Why only one real-time, resident, AV program?

[brjoon1021]

This seems to be a mantra.

1. Do two cause crashes without exception?

I was pondering running two free AV's like Antivir, AVG, Avast! in whichever combination is stable and gets the job done. My only real reasons for considering this are to save money on an anti-trojan software and to get even better AV security. From my reading here it appears that AV software gets Trojans pretty well and A-T software helps out with the missed ones. Well, two AV softwares running live may do just as well as an AV & AT combination on trojans and probably better on viruses.

Has anyone tried this? Is it a bad idea?

[.....]

Its possible with some AV's, but when you detect a malware they can get a bit "tempremental".

You should be able to the following:
Install Avast! (without standard shield) and Antivir and use them in tandom.
Avast!'s websheild will be scanning mail, p2p, IM, http traffic and using its IDS system while Antivir scanning files on your hard drive.
I could be wrong.

No longer use windows to try this unfortunatly.

[brjoon1021]

Are you saying that there is a need to install or run only some of the Avast components?

[RejZoR]

No,but you have option to deselect/select them as you wish. Standard Shield is the "core" provider. All others are optional. Unless you'll use avast! as secondary scanner...

[brjoon1021]

I am going to try them together, real-time. Avast! is already resident, installed and running, anything that I shoud know about the Antivir install?

Also, I am curious why it is known that Antivir and Avast will play together but no one has mentioned AVG with Avast or Antivir.

I actually think that quite a few AVs if not most leaving aside the heavier and bloatier (is that a word?) ones can co-exist with each other at the same time such that 2 real time monitors might work.

The thing is, it's still a risk, even though after hours of the experimenting/testing, 2 AV running in real time might seem okay, there's a chance (how high no one can say) that conflicts might occur later.

This is the point, where someone will jump in and tell you the horror stories
of BSODs and the like.

It's generally conventional wisdom to be not the worth the trouble espically for beginners, but if you can get it work, good for you, but don't come crying to Mommy (figuratively speaking), if something blows up on your computer.

[.....]

See my edit. Should have said WITHOUT standard shield. DOH!

[LowWaterMark]

Quote:

Originally Posted by -----

I actually think that quite a few AVs if not most leaving aside the heavier and bloatier (is that a word?) ones can co-exist with each other at the same time such that 2 real time monitors might work.

The thing is, it's still a risk, even though after hours of the experimenting/testing, 2 AV running in real time might seem okay, there's a chance (how high no one can say) that conflicts might occur later.

The closest I came to confirming that this was a real issue was not specifically running two resident AV products, but rather running a resident product, fully active, and using a different on-demand scanner to scan an infected file. Here's what I found, for what it is worth...

AVG6 Free was the resident AV that was running. F-Prot for DOS was the on-demand scanner. The malware was simply the EICAR test file in a .COM file. If I double-clicked the EICAR test file, AVG caught it. But, if I used F-Prot for an on-demand scan, it found nothing. (Nor did the F-Prot scan cause AVG to alert on the file at that time, even though it found nothing itself.) However, if I simply disabled AVG's resident protection, F-Prot found the file everytime.

I was able to recreate consistently using those two products, and from that point on I became a believer that two AV products can interfere with each other in unexpected ways. While I did not attempt to find specific test conditions where two resident products would interfere, I made what I considered to be a logical assumption that it was at least possible, and so not worth taking the risk of the two products allowing some malware through while they fought each other for control.

I'm sure there are many cases where you could make two products work fine together, but without either extensive testing of all possible conditions that might occur under normal operations, or an in-depth knowledge of the internal design of both products, I'd probably not recommend doing it.

[TopperID]

Generally AntiVir does not tolerate being installed realtime with another AV. It can lead to unfotunate events, as this thread shows:-

http://castlecops.com/posts102982-0.html

H+BEDV strongly recommend that you do not attempt running AntiVir realtime with another AV.

[Gregory]

Panda TruPrevent Personal 2005 is compatible with other AV's. I'm using the free trial version now.

[bigc73542]

TruPrevent is in actuality just a hurestics add on that will work with quite a few av's.

[jdzworld]

so why cant i find a scanner for the truprevent personal 2005 trial version?? i love the little activescan feature thats on the panda site. but i want my Norton Internet Security becuase that panda firewall on 2006 antivirus + antispyware is annoying.

