- Apr 13, 2013
- 3,143
A Bitdefender Internet Security test
- Thread starter cruelsister
- Start date
It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
- May 11, 2014
- 1,639
Ones and results Bitdefender pays for - corruption.
P.S. another great review, shows just what AV's cannot do!
P.S. another great review, shows just what AV's cannot do!
- Jan 29, 2015
- 96
Thank you again @cruelsister for another nice video. Another quick and dirty demonstration of how useless and dubious those tests are.
I wonder if Active Threat Control set to aggressive would make a difference or running it in Windows 10.
Last edited by a moderator:
- Aug 22, 2013
- 815
Well bit defender is a paid soft. Unlike free soft they have an obligation to each and every user to protect their system once they install their software, be it tweaked or not so. Remember they have a specific module just to prevent ransomware. Hence enabling or disabling of a module doesn't count. It failed.
- May 1, 2015
- 314
It will, you need to set everything to agressive and bit will block all of them (at least it works in my windows 7)
Good video but...
AV Comparatives is incredibly fake. I think they are getting paid to say that all of the AV products get 100% in every test...
Look at this:
It said that almost all of the AVs tested got 100%! There is no way that Tencent, Trend Micro, Vipre, AVG, F-Secure or any other AV got 100% in this test. Unless you used incredibly old samples then these tests are completely fake.
- Nov 19, 2014
- 2,344
Most of the av companies tests give good results by using samples older than dinosaurs i would assume. Reason they do that is because if they don't no AV company will want to be tested by them. Simple as that.
They help AV companies make sales with good scores and the AV companies pays. Probably doesn't apply to all testing companies but a lot of those do it.
They help AV companies make sales with good scores and the AV companies pays. Probably doesn't apply to all testing companies but a lot of those do it.
- Nov 17, 2016
- 627
there goes my faith in reading reviews, AV Bullentin, and magazines.......
Last edited:
Exactly!
Another great share @cruelsister that shows some of the big players (still) need to revise their basic protection - if they advertise they will intercept "any", they should deliver. ["Advanced Ransomware Protection" @ Bitdefender Internet Security 2017 - Internet Security Software ].
Why? Because many users will not change the settings to max out the product, they will trust in the ads, either being to lazy or simply not aware how to maximize protection.
- May 11, 2014
- 1,639
Active Threat Control doesn't work on 64bit system, or is limited - is that correct? Just shows what money can/cannot do.
- Aug 23, 2016
- 193
LOL, come on guys, it missed 1 ransomware, what`s that fuss? What bad can happen to someone`s PC? Let`s take the optimistical side: it deleted most of them!
Simple and efficient test to demonstrate the bullshit served us every day! Thanks, cruelsister.
What bad can happen to someone`s PC? Let`s take the optimistical side: it deleted most of them! Simple and efficient test to demonstrate the bullshit served us every day! Thanks, cruelsister.
- Jun 29, 2014
- 260
Personally, I dislike the 100% label as well. Nothing is 100%. I guess people just get tired of writing "100% of the samples tested". And yes, every AV vendor pays to participate in these tests. Apparently, they all pay the same. Whether that is entirely true only AV Comparatives will know. Knowing how much they ask for, I don't see why they would require "extra money" though. They make money hand over fist already.
One aspect that is often forgotten is how these tests are performed. Cruelsister's test ignores a whole bunch of security layers. Just to name a few:
- All URL blocking is avoided, samples just magically appear on the system (there are some very aggressive URL filters out there, a lot of which are responsible for those 100% results; just look at Trend Micro for example)
- Unlike files downloaded from the internet, it is likely that all those files miss the zone identifier (a lot of behaviour blockers will give extra bias towards files that come from the internet, using the zone identifier that is present whenever you download a file in a browser, but that are never there if you just get them from a sample pack)
- The JavaScript downloaders usually arrive in archives, which can make a difference (for example certain security tools will harden applications and limit what they can do; Word or WinRAR executing wscript.exe for example, would be a huge no-no)
It does have its drawbacks though. Certain infection vectors are underrepresented in my opinion. Mostly anything related to file sharing and trojanised warez, probably due to legal reasons. They also tend to ignore email as an infection vector. I guess for most users it won't matter, since I would imagine people mostly use webmail anyway, which turns email into a normal download infection vector, which is well covered in the AV Comparatives testing, but I do feel they can improve in that regard. AV Test for example does test with malicious emails and a normal email client as well.
- Apr 13, 2013
- 3,143
Ana- With BD I just had soooo many choices of malware that bypass it it was difficult to choose which one to demonstrate!
About upping the ATC- once again a really pretty term but that's about it. It was bypassed in all modes. Also as the Pro testers didn't employ it, I also could not for the purpore of this video.
FW- Good points, but I avoid doing the URL test as the URL blocking is essentially equivalent to having a definition for a true zero day sample- new malware, as well as new malware URL's will just blow right by such protection schemes. Also running some URL's that may have been sitting on some list or other for God knows how long is in my opinion a waste of my viewers time (which I fervently hope is precious). I also didn't include it as the song wasn't that long.
Regarding email protection you have a valid point. I've added a pre-existing botnet where ransomware was being emailed out by a D forked svchost in a couple of recently published videos and will include it in my season finale in a few weeks.
And finally running a file from the desktop (or Folder) is totally valid as this will take into account a malware vector from ANY source, including dragging it on to the system from a flash drive (didn't you watch Mr Robot?).
About upping the ATC- once again a really pretty term but that's about it. It was bypassed in all modes. Also as the Pro testers didn't employ it, I also could not for the purpore of this video.
FW- Good points, but I avoid doing the URL test as the URL blocking is essentially equivalent to having a definition for a true zero day sample- new malware, as well as new malware URL's will just blow right by such protection schemes. Also running some URL's that may have been sitting on some list or other for God knows how long is in my opinion a waste of my viewers time (which I fervently hope is precious). I also didn't include it as the song wasn't that long.
Regarding email protection you have a valid point. I've added a pre-existing botnet where ransomware was being emailed out by a D forked svchost in a couple of recently published videos and will include it in my season finale in a few weeks.
And finally running a file from the desktop (or Folder) is totally valid as this will take into account a malware vector from ANY source, including dragging it on to the system from a flash drive (didn't you watch Mr Robot?).
Mr Robot is my favourite Amazon Prime series
- Jun 29, 2014
- 260
You can at least consider downloading the samples from some URL. Set up a local webserver and download them from there to have a complete chain of events that behaviour blockers can track and samples don't just suddenly "appear". It would simulate an unknown URL to block far better than just copying the samples to the system.
If I have access to your system to stick in my flash drive and run my malware, you have lost anyway. I can just turn off your AV in that case or click "allow" when it screams at me. Phyiscal security is a must. If you can't guarantee that, don't even bother with anything else.
Last edited:
- Jun 22, 2014
- 717
Another good test of a well known vendor.
Especially liked the "easy,easy..." comment in the intro.
Regards Eck
Especially liked the "easy,easy..." comment in the intro.
Regards Eck
I agree. I don't have proof but I'm assuming 99% of ransomware is delivered through the internet. So good URL blocking would be a critical consideration when it comes to stopping malware. Like you said samples don't just magically appear in real life.
CS Never cease to amaze me, maybe because I'm so stupid, but I think it's because you are so very smart.
- May 9, 2015
- 625
@cruelsister
Is there a single Anti Virus (AV) program whether its paid or free that offers full 100% anti-ransomware protection ? None. Just like other AV software BD is no exception. An AV performance should be seen from its totality. Testing limited to the micro aspects of the software cannot help in determining whether the AV is effective or not.
An AV software offers protection from various angles like monitoring web pages, behavioral based detection, signature based detection, cloud based detection etc. One AV may be more good at behavioral based detection over the other but may be weaker in web page protection in comparison. Testing an AV based on hypothetical situation may not always be accurate. For example the BD could have blocked access to those files if it were tried downloading from the Internet. Just for saying true BD protection may be dependent on combinations of web protection, behavioral, signature based protection etc etc and how accurate in determining effectiveness of BD protection based on a hypothetical situation were you execute a bunch of malwares out of nowhere ?? Each AV have its strength and weakness.
The user of an anti virus software should only need to ensure that the given AV can offer good protection in its totality. Reaching into a conclusion of the AV whether its good or bad based on the performance of a particular aspect of an AV say just depending on behavioral based detection or just depending on web protection or just depending on the signature based protection doesn't represent the actual protection the AV can offer in a real world scenario.
Is there a single Anti Virus (AV) program whether its paid or free that offers full 100% anti-ransomware protection ? None. Just like other AV software BD is no exception. An AV performance should be seen from its totality. Testing limited to the micro aspects of the software cannot help in determining whether the AV is effective or not.
An AV software offers protection from various angles like monitoring web pages, behavioral based detection, signature based detection, cloud based detection etc. One AV may be more good at behavioral based detection over the other but may be weaker in web page protection in comparison. Testing an AV based on hypothetical situation may not always be accurate. For example the BD could have blocked access to those files if it were tried downloading from the Internet. Just for saying true BD protection may be dependent on combinations of web protection, behavioral, signature based protection etc etc and how accurate in determining effectiveness of BD protection based on a hypothetical situation were you execute a bunch of malwares out of nowhere ?? Each AV have its strength and weakness.
The user of an anti virus software should only need to ensure that the given AV can offer good protection in its totality. Reaching into a conclusion of the AV whether its good or bad based on the performance of a particular aspect of an AV say just depending on behavioral based detection or just depending on web protection or just depending on the signature based protection doesn't represent the actual protection the AV can offer in a real world scenario.
Last edited:
Similar threads
