Bummed-out users give anti-virus bloatware the boot One in four users turned off their anti-virus protection in response to performance problems after they installed security software, according to a survey by security software firm Avira. The poll of users of the German anti-virus outfit, which like AVG and Avast offers free security software to consumers, also found that more …
Run windows in a VM. Never use it for browsing. Why bother using AV?
It's a standard risk assessment. Probability x Consequences. If you don't have kids, don't use Microsoft, don't surf dodgy sites, distrust all attachments, ensure you've regular backups, have the skill to deal with the consequences and have fallbacks... the risk is low enough to consider acceptable.
All depends upon your numptie quotient.
Judging from a current radio advert seems that at least one other developer (Trend Titanium?) has done the same research.
Being able to turn it off would be nice but fairly sure you can't with McAffee or AVG. Being able to completely uninstall it without leaving bits behind would be even better
I always found it highly amusing that McAfee, Symantec and AVG (maybe others) have had to write an application specifically designed to remove their products from your system, although half the time even these don't do the job properly.
Surely instead of admitting failure by writing these it would be better to have an uninstallation process that works?
(Yes I realise that there are probably other reasons for these apps to exist, but still...)
Sometimes it's not the anti-virus that is to be blamed. Earlier this year my brother complained that his Lenovo laptop, which has been working perfectly well, was unusable on his wifi network.
Sure enough, I tried it, and cabled LAN was fine, but as soon as wifi was started up, it connected to the LAN, but the machine just bogged down. AVG antivirus was taking all the CPU. Removed AVG, the machine worked fine on the wifi. Tried AVAST, same thing happened, wifi caused the machine to bog down.
So I decided to have a look at exactly what the antivirus was doing using some of the sysinternals (now microsoft) process explorer tools. I found both AV packages were really interested in one html file... It turns out that from the day my brother got his laptop, all his wifi activity was being logged to the debug file (not the raw packet data, but still pretty detailed, and very frequently updated), which Lenovo had decided to give a .html file extension. Any change to that was getting the attention of the AV and forcing it to scan the file. Initially this wasn't an issue as the file was small. By the time I got to investigate, the file was 5meg!
I added the file to the AV exclude list, and weeeee, back up to speed again! A bit of digging found the switch to turn off the wifi debug log in the Lenovo access connections package and I deleted the file.
His machine had been bought new, so why it was set to log by default is beyond me. Why they chose to give the log file a .html extension is also beyond me, as it was raw text.
For my own machines I use a variety - I believe that a mixture is a good thing, if one package misses something bad, and it starts to spread on the network, hopefully one of the other packages will spot it and alert me to its presence. I can then do something about it.
I also add quite a few excludes to the file list, preventing the scanning of source code and txt files.
... I am a bit of a noob, but why would any software just decide the file type based on a file name extension? No doubting your story, but I would really like to know. Obviously storing raw data in a .htm(l) file should not fool any AV or any other security software just by its extentionsion. That's just opening the gates to malware anyway. Sending out a .jp(e)g without the receiver knowing what is really inside it while it tries to find wholes in let's say Irfanview or so, is potentially lethal.
BTW: forgive me my ways of using the English language... I am not a native user of the language and still have to reinstall my spell check on my browser.
Why does software rely on filename extensions?
Partly legacy, partly laziness, partly Microsoft (which I suppose would be legacy AND laziness), and partly because it's easier to grep the filename for everything after the last full-stop, than poke around in the file data looking for magic bits and metadata.
Linux and other Unix-like things tend to (but not always) rely on metadata and magic bit sequences within the file, and won't be fooled (in many cases at least) by renaming a file extension. You certainly can't make a file executable just by calling it "something.exe" (this is what setting the executable bit is for), and I've had VLC for Linux and Movie Player both work nicely with movie files that have no extension.
Windows? Not so much.
Bloody Norton and Mcaffe Hogs the system (PC world pre installed crap)
I have advised countless people to remove and stick on Hate to say it but Microsoft security essentials.
Doesn't seem to kill the system as much..
And yes i rem when AVG was quick but then turned into a hog as well....
I have used aVast, which I thought was pretty good compared to other bloatware (Norton). I have been told that NOD32 is the fastest and one of the best providers of protection. I boot into WXP for one computer game, and spend the rest of my time using either an Android 'phone at home and Linux on the notebook for work. There is little reason for me to have an AV.