[SG1]

Well, I'm here as proof of the addage: "when they make things foolproof, the fools get more inventive." <g>

While I've read that one should have only 1 of each type of app (even tho' there may be a slight overlap), at this instant, I'm running AVG 7.0 Pro single edition, NOD32, Ewido security suite, TrojanHunter, SpySweeper, Window Washer, SpyWareGuard, Sygate Pro 5.5 f'wall, and til yesterday I even had DRWEB AV running.

I unistalled it, debating IF I want to go to new 4.33 or not - as I also have Process Guard on this PC and I have read that it and the DR don't play well, together. (In the above mix of apps, I DID HOWEVER let only 1 AV check mail).

I also have anti-fraud (re sites) add-ons in FireFox and IE and Opera browsers, and 1 or more apps to filter mail, if using Outlook Express. And, I've run numerous apps to lock down this and that - you name it, I have or will try it.

AND, read somewhere recently that a name brand co. (and sorry but I forget whom it was) had a blurb on their site, that one AV was "never enough" nowadays - esp. given the trojans and booming credit fraud going on.

(This may just be hyperbole and some creative marketing, from a co. who wants us to buy their AV app, too) perhaps?

But, with XP PRO and all patches and "more secure" NTFS drive, I still found mention of an SQL server (with a rather obfuscated sounding entry, attached to an .ini file) in an Alternate Data Stream of the HD the other day - and it was TrojanHunter that found that.

So - I agree with the others: one can perhaps dabble to a point, but yes, it could blow up in our face - when we noodle one too many settings. But, thus far, the apps all play well together.

SG1 (Pat)

[WSFuser]

Quote:

Originally Posted by jdzworld

so why cant i find a scanner for the truprevent personal 2005 trial version?? i love the little activescan feature thats on the panda site. but i want my Norton Internet Security becuase that panda firewall on 2006 antivirus + antispyware is annoying.

truprevent is purely resident, it doesnt have a scanner. here the link for truprevent trial (ull have to fill out the fields). also it is my experience that truprevent 2005 doesnt like nod32 so i wouldnt consider it completely compatible with other AVs but i havent tried any others as truprevent is too heavy for my tastes.

[jdzworld]

ive come to love the panda activescan so i was wanting that. so how does truprevent personal 2005 know if your cpu is infected b4 u install it?? i dont understand...because its like youre saying itll only detect stuff that comes in AFTER its installed.
on another note, ill have to make a disk image b4 the next time i do a panda activescan. last time i tried(a wk and something ago), i accumulate like 40 gigs of .tmp files so i had to reformat as i couldnt find all of what it did. ive been using it for like 5 months though...they keep on changing stuff lately and friggin screwed me the last time.

i personally have ewido, norton internet security, MSAS(dont run scans or let this try to fix your virus probs though), SG, spybot, and spysweeper and am pretty satisfied w/ those.

You might like to take a look at my experiences running two AV's together in a certain way, without any problems so far !


AVG7 plus AntiVir

http://www.wilderssecurity.com/showthread.php?t=92784


AVG7 and KAV

http://www.wilderssecurity.com/showthread.php?t=100274


StevieO

[WSFuser]

Quote:

Originally Posted by jdzworld

ive come to love the panda activescan so i was wanting that. so how does truprevent personal 2005 know if your cpu is infected b4 u install it?? i dont understand...because its like youre saying itll only detect stuff that comes in AFTER its installed.
on another note, ill have to make a disk image b4 the next time i do a panda activescan. last time i tried(a wk and something ago), i accumulate like 40 gigs of .tmp files so i had to reformat as i couldnt find all of what it did. ive been using it for like 5 months though...they keep on changing stuff lately and friggin screwed me the last time.

i personally have ewido, norton internet security, MSAS(dont run scans or let this try to fix your virus probs though), SG, spybot, and spysweeper and am pretty satisfied w/ those.

well i think truprevent's resident may pick up a virus if its already on ur comp, but its just a heuristic/behavior blocker. u should have a main resident AV of course.

[RejZoR]

I would also like to add:

avast! + NOD32

to SteviO list. Of course one or another has to have the HTTP scanner disabled to work correctly.