TY - GEN
T1 - Why anti-virus products slow down your machine?
AU - Yan, Wei
AU - Ansari, Nirwan
PY - 2009
Y1 - 2009
N2 - Customers always complain that anti-virus softwares bog down their computers by consuming much of PC memories and resources. With the popularity and variety of zeroday threats over the Internet, security companies have to keep on inserting new virus signatures into their databases. However, is the increasing size of the signature file the sole reason to drag computers to a crawl during the virus scan? This paper outlines other three reasons for slowing down software-protected computers, which actually are not directly related to the signature file. First, the rising time consumption of de-obfuscating binary payloads by using the emulation technology requires anti-virus softwares take more time to scan a packed file than an unpacked file. Second, New Technology File System causes self-similarity in file index searching and data block accessing. Even if file sizes fit the log-normal distribution, there are still many "spikes" of high virus-scanning latency which cannot be ignored. Last but not least, temporal changes in file size, file type, and storage capacity in modern operation systems are slowing down virus scan. The paper also discusses the cloud-based security infrastructure for deploying a light-weight and fast anti-virus products.
AB - Customers always complain that anti-virus softwares bog down their computers by consuming much of PC memories and resources. With the popularity and variety of zeroday threats over the Internet, security companies have to keep on inserting new virus signatures into their databases. However, is the increasing size of the signature file the sole reason to drag computers to a crawl during the virus scan? This paper outlines other three reasons for slowing down software-protected computers, which actually are not directly related to the signature file. First, the rising time consumption of de-obfuscating binary payloads by using the emulation technology requires anti-virus softwares take more time to scan a packed file than an unpacked file. Second, New Technology File System causes self-similarity in file index searching and data block accessing. Even if file sizes fit the log-normal distribution, there are still many "spikes" of high virus-scanning latency which cannot be ignored. Last but not least, temporal changes in file size, file type, and storage capacity in modern operation systems are slowing down virus scan. The paper also discusses the cloud-based security infrastructure for deploying a light-weight and fast anti-virus products.
UR - http://www.scopus.com/inward/record.url?scp=70449127856&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=70449127856&partnerID=8YFLogxK
U2 - 10.1109/ICCCN.2009.5235239
DO - 10.1109/ICCCN.2009.5235239
M3 - Conference contribution
AN - SCOPUS:70449127856
SN - 9781424445813
T3 - Proceedings - International Conference on Computer Communications and Networks, ICCCN
BT - 2009 Proceedings of 18th International Conference on Computer Communications and Networks, ICCCN 2009
T2 - 2009 18th International Conference on Computer Communications and Networks, ICCCN 2009
Y2 - 3 August 2009 through 6 August 2009
ER -