In TechWorld's forums, Mike Cadden has observed that his PC is being seriously affected by the need to run anti-virus software. It spends more and more time looking for worms, Trojans and other dodgy material, which leaves the computer with less and less processing power for actually doing its job.

Most of us are in the same boat – our machines are going more and more slowly but with the constant stream of new viruses appearing we daren't drop our guard and disable the AV software.

When I used to be a Mac system admin, I remember the advent of Apple's new range of Ethernet cards for the Mac II range. (The range is long gone of course) The card had an on-board Motorola 68000 processor, meaning that users were in the weird situation of their Ethernet card using the same processor as the motherboard of the machine next to it.

Coming forward a few years, the likes of Adaptec have started to migrate processing power to adaptor cards with the TCP/IP Offload Engine (TOE), which does IP processing, packet reordering and filtering on the NIC in order to offload the work from the CPU. This wasn't strictly necessary when the average server had a 100Mbit/sec Ethernet connection, but with Gigabit Ethernet the processing requirement for doing the low-level IP stuff began to take up serious amounts of processor time.

The answer? A VOLE…
It strikes me, then, that the answer is the VOLE – the Virus OffLoad Engine (note that I'm trying to gain acceptance by marketing types by gratuitously capitalising the L in order to make a cute acronym work).

The VOLE would be a PCI-based adaptor with an on-board 80x86-family CPU, running anti-virus operations. Just as with many SoHo firewalls from the likes of NetScreen and Linksys that have in-built anti-virus capability, the AV software itself, along with the virus signature files, would be held on-board in solid-state memory of some kind (no disk required). Instead of the computer's CPU dealing with the AV processing tasks, the work will be handed off to the specialist card.

Some of the hardware required to do all this exists already. As I've mentioned, it's built into many entry-level firewalls, and so the main leap of technology that remains is to transplant it into some kind of PCI-based adaptor that can be plugged into the PC. The main issue with regard to whether this approach will improve performance is that of how one ships control of the AV process from the CPU to the new adaptor without impacting performance – and I have to admit that my technical understanding of PC architecture doesn't extend far enough to know the in-depth technical implications of making it an efficient process. This said, though, the fact that we have graphics adaptors handling graphics processing that the CPU used to do, and network adaptors handling network processing that the CPU used to do, implies that there's some mileage in handing off AV processing from the CPU to a dedicated bit of kit.

Updates and patches
There would, of course, be a certain amount of work done by the PC's hardware, not least arranging to pass off the work to the specialist card. The software for updating the virus definition files and AV software itself would also be based on the PC, which would handle the download and verification of the various updates, pushing them up to the AV card. This workload would, however, be minimal (and in the average case a daily update of the AV software takes no more than a minute or two).

Conclusion
We have dedicated external devices such as firewalls handling anti-virus processing on-board for traffic that comes in and out of the network. We also have anti-virus software that runs in a non-dedicated manner on the CPU inside most of our server and desktop computers. A hybrid of the two sounds like it could bring the benefits of external AV processing (notably the freeing up of internal CPU power) alongside those of internal AV processing (most significantly the ability to spot viruses that somehow sneaked into the network via means other than the external firewall).