D

Deleted member 2913

My laptop is Windows 7 64
4GB RAM & 500GB HDD
Intel

I installed BIS.
Its running light here, boot is good too. For me its running as light as Avast AV Pro.

Users running BIS 2015 can shed some light here.
I tested with 2 harmless sample trojansimulator.exe from testmypcsecurity & eicar from amtso.
BIS detected trojansimulator as PUP & doesn't quarantine/deletes but the file remains on the location inaccessible.
BIS detected eicar as threat & said quarantined but was actually deleted as sample was not in quarantine.

Rightclick scan detected threats on the sameples above but no quarantine option in action. Delete deletes & take appropriate action too deletes the files.

What is search advisor in Web protection?
I thought those safe/malicious, etc... icons on search links but nothing on the search links.

So I liked its running light.
But the prob is ---
Deleting threats instead of quarantine (just a sample test).
PUP are blocked & remains in the location...dont know bug or design?
Rightclick scan detected threats no quarantine option.
Search advisor but nothing on the search links.

BIS 2015 users plzz give some info here.

UPDATE - Only vsserv process is on high side on task manager. Initially around 220,000 K & after sometime settles around 120,000 K but system is running light.
Onaccess AV settings set to custom - Here you can select action to move files to quarantine & works fine i.e quarantined the file on detection.
Guess PUP detection is by design i.e blocks PUP on the location inaccessible but on the alert you can select view details & threat window opens & here you can quarantine the PUP.
I noticed black screen during boot. Unchecking early boot scan under custom of onaccess settings solves the prob here.

Boot time is little longer but acceptable here.

Prob is rightclick scan i.e no quarantine option on detection.

Everything else seems fine now.
 
D

Deleted member 2913

@Umbra

Whoaaa now, don't use them big words... I get confused. My head might swell up and explode. :D

Thank you... thank you very much.
I like quite a few users here who post excellent security review, knowledge readings, etc... And if you have any query & you see they are online then you dont go offline coz you know within a moment they will reply to your post. And you are one of them.

So all of you experts helping average/novices, etc... thanxx from the bottom of my heart. I will skip I love you for now;)
 

Cats-4_Owners-2

Level 37
Verified
Trusted
That is what MT is all about... helping others.
You exemplify well MT's repututable credo well through your enlightened & entertaining testimonials. Oops,:oops: ..excuse the BIG words!:p
(I had a good *chuckle* at the humble hilarity of your forcast: Confusion with the chance of heads exploding!:D:D:D)
The very fact @Umbra, our resident Dark Lord, has granted you a seat upon his council speaks volumes in contrast to his customary
"Take No Prisoners" approach
..to helping others!:p
 
Last edited:

Tony Cole

Level 27
It just amazes me at the level of knowledge, talent and skill in the IT, and world in general when it comes to computers. I liked when Bitdefender said that under no circumstance do they employ hackers from the dark side, they want staff who want to help, not break laws. I often wonder how true that is, and whether there are security companies that employ such tactics.

I have tried Bitdefender, it was good (only because of the hype), but I soon learnt the hard-way via various forums, majority of their own with bugs that occur year after year, do they never read such reports, obviously not – the user(s) do not count.

I had a BSOD, which scared the life out of me, when I opened ‘safe pay’ I was really looking forward to using that feature, especially in today’s environment - I cannot even buy premium bonds in the UK from post offices, due to money laundering, let alone use online banking.
 
H

hjlbx

I don't know how it gets the top spot in every website.They are very slow updating new definitions.
Correct me if I am wrong here @Malware1. Much thanks...

If you've designed a good scan engine it will detect whatever you feed it - but - it's the whole process of feeding it that's the real issue. Feed a scan engine consistently accurate signatures at a very high rate and it's detection results are high; feed a scan engine inaccurate signatures at a variable or low rate and it's detection results will be dismal.

Accuracy, volume and speed of signature creation by AV vendors is the key.

Are the signatures representative of the what is out there in the wild - does it correlate with the actual prevalence of files in the wild? Are all malware families (types), geographic origin, time origin, variants, etc, etc included?

A lot of the AV test lab results are dependent upon when and where they get their samples. In other words, the origin and age of the samples.

Malware signatures might be created en masse for those coming out of country X during time period Y - Z. If you have samples that aren't from country X - or - are not from the collection and submission period Y - Z, then it is likely you will have no detection. It also depends upon whether or not the AV vendor participates in VirusTotal or uses some other method(s) to create signature databases (e.g. Comodo).

Some vendors use hashes (MD5s, etc) short-term and then go with generic signatures long-term. Some vendors perform these actions quickly (Avira, Bitsy, Emsi, ESET, Kasper), others are slow (Comodo).

Think of it this way - the existence of malware signatures is highly dependent upon where (the origin), when and how they are fed to, received and processed by the AV vendors.