Instead of shelling out more money I removed aVast and installed Clam. Its an open source on-demand scanner. The game I play on WXP is now far faster, & WXP completes the log in far quicker than afore. I am pleased because I cannot afford to buy a new notebook for home.
If I copy files from my NAS to my home PC I can achieve a measly 270Kbps. Turning off MSE can increase that to 700Kbps.
I find that MSE to be the best of the bunch but can't help thinking that the real-time scanning shouldn't occur during heavy file transfers otherwise it just makes everything crawl. One day, hopefully the virus scanner vendors will work that out too.
It's amazing just how fast a PC can be with all the crud removed. At home I have a little 150MHz laptop (192MB ram - max'd out) running W98SE. It's not connected to the internet and is simply rock-solid. It runs some software that supports my weather station and just works - year in, year out.
The best thing about it is that it boots up from cold to running and accepting weather station data in under 15 seconds. The next best thing is its miniscule power consumption. With the screen blanked, it's too low to register reliably on my Mains Power memter.
...that people are beginning to see the AV vendor's products for what they really are - Overly bloated and overly expensive, too.
"Streamlining packages poses a tricky software design challenge at a time where the number of malware strains churned out by the bad guys is skyrocketing, forcing the use of more finely-tuned heuristics and behaviour-blocking technologies."
Not really! Just stop the AV vendor's marketing department from "adding in the 'Customer Experience'" and the scaremongering, threat-levelling messaging that goes with these time-limited packages - "Renew Now before Armageddon besets your computer..."
To this end, I've spent a little time and some money looking at alternatives, this year, having got so sick and tired of having to resolve performance as well as functional issues (Why is 64-bit Windows 7such a f*cking surprise to the 'usual suspect' AV vendors?) - There are plenty alternatives out there from the mainstream, malware/virus-anti-market mafia merchants that have, so far, stitched us all up through the "(pre-)installed with your new PC" vendor deals...
When it comes to putting up with those vendors, I hope many, like me will tell them "Armageddon out o' here..."
Hardly a shock. It is intercepting EVERY read, reading an ENTIRE file, comparing it against known checksums (which can take ages to produce a single checksum once from even a small file), and then trying to apply "heuristics" to see if it's doing dodgy stuff - BEFORE it will let you or Windows access any file whatsoever.
Of course it's a resource hog - you only have to look at the path. And the more viruses, the more heuristics, the more opening of files, etc. the greater the time it takes. That's *before* you get into badly-written AV, AV updates that use synchronous DNS lookups, on-the-hour updates and complete disk scans etc.etc.etc.
An AV is there to save you from your own stupidity. If you execute a rogue file, chances are it will DISABLE your AV before your AV even knows that virus exists. I've certainly never seen an AV "stop" a virus in it's tracks on anything but the most perfectly managed setup (and home PC's are nowhere near that category - nor are *most* business setups!).
If you need a program to not only intercept every disk read / write that you do, but to scan every byte of every disk each day, and to update itself hourly, just to stop you RUNNING PROGRAMS YOU SHOULDN'T then you better put up with the performance drag of such a task.
Or you could just learn to keep your *important* software up-to-date (e.g. browser), use secure browsers, not execute things that try to download without your permission, not have a PC that's open to the world (i.e. use a firewall which *doesn't* impact your PC's network access anywhere near as much as you think it might because it only sees IP/Port numbers most of the time and acts on only the initial packet of the connection - mine is an advanced software one and stores a cached list of authorised programs so once a program is authorised, you don't even NOTICE that it's going through a firewall), and not install every piece of junk that ever appears.
16 years. 16 bloody years without a single antivirus program running and the only virus I've ever had was from a very-reputable magazine coverdisk when I was a kid (on a copy of Sin!). Zero damage, immediate detection (by myself), immediate cleanse and removal. Just stop double-clicking on things and using ancient versions of IE to browse the Internet. Follow the rules and no anti-virus is even CLOSE to being practical or useful. That's held from DOS through to my current setup (XP SP2!), none of which had any "explicit" protection that's supposed to save you from rogue programs (unlike Vista, 7, etc. which STILL are targeted by viruses every day!)
In the schools whose IT I've managed, we load the machines with AV because performance isn't an issue and certain regulators like the reassurance but it's still yet to detect a single GENUINE virus (plenty of false-positives) on 150 machines for 450 kids (in my current school) and thousands of desktops / tens of thousands of kids (overall in the last 10 years) before it actually gets shut down - we call it the "canary" effect... when the AV stops calling home to the central server, that probably means it's been transparently and completely disabled by some virus that slipped straight past it. That's about its only real use.
