The most complete protection will be obtained by combining tools which perform in radically different fashion and protect against different classes of viruses. For instance, when used together a scanner and a checksum program will protect against both known and unknown viruses. The scanner can detect known viruses before software is installed on the system. A virus can be modified to elude the scanner, but it will be detected by the checksum program.
The two tools should have different ``additional functionality'' (see table 3) to form the most comprehensive security package. For instance, the combination of a checksum program and an access control shell would also detect Trojan horses and enforce organizational security policy in addition to virus detection. On the other hand, adding a binary analyzer to a system that already employs checksumming would not provide additional functionality.
If you must use two scanners, be sure that they use different search strings.
A number of tools are based on published search strings; shareware
tools commonly utilize the same public domain signature databases. Two
different scanner engines looking for the same strings do not provide
any additional protection of information.