|
Building a better anti-virus
Posted by: Jas on Jan 08, 2010
I’ve never been much of a fan of anti-virus technologies. Yes, they’re there to help protect machines, but they’re also a massive burden on CPU power, memory and hard disk activity at the end of the day.
So much so, that I prefer using the Open Source non-invasive ClamWin AV - and even then, I’m a firm believer that if you know what you’re doing on your PC, and you have the slightest bit of common sense, you know not to click on things or open attachments that look out of place, completely negating the need for actually using an anti-virus in the first place!
Modern anti-virus technologies are even worse – being far more invasive with your CPU resources. I’ve used Process Explorer – a free utility from Sysinternals (www.sysinternals.com) - to have a deeper look at the processes running, and I am horrified to report that my existing anti-virus on the work machine is the second most memory-chewing application on the machine - Sophos is consuming 80MB of RAM! Worse, its using this much memory in it’s idle-state!
The real reason I’m writing this, is more because of my bemusement with the Microsoft Security Essentials anti-virus offering, although from past experience I don’t think it’s limited to them. Sidenote: I would like to say that I can only give praise of their offering at the moment. While I don't use it on my personal laptop, the other laptops and computers are all using it with no problems what so ever!
Turning on a laptop and booting into Windows, I was presented with a warning message specifying that the computer hadn’t been scanned in a while and that it was potentially at risk.
Nothing weird with that right? Wrong! It hit me that the anti-virus checked when it last scanned, but didn’t bother to check when the computer was last on! In this case, the laptop had been off for at least two weeks – prior to turning off being the last time I performed a scan of it…
To humour the application (and to turn off the alert), I had to scan the machine quickly. But it got me thinking: surely they should have seen this when they developed the application? That if a machine has been off for several weeks, that there is absolutely no way in which it can become infected – unless virus writers have learnt the art of writing software that can work on an unpowered device…
It comes down to checking the state of the machine. I mean they already check the state when they determine the last time the computer was scanned – why not perform an additional check that goes on to say – well if I last scanned two weeks ago, but I’ve also been off for the last two weeks, then I only need to prompt to scan again next week, as there’s no way a virus could have gotten through.
Just my thought on the whole experience – but perhaps I have a more unique way of thinking about things, and am far more PC literate than the average End-User. |