The above activities are not uniform - they vary over time. There might be a lot of malware sample collecting in country A during a certain time period, but none in B. So malware from country A will have a high detection rate - country B will not.

This is simplistic... but it makes sense.

There are a whole range of factors that affect signatures other than vendor collection methods and policies: server reliability, signature distribution, agreements with other AV vendors, staffing, etc, etc, etc. = Time, Money, Resources.

That's why I chuckle when I see various AV test lab and PC Mag reviews. They are a crock to some degree... more useful as a general (relative) indicator of detection than an absolute indicator.
 
Last edited by a moderator:
H

hjlbx

Look... it's my Dah. Oooooo Dad-dee... :D

Thank you for the kind words @Cats-4_Owners-2

I am @Umbra 's padawan... The Force is strong with him.

He is known throughout the galactic underworld as Lord EDIS KRAD... :D

His reputation precedes him... he's into the hot Sith babes, has all the best Starships, and generally, makes a menace of himself.

His Exploits are legendary... most well-known for using a False Vacuum to kick Neo's ass...
 
Last edited by a moderator:
Correct me if I am wrong here @Malware1. Much thanks...

If you've designed a good scan engine it will detect whatever you feed it - but - it's the whole process of feeding it that's the real issue. Feed a scan engine consistently accurate signatures at a very high rate and it's detection results are high; feed a scan engine inaccurate signatures at a variable or low rate and it's detection results will be dismal.

Accuracy, volume and speed of signature creation by AV vendors is the key.

A lot of the AV test lab results are dependent upon when and where they get their samples. In other words, the origin and age of the samples.

Malware signatures might be created en masse for those coming out of country X during time period Y - Z. If you have samples that aren't from country X - or - are not from the collection and submission period Y - Z, then it is likely you will have no detection. It also depends upon whether or not the AV vendor participates in VirusTotal or uses some other method(s) to create signature databases (e.g. Comodo).

Some vendors use hashes (MD5s, etc) short-term and then go with generic signatures long-term. Some vendors perform these actions quickly (Avira, Bitsy, Emsi, ESET, Kasper), others are slow (Comodo).

Think of it this way - the existence of malware signatures is highly dependent upon where (the origin), when and how they are fed to, received and processed by the AV vendors.

The above activities are not uniform - they vary over time. There might be a lot of malware sample collecting in country A during a certain time period, but none in B. So malware from country A will have a high detection rate - country B will not.

This is simplistic... but it makes sense.

There are a whole range of factors that affect signatures other than vendor collection methods and policies: server reliability, signature distribution, agreements with other AV vendors, staffing, etc, etc, etc.

That's why I chuckle when I see various AV test lab and PC Mag reviews. They are a crock to some degree... more useful as a general (relative) indicator of detection than an absolute indicator.
Thanks for the kind Info:).That is why my home grown antivirus gets an applaudable review instead of poor projection of scores in different websites & has good demand too_Other than the virus issue Bitdefender seems to be really buggy for me.Browser doesn't seem to get loaded properly,most of the time it crashes & loads very slow.In the same place norton or kis performs very well..:D
 
  • Like
Reactions: Cats-4_Owners-2
H

hjlbx

Thanks for the kind Info:).That is why my home grown antivirus gets an applaudable review instead of poor projection of scores in different websites & has good demand too_Other than the virus issue Bitdefender seems to be really buggy for me.Browser doesn't seem to get loaded properly,most of the time it crashes & loads very slow.In the same place norton or kis performs very well..:D
Same issues on my specific system with BD. It's performance doesn't correlate with test lab results - if I can get it to work at all...
 
  • Like
Reactions: Abhishek Singha

Rolo

Level 18
Verified
Bitdefender is a nightmare while web browsing & most of the recent viruses are not even getting detected.I don't know how it gets the top spot in every website.They are very slow updating new definitions.Shifted back to KIS & in future I hope I would go for Norton.
"Paid advertising" is how; it's these sites' livelihood. I mean, SimCity was, like, the best game ever according to those guys.
 
D

Deleted member 2913

I uninstalled it as overall didn't liked it. As mentioned in one of my post in this thread no option to quarantine detected threats with rightclick scan. Guess ondemand scan too will not give quarantine option. Plus as many users reported mostly not good experience I too faced the same. I mean system boot was strange sometimes good sometimes slow & sometimes black screen for couple secs during boot. Their webshield too seems little buggy coz sometimes page load is slow & sometimes normal. Password protection works only with AV settings, rest mostly you can change even with password protection enabled. This I didn't like. And many additional features/craps not needed or I dont need & no custom install. So overall didn't liked it & uninstalled.
 
D

Deleted member 178

Edis Krad lol :D (this one was a good one)

to be back on the topic; @hjlbx is right, what make a detection-based AV efficient is way too hazardous (prevalence, origin of sample, threat ratio, etc...) ; it is why i keep saying that detection is useless now , 15 years ago it was the best choice since you had few malwares created.

today with thousands of created malware a day , detection is behind , prevention and virtualization are the keys.
 

