What do you guys think of BitDefender?

check out the plugins directory and the scanning report.

 

Indeed, I want more info.. This appears like it could be "THE" solution i'm looking for. Despite no software firewall, which I can overlook, it definately looks like a nice package.

The international pages have no trial version, while the german pages do.. Messing with the german trial, this product seems HOT! I just wish I could read more of it. =)

Certainly with 2 really nice engines running, these guys might have the product to get, but they sure don't seem to want to market it well to international folks. Which is surprising, since 90% of BitDefenders marketshare is overseas!

 

I have a licensed version. Is there something I'm missing?

Plugins directory looks fine as does the scanning report. Maybe you didn't set it up correctly.

 

http://www.antiviruslab.com/e_download.php?lang=gb

 

Haven't used Bitdefender for over a year. Last time I used it I found the real time protection slowed my system down considerably. However, the new version seems to be a big improvement in that respect.

 

i set it up correctly tazdevil. checkout the plugins.html and you'll see that BitDefender supports very few packers and most of the plugins are in early stages of development. also the scanning report shows that some packed files were scanned as normal files where NOD32 or KAV scanned them after unpacking them. by the way the latest BitDefender did slow up my Windows ME computer. and that AVK? boy that was heavy........

 

Thanks for the info. I'll nose around a bit more.

LOL expecting decent app support for 98/ME is expecting too much these days.

 

I think Bit Defender Free Edition in an excellent backup scanner.

 

1. NOD32 uses heuristics similar to BitDefenders

2. HTTP Scanner? Why do you want to have this? Its almost the same as normal On-Access scanning.

3. True unpacker? Well if it isnt a fake one than its the true one right? Who do you think unpacks ASProtect,UPX and so on executables? This is realtime unpacker. Unpacking archives in real-time is a useless and and represents a great performance impact. Files always have to be extracted from archive whenever you wish to access them directly or by extracting them. They will be scanned by real-time engine in both cases (usually inside TEMP folder).

4. Not true. It detects EICAR.COM as soon as you download it. Text file (EICAR.txt) is not scaned because txt files (currently) cannot do any harm to your PC in any way. About compressed archives i already explained in #3.

5. Trojans are some special group of parasites and its hard to pick them as you can viruses/worms without generating false positives. Use firewall to block them not antivirus which is mostly focused on viruses/worms (as all others).

6. With email scanning i agree with you. I miss the outbound scanning like it was in avast! 4 or Pc-cillin 2004. Real-time engine should keep outbound messages clean,but it would most certanly provide much higher protection if it would scan Inbound and Outbound mails.

8. BitDefender is indeed a very good antivirus. If your NOD32 license is at end,i think you should try it. But first try trial version,because i couldn't startup Real-Time engine in any way,same at my two friends. I also reformated disk and tried again with no success. Not sure what coused this,but try before you'll regrat it with commercial version.

 

I've found this not true. Recently with some re-packed protocols, NOD32 completely missed them, and later, I find out that NOD32 is indeed lacking in a wide range of packer support. I'm told AVK/KAV support in the 800+ range of different unpackers. Theres some data out there as well on this. http://www.rokop-security.de/main/article.php?sid=473

Wait a minute, are you saying that a executable, renamed to a text file, then sent to your system is not a security risk? I beg to differ, an AV program should detect malicious signatures in EVERY form, shouldn't it? At least I want mine to! Renaming a worm to a text file, then punching it past your security, and using a DLL function call to execute it isn't something i'd take too lightly. I won't run anything that won't pass *ALL* Eicar and AVTest3.0 criteria, i'd feel unsecure if I did.

So then programs that score 90-100% on these, without false positives are pretty solid products then eh? Frankly, Trojans aren't any harder to detect, especially if you do what everyone seems to do, and take a swatch of the program and run it through MD5 into the definition file. What seperates the men from the boys are having a system that isn't easily fooled by byte changes, that compares heuristics to definitions, and then feeds it all out in a package that seldom, if ever, generates a false positive. Theres products out there that do this my friend, stop selling yourself short - and don't let the hype convince you otherwise.

