Which Antivirus software has lowest I/O operations?

[A.S.K]

Which AV has lowest Hard disk access and I/O operations?

 

[Dani Santos]

Which AV has lowest Hard disk access and I/O operations?

Probably the ones that only scan a file on execution. But why you want that?

 

[A.S.K]

Probably the ones that only scan a file on execution. But why you want that?

because i think its one of the main reason for pc slowdown

 

[tim one]

The reasons for the slowdown may be different: Windows background tasks and update installation, malware, RAM is not enough, fragmented HDD or HDD problems and finally antivirus.
The first step is to open the Task Manager and see what really is consuming a lot of resources.

 

[Rengar]

The reasons for the slowdown may be different: Windows background tasks and update installation, malware, RAM is not enough, fragmented HDD or HDD problems and finally antivirus.
The first step is to open the Task Manager and see what really is consuming a lot of resources.

Do what @tim one said plus, if you have slowdowns run a defrag, registry cleaner or something and you can check if your hard drive is corrupted

 

[viktik]

this one can be very tricky.
Some antivirus optimizes hard disk usage. So on average, it will read fewer data per second.
But overall it may read more data from hard disk compared to another antivirus which does not use any kind of optimization.

 

[mal1]

Q&A - AVs with low disk usage?

 

[DJ Panda]

Avast is a really nice and light AV. I find it very reliable. Majority of the other ones maybe excluding Win Defender at points are pretty heavy.

 

[Quassar]

A.S.K meaby just dont install it on your pc and scan o/d from boot disk or pendrive.
For system just Keep HIPS/Firewall with some kinds SRP and virtualization.

SSFW with AppGuard + Sandoxie and Avira Rrescue CD on pednrive should be far enought security and light setup.

 

[A.S.K]

The reasons for the slowdown may be different: Windows background tasks and update installation, malware, RAM is not enough, fragmented HDD or HDD problems and finally antivirus.
The first step is to open the Task Manager and see what really is consuming a lot of resources.

i want to know in idle and scanning condition

 

[vivid]

Probably one that doesn't make use of scan optimizations-- background calculations shouldn't exist (such as calculating file hash). Otherwise, scanning will just update file records after each database update; it handles obsolete data. It's also a downside on battery.

Probably the ones that only scan a file on execution. But why you want that?

It makes sense if you do not want to waste lifetime of SSD.

 

[jamescv7]

I think it depends on system to system base.

Some antivirus are pretty light on the system but medium to heavy in I/O activity, also it depends on the optimization of components.

 

[Dani Santos]

Probably one that doesn't make use of scan optimizations-- background calculations shouldn't exist (such as calculating file hash). Otherwise, scanning will just update file records after each database update; it handles obsolete data. It's also a downside on battery.


It makes sense if you do not want to waste lifetime of SSD.

Most AV still calculate hash all the time. Even though there are being used more and more alternative ways to detect malware nowadays, a signature database is still present in most of AV software in the market. So what you said makes no sense.

And a simple reading of the files on access or execution to scan it won't waste the lifetime of SSD. The problem with SSD is it have writing limits, but you can read the data as much as you want.

 

[Wave]

Probably one that doesn't make use of scan optimizations-- background calculations shouldn't exist (such as calculating file hash). Otherwise, scanning will just update file records after each database update; it handles obsolete data. It's also a downside on battery.

Sorry but that makes absolutely no sense. Without the scan optimizations the I/O disk usage will be even higher.

 

[vivid]

Most AV still calculate hash all the time. Even though there are being used more and more alternative ways to detect malware nowadays, a signature database is still present in most of AV software in the market. So what you said makes no sense.

And a simple reading of the files on access or execution to scan it won't waste the lifetime of SSD. The problem with SSD is it have writing limits, but you can read the data as much as you want.

Sorry but that makes absolutely no sense. Without the scan optimizations the I/O disk usage will be even higher.

It depends on the architecture. You still write time stamps : last cloud check, last db version, last file change, etc. You will also notice it's provided as separate option with most products. If there were really no disadvantages, it would have been completely integrated with main process.

 

[Wave]

It depends on the architecture. You still write time stamps : last cloud check, last db version, last file change, etc. You will also notice it's provided as separate option with most products. If there were really no disadvantages, it would have been completely integrated with main process.

The scanner would be integrated with the main process? No.

The scanner isn't in the main process alone because it won't have the privileges to do what it needs to do, there is more to a scanner than some Win32 code in most AV products; they work with device drivers to do specific things and they "talk" to the service process (Win32 process registered as a Windows Service) running under SYSTEM (NT Authority Account -> more privileges) to do other things, and then it sends information back to the GUI process to display the scan results information during/after scanning.

As for the actual real-time protection, that's being done by a device driver also (Filesystem Mini Filter driver usually), since it's more efficient than API hooking to monitor file write/read attempts and the such. The process monitoring is done almost always through a callback to PsSetCreateProcessNotifyRoutine/Ex.

As for the GUI process, it is usually running with standard rights (therefore it won't be elevated), normally for security purposes. The GUI process in most AV software is vulnerable to remote code injection attacks by default, thanks to Windows GDI functions which are present in win32k.sys.

 

[vivid]

No no. I meant it as phase, activity.

 

[Dani Santos]

It depends on the architecture. You still write time stamps : last cloud check, last db version, last file change, etc. You will also notice it's provided as separate option with most products. If there were really no disadvantages, it would have been completely integrated with main process.

This will depend on the AV. But AV software won't write each information ( last cloud check, last db version, last file change) on the disk every time. Imagine that on a slow HDD, it would waste more time writing that stuff than in scanning files. Most of them info stays in memory (RAM) while the program is open. It only writes to disk when you: update the program/signatures and when you modify the whitelist, settings. Also probably when you close the program to save every information stored in memory.

 

[Dani Santos]

i want to know in idle and scanning condition

Try opening the task manager, click more details and you can see the programing that are using more disk, cpu and ram.

 

[vivid]

Yes. I did say it as well. Some products also do it when idle (anyway).

Otherwise, scanning will just update file records after each database update; it handles obsolete data.