Thoughts on real-time protection and hard drive I/O impact.

[octiceps]

On my ASUS G73Jh, I use Microsoft Security Essentials along with Malwarebytes Anti-Malware Free for on-demand scans. Since MSE's recent update from version 2 to 4, my hard drive I/O performance has been demolished. For a gamer and a digital content creator yet to upgrade from a 5400 RPM Seagate Momentus HDD, the impact on everyday usage has been huge. Before you flame me for writing a sensationalist post, let me explain:

Microsoft Security Essentials has a real-time protection component which, when all options are enabled, scans every single byte passing in and out of the system hard drive for evidence of malicious activity.

In version 2, this used to be configurable to only monitor incoming files, which meant that, except for a small decrease in write speeds, hard drive I/O for the most part was unaffected.

Now, in version 4, all the real-time protection options have been disabled; the only option that now exists is to turn it on or off. As I've found out, having real-time protection turned on now essentially ticks all the options that used to be configurable in version 2. This absolutely destroys drive performance since MSE will scan all files read from or written to the hard drive.

This has made not only games stutter and files take longer to open, but Windows overall is noticeably slower to respond. Just loading up MSConfig, for instance, will take 10 seconds as opposed to instantaneous with real-time protection off. I did an HDTune benchmark just to be sure, and what do you know, not only have my sequential read and write speeds taken a hit, but access time has jumped from 17.5 ms to >20 ms!

I thought the whole point of using AV software was to have some sort of real-time monitoring for malware. But after this experience with Microsoft Security Essentials, I'm considering not just turning real-time protection off, but removing MSE completely along with disabling Windows Defender. I'll just use MBAM for on-demand scans occasionally. Heck, maybe I'll remove all anti-malware software from the system; I make frequent system backups anyway.

Thoughts?

[ikovac]

I haven't experienced extra slowdown you are describing with MSE4, but I have SSD. Memory resources are lower with MSE4 than MSE2 on my machine (around 30-50MB MSE4 vs 60-100 with MSE2) and proc load is really very low. Around 1-2%

Since I have been a looong time security enthusiast and have tried many antimalwares (some of them are malwares actually in my humble opinion) and successfully fought many infections on other peoples computers (yes I had some weird things on mine like 10 years ago). Couple of years ago I tried running my computer without AV for a year. Nothing happened. Only faster computer and no nags.

I do curently use Comodo (testing it really) with a very small impact on disk and memory - very good program indeed. But like you I have noticed that if I remove Comodo or MSE laptop is faster. Boot time for example is faster, microstutters in games (despite game modes set in AV) are gone.

And something that is not so obvious - AVs update quite often in the background and sometimes send info for scanning into their cloud services for example. Not much, but enough to cause PING raise (miliseconds) that can be very important in some fast paced games or if you are on some remote server with relatively high PING. I believe some of the background AV activities cause microstutter in some games. Game mode is not enough. AV realtime checks still work (sandbox, firewall monitoring, unknown apps, defence + in Comodo etc...) only messages and updates are suspended. The only way is to close Comodo but I really don't see the point of doing that every time, right?

Anyways I am also thinking to get rid of the realtime AV completely despite of known risks.

I am going to try Crystal AEP freeware program that alters behaviour of browsers so they are much better protected against attacks. That should protect me from something I cannot control on my side - driveby attacks on internet. Other conventional things like network, firewalls, autoruns, email attachments, popups, redirections, are easy to manage if you know how to set browser and take a little care.

I will have Comodo Cleaning Essentials and their excellent Killswitch and Autoruns tools whenever I need deep insight into the system so I can see if something is bad. And I can use their AV for cleaning. No install, just run exe.
I will have some good scanner/cleaner like Malwarebytes or Emsisoft to check some file or even whole system.
I also have frequent full system backups on my private NAS.

And yes I think AVs are great. And most of the people need them, but I think I will manage just fine without one! If I see it is not enough - I will gladly install Comodo again

Cheers,

Ivan

[Deks]

I hadn't noticed any slowdowns with MSE on my computer (on older versions or newest - and I'm using a 7200rpm hdd).

