I've seen some users add a free antivirus program to their endpoint device to compliment whatever existing enterprise...
antivirus option their employer has preinstalled on the device. Is it wise for users to add a free secondary antivirus program? What problems can this cause?
From a nontechnical person's point of view, having more than one antivirus program may seem like a good idea, as knowing that you even need one installed is a great place to start. One might also wonder why -- in an enterprise setting -- a regular user could install a new system application, as one of the key aspects of securing an endpoint is limiting the ability to make changes to the system via administrative access restrictions.
While there are some free antivirus tools that are reasonable to use, they are not needed if there is already another real-time detection antimalware tool installed. From a technical point of view, having multiple security tools could have some benefits, but having one antivirus tool that operates on request and that complements a real-time or on-access antivirus tool could be better.
However, having two antivirus tools that do the same thing could be problematic. For example, there is some concern about CPU and RAM usage when two antivirus tools are installed, but the lower level integrations are more concerning. Typically, on-access virus scanning requires hooking the operating system in at a low level and then having the antivirus tool scan a file to see if it is malicious before any other program can access it. If there are two antivirus tools installed, then they might interfere with the process of scanning files.
Depending on the tool, the behavior of another antivirus tool could be seen as suspicious and cause the first antivirus tool to try to quarantine the second. This could then trigger the self-protection functionality built into the antivirus tool -- which is needed to protect itself from malware that might try to disable it to avoid detection -- making the system unstable.
Ask the expert:
Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)
Dig Deeper on Open source security tools and software
Related Q&A from Nick Lewis
Cloud penetration testing presents new challenges for information security teams. Here's how a playbook from the Cloud Security Alliance can help ... Continue Reading
Island hopping attacks create enterprise risk by threatening their business affiliates. Here's how to create an incident response plan to mitigate ... Continue Reading
Many cloud providers are tight-lipped about internal security control details. Learn how to evaluate cloud security providers with certifications and... Continue Reading