Sunday, July 06, 2008

AVG Free v8 versus the Competition (Speed to Scan only)

OK. I’m going to brave some dangerous waters here.

One of the major complaints (of many) raised with AVG Anti-Virus Free Version 8 is that it is just very, very slow and takes a very, very long time to scan a system.  Especially compared against AVG Free version 7.5 builds.

For this reason (and others) many users have been jumping ship to alternative freeware anti-virus software.

Some of which I have mentioned in the AVG saga included: AntiVir PersonalEdition, Avast! 4 Home Edition, BitDefender 10 Free Edition, ClamWin Free Antivirus, Comodo Antivirus 2 (beta), PC Tools AntiVirus Free Edition, and Dr.Web CureIt!Æ Utility Version 4.44.

So, aside from any discussions otherwise such as virus-detection accuracy rates, I decided I really needed to do a controlled comparison to see just how slow AVG Free version 8 had become when stacked up against these other contenders.

The Method to my Madness

I decided to run the tests using a Virtual PC session using the IE Developer’s VHD for XP Pro – IE7 offered by Microsoft.  This was installed on my Gateway laptop running Vista Home Premium with 2 GB RAM.  No other activity was done while each test session was running.

What I measured was the time to default-scan the entire system, the number of objects scanned, and the number of threats/warnings found.  I used the information for each of these elements as reported post-scan by each application.

From these elements I divided the number of objects scanned by the the time to scan (converted into seconds) to arrive at what I coined the “Scan Speed Ratio” for each build.

Seemed like a fairly good place to start.

Each time I did a default installation of the program under examination and ran any internal update process offered to ensure the program/signature files were as current as possible.  No changes otherwise were made to each installation.  Once completed, I uninstalled the application, rebooted and installed the next one.

It ended up taking the better part of a day to complete.

The Results

AVG 7.5.524
Time to Scan whole system  12m 38s
Objects scanned  20,278
Threats 0
Note: AVG Free 7.5 does not include scanning for malware files.

  • Scan Speed ratio:  20,278 / 758 = 27.38 f/s

AVG 8.0.101
Time to Scan whole system 25m 45s
Objects scanned 266,565
Threats 0
Warnings 12 (cookies)

  • Scan Speed ratio:  266,565 / 1545 = 172.53 f/s

AVG 8.0.138
Time to Scan whole system 24m 36s
Objects scanned 265,906
Threats 0
Warnings 12 (cookies)

  • Scan Speed ratio:  265,906 / 1476 = 180.15 f/s

Avira AntiVir Free 8.1.00.295
Time to Scan whole system 8m 8s
Objects scanned 56,256
Threats 0
Warnings 1 (pagefile.sys access error)

  • Scan Speed ratio:  56,256 / 488 = 115.27 f/s

Avast 4.8 Free 8.1.00.295
Time to Scan whole system 8m 2s
Objects scanned 16,804
Threats 0
Warnings 0

  • Scan Speed ratio:  16,804 / 482 = 34.86 f/s

Bitdefender Free 10 build 247
Time to Scan whole system 7m 32s
Objects scanned 10,164
Threats 0
Warnings 0

  • Scan Speed ratio:  10,164 / 452 = 22.48 f/s

ClamWin .93.1
Time to Scan whole system 33m 4s
Objects scanned 15,419
Threats 0
Warnings 0

  • Scan Speed ratio:  15,419 / 1984 = 7.77 f/s

Dr.Web Scanner v4.44
Time to Scan whole system 30m 15s
Objects scanned 52,650
Threats 0
Warnings 0
Note: Complete scan run

  • Scan Speed ratio:  52,650 / 1815 = 29.00 f/s

Comodo AntiVirus Beta2
Time to Scan whole system 17m 34s
Objects scanned 27,476
Threats 0
Warnings 0

  • Scan Speed ratio:  27,476 / 1054 = 26.06 f/s

PC Tools AntiVirus 2008 (4.0.0.26)
Time to Scan whole system 10m 49s
Objects scanned 12,819
Threats 0
Warnings 0

  • Scan Speed ratio:  12,819 / 649 = 19.75 f/s

Cutting through the muck

Based on my personal tests, it seems that AVG Free Version 8 builds actually scan more objects, multitudes of time faster than any other freeware anti-virus product listed here currently.

