EARLIER FEATURES

FEATURES CONTENTS

LATER FEATURES

THE CURSE OF ANTI-VIRUS

Brian Grainger

brianATgrainger1.freeserve.co.uk

Yes, you read the title correctly. This article is not a diatribe against viruses but a diatribe against anti-virus software (AV software). I warn in advance that I am a bit of a maverick regarding dealing with malware and some system administrator professionals would not approve of my advice! This is because they have to assume all their users are the lowest common denominator and do not have the intelligence to use common sense or access to the tools that can be used against some breeds of malware.

This story started from a request from one of my friends to whom I am the unofficial sysadmin. He was thinking of changing his computer so on one of his occasional invitations to dinner he sought to gain some advice before he bought something.

The dinner went very well - his wife is a good cook - and the post prandial conversation came round to the topic of computers. The standard first question - why do you want a (new) computer? - was asked. The response was that my friend's computer was running agonisingly slow, it was quite old and perhaps it needed an update. I think there had been a bit of pressure from a relation who had also used the computer! Another issue was that my friend had already tried to defrag the Windows partition and was unable to do so because he didn't have the necessary 25% free space that Windows expects before it allows this task to continue. Perhaps he needed a bigger hard drive or at the very least reorganise the existing partitions to free up the space.

My friend's computer was old, but not as old as mine, and ran Windows XP. His hard drive size was small by today's standards but as he was meticulous about storing stuff offline and keeping data and Windows separate (my influence from previous advice!) I was a bit surprised about the lack of space.

The conversation continued. I ascertained that he wanted the new computer to be a desktop and have Windows as its operating system so the discussion turned towards Windows 7. Anyone upgrading to a new Windows 7 computer from XP has to consider the implications. Application software currently used may not be transferable and require the purchase of updates. Hardware such as printers and scanners may not work, requiring at the minimum a Windows 7 driver or possibly the purchase of new hardware. For some people, particularly techies, the usage of Windows 7 itself can be a shock. There WILL be a learning curve which will probably all be wasted when Windows 8 appears next year, significantly different again!

After the discussions I asked if I might use the computer to see the slowness and his hard drive space usage. Now, my friend tries to limit my access to his computer to particular problems he wants solving. Past experience suggests that once I get on a computer time tends to speed up and there is little time left for other topics of conversation before I have to leave. The way friends limit computer access is a cross us geeks have to bear! Nevertheless, my friend granted me access.

The lack of hard drive space was easily solved. My friend had allowed a piece of trial software to install itself and enhance the functionality of an existing product he had. This trial software was no longer functional but taking up quite a large chunk of space. Of course, this was not the only reason but removing this software made enough free disk space for defrag to work.

I booted up Windows and true enough it was slow, really slow. I think most of the technically able Windows users will recognise the usual trend of a Windows version being very quick to boot when new but over the years it gets clogged up and the boot process is slow. This was not the problem here. I had on a previous visit checked out the boot up process to make sure only necessary programs were booting on start up. However, it is worth mentioning how AV programs can slow the boot process.

When AV software first came out it was deemed sufficient to perform AV checking on a regular basis - maybe weekly. These days the default seems to be everyday and worse, when you first turn on the machine. The argument that the AV software vendors will put forward is that new threats are appearing everyday so it is important to check every day. I beg to differ. No wonder the boot process is slow. If you have a lot of files on your Windows drive then the AV check takes a considerable period of time and, as it restricts the ability to perform other tasks, trying to work on the PC is like wading through treacle. On that previous visit my friend had agreed a new schedule for doing an AV check and I set up the AV software, (in this case AVG), accordingly. I have the same problem at work with McAfee AV software. When I start the day after a shutdown of the PC I might as well wait 10 minutes (or more) before I start doing any work, just to let the AV program finish.

Anyway, as I said before, this was not the problem this time. It was noticeable that long after boot up something was still going on with the machine. The disk drive light was still flashing and trying to open a program took a good deal of time. Clearly I had to find out what was running. Time for a CTRL-ALT-DEL to bring up the Task Manager. After selecting the Processes tab one clicks the CPU heading a couple of times to rank the processes in order of CPU time being used. When I did this I found the process avgrsx.exe was periodically hogging the CPU. Although the avg bit of the name was recognised I had no idea what this program was doing. I was also a bit surprised because I thought I had limited the use of AVG to the schedule we agreed previously.

Whenever I have the name of a program and I want to find out what it does I stick the name into Google and look for a match that explains its purpose. Apparently, avgrsx.exe is a program called AVG Resident Shield. This does an active check for viruses on a file whenever it is opened, copied, moved or saved. No wonder the computer slows down at startup. There are, potentially, a lot of files being opened. The same thing happens when you open an application so every time you open Microsoft Word, for example, all the files that get opened in the process get checked. This is despite the fact the files must have been checked umpteen times before during the scheduled virus check.

I guess the point of the Resident Shield is to find a virus as soon as possible. It could be considered useful to check files as they downloaded from the internet and saved so they do not have a chance to do any damage. However, is it useful to check on day to day working offline?

Now that we knew what was causing the problem the next step was to find out what to do about it. It is possible to set up an exceptions list to the checking if you know what to put in the list. My solution was to disable the shield - I told you I was a maverick! A reboot to check what happened on startup resulted in a computer that was available for use very much quicker. A few days later I got a message from my friend that the computer was now operating much faster and he may reconsider the need for a new computer!

As far as I can tell the Resident Shield was introduced with AVG version 8 so it is a fairly recent introduction. I guess AVG expect every user to have a computer of a recent vintage that could cope with all this new functionality (bloat?). In this, the anti-virus developers are not alone. All developers of new software versions seem to forget that there are quite a lot of people out there with old machines that do not have the power to cope with the new software. Perhaps they think we can judge whether we accept an offer to upgrade the software. I don't think this is true. It takes a lot of resolve to refuse a free upgrade to our anti-virus software, especially when it is drummed into us that we must keep up to date. Perhaps they think we should keep updating our computers to cope? A worrying thought in this age of austerity.

If we could do without Resident Shield in AVG versions 1-7 then I reckon we can do without it in version 8, (unless we have a machine with sufficient power). Even then I don't think we need it constantly checking files that have been checked many times before. Perhaps it should only be enabled when you are online or transferring files from an external device.

There is a serious dichotomy between the way anti-virus software vendors consider computer usage and the way computer users actually want to use their computer. It is almost as if the former think that the primary function for users' computers is to run their anti-virus software. When enabled it takes precedence over everything else. It may be running in the background but if this means slowing the foreground task to a crawl then it is getting in the way. The user however wants to DO something with their computer. Running anti-virus software is a necessary distraction because of the constant message from all and sundry that to be safe we must run the software.

The anti-virus software vendors and their supporters need to consider. When the distraction overwhelms what we want to use the computer for in the first place then the user has to make a choice and that choice invariably will be to remove the distraction.

TOP