Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Everyone says only one. But they have three?

  • Please log in to reply
15 replies to this topic

#1 Gatorade96


  • Members
  • 55 posts
  • Local time:01:33 AM

Posted 05 April 2009 - 02:17 PM

Everyone always says to only have one antivirus product. I can understand that. Two may conflict with each other thinking each is actually a virus. But then when asked what they have most will tell you 3-4 products? So either we have a lot of "Do as I say, not as I do" or they are only running one antivirus and the others just look like antivirus. So can anyone give me the low down on whether the following are conflicting or if they don't do the same thing but just seem like it?

AVG (Antivirus)
Spybot Search and Destroy
Norton Antivirus (Antivirus)
Malwarebytes Anti Malware

Basically I am trying to decide what to have to protect my computer. However at any one time I have had all of these programs on my computer. I don't mind paying for protection but don't know if paying actually means better. I want a program that will monitor my surfing and emails. I primarily use FireFox and IE, with Yahoo for email. However I also have Outlook for my bellsouth address as well. The latest problem I had was Vundo.H when my wife opened a Hallmark card she thought her aunt sent.

So any thoughts?

Also just one more quick question. Norton Firewall, or Windows Firewall? Thoughts on one or the other?


BC AdBot (Login to Remove)


#2 Queen-Evie


    Official Bleepin' G.R.I.T.S. (and proud of it)

  • Members
  • 16,485 posts
  • Gender:Female
  • Location:My own little corner of the universe (somewhere in Alabama). It's OK, they know me here
  • Local time:12:33 AM

Posted 05 April 2009 - 03:12 PM

They are correct, you should use only one antivirus product. You have 2 antivirus products in your list. The others are MALWARE scanners. They are not antivirus protection programs. It's perfectly ok to have more than one malware scanner, in fact it is recommended because malware comes in so many forms that multiple tools are needed to combat it. I suspect that when you say "most will tell you 3-4 products" they are referring to malware scanners not antivirus programs. It's up to you whether to purchase or use free products. For most users, free editions of malware scanners are enough.

AVG (Antivirus)
Spybot Search and Destroy (spyware/adware removal)
Ad-Aware (spyware/adware removal)
Norton Antivirus (Antivirus)
Malwarebytes Anti Malware (malware removal)

A good security suite should monitor your surfing and emails. Free programs usually offer only basic protection and don't include the advanced features found in the full version which are offered for purchase.

I can't answer your question about Norton or Windows firewall, as I know nothing about the Windows firewall. Someone else will have to address that.

#3 Romeo29


    Learning To Bleep

  • Members
  • 3,194 posts
  • Gender:Not Telling
  • Location:
  • Local time:12:33 AM

Posted 05 April 2009 - 03:50 PM

If you run more than one antiviruses:

1. they will consume alot of your resources as most antivirus use lots of cpu and ram. result: your pc would become sluggish
2. they may give false positives owing to each others scanning activity at same time
3. they may fail to catch a virus in time because of each others interfering activity.

So keep only one antivirus, which is good enough for any PC.

But if you insist on using more than one antivirus, you can use HandyBits VirusScan Integrator :http://www.handybits.com/vsi.htm

Windows Firewall or Norton?
WinXP Firewall is a very simple and basic firewall.
1. Windows Firewall controls only inbound connections not outbound, so what if you have a trojan or malware acting as server?
2. It cannot prevent DoS attacks

So it is better to use a 3rd party firewall.

#4 youthedog4


  • Members
  • 110 posts
  • Gender:Male
  • Location:Playing pokerr
  • Local time:01:33 AM

Posted 05 April 2009 - 03:50 PM

Do not download Spybot Search & Destroy.. I eventually figured out it deletes .dll files that you need.. it deleted one that helped my computer log off and I had to reinstall windows vista to get logging off to work again..

#5 Gatorade96

  • Topic Starter

  • Members
  • 55 posts
  • Local time:01:33 AM

Posted 05 April 2009 - 07:26 PM

OK. I guess I was just a little confused with the way a Spyware/Malware program acts as opposed to a true Antivirus program. A lot of the Spyware/Malware programs remove viruses as well. Maybe it is just because they remove infections but won't stop them? Where as the AVG and Norton will keep infections from happening? Thanks for the input on the firewalls as well. That makes me want to lean a little more toward the suite.

