Compatibility issues among different security products

Discussion in 'other security issues & news' started by Wai_Wai, Aug 16, 2005.

Thread Status:
Not open for further replies.
  1. Wai_Wai

    Wai_Wai Registered Member

    Joined:
    Dec 28, 2004
    Posts:
    556
    Compatibility issues among different security products

    You know, conflicts and incompatibility are something which can be hidden but hampening our operating system. So if you have understandings on security products, would you mind answering me the following questions:

    Will the following situaitions create possible conflicts and incompatibility (no matter noticeable or not):
    1. Two or more running anti-virus(AV) programs
    2. Two or more running anti-trojans(AT) programs
    3. Two or more running anti-keylogger(AK) programs
    4. Two or more running firewall
    5. Two or more running Anti-spyware(AS) programs (real-time enabled)
    6. Two or more running intrusion prevention programs (eg ProcessGuard, Viguard, System Safety Monitor)
    Tell me generally why if possible.

    Now it's going to be more complex.
    Will this following combination create possible conflicts and incompatibility (no matter noticeable or not):
    - combination of AV, AT &/or AK programs
    - combination of AV & AS (both real-time protection on)
    - combination of the above 2
    Tell me generally why if possible.

    Thanks so much for your help.
     
  2. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    In terms of the most common possible conflicts:

    1) Two AV's configured with on-access protection are likely to conflict. However, at this time, I am trying out NOD32 with Internet monitoring alongside KAV with on-access only (no IDS) and it seems to be working O.K. I don't know whether I will keep it, but I am bored. ;)

    2) One AV with one or more ATs. Possible conflicts. I had conflicts with TDS-3 and the previous version of Trojan Hunter, but none with Ewido, A-squared, and BOClean. So, its a maybe as far as I can tell.

    3) Two firewalls will probably create conflicts.

    4) Two or more HIPS systems - e.g. anti-keylogger, anti-executable, etc. Possibly. I have certainly had problems with some of the HIPS products, but I don't know if they were caused by conflicts or just bugs in the software. But right now, I am able to run ProcessGuard, RegDefend, Online Armor, and WormGuard concurrently. I don't think it is a good idea to overlap defenses since it may get in the way of the hooking logic that may be employed by these products.

    5) Anti-spyware. I don't think they conflict with anything - including spyware. :) Stopped running these a while ago.

    Hope this helps,
    Rich
     
  3. Wai_Wai

    Wai_Wai Registered Member

    Joined:
    Dec 28, 2004
    Posts:
    556
    Here's my experience:
    =========================
    1. Two or more running anti-virus(AV) programs <--Yes, it should if you turn on real-time
    2. Two or more running anti-trojans(AT) programs <-- (see above)
    3. Two or more running anti-keylogger(AK) programs <-- (see above)
    4. Two or more running firewall <-- (see above)
    5. Two or more running Anti-spyware(AS) programs (real-time enabled) <-- Not sure, but seems so. I once tried to install both CouterSpy & MS Anti-spyware. I installed CS last. After CS is installed, MSAS real-time protection is deactivated.
    6. Two or more running intrusion prevention programs (eg ProcessGuard, Viguard, System Safety Monitor) <-- It should be as far as I know.
    ==========================

    Now its combinations:
    AV, AT, AK can have conflicts!
    But it seems it has no conflicts between AV and AS. Do you have experiences where these 2 conflicts?
     
    Last edited: Aug 21, 2005
  4. Wai_Wai

    Wai_Wai Registered Member

    Joined:
    Dec 28, 2004
    Posts:
    556
    Hmm...
    I wonder if OA and ProcessGuard will really not get any conflicts since their defense have good numbers of overlaps.
    You'd better check carefully if you have not done.

    I usually prevent overlapping. If I'm not sure, to be on a safe side, I will simply not install it (except when I'm doing tests :)
    I read one article that it advise users not to overlap defense since it not only gets extra benefits, but also have side-effects. (Eg 2 products may offset each others and nullify the protection). What make it worse is it may not trigger any errors which imply you may not notice it.
    I don't wish to purchase and install software and found out they are not really wokring as they are supposed due to conflicts.




    Hmm... Do you mean you can run more than 1 AS concurrently with real-time protection on?

    Spyare is designed to live with AS, so they will not conflict with them :p


    Finally thanks so much for your reply.
    You have given me a lot of good information. ;)
     
  5. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,041
     
  6. Wai_Wai

    Wai_Wai Registered Member

    Joined:
    Dec 28, 2004
    Posts:
    556
    Thanks for tellng me your experience.
    Just to confirm.
    Since you said "my machine conflicts usually are blue", you are using from Windows XP down to Wins 95. And it seems the conflicts to me means Blue Screen of DEath, or critical errors which will crash programs all together.

