AV-Comparatives: Real-World Protection Test August 2015

Fabian Wosar [Development] Emsisoft Team =

 

Like I said, they only use the stuff that's part of the BD SDK (file detection)

 

No. It depends on the various SDKs available to the indie developers.

The "file detection" SDK you refer to is the bdcore file scanning engine. This is what is presented in all the "free Bitdefender engine" as well as commercial "Bitdefender engine" products that "they" offer.

That has two implementations:
1) A file downloaded to the user's default or selected location and scanned.
2) The downloading file is renamed as something.tmp to the system temp location and scanned. If passed, it is moved in the user's default or selected location, correctly named. Under this scheme, detection can occur before the file is completely downloaded.
Guess which SDK costs less?

The next protection tier available is the B-Have heuristics scanner where a file is sandboxed and analyzed.

bdcore and B-Have are also used by on-access and on-demand.

Next is Active Virus Control wherein a 32 or 64 bit dll is injected into all running processes. For each process, activities are monitored and if a series of certain conditions are met, as in a hijack or a delayed exploit, the process is flagged as malicious and terminated. The monitoring activates upon any process start-up, via user or task, and remains active up to the time of user/task-close or AVC termination.

Network IDS (their "HIPS User-Mode module") can be implemented with or without the firewall.

Finally, the firewall - theirs, not a Windows firewall overlay.

(Lavasoft is an example of a full SDK integration in their Ad-Aware Pro Security product.)

There's also BD's cloud using their global network of Nimbus servers which can be implemented as a browser extension or as a system-wide component for malicious URL or phishing filtering or file scanning (or combinations of the three), the latter being their Gonzales service.

Bitdefender Free uses all of the above except the firewall and uses the second bdcore scan and system-wide Nimbus and Gonzales as described. Though the release is approaching three years of age, libraries and drivers are updated in the background. As of the last time I ran Free four months ago, the AVC components' (for example) versions equaled that of the current premium product.

The info in this posting will expire upon the next posting where the usual "Bitdefender engine is the same as Bitdefender" fallacy is expressed. Or until this thread goes to page 4.