In windows 10, I use procexp (from sysinternals) with totalvirus check enable.

Basically, it allows all the running .exe programs signatures be checked at once with 56+ virus checking websites and results shows up in the GUI of procexp.

No wasting of CPU cycles to scan every files in the system, typical < 3 seconds to check all the running programs - Light up green/red in GUI.

https://www.youtube.com/watch?v=RnPtuTbqzd4&t=3s

Love to see google do something similar to this in Android.

It is very trivial for Google to dev, deploy these kind of tools/REST API/website. If this is deploy in billions + Android phones, Google should be able to detected/collected/analyze new/potential malwares instantly.

Known good programs with valid signatures - do nothing.

Unknown programs sig - setup special container and monitors app behavior - collect the binaries if needed.

Also, I think google should be able to separate the Google control portions of AOSP from the 3rd party vendors systems drivers/utilities and allow them to be upgrade separately.

I used to work on porting the AOSP on cell/tablet SOC before. It is doable.

I don't think that, in the grand scheme of things, anti virus programs are really helping. Once you have the machine compromised, hiding from a scan isn't terribly difficult.

> No wasting of CPU cycles to scan every files in the system, typical < 3 seconds to check all the running programs - Light up green/red in GUI.

THis sounds good, but it can take much less than 3 seconds to compromise user-space data and ship it off.

totalvirus -> VirusTotal

This. Parent post doesn't realize this basic architectural advantage that should be leveraged.