Summary: It's tempting to think more is better for anti-spyware and anti-virus software and firewalls. In reality too many can cause trouble.
With regards to firewalls, anti-virus programs and anti-spyware programs; can I have more than one of each of these programs installed in my computer? For example, I run ZoneAlarm; does that mean I should I turn off Windows firewall?
•
I've touched on this before but only addressed anti-spyware programs. The question is more common and more general than that, so in this article I'll tackle all of the big three: firewall, anti-spyware, and anti-virus.
Naturally, the answer on running more than one each of those three categories is different, and varies depending on exactly what you're doing.
•
As a general rule of thumb, you need only one of each. It's what I do. A single, good anti-spyware solution, an anti-virus solution, and a single firewall and, in my opinion, you're good to go.
However, as I've noted elsewhere, there's no single anti-virus or anti-spyware program that will catch all viruses or spyware. So there is a case to be made for having more than one. But if you do, you need to be careful because they can, and often do, interfere with each other.
•
Anti-Virus
Most anti-virus programs operate in two modes:
-
Scan: the utility examines memory and files on disk for traces of malware. This involves actually examining the contents each file for things that "look like" viruses.
-
Monitor: often referred to as "real time" monitor, the anti virus program is continually running and scans files as they are downloaded to your machine, notifying you nearly immediately if the file you just received contains something that looks like a virus.
There's nothing at all wrong periodically running an anti-virus scan with more than one anti-virus program. The key here is that it's just a scan - it starts, it scans, and then it's done. There's no opportunity to come in to conflict with another anti-virus program.
Real time monitoring, on the other hand, is another story. When you install most anti-virus programs they often automatically install and enable their real-time monitors. Running two or more real-time anti-virus monitors at the same time is very likely to cause a conflict. That conflict could result in error messages, crashes of the anti-virus programs, or other types of failure.
So it's certainly OK to have more than one anti-virus program installed, and it can make sense to run a scan using a different program from time to time, but you must make sure you only have one real-time monitor enabled at a time.
The simplest way to do so, as I mentioned earlier, is to rely on a single, good anti-virus program and make sure that its database of known viruses is continually being updated.
•
Anti-Spyware
Anti-spyware tools operate much like anti-virus tools, and that typically means the same two modes:
-
Scan: the utility examines memory and the hard disk for traces of malware. While an anti-spyware program typically does not scan every executable file on the disk, it does involve checking certain registry entries, looking at the contents of certain files, and checking for the presence of others for things that "look like" spyware.
-
Monitor: like anti-virus programs, anti-spyware programs often have a "real time" component that monitors for certain spyware-like activities. A good example is that an attempt to change your default home page will be caught (or prevented) in real time by many anti-spyware programs.
And once again, the bottom line is the same: periodic scans by different programs are quite alright, while the real time monitors installed by these utilities can easily come into conflict. Make sure only one package has its real time monitoring facility enabled.
The most important thing is to start with a good anti-spyware program, and make sure that its database of known spyware is continually being updated.
•
Firewalls
Firewalls are a different beast from the tools we've talked about so far. They fall into roughly two categories: hardware and software.
A software firewall is just that - software that's installed on your machine that prevents certain types of intrusion into your system from the outside and, in some cases, monitors for suspicious attempts to connect to the outside from within your computer. In both cases the functions are performed in real time, as they happen. As you can guess from the previous discussion about anti-spyware and anti-virus software, two programs trying to perform the same action at the same time can lead to problems. I would most certainly not run two different software firewalls at the same time. That implies that if Windows Firewall is turned on, I would turn it off as part of installing another firewall such as Zone Alarm.
Hardware firewalls are, in most homes and small businesses, routers. Routers provide a level of protection that prevents your computer from being seen from the internet, unless you initiate the outbound connection. There's nothing to install on your PC; it's just another box that sits between you and your internet connection.
There's nothing wrong with having both a software and a hardware firewall. It's partially redundant, but it's harmless. In fact, if there are machines within your LAN that you don't actually trust, having both can actually be an appropriate choice.
Technically, there's also really nothing wrong with having multiple hardware firewalls. You can put a router behind a router if you like. However, a) it will slow down your connectivity somewhat, and b) there are certain types of communications protocols that may break as a result. Common protocols like web and email do not, so it's usually OK, but it's not really recommended.
Related:
-
Ask Leo! - Internet Safety: How do I keep my computer safe on the internet?
-
Ask Leo! - Spyware: How do I remove and avoid spyware?
-
Ask Leo! - Do I need a firewall, and if so, what kind?
-
Ask Leo! - Is running two anti-spyware programs better than one?
Article C2833 - November 9, 2006
If this author thinks that "as a general rule, you only need one of each", then he obviously doesn't have any experience with cleaning malware off of computers.
Armchair technicians for the lose.
Realtime protection is one thing -- obviously you only want one RT AV running at a time. But no single AV, AS, AA, or other AM program is 'all you need'. Any tech who has any amount of experience cleaning malware can tell you that no single program will get everything.
Posted by: John Doe at August 28, 2009 1:58 PMRemember the key is you should not install nore than one real-time background scanning security program. Most people will do fine with just a simple hardware firewall (router), Windows Firewall, Windows Defender (Vista/7, Keeping Windows updated,having a real time basic virus scanner like Norton or McAfee and then using an on demand product like Malwarebytes for when you think there may be a problem.
Posted by: Ralph at November 10, 2009 3:26 PMRalph
Read about Windows 7 upgrades on my blog
I run 2 different anti-virus programs at the same time. I have run avg and Threatfire, and am now running Avira and threatfire. I left avg because it has become a resource hog. I have not had any problems doing this. Threatfire was designed to run with other anti-virus programs and works different than other programs and can catch viruses that have not been fixed yet. As I have only used it with these 2 programs I can not vouch for it running with any other virus programs. Check it out at threatfire.com. you may change your mind about running 2 virus programs at the same time. I used this type of anti-virus program for many years as my only virus program. since the Dos days and have only had 1 virus in the whole time.
Posted by: Frank Williams at November 11, 2009 6:10 AMMortal enemies??? Example: If you install Kaspersky and Spybot Search & Destroy, Kaspersky gets "mad" about Spybot. When you go to uninstall Spybot, their uninstall program asks you "why?" One of the listed options is: "Kaspersky."
Next, Spybot comes back with a paragraph explaining that they have thoroughly tested their product in conjunction with Kaspersky, and can NOT find any conflicts.
On the flip side of that coin, if you have Lavasoft's Adaware installed, and try to install Spybot, Spybot warns you that the two products are incompatible!!!
So who is speaking with a forked tongue?
Also, the rules of the game change on a daily basis. So two programs that were completely compatible yesterday may not be today because one of them was updated.
Hence, Leo's concept of not running more than one of each type of program is generally the safest bet. Exception: My computer was acted very strangely for quite a few days. Kaspersky didn't find anything wrong. So I "cheated" and installed Spybot, ran it, if found one problem, disposed of it, and now my computer's performance has greatly increased. Of course, I immediately uninstalled Spybot after running it to avoid any potential conflicts with Kaspersky.
Those are my thoughts...
Aloha from Hawaii,
Posted by: Glenn Ordell at November 11, 2009 4:31 PMGlenn
I have but one question: I have Vipre antivirus and it seems to be doing a very good job of scanning my system. Why is there never any mention of Vipre anywhere (at least where I have looked)?
Posted by: Evan B Merz at December 15, 2009 7:45 PM