Hot Take Bitdefender... You Love it, but it slows down your PC... Want to Make BD Superfast ? Do This... Takes 3-4 Days,

[ForgottenSeer 116559]

That is probably true, as McAfee is totally cloud based and very fast... IF that is the future, I wonder why BD doesn't go that way as McAfee has done.

Imagine the investment it takes for an entity like Bitdefender to completely rethink their architecture, both in time and money. McAfee has been incrementally expanding and refining the new cloud architecture for several years now. It's been a long road returning to a sense of completeness for their product.

Reworking the foundation of these Titanic antiviruses is much easier said than done.

 

[annaegorov]

Imagine the investment it takes for an entity like Bitdefender to completely rethink their architecture, both in time and money. McAfee has been incrementally expanding and refining the new cloud architecture for several years now. It's been a long road returning to a sense of completeness for their product.

Reworking the foundation of these Titanic antiviruses is much easier said than done.

Yea I'm sure you are right, but I only say it for that reason, not that I'm familiar with the inner workings of an AV vendors...Concerning cost, time, hardware, and effort I'd have no idea. Would be fascinating to know and understand those things but I don't

 

[annaegorov]

2 of my other AV licenses have expired, considering BD -- how do you install correctly, or how can it be installed incorrectly so I avoid that?

I just saw a discount for BD Premium 1yr 5pc/device. I think it was Walmart for $55.00

 

[SeriousHoax]

Not entirely true, ESET does update incrementally.

https://forum.eset.com/topic/28097-what-are-pico-updates/

I'm aware of pico updates. These are downloaded every 10 minutes. My point was regarding disk writes during signature update. 380-400 MB is the minimum range for it.
I remember @Trident telling me (corrent me if I'm wrong) that Sophos downloads small signature updates everyday and store them in a separate folder and once every month they are merged to the main database. This method seems like a great way to reduce disk writes.
I forgot where I saw it, but remember someone from Bitdefender or ESET saying that merging signature database on every update ensures integrity of the database which is better for security, according to them. Avast does this once everyday I think, which is better than doing it on every update like Bitdefender and ESET. There was even a case reported on this forum where Avast didn't do the merging for a whole week and only downloaded streaming updates.

 

[Trident]

I remember @Trident telling me (corrent me if I'm wrong) that Sophos downloads small signature updates everyday and store them in a separate folder and once every month they are merged to the main database. This method seems like a great way to reduce disk writes.

Yeah, that's how Sophos does it and in addition, Sophos is very conservative what goes into definitions/signatures. They prefer to add very generic detections that the Behavioural Genotype use

 

[IceMan7]

2 of my other AV licenses have expired, considering BD -- how do you install correctly, or how can it be installed incorrectly so I avoid that?

I have no idea. First of all, don't mess with your computer with any programs, don't cause the system and registry to bloat.

Over the past three months, I've installed BD TS on three computers. Two of them have 16GB of RAM, one has 32GB. I gave them about two weeks to "examine" the system. I don't see any difference in the performance of my computer compared to Eset or Fsecure, which I had for seven years. I even feel that Firefox works better and faster. Maybe because I don't have a plugin for BD, but it was required for Fsecure?

 

[IceMan7]

That is probably true, as McAfee is totally cloud based and very fast... IF that is the future, I wonder why BD doesn't go that way as McAfee has done.

Every solution has its advantages and disadvantages. There are no perfect solutions.
A while ago, I read here that Eset's solutions were complaining about its move to the cloud. And then someone else will come along and say that the cloud is the best thing today and the future, like AI.

BD also works in the cloud, but not completely. In fact, BD seems to have almost all the technologies available today, but none are leading. Unless I'm mistaken.
Someone may laugh at Bufdefender, but it is still the most solid, if not currently the best, threat protection package.

