Other issues in this category (38)
The system restart problem
Monday, February 3, 2020
Tell me, please; can you design the upcoming version of Dr.Web Security Space in such a way that no system restart will be required after I uninstall (if I remove it) or install the application? It would be nice if the program could be installed and removed completely after the system has booted up, because restarting it over and over again can damage the hard drives.
A Dr.Web user's request
Users just don't like to restart their computers—that's how it has been and will always be. We already explained why our anti-viruses sometimes require a system restart and why it’s important (for example, check out our issue Essential reboot).
The diagram shows the list of Dr.Web anti-virus modules under Windows. You can also see that certain modules operate in kernel mode (Core Level). Modern operating systems separate user data from system routines. An ordinary application can't hook into routines that access disk sectors or create files and write data into them. Those routines and system events can't be made accessible to just everyone. Event handlers can catch events in kernel mode. Deploying a new event handler in a system is more complicated than just copying a file to a disk. This routine requires a system restart. No matter how much we'd like to have things our way, these are the rules of the game and it's not up to us to change them. That's why installing and removing an anti-virus is always about deploying and removing event handlers, and that procedure can't be completed without rebooting the system.
Is it possible to accomplish all the tasks without system restarts? Yes, it is. For example, this is how Linux works. But under Unix-like systems, a new event handler doesn't replace the existing one. It will start working with system events that occur after it has been deployed. The previous driver will still handle earlier events and will then be removed. We already described this mechanism in more detail.
Convenient? Sure. But attackers can take advantage of this mechanism, too. In a way, system restarts serve as another self-defence mechanism. To get rid of an anti-virus, attackers will need to remove its drivers. The user will certainly notice that their system is being restarted! Alas, by design Linux and Android don't have this kind of self-defence. And if malware succeeds in disabling an anti-virus, it will easily remove it.
The Anti-virus Times recommends
Of course, system restarts do not ruin hard drives. They don't result in increased disk usage. They are needed so that new anti-virus driver versions can be installed that are potentially equipped with new detection routines or new digital signatures that comply with Microsoft’s latest requirements.
Therefore, reboot without fear!