It's tempting to think more is better when it comes to anti-spyware and anti-virus software and firewalls. In reality too many can cause trouble.
In recent years this question has become more complex than ever.
There are certain types of protection you need, and getting all that protection may involve running more than one program.
On the other hand, running more than one program of the wrong type can, indeed, cause problems.
Let’s see if I can’t sort this out for you.
What you need
As a general rule of thumb, you need only one of each of the following:
While that appears relatively simple, it gets complex because:
Most anti-virus programs operate in two modes:
- Scan: the utility examines memory and files on disk for traces of malware. This involves actually examining the contents each file for things that “look like” viruses.
- Monitor: often referred to as “real time” monitor, the anti-virus program is continually running and scans files as they arrive on your machine, notifying you nearly immediately if the file you just received contains something that looks like a virus.
There’s nothing at all wrong with periodically running anti-virus scans with more than one anti-virus program. The key here is that it’s just a scan – it starts, it scans, and then it’s done. There’s no opportunity to come into conflict with another anti-virus program.
Real time monitoring, on the other hand, is another story. When you install most anti-virus programs, they often automatically install and enable their real time monitors. Running two or more real time anti-virus monitors at the same time is very likely to cause a conflict. That conflict could result in error messages, crashes of the anti-virus programs, or other types of failure.
Bottom line: it’s certainly OK to have more than one anti-virus program installed, and it can make sense to run a scan using a different program from time to time, but you must make sure you only have one real time monitor enabled at a time.
The simplest way to do that is to rely on a single good anti-virus program, and make sure that its database of known viruses is continually being updated.
Anti-spyware tools operate much like anti-virus tools, and that typically means the same two modes:
- Scan: the utility examines memory and the hard disk for traces of spyware. While an anti-spyware program typically does not scan every executable file on the disk, it does check certain registry entries, look at the contents of certain files, and check for the presence of others for things that “look like” spyware.
- Monitor: like anti-virus programs, anti-spyware programs often have a “real time” component that monitors for certain spyware-like activities. A good example is that an attempt to change your default home page will be caught (or prevented) in real time by many anti-spyware programs.
And once again, the bottom line is the same: periodic scans by different programs are quite alright, while the real time monitors installed by these utilities can easily come into conflict. Make sure only one package has its real time monitoring facility enabled.
The most important thing is to start with a good anti-spyware program, and make sure that its database of known spyware is continually being updated.
The term “anti-malware” is where things get complicated.
Technically “malware” is an all-encompassing term for viruses, spyware, and anything else that we might consider harmful software. So in a sense an anti-malware tool would include both anti-virus and anti-spyware components.
And many do.
But then there are tools like Malwarebytes Anti-malware, which for years has been an important tool in our arsenal, and yet has long been explicit about not being an anti-virus tool. (They recommended another anti-virus tool in their support forums.) Even today, as the scope of the tool appears to be expanding, they still seem to be avoiding the term “anti-virus” in favor of “anti-malware and “anti-spyware”.
The result, of course, is confusion.
A malware plan
With all that confusion in sight, here’s a strategy that I use myself and recommend:
- Select a single, good anti-virus program, install it and enable its real time component.
- Select a single, good anti-spyware program, install it and enable its real time component.
That’s it. Note that quite often the same program might provide both anti-virus and anti-spyware – in fact it’s getting harder and harder to find packages that don’t. While in the past I’ve generally shied away from all-in-one solutions, some are getting better, if not inevitable.
What’s important here is that you know what components your anti-malware tool is providing, and not duplicate that with another tool.
When issues arise, and you suspect malware – particularly malware that you believe your existing tools have not caught1 – then you would install additional tools without their real time component enabled. The purpose of these tools is to run an additional scan of your computer for the suspected malware. This is traditionally where I turn to Malwarebytes’ free version.
This strategy keeps your system running with enough protection, but not too much protection, and with a plan should something ever make it through.
Firewalls are a different beast from the tools we’ve talked about so far. They fall into roughly two categories: hardware and software.
A software firewall is just that – software that’s installed on your machine that prevents certain types of intrusion into your system from the outside. And in some cases, it also monitors for suspicious attempts to connect to the outside from within your computer. In both cases the functions are performed in real time, as they happen.
As you can guess from the previous discussion, two programs trying to perform the same action at the same time can lead to problems. I would most certainly not run two different software firewalls at the same time. That implies that if Windows Firewall is turned on, I would turn it off as part of installing another firewall such as Zone Alarm. In actuality, I would expect the installation of a third party firewall to automatically disable and replace the built in Windows Firewall.
In most homes and small businesses, your router is a hardware firewall. Routers provide a level of protection that prevents your computer from being seen from the internet, unless you initiate the outbound connection. There’s nothing to install on your PC; it’s just another box that sits between you and your internet connection.
There’s nothing wrong with having both a software and a hardware firewall. It’s partially redundant, but it’s harmless. In fact, if there are machines within your LAN that you don’t actually trust, having both can actually be an appropriate choice, as your router will protect you from threats coming in from the internet, whereas your software firewall would protect you from threats that might originate from a compromised machine within your local network.
Technically, there’s also really nothing wrong with having multiple hardware firewalls. You can put a router behind a router if you like. However, a) it will slow down your connectivity somewhat, and b) there are certain types of communications protocols that may break as a result. Common protocols like web and email do not, so it’s usually OK, but it’s not really recommended.