I have posted an explanation as to why I discourage the use of multiple engine antiviruses or antiviruses that try to be too much (and the same goes for other applications) in the Unthreat forums after seeing a (request?) post about Unthreat to become multiengine. I wish to know your opinion on this and would like to hear from you.
See post here: http://www.unthreat.com/forums/topic/435-antivirus-multiengine/
So you won't have to go there and load the page, here is what I had posted:
It will be difficult to maintain a relatively low memory usage (especially during scans) with a dual engine antivirus. In addition, it would greatly affect performance which I suppose is the highlight of VIPRE and Unthreat.
While it is good theoretically
to have two engines under the idea of two heads are better than one, I don't believe that it will in any way increase security in real-life application. While engine A may detect what engine B cannot, in reality, what most engine A detects is also detected by engine B and vice versa. The small percentage of malware that can be detected only by either engine is relatively small and quite complex in nature, viruses that are rarely encountered
given that the user is an average user, less so if security conscious and lesser still if an expert. Moreover, it poses problems concerning productivity and management of the application, particularly since using multiple engines posits the problem of seamless integration
. The more complex a code becomes, the more it becomes open to bugs. Practically speaking, multiple engines are more of a want rather than a need
It would be better, I think, to incorporate other modes of detection
rather than engines of the same kind (signature+behavior+HIPS rather than signature+signature). And if it were to be insisted the need for multiple engines, I do believe that it is better perhaps to install two separate engines (one of course, designed to be such like Malwarebytes, Hitman Pro, Immunet or Spyshelter) rather than having them in one application because then, whatever problem one engine encounters will not affect the other
. A completely independent engine is more capable of adding to protection than incorporating two or more in one application. This also allows for better memory management and productivity
(no added startup time, chances of app crashes are reduced, memory usage is maintained, such and such), real second opinion
(because you can create two log files and compare them or post them on two separate forums which extends the help that you can get and with both sides unaffected by the other so their conclusions will be genuine) and lesser risks of data loss
(because if one application crashes and a reinstall is necessary, you would have had to configure the application again and at the same time, your system is open to threats during the span of time you were without protection).
In all practicality, it is better to have a single engine antivirus rather than a multiple engine antivirus or an embellished antivirus (I mean to say those with a lot of features trying to cover unnecessarily all "vulnerabilities" which causes the application to be a problem itself being too bloated, no longer catering to the needs of users, but merely to gain market share no matter how it's put). We must understand that the concept of protection does not lie solely on the application itself but on the user as well. You can compare security products to a lifevest. You really wouldn't have much need for it if you knew how to swim, much less if you were a sports swimmer and only truly need it if you are completely incapable of swimming at all. Just the same still, if you did not know how to use the life vest, it could fail miserably and drown the user, so it was designed to be as simple to use as possible
. At the same time, you don't add another lifevest to a lifevest in hopes of floating better. If you did, you would risk getting snagged, reducing your mobility, uncomfortability, risk your air pathways and so forth which, in any case, would reduce your chances of survival. You do add, however, things like a whistle or a small flashlight. Relatively small, but important additions. Not a churchbell or a lamp. While the latter does the same as the former, they don't really fit the context for which the lifevest was designed.
To conclude, we don't really need an all-in-one antivirus with multiple engines. We also have to look at the context for which an antivirus is originally designed for (that is to keep a safer working environment
) and not overinterpret what it is (that is an all-encompassing application that prevents outside attacks, creating a utopian working environment for work and play
). We have to appreciate simplicity
. If this were a vote, I'd vote for no.