matte what I did: surfing the internet, develop in Visual Studio 2010, running a VM with Linux... Every now and then Windows slowed to a halt and then a message box warning about Low Virtual Memory... After uninstalling McAfee, my first and only suspect, the system is working smoothly, and no matter what I do I can't seem to use more than 2 GB of memory (even with SQL Server, MSMQ, VS 2010, and a few other development tools running)... All my problems went away after uninstalling this piece of cr@p.

 

[payne_ksharp]

I am using kaspersky internet security 2010 and the only thing is that in windows XP start up time was annoyingly huge, changing over to win7 its just fine .... BTW thanks very much for this article.

 

[Guest]

Nice article, but it would be nice to include a laptop with 5400 drive as a test machine.
From my experience AV has much significant impact on slower drive. Waiting couple seconds more on a decent machine it not a big deal, but you will see the impact like 10-20 seconds delay on a laptop.
Since laptop is very common and typical users will not upgrade their drive, a test like this on will present a real situation for the majority of the laptop users.

 

[drakefyre]

Didn't see startup times, which I suspect are affected by antivirus software. Other than that, good article, it almost dispels the myth that virus scanners decrease performance noticeably.

 

[wolfram23]

Glad to have Norton!

 

[Astara]

I'm disappointed in the applications that you tested and your knowledge of how virus and malware scanners work. I'm also disappointed that you didn't check the Free product "Windows Security Essentials" -- perhaps you are are dissuaded from testing and comparing 'free' alternatives to those solutions that pay your bills, though I would think some of your advertising revenue comes from MS.

I have NO idea if MS's solution would come in faster or slower, so I'm not suggesting that it was left out because it is better -- just that it is free.

But it disturbs me that you thought a multicore processor might yield better results than a single core processor. It is next to impossible that it would. Why? Nearly all of these are 'on-access scanners (besides background scanning and heuristic scanning that CAN make use of multiple processors), but the biggest slow down comes from the 'on-access' scanning that happens *synchronously* -- meaning that it happens in synchronization with the access -- the scan has to come *first*, THEN it comes back with an "ok/not ok" -- which then allows execution to proceed. Since such scanning is purely sequential, it cannot benefit from multi-threading or multiple cores.

I noticed significant (by my definition of 'significant') performance hits from on-access scanners on my 6-core, 24GB processor. So much so, that I went back, to NOT using an 'on-access' malware scanner at all. I am retaining the background, periodic scanning, as well as the ability for me to 'right-click' on any suspect file, and scan it for *known* problems. But that's the crux of any of these snake-ware scanners -- they can only catch things that are known about. Sure, a few have heuristic scanners that try to detect 'weird' behavior, but those are still in the primitive phase and can easily generate as many false positives as real ones.

All the above said, I've been running on the internet since before there was an internet (i.e. since ~89), and have never caught any malware. But then I don't execute random programs and don't execute 'scripts' from foreign sites (no java script, no java, no flash, etc...). No automation is the *default*. From there, I add sites to my permitted list -- some get added to the 'permanent list' -- sites I need to visit frequently and I trust. But others get temporary visa's by default.

IMO, for *smart*, knowledgeable and careful users who know what is risky and what is not, virus and anti-malware stuff is 'snake-oil'. An exception to that is a good firewall, since Windows, especially has historically been configured to be 'too friendly' and 'too open'.

In fact, my local setup has my windows box on an isolated subnet that goes through a linux-based proxy to get to the internet. Until recently, the linux box was behind another hardware-firewall box, but I've realized that with a correcly configured linux-box (with itself set to drop unknown incoming packets), the extra hardware box is more trouble than it's worth.

Running any monolithic app, is unlikely to be affected by virus SW, but anything that does alot of file accessing, will be hurt proportionally. You'll also see a larger 'hurt' the faster your disks and network is -- since the processing time for the virus scanner is a constant amount of CPU, and with a faster disk, that CPU amount will figure more prominently, same goes for network access - the faster the network access, then the more the cpu usage will show up as delays.

It really depends on peoples usage and what they do -- if they download software and execute it alot, then they probably need scanning SW. But if you only download from trusted sources, or only download video/music/pictures, you don't need it.

Let me repeat that last bit -- if all you do is watch videos/ listen to music and look at pictures, you don't need virus scanning. The dangers are very minimal (if there are bugs in your existing programs, which are rare if you keep up to date). A caveat -- stay away and avoid videos that require you to download a special codec or player to play them. Just delete those videos off your system. They are not worth it.

Also something to steer away from -- stay away from 'free virus scans' -- especially any that need to download something to do the scan (which is most of them). As soon as they download something to do the scanning -- that downloaded software has a high probability of ITSELF being a virus or malware.

Free screen savers? Forget them, unless they come from reputable sources that you trust. Always beware of "free software" or websites bearing 'free gifts' -- they are the perfect example of modern day trojan horses. Look for open-source programs where you can look at the source and compile and run it yourself -- that's the best -- but apart from that -- look for trusted websites that offer the source or are verified by other 'trusted' services. Be careful of sites that claim to be 'certified trusted by 'XXXX'. Are they? Check with XXXX and see.... The claim to be trusted/certified may very well be bogus.

Staying smart and aware is the best defense against these things -- that -- and go for the free option -- Microsoft's Home Security Essentials is VERY good. They collect aberrant behavior from all the computers that allow them to collect information -- and MS runs monthly scans on everyone's computers during updates, so they know what is out there and they know what the threats are and probably have one of the best info-bases on malware. Besides, you CAN't beat the price. I don't have their on-access feature turned on for me, but I do for my parents, and my less computer-literate friends. So consider it before you consider a 'for-pay' "protection-racket" SW package -- since malware protection is best done by those who know the OS. Ideally it should be part of the OS from day one -- and one day, maybe it will be.

-Astara

 

[blubbey]

I'd just like to add that I havn't done formal tests but you can notice the difference between some software. I've installed several free AV's on computers just to test them out (you can't really find a 'best' one, it's mostly opinions). These included Avast, Nod32, F-Secure, AVG & Avira. All on a 10 y/o machine with a massive 1Ghz proc & 512mb mem. All downloaded from CNET.
Order of boot time increase (from showing the desktop to becoming usable, least effect at the top):
Nod32
Avira
Avast
AVG
F-Secure

Time lapse for files to open:
Nod32
Avast
AVG,Avira, F-Secure all about the same

Again, this is not a formal test, this is not thorough, these are just my observations. Please take them with a grain of salt. Last thing though, I personally like Nod and Avast the most, idk why.