However, I have a question for those who have more experience. Let's say I'm in the field with a laptop (not at home on Wi-Fi) and have internet access via a cellular network (which doesn't always mean stability or speed, as it's wireless, with varying coverage, etc.). I have cloud-based AV. I run a file on my computer that's some new virus. So what happens? My internet connection is slow, so how will a cloud-based AV handle the threat? The internet is slow, pages barely open in the browser, etc., so how will cloud-based AV protect me if it has trouble "sending" to the cloud or "querying" the cloud?

 

[Trident]

However, I have a question for those who have more experience. Let's say I'm in the field with a laptop (not at home on Wi-Fi) and have internet access via a cellular network (which doesn't always mean stability or speed, as it's wireless, with varying coverage, etc.). I have cloud-based AV

That’s a very wrong understanding of cloud-based AVs. People think day and night the solution communicates to the cloud server and can’t operate without it. This is not true.

According to Trend Micro, the local patterns produce 80% of detections (if they lie that’s on them) and the cloud connection only accounts for the remaining 20%.

In the case of McAfee, there is even more local intelligence. McAfee uses local anomaly and trust detection, local machine learning models and local yara rules, in addition to its generic detections. According to McAfee/Trellix, The ENS when GTI and RealProtect are set in highest/most aggressive modes, can establish around 20 cloud lookups daily.

In any case, the lookup submits 2-3 KB to the company.

If you can download a file, then the cloud AV can certainly perform its lookup.

Without internet connection, your massive set if signatures will quickly become outdated too. Majority of Bitdefender definitions detect malware post-factum, by the time Bitdefender creates a signature, the attackers already don’t remember this variant anymore.
They are pushing these hourly updates not just to stay busy, they do it because they need it.

 

[IceMan7]

That’s a very wrong understanding of cloud-based AVs. People think day and night the solution communicates to the cloud server and can’t operate without it. This is not true.

Exactly. I asked this question specifically because it's better to have it written by someone who's delved into all the techniques than by some layman. Thanks for the answer.

If you can download a file, then the cloud AV can certainly perform its lookup.

That's what I wrote. I'm not downloading the file because I have a poor connection. I have the file on a flash drive, for example, and it's some program that's a new, undefined virus. My laptop didn't recognize it before. My AV didn't either. He probably first "fights" the file on his device without the cloud with what he has, and then sends a query to the cloud.. Sure, it's 2-3 KB, but a disconnection is enough. So what happens then? The file is running, but the AV doesn't connect to the database?
Of course, this is all just a theory or an example straight out of science fiction, but... well, there's always a but

I remember when I had Eset, and their Live Guard (that's what their cloud service is called, if I remember correctly) worked so that when I downloaded something to my hard drive from the network, it blocked the file. It would tell me it was uploading to the cloud and the file was blocked. Only after about a minute or so would I get feedback from their cloud that the file was clean. But that was on a constant 1Gb/s connection.

 

[Trident]

Exactly. I asked this question specifically because it's better to have it written by someone who's delved into all the techniques than by some layman. Thanks for the answer.

That's what I wrote. I'm not downloading the file because I have a poor connection. I have the file on a flash drive, for example, and it's some program that's a new, undefined virus. My laptop didn't recognize it before. My AV didn't either. So it probably "fights" the file first on its cloud-based device, and then queries the cloud. Sure, it's 2-3 KB, but a disconnection is enough. So what happens then? The file is running, but the AV doesn't connect to the database?

You have several options. You can decide not to use flash drives, or you can use content that you know is safe. Or you can do a quick hotspot from your phone. Pretty much anywhere you go nowadays, and it makes sense using a laptop, there is wi-fi.

Unless you are going in the middle of Sahara to fire up your laptop and start executing questionable files (also zero-days) on it.

And again, you missed the point that perhaps wasn’t convenient for you to address. How will Bitdefender detect the malware without internet, when it misses one update every 40-50 minutes?

Btw the Eset cloud emulation is not what McAfee and Trend Micro use. There is an equivalent from ZoneAlarm/Check Point, Crowdstrike and so on.
There is a very shabby implementation by Avast too, Cyber Capture.

Trend Micro and McAfee do not upload whole files for emulation.

