Hello,
help me decide between these AV. I need full protection + friendly for RAM and CPU... Thank you.
help me decide between these AV. I need full protection + friendly for RAM and CPU... Thank you.
Emsisoft vs. Eset Internet Security vs. BitDefender Total Security vs. F-Secure Safe (2020)
- Thread starter Chausko
- Start date
Wraith2020
Level 2
- Mar 19, 2020
- 89
I wouldn't recommend you to turn on detection of unsafe applications. It flags many legitimate applications as unsafe. That's why it's disabled at default. But truth be told ESET is a suite I'd never run default. There's tons of options that can be used to improve their protection (Firewall, Advanced DNA, custom HIPS rules). You'll find many guides here at MT. If you can configure ESET HIPS well enough(Interactive Mode) it can lockdown your PC against any infection. But sadly it can only be used in static systems. For a regular home user, the HIPS is too much trouble since it isn't smart. A general user is much more likely to throw the PC out of the window after enabling the interactive HIPS.
- Mar 16, 2019
- 3,868
Actually there's no need to enable this setting for Real world protection. Advanced heuristics always works by default on execution and static scans. It's not necessary for Real world protection. Keeping it off is also better for performance though no negative impact is noticeable. ESET is also perfectly fine in default settings for average users. Only semi advanced/advanced users would play with HIPS. Since ESET is less cloud dependent and would already detect almost 100% threats by signatures, HIPS becomes even less important for an average user. Just if he/she never turns off the real time protection, would be protected.
- May 19, 2016
- 1,581
Hello,
I think it is for compressed files
But when you try to decompress the file, F-Secure SAFE catched it:
- Apr 1, 2019
- 2,868
@SeriousHoax tests ESET at default and it outperforms suites with BBs half the time. They are the fastest with their signatures. Also, I’ve always turned on PUA detection and never had a hit. If you don’t run uncommon software it’s probably okay to turn on.I wouldn't recommend you to turn on detection of unsafe applications. It flags many legitimate applications as unsafe. That's why it's disabled at default. But truth be told ESET is a suite I'd never run default. There's tons of options that can be used to improve their protection (Firewall, Advanced DNA, custom HIPS rules). You'll find many guides here at MT. If you can configure ESET HIPS well enough(Interactive Mode) it can lockdown your PC against any infection. But sadly it can only be used in static systems. For a regular home user, the HIPS is too much trouble since it isn't smart. A general user is much more likely to throw the PC out of the window after enabling the interactive HIPS.
- Apr 1, 2019
- 2,868
I would say BD has a more user friendly firewall. And it’s easier to just install and forget. Their BB definitely does a good job, and their web filtering may be the best. But ESET has great web filtering as well, and supports TLS 1.3 if you like https scanning. They have a more configurable firewall, but creating rules in ESET is time consuming because it’s so comprehensive and generally I don’t even find it worth the time it takes.
Last edited:
Perhaps instead of "zero day" we should say "emerging threats". If we are talking about a true zero day, like if one day I snapped and went underground to write my own real malware, I would say ESET would stand almost no chance in detecting that. Their advanced heuristics are still not very advanced. I have a simple binary that just uses 10 lines of C# to get My Documents, loop through each document, and call .NET's crypto APIs to encrypt the file with a randomly generated key. It then uses the RIPlace exploit to delete the original file. This is Reverse Engineering 101, anyone can look at the MSIL disassembly of that and understand exactly what it does. But ESET's heuristic scanner thinks it's clean. In fact only one AI engine detects it: VirusTotal
So based off this, I honestly believe ESET would fail at a true zero day, novel malware not based off anything existing. You can certainly use ML/AI techniques, heuristics, or sandboxing to detect a threat like this statically. But I'm not seeing ANY Examples of this happening in the real world.
The technique that reliably blocks this kind of behavior is a behavior blocker or protected folders. BitDefender, Emsisoft, F-Secure, and Kaspersky (just to name a few) are amongst the AVs I've tested that successfully block this binary at runtime. But the flipside is that there are still ways to defeat behavior blockers too.
So based off this, I honestly believe ESET would fail at a true zero day, novel malware not based off anything existing. You can certainly use ML/AI techniques, heuristics, or sandboxing to detect a threat like this statically. But I'm not seeing ANY Examples of this happening in the real world.
The technique that reliably blocks this kind of behavior is a behavior blocker or protected folders. BitDefender, Emsisoft, F-Secure, and Kaspersky (just to name a few) are amongst the AVs I've tested that successfully block this binary at runtime. But the flipside is that there are still ways to defeat behavior blockers too.
- Apr 1, 2019
- 2,868
I agree this would be helpful to our discussions, but jargon is hard to change.
I completely agree. In summary, in my opinion:
"ESET, as it is today, sucks at completely novel, never-before-seen malware": True statement
"ESET sucks at detecting newly emerging, in the wild ransomware/malware": False. It scores nearly 100% detection of the malware our community has been able to locate, usually as a "Variant of ______" or sometimes rarely a ML/Augur machine learning detection.
"BitDefender signatures sucks at completely novel malware": True
"Bitdefender signatures suck at new in the wild ransomware/malware": More or less also true. In the MalwareHub their signatures sometimes score less than 50%, and rarely ever score acceptably at newer variants. It sometimes takes them multiple days or longer to add signature detection for these, significantly slower than competitors.
"BitDefender and BD engine based products provide excellent protection overall for both completely novel and new variants of malware": True, mainly because almost all of these products rely on a good behavior blocker to complement the BD sigs.
