Is an antivirus program written in assembly superior?

[GunsMadeAmericaFree]

I just finished putting together a new Windows 11 PC from parts, and now the age old question comes up - which antivirus software to use? In the old, old days, I used to use pc-cillin, and then for years I switched to AVG free. More recently, I had been using Bitdefender, after reading some online articles that said it had a lower system impact.

Now I'm reading that Windows 11 has a pretty good Windows Defender Antivirus built in, so not sure if I need to add anything at all.

However, I found myself looking at this chart on Tom's Hardware:


I noted that one of the companies, Eset, seems to have a low impact. Then I noticed that that company is from
Slovakia, where my wife's family originated. I'm tempted to use them.

Then I saw that their antivirus program is written in assembly language, which I think is rather unusual
in this day and age.

Is this why the program seems to have a lower system impact - being written in a lower level language??

 

[igor_kavinski]

I don't know how Eset fares now but I remember years ago (probably in 2011) that our corporate Eset version failed to catch a virus that jumped from someone's USB into the server's shared folder. When the server's Windows Explorer tried to read that file during a normal folder refresh, it triggered a blue screen and our core software system went down. We rebooted the server. It would load, get to the desktop and then bluescreen again. Interestingly, that someone had inserted the USB in my PC that had Windows Security Essentials in addition to Eset. I checked the logs and found out that WSE had quarantined the virus on my PC while Eset detection log showed nothing. So the infected USB had been used from some other PC also from where the virus was able to infect the shared folder of the server.

Had to stay up all night while we waited for the software vendor's tech guy to come. He booted the server with the Eset rescue CD which was able to clean the virus. So the real time protection of Eset was lacking at that time. I'm not sure but maybe the real time protection of Eset is not very comprehensive so that's why it's low on system resources.

 

[mikeymikec]

I would be very surprised if any mainstream software is written in assembly any more.

 

[GunsMadeAmericaFree]

I guess what I'm asking is - can a desktop system use fewer system resources when running the same program in assembly, instead of say, Python, C++, or ?

 

[Ajay]

I guess what I'm asking is - can a desktop system use fewer system resources when running the same program in assembly, instead of say, Python, C++, or ?

Yes, but writing and maintaining assembly code is a real PITA! And portability can be a nightmare.

 

[Ajay]

I just finished putting together a new Windows 11 PC from parts, and now the age old question comes up - which antivirus software to use? In the old, old days, I used to use pc-cillin, and then for years I switched to AVG free. More recently, I had been using Bitdefender, after reading some online articles that said it had a lower system impact.

Now I'm reading that Windows 11 has a pretty good Windows Defender Antivirus built in, so not sure if I need to add anything at all.

However, I found myself looking at this chart on Tom's Hardware:
View attachment 79883

I noted that one of the companies, Eset, seems to have a low impact. Then I noticed that that company is from
Slovakia, where my wife's family originated. I'm tempted to use them.

Then I saw that their antivirus program is written in assembly language, which I think is rather unusual
in this day and age.

Is this why the program seems to have a lower system impact - being written in a lower level language??

Those number look bogus. Are they from some older quad core system with an HDD or something. I don't even notice Bitdefender running on my system.

 

[GunsMadeAmericaFree]

Yes, but writing and maintaining assembly code is a real PITA! And portability can be a nightmare.

I guess that would depend on what you are used to programming in - I seem to remember earlier on that quite a few programs were done in it, to keep them smaller. However, as computers become more and more capable, I guess that would become less important over time. I guess the real problem could be if you only have 1 or 2 folks who can do the assembly programming, and then someone leaves.

Hadn't really considered portability, since I do almost all of my computing on a desktop PC running Windows, then a little bit on a Linux Mint desktop.

 

[mikeymikec]

Those number look bogus. Are they from some older quad core system with an HDD or something. I don't even notice Bitdefender running on my system.

After seeing how Kaspersky Security Cloud Free seemingly allegedly speeds up the computer, I tried to find the source of the figures but I gave up after a while of looking. Without some kind of context/testing methodology for the figures they're utterly meaningless, for example is software X scanning compressed files. I think if I published a review of such software, the first thing I'd have to go into is how the software behaves on the default settings, because that's how the vast majority of users are going to use it.