 

[IceMan7]

You have several options. You can decide not to use flash drives, or you can use content that you know is safe. Or you can do a quick hotspot from your phone. Pretty much anywhere you go nowadays, and it makes sense using a laptop, there is wi-fi.

Unless you are going in the middle of Sahara to fire up your laptop and start executing questionable files (also zero-days) on it.

Well, nothing is perfect in this world. We all know that on-demand scanning doesn't always detect a virus. Often, it only happens when the file is launched.
You might also have it in an email you downloaded from a friend who isn't even aware they're spreading the virus. And your AV won't detect it during the scan. You have the file on your hard drive, and you only find out it's a virus when you launch it.

In an ideal world, you have internet access everywhere. But in an imperfect world, outdoors, on vacation by the lake, etc., you don't always get good cellular coverage.
And here it may turn out that ESET with signatures, or another program that implements its main protection mechanisms without relying primarily on the cloud, may be a safer solution.
Of course, this is an extreme example. But my point is that there are no perfect solutions. Cloud-based AV, despite being lightweight on the system, also has its drawbacks.
The perfect AV is a combination of all techniques – signatures, machine learning, heuristics, cloud, and other techniques they're working on.

Thanks for the conversation.

 

[Trident]

The perfect AV is a combination of all techniques – signatures, machine learning, heuristics, cloud, and other techniques they're working on.

They all use all techniques. Last but not least, any NGAV has ransomware remediation (or whatever one wants to call it). This can handle ransomware offline. An infostealer/RAT is useless offline too.

In the end, everything is matter of personal choice.

Signatures need updating too.

 

[IceMan7]

They all use all techniques. Last but not least, any NGAV has ransomware remediation (or whatever one wants to call it). This can handle ransomware offline. An infostealer/RAT is useless offline too.

BD is probably not NGAV and it also has this technique

Well, maybe they do, but not all of them work.
BD with its ATC has long proven that it works for them. It's not without reason that it's been at the forefront or a leader in all kinds of tests for years. Even without internet, BD is much more likely to protect you than cloud-based AV.
Someone already wrote about this on the forum. BD turns your computer into a virtual machine, which is why it takes up so much RAM. And when there were topics comparing ESET to BD, I always read here that ESET without signatures is weak. BD doesn't need signatures as much because thanks to ATC, it's very effective.
Unless those statements were just misguided and misleading.
If so, then it's finally worth debunking all the myths.

I'd like @Shadowra to do a comparative test.: BD, ESET, McAfee, Avast/Norton (same engine here) and see which school is currently better. Has McAfee actually made up for the losses (because the review you wrote about their technologies is incredibly interesting? Is Avast currently as good as they say? Are BD and Eset still top of the list? Etc.
They could also implement an AV test when there's no internet connection. That could be interesting

 

[Trident]

Bitdefender Active Threat Control is very effective without a doubt, but Bitdefender, according to patents which I can send you (if you are interested, I am not sure how deep you wanna go) relies on reputation (just like the Photon optimisation). So Bitdefender verifies all detections in the cloud for false positives and also uses different profiles and classifiers, depending on how reputable the file is.

So ATC is still <somewhat> dependant on the cloud, it is not one-shot solution. Furthermore, you can look at the downloaded files and see how often BD updates the ATC (which includes classification and capturing of behaviour). So in any case, to keep ATC in top shape, you will need to be connected.

It’s the same with Symantec SONAR, the Avast behavioural blocking and many other behavioural blockers. They do have some local abilities, but to an extent, they need the cloud.

Eset, yes, they rely mainly on signatures. It is very weak, when you don’t download the updates, it will gradually get weaker.

Trend Micro (like many others) updates their behavioural blocking file on daily basis. Trend Micro uses cloud (PML) only on untrusted processes, for the rest, it uses the local policies (split across various patterns).

McAfee locally has generic detections, yara rules, trust repository and 4 machine learning models (for executables, modules, office documents and scripts).
McAfee behavioural blocking is mostly based on local intelligence (they contain LS, the online detections contain HT). These models perform pre and post execution analysis.