Currently on a 5-year-old XP image at the moment (which has been transferred between 3 actual computers in its life). No AV in it's entire life (but has ZoneAlarm Free edition from the first second to let me go online to get updates, decent browers, etc. safely). Autoplay is off. Never had a virus. Passes all virus scan checks. Show no suspicious activity whatsoever. Worst that happens is I get a dodgy email that *might* be genuine - I have to download it (safe, because my browser isn't stupid), then re-upload it to something like VirusTotal's online scanning service to determine if it's genuine. Happens about once a month or so when someone else's AV goes potty and thinks genuine files are viruses and I have to prove they aren't and / or when someone sends me something that I just don't trust (because they are stupid and probably *do* have a virus).
Stop buying this junk. Stop installing it. Stop supporting this industry that will never "end" while people are making broken operating systems and browsers. Instead, use your brain and don't execute anything you can't verify, and don't use incredibly pathetic programs to go on the net with.
I was just like you, right upto the point some bastard booby trapped a decent website with the ramnit virus.
It cheerfully attatched itself to every html I have, then went on the tie itself to every .exe file I loaded.
Ended up saving what data I could and re-formatting the windows partion, praise be to having a windows/linux dual boot PC.
Upon examining an infected HTML file, it was quite something to see just how a simple VB script could be used to own the WHOLE F**KING SYSTEM.
We would'nt need so much AV products if IE had been sandboxed from the start of its life instead of tied into the OS so tightly any flaw/exploit in IE can trash your PC.
Anyways.... Linux for surfing/emailing/work and windows for games only now
I used the IObit PCS software - until last week.
With the lastest update, it installed the Yahoo! toolbar and changed your search engine, regardless of what you selected during installation. Then rather than the two programmes that it used to be, it suddenly turned into half a dozen programmes for all sorts of crap that I never had the chance to say I didn't want.
Even for free software, I was very disappointed that it had suddenly bloated in this way.
Used to use AVG, but agree it's too bloated.
Clamwin supports server versions of Windows, unlike MSE.
To those without AV - is obscurity or ignorance really a valid excuse?
I wonder how feasible building online scanning into a router would be? At the end of the day, it's external crap that causes the problem.
Whilst I don't run a large network, I do work from home at my home studio and I found various anti-virus software slowed my studio machine down unbearably. Professional audio creation requires a speedy efficient machine. I gave up with the likes of AVG et al, switched to MSE, which although seems to cause a tiny slowdown, i.e any virus checker seems to increase latency and reduce the amount of tracks I can work with. MSE minimises the impact of system performance, but what I tend to do is shut it down and disconnect from the internet for most of the week to reduce the chance of infection. I'll run a full scan weekly and occasionally apply updates etc after temporarily re-enabling wifi. Other than that I just try to make sure I use the machine for only what it's intended for, music and keep browsing and other 'stuff' to be done on my laptop. It seems to work well anyway. But I'm really glad to see the point of inefficient bloated AV crap software highlighted here.
It's hardly a surprise -- just exhibit a bit of common sense and you will be fine without an AV package. I've been running vanilla for over two years now on a Windows system and have been fine. I run a free online on-demand virus scan once a week and ensure my software is patched and up-to-date. But then, I'm careful with what I do online -- I'm savvy enough to know that if someone's offering me a link to their holiday pictures over MSN Messenger then it's probably worth investigating a little before I proceed.
The problem is the amount of garbage that's packaged with the AV applications now -- it's all marketing horse shit. You can't buy a simple AV package now. You have to buy an anti-virus, a spam filter, a web content filter, a firewall, identify protection -- the list grows with each release. Sure, the internet is a dangerous place but these packages should not give people free licence to do whatever they please. You've all got seatbelts in your car but that doesn't mean you speed the wrong way down a one-way street at 120MPH.
OK I admit I use the Microsoft freebie, but I am now of the opinion that a strong firewall is more important. A good one detects any program trying to either access the internet or install something behind the scenes, and I feel this is the key to keeping my PC clean. I don't download anything unless I am 100% certain of its credentials and I never open attachments in unsolicited emails. I wouldn't fall for any phishing attempt as it's too easy to spot them (broken Engrish, poor grammar, dodgy links). If something attempts a 'drive-by download' when I am online, the firewall normally saves the day. Also it is (hopefully) protecting me from the hackers too.
