AV-Comparatives Performance Test - April 2019

Discussion in 'other anti-virus software' started by Ultra Male, May 6, 2019.

  1. Ultra Male

    Ultra Male Registered Member

    Joined:
    Jun 21, 2016
    Posts:
    423
    Location:
    Dubai
    Link to Chart: https://www.av-comparatives.org/comparison/?usertype=consumer&chart_chart=chart4&chart_year=2019&chart_month=4&chart_sort=1&chart_zoom=0

    Link to Main Article: https://www.av-comparatives.org/tests/performance-test-april-2019/

    2019-05-06_192008.jpg
     
  2. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    5,866
    ...… and Avira is trying hard to reach the WD in terms of performance!
     
  3. Ultra Male

    Ultra Male Registered Member

    Joined:
    Jun 21, 2016
    Posts:
    423
    Location:
    Dubai
    Oh darn, I didn't notice that. Strange man, they used to be very light.
     
  4. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    5,203
    Location:
    USA
    Impressed by ESET. I guess I'll keep it. :)
     
  5. Ultra Male

    Ultra Male Registered Member

    Joined:
    Jun 21, 2016
    Posts:
    423
    Location:
    Dubai
    They've been getting the lowest performance impacts for many months in a row now. Very impressive and still are very good in terms of security. Reminds me of the old NOD32 v2 days how they were the AV of choice for gamers
     
  6. Hiltihome

    Hiltihome Registered Member

    Joined:
    Jul 5, 2013
    Posts:
    818
    Location:
    Baden Germany
    https://www.av-comparatives.org/performance-test-methodology/

    Test Setup:
    "The hard disks are defragmented before starting each individual test run" For me: Not relevant
    "Archiving and unarchiving" For me: Not relevant
    "Installing an uninstalling applications" For me: Not relevant
    "Downloading files" For me: Not relevant
     
  7. Buddel

    Buddel Registered Member

    Joined:
    Apr 28, 2015
    Posts:
    1,035
    Interesting. I'm surprised to see that McAfee is almost as light as Eset. I thought it would be closer to Trend Micro or F-Secure as far as performance is concerned.
     
  8. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    5,866
    Once upon a time.
    Since then, Avira performance drops year by year.
     
  9. Pat MacKnife

    Pat MacKnife Registered Member

    Joined:
    Mar 31, 2014
    Posts:
    508
    Location:
    Belgium
    Everyone that uses MS defender says its coming lighter with every release update, and this test shows its coming heaver than previous test .... lol. o_O
     
  10. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    5,203
    Location:
    USA
    That's because MS Defender is a verb, not a noun. :eek::argh::D:isay:
     
  11. Ultra Male

    Ultra Male Registered Member

    Joined:
    Jun 21, 2016
    Posts:
    423
    Location:
    Dubai
    Because some people like to lie to themselves and live in a bubble. It's the heaviest AV I've ever used.

    It is so heavy to the point that even loading icons in my Software folder which contains a lot of sub-folders each with its own unique icon happens in slow motion. I would literally see the icons load one after the other in slow motion despite me having a super fast computer and all my drives are SSDs.

    The issue with Windows Defender is not only is its scanner very heavy, but it has no whitelisting technology like ESET's NOD32 so it would re-scan the same files again and again every time you try to access them.

    With ESET's NOD32 for example, it will never scan a file again provided the file hash (like a file fingerprint) hasn't changed. That's why when you install NOD32, you wanna run a full system scan once as that will tremendously improve your computer's performance since those files that were scanned before will not be scanned and the AntiVirus now just sits like a security guard for your computer protecting you from bad websites, downloads, and new files.
     
  12. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    7,249
    Well you can't take the results of these kinds of performance tests too seriously. For example I find Panda to be extremely light, which is not reflected in the test results. It seems to be that WD is slowly improving.
     
  13. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,351
    Thanks for the important details. This proves that "performance" is very individual. The user needs to try it himself and see if the Av is heavy or light on his particular system, with his particular user habits.
     
  14. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    5,866
    That leads to on-execution scan/detection only.
    i.e. =
    Today you run a full scan, you have the X malware but your AV signature database miss it.
    Tomorrow, a new signature for the X malware is added but the file (which is already scanned) remains with the same hash = whitelisted => undetected.
     
