Battle Emsisoft vs. Eset Internet Security vs. BitDefender Total Security vs. F-Secure Safe (2020)

Compare list
BitDefender Total Security
F - Secure Safe!
Emsisoft Anti - Malware
Eset Internet Security
In-depth Comparison









Wraith2020

Level 2
Mar 19, 2020
89
Effective puppy detection is done when the option, enable detection of potentially unsafe programs, is enabled. Which is not requested during installation,
I wouldn't recommend you to turn on detection of unsafe applications. It flags many legitimate applications as unsafe. That's why it's disabled at default. But truth be told ESET is a suite I'd never run default. There's tons of options that can be used to improve their protection (Firewall, Advanced DNA, custom HIPS rules). You'll find many guides here at MT. If you can configure ESET HIPS well enough(Interactive Mode) it can lockdown your PC against any infection. But sadly it can only be used in static systems. For a regular home user, the HIPS is too much trouble since it isn't smart. A general user is much more likely to throw the PC out of the window after enabling the interactive HIPS. :geek:
 

SeriousHoax

Level 47
Well-known
Mar 16, 2019
3,630
Advanced DNA
Actually there's no need to enable this setting for Real world protection. Advanced heuristics always works by default on execution and static scans. It's not necessary for Real world protection. Keeping it off is also better for performance though no negative impact is noticeable. ESET is also perfectly fine in default settings for average users. Only semi advanced/advanced users would play with HIPS. Since ESET is less cloud dependent and would already detect almost 100% threats by signatures, HIPS becomes even less important for an average user. Just if he/she never turns off the real time protection, would be protected.
 

JB007

Level 26
Verified
Top Poster
Well-known
May 19, 2016
1,574
I remember it being unable to delete an EICAR file I downloaded
Hello,
I think it is for compressed files:unsure:
FS1.PNGFS2.PNGFS3.PNGFS4.PNGFS5.PNGFS6.PNGFS7.PNG

But when you try to decompress the file, F-Secure SAFE catched it:
FS8.PNG
 

blackice

Level 38
Verified
Top Poster
Well-known
Apr 1, 2019
2,730
I wouldn't recommend you to turn on detection of unsafe applications. It flags many legitimate applications as unsafe. That's why it's disabled at default. But truth be told ESET is a suite I'd never run default. There's tons of options that can be used to improve their protection (Firewall, Advanced DNA, custom HIPS rules). You'll find many guides here at MT. If you can configure ESET HIPS well enough(Interactive Mode) it can lockdown your PC against any infection. But sadly it can only be used in static systems. For a regular home user, the HIPS is too much trouble since it isn't smart. A general user is much more likely to throw the PC out of the window after enabling the interactive HIPS. :geek:
@SeriousHoax tests ESET at default and it outperforms suites with BBs half the time. They are the fastest with their signatures. Also, I’ve always turned on PUA detection and never had a hit. If you don’t run uncommon software it’s probably okay to turn on.
 

blackice

Level 38
Verified
Top Poster
Well-known
Apr 1, 2019
2,730
I would say BD has a more user friendly firewall. And it’s easier to just install and forget. Their BB definitely does a good job, and their web filtering may be the best. But ESET has great web filtering as well, and supports TLS 1.3 if you like https scanning. They have a more configurable firewall, but creating rules in ESET is time consuming because it’s so comprehensive and generally I don’t even find it worth the time it takes.
 
Last edited:

MacDefender

Level 16
Verified
Top Poster
Oct 13, 2019
779
Perhaps instead of "zero day" we should say "emerging threats". If we are talking about a true zero day, like if one day I snapped and went underground to write my own real malware, I would say ESET would stand almost no chance in detecting that. Their advanced heuristics are still not very advanced. I have a simple binary that just uses 10 lines of C# to get My Documents, loop through each document, and call .NET's crypto APIs to encrypt the file with a randomly generated key. It then uses the RIPlace exploit to delete the original file. This is Reverse Engineering 101, anyone can look at the MSIL disassembly of that and understand exactly what it does. But ESET's heuristic scanner thinks it's clean. In fact only one AI engine detects it: VirusTotal

So based off this, I honestly believe ESET would fail at a true zero day, novel malware not based off anything existing. You can certainly use ML/AI techniques, heuristics, or sandboxing to detect a threat like this statically. But I'm not seeing ANY Examples of this happening in the real world.


The technique that reliably blocks this kind of behavior is a behavior blocker or protected folders. BitDefender, Emsisoft, F-Secure, and Kaspersky (just to name a few) are amongst the AVs I've tested that successfully block this binary at runtime. But the flipside is that there are still ways to defeat behavior blockers too.
 

