Woody Leonhard's no-bull news, tips and help for Windows, Office and more… Please disable your ad blocker – our (polite!) ads help keep AskWoody going!
Home icon Home icon Home icon Email icon RSS icon
  • Security is Good, and More Security is Better – Right?

    Posted on Noel Carboni Comment on the AskWoody Lounge

    Home Forums AskWoody support Windows Windows 10 Windows 10 version 1703 – Creators Update Security is Good, and More Security is Better – Right?

    This topic contains 2 replies, has 2 voices, and was last updated by  Noel Carboni 5 months, 4 weeks ago.

    • Author
    • #110006 Reply

      Noel Carboni
      AskWoody MVP

      You’d think so, but…

      There is a performance price to pay for securing systems “the typical way” – i.e., by running active antivirus software.

      Antivirus/antimalware solutions always focus on how secure they make your system. None that I know of even mention that all that security costs you computer performance, let alone how much.

      Note this spreadsheet showing the times I measured with Windows 10 v1703 without antivirus software running, and with Windows Defender actively monitoring system use, and alternatively with Malwarebytes Antimalware v3 running.

      In a Windows 10 v1703 VM I measured the times to do a few things I might typically do as a software developer. They included starting File Explorer or browser windows, starting a couple of complex applications like Photoshop and Visual Studio, and doing some software retrievals and builds. I was careful to measure most activities multiple times so that caching would be effective, and so the results would be more like real-world usage for a while and not just right after rebooting. I also made sure the host environment was idle otherwise.

      The “enumeration” I mention on line 19 is this: Start Windows File Explorer, look at the root folder on C:, Select All, right-click and choose Properties. Time how many files it counts up in how many seconds. I’ve found, over the years, that this can be a pretty good measure of overall system performance and responsiveness.

      Not surprisingly, the impact of running an active AV package is significant.


      Without an active AV package running many operations are almost twice as fast!

      Just to put this in real-world terms, my current workstation is a high-end model but is now 5 years old. You can buy equivalent systems on eBay right now for under $1,000. To buy a new workstation that’s almost twice as fast today would cost me way over $10,000. Seriously.

      One of the problems with modern active antivirus solutions is that they assume your system is going to become infected, then watch everything you do to ensure the malware that’s presumably already on your disk is caught just in time and is kept from taking over.

      It strikes me that enough attention to making sure a system doesn’t get malware downloaded to it could completely circumvent this assumption. Part of that can come from being smart about what you run, and part of it from surrounding yourself with other measures designed to minimize the chance you’ll be exposed to malware.

      I suggest that it’s NOT a given that you have to get malware on your system in the first place.

      Time was antivirus / antimalware solutions weren’t this intrusive. But the malware world has gotten more complex. I’m just curious…

      How much system performance are you easily willing to give up to have an active antivirus / antimalware package on task?

      10%? 25%? Could you stand everything taking almost twice as long?


      You must be logged in to view attached files.
      5 users thanked author for this post.
    • #110183 Reply

      AskWoody Lounger

      Up until several years ago I was still happily running my Pentium 4 single core CPUs.  At 3.0Ghz with 2GB RAM, they could run 32-bit Win XP and Win 7 very well.

      But to your point about AV system load, I think that is one thing I really started to notice with just one core.  My systems really got sluggish with the more recent AV software.

      My conclusion was that advanced security software potentially needs a core and a thread to itself.  If I turned off real-time protection, my system was back to it’s old self again.

      Since upgrading my system to dual core with hyperthreading, and a SSD, I don’t feel a noticeable hit on performance from my AV.  But I don’t doubt that it is sucking resources, it’s just not as big of a percentage of the total as before.

      Heree is one AV test site that I like because they show a column of data for performance that you can sort by to find those with the least relative performance hit.  You can select Windows 7, 8, or 10, for the OS test results you wish to view.  They use em all!



      2 users thanked author for this post.
      • #110257 Reply

        Noel Carboni
        AskWoody MVP

        The system I tested with has 16 logical processors, so there are more than enough cores to do whatever’s needed in parallel. But the thing is, if active AV software is blocking e.g. the reading of file data until the file has been verified not to contain malware, then that’s going to slow the responsiveness down.

        Thanks for the info on the site that lists AV performance. I may try one of the top-rated as a comparison.

        Something worth noting: On that av-test.org site, the impact of antivirus software is shown as higher on what they consider a “High end PC” vs. a “Standard PC”. This makes sense, because a system that’s optimized for responsiveness will have a faster I/O subsystem – e.g., SSDs or NVMe – and any fixed slowdown to have the CPU scan the file will be a larger percentage of time.

        What’s very interesting are the “Industry average” values for the slowdowns of various operations… I’m clearly not off-base in measuring these large slowdowns.

        February 2017:


        You must be logged in to view attached files.

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Security is Good, and More Security is Better – Right?

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.

    Your information:

    Comments are closed.