Antivirus performance characterisation: System-wide view

Mohammed Ibrahim Al-Saleh, Antonio M. Espinoza, Jedediah R. Crandall

Research output: Contribution to journalArticlepeer-review

14 Scopus citations


It is well accepted that basic protection against common cyber threats is important, so it is recommended to have antivirus (AV). However, what price do users pay in terms of performance and other usability factors? Although it is important for security researchers and system developers to understand how exactly the AV impacts the whole system, in this study the authors take the approach of tracing operating system (OS) events. The authors' goal is to shed some light on this. To the best of the authors' knowledge, this study is the first to present an OS-aware approach to analyse and reason about AV performance impact. The authors' results show that the main reason for performance degradation in the tasks the authors tested with AV software is that they mainly spend the extra time waiting on events. Sometimes AV does cause some central processing unit overhead, but events such as hard page faults (i.e. those that require disk accesses) are the main contributing factor to AV overhead. Owing to the AV's intrusive behaviour, the tasks in the authors' experiments are caused to create more file input/output operations, page faults, system calls and threads than they normally do without AV installed.

Original languageEnglish (US)
Pages (from-to)126-133
Number of pages8
JournalIET Information Security
Issue number2
StatePublished - 2013
Externally publishedYes

ASJC Scopus subject areas

  • Software
  • Information Systems
  • Computer Networks and Communications


Dive into the research topics of 'Antivirus performance characterisation: System-wide view'. Together they form a unique fingerprint.

Cite this