By default, AVG Free v8 appears scans for the following filetypes (and in compressed files): 386; ASP; BAT; BIN; BMP; BOO; CHM; CLA; CLAS*; CMD; CNM; COM; CPL; DEV; DLL; DO*; DRV; EML; EXE; GIF; HLP; HT*; INI; JPEG*; JPG; JS*; LNK; MD*; MSG; NWS; OCX; OV*; PCX; PDF; PGM; PHP*; PIF; PL*; PNG; POT; PP*; SCR; SHS; SMM; SYS; TIF; VBE; VBS; VBX; VXD; XL* ;XML; ZL*

It scans (like some other applications listed) for both virus, malware file, and tracking cookies.

Do scans take longer (much, much, longer)?  Yes.  Without a doubt.

Do the scans manage to encompass a much more wide scope than (currently) any of the others tested.  Yes.  Clearly.

Do the scans occur at a rate much faster (currently) than any of the others tested. Yes. In my tests.

Granted, your results may vary depending on your particular system, what is going on while the scan is running, and any configuration changes made to the default settings.

I suppose if you want AVG Free Version 8 to scan faster, you could disable malware-scanning. That would speed it up time-wise to complete a scan.  Worth considering.

Of course, you would then likey have to run a 2nd scan using a third-party anti-malware product; which might negate any gains in scan-time you achieved. I’ve personally left AVG to scan both anti-virus files as well as anti-malware and then every week or two run a few other anti-malware scans using Spybot-S&D 1.6, Release Candidate 2, Malwarebytes' Anti-Malware, and Spyware Terminator for good measure.

What about accuracy in finding viruses?

Consider AV-Comparatives rankings.  While they have not posted comparisons of freeware anti-virus results, the last version tested of AVG 7.5 achieved in May 2008 an “Advanced” rating.  Certainly respectable.

And when I consider the latest reports from SRI International’s Most Effective Antivirus Tools Against New Malware Binaries, AnitVir is almost always rated at the top of the list (currently at 96% detects) but AVG comes in at over 90% as well (currently at 91 %). Many others achieve lower detection rates.

I don’t realistically ever expect to find a freeware anti-virus product that rates 100% success at detection tests.

What I do want is a full-featured A/V product that provides both real-time, on-demand, and scheduled scanning of my system against virus/malware threats. I want an easy-to use interface that I can configure in much greater detail if desired. Scans should be very thorough and fast in terms of the ratio of items scanned to time to scan them.

Oh yes. Free is very good.

I sincerely believe that while AVG Free version 8 is not a perfect product, it provides a significant level of protection, features and performance in comparison to other free products in its class.

Were I to recommend an alternative product based on speed of scan and detection accuracy, I must hands-down recommend AntiVir PersonalEdition without hesitation.

Everything else seems not quite up to grade.

Final Thoughts

I don’t demand perfection because it is a free product…and in all fairness…you have some very good options, but you do get what you pay for end the end. For the very best in detection rates and features, you have to pony up the $$ and put it on the counter.

However, I believe in a layered Windows threat-mitigation model;

  1. I have a hardware based firewall/router to start things off. Properly configured this should prevent intrusion into your home network. Mine sits right-behind my broadband cable modem.
    Behind that are my computers.

  2. I work very hard to keep all my systems updated and patched (Windows Updates). I also recommend using The Secunia Software Inspector (online) or their Personal (PSI) tool installed locally to look for vulnerable applications.

  3. Next I currently run the free Comodo Firewall Software set up for both inbound and outbound "leak" protection. (I do have the Defense+ element turned off.)

  4. Then, AVG Anti-Virus Free Edition (without LinkScanner) to provide real-time and scan protection for virus/trojan/malware threats.

