App Review AV test #5 - underrated Emsisoft vs recent malware

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
Content created by
rifteyy
Parkinsond said:
It is a good design of AV to efficiently use limited RAM, not a drawback; I would trust well-engineered AV for my protection more than a one which cannot utilize RAM in an economic way.
Click to expand...
This is completely wrong logic. Low RAM utilization only makes an application slower. Granted we might be talking about 1 second or less slower usually, but it can be higher sometimes.

I have 3rd party security solution installed, and yet Microsoft forces MalwareDefender to run in the background and consume RAM. I don't care about the RAM usage because it does not matter.

1755949324072.png



No matter what the memory "efficiency" is, what matters is detection and blocking the execution of malicious code. In that regard, Emsisoft will beat the pants off MalwareDefender. There will something like a 5% or greater difference in Emsisoft's favor and that is very significant nowadays.
 
  • Like
  • Hundred Points
  • +Reputation
Reactions: simmerskool, roger_m, Khushal and 2 others
Trident said:
For years Norton was reporting 10-12 MB in task manager but other tools were showing that the RAM usage was 100-150 MB
Click to expand...
True regarding RAM allocated per process in task manager, but the total RAM in task manager will be high even if not allocated to a specific process.
Trident said:
Using less RAM can actually lead to increase in the number of operations the CPU must perform
Click to expand...
K and MD use much less RAM than B without more CPU usage; actually B was using more CPU; I would not use B even if they pay me to use.
 
bazang said:
This is completely wrong logic. Low RAM utilization only makes an application slower
Click to expand...
It did not make Kaspersky slower though!

bazang said:
I have 3rd party security solution installed, and yet Microsoft forces MalwareDefender to run in the background and consume RAM
Click to expand...
Either your 3rd party AV is not registered in Windows security, or you have SAC or WDAC enabled.
 
Last edited by a moderator:
Parkinsond said:
I did not make Kaspersky slower though!
Click to expand...
That's because application speed is not 100% dependent upon maximizing its use of RAM.

All I am saying is that the belief that "lower RAM usage is better" is technically incorrect. It is a fallacy that has existed in userland for decades. What is correct is "the amount of RAM usage is not a detriment to the system performance. (unless the system is RAM limited and has a HDD)" Ancient, obsolete CPUs are a different conversation.
 
  • Like
  • +Reputation
  • Hundred Points
Reactions: simmerskool, lostpass, Dave Russo and 4 others
Parkinsond said:
It is a good design of AV to efficiently use limited RAM, not a drawback; I would trust well-engineered AV for my protection more than a one which cannot utilize RAM in an economic way.
Click to expand...
Emsisoft's transparency on this issue is commendable. They explain that keeping a large database of signatures and behavioral patterns in RAM allows for real-time protection to be as fast as possible.

When they "optimize" memory usage, they do it by moving data to the page file, and they are clear that this might result in slower performance on systems with less RAM.

This leads to a critical point, a low RAM number in Task Manager doesn't always mean a program is efficient. It can mean that it's just pushing the burden onto the slower drive, which can hurt your overall system performance.
 
  • Like
  • +Reputation
Reactions: simmerskool, lostpass, brambedkar59 and 4 others
Divergent said:
This leads to a critical point, a low RAM number in Task Manager doesn't always mean a program is efficient. It can mean that it's just pushing the burden onto the slower drive, which can hurt your overall system performance
Click to expand...
My pagefile size is limited to 16 MB (the minimum).
 
Parkinsond said:
Either your 3rd party AV is not registered in Windows security, or you have SAC or WDAC enabled.
Click to expand...
As of 1 year or more, the Defender service stays active at all times.
Parkinsond said:
It did not make Kaspersky slower though!
Click to expand...
You are very heavily fixated and obsessed with Kaspersky, Kaspersky this, Kaspersky that.

Are we walking about the same Kaspersky here, cuz the Kaspersky I know is far from being light???

Kaspersky detection methods are efficient because they are heavily based on maths and real time calculation, and not on searching for the needle in the haystack.
But this makes them heavier than signature and pattern matching. This is the downside.

If you only like Kaspersky then why are you even on discussions about other AVs...
 
  • Like
  • +Reputation
  • HaHa
Reactions: simmerskool, Dave Russo, roger_m and 2 others
Trident said:
Kaseprsky detection methods are efficient because they ae heavily based on maths and real time calculation and not on searching for the needle in the haystack.
Click to expand...
It is just an example to explain how is using less RAM does not equal slow performance; I am not using K currently, making my opinion less liable to bais.
 
Parkinsond said:
Did not have any problem with such a size.
Click to expand...
The page file is a crucial safety net. If an application or the operating system itself needs more RAM than is physically available, it will use the page file. With a tiny page file, the system will quickly run out of this emergency memory, leading to applications freezing or crashing, or even the entire operating system halting with an "out of memory" error. This is a common cause of unexpected application failures.

