Antivirus programs that use Bitdefender' Engine

Discussion in 'other anti-virus software' started by zmechys, Apr 21, 2013.

Thread Status:
Not open for further replies.
  1. zmechys

    zmechys Registered Member

    Joined:
    Dec 29, 2012
    Posts:
    471
    Location:
    usa
    Here are some of Antivirus Programs that use BitDefender Antivirus Engines:

    Auslogics Antivirus
    BullGuard,
    Emsisoft
    e-Scan,
    IObit Advanced SystemCare with Antivirus 2013
    F-Secure,
    G-Data,
    Hauri (ViRobot)
    Imen,
    Immunet,
    Lavasoft Total Security,
    MultiCore Antivirus
    Qihoo 360,
    RadialPoint,
    Roboscan Internet Security
    SafeNSoft,
    SecurityCoverage,
    SourceNext,
    SurfRight,
    TrustPort,
    VirusChaser,
    Zenok.
     
  2. ght1

    ght1 Guest

    How could you forget Spybot ... :D
     
  3. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
  4. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    3,871
    It actually says a lot for the effectiveness of the bitdefender engine when so many vendors wish to use it.

    This list alone is a far more positive and stronger recommendation than any meaningless test.
     
  5. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,726
    Location:
    localhost
    So, likely to be targeted by malware writers... if you don't get detected by BitDefender then you more likely to evade several other tools. Economy of scale ;)
     
  6. hamlet

    hamlet Registered Member

    Joined:
    May 10, 2005
    Posts:
    200
    Some of those vendors use Bitdefender's engine or signatures in combination with their own or even another vendor's product. I think some of them are coming out with very intelligent combinations of these products.

    I wish there was a test that could tweeze out the usefulness of the different detection engines in some of the products. Vendors are good at marketing the new bits and pieces of their software but who knows if the stuff is effective. I guess I should be mostly concerned about total detection but I am curious about how all of the parts contribute to that.
     
  7. stephentony

    stephentony Registered Member

    Joined:
    Oct 2, 2003
    Posts:
    142
    Location:
    USA
    I agree with Fax. That was why I was a bit disappointed that Emsisoft switched From Ikarus to Bitdefender. I know all the reasons why but I don't like the idea of having that one particular engine used in so many other products. I know that the biggest issue with Ikarus was false positives. Has that improved dramatically switching to BD? Not yet it hasn't, and that's not because BD is known for producing lots of FP's. I think Bullguard has incorporated the BD engine better than anyone else at this point.
     
  8. Fabian Wosar

    Fabian Wosar Developer

    Joined:
    Aug 26, 2010
    Posts:
    787
    Location:
    Germany
    So you don't see a reduction from 127 to 34 in the AVC tests by just replacing Ikarus with Bitdefender as a dramatic improvement?
     
  9. 1000db

    1000db Registered Member

    Joined:
    Jan 9, 2009
    Posts:
    718
    Location:
    Missouri
    Some people don't take false positives into consideration. As a corporate AV user false positives have caused as much damage and wasted as much time as actual malware. I would say that is a great improvement!
     
  10. safeguy

    safeguy Registered Member

    Joined:
    Jun 14, 2010
    Posts:
    1,709
    Interesting. I wonder why. It'd be nice to hear developers from those AV programs what was their reason for going with BD engine...
     
  11. stephentony

    stephentony Registered Member

    Joined:
    Oct 2, 2003
    Posts:
    142
    Location:
    USA
    Before the latest false alarm test for March 2013 when was the last time Ikarus or Emsisoft was tested for FP's by AVC? I won't wait for that answer. By the way where exactly did you come up with 127 FP's when Ikarus was the other engine? Did Emsisoft come up with that number because it didn't come from AVC testing. 127 to 38? 38 is what AVC posted. No, that still stinks but you're right, you went from totally unacceptable to just plain lousy. No, I don't think I'll start drinking the Emsisoft Kool-Aid just yet. You are headed in the right direction though.
     
  12. Charyb

    Charyb Registered Member

    Joined:
    Jan 16, 2013
    Posts:
    552
    Single Product Test - February 2011
    http://www.av-comparatives.org/wp-content/uploads/2011/01/sp_fdt_emsisoft_201102_en.pdf
     
    Last edited: Apr 22, 2013
  13. Fabian Wosar

    Fabian Wosar Developer

    Joined:
    Aug 26, 2010
    Posts:
    787
    Location:
    Germany
    We were tested in 2011. We didn't receive any of the samples we missed nor the false positives we caused in that tests. So those false positives are still there. The huge drop was therefore caused by the switch in engines.

