Your AV Solution is like a Loud Vacuum Cleaner

Loud Doesn’t Mean Better
I have an old OreckXL hotel vacuum cleaner. Its the one they used to sell on late night TV that could vacuum a bowling ball up a tube. It is light weight but loud as a garbage truck. I need to replace the drive belt and bags every now and then but it has lasted me for years. My dog and two cats are terrified of the vacuum. I won’t lie and pretend that I don’t find it funny to vacuum the floors and watch them run for their lives- its a perk of having a loud vacuum. It works great and keeps the pets in line.

But newer models that are quieter don’t sell as well as noisy vacuum cleaners. It’s because people expect to have noisy vacuum cleaners. Years of conditioning have trained users of vacuums that if a cleaner isn’t loud it must not be doing as well of a job as it needs to. But it just isn’t so. Silent vacuums have just as much suction power and are just as maneuverable as the loud models.

Daily AV Scans are Noisy
Antivirus solutions are a lot like loud vacuum cleaners. Since 2000, most AV solutions have possessed the ability to perform “on demand” AV checking where a file written to disk or loaded into memory gets scanned and matched against known bad viruses. It is very likely you have seen this in action when downloading a file from a suspicious location. So if the product already checks against all new files that are put onto the system why does it scan your entire hard drive every morning looking for new malware when it just scanned yesterday?

Everyone knows the feeling of arriving in the office in the morning and turning on the computer and then having to walk away for 15 minutes to get coffee and chat with coworkers while the system goes through its morning AV scan. That thrashing hard drive makes it impossible to do normal work in parallel to an AV scan. You let it do the job because you want to be secure, right? But since 2000, this task has been unnecessary. Why check the same files everyday if it can just check newly introduced files for malware? The reason is that people expect to see a virus scan. It has become as much of the human condition as a loud vacuum cleaner.

This daily virus scan also pushes a psychological trope that whatever you do on the computer is not as important as the AV company trying to keep you safe. It conditions you as a user to believe that the AV company knows better than you about security and that if anything bad ever happens, it is not the AV company’s fault but your fault. So even if an AV company is not really all that effective in stopping threats, it conditions you to think that it is serious business about scanning your drive to keep you safe. If it can’t detect the latest malware it is not the AV company’s fault for not updating signatures quickly enough but the user’s fault! Those daily scans actually induce guilt onto the users making them wonder what they did wrong when it is the AV company’s fault for not being able to protect the endpoint.

Time Study
No network administrator in their right mind would allow for a botnet to use their enterprise for 20 minutes per endpoint per day to mine for bitcoins or to search for extraterrestrial life using SETI. But they allow virus scanning to eat up 333 hours of computing time per day on a 1000 node network to scan for viruses that the AV solution can detect in transit! That is 20 minutes per host every day. Multiply that by 5 days per week for 52 weeks and it comes out to over 85,000 hours of computer time! Or a single computer slaving away for 10 years to search for malware!

Given that the AV companies aren’t renting your computer cycles, how is it fair that you pay them for the privilege of this computer usage? Especially given that the product already does this natively on demand? Turn off your AV daily scans and turn on your on demand access to preserve your working time at the endpoint, or get a solution that doesn’t force you to get coffee in the morning.