Hello,
help me decide between these AV. I need full protection + friendly for RAM and CPU... Thank you.
help me decide between these AV. I need full protection + friendly for RAM and CPU... Thank you.
Emsisoft vs. Eset Internet Security vs. BitDefender Total Security vs. F-Secure Safe (2020)
- Thread starter Chausko
- Start date
Maybe not for you, but It matters for the OP.
Indeed, what makes the real difference is the time of the signature release. And usually ESET is the fastest.
@Umbra was not talking about how often they release new signatures, but how quickly they add signatures for new malware. Lately, Bitdefender has often been slow at adding signatures for 0 day malware.
Exact , sorry if my wording was not clear enough, after all i'm not English native.
- Jan 9, 2017
- 246
Wich one has a better Behavior blocker,
Emsisoft or F-secure??
Emsisoft or F-secure??
Hard to say, both are absolutely elites
My order of preference at this point is:
1. F-Secure SAFE
2. ESET (but preferably NOD32)
3. Emsisoft AM
4. Bitdefender TS
Between F-Secure and ESET, they excel at different things. F-Secure has decent signatures and an excellent behavior blocker for zero-days and custom/targeted malware. If a program does something sketchy on your machine, you can expect F-Secure DeepGuard to raise a fit, regardless of whether it's similar to or a variant of an existing malware. ESET on the other hand excels at signature detection (it's arguably the most comprehensive and fastest reacting), but if anything gets past its signatures, you are basically screwed. Its HIPS (behavior blocker) component works a bit unusually and is nowhere near as reactive as other products that have such a feature. But that also makes it somewhat lighter on resources when executing unknown binaries and less susceptible to false positives, but in practice I find that F-Secure and ESET are similarly light.
These are the two that I alternate between the most. I have to say, I strongly dislike ESET's firewall. It has gotten in the way of a ton of things -- Miracast display mirroring, SONOS speaker discovery, etc. Its "troubleshooting wizard" isn't super helpful, it tells you stuff like "Svchost was blocked 100 times in the last 15 minutes" and offers to auto-fix but the auto-fix writes specific and borderline nonsensical rules. Not very intelligent. If you understand networking and are good at configuring a firewall, this isn't a problem, but for the average user, I think the firewall component is superfluous. I usually run my ESET as NOD32 even though I bought the Internet Security package. Also, ESET does some really stupid things too like a startup scan on every reboot (that thing burned 20% of my laptop's battery life before I caught it, leaving me with a dead battery on my flight home). The settings UI is simply daunting and I frequently spend days getting it tweaked correctly. It also intercepts and re-signs HTTPS by default, which is controversial (some love it, others hate it).
Emsi and BitDefender I kind of group together. They use the same set of base signatures but Emsisoft adds on top a great behavior blocker as well as a second engine that's focused on PUAs. Emsisoft does pretty well but its main weakness is that BitDefender signatures seem to be getting worse and worse over time. These days in the Malware Hub it seems to rarely detect more than 50% of zero days via signatures, while ESET can manage 90+% fairly consistently.
BitDefender's store seems super aggressive at auto-renew and requires lengthy waits for a human to process customer service requests like cancelling renewals. Emsisoft rarely goes on sale and that makes it poor bang-for-the-buck, and sometimes its behavior blocker is simply too sensitive. I've had the most false positives with Emsisoft's behavior blocker, and I've also had a lot of 2 minute long hangs from right clicking things on network mounts when Emsisoft is enabled.
Overall my preference is towards F-Secure. It simply works great out of the box and I rarely even need to go into the preferences. @harlan4096 has been running malware hub tests of F-Secure for a few months now and I am fairly happy with how it performed. ESET's static protection is much better and ESET's overall protection rate in the hub is also arguably slightly better than F-Secure, but the little bits of awkwardness around it makes it a slightly worse choice for me.
However, if you frequently want to use on-demand scanning (E.g. right clicking a folder and scanning it) rather than relying on on-execution scanning, then definitely ESET. F-Secure's AVIRA engine is okay but it catches a lot more stuff via DeepGuard and cloud protection when you actually execute something compared to just asking for it to be scanned ahead of time.
EDIT: To more directly address Emsi vs F-Secure's behavior blocker: I would say Emsi's is slightly better at blocking malware -- they are the original behavior blocker and continue to show that they care about this form of protection. But F-Secure's DeepGuard has almost no false positives these days while providing more or less similar protection. Emsisoft's has far more false positives that are addressed through whitelisting specific hashes, which results in more situations where a brand new update (or nightly build or private beta) to something like Firefox or VMWare Workstation would result in Emsisoft calling it malware-like behavior.
1. F-Secure SAFE
2. ESET (but preferably NOD32)
3. Emsisoft AM
4. Bitdefender TS
Between F-Secure and ESET, they excel at different things. F-Secure has decent signatures and an excellent behavior blocker for zero-days and custom/targeted malware. If a program does something sketchy on your machine, you can expect F-Secure DeepGuard to raise a fit, regardless of whether it's similar to or a variant of an existing malware. ESET on the other hand excels at signature detection (it's arguably the most comprehensive and fastest reacting), but if anything gets past its signatures, you are basically screwed. Its HIPS (behavior blocker) component works a bit unusually and is nowhere near as reactive as other products that have such a feature. But that also makes it somewhat lighter on resources when executing unknown binaries and less susceptible to false positives, but in practice I find that F-Secure and ESET are similarly light.
