When does your antiviral start working?

Published on May 12, 2013 By DrJBHL In Personal Computing

You probably don’t need it most days (but, you’ll never know which days). In fact, you might or might not encounter a “drive by” for days or weeks. But, AV-Comparatives (AVC) did an interesting test on AVs (Antivirals). They tested when the AV actually loads. That’s not to say they’re actually protecting you during boot, but AVC didn’t actually test that.

Another caveat: They tested on new machines. That’s not exactly real world testing.

“To test a product's effect on day-to-day computer use, the researchers timed a number of common activities with no antivirus at all, averaging several runs, and then re-tested in the same way with the antivirus running. The tests included: copying files between drives; zipping and unzipping files; installing and uninstalling applications; transcoding music files; launching applications; and downloading files.”

- http://securitywatch.pcmag.com/security-software/311241-speed-up-pc-performance-by-replacing-microsoft-s-built-in-antivirus

They found a big difference in system impact between some AV’s. One didn’t load until eleven minutes after boot initiation.

A philosophical difference: Some AVs would allow the virus to load and then whack it. I can’t agree with that approach. The malware should be whacked ASAP to prevent your having to repair services, etc.

So how much does each AV affect boot time? The sooner it boots, its effect will be felt. That might decrease on subsequent scans, both a good thing and under some circumstances a bad one since files flagged as safe might become infected. Other factors affecting boot time are age of computer, amount of filling of the hard disk, speed of processor, degree of fragmentation and amount of RAM will affect the boot speed as well. So, the AV probably doesn’t determine a heck of a lot when it comes to boot speed. It does affect a great deal with respect to boot safety. So, maintaining a lean, well tended to machine determines a great deal.

Here’s a screen shot of their results:

On this graph, the closer to the left the better.From BitDefender to the left, the AV’s earned the Advanced+ score.

AVC found that about one-third of the products tested affected boot time less than MSE (Microsoft Security Essentials). In fact, You might just boot faster with one of the Advanced+ AVs and without MSE which hasn’t been doing well at all in AVC’s testing.

Source:

http://securitywatch.pcmag.com/security-software/311241-speed-up-pc-performance-by-replacing-microsoft-s-built-in-antivirus

Comments (Page 2)

moshi

on May 13, 2013

Nimbin

reply 15

yuuuuuuuup, just another my dick is bigger than your dick Anti Virus comparison test. If the AV you are using right now works for you, then it is the right product for you. Who gives a flying frack if it takes a few extra microseconds to load or uses a couple of extra megabytes of memory in today's multigigabyte RAM systems. If it works GREAT.

agreed. the really important bit from the original report is this:

They found that all except AVG, Bitdefender, eScan, Kingsoft, Microsoft, and Sophos delayed full protection to some degree.

so while Kingsoft might look a lot worse than Kaspersky or F-Secure on the graphic, it actually protects you while any malware might still be loaded before Kapsersky, no matter how fast it is. at least according to this report.

DrJBHL

on May 13, 2013

They tested when the AV actually loads. That’s not to say they’re actually protecting you during boot, but AVC didn’t actually test that.[/quote][quote who="Nimbin" reply="15" id="3356893"]
yuuuuuuuup, just another my dick is bigger than your dick Anti Virus comparison test. If the AV you are using right now works for you, then it is the right product for you. Who gives a flying frack if it takes a few extra microseconds to load or uses a couple of extra megabytes of memory in today's multigigabyte RAM systems. If it works GREAT.

Again. This is about boot time protection as well as system impact. From the OP:

They tested when the AV actually loads. That’s not to say they’re actually protecting you during boot, but AVC didn’t actually test that.

You haven't discovered America, I'm afraid. I stated that in the OP to make things clear. From their report (note the second paragraph, as well):

I also noted the limitations of the user machines tested. They did a good job of comparing "similar" systems, but there was too much variation. I believe they should have limited their testing to exactly when the AV/AM module loaded. They should have measured the impact from that moment on.

Clearly, I believe people should adopt AVs/AMs which give actual protection from the earliest possible time.

Also, they tended to compare apples and oranges. Suites load slower. They should only measure when the actual protection starts, while measuring system impact from the moment of starting the services and onward.

Their testing therefore, has some problematic areas. Also, "real world" testing is truly impossible because of the differences between machines in the real world: Age, disk saturation, processor speed, fragmentation and RAM are important. I mentioned all that as well.

the_Monk

on May 13, 2013

Hate to sound like a broken record people, but better 'OS-at-boot-time-protection' comes from not running your system as admin. If your system boots and you login to a 'limited' user account you have just done more to protect your system at subsequent 'boot-times' than anything else. Just that tiny little detail will do more to protect your system from threats (as well as yourself) than any of those products listed above....

I am not saying that AV programs are unnecessary, I am just saying I believe the idea that they should be looked to as one's first-line-of-defense is silly and one of these days soon I will write up a step-by-step (as I see it) guide to securing one's system from the inside (ie. credentials, least-privilege, security policies etc.). After securing a system/OS from the inside the AV program (any AV program) becomes more about 'second-opinion' etc. which is about as far as I'm willing to trust any AV program when it comes to the security of my systems.

EDIT:

In an effort to remain somewhat on topic..........hehe

Windows 8 has a nifty little thing called ELAM (Early Launch Anti-Malware) http://msdn.microsoft.com/en-us/library/windows/desktop/hh848061(v=vs.85).aspx I wonder how the test-results would be affected by that...

kona0197

on May 13, 2013

Thank you Jafo. Makes better sense now.

DrJBHL

on May 13, 2013

the_Monk

reply 18

I am just saying I believe the idea that they should be looked to as one's first-line-of-defense is silly and one of these days soon I will write up a step-by-step (as I see it) guide to securing one's system from the inside (ie. credentials, least-privilege, security policies etc.).

Yep...same day as Smedley's skin "Roan".

Welcome Guest! Please take the time to register with us.
There are many great features available to you once you register, including:

Richer content, access to many features that are disabled for guests like commenting on the forums.
Access to a great community, with a massive database of many, many areas of interest.
Access to contests & subscription offers like exclusive emails.
It's simple, and FREE!