Multibooting and AV software

[Dwarf]

When creating a multi-boot system, as I will be doing when I install W7 Beta alongside Vista, does each OS require its own AV and how is it set up so as not to interfere with the other OSes?
Would the answer be the same for a triple boot of XP, Vista and W7 (which I intend to do when W7 is released out of Beta)?

 

[Airbot]

Hi Dwarf,

When you have another partition/new volume that you install 7 on then yes, you would have to put an AV on it, it will not interact with your other partition/OS.

 

[johngalt]

Umm, a point of clarification:

If you install and AV program / suite and you do not *restrict* it from scanning other partitions or drives on your system, then it very well may scan those partitions and drives as well.

You'll have to be careful of what you do and how you do it.

Generally speaking, if nothing malicious is detected on a partition in one AV program then nothing *should* be detected by another program - however, stranger things have happened. This gets even worse for programs that might have a weak quarantine system, thus allowing other programs to actively scan inside their quarantine.

You *best* bet is to use the same AV every time - but that is no always possible, neither feasibly nor physically.

 

[Dwarf]

Thanks, John. So if I were to use, say Kaspersky (because I am already running it, and also because I know that you can get versions licensed for 3 machines) and install the SAME AV on each OS on my system, would it eliminate the problem of false positives being generated if the full disk is scanned in any of the OSes as opposed to just the partition that the OS is on?

 

[ziggy]

Anybody else had this both a-squared and remove-IT pro identify
c:windows\sytems32\mfplay.dll as malware but seems to be a false positive?

 

[Dwarf]

Hi Ziggy,

Can you please not hijack threads - this one is specifically for AVs and multi-boot systems. In your case your query, whilst being security related and therefore in the correct section of the forums, bears no relation to the topic of the thread and should be posted as a new thread. This will make it easier for you and others to keep track of the threads that you post, and will ensure that replies to a thread are kept to the topic of the thread without going off on a tangent.

 

[johngalt]

Thanks, John. So if I were to use, say Kaspersky (because I am already running it, and also because I know that you can get versions licensed for 3 machines) and install the SAME AV on each OS on my system, would it eliminate the problem of false positives being generated if the full disk is scanned in any of the OSes as opposed to just the partition that the OS is on?

Well, not eliminate, but would greatly reduce. See, the problem is that AV programs and suites have gotten a lot more sophisticated then they were back in the 90s - today, they analyze files on the fly (aka real time protection) and analyze what the file is attempting to do, where it is attempting to be written to (or where it is attempting to write to), etc. So, you could potentially see a FP from Kaspersky in, say, Vista, if it scanned a file that resides on your W7 partition, and does not recognize it / does not like it / etc. Similarly, you might get a FP in W7 when it scans a file on the Vista partition....

And either can give a FP if a file fails any sort of verification tests - for example, a hash check, an integrity check, etc.

That being said, though, the chances for these occurring decreases dramatically when you use the *same* AV in all OSs.

So, end result - yes, you're better off using the same one in all three, with respect to cross-OS replication and / or FP detection.

As to whether you're better off using Kaspersky over other AVs...that i8s all a matter of opinion. And I am not going there.