Can I run more than one anti-virus program? Anti-spyware program? Firewall? Should I?

Search First! Then browse: Categories | Full Archive | By Date | Newsletter

Home » Viruses and Malware

Summary: It's tempting to think more is better for anti-spyware and anti-virus software and firewalls. In reality too many can cause trouble.

•

I've touched on this before but only addressed anti-spyware programs. The question is more common and more general than that, so in this article I'll tackle all of the big three: firewall, anti-spyware, and anti-virus.

Naturally, the answer on running more than one each of those three categories is different, and varies depending on exactly what you're doing.

•

As a general rule of thumb, you need only one of each. It's what I do. A single, good anti-spyware solution, an anti-virus solution, and a single firewall and, in my opinion, you're good to go.

However, as I've noted elsewhere, there's no single anti-virus or anti-spyware program that will catch all viruses or spyware. So there is a case to be made for having more than one. But if you do, you need to be careful because they can, and often do, interfere with each other.

•

Anti-Virus

Most anti-virus programs operate in two modes:

• Scan: the utility examines memory and files on disk for traces of malware. This involves actually examining the contents each file for things that "look like" viruses.

• Monitor: often referred to as "real time" monitor, the anti virus program is continually running and scans files as they are downloaded to your machine, notifying you nearly immediately if the file you just received contains something that looks like a virus.

There's nothing at all wrong periodically running an anti-virus scan with more than one anti-virus program. The key here is that it's just a scan - it starts, it scans, and then it's done. There's no opportunity to come in to conflict with another anti-virus program.

Real time monitoring, on the other hand, is another story. When you install most anti-virus programs they often automatically install and enable their real-time monitors. Running two or more real-time anti-virus monitors at the same time is very likely to cause a conflict. That conflict could result in error messages, crashes of the anti-virus programs, or other types of failure.

So it's certainly OK to have more than one anti-virus program installed, and it can make sense to run a scan using a different program from time to time, but you must make sure you only have one real-time monitor enabled at a time.

The simplest way to do so, as I mentioned earlier, is to rely on a single, good anti-virus program and make sure that its database of known viruses is continually being updated.

•

Anti-Spyware

Anti-spyware tools operate much like anti-virus tools, and that typically means the same two modes:

• Scan: the utility examines memory and the hard disk for traces of malware. While an anti-spyware program typically does not scan every executable file on the disk, it does involve checking certain registry entries, looking at the contents of certain files, and checking for the presence of others for things that "look like" spyware.

• Monitor: like anti-virus programs, anti-spyware programs often have a "real time" component that monitors for certain spyware-like activities. A good example is that an attempt to change your default home page will be caught (or prevented) in real time by many anti-spyware programs.

And once again, the bottom line is the same: periodic scans by different programs are quite alright, while the real time monitors installed by these utilities can easily come into conflict. Make sure only one package has its real time monitoring facility enabled.

The most important thing is to start with a good anti-spyware program, and make sure that its database of known spyware is continually being updated.

•

Firewalls

Firewalls are a different beast from the tools we've talked about so far. They fall into roughly two categories: hardware and software.

A software firewall is just that - software that's installed on your machine that prevents certain types of intrusion into your system from the outside and, in some cases, monitors for suspicious attempts to connect to the outside from within your computer. In both cases the functions are performed in real time, as they happen. As you can guess from the previous discussion about anti-spyware and anti-virus software, two programs trying to perform the same action at the same time can lead to problems. I would most certainly not run two different software firewalls at the same time. That implies that if Windows Firewall is turned on, I would turn it off as part of installing another firewall such as Zone Alarm.

Hardware firewalls are, in most homes and small businesses, routers. Routers provide a level of protection that prevents your computer from being seen from the internet, unless you initiate the outbound connection. There's nothing to install on your PC; it's just another box that sits between you and your internet connection.

There's nothing wrong with having both a software and a hardware firewall. It's partially redundant, but it's harmless. In fact, if there are machines within your LAN that you don't actually trust, having both can actually be an appropriate choice.

Technically, there's also really nothing wrong with having multiple hardware firewalls. You can put a router behind a router if you like. However, a) it will slow down your connectivity somewhat, and b) there are certain types of communications protocols that may break as a result. Common protocols like web and email do not, so it's usually OK, but it's not really recommended.

Share

Article C2833 - November 9, 2006

Was this article helpful? «Yes» «No»