Battle Bitdefender Free vs. Avast Free vs AVG Free vs Panda Free

ifacedown

Level 18
Thread author
Verified
Jan 31, 2014
888
Hello!

I have tried AVAST Free before (before acquiring AVG), AVG Free(before being bought by AVAST) and Panda Free. I was never infected because I am a careful user.
Now I am using Bitdefender Free and found it to be strong in protection and light. However, it becomes suddenly heavy and stalls my old netbook when it finds malware to clean. Also, even if I turn off its shield, its AVC will still take action - this irritates me so much (Sometimes even if exclusions have been set.)
What free antivirus could you advise which is light and effective, even those not included in the list? thanks.
Running Windows 10, Creators Update
 

ifacedown

Level 18
Thread author
Verified
Jan 31, 2014
888
Avast has hardened mode and other other customizable features. hardened mode + disable powershell, java and windows script host, it would be really difficult to bypass it. I have seen only 1 benign malware that bypassed it

How do I disable Powershell and Windows Script Host?
 

Evjl's Rain

Level 47
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
1/ disable powershell
- first do this:
How to Enable and Disable PowerShell V2 on Windows 8
- second: go to "C:\Windows\System32\WindowsPowerShell\v1.0"
rename "powershell.exe" and "powershell_ise.exe" to powershell.bak and powershell_ise.bak

2/ disable windows script host
- run this file
Dropbox - disable wscript.reg
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Script Host\Settings]
"Enabled"=dword:00000000

sometimes, you need WSH or powershell, just revert those steps and then block them again
 

RoboMan

Level 34
Verified
Top Poster
Content Creator
Well-known
Jun 24, 2016
2,399
I don't know how this happened, because the free antivirus fight was so even in the past. Right now, i'd risk all my circuits to say Avast is the only free solution complete enough to be used alone or maybe with a firewall. It has a lot of modules that do not require the paid version, and always performs great on tests. Even better than other paid solutions.

On the other hand, Panda, Kaspersky, BitDefender, they all lack a lot of good features only present on the paid solution, or they're heavy enough to kill your system as Avira right now...
 

ifacedown

Level 18
Thread author
Verified
Jan 31, 2014
888
I don't know how this happened, because the free antivirus fight was so even in the past. Right now, i'd risk all my circuits to say Avast is the only free solution complete enough to be used alone or maybe with a firewall. It has a lot of modules that do not require the paid version, and always performs great on tests. Even better than other paid solutions.

On the other hand, Panda, Kaspersky, BitDefender, they all lack a lot of good features only present on the paid solution, or they're heavy enough to kill your system as Avira right now...

Yes, totally agree. Being a careful user with an anti-exe and AVAST Free should be enough most of the time.
 

klaken

Level 3
Verified
Well-known
Oct 11, 2014
112
I like comodo cloud. I find it fast and agile .. it is not the best in the signatures but the auto sandbox compensates it correctly ... What I would ask is that it had a level of heuritioca and the viruscope was of the sandbox but apart from it.
 
  • Like
Reactions: Cats-4_Owners-2

ifacedown

Level 18
Thread author
Verified
Jan 31, 2014
888
I like comodo cloud. I find it fast and agile .. it is not the best in the signatures but the auto sandbox compensates it correctly ... What I would ask is that it had a level of heuritioca and the viruscope was of the sandbox but apart from it.

Does the auto sandbox mean that when offline Comodo Cloud still provides good protection?
 
  • Like
Reactions: Cats-4_Owners-2

klaken

Level 3
Verified
Well-known
Oct 11, 2014
112
- Has a cache for offline protection
- In addition if it fails to confirm the file as secure it sends it to the sandbox .. Without internet it works the sandbox and viruscope (inside sandbox)

Viruscope (behavior module) does not say whether the file is secure. . Just confirm that it is a malware and does not remove a file from sanbox this should be done by the user.
 

mhertz

Level 1
Oct 31, 2017
11
When selecting the best AV, I always compare the results of av-comparatives, mostly the real-world tests, done monthly and summed up twice per year, and there the best of these is bitdefender, with kaspersky second, and then avast and then avira. The test is around 500 of prevailent virus/malwares found in websites the last 4 weeks.

The only thing relevant, that KAF misses, is as said the behaviour blocker. Note however, that even though it doesn't have a specific behaviour blocker(system watcher), then it still features heuristics, which means it can catch many odays still, because it's looking for signs of virus/malwares not already known through standard signatures, so honestly i'm alittle unsure about what the difference to that i.e. heuristics, and a behaviour blocker specifically is, but oh well....

