Why it isn’t a good idea to run multiple full antivirus products at the same time

Discussion in 'Application Software' started by UmbraEmsi, Dec 19, 2017.

?

Do you run multiple full AVs at same time?

  1. Yes

    0 vote(s)
    0.0%
  2. No

    32 vote(s)
    86.5%
  3. No but i did in the past?

    5 vote(s)
    13.5%
  1. ThomasMann

    ThomasMann MDL Expert

    Dec 31, 2015
    1,770
    295
    60
  2. Dark Knight

    Dark Knight MDL Senior Member

    Jul 14, 2013
    323
    133
    10
    Point taken LOL
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. UmbraEmsi

    UmbraEmsi Emsisoft Community Manager

    Sep 26, 2017
    77
    43
    0
    You can't thwart all threats just by "common sense"; some malware are way to shady even for expert eyes.
    For example, weaponized webpage using XSS attack can't be stopped without some sort of security measures, it is why FF and Chrome use sandboxes trying to prevent them.
    Sadly, Red Teams find new vulnerabilities all the time.

    On the actual cyber-landscape, having a security solution is must needed by home users, because:

    - any website can be compromised, happened to Ccleaner and to Linux Mint, both hacked and the legit installer replaced by weaponized version (for linux Mint it was a rootkit-ed installer, worst thing that can happens). so you need something to protect you.
    - security solution with prevention system (HIPS/Behavior Blocker/anti-exe/SRP) can block most zero-days. If an executable can't run, it can't infect you. Prevention is the key.
    - even if a zero-day manage to execute, it usually behave in some ways that it can be caught later. Malware aren't one-time effect, they proceeds as what is called "attack chain" , depending the security solution, it can catch the malicious behavior in some point in the chain, sooner the better, but later is better than never.

    Your common sense obviously can't do that. Common sense just tells you "don't run this, it seems shady" , but it can't tell you if an legit executable or a webpage was weaponized or not, you need tools.

    Now security solutions aren't perfect, they can be bypassed.
    - For example in a network if the malware manage to get SYSTEM rights, (aka kernel privileges) , you are done like with the EternalBlue/Doublepulsar attack using SMBv1 and exploiting a legit crucial Windows' process.
    - Or If a system is specifically targeted, the attacker can tailor its attack against it, then you can't do much; luckily you as home users aren't much affected unless you manage to really upset the wrong guy that appeared to be a skilled hacker.

    There is a lot of FUD, but i think it is somewhat necessary until 100% of the cyberpopulation decide to have safe habits and run their system with some basic protection whatever the method is (security product, OS tweaks, etc...) , but i doubt it will ever happen...

    Microsoft finally took the right path with Win10's Windows Defender and all its built-in security features, but they still have some cons, it is why we (security vendors) are still here; we add extras, and most people like extras.

    You can buy a car without any options, but it is nicer with them.