Like viruses in the natural world, computer viruses are rapidly evolving and mutating. Of course, unlike real viruses, computer viruses are developed solely at the hands of people who create them for their own reasons. Some viruses are simply forms of rebellion or vandalism, while others are backed by well funded organized crime outfits hoping to profit from compromised machines or stolen information.
Both paid and free anti-virus scanners make claims to thorough coverage, but the reality is that no anti-virus scanner can guarantee 100 percent accuracy. Scanners use different heuristics to identify virus signatures, and they use different databases of signatures to recognize viruses – databases that are updated at different times. With hundreds of thousands of viruses known in "the wild," even the best anti-virus scanners cannot catch them all.
It stands to reason that using multiple anti-virus solutions can help bridge the coverage gaps between products. Sometimes this can be true, but, depending on how it's done, it may introduce additional problems.
Desktop-based virus scanners typically operate in two modes: real-time protection and on-demand scanning. In real-time mode, the anti-virus software hooks into the operating system to scan files as they are acquired – for example, when a file is downloaded through your Web browser or an attachment is opened from an email. Real-time protection can be a very effective way to prevent a virus from ever executing, but it comes with some cost. Depending on the system, real-time protection can slow down performance. Because it needs to examine every file that is opened and occupies a permanent memory footprint, real-time protection can impede the user experience on machines with limited resources, such as an old PC or even a newer netbook.
More significantly, it is not advised to run two real-time scanners at the same time. Because they hook into the operating system to "grab" files that have been opened, two or more such scanners can cause conflicts. Depending on how they are programmed, the conflicts could result in anything from false alerts when one scanner thinks the other is malware, to outright crashes, potentially resulting in data loss or corruption.
When an anti-virus scanner is used in on-demand mode, it behaves more like a standard desktop application. The scanner will open each file on the system (depending on the kinds of files being scanned), search for a known virus signature, and then close that file. You can run multiple anti-virus scanners in on-demand mode. That said, it can take a very long time for a full on-demand scan – sometimes hours. Running frequent scans using multiple products could seriously hurt your machine's performance for other applications.
In larger organizations, it might make good sense to install a perimeter anti-virus solution. For example, many firewall products include or can be upgraded to include anti-virus scanners. In this scenario, files coming in through the network will be scanned before they reach the destination machine. That machine itself may also run its own anti-virus software, either real-time or on demand.
The primary benefit of running an anti-virus scanner at the network perimeter is that it provides an additional layer of protection on top of any client-based scanner. Remember, though, that a perimeter scanner will not catch viruses that are introduced from within the network – for example, through portable hard drives or thumb sticks.
In a very conservative, risk-averse scenario, you could maximize protection by deploying a perimeter anti-virus scanner, a real-time scanner, and a scheduled on-demand scanner, using three different products (and therefore different virus databases). So long as you avoid installing two real-time scanners on the same machine, you can mix and match these scenarios depending on your level of security.
For more information, see:
Technology Consulting
The Evolving IT Security Threat Landscape
Dos and Don’ts for Dealings With a Data Breach
        | 
 |
