Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 1 subscriber
  • Views 11697 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Using more than just Sophos...Why not?

Skeptic

My experience with antivirus and antispyware programs has been that sometimes one program finds suspicious or 'dangerous' items that another program does not find. So I like the idea of having several such programs installed.  However, most advise against using more than one program. For example, Microsoft Security Essentials' installer warns, 'If you have other antivirus or antispyware programs installed on your computer, they may conflict with Security Essentials and prevent it from working properly. Having multiple antivirus or antispyware programs may also cause severe performance issues on your computer."  How valid is this warning? It sounds ominous, but the cynic in me wonders if this might also just be a way to intimidate users into avoiding competitors' products. Does Sophos expressly warn against installing MIcrosoft Security Essentials? I also have MalWareBytes Premium installed, and so far it does not appear to be causing any problems with Sophos (and vice versa). But, then again, how would a person know? Does Sophos expressly advise not to use Microsoft Security Essentials on the same computer?  Why not make them mutually compatible, in view of the fact that past experience has shown that sometimes one program will miss a threat while another program detects it. Same goes for programs like Ad-Aware.  Sophos is the Cadillac product in this class, and I am not criticizing Sophos in any way....I'm just instinctively skeptical about putting all my eggs in ANY one basket, even if it's supposedly woven out of Gold and Silver. What's the user community's Best Practice advice on this subject? 

:53907


This thread was automatically locked due to age.
Parents
  • 0

    Hello Skeptic,

    Jak has already summarized the main points but allow me to add my two cents.

    The problem is mainly, as Jak has pointed out, with real-time components interfering. Not going into the (intricate) details - there's no standard to reliably layer certain functionality like AV (other examples are encryption or HSM). Furthermore the existing framework lacks the semantics to communicate the results of a scan.

    One might think of (email) gateways where often more than one AV product is employed. This is, however, on demand scanning where a suitable interface is defined and a calling process controls the engagement of the different providers, the aggregation of their results and the eventual action. More or less random interception by several parties which have no knowledge of each other is not the same and even "correct behaviour" within the existing framework can lead to incompatibilities especially when different strategies are pursued.

    With the products going beyond pure AV the risk of undesired interactions increases. Product B might deem the perfectly legitimate instrumentation utilised by product A at least suspicious. And product D might not like the unstoppable service product C implements ... spooks from different "agencies" suspecting each other.  

    Why not make them mutually compatible

    "Someone" would have to define an appropriate framework/standard - unlikely that this could be achieved without the vendor for proprietary OSs or distributions. It seems their stance is still that (third-party) AV is more or less unessential. 

    Christian

    :53933
Reply
  • 0

    Hello Skeptic,

    Jak has already summarized the main points but allow me to add my two cents.

    The problem is mainly, as Jak has pointed out, with real-time components interfering. Not going into the (intricate) details - there's no standard to reliably layer certain functionality like AV (other examples are encryption or HSM). Furthermore the existing framework lacks the semantics to communicate the results of a scan.

    One might think of (email) gateways where often more than one AV product is employed. This is, however, on demand scanning where a suitable interface is defined and a calling process controls the engagement of the different providers, the aggregation of their results and the eventual action. More or less random interception by several parties which have no knowledge of each other is not the same and even "correct behaviour" within the existing framework can lead to incompatibilities especially when different strategies are pursued.

    With the products going beyond pure AV the risk of undesired interactions increases. Product B might deem the perfectly legitimate instrumentation utilised by product A at least suspicious. And product D might not like the unstoppable service product C implements ... spooks from different "agencies" suspecting each other.  

    Why not make them mutually compatible

    "Someone" would have to define an appropriate framework/standard - unlikely that this could be achieved without the vendor for proprietary OSs or distributions. It seems their stance is still that (third-party) AV is more or less unessential. 

    Christian

    :53933
Children
No Data