Two Minute Drill: Five Things to think about regarding Anti-Virus software

Two Minute Drill: Five Things to think about regarding Anti-Virus software

  • Comments 3
  • Likes

Hello AskPerf readers!  My name is Leena Nair, and I am a Support Engineer on the Performance team.  Over the last couple of months, I’ve had some very interesting discussions with customers regarding anti-virus software selection, and I thought it might be interesting to share some pieces of those discussions with you.  Almost anyone that owns, or works on a computer is aware of the dangers posed by malware and the need to install (and maintain) a reliable anti-virus program.  However, as we’ve noted in several posts in the past, the anti-virus software itself has been known to cause issues that impact system performance and reliability.  So, let’s start by taking a look at some things to consider when choosing an Anti-Virus package.

  1. First and foremost, the AV package we choose has to be effective at both identifying and cleaning (or isolating) malware on the system.  If it can’t do either one effectively, then you probably want to be thinking about a different solution
  2. If you are even slightly familiar with the security trends surrounding malware, then you know that virus and malware writers churn out variations on a theme at an astonishing rate.  A good AV solution provides frequent and timely updates to combat these variations. 
  3. In addition, a good AV package is able to recognize the myriad of virus and malware programs that have been released.  In other words, quantity of viruses recognized and the quality of the actions that the AV program is able to take to address these virus issues are equally important.
  4. Standard AV software examines individual files for known virus signatures.  This exact detection method is only as good as the program’s database of known virus definitions.  Thus, as virus variants are released, it becomes important to ensure that your virus definitions are up to date.  Given that, there is another method of virus detection, called heuristic detection, to consider.  Heuristic detection does not rely so much on detecting an exact virus signature to identify malware, but rather the pattern of behavior exhibited by the program.  Thus, malware programs that attempt to modify the registry or system files are detected by what they are trying to do as opposed to trying to match an exact fingerprint in a database.
  5. The impact on system resources is a key consideration.  Remember that your AV software is an application – like Microsoft Outlook, Internet Explorer or Windows Live Messenger.  As with all of these applications, it requires system resources to perform its intended functions.  Actively scanning a system for viruses can impact the overall system performance, as the antivirus engine competes with other applications for system resources.  The degree to which an antivirus program detrimentally affects a system's performance varies depending on the task being performed.  For instance, most of the real time antivirus scan can affect both local and networking operations, can cause high CPU utilization etc.

Even though many of these things seem to be fairly obvious, we often work with customers who are running into issues caused by AV software not performing as expected – causing pool memory depletion, hangs etc.  And that will bring us to the end of this post.  Take care!

- Leena Nair

Share this post :
Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment
  • It is indeed hard for the casual user to pick the right product. So many are also getting tricked into rogue products.

    But Im glad to see that more users seem to be taking the time to at least try and pick the right product that will keep them safe online.

  • Keeps PC clean

    Search-and-destroy is the best scan that I have used to keep my PC clean and working like new. It’s a great scanner that finds all the same bugs that other scans such as Norton can find. What’s even better is that it cost less than many of the other options. I found the antispyware solution from Search-and-destroy at and decided to give it a try. That was one of the best decisions I ever made. I’m very happy with this scanner and would recommend it to anyone that wants to protect and care for their PC so it will last as long as possible.

  • Beyond performance hits due to use of extra resources, you didn't address that many A/V programs change behavior in subtle ways, breaking the semantic guarantees of the Windows API.  For example, keeping file open and locked after the client application has closed all handles.

    Some A/V programs also use inappropriate methods of intercepting data, including kernel patching, which introduce bugs into the OS especially when OS updates are installed and the patch is then applied to different code from that for which it was designed and tested.

    It's not Microsoft's role to review the effectiveness of A/V software, but you certainly could call out certain products and vendors that are known to actually break the system in these ways.