Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

'Ello 'Ello


  • Please log in to reply
4 replies to this topic

#1 eddiebaby

eddiebaby

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:50 PM

Posted 11 June 2011 - 04:01 AM

Hi everypeeps,

I don't know how many years it is I've managed never to get any virus or malware related problems on the family PC, but I got a call from my daughter yesterday and on arriving home, my worst fears were confirmed. Some Windows XP Recovery malware had appeared and was wreaking havoc. Having followed steps on this site and downloaded various tools I am now onto the last stage of scanning with the anti-malware tool and hopefully this problem is resolved.

As a general query: Does everyone have an antivirus and a separate anti-malware product installed on their PC these days? Should this be necessary?

BC AdBot (Login to Remove)

 


#2 jgweed

jgweed

  • Members
  • 28,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, Il.
  • Local time:02:50 PM

Posted 11 June 2011 - 09:22 AM

Welcome to BC!
To answer your question, I have both an anti-virus and three anti-malware products installed on my hard drive. I also rely on Firefox's "Noscript" to help prevent infections. While this layered application protection can help prevent infections, they cannot substitute for user caution when using the internet.
Regards,
John
Whereof one cannot speak, thereof one should be silent.

#3 eddiebaby

eddiebaby
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:50 PM

Posted 11 June 2011 - 12:09 PM

I couldn't agree more about user caution as I think this is always one's first line of defence. Three anti-malware products sounds, on the face of it, a little "belt and braces", not to say expensive if you are having to pay for them. Mind you I'm no judge, having no doubt been naive in assuming that my Norton anti-virus would protect me from all the ills that might have slipped through where user caution had not been fully exercised.

I've heard tales of those whose PCs have been overburdened by having multiple ant-virus products running on them, causing conflict and contention one with another. Is this not also the risk with more than one anti-malware product or is the layered approach to which you refer sufficiently well designed to avoid such?
I'd be interested in understanding this better if you can advise or point me in the right direction.

Edited by Orange Blossom, 11 June 2011 - 01:51 PM.
Moved to AV forum from Intros. ~ OB


#4 ~Kal~

~Kal~

  • Members
  • 699 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:UK
  • Local time:08:50 PM

Posted 11 June 2011 - 06:17 PM

Hi Eddiebaby,

I have an antivirus and firewall both running on my pc, and i run regular on demand scans with malwarebytes and superantispyware, with an occasional eset scan and a secunia check for our of date software. You are right that running multiple antivirus products simultaneously can cause problems, which is why you should only have 1 installed and active at a time (malwarebytes and superantispyware aren't antiviruses so there shouldn't be a conflict, same with the online scans such as eset). I wouldn't consider being without a firewall, and i don't use the windows firewall.

No single antivirus product will detect or prevent all malware, so having a range of tools at your disposal is useful. All of the products i use are free, so good layered protection doesn't have to cost a fortune. I have used paid products in the past but found them no more or less effective - having said that, what works best for one person isn't the same for everyone and you'll find your own combination of products which suits you, your system, your browsing habits and your needs.

Have a read through these - simple steps to keep your computer secure and
simple ways to keep your computer secure

Hope this helps!

Kal
Kal
Please bear in mind I'm in the UK so our timezones may not always sync.
If I'm helping you and haven't replied within 24 hrs please send me a pm

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,612 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:50 PM

Posted 11 June 2011 - 08:00 PM

Yes using more than one anti-virus program is not advisable. Why? The primary concern with doing so is due to conflicts that can arise when they are running in real-time mode simultaneously and issues with Windows resource management. Even if one of them is disabled for use as a stand-alone scanner, it can affect the other and cause conflicts. Anti-virus software components insert themselves into the operating systems core and using more than one can cause instability, crash your computer, slow performance and waste system resources. When actively running in the background while connected to the Internet, they both may try to update their definition databases at the same time. As the programs compete for resources required to download the necessary files this often can result in sluggish system performance or unresponsive behavior.

