Antispyware vs Antivirus
Results 1 to 10 of 10

Thread: Antispyware vs Antivirus

  1. #1
    The ******* Shadow dalek's Avatar
    Join Date
    Sep 2005
    Posts
    1,564

    Antispyware vs Antivirus

    Looks like the two may be heading for a showdown...........

    An unfortunate problem may be on the way. As adware, spyware and browser hijackers have become more sophisticated, antispyware programs have had to use more sophisticated means to catch them. Unfortunately, this may cause conflicts with antivirus programs using the same methods.

    Antivirus programs historically have done a poor job of cleaning or even detecting spyware, although that has improved recently. Antispyware programs generally do not bother to detect viruses and trojans, since that is not in their mandate. For this reason, most people (sensible people anyway) have both antispyware and antivirus programs on their computer.

    A very sophisticated, if low-level, technique used by antivirus software to catch viruses is to scan at the kernel level. The kernel is the lowest level of an operating system. By scanning at this low level, it leaves very little room for a virus to hide.

    A number of antispyware companies are planning to introduce kernel-level scanning in their products. There really is no way to avoid it. The line between adware, spyware, viruses and trojans has virtually disappeared.

    All of these types of parasites have poached each other's methods to replicate and to hide. Only the purpose of this unwanted software determines what it is called these days. The antispyware programs have to keep up, if they are to be of any use.

    This is causing some concern in the antivirus industry. Two programs, both scanning at the kernel level at the same time, can crash a computer. Every antivirus company warns customers against using two different antivirus programs at the same time. People may end up having to make a hard decision: antispyware or antivirus?

    The best way to avoid this potential problem may be cooperation between the antispyware and antivirus industries. An industry standard may have to be hammered out for kernel-level scanner drivers.

    The kernel-level drivers can be written in such a way that, if more than one program is trying to access them, the drivers will juggle the requests to avoid a conflict. Two scanners would not be using the same resources at the same time and a system crash would be avoided.

    The only other option would be for the antispyware and antivirus industries to encroach directly onto each other's territory. They would become direct competitors, with each side detecting both viruses and spyware.

    As it stands now, antispyware programs do a poor job of detecting viruses and worms, while antivirus programs do only a fair job of detecting spyware. I don't see it as being in the best interests of the end users for each side to try and do the other's job. I hope the companies in both industries also see it that way and decide to work together.
    Spyware Weekly

    Further to the story: Network World

    May be a few hard decisions to make soon, ref the freebies (Adaware, Spybot S & D, AVG etc.)
    PC Registered user # 2,336,789,457...

    "When the water reaches the upper level, follow the rats."
    Claude Swanson

  2. #2
    Senior Member
    Join Date
    Jan 2004
    Posts
    195
    But still the question remain unanswered that what to use n how? Looks like for the time being using both is best bet, till the these industries find a better way out, isn't it? Even if it means two programms performing kernel-level scanning, atleast it is(was) working till now....
    It\'s all about sense of power.

  3. #3
    Banned
    Join Date
    Apr 2003
    Posts
    1,147
    Well, we knew that it would come to this. That is no surprise. The question should be, "Can reliable, adequate protection be provided by one combined application and can the industry agree on open season on all malware, no matter the source?"

    just my tuppence.

  4. #4
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,192
    Well now, i just about know enough about computers to boot into safe mode and run stuff sequentially.

    So, the only problem should be with realtime interactive stuff?

    I am actually running AVG and Avast at the same time on this machine. I have no problems, because they work differently...............I have teatimer and all sorts of other "goodies" going as well, I was trying to provoke a conflict, and could not

    Is this a "paid for by Semantec" article?
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  5. #5
    The ******* Shadow dalek's Avatar
    Join Date
    Sep 2005
    Posts
    1,564
    Hi nihil


    Is this a "paid for by Semantec" article?
    Is this rhetorical??? or are you just being facetious

    This is the guy who wrote it:


    emessmer@nww.com
    (941) 792-1061
    Network World
    9303 Ninth Ave. NW
    Bradenton, FL 34209

    I couldn't see where "semantac" were involved, think it's FUD?? ......