Rolo

Level 18
Verified
To say "detection is useless...because of daily new..." has a few flaws:
  • This ignores the fact that most malware isn't new
  • Even most new malware is based on older, recognisable malware
  • Scanners don't only rely on a strict hash alone but on permutations/heuristics
  • Scanners typically include more, such as BB, HIPS/HIDS, browser/mail session scanning to aid detection/heuristics
 
H

hjlbx

To say "detection is useless...because of daily new..." has a few flaws:
  • This ignores the fact that most malware isn't new
  • Even most new malware is based on older, recognisable malware
  • Scanners don't only rely on a strict hash alone but on permutations/heuristics
  • Scanners typically include more, such as BB, HIPS/HIDS, browser/mail session scanning to aid detection/heuristics
Oh, how AV vendors wished this was the way it worked in reality - it would make them all superstars.

For example, collect a single malware sample from a particular class\family of malware.

Collect 99 more variants of the original sample that are not detected by signature.

Run a scan with heuristics set to maximum.

You'll be lucky if - on average - the maximum heuristics scan detects 10 % No one catch my keypunch error. This should be only 1%. of those new variants.

Very unfortunately - for everyone involved - that is the current state of signature-based malware detection.

In order for vendors to create generic signatures, it requires them to have samples of every variant of a malware.

* * * * *
Webroot, for example, uses hash-only detection (AFAIK); they do not use signatures.

Emsisoft, for example, uses hash detection short-term and generic signatures long term.

Most AV vendors do the same - since it takes time at the back-end of their operations to analyze and create the signatures. So for the sake of keeping up with in-the-wild malwares, they use hash - then later on - signature. One difference between vendors is the speed at which they produce the signatures.
 
Last edited by a moderator:
D

Deleted member 178

Oh, how AV vendors wished this was the way it worked in reality - it would make them all superstars.
hahaha.

To say "detection is useless...because of daily new..." has a few flaws:
  • This ignores the fact that most malware isn't new
but real serious damaging FUD malwares are new, i don't talk about scriptkiddie's stuff or wannabe hackers
  • Even most new malware is based on older, recognisable malware
as i said above, those are used by kiddies or pseudo-criminals.
  • Scanners don't only rely on a strict hash alone but on permutations/heuristics
heuristic are based on malware they know, once again we go back to point 1
  • Scanners typically include more, such as BB, HIPS/HIDS, browser/mail session scanning to aid detection/heuristics
false, scanners are just scanners, they include nothing. BB/HIPS are components that complement the antivirus not the scanner; their very existence is a proof that detection is obsolete and easily bypassable. If detection with heuristics was strong enough, HIPS/BB/sandboxes will never be created.
i replied in red obviously :D
 
Last edited by a moderator:

Tony Cole

Level 27
How come Bitdefender manages to get it so wrong, with bugs to pop up year-after-year, if they ironed out/listened to their actual users, they would probably have the best security software. Kaspersky does indeed have bugs, but their products are extremely stable, and will actually uninstall.
 
  • Like
Reactions: Cats-4_Owners-2

Rolo

Level 18
Verified
i replied in red obviously
Messiah complex? hehe

You haven't said anything new, though. "More damaging" is not synonymous with "more prevalent". "New" malware isn't mutually exclusive with "old" malware--especially since "old" malware is more prevalent and more likely to be encountered.

That's like saying, "bullets are antiquated because nuclear weapons are really damaging" and calling any bullet-proofing "obsolete".

Which threat are we most likely to encounter? Common/bullets/script-kiddies/wannabes or 0-day/uncommon?

You're running Symantec Endpoint Protection; from the brochure (emphasis added, CAPS mine):
Symantec Endpoint Protection goes beyond antivirus to deliver layered protection at the endpoint. Leveraging the power of our Global Intelligence Network, Insight and SONAR technologies [WHITELIST, HEURISTICS, CLOUD SCANNING] analyze the reputation [BLOCK EVERY NEW FILE PERIOD WS.REPUTATION.1 YAY] and characteristics of suspicious files [HEURISTICS/BB] to determine if they pose a danger to your systems. Network Threat Protection analyzes incoming data streams and proactively blocks threats. [FILE SCANNER OVER SOCKETS] Combined with traditional antivirus, firewall and IPS, these technologies deliver full protection across both physical and virtual systems.
Symantec is saying that traditional AV is a necessary layer of security, not obsolete. AV only is an obsolete/ineffective approach to security, AV itself isn't obsolete. Surely you don't disagree with that?

(I like Norton and ran it when my ISP gave it away for free and when beta-testing it/Norton gave it away and it is fast. My only gripe was the crappy UI--an affliction to pretty much all security software--and WS.Reputation.1 = false positive)