Sunbelt buckles up for anti-bloatware drive
Slow, fat rivals taken to task
The anti-virus bloatware problem is getting worse despite what some vendors may claim, according to figures from Sunbelt Software.
The Florida based vendor's marketing claims tap into a deep well of discontent about anti-virus products but are not supported by the latest results from independent testing labs, such as AV-Test.org, and therefore ought to be treated with caution.
What's not in dispute is that slow, bloated anti-virus engines chew up system resources. The problem has been a continual source of frustration for Windows users for years, and something their Mac and Linux-using peers always cite in operating system arguments.
Worse yet, each new version of the leading Windows anti-virus products from Symantec, Trend and McAfee et al can increases the demand on CPU and memory by a significant factor, Sunbelt claims. This can effectively reduce the useful life of existing machines which, according to Sunbelt, need 20 per cent more grunt (extra CPU power and RAM) for each update.
Lip up fatty
Vendors such as Trend and Symantec have publicly acknowledged that their products have been resource hogs in the past. Since Norton AntiVirus 2008, Symantec has developed technology so that its software uses less computing resources. Sunbelt brags that even these competing products still use triple the memory of Sunbelt’s comparable Vipre Software.
End-users have complained about the bloatware problem for years but it's a discussion vendors have historically avoided, much like the members of a weight watchers club might diplomatically avoid comparing dress sizes. Sunbelt's internal figures - which have not been subjected to independent testing - serve at least as a starting point in a decision that's long overdue.
Sunbelt's internal research compared the performance and resource utilisation of the most popular commercial enterprise antivirus products on the market: McAfee VirusScan v22.214.171.124, Sophos Enterprise Security and Control v3.1, Trend Micro OfficeScan v8.0+SP1_R3, Symantec Endpoint Protection v11.0.2010.7, Webroot AntiSpyware Corporate Edition with AntiVirus v3.5.1 and Sunbelt Vipre Enterprise v3.1.2978. Each were tested on a two-year-old machine with a 2.8 GHz Intel Processor and 1GB of memory, running Windows XP Pro SP3 with MS Office 10.
Vipre Enterprise used 27 per cent of CPU resources during a manual scan compared to more than 70 per cent for Webroot, 57 per cent for Sophos and around 46 per cent for Sophos and Trend. McAfee came the closest with around 29 per cent.
However, McAfee used 130 MB of RAM during a manual scan, compared to VIPRE Enterprise use of only 49 MB RAM. Symantec 118 MB RAM usage during the process compared to 75MB RAM for Sophos and 62MB for Trend Micro.
Sunbelt also makes a direct speed comparison between the speed of scanning of its software and that of arch-rival Webroot. Vipre Enterprise's scan Speed was 13.95 MB/Sec on the test hardware, with 26 per cent CPU utilisation compared to Webroot's 16.54 MB/sec using 72 per cent CPU during a manual scan.
Level playing track?
These are internal tests, since applied to marketing purposes, and ought to be viewed with caution as a result. Symantec Endpoint Protection has firewall features that may be absent in other products, such as Sunbelt's Vipre, and this needs to be factored into consideration when considering the tests.
Sunbelt said it turned off Symantec's firewall during the test.
Phil Owens, a sales engineer at Sunbelt Software, said that the efforts of rival security firms to control bloatware have so far been focused on consumer products.
"Symantec has been making efforts on the consumer side, but it hasn't yet moved these improvements to the enterprise side which is where the issue of bloatware is most prevalent,” Owens said.
“McAfee uses a lot of different components and add ons (ie an Antivirus agent on the users PC, an antispyware module and an EPO agent); whilst it acknowledges it is an issue it needs to address it seemingly hasn't taken too many steps in the right direction to rectify it."
Rival products can start off OK then gradually get slower as additional updates are applied. This depends on their architecture, Owens explained.
Steve Broadhead of network performance testing firm Broadband Reports has recently carried out performance tests commissioned by Trend Micro that also looked at the performance of other antivirus scanners. He said Sunbelt's figures don't apply to the latest version of products he tested and fail to take into account the effect of using cloud-based architectures on performance, among other factors.
"Sunbelt's test is on the right lines, but it's not up to date," Broadhead told El Reg. "The cloud methodology really does work, as do features such as the CPU throttling, so you really need that feature comparison info as well in order to put a case forward either way."
Independent testing lab AV-Test is evaluating the merits of the new 2010 edition of anti-virus software packages, which stared to appear on the market from late June onwards.
AV-Test is yet to include comparative performance reviews in its tests, which concentrate on malware detection. Andreas Marx of AV-Test did however offer some general comments, comparing the speed of products the German Labs has recently put through its paces.
"From my 'user experience' I can tell you that the Microsoft product (Morro beta) was rather slow, but both the Kaspersky and Panda suites didn't had a dramatic impact on the system performance," Marx told El Reg. "They were working rather fast, especially when compared with other scanners or the previous (2009) editions."
When compared with the previous versions, F-Secure 2009 scans performed a lot faster. A change of anti-virus engine improved lagging virus guard performance in particular, AV-Test reports.
The German testing lab has also put Norton AntiVirus 2010 through its paces, reporting that scans after a complete system analysis were significantly faster than in previous releases of Norton products.
Sunbelt have put their finger on a problem involving the system performance of antivirus software. However since there's little agreement on how to measure resource hogging then quantifying the problem - much less solving it - may be difficult. ®