    Actually you have to take that 38 false positives with a grain of salt. When you look at the actual false positives in the dedicated false positive report (link can be found in the test report) you will see that a significant portion of the false positives were in rather exotic files (we are talking applications designed for Windows 98 here). Personally I would argue that one false positive in a Windows file has more catastrophic consequences than 38 false positives in files that are partially so old and thinly spread that even an enormous service like VirusTotal hasn't seen them even once.

    If you don't want to do the math yourself, take a look at Neil Rubenking's article about the false positive ranking when taking the AVC weightings in account.

    Last but not least also take into account how AVC actually comes up with the false positive test sets. They have been harvesting FTP servers, PC Magazine cover DVDs and download portals for almost 10 years now. So essentially when you take part in this kind of test for the first time, you are confronted with a huge collection of files at once. Other products had the benefit to encounter these files and fix the false positives they caused over a longer period of time, so even though they may have had the same false positives than we did, theirs were spread out over a bigger period of time.

    This issue has also been acknowledged by AVC in the dedicated false positive report by the way:

    Bottom line is: The next test should paint a more realistic picture of our performance regarding false positives as we caught up on false positives from the late 1990s and early 2000s now ;).
     
  14. stephentony

    stephentony Registered Member

    Joined:
    Oct 2, 2003
    Posts:
    142
    Location:
    USA
    Fabian, I really don't care about two years ago. How many AV products have changed radically over the past two years? For good and bad. My point is you guys laid much blame for the FP issue with the Ikarus engine so it was changed to Bitdefender. That makes sense if Ikarus was the main clulpret. Myself, I liked the detection Ikarus brought to the table and I think they took too much of the blame for high FP's. Now that you have switched over to BD you guys have no excuses for the number of FP's because we know BD doesn't throw them up by the bushel. Emsisoft has been promising to lower FP's for a long time and you can't blame Ikarus anymore. All I said was in my opinion, of all the AV's that incorporate the BD engine, Bullguard has done the best job. Detection is great with almost no FP's and it runs very light on my rig. Don't get me wrong, EAM detection is fantastic! Personally, EAM is still too heavy for me (I hate slow boot times in particular) and again there are too many FP's. I bought a two year license almost exactly two years ago but there was no way I was going to renew. EAM is a product I would love to love :) but right now I believe Bullguard does a better job. Lets see where EAM goes from here but I'm not holding my breath.
     
  15. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    stephentony; if you look at eScan's results you will notice it throws up a lot more FPs than BitDefender, which is odd as their own database is rudimentary at best (and most of those detections will be named as per BD naming scheme). This is probably not BitDefender's fault and may have something to do with cloud based whitelist checking algorithms which may differ from product to product. Not sure how this is and not sure if this is the case with Emsisoft, but it is possible.
     
  16. Fabian Wosar

    Fabian Wosar Developer

    Joined:
    Aug 26, 2010
    Posts:
    787
    Location:
    Germany
    Isn't the case here. We have exactly the same false positives as Bitdefender. The other 29 were caused by our signatures. I would be very surprised if it was any different for Escan.

    So let's just assume that we always were the main cause of false positives all along as you are suggesting even when we used Ikarus. Wouldn't that mean that if Ikarus was tested at the same time using the same test sets it should come out with almost no false positives at all? Well, let's check:

    http://www.av-comparatives.org/wp-content/uploads/2011/01/sp_fdt_ikarus_201102_en.pdf

    Turns out, in the test done by AVC using the same test sets Ikarus ended up with 109 false positives. Maybe our log files spilled over onto their log files? ;)

    So 20 false positives back then were caused by our signatures. Those 20 false positives were still present in the 2013 test set. So we added around 9 additional false positives in 2 years. Doesn't sound too bad in my opinion. Quite frankly that is how many Bitdefender managed to introduce since the last false positive test in September.

    No doubt, Ikarus has very good detection rates which is why we stuck with them for a rather long time. The problem is, the best detection rate means nothing if nobody trusts your results because they assume it is a false positive anyways, which unfortunately was the case for us and ultimately caused the decision to switch to a different scan engine.

