Precise Performance Characterization of Antivirus on the File System Operations

Mohammed Al-Saleh; Hanan Hamdan

doi:10.3217/jucs-025-09-1089

Journal of Universal Computer Science (Sep 2019)

Precise Performance Characterization of Antivirus on the File System Operations

Mohammed Al-Saleh,
Hanan Hamdan

Affiliations

Mohammed Al-Saleh: Jordan University of Science and Technology
Hanan Hamdan: Jordan University of Science and Technology

DOI: https://doi.org/10.3217/jucs-025-09-1089
Journal volume & issue: Vol. 25, no. 9
pp. 1089 – 1108

Abstract

Read online Read online Read online

The Antivirus (AV) is of an important concern to the end-users community. Mainly, the AV achieves security by scanning data against its database of virus signatures. In addition, the AV tries to reach a pleasant balance between security and United States of Americability. When to scan data is an important design decision an AV has to make. Because AVs are equipped with on-access scanners that scan files when necessary, we want to have a fine-grained approach that provides us with high precision explanation of the performance impact of the AVs on different file system operations. Microsofts minifilter driver technology helps us achieve exactly what we want. By deploying a minifilter driver, we show that most overhead of the tested AVs are greatly imposed on the OPEN operation. Interestingly, we also show that the AV greatly enhances the timing for the READ operation. Finally, the WRITE and CLEANUP operations show almost no differences in terms of performance.

Published in Journal of Universal Computer Science

ISSN: 0948-695X (Print); 0948-6968 (Online)
Publisher: Graz University of Technology
Country of publisher: Austria
LCC subjects: Science: Mathematics: Instruments and machines: Electronic computers. Computer science
Website: https://lib.jucs.org/

About the journal

Abstract

Keywords