App Review Bitdefender 2021 Review: Test vs Malware

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
Content created by
The PC Security Channel

mazskolnieces

Level 3
Well-known
Jul 25, 2020
117
Very disappointing results TBH, it showcases how much bitdefender has deteriorated over the years
Actually Bitdefender has gotten much better over the past 2 years. The problem with disabling settings in Bitdefender to theoretically isolate a protection feature and test it exclusively is that sometimes doing so borks the protection. But even if Leo did discover a bug in the ransomware protection, the other protection layers would have handled the ransomware decisively.
 

EndangeredPootis

Level 10
Verified
Well-known
Sep 8, 2019
461
Actually Bitdefender has gotten much better over the past 2 years. The problem with disabling settings in Bitdefender to theoretically isolate a protection feature and test it exclusively is that sometimes doing so borks the protection. But even if Leo did discover a bug in the ransomware protection, the other protection layers would have handled the ransomware decisively.
I am talking about the malware detection rate, not the ransomware test (altough Kaspersky did a much better job with just its ransomware protection enabled)
 

fabiobr

Level 12
Verified
Top Poster
Well-known
Mar 28, 2019
561
And again: Testing an AV turning off componentes and reviewing it, he will never learn.

I am talking about the malware detection rate, not the ransomware test (altough Kaspersky did a much better job with just its ransomware protection enabled)
Bitdefender never were good with PUPs.

ESET does a lot better at this.
 

EndangeredPootis

Level 10
Verified
Well-known
Sep 8, 2019
461
And again: Testing an AV turning off componentes and reviewing it, he will never learn.


Bitdefender never were good with PUPs.

ESET does a lot better at this.
6% of the entire folder were legitimate folder? yeah sure, I wonder why then according to independent labs products can have 100% detection ratios, even PUP's that just uses the avira engine gets 100% detection ratio of zero day malware according to them, also, something you never take into consideration is that leo purposely only has the behavior blocker on to test the capabilities of detecting zero day malware, ransomware to be specific, he litterally says it in the video.

Video = bad
Tests never shown taking place = good
 
Last edited:

fabiobr

Level 12
Verified
Top Poster
Well-known
Mar 28, 2019
561
6% of the entire folder were legitimate folder? yeah sure, I wonder why then according to independent labs products can have 100% detection ratios, even PUP's that just uses the avira engine gets 100% detection ratio of zero day malware according to them, also, something you never take into consideration is that leo purposely only has the behavior blocker on to test the capabilities of detecting zero day malware, ransomware to be specific, he litterally says it in the video.

Video = bad
Tests never shown taking place = good
He said to not pay attention to the detection ratio because the AV engine can block it proactively, which really matters is the overall protection rate (good state of PC).

You can't turn off components without knowing how AV works, on ESET test he does the same but HIPS depends on real-time protection component to work well. Who knows how Bitdefender works effectively? Only their engineers and they project the software components to always stay on, that's why when some are off it shows off a big warn YOU ARE UNPROTECTED.
 
Last edited:
F

ForgottenSeer 89360

This video has three major issues:

1. It is not known how behavioural blocking interacts with standard antivirus. By disabling standard antivirus you might also be disabling a platform that pre-extracts attributes and allows for a faster, more accurate decision taking and you are most likely disabling an emulator as well. Some products don't allow for behavioural blocking to be on if AV is off.

2. It is not known whether a true 0-day will really bypass standard AV, as packer heuristics for example might block it, even though it's brand new. The assumption that a new threat will always evade signatures and heuristics is very wrong.

3. It is not known how the Advanced Threat Defence system interacts with the cloud. It might have some sort of hash-check implemented and just because it is detecting this old malware in a controlled testing environment, doesn't necessarily mean that same will happen with brand new threats in the wild.
 
