F- Secure SAFE or Bitdefender Total Security 2019

  • Total voters
    47

omidomi

Level 69
Verified
Trusted
Malware Hunter
F-Secure for sure :)
no one love BugDefender , Due to some posts it seems that F-Secure will remove BD engine soon :)
If company(a) & (b) & N it dose not mean that BD is good Engine, it mean that BD want earn more money :D
In this Decade Well Respected AV companies Never Sell their Engines(Same as Symantec,Trend Micro,Fortinet,...)
and some advice to people , Be AWARE NO ONE CAN CALCULATED AV1 Detected MORE THAN AV2 because we can't "count" how many virus in their database :D
 

Local Host

Level 22
Verified
I would take F-Secure any day, the FPs haven't been a problem in a while, plus it's light.

BD on top of heavy on the resources, is a buggy mess (Russian roulette as you never know if it will work fine on your PC).

Just trial both and use whichever you like more.
 

Sunshine-boy

Level 27
Verified
Maybe F-secure is better for Government or Enterprise but for a home user like me, Bitdefender is a winner. BD has better BB, better cloud, better web filtering also a stand-alone firewall(very very important).
Bitdefender won't catch NSA malware(in theory)but NSA not gonna waste its malware on my machine(so BD will save me).
Eset, TrendMicro, Bitdefender, Microsft and many more are probably in bed with USA government but why would I care?
 
E

Eddie Morra

that's for sure kaspersky people knew that they can use the source code against them and their users
What about open-source projects? They aren't automatically insecure because they happen to be open-source. As long as the product isn't based around "security through obscurity" then there's not going to be an issue, and even if there is an issue with something, it will only be of importance if it can be easily attacked (e.g. a vulnerability isn't always going to be reachable for exploitation).

Companies will always be on the look-out for improving their work and making things harder to abuse, but there's almost always a way to abuse something in some shape-or-form, no matter what a company does. No one finding an issue with X doesn't mean there's truly no issues to be found either, it could be found a decade later. In the enterprise world, it's really about minimising potential attack vectors as much as possible and relying on the best that can be relied on at that current time (also within development deadlines and meeting finance budgets which can also effect the quality of work when it comes to stability/security).

Anyway, if the U.S government wanted to, they could spend resources reverse-engineering Kaspersky. No source-code is really required for the U.S government to look into how Kaspersky solutions work, but they'd have to hack Kaspersky to access anything which isn't stored locally (e.g. server-side stuff on Kaspersky servers).

being Av Tester in MT doesnt mean that you know more than ordinary users which might be a whole expert in cybersecurity themselves but just they didn't reach to Av Testers with a lot of experience! because of their posts is below 100.
This ^^

You've probably figured this one out by now, but this forum's Malware Hub doesn't follow AMTSO Standards, yet the testing organisation's which do follow AMTSO Standards will get bashed about on just about every thread they are mentioned on. I personally think that AMTSO Standards are a lot more effective.

"But oh noooo this YouTube review doesn't even know if X, Y and Z is malicious or if it is even doing anything... must be a miss! Oh noooo my favourite AV scored well in the MHub so this testing organisation are bribed bro!"

Continuing on from what you said yourself (not aimed at anyone specifically): nice badge bro, I now trust you're a real pro, all ya gotta do now is glue your face over-the-top of the following and you'll fit right in rofl...


 
Last edited by a moderator:
second largest, now tell me. which Company specialy cybersecurity one, is that stupid to lose its second largest market ? :D you are a guy who are active in a community which is almost all about cybersecurity stuff or at least AV industry. let me know who you think it's not dangerous to give away all you had all you did for years to make that source code unbreakable, to the US Agencies? for trust? how you can trust your own source code after that then? :D how your users can trust it? even if you did not give it away, doesn't change that you were going to do it.