  15. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,423
    The local cache is flushed during a module update so it wouldn't happen that a detection was added and the malware sitting on your disk would be undetected because the scan result was cached.
     
  16. Ultra Male

    Ultra Male Registered Member

    Joined:
    Jun 21, 2016
    Posts:
    423
    Location:
    Dubai
    so in your opinion whitelisting is not a good technology?
     
  17. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    5,866
  18. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    5,866
    Can you elaborate further?
     
  19. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    6,603
    Location:
    Hawaii
    As with anon, I would like more info about this, too. Is a "module update" the same as a signature update? If so, then the cache would be flushed as often as new sigs are issued -- that occurs at least daily, I suppose. If so, that cache would be very very transitory, wouldn't it?

    If a module update is NOT the same as a signature update, then an undetected malware, subsequently detected & with updated sigs, could hang around on one's computer for quite a while, wot?
     
  20. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    3,478
    @anon and @bellgamin
    Hi guys,
    I'm not Marcos and I hope he will jump in.
    But a few remarks if you would allow me:

    I can clearly see the time difference for a full scan between when there was no module update and when there was a module update. If there was a module update, then such a scan takes longer (my machine, my settings).
    There are many updates daily (I'm now not even talking about detection via LiveGrid).
    In the Eset GUI you can see the installed modules / installed components. (I frequently save that info in a text file and compare to a previous one).
    What you see posted in the Update Alerts forum is the info for the version number of the Detection Engine (which is listed in the list of modules). There are other modules. The Rapid Response module is one of them and it is several times daily updated. Other modules are playing also a part.
    There is more to say but I leave it to that.
     
  21. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    7,651
    Location:
    U.S.A.
    To begin with Eset software is highly modularized; hence the reference to module updating. This gives Eset the ability to apply "on-the-fly" software updates without any impact to the user. Additionally Eset modules are coded in assembler language. Module code is downloaded and assembled on the local device ensuring zip in-transit tampering possibility.

    Yes, the three modules shown below are undated multiple times a day. The "Detection Engine" module is the one that contains malware signature updates. But updating of Eset doesn't end there. Eset employs "PICO" updating methods. Eset drivers and protection components are also modularized. PICO updates are "micro" code updates to the former and are issued multiple times within an hour. Such capability reduces the need to issue frequent updates to the main module components.

    Eset_Modules.png
     
  22. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    12,197
    Location:
    Here
    @itman
    Do you know if all components are coded in assembly language? What about other components (drivers, services...)?
     
  23. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    7,651
    Location:
    U.S.A.
    The only service that is used by Eset is it kernel program and I am sure that is coded in assembler.

    The drivers as far as I am aware are also coded in assembler. Eset also uses .dll driver stub modules it loads to the kernel global root table:

    Eset_Drivers.png
     
  24. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    6,603
    Location:
    Hawaii
    Relative to ESET, in post 14 anon said in part:
    In post 15, marcos replied:
    The main point I picked up so far is that the cache is flushed whenever a module is updated.

    My thinking: (A) If modules are changed frequently, then the cache will be frequently flushed, thus reducing the time-saving value of caching. On the other hand, (B) if modules are changed not-so-frequently, then previously unknown malwares will remain for some period of time in the unflushed cache, free to do their dirty work.

    Has this specific issue not yet been addressed, OR did marcos & itman give an answer but I failed to study their comments sufficiently to discern it (quite possible).
     
    Last edited: May 8, 2019
  25. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    7,651
    Location:
    U.S.A.
    Eset's main scan catch is never flushed; not even a software upgrade flushes it:

    Eset_Cache.png

    Eset has two primary types of drive scanning; Smart(default) and In-depth. In-depth scanning ignores the file scan catch and rescans everything. For the truly paranoid Wilders folks, they could employ Eset's "Idle-state" scanning option. This option performs continuous drive scanning when the PC is idle. Additionally, Eset performs drive scanning at device boot time and after any module updating.

    Note that Eset heuristically scans everything upon download and more aggressively, upon execution. As such, its on-demand/scheduled drive scanning in many ways is redundant.
     
    Last edited: May 9, 2019
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.