Tony Cole

Level 27
Another gentleman on this forum Nico (congrats on the birth of his child) told me Symantec Endpoint Protection is the best he/company where he works has ever used.

Bitdefender just needs a good shake up!
 

Tony Cole

Level 27
May be you could try out and do a general impression of Symantec Endpoint, I really enjoy reading them, as I always want to try them all, but that messed up my previous laptop's SSD, apparently some AV's won't go easily :(
 
  • Like
Reactions: Cats-4_Owners-2
H

hjlbx

May be you could try out and do a general impression of Symantec Endpoint, I really enjoy reading them, as I always want to try them all, but that messed up my previous laptop's SSD, apparently some AV's won't go easily :(
@Tony Cole

I've been asked to do this several times... and just have avoided it - since - I suspect SE will be an administrative hassle until I get it all sorted out.

@Umbra : Does SE come with built-in automated policies - or does it require all manual configuration ?
 
  • Like
Reactions: Cats-4_Owners-2

Sloth

Level 5
Is Bitdefender Internet Security 2015 that much bad such that no one in MT is using it?
 
H

hjlbx

No, but you can disable any protection module you wish. Same as Comodo...
Is Bitdefender Internet Security 2015 that much bad such that no one in MT is using it?
Bitdefender products are not "bad" - it just seems a lot of users experience problems with it on their specific systems. It's difficult to tell precisely how many users have issues without any statistics.

Gotta try it out for yourself on your specific system.
 
  • Like
Reactions: Cats-4_Owners-2
D

Deleted member 2913

A product that deletes threats found with default settings is not good in my opinion.
A product that doesn't give quarantine option for detected threats on ondemand scan is not good in my opinion.
 
  • Like
Reactions: Cats-4_Owners-2
H

hjlbx

A product that deletes threats found with default settings is not good in my opinion.
A product that doesn't give quarantine option for detected threats on ondemand scan is not good in my opinion.
I agree.

BD Free deleted a system file without notification during installation. I couldn't recover it.
 
  • Like
Reactions: Cats-4_Owners-2

jamescv7

Level 61
Verified
Trusted
Is Bitdefender Internet Security 2015 that much bad such that no one in MT is using it?
Well some users stated to be problematic on the stability of the system but their free version is actually fine on most cases; I've tested both products on VM before therefore its a case to case basis.


______________________________________________

Anyway. signatures itself are totally ineffective but AV companies still implementing it as because you should have enough backup for offline situation; BB and HIPS are known for hooking process and not intended totally to be your relying protection + Cloud protection for online.

In short, those developers want to maintain all around aspects even there's already a cons/disadvantages.
 

Tony Cole

Level 27
Yes Symantec Endpoint does have pre-configured policies i.e., antivirus section you can choose default, high or custom security. The application control does have to be configured, but it is very powerful (if configured correctly) will block all Crypto-Ransomware, and a lot more. Sonar and network protection is also very good. Currently trying it out on my old laptop, have been for 1-2 months, Nico advised me to give it a whirl - very powerful. Plus you have stealth settings, e.g., stealth mode web browsing and TCP resequencing.
 
  • Like
Reactions: Cats-4_Owners-2
H

hjlbx

Yes Symantec Endpoint does have pre-configured policies i.e., antivirus section you can choose default, high or custom security. The application control does have to be configured, but it is very powerful (if configured correctly) will block all Crypto-Ransomware, and a lot more. Sonar and network protection is also very good. Currently trying it out on my old laptop, have been for 1-2 months, Nico advised me to give it a whirl - very powerful. Plus you have stealth settings, e.g., stealth mode web browsing and TCP resequencing.
@Tony Cole

Give me a download link...
 
  • Like
Reactions: Cats-4_Owners-2
D

Deleted member 178


[USER=178]@Umbra
: Does SE come with built-in automated policies - or does it require all manual configuration ?[/USER]
SEP (unmanaged) comes with a basic setup like any other softs, but from that you have to setup each modules to fit your your needs. that is the difference with homeusers softs where you have different predefined setups. In some modules you don't have much to tweak. the most important in SEP is the firewall module, since you can allow/block/lookup/check everything

read my review of it here
 
  • Like
Reactions: Cats-4_Owners-2
D

Deleted member 178

Messiah complex? hehe
i am the Savior ! :D

You haven't said anything new, though. "More damaging" is not synonymous with "more prevalent". "New" malware isn't mutually exclusive with "old" malware--especially since "old" malware is more prevalent and more likely to be encountered.
exact, but since your detection based AV is supposed to detect those old threats; why they fail at it?

