hi

just wanted to know your views on bit defender.

speed, processes, mem usage, and most of all, detection rate.

if u were me would either use:
a)kav, but only monitor download folder,temp, ie cache etc (to reduce slowdown)
b)drweb
c)bit defender
d)other ?

and... im confused, can someone plese tell me what av's are usiong the kav engine (apart from kav) ?

I know that two of the AV programs that use a KAV engine are:

extendia AVK Pro.
They use a KAV engine and a RAV engine.


eScan Pro.
They use a KAV engine.

http://www.mwti.net/antivirus/escan/escan.asp

I am not too familiar with BitDefender. If you want a low resource AV with a fair to good record on Virus Bulletin and does good with unpackers and Trojans, I'd go for McAfee Virus Scan...7.0..It's also very good resources and pretty fast too, even at maximum settings..

f-secure has kav engine too, along with 2 others

BitDefender is an up and coming AV program. But the company are a bit dubious, as they are the ones who forced Kaspersky to change their logo from AVP to KAV.

The AV programs which use the KAV engine include AVK, F-Secure, E-Scan, Steganos Antivirus and VisNetic AntiVirus ( from Deerfield). Maybe NOD will incorporate the KAV engine next, for better unpacking and trojan detection ;D ;D.

Obviously the KAV engine is well respected and must be earning Kaspersky a tidy sum in the above AV programs.

In all of them the interface is much cleaner and more attractive than in the current KAV. But this will all change with the new KAV 5.

If your computer is fairly new, and you use the modified Monitor settings, I would strongly recommend using KAV as your primary scanner.

-{ Quote: " quoting: Blackcat link=board=24;threadid=10091;start=0#msg66024 date=1055367719]
BitDefender is an up and coming AV program. " }-

IMHO BitDefender is heavy overrated/overestimated due to their "aggressive" marketing.

wizard

Bitdefender is a romanian company, it is one of the biggest software producers here(I'm from Romania too). But I wouldn't trust Bitdefender antivirus. I don't know, it's kind of weird, it gives many false alarms while missing real viruses and sometimes it corrupts files while scanning them. And it's a memory hog.

thanks for info guys. i guess ill stick with kav (now kav 4.5) and drweb as backup.

would be interesting to try some of the other kav based av's like extendia. but i cant find a place to download a trial. and avk is only in german as far as i can see.f-secure's latest version keeps BSODing me so its not a good option, also the daily updates are too big. do the other kav based ones have additional engines ?

visnetic, esan and steganos sound good. anyone tried these ?

as for nod32 with kav engine.....sounds good! although i never liked nod much.but anything with kav engine should be great.but imagine an av with both kav and drweb engines and drweb's speed! now id buy that

Rokop reviewed latest version and as far as I can tell, they are pretty impressed with version 7Pro (see thi report (http://www.rokop-security.de/main/article.php?sid=584&mode=thread&order=0).

Let me try to translate the last bit:
-{ Quote: "
Because of the new GUI that allows most settings in one new screen, Bitdefender Professional has become much clearer and intuitive to use. The detection rate is competitive, even the detection rate of malware surpasses many programs.
The manufacturers' quick reply and good support all lead to a positive feeling. This is a good sign!" }-

So, this is starting to look good. I'm impressed by the looks (but, you know that I can only judge AV by user impressions, I don't have the means to test these programs for scanning quality ;D ).

To everyone from Firefighter!

Because there are still people who are communicating with business and company world, BitDefender seems to be the only av that is capable to scan all that stuff you are sending to those companies and I think quite reliable because of BitDefender's reasonable unpacking engine!

See the table again below!