A primary function of the page file is to store a crash dump when your system encounters a fatal error, such as a Blue Screen of Death (BSOD). This dump file is essential for diagnosing the root cause of the crash. If your page file is too small, your system will be unable to write this critical diagnostic information to the drive, leaving you with no way to troubleshoot the problem.

While a small page file doesn't directly create a security vulnerability that an attacker can exploit, it undermines your ability to recover and respond to an incident.

If your system is compromised by malware, a crash dump could contain valuable information about the attack, such as the memory state of the malicious process. A small page file prevents the creation of this dump, effectively destroying potential forensic evidence. This makes it much harder for you or an IT professional to understand how the attack happened and prevent future breaches.

As we've discussed, modern security suites may use virtual memory. If your page file is too small, it could hinder your solution from functioning correctly, potentially causing it to crash or fail to protect against a new threat.
 
  • Like
  • +Reputation
Reactions: simmerskool, roger_m and ForgottenSeer 94738
Divergent said:
The page file is a crucial safety net. If an application or the operating system itself needs more RAM than is physically available, it will use the page file. With a tiny page file, the system will quickly run out of this emergency memory, leading to applications freezing or crashing, or even the entire operating system halting with an "out of memory" error. This is a common cause of unexpected application failures.

A primary function of the page file is to store a crash dump when your system encounters a fatal error, such as a Blue Screen of Death (BSOD). This dump file is essential for diagnosing the root cause of the crash. . If your page file is too small, your system will be unable to write this critical diagnostic information to the drive, leaving you with no way to troubleshoot the problem.

While a small page file doesn't directly create a security vulnerability that an attacker can exploit, it undermines your ability to recover and respond to an incident.

If your system is compromised by malware, a crash dump could contain valuable information about the attack, such as the memory state of the malicious process. A small page file prevents the creation of this dump, effectively destroying potential forensic evidence. This makes it much harder for you or an IT professional to understand how the attack happened and prevent future breaches.

As we've discussed, modern security suites may use virtual memory. If your page file is too small, it could hinder your solution from functioning correctly, potentially causing it to crash or fail to protect against a new threat.
Click to expand...
With all due respect, I have no troubles with 16 MB of pagefile.
 
Parkinsond said:
It is just an example to explain how is using less RAM does not equal slow performance; I am not using K currently, making my opinion less liable to bais.
Click to expand...
The "speed" differences are mostly of interest to coders who can "see" or "measure" the differences. For application end users, they're not going to detect the differences, especially on SSD systems. That does not change the fact that high RAM usage does not slow down a system.

Unless a user has a 4 or 8 GB RAM system with an HDD, I've never seen RAM level make any meaningful difference.

My system is configured via the OS to keep applications loaded into active memory (RAM). I don't care if that equates to 1% or 90% of total available RAM consumption as I know the system is faster.

The differences in using a lot of RAM and having little RAM and pushing to the pagefile is so very apparent on HDD systems. In today's world of SSDs, it is a lot less noticeable.

But, to each his own. Jedem Das Seine.
 
  • Like
  • +Reputation
Reactions: simmerskool, ForgottenSeer 94738, Trident and 1 other person
An antivirus performane has got nothing to do with its memory usage whatsoever (in fact using less memory can slower detections methods and make them less efficient).

Performance is linked to:
How many APIs/API calls are hooked and monitored? The more of them are monitored, the better security, however whitelisting and excluding API calls from monitoring increases performance.
Exclusions from monitoring: Some AVs may refuse to scan trusted files and may not monitor trusted or signed processes. This creates lighter solution, but also, reduces security.
Caching: how efficient the caching is, how long it is maintained for, first level cahce, second level cache and so on. The better the caching, the better the performance, however, this leads to a sight reduction of security.
Coding: efficiently optimising and fine tuning the code to reduce duplicated and redundant operations.

These are the few top factors that affect performance.

Don't make me install Kaspersky and monitor the CPU usage and we'll see how "light" it is and who is running out of evidence.
 
  • Like
  • +Reputation
Reactions: simmerskool, ForgottenSeer 94738, Khushal and 1 other person
Parkinsond said:
With all due respect, I have no troubles with 16 MB of pagefile.
Click to expand...
Ultimately, the choice is yours, but I would recommend to use a system-managed page file.

It is the established best practice for modern Windows systems, endorsed by Microsoft. It's designed to provide a flexible safety buffer for your system without you having to manually manage it. It will use very little of your drive space if it's not needed, but it will be there in an emergency.

While your current setup may appear to be working perfectly, it is operating without a critical safety net. The moment you run into a situation where more memory is suddenly required, you will face an instability issue that could have been avoided.
 
  • Like
  • +Reputation
Reactions: simmerskool and roger_m

You may also like...