So in essence, McAfee is better equipped than Trend.

 

[cartaphilus]

I bought one of those new 56k modems, the high speed one. That fixed it for me.

K56Flex or Bust!

 

[IceMan7]

Bitdefender Active Threat Control is very effective without a doubt, but Bitdefender, according to patents which I can send you (if you are interested, I am not sure how deep you wanna go) relies on reputation (just like the Photon optimisation). So Bitdefender verifies all detections in the cloud for false positives and also uses different profiles and classifiers, depending on how reputable the file is.
So ATC is still <somewhat> dependant on the cloud, it is not one-shot solution. Furthermore, you can look at the downloaded files and see how often BD updates the ATC (which includes classification and capturing of behaviour). So in any case, to keep ATC in top shape, you will need to be connected.

If you can, send it to me via PM. I'll read it Thanks in advance

Of course. That's what updates are for. But from what I can read online, BD, at least theoretically, should handle even outdated ATCs better than any cloud-based antivirus system without internet access.

So in essence, McAfee is better equipped than Trend.

I agree. I don't trust Trend Micro. I've seen too many tests where Trend Micro failed.

Overall, of all the AV products I've used, I was most satisfied with Fsecure. It's a shame that project fell through ;( Now it's basically Avira, so everything that was Fsecure's strengths has faded into oblivion.

 

[IceMan7]

@simmerskool
One more thing, because I forgot. After about 10 days, I ran an on-demand scan of the entire system every day for about five days. I ran the scan in the background and, for example, watched a series on HBO or Prime Video. Today, a full scan (with settings at maximum) of over 1.26 million files took me less than 25 minutes.

However, I believe (and this applies not only to Bitdefender) that stuffing system optimizers, password managers, VPNs, and other gadgets into an AV suite is nonsense and a bad trend. AV is AV. There's other software for other things.

 

[cartaphilus]

@simmerskool
One more thing, because I forgot. After about 10 days, I ran an on-demand scan of the entire system every day for about five days. I ran the scan in the background and, for example, watched a series on HBO or Prime Video. Today, a full scan (with settings at maximum) of over 1.26 million files took me less than 25 minutes.

However, I believe (and this applies not only to Bitdefender) that stuffing system optimizers, password managers, VPNs, and other gadgets into an AV suite is nonsense and a bad trend. AV is AV. There's other software for other things.

WAIT A MINUTE!!!!! ARE YOU! Telling me that having every AV solution add ID and Credit Monitoring to their suite is not a good thing?!!! Well I never! Who wouldn't want some flight by night lowest bidder ID&Credit Monitoring solution?!!! I always love to provide all of my PII details to a 3rd party vendor! This goes triple for folks who don't live in the US and have no USE for such silly things as ID and Credit monitoring since their nation actually cares about your privacy.

 

[Trident]

Real people with real life, real money and real problems may enjoy the credit monitoring. I personally enjoy the level of depth Norton Credit monitoring provides (I haven’t got the McAfee one to judge).

Norton alerts to me to all transactions from my bank accounts and on the credit file, I can see the smallest details (such as a soft search).

The credit monitoring has got nothing to do with privacy and governments, by monitoring your credit file you can spot misuse of your information, that can cost you a lot of money.

And btw, the credit monitoring agencies already have all this information. It’s not you providing information to them, it’s the other way around
—they know more than you do and they are telling you.

 

[IceMan7]

If something is perfect for everything, it's perfect for nothing. If a company specializes in AV solutions, it won't be equally good at optimization programs, VPNs, password managers, etc.
Which AV solution has a good, reliable VPN, and its own VPN? Is it Fsecure, for example, the only one that has its own? And most AVs use solutions they "purchase" from others.. And most of them are mediocre VPN solutions or don't care about your data.
A password manager is Proton Pass, Bitwarden, 1Password, Keepass, etc., not just some AV with that added bonus. System optimization programs are also better on the market than some solution forced into an AV suite.