Anyway, I would rather have an AV which scores highest in e.g. the av-comparatives real-world tests, and not having a behaviour blocker, than vice-versa.

Avast's pros is if wanting to have the extra configurability it offers + the behaviour blocker, but as bitdefender and kaf does (slightly) better in the real-world tests, then I would go for bitdefender first and second kaf, and avast if wanting more configurability(and behaviour blocker, compared to kaf). Btw, other than the behaviour blocker and extra configurability, then all the other things avast features is rather useless imho...Don't get me wrong, I much like avast, though they have filled it with unneeded stuff which can be done better with other specialized tools and imho doesn't fit into an AV.

Microsoft's offering, defender, or security essentials in win7, is OK to use also imho, and scores a little lower than the ones mentioned above, but nothing drastically, though lower nonetheless...

Just my 2 cents :)

Edit: After researching this some more in regards to behaviour blocking vs heuristics, then I conclude(or believe rather), that KAF includes a behaviour blocker, through it's use of heuristics. Heuristics, by kaspersky docs, are updateble patterns of malicious behaviour, and the system-watcher component of the paid kaspersky which we normally call a behaviour blocker, is a component monitoring all actions done by applications and recording them, so if something malicious is found, then the system-watcher component can roll back all actions done by the malicious process, also from previous sessions before the malicious process was discovered.

In short, behaviour blocking I believe is available in KAF, but just not the added feature of rolling back actions done by it from several boots ago before it was discovered...
 
Last edited:

mhertz

Level 1
Oct 31, 2017
11
Hmm, just wanted to add that after more researching, then I believe i'm wrong about the above notion of mine of heuristics == behaviour control, so I aplogize for posting wrong information. I read this fine guide of different anti-virus functions and there behaviour from the guides-section of this site here: How-to Guide - Modern Anti-Virus Software : Features and Functions

Heuristics is also used by behaviour-blocking, as behaviour-patterns to look for, after apps are started(monitors running system/apps for malicious actions), whereas heuristics too is used by main AV-engine to scan files for malicious code-patterns before they are executed. Or so I believe ;) And please correct me if i'm wong.

Sorry again! :)

(I'm not using any AV myself, as been using linux solely for the last 10 years, but I do maintain a couple windows boxes for family-members which needs me to be on-top of researching the "best"/most-appropriate current AV available)
 
Last edited:

klaken

Level 3
Verified
Well-known
Oct 11, 2014
112
Heuristic analyzes are methods that look for new malware either by patterns or similarities ..

The BBs are also heuritic engines since they look for behavior patterns already assigned to malware.

ej: KS free uses behavioral signatures for his heuristic analysis.

The other thing is that a heuristic analysis can look for the patterns before they are executed.
A BB by definition keeps the patterns of the actions performed and the following (live malware) .. A transient would reach to encrypt some files before it is categorized (eg viruscope comodo)

Some difference between an advanced BB is that it seeks modifications in protected sectors without knowing the full pattern. The problem is that this would generate many false positives and useful for advanced users (ex: CF)


Ex: program without signature or valid certificate asking for modifications to c: user / images
 
Last edited:

mhertz

Level 1
Oct 31, 2017
11
Thanks klaken, I can tell by your post/wording that your are much more clever/in-the-know about these things than me currently :)

Yeah, i've googled alot on this now, and I always knew heuristics where to discover new unknown threats, but didn't know that the BB's also used another version of them too discover malicious actions after the malicious and undetected app had run, vs the file-detectors use of heuristics, used only to scan files for patterns before the files are loaded, though that wouldn't help if packed in obscured format.

Do you know if the virtualization that avast supports through it's cybercapture(former deepscreen) is a technology also done by bitdefender? Also, is BB's also using virtualization always? I ask because I don't understand how the BB can roll-back changes if not running them in a virtualized environment?

If bitdefender doesn't support virtualization, then i'm gonna change the windows PC's I maintain over to using avast now instead.

...Little embarrased about not learning these things before now and especially trying to tak about "best" on a forum with so little understanding of it... :) I always just thought it was a matter of checking my most trusted independent lab for test-results :)
 

klaken

Level 3
Verified
Well-known
Oct 11, 2014
112
BB are a type of heuritic analysis ..

About what you say. I do not know much about the technology of avast or bitdefender.

