Well, four months after shipping SEP12.1 and over one million endpoints now deployed and running successfully, I'd like to take some time out to talk about how we achieved the performance we have with SEP12 and whats keeping our customers happy!
A few years ago our friends in the consumer team threw down the gauntlet, challenging the idea that performance must be traded away in favour of security. To accomplish their mission, they had to change themselves and in the process, changed the entire conversation, shifting the focus to include not only effectiveness and accuracy but minimum performance impact felt by the customer.
But Symantec is an industry leader, so rehashing the previous cutting-edge methods won’t do. In 2011, we’ve joined them in their crusade for the best possible performance without the sacrifice of security.
In order to do this, we had to change the game, as not everyone has the same computer system with the same expected applications. Since our products run on all of these systems, we needed to make sure our performance improvements applied to all of our customers, regardless of the system used. It was a logistical challenge, but because of our experience, it’s one we could meet and deliver on.
Unveiling the Symantec Endpoint Protection 12.1 Performance Improvements
Faster Real-Time Operations
Regardless of customer size, there are some things everybody uses their computer for: creating and copying files, storing documents or pictures, installing new applications as needed, browsing the Internet, reading and responding to email, and many more. These functions are also windows through which potentially malicious code can enter, and so they are what security programs monitor. When there is a lot of activity, performance can be slowed while each activity is scanned for threats. SEP 12.1 is designed specifically with that in mind and provides the least impact on real-time operations such as file copy and access times, improving your work efficiency. We did this by:
- Streamlining our scanning and minimizing callbacks among components
- Optimizing the file-access patterns
- Enhancing the file-caching algorithms
- Reducing the memory footprint
- Applying dynamic configurations based on the specifications of systems
- Non-critical operations are deferred to idle time
Before any computer can be used, it needs to be started. While this was an area of focus for later versions of SEP11--and we’ve made some dramatic improvements--we felt we could do even better.
And we’ve done better. By inventing many breakthrough internal tools that helped us uncover the next hidden performance bottlenecks during system startup, we were able to add the following advancements in SEP 12.1 start time protection and speed:
- Sequenced Symantec startup items with optimized protection and speed
- Coalesced scanning jobs to minimize CPU usage during system startup
- Reduced file I/O with improved memory mapping and caching algorithms
- Minimized risk of resource contention with other applications
Using the new approaches for this release, we worked to restructure ourselves and were able to streamline the system startup. The result is a faster start due to a great reduction in CPU and I/O traffic.
Better Resource Usage during System Idle
SEP 12.1 improves the scheduling logic of idle-state tasks such as a quick scan and other security scans so that jobs are performed in an optimal pattern that results in reduced power consumption. In addition, the improvement helps ensure that the computer’s Sleep and Hibernate states respond and operate with no impact.
Shutdown is as challenging as startup from an engineering perspective. All plug-ins of processes must turn off gracefully while still allowing them to perform the last-second operations required before being closed by the OS. Breaking an orderly sequence of interdependent plug-ins can result in system instability and affect other areas of system performance. SEP 12.1 minimizes the risks from unexpected shutdowns such as power outages or forced user shutdowns. All disk-flushing tasks are stopped, resulting in a faster shutdown process.
Expanded Memory Metrics
SEP 12.1 products had already introduced one of the industry’s lowest memory footprints, but memory is a complex issue. In developing SEP 12.1, we expanded our memory metrics to include Private Bytes, Virtual Bytes, Page Faults, Process Threads and Handles. We started by checking the resource size of all the functional components within the product and then combined similar process threads. Currently we are working to further identify all the issues and opportunities within each of the memory types. Our in-house test results show that we are moving in the right direction and we can see that evidence in third party testing too.
Our commitment to improving the performance of our products never stops. We pursue the best practices and innovate to provide the fastest security products for the benefit of our valued customers. The performance improvements of SEP 12.1 touch on everyday tasks performed on your computer and greatly improve efficiencies in any environment. The improvements are the result of us working together toward one goal--building the fastest security products--and the great feedback from our valued customers.
Finally, please allow us to express our sincere appreciation for being our loyal customers and motivating our continuous performance improvements.
This article has been adapted for the SEP 12.1 product from the Norton 2011 article here, written by Dong Chung, one of the original engineers behind these amazing performance improvements.