Battle Bitdefender vs ESET

Software comparison
Bitdefender Total Security 2021 vs ESET Smart Security Premium 14.0.22
Feature comparison
  1. Ease of use
  2. Impact on hardware performance
  3. Most available features
  4. Core protection (malware and heuristic engine)
  5. Internet protection (web filtering, anti-phishing, anti-spam, browser extension)
  6. Network protection (firewall, anti-botnet)
  7. Ransomware protection
  8. Banking and payments protection
  9. Machine learning and A.I. capabilities
  10. Privacy protections (VPN, anti-tracking)

Cortex

Level 25
Verified
Aug 4, 2016
1,409
I've tried most & stuck with KIS for some time apart from trying out others for fun I suppose, I got a two year 10 user licence recently for under £50 UK Pounds from Kaspersky so I do install it on some others PC's I look after - It can be sluggish on older PC's but this is a newish build back in may so nothing really slows it down & apart from install annoyances such as a VPN it's perfect for me - The Firewall in quite accessible so for me it ticks all the boxes, don't mind it being Russian, pretty good detection & overall maybe the best over time.
Edit: ESET, well NOD32 was the first AV I used years ago & I have a soft spot for ESET but detection isn't as good as KIS & many times more expensive.
 

SeriousHoax

Level 34
Verified
Mar 16, 2019
2,344
Yes, classification is a lot better in ESET, but not always. Most of the ransomware is w32/filecoder.3
This is correct for ESET about ransomwares. They usually detect those as filecoder...something. At least you know it's a ransomware. It's far better than Avast/Webroot, to them everything is "Win32 malware gen" :cautious:
Pretty surprisingly for proper ransomware classification you'll have to check out Windows Defender. They detect most things with their vague machine learning names except ransomwares (also PUP in most cases). They name those as "Ransom/Win32/(family/variant name) and even notifies, Ransomware detected.
They also have a detection simply named "Suspicious"
Threats are detected as "Suspicious" when a new one is blocked by their cloud "Live Grid" not by signatures. This happens in two situations mainly. 1) A threat is blacklisted by their Cloud sandbox automatically, 2) A signature writer blacklists a threat manually by hash while creating a signature for it. They usually push a signature update very quickly through stream updates or a full definition update.
 

McMcbrad

Level 20
Oct 16, 2020
967
This is correct for ESET about ransomwares. They usually detect those as filecoder...something. At least you know it's a ransomware. It's far better than Avast/Webroot, to them everything is "Win32 malware gen" :cautious:
Pretty surprisingly for proper ransomware classification you'll have to check out Windows Defender. They detect most things with their vague machine learning names except ransomwares (also PUP in most cases). They name those as "Ransom/Win32/(family/variant name) and even notifies, Ransomware detected.

Threats are detected as "Suspicious" when a new one is blocked by their cloud "Live Grid" not by signatures. This happens in two situations mainly. 1) A threat is blacklisted by their Cloud sandbox automatically, 2) A signature writer blacklists a threat manually by hash while creating a signature for it. They usually push a signature update very quickly through stream updates or a full definition update.
Yes, I did notice Windows Defender classifies everything rightly (at least what I tested)
As for Eset's updates, I notices they have about 4 hours response time. This is not bad, but it shows that more pro-active approach is needed.
 

McMcbrad

Level 20
Oct 16, 2020
967
The 4 hours response time is usually for a full module/definition update. They do have stream updates which are pushed automatically if required.
That didn’t happen with malware I sent them, I normally had to wait few hours for update and there is “suspicious” malware that still hasn’t been added to their definitions. It was suspicious a week ago.
 

McMcbrad

Level 20
Oct 16, 2020
967
This is a very unlike ESET behavior :unsure:
I only see it with 1 piece of malware, but it happens. I noticed they have streaming definitions, cuz it happened with one particular malware. I was informed that a file has been sent for analyses and few minutes after it was removed. I also like that as soon as I type my pin on logon and open the product, it’s already updated. But again, this is all signatures. Not a method we can fully count on.
 

McMcbrad

Level 20
Oct 16, 2020
967
ESET doesn't effect game performance. What about Bitdefender? In the past you could 'feel it' working but i don't know how is today
You still can’t feel it. It’s got a gaming profile you can activate and that will reduce Bitdefender’s already minimal performance impact, and will postpone tasks such as Windows updates. You can also set it to scan only apps (something I personally don’t recommend) to further reduce the CPU and disk usage whilst gaming. However, with only few percent CPU usage I’ve seen whilst loading Photoshop (app with quite a lot of dll) and given that games rely heavily on your GPU as well, even if you don’t do anything, you’re unlikely to experience any issues.
 

SeriousHoax

Level 34
Verified
Mar 16, 2019
2,344
I tested some old 1000+ samples today with Bitdefender, ESET IS & ESET Online Scanner, Kaspersky Virus Removal Tool and Windows Defender.
Bitdefender and ESET had same detection with or without internet connection, Kaspersky had 80+ less without internet and shockingly Windows Defender didn't detect almost anything without internet connection and execution.

