Which AVs are you running together?

[Hungry Man]

I run no AV... there are plenty of alternatives to an AV for protection,

[pabrate]

Quote:

Originally Posted by John Bull

Classic what ?

Well it`s kinda like bombing up the Freeway on your Harley at 150 mph with no brakes.

John

Yeah, kinda depends on the driver
Guess you're still on the bike

[J_L]

Quote:

Originally Posted by G1111

Emsisoft AM & MBAM. No conflicts here.

This is the reason I've made my post. MBAM isn't an AV, and EAM is made to be compatible. Totally not 2 AVs running together.

Quote:

Originally Posted by pabrate

You guys are too scared
I see no reason to even run one AV, let alone more.

Link to your setup, and let's see how confident you are. I'd rather be cautious than cocky.

[Konata Izumi]

regardless if the user excluded the AVs from scanning each other.
if you have 2 antivirus realtime, here are some known cause of conflicts:


both of them will register itself in Windows Action Center

both might be working on same ring for their self-protection against termination

both of them might identify and a single file as malware and will try to prompt/notify you about the detection at the same time.

*******************

harddisk is burning bacons!

[Konata Izumi]

Quote:

Originally Posted by J_L

Link to your setup, and let's see how confident you are. I'd rather be cautious than cocky.

My sig.


all user directories are forced sandbox.
all threatgates (mediaplayers/internet facing apps) are sandboxed.
default-deny everywhere except on sandbox folder.

[trjam]

ok, ok, maybe this is my fault and I didnt express myself to well. And well, that and Mr Bull is about to blow a gasket, so let me ask it this way.

What is the difference in 2 AVs scanning a file and say a AV and another product. I am just asking to learn, obviously. As I said earlier, to me a AV product is only different from another because of the name we give it. We call all of these by different names but they are still just computer coding are they not.

I say this because I still dont understand. What makes a AV peoduct different then all the others so that 2 are wrong, but not one and another type.

Geez, is a AV and MBAM totally different then 2 AVs.

And if a vendor say there product is safe to use alongside a AV, why? What did they do differently over a vendor who says theirs isnt.

[Boost]

Quote:

Originally Posted by Hungry Man

I run no AV... there are plenty of alternatives to an AV for protection,

This ^

Beening running the setup for almost 2 years without one.

Paranoid city = Wilders!

[cozumel]

Quote:

Originally Posted by trjam

And if a vendor say there product is safe to use alongside a AV, why? What did they do differently over a vendor who says theirs isnt.

Taking ESET and Outpost as an example of how vendors work things differently. Oupost automatically disables antispyware protection if ESET AV is detected to avoid a conflict (although OP still detects/removes during scheduled scans).

[cozumel]

Quote:

Originally Posted by Konata Izumi

if you have 2 antivirus realtime, here are some known cause of conflicts:


both of them will register itself in Windows Action Center

both might be working on same ring for their self-protection against termination

both of them might identify and a single file as malware and will try to prompt/notify you about the detection at the same time.

Apart from obvious drain on system resources, why is it bad to have two av identifying same file as malware simultaneously? Is there anything to indicate having two avs running realtime would reduce the chance of malware of being identified / removed?

[Hungry Man]

Cozumel, I think I answered that on the last page.

[cozumel]

Quote:

Originally Posted by Hungry Man

Yup. As long as you understand that this is a widely accepted idea and that there have likely been tests in the past and that there's no real reason to believe that this isn't the case, of course.

I completely understand and that is why I 100% accept the theory. It's just the evidence thing that bugs me...

I also accept that if software (and end-user) are correctly configured there is no need for av at all. After all, malware only target weaknesses in system configuration, software and end-user procedures.

Edit: @ Hungry Man - Just checking previous page as it appears I missed something....

Edit2 : @ Hungry Man - okay re-read last page and my question was answered, just that I'm searching for some test results. I'm going do some searching during the week (googling) on what tests have shown. This thread is interesting. Making me think about theories that I have taken for granted for several years. I feel like a lemming right now

[Hungry Man]

Quote:

Is there anything to indicate having two avs running realtime would reduce the chance of malware of being identified / removed?

I mean to say that I answered this part here.

Quote:

If AV 1 is unable to scan because AV 2 screws something up you may end up with a false positive... or AV2 might mess with a.exe in a way that makes it seem more legitimate and the file may be incorrectly marked as valid.

Or simply that they both try to scan it, conflict, and both are unable to scan it.

[cozumel]

^^^^got it lol ^^^^

I'm still going to research this, if I can find the time this week. I'll post back with test results if research is successful...

[Page42]

Quote:

Originally Posted by John Bull

Well it`s kinda like bombing up the Freeway on your Harley at 150 mph with no brakes.

Quote:

Originally Posted by pabrate

Yeah, kinda depends on the driver
Guess you're still on the bike

Well said, pabrate.
Most intelligent people, even if still running an AV, can easily see that there are alternative, equally (or more) secure ways to protect a computer.