Each anti-virus may interpret the activity of the other as suspicious behavior and there is a greater chance of them alerting you to a "False Positive". If one finds a virus or a suspicious file and then the other also finds the same, both programs will be competing over exclusive rights on dealing with that virus or suspicious file. Each anti-virus may attempt to remove the offending file and quarantine it at the same time resulting in a resource management issue as to which program gets permission to act first. If one anit-virus finds and quarantines the file before the other one does, then you encounter the problem of both wanting to scan each other's zipped or archived files and each reporting the other's quarantined contents. This can lead to a repetitive cycle of endless alerts that continually warn you that a threat has been found when that is not the case.

Anti-virus scanners use virus definitions to check for malware and these can include a fragment of the virus code which may be recognized by other anti-virus programs as the virus itself. Because of this, many anti-virus vendors encrypt their definitions so that they do not trigger a false alarm when scanned by other security programs. Other vendors do not encrypt their definitions and they can trigger false alarms when detected by the resident anti-virus. Further, dual installation is not always possible because most of the newer anti-virus programs will detect the presence of others and may insist they be removed prior to download and installation of another. If the installation does complete with another anti-virus already installed, you may encounter issues like system freezing, unresponsiveness or similar symptoms while trying to use it.


In contrast, as a general rule, using more than one anti-spyware program like Malwarebytes' Anti-Malware, SuperAntispyware, Windows Defender, Spybot S&D, Ad-Aware, Spyware Terminator, etc. will not conflict with each other or your anti-virus if using only one of them for real-time protection and others as stand-alone scanners. In fact, doing so increases your protection coverage without causing the same kind of conflicts or affecting the stability of your system that can occur when using more than one anti-virus. The overlap of protection from using different signature databases will aid in detection and removal of more threats when scanning your system for malware. However, competing tools may provide redundant alerts which can be annoying and/or confusing as a result of the overlap in protection.

If using multiple real-time resident shields (TeaTimer, Ad-Watch, MBAM Protection Module, Spyware Terminator Shields, etc.) together at the same time, there can be conflicts when each application tries to compete for resources and exclusive rights to perform an action. They may identify the activity of each other as suspicious and produce alerts. Further, your anti-virus may detect suspicious activity while these programs are scanning (reading) files, especially if it uses a heuristic scanning engine, regardless if they are running in real-time or on demand. The anti-virus may even detect as threats, any malware removed by these programs and placed into quarantined areas. This can lead to a repetitive cycle of endless alerts or false alarms that continually warn a threat has been found if the contents of the quarantine folder are not removed before beginning a new security scan. Generally these conflicts are more of an annoyance rather than the significant conflicts which occur when running two anti-virus programs in real time.

Keep in mind that you can overkill a system with resource heavy security programs that will slow down performance. Sometimes you just have to experiment to get the right combination for your particular system as there is no universal "one size fits all" solution that works for everyone.

No single product is 100% foolproof and can prevent, detect and remove all threats at any given time. Just because one anti-virus detected threats that another missed, does not mean its more effective. The security community is in a constant state of change as new infections appear and it takes time for them to be reported, samples collected, analyzed, and tested by anti-vendors. Security vendors use different scanning engines and different detection methods such as heuristic analysis or behavioral analysis which can account for discrepancies in scanning outcomes. Depending on how often the anti-virus database is updated can also account for differences in threat detections.

Further, each vendor has its own definition of what constitutes malware and scanning your computer using different criteria will yield different results. The fact that each program has its own definition files means that some malware may be picked up by one that could be missed by another. Thus, a multi-layered defense using anti-spyware products (including an effective firewall) to supplement your anti-virus combined with common sense, safe computing and safe surfing habits provides the most complete protection.


P.S. Ask your daughter to read How Malware Spreads - How did I get infected which explains the most common ways malware is contracted and spread.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users