A software vendor's new technique for snuffing out spyware is raising questions over whether products such as it could crash computers by clashing with anti-virus tools that have used such methods for a decade.

Aluria announced it has added what it calls Active Defense Shield to its software to intercept files and detect and eradicate spyware before it resides on a machine.

---

Also: Anti-virus, anti-spyware vendors differ on sharing specimens

---

This type of anti-malware technique is known as kernel-driver or on-access scanning. Many anti-virus vendors have embraced the method because it opens a file to wipe out malware before it lands.

But the drawback is that if two or more vendors' products try to scan at once, the machine can crash.

As the new guys on the block, anti-spyware vendors have held back from using this scanning technique in order not to be accused of interfering with anti-virus scans. But with anti-virus vendors now pursuing the fast-growing anti-spyware market as well, pressure is on anti-spyware specialists to improve their products whatever way they can.

Aluria, which IDC says owns 7.5% of the approximately $97 million anti-spyware market, has tested its software on computers running anti-spyware and claims its scanning technique will not interfere with others'.

But participants in the $3 billion anti-virus market are not so confident.

Joseph Telafici, director of operations at McAfee's Avert Labs research arm, says on-access scanning is part of virtually all anti-virus products today and helps explain why corporations do not try to run more than one anti-virus product on the desktop at the same time. "It's not pretty," he says. "It'll lock up the system and crash it."

McAfee will use on-access scanning, Telafici notes. McAfee also sells anti-spyware software as an add-on to its anti-virus software.

Vincent Weafer, senior director of Symantec security response, says it is quite likely a customer would experience compatibility issues, whether the scanner is for anti-virus or anti-spyware.

"We wouldn't recommend running two on-access scanners," he says.

Symantecs's anti-spyware and anti-virus products use the same kernel-level drivers. "They're one set of scanners and one set of agents," Weafer says.