Technology – Software anti-virus sucks (ESET, Norton, McAfee)

Old 7 Comments on Technology – Software anti-virus sucks (ESET, Norton, McAfee) 251

This is another installment of my Technology posts, geared towards those of us who are technology professionals and support users or clients.

Software anti-virus sucks. There, I said it. Some people will disagree with me, some will claim that you NEED to have it, but I say it sucks. Here’s why.

1) It’s a resource hog. Software-based anti-virus relies on using hardware computing resources to perform scans. Simply because of it, it will slow down any other tasks being done on the same computer, whether it’s a server or a workstation. Yes, vendors have come a long way in developing ‘low resource’ modes where the scans are slower but don’t affect your other tasks as much, but in all reality, they do still affect performance. Especially ones that scan in real-time, when you open files or download them off the internet.

2) It relies on updates. All software-based anti-virus solutions require updates. This is normal, but think about it. Every workstation and server in your organization requires constant updates. If one can’t get them or has some kind of error, that piece of hardware isn’t protected from the latest threats.

3) Licensing. If you’re looking to protect more than one or two computes, it can get pretty expensive, pretty fast.

4) It relies on users. If users turn it off or disable it because it’s interfering with something they’re doing, then the entire point of anti-virus is thrown out the window.

5) It doesn’t protect anything it’s not installed on. Smartphones, tablets, any mobile computing device that a user brings onto the network isn’t protected.

There are more reasons, but those are the top ones. So what do I recommend ? No anti-virus at all ? Of course not. I recommend hardware-based anti-virus solutions. Most UTMs (Universal Threat Management appliances) offer anti-virus features. There are numerous advantages to this type of anti-virus solution. You don’t bog down workstations and servers with software-based solutions. You don’t have to burden yourself with the overhead of administering all these installations of anti-virus software. You don’t have to worry about users turning it off. Licensing is generally done as a per-network cost, not a per-user cost. Threats are eliminated before they even get onto your local LAN. Everything that comes onto the network can be protected, like laptops, smartphones and tablets. There are so many advantages to moving this type of service away from software and into dedicated hardware.

Remember, we technologists need to continually think about how we can streamline our efforts, and make improve things for our users.


Martin Lehner

Martin Lehner is an technology professional working for an IT services firm in Whitehorse, Yukon (Canada). He has been working in the technology field for over a decade. With a degree in Business Admin and numerous industry certifications, Martin leads a team of IT professionals that provide third party support for clients. Originally starting a company to offer web development services, Martin quickly realized that clients wanted the entire spectrum of technology services. When Martin is not at work (which is not often, since his company offers 24/7 support), he is busy at home spending time with his family.

Related Articles


  1. James Elliott July 31, 2014 at 1:01 pm

    I agree, but would you prefer not to have it? Actually attempt to educate your users/clients on what to not download or view?
    It takes less time, energy and money just to install/license a “user-nanny”.

    • Martin Lehner July 31, 2014 at 10:13 pm

      User education is a great tool to keeping networks safe from threats on the internet, however, even the safest and most educated users can still click on a link they shouldn’t by mistake, or download a file they *think* is what they want but really ends up being malware. I think the best approach is a combination of the two.

  2. Jeff Newman July 31, 2014 at 2:37 pm

    A multi-tiered (and multi-vendor) anti-malware solution is usually better than a single point solution.

    Network perimeter, server and workstation based protection all combine to provide the most secure (but never 100%) environment.

    Your hardware (perimeter) protection idea is a good start, until someone plugs in a USB drive from home with a an infected executable on it that starts sending out logged keystrokes, etc.

    It’s unfortunate that workstation-installed antivirus eats performance, but that’s the cost of things. Luckily processing and storage keep getting faster.

    Check out out-of-band anti-virus for virtualization hosts. The AV runs as a virtual appliance under the same hypervisor as multiple guest VMs, with a lightweight agent on each virtualized guest. There’s relatively little performance hit on the guest as the virtual appliance does most of the work of scanning. In the vSphere world, the concept is covered under the moniker “vShield.”

  3. Martin Lehner July 31, 2014 at 10:20 pm

    I figured someone would mention the “infected USB drive from home”. While this is certainly true, and can happen, there are a few ways you can protect yourself from it. Disabling the USB drive driver from installing using Group Policy Objects is one method. But in all seriousness, in the real world (at least my experience in the real world), it’s really, really rare for someone to bring something into the workplace that’s already infected with something. I’ve seen it literally once, and the situation was not completely innocent on behalf of the user. When you’re dealing with small and medium size organizations, generally you get to go with a umbrella ‘best effort’, not a multi-tiered solution that offers the utmost in protection. This stems from both a cost and administration perspective.

    Yes, I have heard of the virtual appliance anti-virus options, but I’ve actually never tried one. Thanks for the tip, I’ll check it out !

  4. Virus Removal Sarasota July 31, 2014 at 11:42 pm

    Yes I agree with UTMs but those too need updates and licensing. The licensing for those can get quite expensive and they don’t catch everything. In fact you have more control over having a UTM like fortinet but you have to be a a genius on networks just to understand how to work one. This is not an good solution by itself.

    Sure you can lock everything down in the utm so that you cannot download exe, SCR, bat, com, pif, etc but you can do the same on a domain.

    Now mentioning the cost of a utm firewall not including the licensing is extremely expensive and for most of the mom and pops out there they cannot afford it and then pay for licensing every year and them pay the IT company to maintain it. When this happens it becomes more cost efficient to sacrifice resources than hard earned dollars.

    With that said UTMs are great, I used them for years at my business and home I love the flexibility of them but they just aren’t for everyone.

    Wayne Leiser, IT Director

    • Martin Lehner August 1, 2014 at 9:54 am

      Nothing will catch “everything”. Again, in a lot of cases, it becomes a best effort within a budget.

      Agreed, UTMs need to be updated as well, but this is a single piece of equipment vs 10, 20 or 30 workstations.

      I’d disagree with licensing, a SonicWall can be licensed for Gateway Anti-Malware, Intrusion Prevention and Application Control for $86.95 per year for unlimited clients. I don’t think that’s expensive at all.

  5. latest it technology news May 19, 2016 at 1:32 pm

    With elementary school students, the assistive technology
    options may be simpler than ones given to high school students.

    The earliest known door lock with a key is termed as a pin lock or pin tumbler
    lock. As the evolution progressed, LEDs transitioned from loosely packed low power bulbs to compactly packed high
    power lights.

Leave a comment

Back to Top