Advice Request Why is there not many multi-engine antivirus solutions?

Please provide comments and solutions that are helpful to the author of this topic.

struppigel

Moderator
Verified
Staff Member
Well-known
Apr 9, 2020
656
Hello,
i was wondering, why there is not many multi-engine antivirus solutions. Better multiple than one right ? I didn't see many antivirus programs like that. Thing with 1 antivirus engine, it is hard to decide to trust a file. With multiple engines, if file is detected by 1 from 12, than it is probably false positive.

That's certainly not what you are getting at, but there are lots of multi-engine AVs. Probably more than single-engine AVs.
The engines of Bitdefender, Kaspersky and Avira are used by many other products, which also have their own scanning engine on top. Especially for smaller companies who don't have the number of employees to maintain a full scanning engine that covers everything, it makes much more sense to license another engine and then use their own technology to cover the leftovers. The drawback is that they cannot control the detections of that engine. So if, e.g., Bitdefender's scanner has false positives, at least 6 other AV products have the very same false positive as well.

But I think your question was actually a different one, probably more like: Why not have a multi-engine product that uses all engines?
The main answer to that is: It's a question of performance vs actual benefit. Why would you deploy the very same detection method more than 10 times in different variations?
This would slow down the system considerably, whereas you could use the same resources to deploy entirely different detection technologies to make things safer. That's exactly what AV products are doing. They have not only the file scanning engine but also, e.g., behaviour monitor and blocker with heuristic rules, exploit protection modules, in-memory scanning, automatic analysis and signature creation combined with cloud blacklisting and whitelisting, ...

Let me create an analogy with safer sex: It makes sense to use a condom and birth control pill at the same time because they work differently, work in different areas and protect from different things. However it doesn't improve things if you use two condoms.
 

sepik

Level 11
Verified
Well-known
Aug 21, 2018
505
Hello,
Can someone explain, for example in VT, there's Sophos AV and Sophos ML(machine learning). Why there's two "Sophos" ? The same goes for Trend Micro, Bitdefender Theta etc. As far i know for Trend Micro, their endpoint products will get the "fresh signatures/components" first.

Kind regards,
-sepik
 

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
Hello,
Can someone explain, for example in VT, there's Sophos AV and Sophos ML(machine learning). Why there's two "Sophos" ? The same goes for Trend Micro, Bitdefender Theta etc. As far i know for Trend Micro, their endpoint products will get the "fresh signatures/components" first.

Kind regards,
-sepik
My guess is because they are using different technologies.

Example: VirusTotal (.doc sample)
1591449517188.png

1591449532755.png
 

Arequire

Level 29
Verified
Top Poster
Content Creator
Feb 10, 2017
1,814
Can someone explain, for example in VT, there's Sophos AV and Sophos ML(machine learning). Why there's two "Sophos" ?
Sophos AV refers to their signature-based solutions (Home/Mobile Security/Antivirus for Linux, etc.) and Sophos ML refers to Intercept X, which uses AI and is signatureless.
 
  • Like
Reactions: Protomartyr

sepik

Level 11
Verified
Well-known
Aug 21, 2018
505
@Spawn
Sophos ML or others AI/ML products does not, like in the screenshot, cannot process office etc files. So what i'm interested, like i said before, why there's Sophos ML and Sophos AV and Bitdefender and its Theta version on the VT? Sophos Home Premium uses AI, but it is the same than Sophos ML?

Kind regards,
-sepik

Sophos AV refers to their signature-based solutions (Home/Mobile Security/Antivirus for Linux, etc.) and Sophos ML refers to Intercept X, which uses AI and is signatureless.
Arequire, But Sophos Home includes AI, so why....Does Bitdefender Theta, Mcafee-gw etc shares the same new signatures with home consumer versions? Trend Micro does that, tho, its only a less than a day when they release signature/component versions to consumers...

Kind regards,
-sepik
 

Arequire

Level 29
Verified
Top Poster
Content Creator
Feb 10, 2017
1,814
But Sophos Home includes AI, so why
Because Intercept X and other AI/ML-based solutions (Theta) can make detections separately without the need for a signature release, so they've separated them. Also Intercept X is a business product that can be used by itself.
 

fabiobr

Level 12
Verified
Top Poster
Well-known
Mar 28, 2019
561
@Spawn
Sophos ML or others AI/ML products does not, like in the screenshot, cannot process office etc files. So what i'm interested, like i said before, why there's Sophos ML and Sophos AV and Bitdefender and its Theta version on the VT? Sophos Home Premium uses AI, but it is the same than Sophos ML?

Kind regards,
-sepik


Arequire, But Sophos Home includes AI, so why....Does Bitdefender Theta, Mcafee-gw etc shares the same new signatures with home consumer versions? Trend Micro does that, tho, its only a less than a day when they release signature/component versions to consumers...

Kind regards,
-sepik
Yes, Bitdefender ML is included in home products too (with ATD - which include all proactive modules), but ML methods can sometimes create FPs or be ineffective as it needs learning, that's why it's important feed it with data and other modules to check and reduce FPs. I guess that's why they are in VT.


----

For Mcafee, as far as I know, McAfee GW is specific to the enterprise network or something like that.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top