#6 Animal


    Bleepin' Animinion

  • Site Admin
  • 35,559 posts
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:10:33 PM

Posted 05 April 2009 - 08:12 PM

Let me confuse you a little more. :thumbsup: You may see some people with more than one antivirus present. However one is or should be turned off or disabled. While one is active or 'real-time' protection enabled. This is due to some subscribing to the no one anti-virus catches everything theory. Then when it comes time to scan they reverse the process and enable the one that was disabled to run another scan. It all depends on your level of trust and need for security. But yes only one anti-virus working 'real-time'.

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)

A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)

"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)

Follow BleepingComputer on: Facebook | Twitter | Google+

#7 Pandy



  • Members
  • 9,559 posts
  • Gender:Female
  • Local time:01:33 AM

Posted 05 April 2009 - 08:20 PM

But yes only one anti-virus working 'real-time'.

YES! Someone says it LOL

I use 2 Anti Virus scanners. AVG and SuperAntiSpyware. I use AVG for real-time as Animal states. The SuperAntiSpyware politely sits in my system tray minding it's own business, only asking for it's updates when it is needed. LOL This way works fine. I have had 3 and 4 AntiVirus scanners on my computer at different times. I just make sure anything extra I have is set to NOT do any scans automatically.

Do not anticipate trouble, or worry about what may never happen. Keep in the sunlight.

Hide not your talents. They for use were made. What's a sundial in the shade?

~ Benjamin Franklin

I am a Bleeping Computer fan! Are you?


Follow us on Twitter

#8 scff249


    Indecisive Lurker

  • Members
  • 1,319 posts
  • Gender:Male
  • Location:A galaxy far, far away...
  • Local time:12:33 AM

Posted 05 April 2009 - 09:06 PM

:thumbsup: Er....isn't SAS an Antispyware scanner?

"Ototo'i wa usagi o mita no...Kino wa shika...Kyo wa anata." -Kotomi Ichinose (Clannad) [see below for translation]
"Day before yesterday I saw a rabbit, and yesterday a deer, and today, you." -The Dandelion Girl
"You are not alone, and you are not strange. You are you, and everyone has damage. Be the better person." -Katawa Shoujo

#9 Orange Blossom

Orange Blossom

    OBleepin Investigator

  • Moderator
  • 36,994 posts
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:01:33 AM

Posted 05 April 2009 - 09:42 PM

Yes, SuperAntiSpyware is an anti-spyware program and not an AntiVirus program.

Regarding Anti-Spyware programs, I think it is also good to have only one of those running real-time as well.

You can see what I have in my signature. If I upgraded to the paid version of MBAM, I'd shut off the SAS real-time protection.

To confuse things further, there used to be a separate AVG AntiSpyware program not to be confused with their AntiVirus program. I remember in the past constantly asking for clarification of which program a member had when they simply stated: AVG.

Edited to add: Real-time protection means that the program will scan files as you open or download files. I believe some will actually randomly scan files if you are not actively opening or downloading files etc. This is different from a scheduled or manual scan which uses many more resources. Whenever doing scan, only run one scan at a time regardless of what kind of program. There are a couple reasons for this: 1) Such scans take a LOT of resources. 2) The scanners would fight each other over the files.

Orange Blossom :thumbsup:

Edited by Orange Blossom, 09 April 2009 - 02:53 PM.
Spelling and BB code correction. ~ OB

Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#10 frankp316


  • Members
  • 2,677 posts
  • Local time:12:33 AM

Posted 06 April 2009 - 06:05 AM

AVG Anti Spyware used to be Ewido until Grisoft bought it. It's not as good as it used to be. Part of the problem is that Grisoft used to only have AVG Anti Virus but in the last couple of years have bought Ewido & Link Scanner in an effort to market their product as a security suite instead of individual products. That has been very confusing to many users.

#11 Elise


    Bleepin' Blonde

  • Malware Study Hall Admin
  • 61,252 posts
  • Gender:Female
  • Location:Romania
  • Local time:08:33 AM

Posted 06 April 2009 - 06:11 AM

I want to add to the above that windows firewall is definitely NOT enough. Read this tutorial for more information.

regards, Elise

"Now faith is the substance of things hoped for, the evidence of things not seen."


Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome


Malware analyst @ Emsisoft

#12 Gatorade96

  • Topic Starter

  • Members
  • 55 posts
  • Local time:01:33 AM

Posted 06 April 2009 - 06:50 AM

Thanks for all the replies. :thumbsup: This really helps to clarify things for me. I can see how having multiples but only one active is a great defense. That way I could buy a suite for daily use and still use the free ones to sit and wait for me to scan with them. The suite would also have a better firewall for me so the suite makes sense.

#13 Guest_Kaiten_*


  • Guests

Posted 06 April 2009 - 10:50 AM

There are two windows firewall, one in XP and one in Vista. The firewall in XP is not enough and the firewall in Vista is enough.

So if you are talking about the XP Firewall, use another one. Because it is not enough.

And if you are talking about the Vista Firewall, you can use that one. Because it is enough.

#14 burn1337


  • Banned
  • 311 posts
  • Gender:Male

Posted 07 April 2009 - 06:20 PM

Kaiten - I have 2 hardware firewalls, one Linksys, one DD, plus on my Vista machine, I have windows firewall running, Windows Defender, (Though I do not use the security center), Avast AV, with network shields(aka firewall), and Adaware AE... And still I feel it is not enough... On my linux machine, I have SELinux, Avast AV, IpTables, and the Linux Firewall... And still I feel it is not enough...

#15 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 51,608 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:33 PM

Posted 09 April 2009 - 08:11 AM

Let me expand on a few things that have been said.

Using more than one anti-virus program is not advisable. The primary concern with doing so is due to conflicts that can arise when they are running in real-time mode simultaneously. However, even when one of them is disabled for use as a stand-alone scanner, it can affect the other. Anti-virus software components insert themselves into the operating systems core and using more than one can cause instability, crash your computer, slow performance and waste system resources. When actively running in the background while connected to the Internet, they both may try to update their definition databases at the same time. As the programs compete for resources required to download the necessary files this often can result in sluggish system performance or unresponsive behavior.

Each anti-virus will often interpret the activity of the other as a virus and there is a greater chance of them alerting you to a "False Positive". If one finds a virus and then the other also finds the same virus, both programs will be competing over exclusive rights on dealing with that virus. Each anti-virus will attempt to remove the offending file and quarantine it. If one finds and quarantines the file before the other one does, then you encounter the problem of both wanting to scan each other's zipped or archived files and each reporting the other's quarantined contents. This can lead to a repetitive cycle of endless alerts that continually warn you that a virus has been found when that is not the case.

Anti-virus scanners use virus definitions to check for viruses and these can include a fragment of the virus code which may be recognized by other anti-virus programs as the virus itself. Because of this, most anti-virus programs encrypt their definitions so that they do not trigger a false alarm when scanned by other security programs. Other vendors do not encrypt their definitions and they can trigger false alarms when detected by the resident anti-virus. To avoid these problems, use only one anti-virus solution. Deciding which one to remove is your choice.

Most anti-virus vendors recommend that you install and run only one anti-virus program at a time:When necessary, you can always get another opinion by performing an Online Virus Scan.

In contrast, using more than one anti-spyware program with or without real-time protection increases your protection coverage without causing the same kind of conflicts or affecting the stability of your system that can occur when using more than one anti-virus. Even if your anti-spyware programs are not running in real-time, the overlap of protection from using different signature databases will aid in detection and removal of more threats when scanning your system for malware.

No single product is 100% foolproof and can detect and remove all threats at any given time. The security community is in a constant state of change as new infections appear. Each vendor has its own definition of what constitutes malware and scanning your computer using different criteria will yield different results. The fact that each program has its own definition files means that some malware may be picked up by one that could be missed by another. Thus, a multi-layered defense using several anti-spyware products (including an effective firewall) to supplement your anti-virus combined with common sense and safe surfing habits provides the most complete protection.

Choosing a security toolkit with anti-virus and anti-malware programs is a matter of personal preference, your technical ability and experience, features offered, the amount of resources utilized, how it may affect system performance and what will work best for your system. A particular combination that works well for one person may not work as well for another. You may need to experiment and find the ones most suitable for your needs. Another factor to consider is whether you want to use paid for products or free alternatives.

