A more passive AV?

One of the things I've noticed about antivirus software in general is that it uses a lot of disk I/O, and creates lots of intermittent CPU spikes. It appears that most AVs do background scanning of filesystems and RAM for malicious code.

Is there any antivirus software that does not do this?

i.e.

- Assume the system starts out clean
- Hook system calls for opening files and creating processes
- If a target file's modification time is different from the last time it was scanned (or if it was never scanned before), then scan it
- Otherwise don't do anything

Is this in any way a reasonable approach to dealing with malicious software? What are the caveats? Could performance problems with large files be mitigated by e.g. only examining the portions of the file cached in RAM?

If I'm not making sense here, let met rephrase the question: can an AV product be designed - or has one already been designed - that does not cause significant I/O or CPU usage on an idle system?

 

Hmmm. I am running an old laptop with small CPU, I found that in general you have to try several AVs before you actually find the one that's lite on your system. From my experiences I found the latest Avast 8 to be one that uses least CPU.
You are also given several options:

- scan files when writting
- scan files when opening
- scan programs when executing

These options are probably not exactly what you were looking for but again I have a very small single core CPU and after experiences with several AVs, this one seems to have the least drag on the system.

 

The non-conventional approach of "Webroot Security Anywhere" should fit your request. Test it if you have not done so.

 

Ditto. I couldn't have said it better myself....

 

1 answer for free AV:
MSE
Avira
Avast

for paid:
Webroot

 

Try Avast 8 with file shield only and caches set to max with auto scan off, should give really low CPU and I/O overhead (enable reputation check, sandbox and all cloud features though of file shield), add bit defender traffic light as browser add-on. Light, lean and mean and more than adequate protection.

To all youtube testers please try this combo out and compare it to paid individual suites (of Bitdefender and Avast) with same sample set and let the results speak for themselves.

 

Throw in HMP with start up scans.

 

I'd go for Webroot, it's the lightest one I've used. Combine that with hitman pro scans, or sandboxie, and you've got one light and secure system.

 

Yes,the impact upon the system from Webroot,when I tried it,was negligible.

 

As is it's protection abilities.

 

Agreed.

 

My experience is just the contratry. Lighther than most and above most in protection.

 

I can see where this thread is heading to.I would agree with you on the lightness.But seeing as everyone relies so heavily on "tests",the results would seem to indicate contrary to your supposition.

 

I'm assuming the original poster wants better security, but doesn't want the constant churning associated with some security apps which sometimes classify everyone as a rank novice, therefore check everything.

Most people can hear their hard drive churning on idle with some security apps.

Anyway, I think it has some solid tools under 'system tools' - system cleanup does a similar job to CCleaner in removing temporary files so the Webroot scan, or say a hitman pro scan can fly through.



Control active processes shows how long each process has been running, and the ability to block the process.




Protection statistics feature, allows you to double-click on system events and then click on each heading, shows you a live update of what is happening on your system (registry/windows etc). Gives you the ability to block any system event which looks suspicious.




Overall, very useful and lightweight security program - with some extra features for those more interested in doing a bit of system 'research'.

 

Tests over AV-test org confirms the solid protection even if it only test part of WSA protection features.

 

isn't webroot cloud-only??
anyway the only 'pure' av nowadays are mse and avira...

 

What do you mean by "pure"?

 

no hips, no web scan, not much besides file protection.

 

There are some AV's with on execution scan.

 

As Windows Security had mentioned, Avast with only the File Shield enabled scans only on write, read, or execute, depending on what you set it to.