Vipre I. S. Pro 9.3 ~ Real-World Protection Test Nov. 2015 ~ AV-Comparatives

Discussion in 'other anti-virus software' started by malexous, Feb 4, 2016.

  1. zord

    zord Registered Member

    Joined:
    Oct 2, 2009
    Posts:
    47
    Using only engine bitdefender.
    I scanned a few samples, and here are some undetected:

    SHA256 on VT:
    ae37795d895c0f8e026cc4d3b76c24ec490eded58b73ee72fe53dd310544d173
    273772134a9c4709032c3aec0435c3d98cc24abf549c549032b7a71bc13ea168
    3a7d2af7af4b06cb012bcbaa0cd26b6e9ddf0f48b1b57096c550f40f0fb28463
    045d1f5cb9c1dca92f1b01c701f7ca84f194f40770bf8d992c54d56ccaea1927
    128c9ebd94505b2c87f2a7e97e107b0d5dc7d933f2c607ff7d8c5411c24d9516
    0fa3cfa030884b3c6317f748c50fbb63e3891c73f1c0a82ac548dca8603092c8

    All detects "old" VIPRE.
     
  2. m0unds

    m0unds Registered Member

    Joined:
    Nov 12, 2015
    Posts:
    219
    good call - makes me wonder why they're still downloading engine components and definitions for the old engine if they're not using it. might just be there for the firewall or something. who knows.
     
  3. haakon

    haakon Guest

    I know, but the skeptic in me needs to see for his self. :) I concur and that pretty much concludes they're using BD's services for Web filtering. Which is a Very Good Thing.

    With bdnc.dll (Nimbus Client) loaded in AVCProxy, it could well be that BD's cloud threat scanning services is the Advanced in Pro's Advanced Active Protection. One might wonder if that client is loaded in the non-Pro version's (not Advanced) Active Protection.

    The HIPS is awful. When ON there are four options: Allow, Block, Allow with Notify, Block with Notify. With Block, hardly anything opens. That includes Cyberfox and Internet Explorer. Worse yet, HIPS History lists just a date/time stamp and "Block." Allows are not logged at all. Choosing either with Notify pops up a notification; you can either close that or create a rule (or select "Stop notifying me..."). Which is OK until you get to something like Process Explorer; after creating the tenth rule and getting yet another popup, I selected Stop notifying. This returns the setting to Allow or Block depending on which with Notify you were using. So, selecting Stop notifying for one process turns off notifying for all processes and allowing everything or blocking everything from thereon. It's the most worthless HIPS I have ever seen.

    EDIT FEB 7: I need to clarify that... The HIPS with Notify is the most useless I have ever seen from the standpoint of user intervention, rule building and logging. Block is way, way effective. Allow could very well provide protection from malicious processes. Vipre may improve this module. I admit my failing in judging it as worthless.

    Sigs/defs for BD Core and AVC kept up with BD's updates on my other systems which indicates they're also using BD's update servers unlike some other BD enabled products (especially the free "Bitdefender engine" stuff) which update from their own servers. Depending on the level of service they buy from BD, updates could lag by hours or days or even longer, as was the case with RoboScam.

    Otherwise, the new Vipre seems to be an interesting player in the market. By the time my BD licenses expire, all the independent and yoot oob tests will have washed up; I'll run the trial again, check for improvements, and make a decision. Though as a BD user for over a decade, Ill probably stick with what I know inside and out.

    Sidebar: the Vipre installer notified MBAM (free) and MBAE (free) and MBARW (Beta3) needed to be uninstalled; I chose the Skip option. MBAE failed to protect IE or Cyberfox (according to the logs) and operation returned to normal after an un/re-install; I assumed the same for MBARW and un/re-installed it , too. I didn't bother testing MBAM.
     
    Last edited by a moderator: Feb 7, 2016
  4. haakon

    haakon Guest

    You don't see vipre.dll and vcore.dll (Threat detection and remediation system) running under SBAMSvc (Anti Malware Service) on your system?
     
  5. zord

    zord Registered Member

    Joined:
    Oct 2, 2009
    Posts:
    47
    I see, butit does not work,does not detect or when scanning or when running samples.
     
  6. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,201
    So VIPRE is just a crappy Bitdefender clone, with a lousy HIPS.

    Isn't it almost scamware ?
     
  7. m0unds

    m0unds Registered Member

    Joined:
    Nov 12, 2015
    Posts:
    219
    try it and formulate your own opinion of it.

    it's obv providing better detection (see the av-c report linked here) and uses a better technology stack than they had with their own mediocre engine, which completely underperformed versus almost any modern threat, even losing out to MSE and/or Defender in testing with some regularity. so no, i don't think it's scamware and no i don't believe it's a crappy BD clone.
     