As a general rule most security toolslike Malwarebytes' Anti-Malware, SuperAntispyware, Spybot S&D, SpywareTerminator (without the optional Clam AntiVirus integration), etc will not conflict with your anti-virus program, although some of them may provide redundant alerts which can be annoying. However, you can overkill your system with resource heavy security programs that will drain your resources and slow down performance. Sometimes you just have to experiment to get the right combination for your particular system as there is no universal solution that works for everyone.

Windows XP firewall protects against port scanning but has limitations and it is no replacement for a robust 3rd-party two-way personal firewall.
  • The XP firewall is not a full featured firewall. Normal firewalls allow you to specifically control each TCP and UDP port but XPís firewall does not provide you with this capability. Instead, it takes a point and click approach to enabling or disabling a few common ports.
  • The XP firewall does a good job of monitoring, examining and blocking inbound traffic but makes no attempt to filter or block outbound traffic like most 3rd-party personal firewalls.
  • Thus, the XP firewall does not identify which programs attempt to initiate outbound network or Internet communications nor does it block the traffic when suspicious activity occurs.
    • This feature can be helpful in preventing many types of malware attacks that may attempt to open ports or communicate with outside servers without the user's knowledge or consent. It also means that if your system has been compromised, a hacker could use your machine as part of a distributed denial of service attack.
  • By default, Windows Firewall rejects all incoming traffic unless that traffic is in response to a previous outgoing request. If you're running Windows XP Service Pack 2 (SP2), Windows Firewall is turned on by default. If your Firewall is not turned on by default, then your using an unpatched OS and need to update your system to SP2.
Windows Vista Firewall offers two-way filtering for better security but its the bare minimum and still limited. By default, most outbound filtering is turned off (outbound connections are allowed) and inbound filtering is turned on (inbound connections are blocked). Configuration is confusing and there is no practical way to to configure outbound filtering to stop all unwanted outbound connections. You can only turn inbound filtering on or off, and through the various tabs, configure how inbound filtering works. For independent reviews, read Vista Firewall Fails on Outbound Security and Windows Vista's Firewall.

If you choose a 3rd-party firewall, before installing it make sure you turn off the the Windows firewall. For instructions with screenshots, see How to turn off the Windows Firewall in SP2 or How to turn on or off the Windows Vista Firewall.

Why? Using two software firewalls on a single computer could cause issues with connectivity to the Internet or other unexpected behavior. Further, running multiple software firewalls can cause conflicts that are hard to identify and troubleshoot. Only one of the firewalls can receive the packets over the network and process them. Sometimes you may even have a conflict that causes neither firewall to protect your connection. However, you can use a hardware firewall (your router) and a software firewall (Kerio or ZoneAlarm) in conjunction.
A hardware firewall is really a software firewall running on a dedicated piece of hardware or specialized device (routers, broadband gateways) that sits between a modem and a computer or network. A hardware firewall is based on "Network Address Translation" (NAT) which hides your computer from the Internet or NAT plus "Stateful Packet Inspection" (SPI). It can provide a strong degree of protection from most forms of attacks coming from the outside (incoming traffic). Hardware firewalls are easy to configure and can protect every machine on a local or home network. A hardware firewall typically uses packet filtering to examine the header of a packet to determine its source and destination addresses. This information is compared to a set of predefined or user-created rules that determine whether the packet is allowed (forwarded) or denied (dropped) on particular ports. They tend to treat any kind of traffic traveling from the local network out to the Internet as safe which can be a security risk.

With a software firewall you have customized control and can specify which applications are allowed to communicate (outgoing traffic) over the Internet from your computer. Programs that are not explicitly allowed to do so are either blocked or else the user is prompted for confirmation before the traffic is allowed to pass. Software firewalls generally offer the best measure of protection against Trojans and worms but they are harder to configure and must share resources with other running processes which can decrease system performance. Many software firewalls have user defined controls for setting up safe file and printer sharing and to block unsafe applications from running on your system.

For more information see:

Edited by quietman7, 09 April 2009 - 08:21 AM.

Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users