    Here are one of my worries:
    - have you checked carefully or for sure that they function properly in every aspect?
    Take my 2 AS realtime on as an example.
    When I install the second AS, both AS can live with each other fine. However if you look closely, generally speaking, it seems the second one has taken over the control on the first one. So all real-time protection in my first AS, altho appeared on, is indeed off.
    If you look even closer, some protection seems not working. The program saying "it is protecting you" doesn't mean "it is really protecting you". The GUI often (learn to) lie unfortunately :( How can I know if it doesn't work? What you need to do is to try to do a test and see if it can really block it.

    If the above answer is negative, I think it is worthwhile to confirm it, so you can know if all your security guards are really getting along well with each other, or they may have arguments/complaints in some areas where they do not doing (some aspects of) their jobs well.

    As a matter of facts, conflicts can often be NOT that "visible/noticable". It's somewhat like a hide-and-seek game where we have to search, detect & catch them.

    It's not good to see if it is apparently secure but in fact it's just a false sense of high security.


    Yes, you are right since computing is complex. :p
    After all, thanks for your sharing of experience. :)
     
  7. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,041
    Hi Wai Wai

    To answer your questions.

    1. Yes I am running Windows XP Pro SP2 fully current.

    2. By conflicts usually a BSOD, or some other equally graceless exit, resulting in the machine rebooting. Also means that there isn't an issue causing usage of CPU when I am not doing anything.

    3. As to the programs all working. I have I run what would be called a scientific test, but I know for example if something changes in the registry 2 of them should object, and they both do. I also know if I run a changed exe, two of them should object, and they do. When I install new software, I do it in a way that PG will be silent so it is. I would expect certain responses from OA, SNS and Regdefend, and I do get them. So would I say all the programs are working and doing what they are supposed to do. Yes.

    Doesn't mean that there might be 1 specific issue where they aren't, but if that is the case, in my situation I really don't care.

    The cost of these four programs, as well as others I run, are trivial compared to the cost to me of getting infected. Even if the incremental gain of the is only 10% it is worth it to me.

    On the other hand, I also had Prevx1 on until recently. There was as far as I could tell total overlap and it was annoying me, so it went bye bye.

    Hope this helps.

    Pete
     
  8. Wai_Wai

    Wai_Wai Registered Member

    Joined:
    Dec 28, 2004
    Posts:
    556
    From what you says, it looks promising that they are working fine. I still wish to get extra protection by overlapping. But since I am afraid of being worse off (unknowingly), I am hesitant when I make such a decision.

    Comforted by your statement, I am going to install more than 1 intrusion prevention system later on. I know my only 1 have some weaknesses. Installing 1 more will prevent me form losing sleep at night :D
    Good news :D

    And good to see you don't mind the annoying alerts. You know, some people cannot bother all these annoying alerts. I do not mean to criticise them, just wish to point out it can be so annoying that it really gets deeply in people's hair.


    Are you keeping a lot of sensitive information in your computer :p ?
    By the way, how many programs are you running?
    Would you mind listing them all?

    PS: I realised your signature. But I wonder if it is all you run in your computer.
     
  9. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,041
    Hi Wai Wai

    When you say how many. Hmm. Okay

    Programs that I tend to run during the day working

    Security

    Outpost 2.7 Firewall
    KAV 5.0
    Process Guard
    Online Armor
    Safe'n'Sec
    Regdefend
    First Defense - ISR
    (note I also have Counterspy and Spysweeper, but do not run them realtime)

    Non Security

    AOL for Radio@aol on most of the day
    Microsoft Office 2003 (Use various components during the day)
    Quickbooks 2005 On and off during the day
    AJC Active Backup (archives multiple versions of specified files)
    Scansoft Paperport (on and off during the day)
    Neoticker 4.0 Realtime Futures/Stock Market Program.

    That covers the major stuff.

    Pete
     
  10. Wai_Wai

    Wai_Wai Registered Member

    Joined:
    Dec 28, 2004
    Posts:
    556
    Thanks.

    As to:
    =========================
    Process Guard
    Online Armor
    Safe'n'Sec
    First Defense - ISR
    =========================

    So it seems you are running 4 intrusion protection systems in your computer. I don't know much about First Defense - ISR, but I tihnk it should be.

    Do you know what the differences among these 4?
    Why do you choose to run 4 of them?
    Is it just due to that you wish not to reply on 1 program to protect you from that kind of weaknesses?
     
  11. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,041
    Only the first 3 are Intrusion protection. If you want specific differences, you can tablulate all the features for each as spelled out on their websites.

    First Defense is a form of Rollback system. I have a permenent 2nd snapshot of my entire system, from which I can recover from anything but a hard disk crash. See www.raxco.com
     
Loading...
Thread Status:
Not open for further replies.