Wednesday, January 23, 2008

Help my anti-virus is worse than the disease

Monday was MLK day so I had the kids and took them to see their great uncle. While I was there he asked me if I could take a look at his machine which had become 'a bit slow'.

Older windows machines inevitably feel slow compared to newer ones but this machine was more than just slow. After 30 minutes I was still waiting for AOL to come up. Internet Explorer was AWOL. Hmm, lets try a reboot.

Another twenty minutes and the desktop appears. OK time to start the task manager and start killing off some resource hogs.

Another twenty minutes and I have killed enough processes to be able to get the control panel started. Now the problem becomes evident. Every technician who has ever touched the machine has loaded an anti-virus package onto it. By now there are four separate anti-virus scanners. It also has MSN and AOL loaded and five different programs that hook themselves to launch a server process on startup.

I kill the anti-virus rubbish and suddenly the machine is running at an acceptable rate. I also kill four modem management packages (its on broadband), the unused MSN and anything else I suspect of running an unnecessary resource hog.

Only one of the anti-virus packages was accurately labelled. Comcast and Verizon had both OEM'd an anti-virus core and loaded it onto the machine without warning. I suspect that neither one had an up to date virus signature file but even if they did they are based on an approach the hackers rendered utterly obsolete four years ago. Looking for badness is simply not a viable approach any more. Viruses are old school. Anti-Virus packages are no defense against malware trojans blasted out by the million from a botnet.

What was going on on the machine was that the four anti-virus packages had comandeered every cycle and most of the free memory. I suspect they were spending much of their time scanning and evaluating each other.

The other resource hogs are due to a particularly obnoxious habit of program developers which is certainly more advanced on Windows but far from unique to it. Rather than write a program that works in the normal way: user tells program to run, it runs, user tells it to stop, it stops. The programmer decides for whatever reason to 'integrate' their program into Windows. Icons pop up in the system tray. The application hooks the O/S to run a server on startup which in turn hooks to intercept an undocumented array of system calls.

Why the programer does this is a mystery. You can be pretty sure that while they were perpetrating this monstrosity on the user they spent a great deal of time complaining about the lack of documentation on such features. Never will the question be asked why it is necessary for part of a program that the user may at most use a couple of times needs to run continuously whenever the machine is turned on.

No comments: