Yusuf On SecuritySecurity news, opinion and advice

Are Two Anti-Viruses better than one?

I am sure this has been written a lot about and arguments are plentiful but it boils down to these points. Running two anti-malware products on the same machine does more harm than good. It can result in unexpected behaviour including but not limited to the two being stuck in an ever loop of resource competition, tearing themselves apart -as in deleting each other’s system files. In other words each will behave and do what a well written anti-malware will be expected to do: guard the system in real time against deliberate malware attack but also react to any suspicious behaviour from a standpoint of it being the only application which can do this task. They are written from a specification of being the only AV on the system. So they are not aware of each other. This is the heart of the problem. Now, the fact that another system with similar functionalities resides within the same machine will set the scene for the perfect storm. This will lead to a downhill spiral of fight for control. If things won’t slowly grind to a halt (best case) eventually the OS won’t tolerate this and will protect itself -BSOD (worst case). It is also not a secret that the OS makers actually will advise against running two AV simultaneously.I support this advise and so do many others. The AV is an application to an extent after all but the whole OS or its stability are at stake. 

For example this is why when an AV replacement tool fails to remove the already running AV, it will back off with a message stating a software with similar functionality is already installed. This might be due to it being password protected. Most of the vendors adopt similar a strategy and I will be surprised if they will support their system running alongside another similar product, well with similar functionality. This means anyone who does not heed this advice is on his own when things eventually go weird. 

The exception to that is if you want to run a traditional anti-virus together with a signatureless or cryptoguard system on the same machine. This can be done today.

I think  anyone who is trying to put more than one lock on the same door is increasing his security posture and although this works in the real world it might not completely translate to the virtual world. This effort should be spent on other parts of the security layer such as gateway protection, email and web filtering etc. 

Author
Yusuf
Join the discussion

Further reading

What will it take?

A great piece on what it will take to improve the safety of the connected world. Read it here.

Extended detection and response (XDR)

Extended detection and response (XDR) captures threat data from previously isolated security tools throughout the organizations tech stack to enable...

Log4j Vulnerabilities

Towards the end of November, a researcher from Alibaba discovered a fault (CVE-2021-44228) in a well known open-source logging library called...

Recent podcasts