OK to install 2+ A.V. Programs?

[Slik]

Interesting info. I'm going to go with only two for a while and see how it works out. Super Anti Spyware and Avira Anti Virus. That ought to work OK. Yes? No? Thanks all.

[AkG]

SAS is decent, a bit slower than MBAM, bit of a mem hog and not as fast on updates and MBAM but not bad. Avira is a very, very good AV program should give you a very good 1-2 punch. Try it see if you notice any slow downs. IF you do swap out SAS from MBAM. :)

[Canker]

Windows will allow it, but the antivirus software you use may not. Some antivirus packages like Kaspersky will point out you have antivirus software installed and ask you to remove it before installing it.

Running two antivirus programs is like wearing two pairs of underwear in the hope you can recover from crapping your pants with a second pair.

Quote:

Originally Posted by Slik

Title pretty much says it. With Win. 7,Can you have two or three Anti Virus loaded on your Comp.? Will there be conflicts? I don't mean scanning at the same time, I mean installed and activated. Will Windows 7 allow this? Thanks for any help.

[DCCV44.2223]

Quote:

Originally Posted by AkG

Actually yes you did say that AV were 99 percent effective by posting a pdf with proof

The main focus of the AV-comp pdf I pointed to was to show that AVs include all types of malware in their detection and that they do not "out and out suck at malware" as you claimed. The detection rate should be taken in context of the comparative, if I point someone to a video card benchmark, I do not expect them to interpret it as me saying all games will run at those frame rates in all scenarios.

Quote:

Would you really rely on solely on something that is only 80% effective against the number one attack vector (aka "malware") or would you use two programs?

What I actually said was in the proactive/retroactive comparative, detection rates of the better AVs were 50-60%, again that should be taken in context. The 80% you attributed to me is incorrect.

You should know that AV detection rates is not static. When a new virus appears, detection rate is poor -- anywhere from 0-60%. As time passes and the AV vendors get samples and add them to their signature database, detection rates increases, a 99+% signature based detection is not usual for comparatives using smaller sample sizes.

Quote:

One for the less likely crap with some limited abilities in other areas(aka a AV program) and one dedicated to the actual most likely threat? ONE size fits all approaches are not the best choice nor offer the best protection.

I guess I have not gotten through to you that nowadays AV include *ALL* types of malware in their detection. The best strategy to secure a system is defense in depth, however, MBAM is basically just another signature based scanner, it does not magically get signatures before a virus is released, and without signatures it will be relying totally on the heuristic engine for detection -- which until a couple of months ago it didn't have.

It is my opinion that adding another signature based scanner on top of an AV is not going to significantly increase your systems protection against new virus. If you want a second opinion on a downloaded file, send it to VirusTotal and get it scanned by the 40+ AVs there. If you want to augment your AV's realtime protection, use a behaviour blocking such as ThreatFire, or control application privileges with a sandbox such as Sandboxie.

Quote:

AVs with limited am/as protection should be considered a nice bonus but not anything more than that until they have proven for a couple years to actually WORK as good as a dedicated AM/AS.

Let me say this one more time, AVs includes *ALL* types of malware in their detection. There was a period of ~12 months circa 2003-4 when AV did not detect spyware and adware, but that's ancient history. An AV engine capable of detecting polymorphic virus is more than capable of detecting any malware, so it's not like they've only been around for a couple of months...

Quote:

It is good to see that you too are a pessimist by nature. However, I differ from you in that I am NOT a fatalist.

It's not about being a pessimist or accepting failure, it's about being realistic on the effectiveness of the security tools that are available -- they all have limitations. For example, your choice of Avira and MBAM, will they scan HTTP traffic before it reaches your Internet facing apps? In my experience people (some not all) who believed that their system was "secure" tend to be more reckless than if they were aware that their system was vulnerable.

[AkG]

If you dont want peeps to misinterpret your POV...dont "infer" things you dont mean. You are the one who stated that AV's are great at "malware" and then posted the pdf and then "explained" it. I simply was calling BS on your BS.

Once again, if AV companies were actually GOOD at catching crap then why is most infections most techs come across "malware" on those protected systems? You can claim that they include all virus types, and sure most of the big ones CLAIM to have all types of virus in their engines but they still out and out suck at malware. If you dont believe me use an online scanner such as VirusTotal which uses multiple engines. I've done this personally and it is scary how many times the AV's results will come back as "clean" / no threat found. Whereas MBAM shuts it down HARD. There is a difference between having "all types" in your fingerprint database and protecting adequately against all types.

And yes I agree use a sandbox...but honestly how many people are actually going to DO that? Not many, might as well only teach abstinence in schools to combat aids. Expect similar results. Your idea of being a realist and mine VASTLY differ. Once again are you saying that ONE av is good enough? If so which one? If you are saying its only 60% effective what in the world makes you think thats anywhere close to being "good enough"?

