Thursday, February 17, 2011

Expose the truth about the exposure memory footprint anti-virus software

 Rising Antivirus software footprint is very subtle (most of the software has hidden), anti-virus software itself, if only from the memory process to determine that it is a very good footprint anti-virus software, 4 memory for a process somehow does not exceed 25MB. but how about the actual situation?
recently, was a genuine Rising Antivirus 2006, but did not install it to the system of ideas, has always been that Rising Antivirus too much memory resources , cause the computer to run smoothly decreased. especially for the 2000 system only 128MB RAM, 256MB of memory xp system, affecting more obvious, a little bit smooth feel of the original system, installed Rising antivirus software, they'll become less fluent.
Here, I use their office computers on a simple Rising Antivirus 2006 resource utilization testing:
Host:
Dell GX620 workstations
Operating System:
Windows XP SP2 < br> test software 1:
Rising Antivirus 2006
test software 2:
Kaspersky Internet Suite
for platform:
Windows 98/Me/2000/XP
Download:
Click here to download
experiment
First of all, to the newly installed system to re-ghost state, restart the computer and vacant for 5 minutes, open the Task Manager can see the memory footprint in the 137MB or so, such as Figure 1. because it is a simple test, I ignored its memory footprint is the physical memory or virtual memory, only a rough estimate for the case of the memory footprint.
Figure 1, anti-virus software is not installed on system resources occupancy
Rising Antivirus 2006 and then install and upgrade to the latest virus database. and then empty the computer for 30 minutes, using Explorer to view the resource occupancy.
Figure 2 Installing and Upgrading Rising Antivirus 2006
Figure 3, after installing Rising Antivirus Software resource occupancy
can see that after installing Rising Antivirus Software, memory usage has been increased to 204MB or so, it can be initially estimated by the installation of Rising Antivirus software is probably the increase in memory footprint in the 65-70MB or so. But from Figure 3 Rising Antivirus 2006, you can see the 4 process (shown in several processes that begin with R) does not exceed the total memory usage 15MB, the process of memory resources and run anti-virus software, a far cry from the resources themselves, so the anti-virus software resources and can not just take a simple anti-virus software itself from running processes to determine, this is a lot of people can easily mistake the old bird.
if the memory is relatively large, the number of common functional modules into memory, That monitoring has increased the speed of scanning. Rising whether the built-in recognition, based on memory size to select the memory footprint, and this being unknown. test my computer just a simple comparison, not a great reference significance of Rising Antivirus 2006, if you take resources interested in, you can test your computer.
after installing some software, re-installed Kaspersky, reboot and then left vacant for 20 minutes.
Figure 4, after installing Kaspersky
resources can be seen after installing Kaspersky, up to 170MB memory footprint is about the process from Kaspersky (two avp.exe), the process takes about the 11MB .
compared with Rising Antivirus 2006, Kaspersky memory footprint advantages. As for the slow scan Kabbah, I talked about some humble opinion:
today upgraded the Kaspersky Internet Suite 6.0 virus library, and a comprehensive computer virus. killing the findings, there are several places worthy of deep concern.
like many people have reported that Kabbah's scanning speed is very slow indeed, even to open a safe environment and iChecker technology , it would not have any increase (3-5 times the official said to have improved). but we may not have noticed, Kabbah and other anti-virus scanning software any different. Kabbah on the exe (not the exe file is exe integrated installation package), msi installer, rar archive, ISO image file, so unpack all the files and then a scan, for some packers document solution also shells (UPX Solutions shell) scan. But many other anti-virus software, an integrated package for the exe, ISO and other documents, just a simple scan, check when there is no virus, but the result does not mean that no virus-extracting installer, (especially for the ISO image file).
so Although Kaspersky scan more slowly, ��but if you check your computer thoroughly for viruses, such rigorous scanning Kabbah is necessary!!!��
Figure: Smart Chan Bridge Five pen (exe extract package)
do not know if you are aware, smart Chen bridge Wubi installation, when almost completed when the progress bar will pause for a longer time. I had a lot of computer installations in is the same.
all of my input in pconline download, and other exe files are not infected with the virus, so smart Wubi Chen bridge should not be above the two Trojan infection after I download. To verify, I Prior to re-post in the hair in the pconline Download pen What is the nature of Trojans, I did not carefully fine.
to be said for the last virus, that file windows xp sp2 patch set up Compact. The files I downloaded with eMule, it is published in the www.verycd.com above.
hupigon the virus is a variant of dove gray, very good at hiding, the process which is invisible, very sinister and ruthless.
several other ISO software tool palette, and what sort of teaching tool palette , after Kabbah After unpacking find one by one and found a lot of virus hidden in them.
now want to come, many people do not own computers in order to prevent poisoning, when the Internet was very careful, people can copy over the files After careful killing. but I do not know some with a .
so here to remind you what others make patch set, the operating system disk or something, or less as a wonderful, non-use if it is not, was extremely wary. such as system patches, or in the best large-scale website, (and ensure that they are provided by the government), operating system, is highly recommended not to use the modified version, will try to use the original ISO, not for the sake of momentary convenience, and let the Trojans into your computer you have kept in the dark . (I found that many people like to use a modified version of the operating system, such as tomato garden xp, Yu Wei-line, leaves the mountains, etc.) and, of course, a version if you have enough trust or use it, after all These are well-known version, and believe that the person making the IT people are also moral.)
���� One more thing to add is, do not think you download a iso back no later then scan Kabbah drug is safe. Kabbah scan will have no toxic, does not mean not toxic. This can not blame Kabbah, a virus before a certain reputation, anti-virus software can be said that it did not know, this is the lag of antivirus software !
like, for example, a Trojan is installed specifically to do within the company's computer, not pop out. that the earth does not have any anti-virus software can be a killing, which I think a little common sense point of virus know!!! ����
to talk about the final opinion, why anti-virus software, software to run the process resource consumption and resource consumption caused by quite different. This should be related to the svchost process.
following online collection relevant information: and can not achieve any services that it can only provide the conditions for other services is started here, and it does not give users their own to provide any services. That is how to achieve these services do?
the original services of these systems dynamic link library (dll) are implemented, they point to the executable svchost, svchost call the appropriate service by the dynamic link library to start the service. svchost and how do you know that a system which serve the dynamic link library call? This through the system service parameters set in the registry to achieve. Here's to rpcss (remote procedure call) services, for example, to explain.

No comments:

Post a Comment