Do Antiviruses Still Slow You Down?

[TheChester]

This is really to general of a video. On modern multicore cpu's you won't really notice it. Windows Defender/Antimalware service definitley can have a performance impact. For instance. I have an athlon 760K. I use it to play Modern Warfare. At first the game ran terribly. And I know it's below the minimum requirements to run the game, but I could run it. I just felt like if I could free up some system resources the game might run better. So off I went down a deep Windows rabbit hole. I went through every service that was installed on a clean image. Researched them up and down and disabled everything that is nonessential for windows to boot. Yes. I have no Windows updates, no microsoft store, no windows defender. No powershell. I literally stripped windows down to a bare bones platform. I now have only 68 processes running after boot. Let me tell you Windows is a different animal like this. On a stock clean windows install after boot if my computer was idle my cpu fan would stop running. As soon as I touched the mouse it would go right up to full speed. After I stripped everything even with numerous chrome tabs open my cpu fan would barely kick on every couple of minutes. Disabling the antimalware service knocked my cpu usage down 8-10% at idle. And by disabling it was done through the registry in safe mode, changing permissions, and I was finally able to remove the files and remove the task scheduler items. It was a pain to get rid of it but it can be done. Now I know, i know you're thinking "what kind of idiot runs no antivirus/antimalware software?" Well I can tell you I never have, never will, and I do a lot of neferious things on the internet. Shady programs, shady websites, and such. I've never met an malware I couldn't beat. I actually enjoy trying to clean them. You learn alot. There was only one that I really had a hard time with. I believe it was a cryptominer. I found it because one day I went to play Modern Warfare and when I joined a lobby, which put's a decent load on your cpu, my game crashed. I noticed in task manager my cpu utilization was hovering at 1-2% at idle. This was weird because normally I would sit right at 0%. I checked the running procceses and nothing looked out of the ordinary. I couldn't see what was using the cpu though. I checked event viewer and I noticed there was a couple of events that called powershell to run silently. I checked the files that they were calling and they were normally files that aren't modified. It would also modify multiple random files. It wouldn't use the same file everytime. I checked my firewall on my cable modem and I had 2500 denied attempts in one day all from different ip addresses. Comcast actually sent me a text asking me if I knew these ips and wanted to allow them. I ended up having to reinstall windows to get rid of this one. It was the only malware I've ever had trouble with. Most I can disable and remove. Not this one. 

[RejZoR]

On 5/17/2020 at 10:27 PM, CptPeterPL said:

Hi Everybody,

I just watched the video and as my day job is Security Engineer for Big Data Companies so I have little bit different look at AV things. Couple of things I would like to comment:

 

1) Every AV solution is balance act between protection and performance. You want to be better protected = u will loose your performance. I can in 100% agree with even couple % performance lost in every serious AV product installed on PC. 

2) Product classification as Antivirus and Antimalware was pretty inaccurate as presented in video. 

3) I would love to see similar video with performance vs protection from LTT. Heck I would even love to share and compare results that we're making in corporate AV solutions. 

4) As people often suggest that no AV is not so bad thing I would recommend to compare it to current health situation. Can you go outside without protection and survive - Yes. Would you do it - No. You don't protect yourself for everyday casual situation. You are doing it for the sh*t hit the fan case. If you don't want to pay extra stay with MS Defender it's pretty good by now.  

People always say "but antivirus always misses something". Sure, seat belt also doesn't save 100% of people who experienced car crash. But if it prevents 80% of deaths, that's already a huge deal. So, even if antivirus only prevents 80% of potential malware, that's a huge percentage I'm willing to take any day for an insignificant loss of performance if antivirus is good. Windows Defender got much better in protection in recent months, but the performance penalty I'm experiencing with it is absurd. The massive pauses I get when browsing Downloads folder full of EXE programs and large EXE installers as well as several seconds long pauses when compiling my programs is something that simply drives me insane and I'm not experiencing that when using lets say Kaspersky Cloud Free or avast! Free.

 

And despite Microsoft constantly bragging how Windows Defender is using multiple layers of protection, I have yet to see anything outside of traditional local means that feel more or less static and basic SmartScreen thing that either blocks something or says it has no clue and asks you where most users including me just dismisses it when using app that you consider safe, but it's just so new due to update that SmartScreen gets triggered on it.

 

