Lab testing of various anti-virus / security products

Started by Jeremy Collake, May 29, 2012, 08:40:59 PM

Previous topic - Next topic

Jeremy Collake

In routine testing, I went through several security products. While I do not have any objective measurements to share, I will state what I have always told people, and what we all already knew to be true.

This is testing on a clean system with no other applications installed, without Process Lasso (which can do nothing about this particular problem).

As expected, I found that security software is almost always the largest problem when it comes to PC performance issues. An otherwise clean, fast booting and performing OS, would quickly grind to a halt after having security software installed. Delays on startup, opening an application, file, or network connection are all attributed to security software. Some security software tested caused several second delays when opening applications, caused startup time of the OS to double or triple (or worse), and generally caused a very unpleasant experience. Other software was more selective, only causing delays in cases where it had to do a more thorough scan of the content. Deinstallation of the security software solved the problem. Of course, security software may speed up a *little* in time, if and as it builds a database of what it has already seen on your PC (not all products do that).

The ironic thing is that there are little to no options for 'pre-boot scanning' in most products. Also referred to as 'offline scanning' (not in the network sense), this is the type of scan most likely to detect malware, as most modern malware is able to completely hide itself (stealth / rootkit) when the OS is booted. So, all this scanning, but very little help if you're already infected, or if you encounter malware that has not yet been detected.

The new Cloud based infrastructures that most security products now use are important in detecting malware early, BUT also can cause limited false positives that are difficult to later pin down or quantify. In other words, legitimate vendors may, at times, be negatively impacted by Cloud based security software and never know it. The extent to which this is true is unknown though, and varies substantially between products.

It should be noted that some products were noticeably faster than others. I won't get into the good performing ones vs the bad ones, as I'm not in a position that allows me to 'take sides'.

Do note, as I've recommended in the past, *never* install multiple security products. Indeed, *most* security software these days will uninstall other common security software first. Having more than one security suite installed does not double your protection, but it does double your complications, and more than doubles performance problems.
Software Engineer. Bitsum LLC.

Jeremy Collake

Note that I *strongly* recommend you DO RUN security software. Just be aware that in some cases it may affect your performance, and some products may perform better than others. Of course, NONE guarantee absolute protection. If they did, we'd not have much of a malware problem. The BEST thing you can do is stay away from cracks and pirated software. And I am NOT saying that because I want you to purchase a license of my software. In past jobs as a security researcher, I have analyzed pirated software that installed fine, looked fine, but transparently installed malware onto the PC. Once installed, malware often embeds itself like a rootkit, using stealth mechanisms that make it near impossible to detect or remove while the OS is booted. DO NOT RISK IT, EVER!
Software Engineer. Bitsum LLC.