well done Hjlbx, i can safely say that you brilliantly took over my seat of best MT written reviewer 
- Status
Onaccess AV settings set to custom - Here you can select action to move files to quarantine & works fine i.e quarantined the file on detection.
Guess PUP detection is by design i.e blocks PUP on the location inaccessible but on the alert you can select view details & threat window opens & here you can quarantine the PUP.
I noticed black screen during boot. Unchecking early boot scan under custom of onaccess settings solves the prob here.
Boot time is little longer but acceptable here.
Prob is rightclick scan i.e no quarantine option on detection.
Everything else seems fine now.
well done Hjlbx, i can safely say that you brilliantly took over my seat of best MT written reviewer
@Umbra
Whoaaa now, don't use them big words... I get confused. My head might swell up and explode.
Thank you... thank you very much.
I like quite a few users here who post excellent security review, knowledge readings, etc... And if you have any query & you see they are online then you dont go offline coz you know within a moment they will reply to your post. And you are one of them.@Umbra
Whoaaa now, don't use them big words... I get confused. My head might swell up and explode.
Thank you... thank you very much.
So all of you experts helping average/novices, etc... thanxx from the bottom of my heart. I will skip I love you for now
So all of you experts helping average/novices, etc... thanxx from the bottom of my heart. I will skip I love you for now
That is what MT is all about... helping others.
- Dec 4, 2013
- 2,800
You exemplify well MT's repututable credo well through your enlightened & entertaining testimonials. Oops,
..excuse the BIG words!(I had a good *chuckle* at the humble hilarity of your forcast: Confusion with the chance of heads exploding!
)The very fact @Umbra, our resident Dark Lord, has granted you a seat upon his council speaks volumes in contrast to his customary
"Take No Prisoners" approach
..to helping others!
Last edited:
- May 11, 2014
- 1,639
It just amazes me at the level of knowledge, talent and skill in the IT, and world in general when it comes to computers. I liked when Bitdefender said that under no circumstance do they employ hackers from the dark side, they want staff who want to help, not break laws. I often wonder how true that is, and whether there are security companies that employ such tactics.
I have tried Bitdefender, it was good (only because of the hype), but I soon learnt the hard-way via various forums, majority of their own with bugs that occur year after year, do they never read such reports, obviously not – the user(s) do not count.
I had a BSOD, which scared the life out of me, when I opened ‘safe pay’ I was really looking forward to using that feature, especially in today’s environment - I cannot even buy premium bonds in the UK from post offices, due to money laundering, let alone use online banking.
I have tried Bitdefender, it was good (only because of the hype), but I soon learnt the hard-way via various forums, majority of their own with bugs that occur year after year, do they never read such reports, obviously not – the user(s) do not count.
I had a BSOD, which scared the life out of me, when I opened ‘safe pay’ I was really looking forward to using that feature, especially in today’s environment - I cannot even buy premium bonds in the UK from post offices, due to money laundering, let alone use online banking.
Bitdefender is a nightmare while web browsing & most of the recent viruses are not even getting detected.I don't know how it gets the top spot in every website.They are very slow updating new definitions.Shifted back to KIS & in future I hope I would go for Norton.
Correct me if I am wrong here @Malware1. Much thanks...
If you've designed a good scan engine it will detect whatever you feed it - but - it's the whole process of feeding it that's the real issue. Feed a scan engine consistently accurate signatures at a very high rate and it's detection results are high; feed a scan engine inaccurate signatures at a variable or low rate and it's detection results will be dismal.
Accuracy, volume and speed of signature creation by AV vendors is the key.
Are the signatures representative of the what is out there in the wild - does it correlate with the actual prevalence of files in the wild? Are all malware families (types), geographic origin, time origin, variants, etc, etc included?
A lot of the AV test lab results are dependent upon when and where they get their samples. In other words, the origin and age of the samples.
Malware signatures might be created en masse for those coming out of country X during time period Y - Z. If you have samples that aren't from country X - or - are not from the collection and submission period Y - Z, then it is likely you will have no detection. It also depends upon whether or not the AV vendor participates in VirusTotal or uses some other method(s) to create signature databases (e.g. Comodo).
Some vendors use hashes (MD5s, etc) short-term and then go with generic signatures long-term. Some vendors perform these actions quickly (Avira, Bitsy, Emsi, ESET, Kasper), others are slow (Comodo).
Think of it this way - the existence of malware signatures is highly dependent upon where (the origin), when and how they are fed to, received and processed by the AV vendors.
The above activities are not uniform - they vary over time. There might be a lot of malware sample collecting in country A during a certain time period, but none in B. So malware from country A will have a high detection rate - country B will not.
This is simplistic... but it makes sense.
There are a whole range of factors that affect signatures other than vendor collection methods and policies: server reliability, signature distribution, agreements with other AV vendors, staffing, etc, etc, etc. = Time, Money, Resources.
That's why I chuckle when I see various AV test lab and PC Mag reviews. They are a crock to some degree... more useful as a general (relative) indicator of detection than an absolute indicator.
Last edited by a moderator:
Look... it's my Dah. Oooooo Dad-dee...
Thank you for the kind words @Cats-4_Owners-2
I am @Umbra 's padawan... The Force is strong with him.
He is known throughout the galactic underworld as Lord EDIS KRAD...
