Layering Question

Discussion in 'other anti-malware software' started by Makav3l1, Apr 8, 2008.

Thread Status:
Not open for further replies.
  1. Makav3l1

    Makav3l1 Registered Member

    Joined:
    Nov 26, 2007
    Posts:
    241
    I've been a fan of Spyware Terminator for awhile. Do you guys think it's safe to run both Mcafee Antispyware Enterprise and Spyware Terminator in real time on the same computer?
     
  2. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    It possible they wont conflict, but I would stick to running only one.
     
  3. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Hello,
    Two AS programs is not layering.
    Layering means covering different vectors of attack. In your case, the two progams cover only one.
    Mrk
     
  4. Makav3l1

    Makav3l1 Registered Member

    Joined:
    Nov 26, 2007
    Posts:
    241
    I know what layering is, I was just trying to think of a title that wasn't long. That aside, being how AS programs are generally just blacklist applications. Running two could potentially offer more protection than just one, assuming that they don't interfere with each other. I'm actually curious, in what way would these two mentioned programs actually interfere with each other? Not just the general "running two is bad" answer, but an actual specific reason. Thanks.
     
  5. Tarq57

    Tarq57 Registered Member

    Joined:
    Oct 7, 2006
    Posts:
    966
    Location:
    Wellington NZ
    Can't offer a detailed or technical explanation- just don't know enough- but in general terms, running two of the same type of application is only (possibly) going to offer better protection if (1) the databases of the two applications don't share most of the items (unlikely) and (2) they won't interfere with each other should something nasty be found. This is fairly likely. Scenario: nastymalware.exe is detectable by both applications. It tries to run. Application A and B both detect it, almost simultaneously, in that order. Application A locks the malware's process at the same time as application B also tries to delete it, but can't, because it is locked. Worst case scenario, computer freezes, only way out is to reboot, nastymalware.exe installs and runs it's payload before your security programs can act during startup.
    I believe this is (at least in part) what is meant when more knowledgeable folk say things like "ironically, running two may leave you less protected". (No doubt there are permutations, and the example might not be accurate, but I think the general idea is about right.)
    Given that it's far too labour intensive to manually edit each database for overlaps following each definition update, you're far better off choosing one and sticking with it.
    That one might be one that has the more complete defs, and/or has a better cleaning ability, and/or has better features or support, etc. (ST has a form of behaviour blocker, for example.)
    You choose.
     
  6. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    targ57 That was a excellent answer and advice, sounds like you do know enough.:thumb:
     
  7. Makav3l1

    Makav3l1 Registered Member

    Joined:
    Nov 26, 2007
    Posts:
    241
    Thank you for a detailed answer. I'll use ST as an on-demand scanner only.
     
  8. Tarq57

    Tarq57 Registered Member

    Joined:
    Oct 7, 2006
    Posts:
    966
    Location:
    Wellington NZ
    Which might lead to your next question: What application would you choose for a demand anti malware scanner?
    (I used to be quite a fan of SpywareTerminator, too.)

    djohn, thanks for the kind words.
     
  9. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
    If your using Sandboxie with your internet facing applications, then you shouldn't have to worry about spyware/adwares unless you download something and recover it from the sandbox. Then you could scan the download on-demand/manually before executing the download. Also, always download from a reputable source.

    It isn't about the amount of layers you have that protects you, it's more about understanding your programs and the protections they provide as well as the 'realistic threats' that are out there. It also important to take into consideration your daily habits as well as those that use your machine/s. Also, keep your important programs (Java, Flash, Windows, media players etc.) up to date. See the link in my sig. to see if your up to date. A Java spyware exploit can't install while browsing if Java is up to date and has the exploit patched ;).

    Theoretically, you would be fine with Comodo, a free AV and Sandboxie depending on your knowledge and habits. If you do dangerous things, then a light virtualization application could help. For scanning downloads, your AV and 2 anti-spyware/malwares would be more than enough. You could also upload the file to Virustotal or Jotti to scan things you are unsure of.

    I hope this helps and I hope I was accurate.
     
Thread Status:
Not open for further replies.