Archives*** Compressed***MS Office Embedded* * MS Office Password* AV-Program***
* * Scan**** Program files**** * OLE obj.** * * * * * * * * Protected OLE obj.* * Name
* * [24]**** * * [13]********* * * *[51] ********** * * * * * * * * * * * [8]
* *
* * 23******* * * 13****** **** * * * 51********* * * * * * * * * * * * * * * * 8**** * * * * * BitDefender 6.5
* * 23******* * * 04********** * * * *51* * ********** * * * * * * * * * * * * 8**** * * * * * Panda AV Platinum 7.03
* * 24* * * * * * 13* * * * * * * * * 39* * * * * * * * * * * * * * * * * * * * 8* * * * * * * AntiVirenKit (AVK) 12
* * 18* * * * * * 05* * * * * * * * * 51* * * * * * * * * * * * * * * * * * * * 8* * * * * * * PC-cillin 2002 9.03
* * 11******* * * 09********** * * * *51*** ****** * * * * * * * * * * * * * * 8**** * * * * * eTrust AV (ca) 6.0
* * 24******* * * 13****** **** * * * 33******** ** * * * * * * * * * * * * * * 8**** * * * * * Kaspersky AV 4.0
* * 18* * * * * * 13* * * * * * * * * 38* * * * * * * * * * * * * * * * * * * * 8* * * * * * * *F-Secure 5.41
* * 22******* * * 07****** **** * * * 33********* * * * * * * * * * * * * * * * 8**** * * * * * McAfee VirusScan 7.0.1
* * 18******* * * 04********** * * * 38 ********** * * * * * * * * * * * * * * 8 **** * * * * *Command AV 4.74
* * 16******* * * 09****** **** * * * 32********* * * * * * * * * * * * * * * * 8**** * * * * * DrWeb 4.29b
* * 17******* * * 10****** **** * * * 27********** * * * * * * * * * * * * * * 7 **** * * * * *RAV 8.6
* * 17******* * * 05********** * * * 30 ***** ***** * * * * * * * * * * * * * *8**** * * * * * Sophos AV 3.65
* * 16******* * * 02****** **** * * * 33******** * * * * * * * * * * * * * * 7 **** * * * * Norton AV 2003 9.05
* * 09******* * * 01****** **** * * * 07********** * * * * * * * * * * * * * * 8* ** * * * * * NOD32
* * 14******* * * 03****** **** * * * 00********** * * * * * * * * * * * * * * 7 **** * * * * *Avast 4 Home

And I think this is the characteristic that M$ is building on to RAV very fast, if it is using that AV in the future!
;D

PS. The new RAV Scanning Engine 8.11 (27. February 2003) has already better archives scanning and unpacking skills that the list above shows! 8)

"The truth is out there, but it hurts!"

Best Regards,
Firefighter!

According to the forums at rokop-security.de there are some problems with the monitor.
- Download the eicar-Testfile. The monitor will popup. No problems so far. Create a link to the eicar-test-file. Doubleklick the link; now it's possible to download or even execute the file.
- Try to execute the eicar-Testfile. Monitor will popup. OK so far. Now try to execute the file many times in a short period of time. The monitor will only popup once (for the first execution).
I have not tried it for myself, i've just tried to translate some postings in the rokop-forums.

So is BitDefender junk or is it a good back up? Does it have any problems running with McAfee VS7.0? ( never have 2 AVs running at the same time, always close your main before you run your back up.) I'm Looking into getting a back up now that GAV is gone. Is there any problems with BitDefender and win XP HE?

notageek,

I am running Bitdefender as a backup on some machines and can say that it works quite well. The only problems I have encountered so far is that Bitdefender dislikes the Symantec symevnt driver; I had to remove this part of several Norton/Symantec apps by hand in order to have Bitdefender work. The support let me know they are investigating the issue, but as for now, Bitdefender won't work well with a present symevnt.

As a backup I think the free edition is a good choice; the detection rates are good. It installs quite some stuff to your system (comm server etc.), but works even without them loaded, so you may consider removing the additional processes from the startup list; I have posted a topic about using the dos edition, which has the same detection capabilities, see this thread:

http://www.wilderssecurity.com/showthread.php?t=10796

In general, I am a happy bitdefender-user. Hope this info helps.

Karl

Thanks Karl, it helped me.

To Notageek from Firefighter!

I am using the same av systems just now, the first day, and I haven't had any problems with BDF 7.0 Free and McAfee 7.0 together!

Is BitDefender any good? Maybe you can evaluate that from my last infection list, when I have had my new continuous ADSL internet connection run some 3 weeks.

I used in the beginning F-Secure 5.41 as my resident, but today I have chanced that to McAfee 7.0 and the scanning engine is just now 4.2.60.

So here are my last infection results!

The infected and suspicious files were as follow!

divx.zip
opr009QL.zip
A0008666.zip
A0009433.zip
A0009591.zip
A0011030.zip

And the results were as follow!

BDF Std v7: Win32.P2P.Tanked.02 and Win32.Worm.P2P.SdDrop.C (A0009433.zip and A0009591.zip).