Where with avast! for example, First layer is Web Shield that is faaaaaar more sophisticated than Microsoft's SmartScreen. It actually scans downloaded web content prior its execution even by browser. It also checks extensive URL database of where it's coming from and applies heuristic logic to the URL itself (its structure). It also actually scans the content of downloaded data prior it's even used by the browser itself blocking exploits before they can even be used. If source was online and avast! doesn't know the file yet, it hands it over to CyberCapture. Which is their remote PE analyzer. File is locked from execution and sent to their servers where machine learning and multi stage analyzers poke the file. If all is clear, your avast! gets back a ping that file wasn't found malicious and access to file is unlocked. It usually takes from seconds to several minutes and you get a notification about the status. You can bypass this if you feel you know file is safe. Then file is checked by DeepScreen which is a more basic version of CyberCapture that runs locally and it's essentially local observing of PE in a sandbox. If all is clear, file is released but still monitored by Behavior Shield which is a behavior blocker. If file is doing something funky to the system it'll be detected based on behavior. And while all this is happening, "basic" file scanner is keeping an eye on files via signatures as well as cloud signatures that are feed to avast! every few minutes. Not hourly like with Windows Defender but minutely, narrowing down the gap between signature releases almost down to none. And in addition to all this, if things do somehow fail to spot malware, there are things like Ransomware Shield (which will come to free avast! very soon btw) that monitors for changes to local files. It keeps an eye on your photos, documents and stuff and allows access to them if it's done by whitelisted apps (avast! has massive whitelist database of safe apps) and is seamlessly allowed. If you're editing your photos in "Pictures" folder with Paint.NET or Photoshop, avast! won't bother you at all. But if some EXE that avast! doesn't know tries to access your photos in "Pictures" folder, action will be blocked and you'll be asked about it. Hilariously enough, Windows Defender also has this feature and it's called "Controlled Folder Access". What's funny about it is the fact it just plain doesn't work at all. And it hasn't worked since it's inception years ago. If you enable it, the damn stupid thing will just endlessly bitch about Steam client and your image editors accessing photos and it'll be so annoying you'll just turn it off. Making me believe whitelists maintained by Microsoft are just pure useless garbage. Because it's these whitelists that make sure legit image editors have access to your documents/photos but not other apps. And it just doesn't work, rendering this feature entirely useless. Which is probably why it's disabled by default. avast! one is enabled by default and I know for a fact it works superbly. Maybe not 100% because I know some can still manage to bypass it, but if it blocks 90% of ransomware this way, that alone is huge. Assuming a ransomware managed to get passed all the mentioned layered checks to begin with. Which makes odds of that happening so slim it's nearly impossible to get hit by some malware. I know there is still possibility, but it's just so low at that point I'd bet on antivirus saving my bacon any time for that 5% performance penalty it might have on my system. And I'm being very generous with the %.

 

And all this while still making less of an impact on perceivable performance. And this is just for avast! that I know in depth. Kaspersky or Bitdefender, both in free flavors have pretty similar multi-tier layered protection. There is just no way "safe online habits" can do all that and old saying that users can do all the prevention is total BS. There is just no way any user can make all these automated checks to a file at speeds antiviruses can.

 

Sure Windows Defender is better than nothing, but it doesn't even come close to how rigorous checks others make and how little impact they have while doing it. Which is why Windows Defender is the last option I'd use. From levels of layered systems it employs to protect me to performance hit it creates under specific situations that are done on daily basis and are very noticeable.

[Sandro Linux]

On 5/16/2020 at 8:22 PM, r2724r16 said:

Common Sense > Antivirus Software

 

For most users anyways.

Yeah but it still is a good measure to make sure you stay safe

[r2724r16]

1 hour ago, Sandro Linux said:

Yeah but it still is a good measure to make sure you stay safe

No shit, Sherlock. But for the average Internet user who is going to do nothing but use Facebook and watch YouTube videos, antivirus software is overkill (IMO).

[Mossad]

So the question I have, if I were to take the advice from this fine band of ruffians, what is the baseline of software to install for windows 10? By baseline, I mean: Which antivirus, which malware. Should I keep running ccleaner?

 

My PC is a dell laptop, but ignoring the specs, what is a good overall "when you do a fresh install, these are the things you want to install with it"

 

I tend to keep Chrome, Firefox and Edge installed and use it in that order (edge is for "edge" cases).

[williamcll]

52 minutes ago, Mossad said:

So the question I have, if I were to take the advice from this fine band of ruffians, what is the baseline of software to install for windows 10? By baseline, I mean: Which antivirus, which malware. Should I keep running ccleaner?

 

My PC is a dell laptop, but ignoring the specs, what is a good overall "when you do a fresh install, these are the things you want to install with it"

 

I tend to keep Chrome, Firefox and Edge installed and use it in that order (edge is for "edge" cases).

Well to be fair windows defender itself is good enough in most situations.

[Sandro Linux]

On 3/9/2021 at 4:49 PM, Mossad said:

So the question I have, if I were to take the advice from this fine band of ruffians, what is the baseline of software to install for windows 10? By baseline, I mean: Which antivirus, which malware. Should I keep running ccleaner?

 

My PC is a dell laptop, but ignoring the specs, what is a good overall "when you do a fresh install, these are the things you want to install with it"

 

I tend to keep Chrome, Firefox and Edge installed and use it in that order (edge is for "edge" cases).

I might use Bitdefender or Kaspersky since they are good AVs

[Sauron]

My work computer is ultra sluggish when opening some programs despite having an nvme ssd just because kaspersky blocks everything for a scan... so yes, absolutely. It depends on how aggressively you have it set up though.

[starry]

This might be a weird take but Ive always viewed antivirus as a security risk. If I use one Im giving a piece of software an insane amount of access to my computer. Might just be my inability to trust any for-profit tech company but that feels really sketchy to me. Id rather just use VMs and stuff to protect myself, have lots of backups, etc. Less of a performance hit too.

[Sandro Linux]

19 hours ago, starry said:

This might be a weird take but Ive always viewed antivirus as a security risk. If I use one Im giving a piece of software an insane amount of access to my computer. Might just be my inability to trust any for-profit tech company but that feels really sketchy to me. Id rather just use VMs and stuff to protect myself, have lots of backups, etc. Less of a performance hit too.

VMs are a great solution just browse the web in a linux virtual machine

[Pickles von Brine]

I use malwarebytes. 

[Ripred]

Depends on the software, some have an impact, some you wont even notice, windows defender is fine now a days for regular use, though might want something more substantial if your running a business off of it  

[dogwitch]

On 5/16/2020 at 3:22 PM, r2724r16 said:

Common Sense > Antivirus Software

 

For most users anyways.

lol ,common sense is like me getting date!

rare!

[DSD27]

On 8/27/2020 at 8:15 PM, r2724r16 said:

No shit, Sherlock. But for the average Internet user who is going to do nothing but use Facebook and watch YouTube videos, antivirus software is overkill (IMO).

It has been proven that you can be infected on legit websites, even with common sense, it's important to have a basic AV.