  8. zord

    zord Registered Member

    Joined:
    Oct 2, 2009
    Posts:
    47
    BitDefender almost does not detect adware and PUA, i do not know how he occupies such a high position in the test av-c.
     
  9. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,201
    I did try it, more than once. Many years ago. The product was so crappy and slow that I decided it wasn't worth my time, not to mention that there were better alternatives available.

    I'll consider trying it if I get tired of Eset. For me, AV is more of an 'extra'. I would never rely on it.
     
  10. m0unds

    m0unds Registered Member

    Joined:
    Nov 12, 2015
    Posts:
    219
    and I used it (assuming we're talking about VIPRE) for years and didn't feel it was overly slow. however, this thread isn't about old VIPRE, it's about this new version VIPRE and we should probably stick to discussing it.

    my guess is that they curate "real" threats and not adware and PUAs for their real-world testing. their report indicates "Every potential test-case to be used in the test is run and analysed on a clean machine without antivirus software, to ensure that it is a suitable candidate. If the malware meets both of these criteria, the source URL is added to the list to be tested with security products. Any test cases which turn out not to be appropriate are excluded from the test set."
     
  11. zord

    zord Registered Member

    Joined:
    Oct 2, 2009
    Posts:
    47
    the most popular "threats" it is the PUP, PUA, etc. Bitdefender very poorly protected against this, old VIPRE did it much better.
     
  12. m0unds

    m0unds Registered Member

    Joined:
    Nov 12, 2015
    Posts:
    219
    right, i didn't dispute that. i just said that their report indicated they curate threats for that test. maybe @IBK could clarify?
     
  13. IBK

    IBK AV Expert

    Joined:
    Dec 22, 2003
    Posts:
    1,886
    Location:
    Innsbruck (Austria)
    our test-sets do not contain grayware, only malware.
     
  14. bigwrench9

    bigwrench9 Registered Member

    Joined:
    Oct 28, 2009
    Posts:
    148
    I had high hopes. ( Sunbelt era ) Sadly, I was let down. Uninstalled.:thumbd:
     
  15. haakon

    haakon Guest

    There is no such thing as a Bitdefender clone anymore. That was just another way of saying re-branded.

    This product is running Bitdefender's Core (the so-called "Bitdefender engine") and AVC. As well, it appears it has 100% access to BD's global server services, filtering and scanning, with as-released sig/def/AVC updates.

    Say what you will about Vipre's history and marketing, they've bought and implemented all the good BD SDKs.

    And it's got the Sunbelt Firewall. :thumb:

    See my post #28 edit regarding the HIPS.
     
    Last edited by a moderator: Feb 7, 2016
  16. zord

    zord Registered Member

    Joined:
    Oct 2, 2009
    Posts:
    47
    Such a test is hopeless, users are dealing from grayware almost what per day. Installing the program which winning your test is can lead to it ;)

    too_many_toolbars.jpg
     
  17. garrett76

    garrett76 Registered Member

    Joined:
    Mar 18, 2014
    Posts:
    221
    Agree. Most of computers I have to fix nowadays are infested by adwares and pups. I would like Av Comparatives to reintroduce a specific test against these kind of graywares as it did some years ago.
     
  18. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    8,251
    Location:
    The land of no identity :D
    eScan is the other you talk about.

    P.S. Yes Vipre IS Pro uses BD core + AVC + Nimbus (BD cloud). This is a powerful mix that should work well for protection.
     
  19. m0unds

    m0unds Registered Member

    Joined:
    Nov 12, 2015
    Posts:
    219
    I contacted ThreatTrack about the lack of SSL on cloud comms, and was informed that they're currently addressing some performance concerns with SSL that they hope to have fixed soon. I was surprised they gave me a straight answer, as that was a common problem under direct GFI management and part of why I stopped using & recommending their software. Hope this bodes well for quality of support.

    Thanks for clarifying!
     
  20. Nightwalker

    Nightwalker Registered Member

    Joined:
    Nov 7, 2008
    Posts:
    1,387
    It could be a good product, but why use it in the first place instead of Bitdefender?

    There is a lot of Bitdefender promotions and giveaways anyway, why pay more for Vipre? Doesnt make any sense to me.
     
  21. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,201
    I absolutely agree ! And I recall BitDefender being straightforward, why make an effort to learn using VIPRE correctly ?
    Unless it's a hobby ...
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.