- Feb 25, 2017
- 2,585
- Content source
- https://www.youtube.com/watch?v=v3h_5i-w-b4
Bitdefender 2021 Review: Test vs Malware
- Thread starter Kongo
- Start date
It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
- Sep 8, 2019
- 461
Very disappointing results TBH, it showcases how much bitdefender has deteriorated over the years
- Jul 25, 2020
- 117
Actually Bitdefender has gotten much better over the past 2 years. The problem with disabling settings in Bitdefender to theoretically isolate a protection feature and test it exclusively is that sometimes doing so borks the protection. But even if Leo did discover a bug in the ransomware protection, the other protection layers would have handled the ransomware decisively.
- Sep 8, 2019
- 461
I am talking about the malware detection rate, not the ransomware test (altough Kaspersky did a much better job with just its ransomware protection enabled)
- Aug 27, 2020
- 446
Hey, I agree completely with @mazskolnieces statement, test the AV as a whole!.
- Mar 28, 2019
- 569
And again: Testing an AV turning off componentes and reviewing it, he will never learn.
ESET does a lot better at this.
Bitdefender never were good with PUPs.
ESET does a lot better at this.
- Sep 8, 2019
- 461
6% of the entire folder were legitimate folder? yeah sure, I wonder why then according to independent labs products can have 100% detection ratios, even PUP's that just uses the avira engine gets 100% detection ratio of zero day malware according to them, also, something you never take into consideration is that leo purposely only has the behavior blocker on to test the capabilities of detecting zero day malware, ransomware to be specific, he litterally says it in the video.
Video = bad
Tests never shown taking place = good
Last edited:
- Mar 28, 2019
- 569
He said to not pay attention to the detection ratio because the AV engine can block it proactively, which really matters is the overall protection rate (good state of PC).
You can't turn off components without knowing how AV works, on ESET test he does the same but HIPS depends on real-time protection component to work well. Who knows how Bitdefender works effectively? Only their engineers and they project the software components to always stay on, that's why when some are off it shows off a big warn YOU ARE UNPROTECTED.
Last edited:
This video has three major issues:
1. It is not known how behavioural blocking interacts with standard antivirus. By disabling standard antivirus you might also be disabling a platform that pre-extracts attributes and allows for a faster, more accurate decision taking and you are most likely disabling an emulator as well. Some products don't allow for behavioural blocking to be on if AV is off.
2. It is not known whether a true 0-day will really bypass standard AV, as packer heuristics for example might block it, even though it's brand new. The assumption that a new threat will always evade signatures and heuristics is very wrong.
3. It is not known how the Advanced Threat Defence system interacts with the cloud. It might have some sort of hash-check implemented and just because it is detecting this old malware in a controlled testing environment, doesn't necessarily mean that same will happen with brand new threats in the wild.
1. It is not known how behavioural blocking interacts with standard antivirus. By disabling standard antivirus you might also be disabling a platform that pre-extracts attributes and allows for a faster, more accurate decision taking and you are most likely disabling an emulator as well. Some products don't allow for behavioural blocking to be on if AV is off.
2. It is not known whether a true 0-day will really bypass standard AV, as packer heuristics for example might block it, even though it's brand new. The assumption that a new threat will always evade signatures and heuristics is very wrong.
3. It is not known how the Advanced Threat Defence system interacts with the cloud. It might have some sort of hash-check implemented and just because it is detecting this old malware in a controlled testing environment, doesn't necessarily mean that same will happen with brand new threats in the wild.
Last edited by a moderator:
- Jun 24, 2016
- 2,485
This is terrible! Who's gonna protect me next time I get 1288 malware files run all at once in my laptop??????
Fun fact: if you need to disable an antivirus module to test a product, you suck at testing.
- Jul 25, 2020
- 117
I didn't even pay attention to be honest. I assumed it was 90 % or higher.
These are the kind of tests performed by people who lack passion, but still want to get them YouTube hits and subscribers.
