Hi guys, i've always wondered why different security products that are using the same definitions would have different detection rates. Now i realize that there are extra pieces to a security suite like a BB for example but i've seen it reported even with those extra piece shut down that they can have different detection rates. Why would this be? For example a lot of AV vendors use bitdefenders definitons but they seem to have markedly different detection rates. Now you would think a product like Emsisoft would always be better since they have a very strong BB, and their own definitions on top of bitdefenders definitons but that always don't seem to hold true. When i company buys bitdefenders' definitions do they get the same exact ones that bitdefender actually uses in its products?
Same definitions & different detection rates?
- Thread starter ncage
- Start date
It actually depends on the terms of the contract between the engine owner and the third party AV. They may be using an older version of the engine, older definitions or an incomplete set of definitions, for instance.
The Bitdefender engine that other vendors are using is usually the same what BD uses itself. I'm not sure if BD offers any variants as not much is known to be able to positively say that.
However, Bitdefender has added Cloud detection in their own antivirus for static detection of malicious files. This is not available to the other vendors using BD engine from what I see.
Also note that the definitions are used for static detection (malware are detected before they execute). The BB comes under dynamic protection. Which detection are you considering when comparing engines?
Two things to note are:
First, there may be a time difference between when BD engine is updated for their own antivirus and when the borrowed engines are updated, either due to their contract (how and when are updates made available) or by the borrower vendor's update preferences.
Second, as @mlnevese said, an AV vendor might be using older version of BD engine causing some difference in static detection. Zonealarm was using an old Kaspersky engine until April's. Only ZA Premium offers Kaspersky's cloud engine.
Qihoo provides BD engine updates only once or twice daily.
To slightly add to the confusion, here's an incomprehensible screenshot from today, where Emsisoft, Fsecure, GData show BD detection while BD itself doesn't show any on VT. Not sure what's the problem .. This ain't the first time I see this.
PS: The engines available on VT may or may not be the same as available in the respective home products.
However, Bitdefender has added Cloud detection in their own antivirus for static detection of malicious files. This is not available to the other vendors using BD engine from what I see.
You've kindof answered your own query.
Also note that the definitions are used for static detection (malware are detected before they execute). The BB comes under dynamic protection. Which detection are you considering when comparing engines?
Two things to note are:
First, there may be a time difference between when BD engine is updated for their own antivirus and when the borrowed engines are updated, either due to their contract (how and when are updates made available) or by the borrower vendor's update preferences.
Second, as @mlnevese said, an AV vendor might be using older version of BD engine causing some difference in static detection. Zonealarm was using an old Kaspersky engine until April's. Only ZA Premium offers Kaspersky's cloud engine.
Qihoo provides BD engine updates only once or twice daily.
To slightly add to the confusion, here's an incomprehensible screenshot from today, where Emsisoft, Fsecure, GData show BD detection while BD itself doesn't show any on VT. Not sure what's the problem .. This ain't the first time I see this.
PS: The engines available on VT may or may not be the same as available in the respective home products.
Last edited:
5
509322
You can confirm this on the Emsisoft support forum by asking there. Emsisoft does not use all of the BD signatures. For some objects they use their own signatures. And they treat some items differently than Bitdefender. Many people wonder why Emsisoft requires users to make a decision on some items. They have explained it is to give the user the option instead of blindly blocking everything. Now that they introduced their version of BB auto-pilot I expect it will perform the same in the AV-C tests as Bitdefender unless the user sets the BB to alert (manual).
From what I understand, Bitdefender signatures can be licensed on a "class" or "type" basis. There are different classes\types. One can lease the entire signature package or a major subset.
I believe Emsi does not receive Bitdefender's PUP definitions handling them with their own engine. At least that's what I understood after reading their forums.
You made it sound like BBs of both products are the same with some tweaks. Possibly you had to say that the results will more or less be equal.
That might be the case with Emsisoft. I've seen differences in their simultaneous detection. Emsi 2ce didn't identify some generic trojan when BD did, before and after the test. Though trojan detection by BD engine should have been covered by Emsisoft. Update (time) differences maybe?
You may also like...
-
EFF Teams Up With AV Comparatives to Test Android Stalkerware Detection by Major Antivirus Apps- Started by Gandalf_The_Grey
- Replies: 4
-
The one thing i have found different from in Norton from AVG and Avast.- Started by nickstar1
- Replies: 38
-