These days, given that the system in question isn't some ultra-weedy CPU (e.g. Atom-type) with 4GB RAM, AV really shouldn't be slowing the user down any more. The main thing that bothers me with AV solutions I encounter in my line of work is when I'm attempting to do something system intensive, the AV decides that now is the best time to do a scheduled scan. No notification to say it's doing it, sometimes no option to stop it.

If I was still using third party AV for myself I'd switch off all the scheduled scans, and any prompts to virus-scan external drives (classic security theatre!). One thing I liked about Avast back in the day was that one can specify only the virus scanner component during installation and skip out all the other stuff.

 

[GunsMadeAmericaFree]

>>The main thing that bothers me with AV solutions I encounter in my line of work is when I'm >>attempting to do something system intensive, the AV decides that now is the best time to do >>a scheduled scan. No notification to say it's doing it, sometimes no option to stop it.

Yes, to this right here. I guess if we left it on 24 hours a day, it could just run a daily full antivirus scan in the middle of the night, when nobody was using it. However, we usually put it to sleep, not off. I wish I could just tell it, hey, turn on and run an antivirus scan when nobody is using it, during the day.

 

[sdifox]

I don't see antivirus gaining anything from being coded in assembly.

 

[Ajay]

I don't see antivirus gaining anything from being coded in assembly.

Well, true, performance wise AV programs will be I/O limited. But, CPU usage can probably be reduced by a clever assembly programmer. Anyway, not worth for any vendor to do so.

 

[igor_kavinski]

G Data Total Security review: The best antivirus app you’ve never heard of

Germany-based G Data's Total Security premium suite has all the features you need in a well-organized app, with relatively fair pricing.

www.pcworld.com

In our in-house performance tests, G Data did alright but not outstanding. Without G Data installed, the test PC scored 1,661 in PCMark 10’s extended test, which simulates an everyday workload as well as workloads that hammer the CPU and GPU harder. After G Data was installed and ran a full scan after a reboot, that score plummeted to 1,572. Surprisingly the biggest deficits weren’t in the gaming or other GPU tests, but the productivity section and app start-up times.

Roughly 5% performance loss. Pretty good, no?

 

[mikeymikec]

@igor_kavinski

I have to laugh at PC World referencing 'av comparatives' - "this product did ever so well with zero-day threats"... and uh, how exactly did they manage to test any product against an array of zero-day threats? Did the people who stand to profit from deploying zero-day threats collectively decide, "you know what, maybe we should forego our profit, put our black hats away and start helping the white hats for a change"?

 

[GunsMadeAmericaFree]

@igor_kavinski

I have to laugh at PC World referencing 'av comparatives' - "this product did ever so well with zero-day threats"... and uh, how exactly did they manage to test any product against an array of zero-day threats? Did the people who stand to profit from deploying zero-day threats collectively decide, "you know what, maybe we should forego our profit, put our black hats away and start helping the white hats for a change"?

Did they have a room full of virus programmers that they paid to come up with new attacks for a day?

 

[mikeymikec]

Did they have a room full of virus programmers that they paid to come up with new attacks for a day?

IMO 'av comparatives' has been drinking the same kool-aid as the commercial anti-virus companies: Use some scary and vague terms, try to scare the living daylights out of your potential customers, profit. "zero-day threats" sounds scary, let's go with it!

 

[ScottAD]

Don't think you will see any gains. I use Defender though, it stays out of the way and I'm a mindful internet user

 

[igor_kavinski]

I have to laugh at PC World referencing 'av comparatives' - "this product did ever so well with zero-day threats"... and uh, how exactly did they manage to test any product against an array of zero-day threats?

They may have a collection of proof of concepts for the zero day attacks that they use to attack their unpatched test system on which the antivirus is installed. At least, that's how I would do it. But you are right. They should have explained their methodology.

 

[GunsMadeAmericaFree]

They may have a collection of proof of concepts for the zero day attacks that they use to attack their unpatched test system on which the antivirus is installed. At least, that's how I would do it. But you are right. They should have explained their methodology.

Hmm, makes me think of those fancy restaurants where the chef comes out and says "Today you will be eating the chicken Henrietta, who was raised free range on the Hennecker Farm in Indiana". I imagine that if they followed a similar methodology, you'd have a disclaimer like "Today's zero day attack was brought to you by Clark Pennington, who is a programmer who lives in Johnstown, PA. He enjoys watching Mystery Science Theater 3000, fishing, long walks in the park at dusk, and ransomware."