...Or am I being dangerously naive?
I have been using Avira for years now and have always been happy with it, except for the nag screen that comes up when updating, but thats just a minor annoyance.
I got rid of Norton 5 years ago because it annoyed me and I resented paying for it, but MacAfee is the absolute worst. The computer I have now came with it pre installed, and while uninstalling it it cried fowl. If I continued with the unistallation, my computer would be *AT RISK* from all the nasty people that are out to harm it!
My main concern here is that computer users who don't know what they are doing might be scared out of uninstalling by this type of message. I understand MacAfee don't want you to uninstall, they need you to use their product, but I feel if the product were any good, they could sell it to you on its strengths, rather than trying to scare you out of ditching it. Fowl tactic, I have no time for them.
Add another one to the list of those who have dumped AVG and now rely solely on MS's Security Essentials. Well, a mix of common sense, and MS SE as a safety net.
I've also done the same for the people who asked me to secure and speed up their systems, and all machines showed a drastic increase in performance.
the ones who get infected the most?
Gullible clickers hwo click on anything in their email.
Company Purchasers who don't care where their components come from just as long as it is cheap and bottom dollar thus increasing the odds that the website has third party infections/cross site scripting backdoor.
Sport websites and gun enthusists websites and sometimes local home town newspapers that just went online.
Of course porn sites and hate sites.
AV companies should test on low end (or old) systems. I guess they test on newly installed newish pcs.
When I were a lad (which is a few years ago now) we tested our dumb terminal software on low baud rates to ensure it was efficient for dialup customers, and many years later when I ran a web design company we always tested stuff on 56k dialup to make sure it ran ok and were not reliant on a broadband connection.
So just test on an outdated pc or a low end system. If it runs on that it should run on anything.
Not just AV that freezes a system...
Windows Update does that as well, but due to the slightly "interesting" way that CPU usage is registered your PC will be running at an utter crawl but will happily inform you that it's only using 15% CPU usage.
Other than that there's the (still) pathetic optical drive access in a wintel PC that causes a system to stop while reading, or attempting to read a disc.
Back onto the AV problem - wasn't there an article from MS at some point regarding the caused behind BSODs? No 1 was AV software, No 2 was device drivers. Most AV writers like to make sure they don't crash the system or even use too much CPU otherwise a user will start to get suspicious.
Been using it for years, and have been paying for a two-machine licence too. Our ancient laptop has been grinding to a halt. Zone Alarm using half of its 256Mb memory.
I've moved to Linux, the laptop is now using MSE. It'll never exactly zing, but at least it moves again.
Subscription written off.
I don't mind updates and reminders to update. I do mind a security product that makes my house walls so thick there is no longer any room to live in it.
Never thought I'd be up-voting MS, but, on this one, I think they have hit the target. +another-one for MSE!
Anti-virus software.
I know this will necessarily be windows biased (LOL) but come on, El Reg, do the story !!!
I'm _deadly_ serious.
Make it an interesting in-depth article. Or heck, it's probably quite a deep area, why not do a series of articles on it. Perhaps not just the review windows AV programs but an overview of windows and its security issues.
Save it for early 2011 as I guess it's probably too late to hack something up and yet do justice to the subject.
I'd say I would be most interested as I'll be the first to say I have significant gaps of knowledge in this area. Currently I'm not even sure what the biggest threat out in the wild is against windows systems.
Just an idea
I've been saying this for years! When I look at the kit they stick on high street purchased computers or the stuff that gets punted at the great unwashed year on year, I'm horrified by the amount of resources taken up as each company adds little bits here and little bits there. A straight anti-virus system is hard enough to find - I use the basic Kaspersky package yet even they insist on trying to punt me their latest and fattest, even to the point of devoting a whole "page" of their interface to what is essentially an advert for the damn thing! What I really want is something that sits in the background, chewing as little of my resources as possible and only making its presence felt when something is actually happening!
Having said that, it's becoming painfully obvious to me that I often leave my Windows 7 machine off during the week in favour of my custom build openSUSE system or, very occasionally, my RISC OS system. Both can be set up with anti-virus packages that do that very thing and don't bloat out every time I boot up. (Mind you, I can't remember when I last heard of a RISC OS virus!)
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
