Two Minute Drill: Five Things to think about regarding Anti-Virus software

Hello AskPerf readers!  My name is Leena Nair, and I am a Support Engineer on the Performance team.  Over the last couple of months, I’ve had some very interesting discussions with customers regarding anti-virus software selection, and I thought it might be interesting to share some pieces of those discussions with you.  Almost anyone that owns, or works on a computer is aware of the dangers posed by malware and the need to install (and maintain) a reliable anti-virus program.  However, as we’ve noted in several posts in the past, the anti-virus software itself has been known to cause issues that impact system performance and reliability.  So, let’s start by taking a look at some things to consider when choosing an Anti-Virus package.

  1. First and foremost, the AV package we choose has to be effective at both identifying and cleaning (or isolating) malware on the system.  If it can’t do either one effectively, then you probably want to be thinking about a different solution
  2. If you are even slightly familiar with the security trends surrounding malware, then you know that virus and malware writers churn out variations on a theme at an astonishing rate.  A good AV solution provides frequent and timely updates to combat these variations. 
  3. In addition, a good AV package is able to recognize the myriad of virus and malware programs that have been released.  In other words, quantity of viruses recognized and the quality of the actions that the AV program is able to take to address these virus issues are equally important.
  4. Standard AV software examines individual files for known virus signatures.  This exact detection method is only as good as the program’s database of known virus definitions.  Thus, as virus variants are released, it becomes important to ensure that your virus definitions are up to date.  Given that, there is another method of virus detection, called heuristic detection, to consider.  Heuristic detection does not rely so much on detecting an exact virus signature to identify malware, but rather the pattern of behavior exhibited by the program.  Thus, malware programs that attempt to modify the registry or system files are detected by what they are trying to do as opposed to trying to match an exact fingerprint in a database.
  5. The impact on system resources is a key consideration.  Remember that your AV software is an application – like Microsoft Outlook, Internet Explorer or Windows Live Messenger.  As with all of these applications, it requires system resources to perform its intended functions.  Actively scanning a system for viruses can impact the overall system performance, as the antivirus engine competes with other applications for system resources.  The degree to which an antivirus program detrimentally affects a system’s performance varies depending on the task being performed.  For instance, most of the real time antivirus scan can affect both local and networking operations, can cause high CPU utilization etc.

Even though many of these things seem to be fairly obvious, we often work with customers who are running into issues caused by AV software not performing as expected – causing pool memory depletion, hangs etc.  And that will bring us to the end of this post.  Take care!

– Leena Nair

Share this post :