I bought it 2 weeks ago, ran it through a battery of tests, found issues, and returned it for a refund - one of the nice things about Element5 and Digitial, is they refund rather quickly - trials or otherwise. NOD32 was handy about a refund as well, even after I had the product for months - good customer relations are practiced there.

 

If possible do you think you can elaborate on your above comment. How does this "technique" work with almost no false positives? Maybe an example with a trojan... since you mention they are not any harder to detect. I would also be interested to what products out there meet this criteria of detection? Thank you

 

dear Technical, i agree with you. BitDefender does make a good backup scanner. specially because its FREE and without a RTM. but that management console take up some memory and its always loaded. it irritates me, but i haven't seen any conflicts. i think its a better option to keep BitDefender free edition as a backup scanner. the money saved could be used on a good AT or some yummy donuts.

NOD32 does scan TXT files by AMON. you just need to configure it right. anyway it still doesn't make sense to scan TXT files as they are harmless. i don't know anything about a vulnerability that enables a remote dude to EXECUTE a TXT file in my system. anyway in that case i'll be more interested in that vulnerability.

 

i think he is talking about checksummers. there are certain AV softwares who has it e.g. AVG Prof. Edition, AntiVir Prof. Edition, Kaspersky, DrWeb and perhaps Sophos too.

 

btw, we published a new test of Bitdefender (free edition) here (german): http://www.rokop-security.de/main/article.php?sid=756

regards, Joerg

 

Well, that is why I would like to hear more about Defender of Bit's comment if possible. I too can only surmise what was meant. From what I can infer, Defender of Bit is saying that many products just use an MD5 of the malware and add that in as their defintion. And then it is mentioned of a technique that compares heuristics with definitions that yields almost no false positives (that can be found in "superior?" products).

So i am just wondering what products use the latter of the two techniques mentioned. And how it is implemented with almost no false positives? I think I misinterpreted what was meant when it was said that trojans are not harder to detect. As it was probably just being said in the context of products which use simple checksumming in their signatures.

 

in that case i'm waiting to be enlightened. checksumming is for checking a file has been changed or not, we all no that. malware signatures are different things, not checksums of that malware. its difficult to decipher Defender of Bit's statements but i'm waiting for his comments.

 

Checksuming can be also the part of signatures. Some file is checksumed and compared its value to the one in virus signatures. If it matches,the file is declared to be a malware. This method is useful for trojans/worms since they don't change their form,because they are not file infectors. And with MD5 hash its nearly impossible for hash mismatch (even MD4 is enough->this one is used for checking eDonkey files integrity and there is billions of files).

 

are you talking about 128 bit MD5? what software uses this to detect malwares? much smaller signature can do the same thing and it'll be faster. MD5 hashing is slower than MD4. this is totally impractical and checksumming is used to check the integrity of data.

 

If we use a firewall, do you prefer to have the standard or professional version?

 

I like it very much! It is not high-cost, it is very good, it detect all kind of things and I'll buy it when my F-secure licence will expire.

I'll buy standard edition.

 

and bitdefender has now good unpackers.He finds the eicar virus if i want to download it.It is very fast with scanning

 

The NOD32 pep squad is starting to pull this topic waaay off-thread. Can't someone do something with those people? I want to read about BitDefender -- it's high on my candidates for replacing said NOD32. Why am I replacing NOD32? Because of the sort of thing their supporters are doing in this thread. They do so too often & too many forums.

 

dear Stephan123, that EICAR file was packed? with what? from where you tried to download it?

 

Do bitdefender succeed in all eicar testing?
If not, is there an antivirus which succeeded in all tests?

Thanks

 

there is only one EICAR standard test. this is scanning the EICAR.COM either with On-Demand or On-Access scanner. this is the standard test but sometimes users make there own modified version like packing EICAR.COM or compressing inside several layers of different archives.