Why Ad-Aware Runs as a Service

by Michael on August 15th, 2007 in Developer Comments, Lavasoft Products.

Since we released the new 2007 version of Ad-Aware in June, we are frequently asked why the new product was built as a service. So, we thought we'd take a few minutes here for a quick education on the service, and why it is important to combat the compexities of today's malware.

So, we understand that it may be new for you, but we want you to understand that we are making sure that the new Ad-Aware engine is position to handle the worst the worst as we move forward. I hope this information has been helpful.
The Ad-Aware 2007 Architecture
Ad-Aware 2007 consists of two main parts, the Service and the Graphical User Interface (GUI). The GUI is the part of the program a user sees and needs in order to interact with the program itself; it contains menus, buttons and other controls that are necessary for a user to run the program.

User action is passed from the GUI down to the Service, which contains the core functionality of the program. The Service executes the action, and then reports the results back to the GUI, where it is presented to the user.
What Is a Service?
Services are Windows applications that are launched at system startup and then run in the background, not visible to the user.
What is the Benefit of a Service-Based Approach to Malware Removal?
Malware that emerges today is increasingly complex, displaying wildly varying behavior and operating on many levels in the system. In order to stay a step ahead of these ever-changing security threats, an anti-spyware tool needs to be more powerful, multi-faceted and flexible than ever before.

The implementation of Ad-Aware 2007 as a Service facilitates this needed power and flexibility since a service runs with elevated rights on the system. This means that the user can work in user-mode while the Service maintains the elevated rights it needs in order to properly detect and remove malware infections.
How Does This Affect Resource Use?
During a scan, the CPU use of the Service will vary - parts of the scan are labor-intensive and require a lot of processing power, which can make the computers performance sluggish. Other parts require less computing power and have little impact on the overall performance of the system.

When the service is idle, virtually no CPU power is required, making the impact on system performance negligible.

As for memory use, the service does require a bit of memory, most of which is needed for storing the threats in the Detection Database. It is important to note, however, that when the Service is not in use, the lions share of this memory is paged to the Swap file. In non-technical terms, this means that the hard drive is used to store data that is not currently in use, and then retrieves the data when needed, which makes the actual working memory (RAM) available for other applications.