Chapter 9. Why AV Is Often Slow

OK, so AV typically doesn’t do a good job of finding stuff. Now we understand a bit of why that is. But even a bad AV technology can be valuable, because protection against, say, 30% of all threats is still a lot better than protection against 0% of all threats. However, besides the lousy protection, there’s still plenty not to like about old-school AV technology.

The average person may not know whether AV software really protects her or not, but she generally knows that it is slow. This is certainly the most common complaint I hear about the technology from average consumers.

So why is most AV so slow? Let’s start by looking at the time people notice it most—when their computers are starting up. Yes, any software that’s going to protect you proactively needs to load up when the computer starts, and that could take a bit of time. But AV products seem to feel the need to check the files on your computer for signs of bad stuff, and that is often what takes up the time.

The idea behind scanning your computer for bad stuff on bootup is that there might be things on your machine that have been newly determined as bad. So, maybe there’s a screensaver you downloaded a week ago, but your AV company just decided today that it is bad. Or, in some cases, you might have gotten bad stuff on the computer when the AV software wasn’t running. For instance, you might have a dual-boot machine, meaning you have a second operating system on the machine that can write to ...

Get The Myths of Security now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.