MacDefender

Level 16
Verified
Top Poster
Oct 13, 2019
779
I agree this would be helpful to our discussions, but jargon is hard to change.

I completely agree. In summary, in my opinion:

"ESET, as it is today, sucks at completely novel, never-before-seen malware": True statement
"ESET sucks at detecting newly emerging, in the wild ransomware/malware": False. It scores nearly 100% detection of the malware our community has been able to locate, usually as a "Variant of ______" or sometimes rarely a ML/Augur machine learning detection.
"BitDefender signatures sucks at completely novel malware": True
"Bitdefender signatures suck at new in the wild ransomware/malware": More or less also true. In the MalwareHub their signatures sometimes score less than 50%, and rarely ever score acceptably at newer variants. It sometimes takes them multiple days or longer to add signature detection for these, significantly slower than competitors.
"BitDefender and BD engine based products provide excellent protection overall for both completely novel and new variants of malware": True, mainly because almost all of these products rely on a good behavior blocker to complement the BD sigs.

In the end, for real world protection against threats you are likely to encounter, BD and ESET are neck in neck competitive. ESET just does it almost purely statically, while BD and BD-based products do so half statically and half dynamically.
 

fabiobr

Level 12
Verified
Top Poster
Well-known
Mar 28, 2019
561
Back then, I believe SEP was one of the first to implement advanced cleanup and it did a fairly acceptable job.
Funny thing is that Symantec was the first of doing many things and being innovative years ago (2008/2009), but ended up this way we see today.

File reputation system (File insight), behavior blocker (SONAR), advanced disinfection (Power Eraser), etc. Kasperksy only got SW we see today in 2011/2012, Symantec was the first in mainstream talking about behavior blocker and doing a huge cloud database protection system.

Hope NortonLifeLock now can continue with that.
 
Last edited:

MacDefender

Level 16
Verified
Top Poster
Oct 13, 2019
779
Funny thing is that Symantec was the first of doing many things and being innovative years ago (2008/2009), but ended up this way we see today.

File reputation system (File insight), behavior blocker (SONAR), advanced disinfection (Power Eraser), etc. Kasperksy only got SW we see today in 2011/2012, Symantec was the first in mainstream talking about behavior blocker and doing a huge cloud database protection system.

Hope NortonLifeLock now can continue with that.

Yeah it's really funny, Symantec/Norton went through those phases where they pioneered breakthroughs and then took a breather. Back in the late 90's with BloodHound they were also one of the best heuristic engines.

As you mentioned, SONAR and the File Insight system pretty much pioneered today's era of cloud AVs. Their security suites pioneered integrating antivirus with intrusion prevention network signatures. I believe they were also one of the first with the concept of automatic outbound firewall rules, where trustworthy apps did not trigger firewall prompts (ugh remember the days of ZoneAlarm when you had to say yes to like the 20 different ways Internet Explorer could be launched and trying to access the Internet?)

During the era where their suite was heavy, they did a lot of work to lighten it up -- IIRC it was like a 1 minute install time without a reboot. I also hope that NortonLifeLock and the new Symantec owners really keep up. I am worried that it's yet another acquire-and-spit-out business move.

At any rate, Kaspersky seems to have picked and chosen a lot of the winning ideas from the industry and makes them better -- the notion of instant cloud intelligence that transforms one person's behavior blocker detection into the next person's static detection is pretty darn cool. Their execution is generally good too in terms of having the default settings be appropriate for the majority of users. And I've yet to see their firewall get in my way, which is quite refreshing.
 

Mahesh Sudula

Level 17
Verified
Top Poster
Well-known
Sep 3, 2017
818
They also are no good at disinfection. You can use something like Kaspersky or Norton on an already-infected machine and they have complex disinfection rules that can clean up an existing adware/malware infestation. Kaspersky can roll back some zero-day malware.

F-Secure's best at just blocking executing or terminating a running process. If the infection goes beyond that before F-Secure can stop it, you're going to need a secondary cleanup tool. Also, as mentioned, the static scanner sometimes just refuses to delete or remove files. I suspect it's sometimes based off their confidence (whether it's known bad or just suspicious) but their UI doesn't portray that in a clear way. It's just sometimes there's files that it detected but it didn't remove or clean anyway.

Personally I don't put high value in disinfection and cleaning -- I don't intend on getting my machine infected, and if my AV ever detects something surprising, that is going to draw a lot of extra scrutiny from me (if not just a complete nuke and restore from backup). I'm more than happy to manually do the task of cleanup as long as it can do the task of realtime detection.
He pointed out exact where F secure fails..Terrible clean up ability @ unknown malwares..weakness against scripts .
Signatures are solid..thanks to Avira ..Great offline Detection and protection..Avira is known for its signatures afterall.