    I agree which is why I spent most of my time in the past couple of weeks making various improvements to the scan engine to address various I/O bottlenecks. If everything works out okay it will be included in the next version :).
     
    Last edited: Apr 23, 2013
  17. zmechys

    zmechys Registered Member

    Joined:
    Dec 29, 2012
    Posts:
    471
    Location:
    usa
    Some questions

    Are you getting a "full-blown" Antivirus Engine or a trimmed one?

    Are the BitDefender Developers helping you to create/refine Emsisoft AV?

    How are the Signature files updated - update size and frequency?

    What about Engine-only updates?

    Are you providing feedback to BitDefender about improving the engine/Heuristics/etc...?

    If the quality of the engine is one of/the most important thing for any AV, what separates Emsisoft from so many other antivirus programs that use the Antivirus Engine from BitDefender?

    How much can you (the Emsisoft developer) improve (?) the performance of the engine's impact on hardware and operating resources?

    Who is responsible for Emsisoft's performance optimization?

    Which engine starts first - BD or Emsisoft?

    What engine is responsible for detecting polymorphic viruses?

    Which engine is better for unarchiving and unpacking complex objects?

    Is Emsisoft AV better with Zip archivers or RAR?

    Which engine is doing better job of disinfecting malware from Zip, RAR, CAB files?

    What engine is dealing with malicious code in JavaScript?

    What engine is detecting "rootkits"?
     
  18. Fabian Wosar

    Fabian Wosar Developer

    Joined:
    Aug 26, 2010
    Posts:
    787
    Location:
    Germany
    It's complete.

    We are using the same signature file repository as Bitdefender.

    We get them at the same time as the Bitdefender products as they are part of the signature file update repository that Bitdefender uses.

    We do.

    It depends which component you are talking about.

    Our engine starts first.

    Bitdefender is responsible for virus detection as our engine focuses on non-infectious malware mostly.

    Our engine doesn't support archive unpacking. So only Bitdefender is scanning within archives. We may change that in the future but there is no immediate need as malware within archives is rendered harmless and we do scan the unpacked file during the unpacking process if the File Guard is running.

    We don't clean infected archives in general.

    Both are.

    Both. We don't use the Bitdefender anti-rootkit components though but implemented our own.
     
  19. zmechys

    zmechys Registered Member

    Joined:
    Dec 29, 2012
    Posts:
    471
    Location:
    usa
    Thank you for your response.

    Emsisoft is doing really well in some amateur tests with BD's engine:
    (Just for your info only)

    Emsisoft Anti-Malware 7.0.0.21 + Comodo Internet Security Premium 6.1.275152.2801 - detection 99.10%
    Emsisoft Internet Security Pack 7.0.0.21 - 98.19%
    TrustPort Internet Security 2013 (13.0.9.5102)(TP+BitDefender+Avg) - 95.50%
    G Data InternetSecurity 2014 - 95.94%
    Advanced Systemcare Ultimate 6 - 95.49%
    BitDefender Internet Security 2013 - 95.49%
    F-Secure Internet Security 2013 - 94.59%
    Bitdefender Antivirus Free Edition 1.0.14.889 - 94.59%

    P.S. Ashampoo Anti-Malware v.1.21 on that test scored 100%.
     
  20. Fabian Wosar

    Fabian Wosar Developer

    Joined:
    Aug 26, 2010
    Posts:
    787
    Location:
    Germany
    Do you have a link to those tests or are they private? :)
     
  21. zmechys

    zmechys Registered Member

    Joined:
    Dec 29, 2012
    Posts:
    471
    Location:
    usa
    I cannot post the links because it would break the forum rules.
     
  22. Fabian Wosar

    Fabian Wosar Developer

    Joined:
    Aug 26, 2010
    Posts:
    787
    Location:
    Germany
  23. tomdy2k

    tomdy2k Registered Member

    Joined:
    Jun 6, 2010
    Posts:
    174
    so If you have Bitdefender already wouldn't switching to one of those programs be redundant at best..?:eek:
     
  24. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,779
    Probably, unless they have multiple engines and that happens to be something you want...
     
  25. Macstorm

    Macstorm Registered Member

    Joined:
    Mar 7, 2005
    Posts:
    2,531
    Location:
    Sneffels volcano
    Personally, I found F-Secure to be the most stable AV program that use the BD engine ;)
     
Loading...
Thread Status:
Not open for further replies.