Honestly at this point...screw it. Fine you dont believe it wont increase your chances of catching crap by using MBAM....DONT use it. No one is putting a gun to your head. Just dont post BS stats (that actually DONT say what you claim they say) to back up your claims (like all malware is trojans and therefore the trojan section covers off malware and proves how good AVs are at "malware"). Either say its personal opinion as I have done or actually PROVE that AV engines are working good enough to trust them and only them. AND show which one is doing this as their is MANY options out there and not all AVs are created equal.

Quote:

Originally Posted by DCCV44.2223

blah blah
AVs are great no need for anything else
blah blah
backpedaling
blah blah

[DCCV44.2223]

Quote:

Originally Posted by AkG

If you dont want peeps to misinterpret your POV...dont "infer" things you dont mean.

It's a lesser of 2 evils. I'm aware that results from antivirus comparatives can often be misinterpreted and taken out of context, but it does dispute your unsubstantiated claim that AVs are only good at detecting viruses and neglect other categories of "malware".

Quote:

Once again, if AV companies were actually GOOD at catching crap then why is most infections most techs come across "malware" on those protected systems?

I've already described a scenario where a virus can get pass AV even though the AV is capable of detecting it under different circumstances. Of course there are always a significant number of viruses out there that are not detected by an AV's signature-based scanner, including MBAM's -- it's an inherent disadvantage of signature-based detection because it is reactive.

Quote:

If you dont believe me use an online scanner such as VirusTotal which uses multiple engines. I've done this personally and it is scary how many times the AV's results will come back as "clean" / no threat found. Whereas MBAM shuts it down HARD.

VirusTotal has limitations when it is used to compare AV products. All VT does is pass the file through the AV's on-demand scanner. If an AV product only consists of a signature-base scanner then the results from VT will (most of the time) reflect that product's effectiveness. However, many AVs have additional layers of protection, such as behaviour blockers, that can block viruses that were missed by the signature-based scanners. Saying that an AV failed based on results from VT alone can be grossly misleading, it's like concluding system A is faster than system B by looking at the performance of only a *single* HW component.

Quote:

And yes I agree use a sandbox...but honestly how many people are actually going to DO that?

Using a sandbox was not the only alternative I suggested. Which solution is best depends on what AV you're using. If your AV consists of only a signature based scanner, then adding a behaviour blocker is a good idea. If your AV has both signature based scanner and a behaviour blocker but you feel that's still inadequate, then a sandbox would be the next logical step.

What I do not consider worthwhile is running multiple signature based scanners, behaviour blockers, sandboxes or whatever security software that works on the same basic principles.

Quote:

Once again are you saying that ONE av is good enough? If so which one?

ATM I'm testing Panda Cloud, but usually I use Kaspersky AV -- it has a good signature base scanner, a behaviour blocker and a few other additional layers.

Quote:

If you are saying its only 60% effective what in the world makes you think thats anywhere close to being "good enough"?

The 0-60% detection rate only applies to new viruses, say within the first 24 hours. It would not be enough if your defense consists of only signature based scanner(s). But if your AV is multi-layered and includes non-signature based detection modules, then IMO, it's the only security software that's required.

However, having good security software is only one facet, you also need to keep the system patched up-to-date, and you need to be aware of the limitations of your security software, i.e., NOT run executables without due diligence simply because it was not tagged by the AV's signature-based scanner. But those are good practices no matter what security software(s) you run.

Quote:

Just dont post BS stats (that actually DONT say what you claim they say) to back up your claims (like all malware is trojans and therefore the trojan section covers off malware and proves how good AVs are at "malware").

Again you misquoted me. I did not say all malware is trojans, I said "nowadays most malware are trojans". If you want to dispute that, please refer back to the CARO naming scheme I pointed to earlier, look in the section that lists all the malware types and tell me which category all those malware that you claimed is only detected by MBAM and not AVs would fall under.

Quote:

Either say its personal opinion as I have done or actually PROVE that AV engines are working good enough to trust them and only them. AND show which one is doing this as their is MANY options out there and not all AVs are created equal.

Sorry, if you prefaced your numerous "AV suck at malware" claims as personal opinion, I missed it. In fact did you not use VirusTotal results as anecdotal evidence?

As to which are the better AVs, there are comparatives using dynamic tests, i.e., executing the virus and see if AVs block samples that were missed by their signature-based scanners. However, the methodologies used for dynamic testing are fairly new and sample sizes are small by necessity. Since you've already berated me for pointing to a comparative that was open to misinterpretation, were I to point to those dynamic comparatives, people may just infer things that I don't mean.