Bit defender is all rounder..Though signatures are slightly weak now a days..but they compensate with ATC..Very good clean up and disinfection..Rollback mechanism.Strong and Sturdy Web level Protection.

Eset - No comments on this vendor..they are still @ Static signatures..Once bypassed the system is infectd.
Lack of Behavior proactive module..Strong dependency on signatures..sort of make this unrecommendable..Very poor Unknown malware Clean up and Prevention.

I have given my insight from HUB TESTER view.. how evr this not impact all the users (HOME) using above product...
Pointed out flaws as per my experience.
 
Last edited:

XLR8R

Level 4
Jan 20, 2020
164
MacDefender said:
Back in the late 90's with BloodHound they were also one of the best heuristic engines.

They may be good, but there were arguably better engines even back then - NOD32, Kaspersky (AVP 3.5), Dr. Web.

MacDefender said:
SONAR and the File Insight system pretty much pioneered today's era of cloud AVs.

The first mention of behaviour based detection was actually PrevX and CyberHawk (Threatfire) way back when. Of course, you had a very rudimentary form in the name of B-HAVE from BitDefender, which was more of an advanced heuristics system. In fact, a lot of AVs had proper generic unpackers and wider filetype support than Norton in the early 2000s. Norton got some good technology out of PC Tools, and their detection rates were great until the day they shut down PC Tools. After that, they've been on a constant slide down, layoff after layoff, trying to get thin while automating the entire detection process, handing off product development to teams in developing countries, the works.

I think Norton has only been great between 2007 and 2010 and after that they have been going downhill. I had anticipated that Symantec would eventually sell part of itself because they just did not display the will to keep up technologically anymore. I also think that either one of Symantec or Norton LifeLock will end up using a 3rd party or self developed AV engine.

On the plus side, their firewall has always been robust, and Norton Utilities is still good. That's where they should have put their focus IMHO.
 

MacDefender

Level 16
Verified
Top Poster
Oct 13, 2019
779
I think Norton has only been great between 2007 and 2010 and after that they have been going downhill. I had anticipated that Symantec would eventually sell part of itself because they just did not display the will to keep up technologically anymore. I also think that either one of Symantec or Norton LifeLock will end up using a 3rd party or self developed AV engine.

I agree. You make a good point about PC tools and Norton Utilities and how those were great products at the time, but honestly once Microsoft started taking their own interest in the reliability and self-maintenance of their OS on top of the Windows NT architecture, those products started losing their place.

I do agree that around 2007-2010 with the rebirth of the light Norton products, they were at their peak, and at this point they're just using what momentum they've built up before they inevitably run out of steam.

At the end of the day, I can't criticize Norton right now -- it's still a well rounded performer. It's just not a product I can get excited about.
 

Alyssonn

New Member
Oct 1, 2019
3
My order of preference at this point is:

1. F-Secure SAFE
2. ESET (but preferably NOD32)
3. Emsisoft AM
4. Bitdefender TS

[..]

The F-Secure: excellent browser protection, fully dependent bitdefender subscriptions with reasonable detection rates (weak with PUP), an aggressive Hips with many false positives.

Emsisoft: reasonable navigation protection, signatures on the Bitdefender + Emsisoft set with excellent detection rates (excellent with PUP), excellent behavior blocker and currently with few false positives.

Btdefender: excellent browsing protection, reasonable signatures (weak with PUP), weak behavior blocker.

Eset: I can't say.

My choice: Emsisoft.

Reason: excellent signatures, very good Emsisoft engine against PUP, excellent behavior blocking with few false positives, weak web filter against phishing, but I make use of Bitdefender extension which is good against phishing.

I focused on the essentials for antivirus, use windscribe firewall 60 GB and make use of VoodooShield as well.
--------------------------------------------------------------
Moderator edit: Translated text with Bing Translator.
 
Last edited by a moderator:
  • +Reputation
Reactions: oldschool

MacDefender

Level 16
Verified
Top Poster
Oct 13, 2019
779
F-Secure has actually moved from Bitdefender to Avira.

They've also seemingly reigned in their HIPS false positives (DeepGuard) extensively, perhaps a little too much as it's slightly affecting their dynamic protection (though it's still quite good overall). Honestly, IME, Emsisoft's BB is more trigger-happy and relies a lot on cloud whitelisting. Hex-edit a byte of most complicated EXEs and it'll be unhappy.
 

vonvon

Level 2
Verified
Nov 25, 2014
88
Old times !
Mamutu was written by M. Haas if I remember, and was the motor of A squared (A2).
It's the second motor of EmsiSoft (by Christian Macler), with Bit Defender.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top