Last edited by a moderator:

RoboMan

Level 34
Verified
Top Poster
Content Creator
Well-known
Jun 24, 2016
2,399
Very disappointing results TBH, it showcases how much bitdefender has deteriorated over the years
This is terrible! Who's gonna protect me next time I get 1288 malware files run all at once in my laptop?????? :cry::cry::cry::cry:

Fun fact: if you need to disable an antivirus module to test a product, you suck at testing.
 

mazskolnieces

Level 3
Well-known
Jul 25, 2020
117
This is terrible! Who's gonna protect me next time I get 1288 malware files run all at once in my laptop?????? :cry::cry::cry::cry:
Virussign samples. Zero detection. FUD. It's all over. Throw your system off the highest building you can find within 100 km. Move deep into the forest and get off the grid. Hunt Moose instead. Go visit Chernobyl.

giphy (5).gif
 

Kongo

Level 35
Thread author
Verified
Top Poster
Well-known
Feb 25, 2017
2,478
In the end who tf cares which component blocks the malware as long as it prevents it from doing any harm to the system? Why would you test such a scenario that would never happen in real life? If Leo knows people who turn off some modules just for entertainment, then they definitely have some issues. 😄
 

mazskolnieces

Level 3
Well-known
Jul 25, 2020
117
In the end who tf cares which component blocks the malware as long as it prevents it from doing any harm to the system? Why would you test such a scenario that would never happen in real life? If Leo knows people who turn off some modules just for entertainment, then they definitely have some issues. 😄
I can understand the feature testing Leo is trying to do. It is well-meaning to isolate a protection feature and get the real scoop on how well it protects. However, that is difficult to do without knowing the dependencies upon other settings or features.

There's a cult of bashing, even perhaps hate, against Leo. It's completely unjustified. It's not as if he isn't tied into the wider AV and testing community for well over 10 years at least and discusses testing methodologies with knowledgeable, experience testing with those community colleagues. He's not some wanker Youtube tester, although I'm sure a lot of people would disagree with that.
 

Kongo

Level 35
Thread author
Verified
Top Poster
Well-known
Feb 25, 2017
2,478
I can understand the feature testing Leo is trying to do. It is well-meaning to isolate a protection feature and get the real scoop on how well it protects. However, that is difficult to do without knowing the dependencies upon other settings or features.

There's a cult of bashing, even perhaps hate, against Leo. It's completely unjustified. It's not as if he isn't tied into the wider AV and testing community for well over 10 years at least and discusses testing methodologies with knowledgeable, experience testing with those community colleagues. He's not some wanker Youtube tester, although I'm sure a lot of people would disagree with that.
Please don‘t count me to the people who are hating on him. I’ve been watching his videos for years and I can see the effort he’s putting into the videos, but after joining the Emsisoft team I just feel like he isn’t the guy I once enjoyed to watch and trusted in terms of security software. I think his videos are not for people who are into cyber security. They mainly are for newbies who just want a short and informative review of AV‘s so that they can pick one. They want to see the whole product in action and not just some modules. I might be wrong, but the way he’s explaining things in his videos makes me think that those people are his target group.
 

mazskolnieces

Level 3
Well-known
Jul 25, 2020
117
Please don‘t count me to the people who are hating on him. I’ve been watching his videos for years and I can see the effort he’s putting into the videos, but after joining the Emsisoft team I just feel like he isn’t the guy I once enjoyed to watch and trusted in terms of security software. I think his videos are not for people who are into cyber security. They mainly are for newbies who just want a short and informative review of AV‘s so that they can pick one. They want to see the whole product in action and not just some modules. I might be wrong, but the way he’s explaining things in his videos makes me think that those people are his target group.
I didn't think you were hatin' on Leo. I take Leo's tests with the same level of "OK" skepticism that I use when I review just about any AV test, malware lab report, using just about any software, and more or less all things IT. I just don't get wrapped up in the whole "is Leo's test legit or is he just buffooning yet another test because I don't like what it shows..." Lots of folk on the security forums have strong negative feelings about Leo. That's all I was saying.

I agree with you on the newbie target audience. Leo is all about what works for newbies. Certainly Leo is capable of a lot more advanced testing and getting into the what fors, what nots and minutiae that only true security geeks would appreciate - but that's not his target audience.

When Leo "seemingly" (or more precisely, it is perceived by certain software fanboys) bashes or shows certain software in a negative light, lots of people get enraged. Just look the reactions to Leo's testing, assessment and stated opinions of default deny. The mob wanted to exact some justice on the guy because he's just not into default deny. He thinks it is a solution only suitable for an advanced user. I thought the reactions over the years said more about the people that got upset than Leo. His testing and subsequent opinion about default deny is valid.
 

jackuars

Level 27
Verified
Top Poster
Well-known
Jul 2, 2014
1,688
Doing this test by disabling core components is like blindfolding me and asking me to walk in a straight line.

Can I walk? Yes
Will I try to walk in a straight line? Possibly
Am I sure that I'm walking in a straight line? Most certainly not.
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top