Replies

Chimo makes a good point about measuring the effect on applications and that you only boot once a day (or once a week in my case since I use hibernate). Fred, would it be possible for you to run your favorite office applications benchmark under each different AV program?

I can’t agree with Chimo however that MSE provides more comprehensive protection than free anti-malware programs (anti-virus is really a misnomer nowadays but is one the customers are familiar with). Yes, Kaspersky at as little as $30 for a 3 user license, probably provides the best overall protection but I still find that it slows down many systems significantly, some to the point of unusability. It also suffers from poor user interface design for non-technical users. Norton, is just as cheap, has a great user interface, and has greatly improved both detection rates and performance in the last two years, since Enrique Salem returned to take charge of it (refreshing to find a software company run by a developer rather than a marketing guy). I would love to see how these two compare in your tests.

Fred, you did a great job at tackling this problem. As a retired computer journalist, with 20 years experience of writing AV software reviews, I found it very thought provoking. I agree, Avira 2012 does seem rather bloated compared to previous versions.

Yet, as the comments show, there are many possible comparisons that could have affected the results. You had to choose just one. But could that have skewed the results? Complete testing would involve a bewildering number of variables – single or dual processor, amount of RAM, number of other applications installed etc. Maybe, instead of a “clean” Windows, you need some typical “real-world” software installed?

First, could the use of Virtual PC have affected the results? After all one of the biggest threats at the moment are boot sector rootkits, which are themselves a kind of virtual PC – as they load code and then make Windows think it is running on a bare system. Could Virtual PC then make Avira suspicious of a rootkit and hence provoke more extensive tests?

Second, as another comment suggested, seeing the desktop and getting to a usable system may be very different – lots of resident apps are still loading and AV software is downloading updates. One design decision for an AV writer to consider is whether to do tests before login or wait until after the user logs in. Pretty hard to test but maybe, if you started Windows with some kind of resource monitor running, you could measure time until CPU use dropped to zero?

Another design decision would be whether to do checks at start-up in order to minimize the delay caused by scanning applications on launch. Perhaps your reader’s problem was caused by slow scans on launching applications (including the many applications that think it necessary to launch themselves at start-up).

Third, I suspect that your initial reader may have had remnants of some other AV software running. McAfee and Norton, commonly found on new PCs, both have notoriously buggy uninstallers – in fact both companies have a separate cleanup/uninstall completely utility which can be downloaded from their websites. Similarly, in testing non-Microsoft AV software, did you completely disable Windows Defender, which is known to interfere with Avira?

Finally, by not looking at detection rates, have you missed the possible trade off between better detection and a slight slow down in performance. Perhaps a few extra seconds at boot time are worth it? I am asked to remove malware from 40 or 50 systems a week and while most had outdated antivirus software, I have noticed that many of the infected systems were fully updated and running MSE (or one of certain well known commercial AV programs).

So maybe MSE is very well written code that quietly does its job, or does it trade-off fast start-up time for slower application launch, or perhaps it gains speed and low resource usage by skipping many checks that would have detected an infection? Which is it?

Paul