Why it isn’t a good idea to run multiple full antivirus products at the same time

  • December 18, 2017
  • 5 min read
why-not-to-use-multiple-anti-malware-blog


You’ve probably heard it before: Never run two antivirus programs at the same time, it’s trouble!

But what’s the logic behind this?

Is it sound advice based on technical reasoning? Or is it just a feeble marketing attempt by antivirus companies to dissuade you from installing competitors’ products on your PC?

Admittedly, some vendors in our industry use questionable methods to make some easy cash. However, that’s not the driving reason behind this principle, which has been around for more than a decade. Let’s take a look beneath the surface of protection software.

1. Chain reactions: Endless scan loops

While this was mainly a problem in the early years of antivirus software, it’s still worth mentioning. In those days, antivirus software typically scanned all files that were being accessed on your computer to check for any dangerous programs you may have had lying around that could cause you grief if you happened to start them up.

In simple tech terms: The operating system would signal that a file was being read when you viewed it in Explorer. Then the first antivirus would read the file to scan it with its signatures/matching patterns. That file reading action would trigger another file-access signal by the operating system, which would tell the second antivirus to scan the file too. But while the second antivirus read the file, a new independent signal would be triggered that forced the first antivirus to scan the file again, and so on. As a result, both antivirus products would re-scan files in an endless loop until all system resources were used up and the computer became inoperable.

Fortunately, that problem is mostly wiped out today. The industry has developed strategies to avoid such loops, and files are typically not scanned on each read action anymore, but only when they are newly created, started or modified.

2. Complexity issues: Potential incompatibilities

Modern antivirus/antimalware software acts like an extra layer that sits between the base of the operating system and the apps and programs that run on it. Developing this type of software isn’t trivial and requires many years of experience due to the sheer number of variables to consider. Protection programs are created in many different ways and often developers don’t stick to recommended coding standards. In particular, the use of undocumented operating system interfaces often cause unexpected crashes or freezes that are very difficult to resolve.

Sometimes it’s difficult to tell whether some vendors don’t have the required expertise to create their products in a way that makes them compatible with others, or if they simply don’t care and expect their customers to sort the problems out on their own.

We at Emsisoft always try to make our product compatible with as many others as possible and as some of our early users may still remember, our products were once even sold as ‘additional protection’ to classic antivirus products.c

3. Both detect a threat: Who is first to quarantine?

Imagine you have two antivirus products with real-time scans enabled. You download a dangerous file and both detect and alert a threat. But which is first to quarantine or remove the threat? You may encounter error messages as files suddenly disappear for one of the two programs as they attempt to quarantine. The best case scenario is that you’re left feeling confused; in the worst case scenario, neither of the antivirus are able to successfully quarantine the threat!

4. More isn’t always more: Little advantage for high resource cost

This is actually the strongest reason against running two full protection systems simultaneously. Virus/malware protection products today are rather complex and the exponentially growing number of threats (it doubles every year) requires a lot of code to keep the computer safe. This naturally results in a relatively high usage of computer resources, especially its memory (RAM). By running two full antivirus programs all the time, you’re basically wasting resources, because 90 percent or more of their functionality will be the same. All available protection products of reputable vendors today operate on very high quality standards and detection rates often only differ by about 1-2 percent according to test labs.

So, you might end up spending 0.5 to 1 GB or more of your available RAM to bring your detection rate up from, say, 98 percent to 99 percent. But is this minuscule improvement really worth it? Every new file on the computer would need to be scanned by both products, triggering two complex sets of code that use a lot of your CPU time, which could undoubtedly be better used for other tasks – you know, stuff you actually want to do on the computer.

The better option is to go for one product that comes with multiple scanning engines that are tuned to work together seamlessly, or a product that uses a layered protection approach with different technologies, or, better still, a product that implements both.

Our recommendation: Use only one protection

Do yourself a favor and avoid installing two full antivirus/antimalware products. It’s not worth it. If you have strong protection software that you are happy with, stick with it. If you are unhappy with it, uninstall it and then install a new one.

Don’t fall for free offerings. Even if the software doesn’t cost anything, it doesn’t necessarily make sense to add it to an already working security strategy.

Go for a complete antivirus/antimalware product that comes with layered protection and implements web protection, file monitoring, behavior blocking and anti-ransomware modules that complement each other well. Emsisoft Anti-Malware bundles all of them and even adds a second full antivirus scanner, which is integrated on a very deep technical level to avoid all the problems of having two scanners that we described earlier.

Occasionally run second opinion scans

We encourage you to check your protected system with a second opinion scanner from time to time, just to be sure that your main antivirus/antimalware hasn’t missed anything. Scanner-only products typically don’t have any issues running alongside protection products so it’s safe to use them.

Cloud based scanners are nice light-weight options here. Alternatively, if you’re not using Emsisoft Anti-Malware to protect your computer, you can use our free Emsisoft Emergency Kit, which is the only fully featured dual-engine scanner available and doesn’t even require installation to check your PC for threats and unwanted programs (PUPs).

Emsisoft Enterprise Security + EDR

Robust and proven endpoint security solution for organizations of all sizes. Start free trial

Have a malware-free day!

Emsi

Emsi

Emsisoft founder and managing director. In 1998 when I was 16, a so called 'friend' sent me a file via ICQ that unexpectedly opened my CD-ROM drive, which gave me a big scare. It marked the start of my journey to fight trojans and other malware. My story

What to read next