If you are really interested in testing the ATD, it's not too difficult to write custom ransomware or find a real 0-day.
- Jul 25, 2020
- 117
Virussign samples. Zero detection. FUD. It's all over. Throw your system off the highest building you can find within 100 km. Move deep into the forest and get off the grid. Hunt Moose instead. Go visit Chernobyl.This is terrible! Who's gonna protect me next time I get 1288 malware files run all at once in my laptop??????
- Feb 25, 2017
- 2,585
In the end who tf cares which component blocks the malware as long as it prevents it from doing any harm to the system? Why would you test such a scenario that would never happen in real life? If Leo knows people who turn off some modules just for entertainment, then they definitely have some issues. 
- Jul 25, 2020
- 117
I can understand the feature testing Leo is trying to do. It is well-meaning to isolate a protection feature and get the real scoop on how well it protects. However, that is difficult to do without knowing the dependencies upon other settings or features.In the end who tf cares which component blocks the malware as long as it prevents it from doing any harm to the system? Why would you test such a scenario that would never happen in real life? If Leo knows people who turn off some modules just for entertainment, then they definitely have some issues.
There's a cult of bashing, even perhaps hate, against Leo. It's completely unjustified. It's not as if he isn't tied into the wider AV and testing community for well over 10 years at least and discusses testing methodologies with knowledgeable, experience testing with those community colleagues. He's not some wanker Youtube tester, although I'm sure a lot of people would disagree with that.
- Feb 25, 2017
- 2,585
Please don‘t count me to the people who are hating on him. I’ve been watching his videos for years and I can see the effort he’s putting into the videos, but after joining the Emsisoft team I just feel like he isn’t the guy I once enjoyed to watch and trusted in terms of security software. I think his videos are not for people who are into cyber security. They mainly are for newbies who just want a short and informative review of AV‘s so that they can pick one. They want to see the whole product in action and not just some modules. I might be wrong, but the way he’s explaining things in his videos makes me think that those people are his target group.
- Jul 25, 2020
- 117
I didn't think you were hatin' on Leo. I take Leo's tests with the same level of "OK" skepticism that I use when I review just about any AV test, malware lab report, using just about any software, and more or less all things IT. I just don't get wrapped up in the whole "is Leo's test legit or is he just buffooning yet another test because I don't like what it shows..." Lots of folk on the security forums have strong negative feelings about Leo. That's all I was saying.
I agree with you on the newbie target audience. Leo is all about what works for newbies. Certainly Leo is capable of a lot more advanced testing and getting into the what fors, what nots and minutiae that only true security geeks would appreciate - but that's not his target audience.
When Leo "seemingly" (or more precisely, it is perceived by certain software fanboys) bashes or shows certain software in a negative light, lots of people get enraged. Just look the reactions to Leo's testing, assessment and stated opinions of default deny. The mob wanted to exact some justice on the guy because he's just not into default deny. He thinks it is a solution only suitable for an advanced user. I thought the reactions over the years said more about the people that got upset than Leo. His testing and subsequent opinion about default deny is valid.
- Jul 2, 2014
- 1,717
Doing this test by disabling core components is like blindfolding me and asking me to walk in a straight line.
Can I walk? Yes
Will I try to walk in a straight line? Possibly
Am I sure that I'm walking in a straight line? Most certainly not.
Can I walk? Yes
Will I try to walk in a straight line? Possibly
Am I sure that I'm walking in a straight line? Most certainly not.
Last edited:
- Dec 30, 2012
- 4,809
Bitdefender has a PUP module that I found pretty good
I get the same feeling...He used to test a lot more thoroughly!
- Aug 2, 2020
- 549
I think he disabled the ATP and other features in order to test the Ransomware remediation on its own. It did not manage to restore the encrypted files so this is something that probably had to be done in order to test this feature.
Personally I still think BD is still among the best AV around along with KasPerSky.
Personally I still think BD is still among the best AV around along with KasPerSky.
Similar threads