These are the two that I alternate between the most. I have to say, I strongly dislike ESET's firewall. It has gotten in the way of a ton of things -- Miracast display mirroring, SONOS speaker discovery, etc. Its "troubleshooting wizard" isn't super helpful, it tells you stuff like "Svchost was blocked 100 times in the last 15 minutes" and offers to auto-fix but the auto-fix writes specific and borderline nonsensical rules. Not very intelligent. If you understand networking and are good at configuring a firewall, this isn't a problem, but for the average user, I think the firewall component is superfluous. I usually run my ESET as NOD32 even though I bought the Internet Security package. Also, ESET does some really stupid things too like a startup scan on every reboot (that thing burned 20% of my laptop's battery life before I caught it, leaving me with a dead battery on my flight home). The settings UI is simply daunting and I frequently spend days getting it tweaked correctly. It also intercepts and re-signs HTTPS by default, which is controversial (some love it, others hate it).
Emsi and BitDefender I kind of group together. They use the same set of base signatures but Emsisoft adds on top a great behavior blocker as well as a second engine that's focused on PUAs. Emsisoft does pretty well but its main weakness is that BitDefender signatures seem to be getting worse and worse over time. These days in the Malware Hub it seems to rarely detect more than 50% of zero days via signatures, while ESET can manage 90+% fairly consistently.
BitDefender's store seems super aggressive at auto-renew and requires lengthy waits for a human to process customer service requests like cancelling renewals. Emsisoft rarely goes on sale and that makes it poor bang-for-the-buck, and sometimes its behavior blocker is simply too sensitive. I've had the most false positives with Emsisoft's behavior blocker, and I've also had a lot of 2 minute long hangs from right clicking things on network mounts when Emsisoft is enabled.
Overall my preference is towards F-Secure. It simply works great out of the box and I rarely even need to go into the preferences. @harlan4096 has been running malware hub tests of F-Secure for a few months now and I am fairly happy with how it performed. ESET's static protection is much better and ESET's overall protection rate in the hub is also arguably slightly better than F-Secure, but the little bits of awkwardness around it makes it a slightly worse choice for me.
However, if you frequently want to use on-demand scanning (E.g. right clicking a folder and scanning it) rather than relying on on-execution scanning, then definitely ESET. F-Secure's AVIRA engine is okay but it catches a lot more stuff via DeepGuard and cloud protection when you actually execute something compared to just asking for it to be scanned ahead of time.
EDIT: To more directly address Emsi vs F-Secure's behavior blocker: I would say Emsi's is slightly better at blocking malware -- they are the original behavior blocker and continue to show that they care about this form of protection. But F-Secure's DeepGuard has almost no false positives these days while providing more or less similar protection. Emsisoft's has far more false positives that are addressed through whitelisting specific hashes, which results in more situations where a brand new update (or nightly build or private beta) to something like Firefox or VMWare Workstation would result in Emsisoft calling it malware-like behavior.
Last edited:
- Apr 28, 2015
- 8,905
@MacDefender, the only drawback I found during these weeks of testing in F-Secure is with some scripts whose payloads are not a PE/exe file, in this cases DeepGuard can't stop the script...
They are good all of them but there is a player there is always a tiny bit better(AV-Tests) it is off course Bitdefender Total Security. 
- Jan 9, 2017
- 246
Unfortunately, i think Emsisoft is struggling with this problem too nowdays
- May 14, 2019
- 116
1. ESET
2. F-Secure
3. Emsisoft
4. Bitdefender
2. F-Secure
3. Emsisoft
4. Bitdefender
Yep I agree with this.
The way you defeat DeepGuard is you basically get a moderately well known scriptable process to do your dirty work for you.
One example in the wild is you just download a copy of Node.js and then have your ransom encrypting done via JavaScript. The interpreter is whitelisted and DeepGuard doesn't pay attention to what it's doing.
I've got another local test where I just used a build of 7zip and used the command line command to create encrypted zip files of the user's data and that also didn't seem to trigger DeepGuard.
I might prepare another MacDefender homebrew ransomware pack this week and see if the community can help us test. It does seem like it's a general flaw of behavior blockers that if you can convince them part of your payload is whitelisted, it creates a huge blind spot. I do want to see whose BB can deal with this. It shouldn't be hard to track a process tree and trace back to who exactly triggered a whitelisted thing to happen.
It's not mentioned but norton is still a very good suite despite it being sold out...
- Aug 22, 2014
- 286
- May 26, 2014
- 1,339
I am looking forward for your tests, maybe you could test Kaspersky 2020, I think it has one of the few behavior blockers without this blind spot.
- Sep 5, 2017
- 1,173
I will likely just distribute the test binaries to some testers -- I do like the transparency of having someone else other than the POC writer report the result. Please feel free to let me know offline what is the best way to get such samples to those who are willing to test.
- Mar 30, 2018
- 139
The fastest and most powerful protection I still find is Norton, then comes Kaspersky. But among the options you put, would choose Eset (lightweight, great signatures and firewall)
- Oct 11, 2014
- 317
Recently, I used GDATA
Strong behavior blocker, Strong Firewall , Dual Engine , Keylogger protection , WLAN Security password managerand more.
I have a high-spec laptop, I don't look at performance
But from this list I will choose BitDefender Total Security then ESET then F-secure then Emsisoft.
If you are interested in performance go with ُESET or McAfee.
Strong behavior blocker, Strong Firewall , Dual Engine , Keylogger protection , WLAN Security password managerand more.
I have a high-spec laptop, I don't look at performance
But from this list I will choose BitDefender Total Security then ESET then F-secure then Emsisoft.
If you are interested in performance go with ُESET or McAfee.
- Oct 11, 2014
- 317
Similar threads