That's like saying, "bullets are antiquated because nuclear weapons are really damaging" and calling any bullet-proofing "obsolete".
that is my point about detection; i will do an analogy:

1- bullets (common malwares encountered)
2- armor piercing bullet (a zero-day variant of known malware)
3- nuclear weapon (real brand new Zero-Day, not a remix or variant)
4- AV detection module (a bullet proof jacket)

now here we go :

- now i am the big bad evil hitman (aka the malware writter) ,
- oh i have a contract on your head (i want infect you), i shot at you my common bullets , your jacket stop them ! i was expected it !
- now that i know you have a good defense, i throw armor piercing rounds ... i guess i will hit you bad ... unless you are very lucky and use a top notch bullet-proof jacket (AV with very good heuristics).
- ok you survived , you made me mad , i throw at you my nuclear weapon, i nuked the whole city, you died , mission done. your jacket is just a piece of crap now.

now my view of protection:

1- holographic image of me (virtualization)
2- force shield (HIPS & BB, anti-exec properly set)
3- a bullet-proof jacket, i may need it (the AV module)

with the scenario above :

the nuke just hit a fake me , i survived
the nuke hit my force shield , i survived

do i need a bullet-proof jacket?


Which threat are we most likely to encounter? Common/bullets/script-kiddies/wannabes or 0-day/uncommon?
in the scenario above , if you use MY way of protection, you don't care

Symantec is saying that traditional AV is a necessary layer of security, not obsolete. AV only is an obsolete/ineffective approach to security, AV itself isn't obsolete. Surely you don't disagree with that?
i agree , but in fact i don't need an AV.

symantec Norton don't rely much on Detection, the best example is their Smart Definition, oriented on Prevalence only. They also stop participating to all those useless test labs.

(I like Norton and ran it when my ISP gave it away for free and when beta-testing it/Norton gave it away and it is fast. My only gripe was the crappy UI--an affliction to pretty much all security software--and WS.Reputation.1 = false positive)
SEP is quite ugly in fact :D
 
  • Like
Reactions: Cats-4_Owners-2

Rolo

Level 18
Verified
exact, but since your detection based AV is supposed to detect those old threats; why they fail at it?
I must have missed something; where are they failing?

- now i am the big bad evil hitman (aka the malware writter) ,
- oh i have a contract on your head (i want infect you), i shot at you my common bullets , your jacket stop them ! i was expected it !
- now that i know you have a good defense, i throw armor piercing rounds ... i guess i will hit you bad ... unless you are very lucky and use a top notch bullet-proof jacket (AV with very good heuristics).
- ok you survived , you made me mad , i throw at you my nuclear weapon, i nuked the whole city, you died , mission done. your jacket is just a piece of crap now.

now my view of protection:

1- holographic image of me (virtualization)
2- force shield (HIPS & BB, anti-exec properly set)
3- a bullet-proof jacket, i may need it (the AV module)
1- Same as your #1: I expected it
2- Your shield can fail or otherwise not shield everything (like fricken sharks with fricken lasers because you used a 'force' shield)
3- AH HA! You still have 'outdated' AV even with all your other fancy schmancy stuff

do i need a bullet-proof jacket?
Yes, as the hologram didn't fool me (malware is 'enlightened' now--virtual-aware--and can escape the matrix, Neo) and I go around your shield and bust a cap in yo'... :eek:

Seriously, AV scan is still needed and advised as it is better to stop the malware from executing at all rather than catch it afterwards like HIPS and BB would.

Besides...this is what heuristics look like:
 

Rolo

Level 18
Verified
just check the number of post in the malware removal forum :D
No, they don't work when you 1) install them after you're infected, or 2) install too many of them against the warning, or 3) let your subscription lapse (why I don't ever recommend subscription security--"I've been meaning to renew that" is something I've heard often.)

Most recent had 3 AVs installed: http://malwaretips.com/threads/proxy-server-virus-127-0-0-1-port-8118.47754/

As to "why they fail" is a loaded question. They aren't 100% and don't claim to be, so some will "fail". Of those failures, how many prompted the user and the user just clicked by it (being desensitised from UAC and all)? How many "failures" weren't "failures" because many would argue (even on MT) that PUPs aren't Malware and adware, hijackers, fake utilities aren't malware, just PUPs. The rest I'd mostly attribute to performance-friendly default settings.

Really, I'd be curious what the failure rate would be if you excluded pilot error, of which there are many.
 
  • Like
Reactions: Cats-4_Owners-2
D

Deleted member 178

a failure is a failure wherever it comes from.

AVs, one or two decades ago were supposed to differentiate good files from bad files with almost no user input, quarantine the bad , allowing the good.

now technology and skills (of malware writters) evolved so fast that detection AVs are always behind. when you have a signature for a malware it is already too late , thousands are already infected.

we can prevent and virtualize a whole system or browser (Shadow Defender and Sandboxie), why AVs companies do not focus on that way ?

because traditional AVs are popular for the novice and it afford LOT LOT of CASH for the companies.
 
  • Like
Reactions: Cats-4_Owners-2