  5. I then follow that layer up with ThreatFire AntiVirus - Behavioral Virus and Spyware Protection which is freeware software that provides heuristic and behavior-based malware protection (for threats that don't have a signature yet).

  6. Finally I recommend using a next-generation build web-browser.
  • The Opera 9.5 browser, Internet Explorer 8 Beta, and Firefox web browser 3.0 all now provide anti-phishing/anti-threat site protection to varying degrees.  Many more improvements are due in the next IE 8 beta release version!

  • While not perfect, they do operate in an efficient manner to provide web-surfing protection from malicious sites.

  • I prefer Firefox 3.0 coupled with the NoScript - JavaScript/Java/Flash blocker Add-on. This keeps most all malicious software activity from running via the Firefox browser, but allows you to enable Java/Flash on sites you trust (banking/commerce/etc.).

AVG Free version 8 does have a lot more going for it that folks (including me) have given it credit for.

It’s a darn-good product and worth giving a fair shake.

I’m just saying….

--Claus

6 comments:

Anonymous said...

Wonderful articel !!!
I agree with you that avira is the best free antivirus

Jamber

Anonymous said...

@ Jamber - Thanks for the kind comment. I liked Avira AntiVir a lot as well. Certainly has a lot going for it!

--Claus

Anonymous said...

Nice work. Too bad that resident scanning issues weren't taken into account when testing. AVG 8 scans 10 times more files (during a file copy action for instance) then 7.5 did. If you where to copy 100 files with avg 7.5, on average 10 of those 100 where scanned. With avg 8 that could increase to a scan of all 100. The delay caused by this is noticable.

Anonymous said...

@ Anonymous - That's a very good observation.

For the most part, the file count on move/copy actions is pretty low. So this is something that generally flies under the radar.

However, as you point out, if you are copy/moving a moderate to significant number of files, resident-scanning of files can indeed increase the amount of time required to do the copy action.

I'm a power mover/copier and have set my XP systems up to use SuperCopier instead of the traditional Windows copy/move function. I haven't even looked into seeing if AVG picks up a resident-scan with this copy/move routine.

Thanks for giving me some more areas of AVG to look into exploring!

Anonymous said...

You should have ran the scans scanning all file types and not just the defaults. This would show a true comparison of the engines.

Also the "objects scanned" discrepancy between AVG 8 and the others is too wide to not justify/explain in some way.

Anonymous said...

@ Anonymous - Your suggestion is a valid alternative approach.

I have no doubt that it would certainly produce different results that what I posted here.

The reason I took this particular approach was two-fold.

First I wanted to look into the discussion about "A/V product A scans so much faster than A/V product B" that is often waged in free A/V products. My results bore out what many folks were reporting, that some A/V products in particular are much "faster" than others in terms of scan time. However that is with a caveat that doesn't often get mentioned; namely that it also depends on what objects they are scanning as one that scans more file objects than another isn't necessarily "slower".

Thus I arrived at the "scan speed ratio". An A/V product that seems to have a longer overall system scan might take longer than one that does not, but might indeed be faster in terms of it's efficiency in scanning...which is the point I was trying to make.

Secondly, I chose to accept just the default included file-types on purpose and not "all file types" as you suggested for a reason.

I was trying to capture the average home user's experience who would simply get an A/V recommendation, download and install the software and run it with defaults. They probably wouldn't be sophisticated enough in most cases to make changes to these default file-type sets.

So I guess it would be fair to say I was attempting to measure these times based on a default user's default program settings experience. I'm thinking that is what most users would be going by when they get a subjective feel for a program's performance and then post about it on the web.

When I have time I certainly hope to go back and revisit this test again to see in anything has changed based on program updates and the like. It would probably be beneficial to try to list what default file-types are included in each A/V program's default settings. That might make the apparent discrepancy in the scanned items reported in AVG 8 and the others more clearly understood as you pointed out.

I suspected that AVG 8 did scan more objects by default than the others, which is why I listed them specifically in the post, but a side-by side listing may have been more valuable to readers.

Thanks for the feedback! It is valued and appreciated.

--Claus V.