F-secure 5.41: Trojan.JS.NoClose.e; a security risk or BACKDOOR and Worm.P2P.SdDrop.c (opr009QL.zip; A0009433.zip and A0009591.zip).

NOD32: Win32/IRC.SdBot.AA trojan and Win32/Sddrop.C worm (A0009433.zip and A0009591.zip).

DrWeb(online): Trojan.NoClose; PROBABLY WIN.EXE.Virus and PROBABLY WIN.EXE.Virus (opr009QL.zip; A0008666.zip and A0011030.zip).

KAV(online): Trojan.JS.NoClose.e; Backdoor.SdBot.aa and Worm.P2P.SdDrop.c (opr009QL.zip; A0009433.zip and A0009591.zip).

RAV(online): JS/Noclose*; Backdoor:IRC/SdBot and Win32/HLLW.SdDrop.C (opr009QL.zip; A0009433.zip and A0009591.zip).

After that BitDefender, McAfee, Panda and Trend Micro free online scanners were not able to detect anything of these in ".zip" extension!

That divx.zip file was identified as infected in ".exe" extension by Panda Online viruslab after that it was before detected as suspicious by Panda!

Those A000..etc. files were absolutely infections, because they were multiplying in the "System Volume Information" folder in my WinXP Home system.

Why I had so many infections during the last 3 weeks? I am on a holiday and the kids, yes, they are using KaZaa again!

By the way, if so many av:s in there are scoring 100% Award in VB, why for example McAfee VirusScan 7.0 with scanning engine 4.2.60 couldn't detect anything just an hour ago?

Maybe there is the answer to that value of the famous VB 100% award today! ;D


"The truth is out there, but it hurts!"

Best Regards,
Firefighter!

Hi firefighter, you might want to submit them files to McAfee and let them know they are out there in the wild. The only problem I have had with McAfee is 1 false positive and they took care of it when I sent them the file. Thanks for the info Firefighter. I'm going to try BD and keep my fingers crossed.

To Notageek from Firefighter!

I have done that already, let's wait now how fast they are capable to update their database!

Best Regards,
Firefighter!

-{ Quote: "By the way, if so many av:s in there are scoring 100% Award in VB, why for example McAfee VirusScan 7.0 with scanning engine 4.2.60 couldn't detect anything just an hour ago?

Maybe there is the answer to that value of the famous VB 100% award today!" }-

Well, your report states trojans, backdoors etc. Have a look at the test criteria used by VB ;).

regards.

paul

To Paul Wilders from Firefighter!

You were right. But it's an other story how important pure virus defence is today comparing to these others! As I am concerned, the infections on my PC have been almost always something else than pure viruses, and there were a lot such kind of cases but there isn't any "Other Malware Bulletin Award" yet, why? ;D

"The truth is out there, but it hurts!"

Best Regards,
Firefighter!

Firefighter,

-{ Quote: "...but there isn't any "Other Malware Bulletin Award" yet, why?" }-

for starters: define "other malware" ;)

regards.

paul

To Paul Wilders from Firefighter!

First of all I mean Worms, Backdoors, Trojans, Script "ugglies" etc.

Those infectons I have got lately are almost impossible to remove from "System Volume Information" folder in my WinXP Home system.

I have to admit that I am not very experienced to do that PC cleaning procedures, but why an av, even if they were capable to identify those nasties, were uncapable to clean, remove, rename or even move to quarantine those nasties from your System Volume Information folder in your WinXP Home system!

After that all, you are only frustrated, it was better before when you didn't know to have those infections at all. >:(

"The truth is out there, but it hurts!"

Best Regards,
Firefighter!

-{ Quote: " quoting: Firefighter link=board=24;threadid=10091;start=15#msg72796 date=1057911235]
To Paul Wilders from Firefighter!" }-

-{ Quote: "First of all I mean Worms, Backdoors, Trojans, Script "ugglies" etc." }-

That's merely an incomplete summing up - no exact definition - and here you have problem number one...

-{ Quote: "Those infectons I have got lately are almost impossible to remove from "System Volume Information" folder in my WinXP Home system." }-

Which infections exactly?

