Antivirus shootout cuts scan time from three hours to three minutes

The Royal Flying Doctor Service Western Operations (RFDSWO) has implemented a new antivirus system, cutting full system scan times from about three hours to under three minutes.

The not-for-profit organisation, which provides a 24-hour emergency service across Western Australia, has five main bases, with hundreds of doctors, nurses, pilots and support staff operating out of other remote locations around the state.

The organisation previously used LANDesk for endpoint management, employing the included Kaspersky engine for antivirus and antispyware. Over time, the organisation began having problems with the antivirus product. Signature updates proved particularly problematic.

“It would download [updates] to a central repository on a network and then push that out to all the client [devices]. If you had laptops in a mobile environment, they wouldn’t get that update until they got back into the network. In our environment, that could be several weeks. We knew … that we had a gap in our security solution,” said RFDSWO ICT manager Matthew Turany.

Sometimes updates would stall or, in some cases, get corrupted in transit, which would cause the antivirus engine to stop working on the laptop or PC. “You’d have to manually get in and delete the update directory”, wasting a few man hours, Turany said.

While initially it was “quite nice, a fairly decent product”, the antivirus engine became bloated over time. Updates grew larger - reaching hundreds of MBs - and the engine itself was taking up a couple of hundred MBs of RAM on end-user machines, impacting PC performance.

The product also allowed a couple of infections “that we were quite shocked at, because they were old viruses”.

RFDSWO decided to replace its antivirus. To this end, the organisation conducted an antivirus shootout, pitting trial products from Symantec, McAfee, AVG, Sophos and Webroot against one another.

The products had similar results when detecting infections. “It really boiled down to how easy was the product to deploy, how easy was it to manage and how well it behaved on the actual device itself,” given that some of the RFDSWO’s laptops were getting on in years.

RFDSWO clocked its existing antivirus product as taking 2 hours, 54 minutes and 37 seconds for the first full system scan on one PC, whereas the Webroot service took 2 minutes and 47 seconds for the first full system scan.

The existing antivirus solution reportedly took up 737 MB of disk, while the Webroot solution took up 1.5 MB on each PC.

Following the shootout, the organisation selected the Webroot option: the cloud-based SecureAnywhere Business - Endpoint Protection service.

Turany saw an “immediate” performance boost to end-user PCs. Previously, the helpdesk would receive four to six calls a day about PC performance problems that could be traced to the bloated antivirus product. Since installing the new system, there have been no performance complaints that were related to the antivirus software.

Endpoints no longer need to connect to RFDSWO’s network to get updates. Instead, antivirus definitions can be updated whenever a machine goes on the internet. A PC can go months without touching the RFDSWO network and Turany will have no concerns about that device having up-to-date definitions.

Turany said RFDSWO now has a “higher level of confidence in our protection and … in the performance of the product”.