Experts: Don’t Use Multiple Antivirus Solutions on Your Computer

Discussion in 'other anti-malware software' started by FreddyFreeloader, Sep 22, 2013.

Thread Status:
Not open for further replies.
  1. FreddyFreeloader

    FreddyFreeloader Registered Member

    Joined:
    Jul 23, 2013
    Posts:
    527
    Location:
    Tejas
    http://news.softpedia.com/news/Expe...virus-Solutions-on-Your-Computer-381582.shtml
     
  2. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    And this is newsworthy in what way?
     
  3. FreddyFreeloader

    FreddyFreeloader Registered Member

    Joined:
    Jul 23, 2013
    Posts:
    527
    Location:
    Tejas
    Looks like it is to some of the members.
     
  4. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    They probably know and ignore such stuff here. Personally, I think multiple AV's are fine as long as they're in different layers: real-time, on-execution, on-demand, etc.
     
  5. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    I see nothing wrong with using one on-access antivirus program and one or more on-demand ones. The situation described in the article happens only when using multiple on-access antivirus programs.
     
  6. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,726
    Location:
    localhost
    Not just an issue of on-access or on-demand or whatever...

    The issue is that, unless the tool is designed to co-exist with the others, it does not matter if it is on-access or not there can be conflicts at lower level (kernel and the like) from its drivers that you do not necessarily see visibly and that you cannot solve by simply disabling some of the feature of the software but you need to remove the drivers.

    Simply use tools that are designed to co-exist with other security tools and that they can complement each other in terms of layered protection.
     
  7. FreddyFreeloader

    FreddyFreeloader Registered Member

    Joined:
    Jul 23, 2013
    Posts:
    527
    Location:
    Tejas
    A lot of the "Brand X" AV crashed my computer, "was running Brand X + Brand B + Brand Y, and I still got malware," this firewall won't work with this AV, Chrome crashes when using this and that AV, ever think it might be all the rubbish you've stuck on your machine?
     
  8. FreddyFreeloader

    FreddyFreeloader Registered Member

    Joined:
    Jul 23, 2013
    Posts:
    527
    Location:
    Tejas
    Is there a list somewhere?
     
  9. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    It's been over 10 years since I tried the multiple AV route. If I remember correctly, had AntiVir running resident. On demand were AVG, BitDefender, F-Prot for DOS. Back then, the typical AV was well under 10mb in size and didn't require constant access to the cloud. It was also around this time that AVs started updating the program itself a lot more often, adding more features/bloat, and making it harder to disable components that conflicted with other AVs. The option to use the AV as a manual scanner only was one of the first options to go. Yes, you could disable the resident component, but all of the processes still ran, needed or not. Even BitDefender, which was on demand only, had 6 running processes. I managed to disable 4 and run the last 2 with a batch file. It was basically the same story with all of them. Every time one of them updated the app itself, you started all over again. Initially I disabled the AVs own update schedulers and ran them all through the system scheduler, which became very problematic when they updated the programs themselves. Eventually it became too much hassle to get most of them to work strictly as a manual scanner with another AV running resident. All of them kept adding more processes and the system load kept getting heavier. The result was the slowest, most bogged down system I'd ever run.

    I can't comment on the current AVs, but it seems that most are designed to not get along with a competitors product. There are better ways to build a layered security package than duplicating the same layer over and over. You're adding a heavy load to your system with diminishing returns. There are tools that get along well with others. Most of them are not AVs.
     
  10. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,726
    Location:
    localhost
    Not that I know... the common examples are WSA and MBAM. They are designed to work with other security tools and they do explicitly say it in their FAQ/home pages. I am sure there are others.
     
  11. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,468
    Isnt this like one of the 10 commandments for all Wilders members? :D

    You shall never run 2 AV's in real time.
     
  12. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
  13. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    As you said below, the problem is that some AV software is not built to play well alongside others. But in theory, there is no problem to run a "pure" on-demand scanner alongside an on-access one.

    Believe it or not, I did that once (removing the drivers) :) Of course, it was just for fun, not something permanent, but it shows that for some AV products it can be done!
     
  14. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,095
    When I was running WinXP Pro SP2, I subscribed to Trend-Micro for Anti-Virus and Webroot/Spy Sweeper for real-time scanning (which was very light weight to use), and in addition had more than one well known freeware Anti-Virus/Anti-Trojan/Heuristic scanners which I used on-demand in Safe boot mode only once a week after updating their signatures online without launching them.

    -- Tom
     
  15. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    5,965
    Location:
    Parallel Universe
    +1 :thumb:........WSA is very compatible.:)
     
  16. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,726
    Location:
    localhost
    Of course it can be done, but procedure is tricky depending on the product, also consider that some drivers (.sys) are not visible with standard tools (task manager). So you really need a deep inspection.

    Something we cannot recommend to a normal user out there that is still convinced that for removing a software you just need to trash the corresponding folder in 'Program Files' (may be in MACs!) :D :D
     
  17. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    And sometimes it can also sound like this if the other half of the experts speak out!
    "Experts: Don't use Antivirus software they're outdated, a technology from the 80's that hasn't changed a bit" :)
     
  18. Snoop3

    Snoop3 Registered Member

    Joined:
    Jan 2, 2011
    Posts:
    474
    eh, i don't use any AV now - just starting any browser in Sandboxie and then downloaded files get hash checked at VirusTotal. if something were to get by Sandboxie then TinyWatcher might catch it at the next reboot, if not restore from image. most of this stuff is kind of a waste of time though, i could see in the near future maybe just reboot from new image every time or learn to use VM i guess is the next step.
     
  19. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    VirusTotal is antivirus software, and pure real-time antivirus are rare these days. So both of you aren't quite right. ;)
     
  20. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    4,215
    This is one of the reasons I'm using Avira, one can disable just about any of it's modules through 'Programs and features' making it very suitable to be used as an 'on demand' scanner (I have disabled real time, web and mail protection).

    I have Windows Defender real time protection on (which incidentally last week detected and cleaned successfully an instance of conficker worm, first detection of malware in 3 years!) and MBAM also on demand.
     
  21. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    As far as I remember, Avira is still leaving at least a kernel driver active, even if it's installed as purely on-demand scanner. The same can be said about Avast Free as well (after disabling the sandbox it still loads the corresponding driver and hooks the kernel). I wish that AV vendors pay more attention when it comes to this sort of details.
     
  22. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    4,215
    Well I don't know about a kernel driver, but the attached image shows what is running from Avira.
     

    Attached Files:

  23. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,726
    Location:
    localhost
    Not specific to Avira or Avast but you are correct, as said before sys drivers do not show on task manager or similar but still hooks at kernel and still can interact/conflict with other drivers. So, disabling features in the software does not necessarily mean unhooking/unloading these drivers ;)
     
  24. guest

    guest Guest

    Even that still can cause troubles, very rare for most people though. For me, it happens pretty often.

    All the time. :D
     
  25. FreddyFreeloader

    FreddyFreeloader Registered Member

    Joined:
    Jul 23, 2013
    Posts:
    527
    Location:
    Tejas
    I hear you, brother.:)
     
Loading...
Thread Status:
Not open for further replies.