[Baserk]

...I thought the whole point of using AV software was to have some sort of real-time monitoring for malware. But after this experience with Microsoft Security Essentials, I'm considering not just turning real-time protection off, but removing MSE completely along with disabling Windows Defender. I'll just use MBAM for on-demand scans occasionally. Heck, maybe I'll remove all anti-malware software from the system; I make frequent system backups anyway.

Thoughts?

Check these 2 threads on WildersSecurity.com; link and link.
In these threads, it's explained how you can still make MSE4.0 scan only incoming files, just like with the older 2.1 version by adding a couple of registry tweaks.
Especially read the posts by member Kees1958.

[octiceps]

I haven't experienced extra slowdown you are describing with MSE4, but I have SSD. Memory resources are lower with MSE4 than MSE2 on my machine (around 30-50MB MSE4 vs 60-100 with MSE2) and proc load is really very low. Around 1-2%

Since I have been a looong time security enthusiast and have tried many antimalwares (some of them are malwares actually in my humble opinion) and successfully fought many infections on other peoples computers (yes I had some weird things on mine like 10 years ago). Couple of years ago I tried running my computer without AV for a year. Nothing happened. Only faster computer and no nags.

I do curently use Comodo (testing it really) with a very small impact on disk and memory - very good program indeed. But like you I have noticed that if I remove Comodo or MSE laptop is faster. Boot time for example is faster, microstutters in games (despite game modes set in AV) are gone.

And something that is not so obvious - AVs update quite often in the background and sometimes send info for scanning into their cloud services for example. Not much, but enough to cause PING raise (miliseconds) that can be very important in some fast paced games or if you are on some remote server with relatively high PING. I believe some of the background AV activities cause microstutter in some games. Game mode is not enough. AV realtime checks still work (sandbox, firewall monitoring, unknown apps, defence + in Comodo etc...) only messages and updates are suspended. The only way is to close Comodo but I really don't see the point of doing that every time, right?

Anyways I am also thinking to get rid of the realtime AV completely despite of known risks.

I am going to try Crystal AEP freeware program that alters behaviour of browsers so they are much better protected against attacks. That should protect me from something I cannot control on my side - driveby attacks on internet. Other conventional things like network, firewalls, autoruns, email attachments, popups, redirections, are easy to manage if you know how to set browser and take a little care.

I will have Comodo Cleaning Essentials and their excellent Killswitch and Autoruns tools whenever I need deep insight into the system so I can see if something is bad. And I can use their AV for cleaning. No install, just run exe.
I will have some good scanner/cleaner like Malwarebytes or Emsisoft to check some file or even whole system.
I also have frequent full system backups on my private NAS.

And yes I think AVs are great. And most of the people need them, but I think I will manage just fine without one! If I see it is not enough - I will gladly install Comodo again

Cheers,

Ivan

I completely agree with everything you said, Ivan. Having an SSD really negates most of the drive performance issues with having real-time AV scanning your hard drive 24/7 because of the blazing fast access times.

The performance impact of MSE 2 wasn't really apparent, but since MSE4 I have not only noticed my boot times go up, but I also get the microstuttering and ping spikes in games like you described if I leave real-time protection on.

I think diligence along with frequent backups and maybe occasional on-demand scans would probably be the best and least intrusive security solution. I've had computers run problem-free for years without any security software.

[octiceps]

Check these 2 threads on WildersSecurity.com; link and link.
In these threads, it's explained how you can still make MSE4.0 scan only incoming files, just like with the older 2.1 version by adding a couple of registry tweaks.
Especially read the posts by member Kees1958.

Wow. Thank you so much. Didn't even know this option existed anymore. +1 rep

EDIT: Still no dice. Looked at those threads you linked to, and the registry values don't exist on my system. The only registry value that I see is to disable real-time protection, same as in the MSE GUI. Maybe Microsoft has removed the options since then?

[Baserk]

^ Only when you add the reg keys, you can decide which options to use.
If you're familiar/comfortable changing the registry, add the reg keys as posted here; link.
Or consider installing a more configurable AV like free Avast and choose a custom setup during install (and tweak it afterwards if necessary).