Most of us are now fairly confident that our antivirus scanners are doing their main job of protecting our systems from malicious pests. But what are those scanners doing to system performance behind the scenes? Are some scanners better than others?
Let’s start with the good news: antivirus products all work. If what you care about is protecting your system from viruses and similar digital pathogens, just about every major vendor in the AV space does a respectable job. But don’t take my word for it. Check out AV-Comparatives, which currently evaluates 20 of today’s most recognized names in the antivirus world.
The above chart shows AV-C’s results for August 2011. Now compare against the same tests done in August 2010.
While it’s interesting that the three top performers on these charts are consistent, the point is that most players can change considerably from year to year, and even month to month. Does anyone really think that Microsoft went from 98% accuracy in 2010 to 92.5% and stayed there? As if the company suddenly forgot how to write virus definitions? No. Quite literally, sometimes AV companies have bad days. In the 2011 AV-C tests, Sophos and Webroot (which uses Sophos technology) were the only vendors to be dropped from the testing because the cloud-based portion of Sophos’ definition set was down.
As multiple vendors agreed in interviews with us, when it comes to detection and isolation of modern viruses, worms, bots, and so on, just about everyone does at least an adequate job.
“Most of us are close,” says Dodi Glenn, product manager at Vipre Antivirus. “The thing is, you could say that you detected some sample set, and your AV is better than mine. But if you fast forward, I could say that you missed X, Y, and Z. There’s a notion of when you gathered the data. And is it a zero-day? Has it never been seen before? Is it a proactive or reactive type of detection? It all depends on the sample set you’re using. In theory, your efficacy rate is going to change any time you update.”
Accuracy may no longer a primary criterion for product selection, although it should still be considered as a secondary item after pricing and full AV suite functionality. There is another side to consider with AV products, though, and long-time Tom's Hardware readers know it well. What impact is the software having on your system? Loads of features and stunning detection accuracy may be impressive, but if the background AV product is sucking minutes or hours of your productivity and performance away from foreground tasks, you have a problem. In general, for reasons we’ll discuss soon, we are less concerned about the impact of scheduled scans than we are about the low-level monitoring that today’s AV products perform constantly. Will they slow your gaming? Will they balloon your Web page load times?
We don’t need an exhaustive answer from examining two dozen names. We figured that half of a dozen would do for establishing whether or not AV products in general are dragging on your system and if there is a significant variance in this drag between products.