I've seen some users add a free antivirus program to their endpoint device to compliment whatever existing enterprise...
antivirus option their employer has preinstalled on the device. Is it wise for users to add a free secondary antivirus program? What problems can this cause?
From a nontechnical person's point of view, having more than one antivirus program may seem like a good idea, as knowing that you even need one installed is a great place to start. One might also wonder why -- in an enterprise setting -- a regular user could install a new system application, as one of the key aspects of securing an endpoint is limiting the ability to make changes to the system via administrative access restrictions.
While there are some free antivirus tools that are reasonable to use, they are not needed if there is already another real-time detection antimalware tool installed. From a technical point of view, having multiple security tools could have some benefits, but having one antivirus tool that operates on request and that complements a real-time or on-access antivirus tool could be better.
However, having two antivirus tools that do the same thing could be problematic. For example, there is some concern about CPU and RAM usage when two antivirus tools are installed, but the lower level integrations are more concerning. Typically, on-access virus scanning requires hooking the operating system in at a low level and then having the antivirus tool scan a file to see if it is malicious before any other program can access it. If there are two antivirus tools installed, then they might interfere with the process of scanning files.
Depending on the tool, the behavior of another antivirus tool could be seen as suspicious and cause the first antivirus tool to try to quarantine the second. This could then trigger the self-protection functionality built into the antivirus tool -- which is needed to protect itself from malware that might try to disable it to avoid detection -- making the system unstable.
Ask the expert:
Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)
Dig Deeper on Open source security tools and software
Related Q&A from Nick Lewis
Enterprises have many options for email security best practices, ranging from deploying email security protocols to educating end users on the ... Continue Reading
Cyberattacks often begin with a port scan attack, which attackers use to find exploitable vulnerabilities on targeted systems. Learn how they work ... Continue Reading
Monitoring process memory is one way to combat fileless malware attacks. Here's what you can do to protect your network against these campaigns. Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.