[Konata Izumi]

self-protection is IMO the most primary cause of conflicts between security softwares.

antimalware advertising itself to complement with other AVs usually has different approach for their software's self-protection or has no or very minimal self-protection.

imagine what will happen in a process termination attack (either by malware/legitimate app) if you have 2 AVs working in the same ring for their self-protection.

[sded]

See attachments for Windows Action Center responses to using OA++, Avast!, WSA as being fine together. There are certainly ways poor designers and developers can screw things up, but no inherent reason that these AV/AS programs can't work together in real time, and there are lots of users proving it here. And on demand scanners can't really have exclusive access to your files or your system would stop working every time one of them did a scan. The only "conflicts" I have seen in the modern programs I am using is that occasionally the shield of one is "more powerful" than the shield of another, and blocks/allows activities before the other can get to it for some related feature. Sometimes it takes a couple of bug reports from us beta testers to get them all working as desired. I look at this as kind of like the complaints about amount of RAM-I have 4GB, the trade between space and time has not gone away, so developers, go find the "knee in the curve" in terms of performance and use that much RAM to make things run faster.
As far as why I run them together:
For OA++ I am a beta tester, and my tester license won't let me downgrade to premium. Since the ++ feature causes no problems, and is not costly or redundant with the other AV/AS, I don't consider it a problem.
Avast! is a program I have used for several years, performs very well, is very unintrusive as far as maintenance, and has added lots of new useful capabilities (like the sandbox and safezone) as well as adding features to its shields that are in addition to just scanning the files. It also runs offline, which is important to me because I am often disconnected from the internet and get things like flash drives I need to deal with. (I sail places on my boat).
As far as Prevx/WSA, I am a fan of their approach to the whole problem. Treating the users as nodes in a collection system with no opt-out, providing real time ("cloud" aka "service center") information when something new appears in your system, keeping track of your system configuration, intensive use of heuristics, lots of good ideas for new malware. But still a work in progress, and I am still evaluating the new "Webroot" features. So far it seems like a very smooth transition, though-lots of favorable responses. I find them interesting enough that this is the one license I actually pay for, but Avast! 7 may be a challenge to them based on what little Vlk has said.
So my thoughts; not an expert (I am not a Windows programmer), but do have degrees in Mathematics and studied EE in graduate school a million years ago.

[AnonOT]

I tried running Avast and Avira before(of course excludes each others prog folder etc)
when one detects a malware, the other doesn't bother it(so yeah didn't see conflicts at least)

Avira was always the first to detect the malwares XD

well I only tried it for a few hours since I don't really think its necessary to use more than 1 AV(in realtime)

[J_L]

Quote:

Originally Posted by trjam

What is the difference in 2 AVs scanning a file and say a AV and another product. I am just asking to learn, obviously. As I said earlier, to me a AV product is only different from another because of the name we give it. We call all of these by different names but they are still just computer coding are they not.

I say this because I still dont understand. What makes a AV peoduct different then all the others so that 2 are wrong, but not one and another type.

Geez, is a AV and MBAM totally different then 2 AVs.

And if a vendor say there product is safe to use alongside a AV, why? What did they do differently over a vendor who says theirs isnt.

They work in different layers. For example, network, on-access, on-execution, scheduled, manual, etc.

Different technology. Same ones usually conflict. Suites exist, because of that compatibility.

Obviously, MBAM scans on-execution (not on-access), delays startup, no self-protection, etc. All just to make it compatible with an AV.

They've all done different things, but usually similar ones to MBAM.

[Konata Izumi]

Oh why does windows center need to put red x in the flag and say I have multiple antivirus running?

[sded]

Probably took them until Windows 7 to become enlightened. See attachments above.

[Konata Izumi]

Quote:

Originally Posted by J_L

Obviously, MBAM scans on-execution (not on-access), delays startup, no self-protection, etc. All just to make it compatible with an AV.

They've all done different things, but usually similar ones to MBAM.

and Prevx stated that they let the other AV to scan first.

[Konata Izumi]

Quote:

Originally Posted by sded

Probably took them until Windows 7 to become enlightened. See attachments above.

nope, because windows know it might cause conflict or slowdowns.
and you don't get to see all conflicts and causes of slowdowns with bare eyes

there is also the additional attack surface.


EDIT: and too much disk IO... most important for me is hdd life and performance

[justenough]

Breaking: I can no longer claim to be in the "2 anti-viruses running at the same time" club. It seemed like over-kill to have both MBAM and Windows Defender running, and felt really really really heavy. So I turned off Windows Defender. This is much better, if still barely tolerable.

[Hungry Man]

MBAM is designed to work with another AV just fyi, you won't see conflicts though performance could still be an issue.

Quote:

Originally Posted by Hungry Man

I run no AV... there are plenty of alternatives to an AV for protection,

Right on Hungry Man I'll back you all the way on this one

I would recommend only one single real time av for those who have no interest or inclination in exploring non-conventional forms of pc security.