Comparing Bitdefender's database to ESET's, Bitdefenders signatures seems to be 800 mb+ in size and ESET's is only 216 mb in total. It's even few mb less because this is the size of ESET's Online Scanner tool as a whole after it downloads its signatures.
It's amazing how efficient their engine is! They can fit everything in less than 220 mb.
@McMcbrad was telling me few days ago that ESET's engine is a miracle. Well, it kind of is.
Bitdefender and ESET are two of the very few AVs that still keep almost everything if not all of its signature locally on the device.
Anyway, this is not good vs bad example because nowadays protection is more than just signatures and both of the products are very capable at protecting the user. But I did this test today so thought that I should share it here in this thread.
 
Last edited:

Minimalist

Level 4
Oct 2, 2020
170
@SeriousHoax do you know if ESET's components are still written in assembly language?

EDIT: I think I found the answer:
In the past the CPU was emulated using bespoke assembly code. However it was an “interpreted code”, which means that each single instruction had to be emulated separately. With binary translation you execute emulated instructions natively on a real CPU. This is many times faster, especially in the case of loops in the code: introducing multiple looping is a protective technique common to all executables where measures have been applied to protect them from analysis by security products and researchers.
 
Last edited:

McMcbrad

Level 20
Oct 16, 2020
967
Last edited:

Minimalist

Level 4
Oct 2, 2020
170
Eset is written in C++ and the UI uses the same framework that Norton, Webroot and Avast use. It has never been written in anything else.

This is their UI framework: sciter – Multiplatform HTML/CSS UI Engine for Desktop and Mobile Application
I remember that in past it's detection engine was (partly?) written in assembly. That's why it was lighter then some other AVS. It was probably in times of 2.7 and maybe later.

EDIT: even on Wiki there is still this info:

1608811142210.png

 

McMcbrad

Level 20
Oct 16, 2020
967
I remember that in past it's detection engine was (partly?) written in assembly. That's why it was lighter then some other AVS. It was probably in times of 2.7 and maybe later.

EDIT: even on Wiki there is still this info:

View attachment 251833

I’ve seen that. It might be the first and original version of the product. WinApi is C++ and it will be a madness not utilising object oriented programming and Windows APIs, but relying on low-level language. Tiny programs designed to run on a small amount of memory, such as your BIOS, the software of your washer, etc might be written in assembly language.
 
Last edited:

tipo

Level 6
Jul 26, 2012
266
I remember that in past it's detection engine was (partly?) written in assembly. That's why it was lighter then some other AVS. It was probably in times of 2.7 and maybe later.

EDIT: even on Wiki there is still this info:

View attachment 251833

yeah, probably the old versions. even on sciter webpage eset is presented as using their language, as comodo and bitdefender alongside the one mentione by @McMcbrad.
Untitled.png
Untitled.png
 

MacDefender

Level 14
Verified
Oct 13, 2019
644
I’ve seen that. It might be the first and original version of the product. WinApi is C++ and it will be a madness not utilising object oriented programming and Windows APIs, but relying on low-level language. Tiny programs designed to run on a small amount of memory, such as your BIOS, the software of your washer, etc might be written in assembly language.
Even as someone who writes plenty of firmware and ROMs: we don’t even write those in assembly in this day and age. Compilers are no longer stupid and it’s kind of rare that assembly written by hand will outperform it.

The things written in assembly are usually either early startup code where the system hasn’t initialized what the compiler assumes are available, or hand written routines that use specific instructions that aren’t easy to call from C.

I think ESET’s engine is due to good software design, not a magical programming language. Being able to detect as much as BD with signatures a fraction of the size is downright miraculous.
 

McMcbrad

Level 20
Oct 16, 2020
967
Even as someone who writes plenty of firmware and ROMs: we don’t even write those in assembly in this day and age. Compilers are no longer stupid and it’s kind of rare that assembly written by hand will outperform it.

The things written in assembly are usually either early startup code where the system hasn’t initialized what the compiler assumes are available, or hand written routines that use specific instructions that aren’t easy to call from C.

I think ESET’s engine is due to good software design, not a magical programming language. Being able to detect as much as BD with signatures a fraction of the size is downright miraculous.
Avast’s engine doesn’t detect equally as much malware online and offline, but on the last AV-comparatives test it detects only 5% less without a connection, which is not bad.
The whole engine + the definitions is today 210 mb. Trend Micro detects 70% of malware offline, but their pattern file is less than 40 mb as compared to Bitdefender (almost 1GB). The size is 25x but the detection rate isn’t even 2x.

Symantec’s definitions are about 100 megs.

Malwarebytes definitions are less than 50 megs.

All in all, it seems that just the Bitdefender engine uses either ineffective design, or is badly in a need of housekeeping now.
 
Top