One thing those dynamic tests showed was that behaviour blockers can significantly increase an AV's detection rate, anywhere from 5% to 30%. However, I've never seen a comparative -- dynamic or otherwise -- that showed running MBAM on top of an AV will have similar effect on the detection rate.

[technix]

Hey, I'm bumping this thread. I know there was some debating but read most of it towards the end and found it interesting. I am using an older laptop with a Turion AMD cpu and I'm wondering how it will run with a couple of AV programs on it (of course, at least one will be disabled while using the other). I was going to try MS Security Essentials but how is that on resources of an older machine? Good choice, in general, though, right? The other one I thought to choose is Avira. I generally don't go out and buy commercial ver. AV programs for two reasons: 1) well, this is for older machines and I have more than one so... and 2) AV commercial versions based on temporary subscription-based - meaning, it will run out - I am against this concept on principle. I generally try to run Linux when surfing so I don't need a AV program most of the time.

However...

I agree with Malwarebytes, too. It generally gets good reviews. But, most of these programs, I need to use the free versions. Hopefully, they're sufficient.

I posted the bump hoping there's an update on what's good these days. Or maybe there's not much of a change. It was my impression that MS Security Essentials is thought to be good with Avira, AVG ('thought it became resource heavy recently but AVG users can comment), Avast (not sure if the current ver. is still good) and then you get NOD32 and Kaspersky but those are usually retail/paid AV programs. I don't think those later ones have much of a free version. Anyway, good thread! I don't see any problem of downloading and installing more than one as long as they're not enabled and running at the same time.

[DCCV44.2223]

Quote:

Originally Posted by technix

I am using an older laptop with a Turion AMD cpu and I'm wondering how it will run with a couple of AV programs on it (of course, at least one will be disabled while using the other).

I have a ML-37 Turion notebook and have MSFT Security Essential on it. It runs better than when I had Kaspersky or Shaw's version of F-Secure installed. Have not had Avira on it, but looking at system performance benchmarks from various comparatives, Avira (free version) does bench better than MSE, but not by much.

A free AV that I have been testing is Panda CloudAV, it's fairly light and has features that are now standard in the full/paid AVs -- behaviour blocking and cloud component -- that are not found in other freebies, there were a number of teething problems but a recent update has cure some of them:

DOWNLOAD FREE ANTIVIRUS - The first free cloud antivirus against viruses - CLOUD ANTIVIRUS

I guess you're still running XP with the laptop? In which case I'd recommend using DropMyRights to launch all you internet facing apps (when not using a restricted account), since all it does it to strip most of the Admin privileges from those processes, there's zero impact on system performance/resource:

Non Admin - Drop My Rights

Quote:

I don't see any problem of downloading and installing more than one as long as they're not enabled and running at the same time.

Basically, malware is either automatically installed with minimal user interaction, or it needs to be manually installed after the malicious file is downloaded.

In the automatic install scenario, the second AV is of no value since it's not active at all. It's basically functioning as a cleaner, but when cleaning an infected system it's better to use something that's not already installed since there's no guarantee that it had not been compromised.

With the manual install scenario having a 2nd AV do a on demand scan on the file may improve the odds by a few percentage points, but each time you do that you'll have to wait 5-10 minutes for the AV to have its database updated. It's easier to just get a MD5 hash of the file and submit it to VirusTotal, if that file have previously been scanned you'll quickly have a report from ~40 AVs.

Lastly, you can improve detection by simply making sure that the heuristics is set to the highest/most advanced levels for the on-demand scanner (the on-demand scanner *ONLY*). Many AVs default to lesser heuristic settings to prevent false positives, but when you're doing an on-demand scan of a file prior to installation, false positive is not really a big problem.

[technix]

I'm going to re-read your post but I have another issue/problem/question.

I tried to update Avira but then there was a message that I couldn't with Asian characters. I thought, WTH... do I have a Virus or something? Then I couldn't access Firefox or Chrome with bogus messages that I had no space or other nonsensical messages. I couldn't shut down or close any programs because the window would almost be blank....just with buttons which are almost blank. WTH?!?

I shut down the notebook the hard way and upon reboot, was able to use a browser and downloaded Malwarebytes. It didn't find anything but maybe the damn machine is infected with something? What should I do? I almost never have a problem with my desktop but my notebooks are a different matter entirely but the other two notebooks are mostly hardware issues.

But, this one notebook seems to be working now but maybe it's all a guise. How do I figure out what the heck was going on?

P.S.... Excuse me and I apologize in advance but I hate WINDOZE! Especially, XP...

[DCCV44.2223]

If the system (Windows, browsers, java, flash, acrobat, etc) is patched up-to-date then odds are it's a Windows glitch. You may want to check the events viewer and see if anything was logged.

With XP I'd strongly advice either using a restricted account for day-to-day use or use DropMyRights to launch your internet facing apps, they will make compromising the core system files more difficult.