PDA

View Full Version : Sleeper: Do anti virus programs play nice with each other?



Howard Kaikow
02-13-2005, 06:03 AM
The answer to my question is likely no, but the devil (in me) made me ask?

For example, if I have NAV 2003 instlalled, can I add, XYZ AV program and have the two live happily together?

This would facilitate the testing of the effect of AV software on macros.

Jacob Hilderbrand
02-13-2005, 06:15 AM
I believe Nortan will try to stop another AV program from installing (claiming that it is a virus). But you could always install one, disable it, then install the other one.

But I would say that if you really want to test two AV programs that they should be on seperate systems or at least on seperate bootable partitions.

Howard Kaikow
02-13-2005, 07:04 AM
I believe Nortan will try to stop another AV program from installing (claiming that it is a virus). But you could always install one, disable it, then install the other one.

But I would say that if you really want to test two AV programs that they should be on seperate systems or at least on seperate bootable partitions.

Yes, but then I'd have to install each version of Office too.
Now I have 4 bootable partitions, each with a separate version of Office.
If I added anther AV product, then I'd need another 4 bootable partitions.

Of course, I could limit such testing with only the latest version of Office, in which case I'd need only 1 more bootable partition.

Seems no practical solution.

XL-Dennis
02-13-2005, 09:19 AM
Howard,



This would facilitate the testing of the effect of AV software on macros.


In what way?

So far I have only seen poor performance due to AV-software's scanning.

I use vmWare to setup different kind of configurations but so far I have not seen the need to test different AV-software's impact on my solutions.

KR,
Dennis

Howard Kaikow
02-13-2005, 10:06 AM
Howard,



In what way?

So far I have only seen poor performance due to AV-software's scanning.

I use vmWare to setup different kind of configurations but so far I have not seen the need to test different AV-software's impact on my solutions.

KR,
Dennis

The issue is testing to see whether particular AV software issues false positives.

In my own code, I've seen false positives merely because I used a WordBasic.Kill statement. Of course, I can avoid that.

But I've also seen false positives due to late binding or use of the VBIDE at run time. Sometimes I have to use one, or both, of these mechanisms.

I could avoid late binding by having a different version of the code for each Word version, but that should be unnecessary.

My concern is that I use only NAV because that is the most common, but lots of folkes use other AV software.

I only use the latest version of NAV on one OS on each multiboot system, so I guess I could replace the earlier version of NAV on another OS with, say, McCaffee, but that would be with a different version of Office than on my latest system.

McCaffee is often available for $0 AFTER rebates, so I'll likely do this next tyme I see such an offer.

XL-Dennis
02-13-2005, 10:20 AM
Howard,

Interesting issue and thanks for the information - highly appreciated.

In Your experience, is this only subject to Word or does it refer to the other softwares in the Office-suite as well?

It looks like a difficult situation to be forced to test with different AV-softwares. From my point of view I doubt that one workaround can be applied for several AV-softwares.

Kind regards,
Dennis

Zack Barresse
02-13-2005, 04:07 PM
.. auntie virus ..
Could this get you in as much trouble as "Windoze" I wonder? ;)

Howard Kaikow
02-13-2005, 04:12 PM
99+% of the code I write is for Word.

Most viri attack Word, n'est-ce pas?

I vaguely recall seing a problem using late binding in an Excel project I did for a Client, but I was able to code around it. Don't recall the details.

The worst case is releasing software that you know has no virus, but one of the AV programs claims it does. If it is a known named virus, then one can check the documentation to see what are some symptoms, but the worst case is a false positive based on heuristics, such as NAV's bloodhound. Unless the AV vendor supplies details, there's no way to know what to look for.

A number of false positives that I've seen went away after a few virus definition updates, but in the meantime, users suspect our code.

I'm not sure how the AV vendors handle such things. They are not going to reveal how their heuristics work and I sure won't reveal my source code.

I would ASSuME as the program's author, you are legally entitled to require them to tell you exactly what their software thinks it is finding? But dealing with the vendors, in practice, is likely to be quite difficult.

If I live long enough, I am hoping to release a shareware program.

In the documentation, I will point out that I have run the program under NAV version xyz using virus defitions as of a certain date, but there is no guarantee that other AV software, or even updates to the same AV software, will not produce false positives.

Howard Kaikow
02-13-2005, 04:20 PM
Howard,

Interesting issue and thanks for the information - highly appreciated.

In Your experience, is this only subject to Word or does it refer to the other softwares in the Office-suite as well?

It looks like a difficult situation to be forced to test with different AV-softwares. From my point of view I doubt that one workaround can be applied for several AV-softwares.

Kind regards,
Dennis

the problem with false positives is they mean either a virus definition, or a heuristic, has identified a snippet of code or a virus signature as being in one's code.

In an extreme case, a few years ago, NAV suddenly starting complaing about an ordinary HTML file that I had from Woody Leonhard. I, anf likely many other people, had the file for years, then NAV suddenly started bitching about the file.

My recollection is that the problem was fixed iby a subsequent virus definition update within about a month.

johnske
02-14-2005, 08:44 PM
The answer to my question is likely no, but the devil (in me) made me ask?

For example, if I have NAV 2003 instlalled, can I add, XYZ AV program and have the two live happily together?

This would facilitate the testing of the effect of AV software on macros.


I originally had two A/V programs installed and running simultaneously, but all the Security experts on TSG went NO! NO! NO! most definitely NO!!!...it's quite OK to have two or more A/V programs on your computer but you MUST only have ONE running at any one time.
(apparently they're too busy arguing with each other and don't notice the virii slipping past them when both are running) :rotlaugh:

Howard Kaikow
02-14-2005, 08:52 PM
I originally had two A/V programs installed and running simultaneously, but all the Security experts on TSG went NO! NO! NO! most definitely NO!!!...it's quite OK to have two or more A/V programs on your computer but you MUST only have ONE running at any one time.
(apparently they're too busy arguing with each other and don't notice the virii slipping past them when both are running) :rotlaugh:

What's TSG?

By their nature, AV programs would have a difficult tyme playing nice with each other.

johnske
02-14-2005, 09:00 PM
Hi Howard,

It's a forum "TechSupportGuys" for all sorts of help, Security, PC issues, etc. etc. etc. > http://www.techsupportforums.com/

John