Anyway, if the U.S government wanted to, they could spend resources reverse-engineering Kaspersky. No source-code is really required for the U.S government to look into how Kaspersky solutions work, but they'd have to hack Kaspersky to access anything which isn't stored locally (e.g. server-side stuff on Kaspersky servers).
interesting. one day i remember Mikko Hypponen in one his seminars said something like we cant stop the USA to break us they are gonna do it anyway if they want they can spend millions to find a way in. thats what you're sayin right? they can break it anyway, BUT here is what we can do. we can open the door for them ourselves like what Kaspersky were going to do, OR make it hard for them as much as possible. so there is different between this two. and it should matters for you IF you care about your online safety. and believe it or not. cyber wars will affect on you guys even when you are just an ordinary home user. war will not choose it's victims.

by the way, these are off-topic since topic is not about kaspersky.. if you want to discuss more you can PM me, lets keep the topic clean and simple
 
Last edited by a moderator:

Mahesh Sudula

Level 17
Verified
second largest, now tell me. which Company specialy cybersecurity one, is that stupid to lose its second largest market ? :D you are a guy who are active in a community which is almost all about cybersecurity stuff or at least AV industry. let me know who you think it's not dangerous to give away all you had all you did for years to make that source code unbreakable, to the US Agencies? for trust? how you can trust your own source code after that then? :D how your users can trust it? even if you did not give it away, doesn't change that you were going to do it.

If you are in a situation that is so constantly rigid and facing huge allegations from AROUND the globe for the crime you haven't commited personally or from fellow employees..then i will ask you the same Q and see the ans through your eyes.
Don't tag me further for these no tail Q
 

Mahesh Sudula

Level 17
Verified
If you are in a situation that is so constantly rigid and facing huge allegations from AROUND the globe for the crime you haven't commited personally or from fellow employees..then i will ask you the same Q and see the ans through your eyes.
Don't tag me further for these no tail Q
 
E

Eddie Morra

thats what you're sayin right? they can break it anyway, BUT here is what we can do. we can open the door for them ourselves like what Kaspersky were going to do, OR make it hard for them as much as possible
No, what I am saying is that anyone with a sufficient reverse-engineering skill-set can dig into how Kaspersky's local components work, but the web-based side would be more effort because one would have to breach them to access such (e.g. insider employee/s).

You can rely on static and dynamic reverse-engineering techniques to learn about how the solution works to accomplish certain things. Albeit, it could take a long time given Kaspersky is a large project (and depending on how much you're trying to find out), but it is definitely feasible if you are willing to spend the time to do it and already have a strong background in reverse-engineering.

For the U.S government, it'd be even easier, because they'll have access to a lot of resources when it comes to reverse-engineering... it wouldn't be just one noob in a room all alone doing it, it'd be a whole team potentially ranging anywhere between 40-100+ people focusing on different pieces of the software and working on conjunction with one another (e.g. if someone gets stuck and another person has experience on the aspect another is stuck on, then they can help them, and the games can continue), speeding up the whole process at an effective rate and reducing the time it might take individuals X, Y and Z of a whole year to 1-3 months with all of the resources and additional trained and experienced staff involved in the operation.

It would not be unrealistic to predict that if the U.S government wanted to do something like this, they could rely on other companies with strong backgrounds in reverse-engineering to put in some of their resources and help, making things even easier. And there's a lot of companies who collaborate with the U.S government or who get requested to assist the U.S government in things (sometimes they are not even based in the U.S) and it is why many companies recently started signing agreements with one another to vow not to help in anything cyber-attack related for a government.

Now, let's talk about what you can do when developing a product you do not want to be insecure to the U.S government.