BB. they keep records of file actions .. they can even copy a file before it is modified.
If they find a malware. they back(retrograde) their actions. creation of files or others.But these have a limited scope ..
 

mhertz

Level 1
Oct 31, 2017
11
Thanks klaken :) Yeah, after I wrote the post I also thought to myself that of course this could be done without virtualization, but was just thinking about if the virtualization part and BB where actually components of the same thing... Hmm, no that cannot be, as then everything should be run virtualized when having the BB on, and e.g. for avast, then the virtualization only comes in effect, I believe, when a file is deemed unknown/uncertain.

Thanks again! :)

@all, If anyone knows if bitdefender supports virtualization, along the lines of as used in the avast cybercapture, then I would appreciate to hear it thanks. If bitdefender doesn't support that, then it to me really looks like avast has the upper hand over bitdefender with that extra protection, and compared to KAF then avast includes both a BB and a virtualization-type protection(cybercapture) compared to it.

I already rolled latest avast free onto the windows systems now :)

Edit: Sorry, I see now that the cybercapture feature of avast, isn't using VT anymore, but instead uses the cloud to analyze and check the file for us instead of locally which the older deepscreen feature did, and which had issues with some configs and worked only for 10-15 secs to analyze the file. So, as bitdefender is heavily touted as a cloud-oriented AV, then i'm guessing it features similar lines of security...

Edit2: For others interested, then yes, bitdefender features the same technology as avast's old deepfreeze, i.e. it runs processes to evaluate then in a virtualized environment, and it also includes a whitelist based aproach for safe apps to save processing, which I take to mean that it also does the other avast trait of comparing files against a global checklist in the cloud, like cybercapture function of avast also does. This comes from a doc of 2015, so maybe things have changed like avast's 2016 version and newer, where VT isn't used anymore and instead the cloud is used for doing the actual checking of the files instead of the local CPU.

Now i'm in doubt again about which is best for me of avast or bitdefender, though avast still wins greatly on the configurability available...
 
Last edited:

mlnevese

Level 26
Verified
Top Poster
Well-known
May 3, 2015
1,531
Any of your options will offer efficient protection. Test all of them on your machine and see how they behave on your system. Only you can tell what is light and what isn't. Notice that high memory usage in no way makes a software "heavy". Use them all for a few days. If it does not slow down your computer during normal usage and you like it, keep it.

Also keep in mind that no security software is 100% efficient. If you don't have safe habits in the web you'll be hit by something that will bypass your security sooner or later, no matter what software you're using.
 
Last edited:

klaken

Level 3
Verified
Well-known
Oct 11, 2014
112
Thanks klaken :) Yeah, after I wrote the post I also thought to myself that of course this could be done without virtualization, but was just thinking about if the virtualization part and BB where actually components of the same thing... Hmm, no that cannot be, as then everything should be run virtualized when having the BB on, and e.g. for avast, then the virtualization only comes in effect, I believe, when a file is deemed unknown/uncertain.
.

you defined a comodo suite (cis) XD.

Comodo virtualizes unknown files or files that are not categorized as clean. By means of the cloud ..

avast or bitdefender virtualize only analyze in the cloud ... what avast was to virtualize part of the program to see its behavior but that would not be a bb, would be another heuritic method.

kaspersky if you have a certain behavior analysis as we saw XD ... so your signatures are very flexible ..
 
  • Like
Reactions: AtlBo and mhertz

mhertz

Level 1
Oct 31, 2017
11
Thanks for the replies guys/gals! :) I've never had a virus or any malware in my many previous years of using windows and now on linux I don't need an AV, but still common sense of course :)

I think i'll stick to avast over bitdefender for the time being on the windows-systems I maintain, for it's hardened-aggressive mode and extra configurability.
 

zzz00m

Level 6
Verified
Well-known
Jun 10, 2017
248
or they're heavy enough to kill your system as Avira right now...

Need to ask what this statement is based upon???

I run Avira Pro (latest version) real-time scan with no exclusions, Protection Cloud enabled, set to scan ALL files, and there is no perceptible system impact. Running on a modest 5-year old tech, dual core Intel Core i3 system, 3.4GHz, w/8 GB RAM.
 

zzz00m

Level 6
Verified
Well-known
Jun 10, 2017
248
The lightest protection option I can think of would be to (1) use your preferred AV run a full,on-demand scan of you files. (2) turn off real-time malware scanning, and (3) use an anti-exe, such as VoodooShield. You could be reasonably sure that your existing executables are safe if they passed the scan, and VoodooShield can prevent any new exe's not in the whitelist from running.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top