-{ Quote: "I have to admit that I am not very experienced to do that PC cleaning procedures, but why an av, even if they were capable to identify those nasties, were uncapable to clean, remove, rename or even move to quarantine those nasties from your System Volume Information folder in your WinXP Home system!" }-

Sorry to hear about your problems. What product are you referring to?

regards.

paul

Hi FireFighter,

There is a very good reason for AV´s not cleaning the "System Volume Information" folder.
It would corrupt your Restore Points.
If you want to clean it out, disable System Restore, reboot and re-enable System Restore.
Illustrated instructions for XP: http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039

Regards,

Pieter

To Paul Wilders from Firefighter!

First of all, let's look at my latest infections. There are worms, backdoors and trojans.

My post to DrWeb was that as below!

"The most of these viruses known to us:

D:\Temp\vir\qqq\A0008666\A0008666.dll probably infected with WIN.EXE.Virus

D:\Temp\vir\qqq\A0009433\A0009433.EXE packed by FSG

D:\Temp\vir\qqq\A0009433\A0009433.EXE infected with BackDoor.IRC.Sdbot.based

D:\Temp\vir\qqq\A0009591\A0009591.EXE packed by ASPACK

D:\Temp\vir\qqq\A0009591\A0009591.EXE infected with Win32.SdDrop.3

D:\Temp\vir\qqq\A0011030\A0011030.dll probably infected with WIN.EXE.Virus

D:\Temp\vir\qqq\divx\divx.dll - Ok

D:\Temp\vir\qqq\opr009QL\opr009QL.htm - archive HTML

D:\Temp\vir\qqq\opr009QL\opr009QL.htm\Javascript.0 infected with Trojan.NoClose

D:\Temp\vir\qqq\xms32.tmp\xms32.tmp.exe packed by FSG

D:\Temp\vir\qqq\xms32.tmp\xms32.tmp.exe infected with BackDoor.IRC.Sdbot. based

We'll check up the rest of files."

My last comment to DrWeb:

PS. "Does it make any harm when I couldn't remove and/or rename those infections from my "System Volume Information" folder in my WinXP Home system?"

About those infections in "System Volume Irformation" folder:

DrWeb: "No, it does not make any harm, infected viruses are helpless while being in the System Volume Information folder - this is system locked folder, and system will erase obsolete files by itself when needed".

But now to the reality. As an average user and maybe a bit below that limit, there is still one question without an answer!

Why those files are still in System Volume Information folder even just now?

The second was that what are those questions exactly?

Let's look at only to those last onens.

Can someone tell why those last infections were unable to remove from System Volume Infection folder in my PC with McAfee, F-Secure, DrWeb 4.29c, BitDefender v7 Home, NOD32 etc? :o


"The truth is out there, but it hurts!"

Best Regards,
Firefighter!

-{ Quote: " quoting: Firefighter link=board=24;threadid=10091;start=15#msg72957 date=1057957925]
To Paul Wilders from Firefighter!

First of all, let's look at my latest infections. There are worms, backdoors and trojans." }-

Mostly, indeed.

-{ Quote: "My last comment to DrWeb:

PS. "Does it make any harm when I couldn't remove and/or rename those infections from my "System Volume Information" folder in my WinXP Home system?"

About those infections in "System Volume Irformation" folder:

DrWeb: "No, it does not make any harm, infected viruses are helpless while being in the System Volume Information folder - this is system locked folder, and system will erase obsolete files by itself when needed"." }-

As long as one doesn't perform a system restore: yup.

-{ Quote: "...there is still one question without an answer!

Why those files are still in System Volume Information folder even just now?" }-

Can't follow you here: DialogueScience did answer that one.

-{ Quote: "Can someone tell why those last infections were unable to remove from System Volume Infection folder in my PC with McAfee, F-Secure, DrWeb 4.29c, BitDefender v7 Home, NOD32 etc? :o" }-

Once more: explained by DS. Try disabling system restore, clean your temp file, perform a full scan, enable system restore - and post results ;)


-{ Quote: ""The truth is out there, but it hurts!"" }-

At times: yes. Mostly: no, it doesn't ;)

regards.

paul

-{ Quote: "Can someone tell why those last infections were unable to remove from System Volume Infection folder in my PC with McAfee, F-Secure, DrWeb 4.29c, BitDefender v7 Home, NOD32 etc? " }-

As others have explained, this is the System Restore folder; protected by Windows File Protection, so:
You don't have delete permissions Even if you manage to get delete permissions, Windows will put right back what you deleted :D