Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Companion Antivirus


  • Please log in to reply
3 replies to this topic

#1 Oxonsi

Oxonsi

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:06:39 PM

Posted 01 February 2017 - 12:13 PM

I'm interested in running a "companion antivirus" program in real-time, on-access mode along with my regular antivirus software.  What are people's thoughts on this?

 

Conventional wisdom has always been to not run two (or more) antivirus programs simultaneously due to potential conflicts.  However, within the last ~10 years it seems a number of anti-malware products have been designed to run alongside antivirus.  Some of them are simply 2nd opinion, on-demand scanners without a real-time, on-access component.  I don't believe those ever cause problems by conflicting with antivirus.  However, those are also more of a re-active approach to security:  designed to identify and cleanup infections and/or traces after the fact.

 

Other anti-malware apps offer real-time, on-access protection.  The best known of these is probably Malwarebytes Anti-Malware (premium), and I've seen it run alongside antivirus without apparent issue.  The latest version 3.0 seems to be designed more as a replacement for antivirus than a companion to it...  And I believe Emsisoft Anti-Malware also started as a companion antivirus, and then developed into more of a standalone product.

 

Those products aside, there are still a number of anti-malware apps with real-time components designed to complement an existing antivirus installation.  And typically, part of the rationale for this setup is that they target somewhat different types of threats.  Antivirus focuses on viruses, trojans, etc., and anti-malware focuses more on adware, spyware, etc.  There may well still be some overlap in coverage, but by excluding the paths of the other "anti" product in each, one can minimize any potential conflicts.

 

So, it seems to me that this setup could be part of a layered approach to security, realizing of course that additional layers like appropriately configured firewall, regular off-line backup, keeping OS and software updated, user caution and vigilance, etc. should all parts of a security protocol.

 

All of that said, anyone still against running several real-time security products concurrently?  Is it always a bad idea?  I would certainly attempt to choose relatively light-weight products that are known to "play nice" together.  But do you think there would nonetheless be a significant performance degradation and potential for conflict under this scenario, and therefore one should stick with just one real-time antivirus?

 

Thanks for any thoughts!



BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,612 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:39 PM

Posted 01 February 2017 - 05:40 PM

I have run Emsisoft Anti-Malware along side of ESET NOD32 for years without any problems.

 

I generally recommend Malwarebytes 3.0 Premium, Zemana AntiMalware or Emsisoft Anti-Malware as the backbone to supplementing your anti-virus software. Although if you use Emsisoft, it is not necessary to use a separate antivirus solution since EAM combines its technology with Bitdefender's Anti-Virus engine. See my comments in Choosing an Anti-Virus Program and Supplementing your Anti-Virus Program with Anti-Malware Tools as to why I recommend these programs.

Although Malwarebytes 3.0 Premium claims it can be used as a replacement for an existing anti-virus, it has limitations and lacks many constructs that a traditional anti-virus applications employ...it does not target scripted malware, document files, media files...it is incapable of of removing malicious code that has been prepended or injected into legitimate files (i.e. file infectors, Trojan patches) and does not handle legacy malware. The Anti-Exploit module is primarily for protection against software exploitation... it does not protect against social engineering, the human exploit often resulting from fraud, spam and phishing emails.

This is an explanation by David H. Lipman, a Security Colleague and Malware Researcher/Analyst.

...there are services in an Anti Virus that are not fulfilled by MBAM.

  • It does not target scripted malware
  • It does not target document files
  • It does not target media files
  • It is still incapable of of removing malicious code that had been prepended, appended or cavity injected into legitimate files such as by a file infecting virus or by a trojan that trojanizes legitimate files ( aka; patches ).
  • It is not MAPI and/or VIM compliant nor does it offer a POP/IMAP Proxy Service.
  • It does not handle legacy malware because Malwarebytes personnel culls it database periodically and only tragets what they call Zero Day malware. Malware that is fresh and new Today and not something that was more prevalent a year or two ago.
An anti virus may intercept email and it will then decode the MIME and scan the body and attachments and flag the email as a Phish, Fraud or some other malicious content. MBAM may have and Anti Exploit module but that is for software exploitation. It does NOTHING for Social Engineering which is the Human Exploit such as those demonstrated in Fraud and Phishing emails.

If one ONLY depends on MBAM they lose the warnings made by traditional anti virus applications that performs scanning the file types MBAM does not target. They lose a layer of protection that an AV provides. So if one has a folder of Wimad trojans and only MBAM is installed, the computer user will never know. However if they had a fully installed Anti Virus solution performing "On Access" and "On Demand scanning on ALL file types, there would be a warning the files are malicious. This an indicator. MBAM will only protect one IFF they try to play a media file and it attempts some not standard media player function. MBAM will not tell you that is a malicious HyperText Application, or that XLS uses malicious macros or that MP3 is a Wimad or that web site has an Embedded IFrame.

 

That indicates to me that Malwarebytes 3.0 Premium is still better served as an adjunct anti-malware solution to complement and strengthen your protection when utilizing a traditional anti-virus solution.
 


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Oxonsi

Oxonsi
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:06:39 PM

Posted 02 February 2017 - 01:44 AM

Thanks very much for your and the interesting information.  There are those who still insist that one should only run a single "anti" program at a time.  I'm of the opinion that no one application catches all malware all of the time.  And some anti-malware programs have been designed to run alongside an antivirus.  Therefore it is perfectly acceptable and beneficial to security to do so.

 

I've heard that some security professionals claim that they do not use any security software because they know what not to click, etc.  If by that they mean they not only do not install any security software, but also disable Windows Defender and Windows Firewall, I find that very risky behavior.  Little doubt that user education and vigilance are among the most important defenses, but there are so many insidious threats that can for example be contracted through malvertising, etc.  I think it is irresponsible to go online with an unprotected Windows PC.

 

I also think ESET Nod32 antivirus and Emsisoft Anti-malware are among the best security products available.  I have a paid subscription to Zemana Anti-Malware, and I intend to use that with ESET Nod32 antivirus.  Both seem quite lightweight and complement one another well.  I also keep MBAM free version installed as a second opinion scanner.

 

Incidentally, given the rise in malvertising, which has been found even on many reputable websites because the cyber-criminals are clever at injecting malicious code ...  I find that using an ad blocking browser extension is now a desirable layer of security.  I like uBlock Origin, but any ad blocking is better than none.



#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,612 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:39 PM

Posted 02 February 2017 - 06:46 AM

You are correct, no single product is 100% foolproof and can prevent, detect and remove all threats at any given time and there is no universal "one size fits all" solution. Every security vendor's lab uses different scanning engines and different detection methods. Each has its own strengths and weaknesses and they often use a mix of technologies to detect and remove malware. Scanning engines may use Heuristic Analysis, Behavioral Analysis, Sandboxing and Signature file detection (containing the binary patterns of known virus signatures) which can account for discrepancies in scanning outcomes. Depending on how often the anti-virus or anti-malware database is updated can also account for differences in threat detections. Further, each vendor has its own definition (naming standards) of what constitutes malware and scanning your computer using different criteria will yield different results. The fact that each program has its own definition files means that some malware may be picked up by one that could be missed by another.

Security is all about layers and not depending on any one solution, technology or approach to detect and prevent the latest threats from cyber-criminals. Thus, a multi-layered defense using an anti-malware and anti-exploit solution to supplement your anti-virus combined with common sense and following Best Practices for Safe Computing provides the most complete protection.

Read the IMPORTANT NOTE about not using more than one anti-virus program in this topic. In addition to potential conflicts, I explain in more detail why most security vendors advise against doing this.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users