Tim,
As a member of the Spybot Search & Destroy forums Advisor group, I've seen
many with Spybot S&D and Defender co-existing, including myself. Though there
are no direct conflicts to my knowledge, the advice that only one program
providing real-time protection should be enabled is becoming common.
The reason is less related to direct programming conflicts, though they
could occur, than to the confusion created when more than one program alerts
for the same detection simultaneously. For example, if a registry entry
change is detected by both, if you answer to Deny or Block in one
application, you should answer with Accept or Allow in the other. This seems
counter-intuitive, since the gut level response would be to block with both.
However, if you attempt to Deny/Block with both, the second application will
usually fail, since the first application has already performed the deletion
of the registry entry, so it's no longer there to delete. How gracefully the
application deals with this is related to its own design, but it's confusing
to most people.
Though the above related to Teatimer functions, the protection provided by
the SDHelper 'Bad Download Blocker' Browser Helper Object DLL has even more
inter-relationships. Since it extends Internet Explorer to watch for known
bad downloads of ActiveX and block them before they can be saved to disk,
it's performing the same function as portions of the 'Internet Explorer File
Download Prompt' included in Win XP SP2. With Internet Explorer 7, the
ActiveX abilities are being enhanced with 'ActiveX Opt-In', which reduces a
computer’s attack surface by turning off access to most ActiveX controls by
default. Defender includes a real-time agent for Internet Explorer Downloads,
which monitors files and programs that are designed to work with Internet
Explorer, such as ActiveX controls and software installation programs.
As you can see, there is already equivalent protection with IE 6 and
Defender, more with IE 7 and SDHelper.dll appears to be a dirrect overlapping
protection to what Defender provides. Such overlap may not be truly additive,
however, since it depends how the two applications interact (who wins) when
something is detected, good or bad.
As you can see from this brief (yea, right!) explanation, the potential for
interaction is obvious, but the possible results aren't since only a true
understanding of both program's design can insure they co-exist properly.
Both Patrick Kolla, Spybot S&D's developer, and Microsoft have independantly
stated that their programs should co-exist and they will work to insure that
they continue this way. However, I personally don't feel that it's reasonable
to expect that there will never be problems, nor do I wish to spend my time
debugging this relationship. So I have chosen to follow the now popular
advice to operate the real-time protection of only one anti-spyware, along
with one antivirus which is a long-standing recommendation.
As someone who uses both programs and tries to post an even handed response
to questions relating to both programs, I hope my analysis and experiences
are some help to your decision.
Bitman