His reputation precedes him... he's into the hot Sith babes, has all the best Starships, and generally, makes a menace of himself.
His Exploits are legendary... most well-known for using a False Vacuum to kick Neo's ass...
Last edited by a moderator:
Thanks for the kind Info
.That is why my home grown antivirus gets an applaudable review instead of poor projection of scores in different websites & has good demand tother than the virus issue Bitdefender seems to be really buggy for me.Browser doesn't seem to get loaded properly,most of the time it crashes & loads very slow.In the same place norton or kis performs very well..Thanks for the kind Info
Same issues on my specific system with BD. It's performance doesn't correlate with test lab results - if I can get it to work at all...
- Jun 14, 2015
- 857
"Paid advertising" is how; it's these sites' livelihood. I mean, SimCity was, like, the best game ever according to those guys.
I uninstalled it as overall didn't liked it. As mentioned in one of my post in this thread no option to quarantine detected threats with rightclick scan. Guess ondemand scan too will not give quarantine option. Plus as many users reported mostly not good experience I too faced the same. I mean system boot was strange sometimes good sometimes slow & sometimes black screen for couple secs during boot. Their webshield too seems little buggy coz sometimes page load is slow & sometimes normal. Password protection works only with AV settings, rest mostly you can change even with password protection enabled. This I didn't like. And many additional features/craps not needed or I dont need & no custom install. So overall didn't liked it & uninstalled.
Edis Krad lol (this one was a good one)
to be back on the topic; @hjlbx is right, what make a detection-based AV efficient is way too hazardous (prevalence, origin of sample, threat ratio, etc...) ; it is why i keep saying that detection is useless now , 15 years ago it was the best choice since you had few malwares created.
today with thousands of created malware a day , detection is behind , prevention and virtualization are the keys.
(this one was a good one) to be back on the topic; @hjlbx is right, what make a detection-based AV efficient is way too hazardous (prevalence, origin of sample, threat ratio, etc...) ; it is why i keep saying that detection is useless now , 15 years ago it was the best choice since you had few malwares created.
today with thousands of created malware a day , detection is behind , prevention and virtualization are the keys.
- Jun 14, 2015
- 857
To say "detection is useless...because of daily new..." has a few flaws:
- This ignores the fact that most malware isn't new
- Even most new malware is based on older, recognisable malware
- Scanners don't only rely on a strict hash alone but on permutations/heuristics
- Scanners typically include more, such as BB, HIPS/HIDS, browser/mail session scanning to aid detection/heuristics
Oh, how AV vendors wished this was the way it worked in reality - it would make them all superstars.
For example, collect a single malware sample from a particular class\family of malware.
Collect 99 more variants of the original sample that are not detected by signature.
Run a scan with heuristics set to maximum.
You'll be lucky if - on average - the maximum heuristics scan detects
Very unfortunately - for everyone involved - that is the current state of signature-based malware detection.
In order for vendors to create generic signatures, it requires them to have samples of every variant of a malware.
* * * * *
Webroot, for example, uses hash-only detection (AFAIK); they do not use signatures.
Emsisoft, for example, uses hash detection short-term and generic signatures long term.
Most AV vendors do the same - since it takes time at the back-end of their operations to analyze and create the signatures. So for the sake of keeping up with in-the-wild malwares, they use hash - then later on - signature. One difference between vendors is the speed at which they produce the signatures.
Last edited by a moderator:
Last edited by a moderator:
- May 11, 2014
- 1,639
How come Bitdefender manages to get it so wrong, with bugs to pop up year-after-year, if they ironed out/listened to their actual users, they would probably have the best security software. Kaspersky does indeed have bugs, but their products are extremely stable, and will actually uninstall.
- Jun 14, 2015
- 857
Messiah complex? hehe
You haven't said anything new, though. "More damaging" is not synonymous with "more prevalent". "New" malware isn't mutually exclusive with "old" malware--especially since "old" malware is more prevalent and more likely to be encountered.
That's like saying, "bullets are antiquated because nuclear weapons are really damaging" and calling any bullet-proofing "obsolete".
Which threat are we most likely to encounter? Common/bullets/script-kiddies/wannabes or 0-day/uncommon?
You're running Symantec Endpoint Protection; from the brochure (emphasis added, CAPS mine):
Symantec Endpoint Protection goes beyond antivirus to deliver layered protection at the endpoint. Leveraging the power of our Global Intelligence Network, Insight and SONAR technologies [WHITELIST, HEURISTICS, CLOUD SCANNING] analyze the reputation [BLOCK EVERY NEW FILE PERIOD WS.REPUTATION.1 YAY] and characteristics of suspicious files [HEURISTICS/BB] to determine if they pose a danger to your systems. Network Threat Protection analyzes incoming data streams and proactively blocks threats. [FILE SCANNER OVER SOCKETS] Combined with traditional antivirus, firewall and IPS, these technologies deliver full protection across both physical and virtual systems.
Symantec is saying that traditional AV is a necessary layer of security, not obsolete. AV only is an obsolete/ineffective approach to security, AV itself isn't obsolete. Surely you don't disagree with that?
(I like Norton and ran it when my ISP gave it away for free and when beta-testing it/Norton gave it away and it is fast. My only gripe was the crappy UI--an affliction to pretty much all security software--and WS.Reputation.1 = false positive)
- Status
Similar threads