  1. Follow safe programming practices to minimise the potential of exploitable vulnerabilities - even if you mess-up and make a mistake which would have traditionally been exploitable, using safe programming practices alone can completely block off that mistake from being exploitable.
  2. Avoid using undocumented or risky functionality which you can access over documented, popular, well-tested and reliable functionality (e.g. sometimes people think they know better and then use X, Y and Z which then suddenly gets changed out of no where and then screws up their whole product).
  3. Try and do things which would affect the integrity of the OS or other third-party software running on the machine as much as possible.
  4. Follow a proper Q&A system and make use of automated stress-testing attacks on your services (e.g. fuzzing, driver verifier, etc.).
  5. Get good in-house penetration testers employed or rely on reputable and skillful freelance ones to try and find problems and solve them on a consistent basis.
  6. Consult other professionals for improvement advice or alternate possibilities which are more secure when it comes to the underlying design of implementations (also important during the planning stage) because a bad design will ruin the entire product.
  7. Perform more sensitive tasks on the backend of servers instead of locally on the customers machine (and make sure those servers are secure in the sense that they are following good practices and are under good maintenance care and monitoring).
  8. When doing anything like transmitting data back to a web-based service (e.g. company's services) use HTTPS over HTTP (Port 443 not 80) and transmit as least as possible to prevent there from being a gold-mine of data leaks if the worst of the worst happened. It would also be a good idea to rely on encryption of the data before transmitting it via HTTPS as an extra layer of defense in-case the local machine has been subverted.

A good one would be to get them on-board with using your software if it is possible, that would make their interests of keeping it secure aligned with yours. If they see any issues, they may then tell you about it to prevent themselves from being more vulnerable. It's also not uncommon for the U.S government to be really picky and make requests for additional features (e.g. Intel have allegedly added a kill-switch at-least once in the past for a firmware feature as per requested by the U.S government).

....

In other words, just design and the develop the product in the best way you can where the whole product's security wouldn't be broken if someone from outside the company were to see how it worked inside (whether via reverse-engineering or a genuine source-code audit) or if an employee leaked something illegally, etc.
 
Last edited by a moderator:
E

Eddie Morra

A lot of people think that once someone else gets hold of the source-code... it's game over.

Contrary to many beliefs, a government agency getting hold of your source-code doesn't mean that it is game over and that they can now automatically whim out a thousand exploits. Of course, it will be easier for a government agency to spot vulnerabilities with the official source-code (assuming it is readable and well-documented, otherwise it'll be harder to go through it) but it doesn't necessarily mean that they'll be able to find any, or before anyone else who is actively auditing your source-code will.

If the case is that it is game over if someone else gets the readable official source-code, then how come there's tons upon tons of open-source projects which are not regularly exploited? It goes without saying that open-source projects in general allow other security researchers to vouch whether something is being done nicely and in a stable manner, and find, report and solve bugs before they may be exploited by a threat actor (and the same applies for when you let third-party reputable companies perform audits).

Matter of the fact is, someone with experience, dedication, enough time and access to some neat resources... they don't need your source-code bro. They'll get what they want one way or another.

Has no one ever thought about how AV vendors document how new malware familiies/variants work all of the time and have done for well over a decade, including government APTs? 9/10 they don't have the source code bro, and even when the source-code gets leaked sometimes on forums where a lot of hacking goes on, chances are it was documented years or months prior.

If you aren't relying on security through obscurity then you're going to pretty much be fine - if you follow well-established safe practices, do not do stupid things like aimlessly relying on undocumented interfaces when you do not really need to (Kaspersky learnt this the hard way back in 2006) and have the work put under effective review by multiple people with experience on pointing out design flaws/bugs (audits from reputable third-parties will also be beneficial) then you'll be in a much better situation.

In these scenarios, source-code leaks will be more damaging in terms of copyright violation and theft of intellectual property.
 
Last edited by a moderator:

stefanos

Level 28
Verified
Maybe for you, but for me, i don't feel lags. Even with Zemana + VoodooShield.
My first comment is not for your system. For old systems any combo with voodooshield is not light. FSecure SAFE alone is more light and safe enough. Not safe like Bitdefender but better from Panda. And if you're a fan of Panda it is not useful to read my comments.
 
AntiVirus Firm BitDefender Hacked; Turns Out Stored Passwords Are UnEncrypted
Bitdefender Hacked, Customer Data Stolen | Security Zap

and based on your profile, you are using Doctor Web antivirus on your system, but anyway that's not the case.
and i'm not going to discuss more about what have been already discussed even in this forum several times before.
accept it. i just shared my opinion and knowledge on this topic. and this is going off topic which is not good.
the post is in 2015 LOL
 
Top