Precise Performance Characterization of Antivirus on the File System Operations
Mohammed I. Al-Saleh (Jordan University of Science and Technology, Jordan)
Hanan M. Hamdan (Jordan University of Science and Technology, Jordan)
Abstract: The Antivirus (AV) is of an important concern to the end-users community. Mainly, the AV achieves security by scanning data against its database of virus signatures. In addition, the AV tries to reach a pleasant balance between security and usability. When to scan data is an important design decision an AV has to make. Because AVs are equipped with on-access scanners that scan files when necessary, we want to have a fine-grained approach that provides us with high precision explanation of the performance impact of the AVs on different file system operations. Microsofts minifilter driver technology helps us achieve exactly what we want. By deploying a minifilter driver, we show that most overhead of the tested AVs are greatly imposed on the OPEN operation. Interestingly, we also show that the AV greatly enhances the timing for the READ operation. Finally, the WRITE and CLEANUP operations show almost no differences in terms of performance.
Keywords: antivirus, file system, minifilter driver, performance
Categories: D.4.3, D.4.6, D.4.8