In the end, for real world protection against threats you are likely to encounter, BD and ESET are neck in neck competitive. ESET just does it almost purely statically, while BD and BD-based products do so half statically and half dynamically.
- Mar 28, 2019
- 569
Funny thing is that Symantec was the first of doing many things and being innovative years ago (2008/2009), but ended up this way we see today.
File reputation system (File insight), behavior blocker (SONAR), advanced disinfection (Power Eraser), etc. Kasperksy only got SW we see today in 2011/2012, Symantec was the first in mainstream talking about behavior blocker and doing a huge cloud database protection system.
Hope NortonLifeLock now can continue with that.
Last edited:
Yeah it's really funny, Symantec/Norton went through those phases where they pioneered breakthroughs and then took a breather. Back in the late 90's with BloodHound they were also one of the best heuristic engines.
As you mentioned, SONAR and the File Insight system pretty much pioneered today's era of cloud AVs. Their security suites pioneered integrating antivirus with intrusion prevention network signatures. I believe they were also one of the first with the concept of automatic outbound firewall rules, where trustworthy apps did not trigger firewall prompts (ugh remember the days of ZoneAlarm when you had to say yes to like the 20 different ways Internet Explorer could be launched and trying to access the Internet?)
During the era where their suite was heavy, they did a lot of work to lighten it up -- IIRC it was like a 1 minute install time without a reboot. I also hope that NortonLifeLock and the new Symantec owners really keep up. I am worried that it's yet another acquire-and-spit-out business move.
At any rate, Kaspersky seems to have picked and chosen a lot of the winning ideas from the industry and makes them better -- the notion of instant cloud intelligence that transforms one person's behavior blocker detection into the next person's static detection is pretty darn cool. Their execution is generally good too in terms of having the default settings be appropriate for the majority of users. And I've yet to see their firewall get in my way, which is quite refreshing.
- Sep 3, 2017
- 825
He pointed out exact where F secure fails..Terrible clean up ability @ unknown malwares..weakness against scripts .
Signatures are solid..thanks to Avira ..Great offline Detection and protection..Avira is known for its signatures afterall.
Bit defender is all rounder..Though signatures are slightly weak now a days..but they compensate with ATC..Very good clean up and disinfection..Rollback mechanism.Strong and Sturdy Web level Protection.
Eset - No comments on this vendor..they are still @ Static signatures..Once bypassed the system is infectd.
Lack of Behavior proactive module..Strong dependency on signatures..sort of make this unrecommendable..Very poor Unknown malware Clean up and Prevention.
I have given my insight from HUB TESTER view.. how evr this not impact all the users (HOME) using above product...
Pointed out flaws as per my experience.
Last edited:
MacDefender said:
They may be good, but there were arguably better engines even back then - NOD32, Kaspersky (AVP 3.5), Dr. Web.
MacDefender said:
The first mention of behaviour based detection was actually PrevX and CyberHawk (Threatfire) way back when. Of course, you had a very rudimentary form in the name of B-HAVE from BitDefender, which was more of an advanced heuristics system. In fact, a lot of AVs had proper generic unpackers and wider filetype support than Norton in the early 2000s. Norton got some good technology out of PC Tools, and their detection rates were great until the day they shut down PC Tools. After that, they've been on a constant slide down, layoff after layoff, trying to get thin while automating the entire detection process, handing off product development to teams in developing countries, the works.
I think Norton has only been great between 2007 and 2010 and after that they have been going downhill. I had anticipated that Symantec would eventually sell part of itself because they just did not display the will to keep up technologically anymore. I also think that either one of Symantec or Norton LifeLock will end up using a 3rd party or self developed AV engine.
On the plus side, their firewall has always been robust, and Norton Utilities is still good. That's where they should have put their focus IMHO.
F-Secure Safe, or BitDefender - I would not bother with the other two options. Based on ease of use and protection rates.
I agree. You make a good point about PC tools and Norton Utilities and how those were great products at the time, but honestly once Microsoft started taking their own interest in the reliability and self-maintenance of their OS on top of the Windows NT architecture, those products started losing their place.
I do agree that around 2007-2010 with the rebirth of the light Norton products, they were at their peak, and at this point they're just using what momentum they've built up before they inevitably run out of steam.
At the end of the day, I can't criticize Norton right now -- it's still a well rounded performer. It's just not a product I can get excited about.
The F-Secure: excellent browser protection, fully dependent bitdefender subscriptions with reasonable detection rates (weak with PUP), an aggressive Hips with many false positives.
Emsisoft: reasonable navigation protection, signatures on the Bitdefender + Emsisoft set with excellent detection rates (excellent with PUP), excellent behavior blocker and currently with few false positives.
Btdefender: excellent browsing protection, reasonable signatures (weak with PUP), weak behavior blocker.
Eset: I can't say.
My choice: Emsisoft.
Reason: excellent signatures, very good Emsisoft engine against PUP, excellent behavior blocking with few false positives, weak web filter against phishing, but I make use of Bitdefender extension which is good against phishing.
I focused on the essentials for antivirus, use windscribe firewall 60 GB and make use of VoodooShield as well.
--------------------------------------------------------------
Moderator edit: Translated text with Bing Translator.
Last edited by a moderator:
- Mar 16, 2019
- 3,868
F-Secure has actually moved from Bitdefender to Avira.
They've also seemingly reigned in their HIPS false positives (DeepGuard) extensively, perhaps a little too much as it's slightly affecting their dynamic protection (though it's still quite good overall). Honestly, IME, Emsisoft's BB is more trigger-happy and relies a lot on cloud whitelisting. Hex-edit a byte of most complicated EXEs and it'll be unhappy.
Similar threads