    I know for sure that my previous AV Trend Micro had issues with Zone Alarm (both provided firewalls), to the point that ZA recommended I uninstall Trend Micro, not!!... I have seen in other forums where Norton has a thing... about running in conjunction with another AV, but I put that down to Norton (bloatware), I believe the majority who do use two AV's use NOD32 for realtime scanning and every so often do a manual scan with another AV, I think it's the two realtime functions that can conflict with each other...
    PC Registered user # 2,336,789,457...

    "When the water reaches the upper level, follow the rats."
    Claude Swanson

  6. #6
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,192
    Is this rhetorical??? or are you just being facetious
    A bit of both?

    I would suggest that "it's bloatedness" would be a prime suspect?

    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  7. #7
    Regal Making Handler
    Join Date
    Jun 2002
    Posts
    1,668
    I think it's the two realtime functions that can conflict with each other...
    This, is surely common knowledge?

    I was quite impressed with a friend of mine recently, he is quite adept at using his PC. However he is an absolute eedjut, when things go wrong. However, he had managed to,"sus out" that having Norton AV/Internet Security and McAfee AV/Internet Security, installed at the same time was a bad thing.

    He uses AOHell as an ISP and obtained McAfee for free, through AOHell. He has had Norton since he brought his box many years ago. Having tried McAfee (not un-installing Norton) he came to the conclusion, "they fight each other". To say I was impressed is, to not do justice, to exactly how much time and energy, I have spent edumicating him.

    I have, for a long time now, had the feeling, that," catch", is absolutly correct. With his atitude to AV software. I just wish I could understand enough of his posts and links to enable the theories he espouces<sp?> and put it into practice.
    What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry

  8. #8
    The ******* Shadow dalek's Avatar
    Join Date
    Sep 2005
    Posts
    1,564
    I would suggest that "it's bloatedness" would be a prime suspect?

    I agree....if you read the article, one of the supporters of this is "Aluria", they were one of the first people to actually provide "Spyware" on unsuspecting users, and now they would like everyone to think they are legit.

    http://www.dslreports.com/forum/rema...3816~mode=flat goes back aways, suffice to say, anything that has "Alurias" stamp of approval on it, I will stay away from......[

    This, is surely common knowledge?
    Actually you would be amazed at how much this topic is up for debate around the forums, seems a lot of users do actually believe that having two running will protect them "twice as much"? I believe there are two ways to do this effectively and that is to use one which has the heuristic scanning in realtime mode, and maybe use the other one for manual scanning....?

    Sort of like having AVG on always and every now and then maybe scan with Avast or whatever other AV you might have, basically the one should be enough as long as it is kept up to date...and that I think is the problem, keeping them up to date...
    PC Registered user # 2,336,789,457...

    "When the water reaches the upper level, follow the rats."
    Claude Swanson

  9. #9
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,192
    jinxy

    I once loaded six AVs on the same box and showed them an "interesting" CD

    That was fun!..................interesting to figure out how they worked though?

    I agree about Catch I only argue with him on scale and application...............like your friend, there are some who need automatic protection because you cannot trust them to look after themselves? and we cannot be there all of the time?

    First thing I do with a SOHO user is install RAID1..................the CD/DVD device might get used for the first month?...................go back two years later?................"I lost it all"................errrr............no?

    "That's magic"....................errrr no, it's RAID1, cost you about eighty quid?

    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  10. #10
    Fastest Thing Alive s0nIc's Avatar
    Join Date
    Sep 2001
    Location
    Sydney
    Posts
    1,584
    AntiSpywares never really saw the need of delving deep down to kernel mode before.. however, malwares these days have gone that deep aswell..

    One good examples are malwares that uses rootkit technology. Rootkits can reside in user mode and/or in kernel mode. Now, since it is the AntiSpyware's job to remove malwares, it will have to dive deep down the kernel aswell. True, this can cause system problems. Having a rootkit down ur kernel itself can cause a problem.

    But there isnt much options left, the bad guys went down there, and we have to follow em to catch em. Kernel mode use to be rootkit's safe haven, and AVs do not really go after them, not much choice left.

    I guess the best solution is for AVs to go after malwares aswell. So its just 1 application for all.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides