BitDefender introduces new heuristics

Discussion in 'other anti-virus software' started by tBB, Mar 14, 2005.

Thread Status:
Not open for further replies.
  1. tBB

    tBB Registered Member

    Joined:
    Mar 27, 2003
    Posts:
    25
    Location:
    .de
  2. no13

    no13 Retired Major Resident Nutcase

    Joined:
    Sep 28, 2004
    Posts:
    1,327
    Location:
    Wouldn't YOU like to know?
    Isn't this a sandbox? why do they obfuscate each time?
     
  3. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    Ya, it seems like a 'pipeline' or a sandbox.

    Anyhow, when will this engine be introduced into BD?

    Regards,
    Firecat
     
  4. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    Yes,technically it is Sandbox,but word Sandbox(TM) is a trademark of Norman...
    Now Norman already shows the potential of Sandbox,but still lacks signatures.
    BitDefender already uses lots of signatures. Such technology would just make a bigger plus. BD8 also showed many "BehavesLike:" detections from heuristics engine which seems to be quiet nice even in current state.
     
  5. TAP

    TAP Registered Member

    Joined:
    Aug 17, 2004
    Posts:
    344
    Now that so many AVs introduce serious proactive detection such as Norman, NOD32, MKS_Vir, BitDefender and some of them succeed at quite good rates such as Norman Sandbox and NOD32's AH so it seems that heuristic is not just a marketing gimmick anymore and of course, it's a good marketing tool for those AVs.

    So I wonder what other AVs that seems to weak in proactive detection or don't rely on so-called heuristic will do in term of effectiveness to fight against fast-spreading malware and marketing scheme.
     
  6. no13

    no13 Retired Major Resident Nutcase

    Joined:
    Sep 28, 2004
    Posts:
    1,327
    Location:
    Wouldn't YOU like to know?
    err...become like KAV at releasing signatures?
     
  7. tazdevl

    tazdevl Registered Member

    Joined:
    May 17, 2004
    Posts:
    837
    Location:
    AZ, USA
    KAV does have decent heuristics... second in the last retrospective test at AV comparatives.

    Be interesting to see how BD does, not to mention how it impacts detection and FPs.
     
  8. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    Yup! It uses generic signature detection over heuristics which are good against Trojans. The old heuristics engine is still good against DOS viruses and primitive Windows ones. KAV's heuristic capability is due to its generic signatures.
     
  9. SDS909

    SDS909 Guest

    So is this in BD already? Their press release was a bit obscure on the wording and really didn't clarify it.

    How much of it is in? Whats in, does it make any difference? Anyone care to test?
     
  10. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    This is exactly what I've been asking too!

    Anyone, please?
     
  11. tBB

    tBB Registered Member

    Joined:
    Mar 27, 2003
    Posts:
    25
    Location:
    .de
    Didn't had much time to test yet. All I can say is that BitDefender was updated twice today and that the unpacking engine was indeed updated too but I will report how good/fast it works if there is interest. Noone seems to use BD over here as 1st line defense :)

    -tBB
     
  12. Mannaggia

    Mannaggia Registered Member

    Joined:
    Aug 14, 2003
    Posts:
    234
    Location:
    Northern California
    "if it looks like a duck and quacks like a duck, we'll shoot it," declared Bogdan Dumitru,BitDefender CTO.


    Not being a hunter, I'm not sure I like that analogy. [​IMG] [​IMG]
     
  13. jmschwartz

    jmschwartz Guest

    Hello,

    I sent an email to BitDefender's US office regarding the HIVE inclusion. I'll report back as soon as I receive word.
     
  14. jlo

    jlo Registered Member

    Joined:
    Nov 29, 2004
    Posts:
    475
    Location:
    UK
    Hi,

    Just spoke to their live support on there website who were very freindly. Said should be availble by the end of the year.

    I will be looking foward to it.

    Best Wishes

    Jlo
     
  15. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    Moreover, there is an implied similarity between a duck and malware. Something a bit more vicious & dangerous than a duck might get the point across better. Such as: "If looks like a Cobra & hisses like a Cobra, we'll rip off its head & spit down its bloody neck." Grrrrr! *puppy*
     
  16. jmschwartz

    jmschwartz Guest

    Thanks, jlo!
     
  17. Mannaggia

    Mannaggia Registered Member

    Joined:
    Aug 14, 2003
    Posts:
    234
    Location:
    Northern California


    [​IMG] [​IMG] Good one bellgamin. I like that one much better. No fondness for snakes here.
     
  18. TAP

    TAP Registered Member

    Joined:
    Aug 17, 2004
    Posts:
    344
    Yes, as far as I see. But KAV has a very very strong signature than anyone else till its proactive detection (e.g. heuristic, generic detection) plays as second or uninteresting role in KAV prominent and it can be used as a very good marketing scheme as well.

    It's interesting to see if KAV really wants to play in the heuristic game.
     
  19. tBB

    tBB Registered Member

    Joined:
    Mar 27, 2003
    Posts:
    25
    Location:
    .de
    IMHO the definitions of 'heuristic' are meanwhile too broad. It can mean generic signatures, a Norman-like 'sandbox', some kind of on-the-fly disassembler or even a mixture.

    Also it is difficult to say which method is the best. Good signatures are very efficient and fast but, let's say 'real' heuristic is able to catch extreme variations (I doubt it is very effective against completely new virii as they are probably tested against the most popular scanners before they are spreaded).

    As for KAV, it's heuristics is indeed a bit outdated as DOS virii aren't much of a threat nowadays (if they run at all) and it's sheer mass of (very good) signatures slows the scanning IMHO down more than it would with a decent heuristic. Nevertheless I don't doubt that Kaspersky will come up with a heuristic engine compareable to the competition in the next time.

    Besides, a 'sandbox' where the program basically runs can theoretically be used against the system it should protect if the virus is smarter. Something like that already happened years ago but it is probably not very likely nowadays. At least I haven't seen a real PE infecting virus ITW for quite some time.


    -tBB
     
  20. zfactor

    zfactor Registered Member

    Joined:
    Mar 10, 2005
    Posts:
    6,012
    Location:
    on my zx10-r
    how is bitdefender in general the pro version? it seems fairly simple and easy to use i am trying to find something for my mom who does very little surfing except maybe bible sites etc... i tried it out and it seems fairly self explanitory. i know the firewall is not the best but it is easy to set up. do you all think this would be a good choice for her. i dont want to give her norton's i just would feel bad doing so. i know its a good program but it has its problems and she wil not be able to fix them if it does. or if there is anything else you all could recc. please im all ears thanks
     
  21. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    I don't have BitDefender Pro so I can't speak to that. I use the free version and it has a nice GUI but the updater is a hassle. I have to try at least twice, each time, to get the update. It falsely claims it has updated according to the GUI but I know it hasn't "taken" because the icon doesn't disappear for a bit from the systray and I don't see the splash screen. So, I have to open the interface and see the claim that it has updated, ignore that claim and try again. Because Bit Defender updates usually twice a day this gets a bit old. Your mom might believe she is updated when she isn't. It is misleading.

    I would suggest either PC-Cillin or F-Prot. F-Prot has very limited ability on XP to change anything in the GUI (thus it doesn't confuse average users with lots of options) and it is fast, light and I never had a problem with its updates. PC-Cillin has a really good GUI for the average user. Very easy to understand and use and it is a decent AV. I wouldn't recommend it to someone who lives on the dangerous side on the internet but for average users who just visit mainstream, safe sites, and use email, I think it would be a very good choice.

    One more thing about PC-Cillin. Trend Micro has excellent, free phone support. (Email support is mediocre at best). Your mom could call support if she has a problem. It has been a while since I used PC-Cillin so I can't say how the phone support is today but I have seen comments saying it is still quite good. I believe it is still located in California and accessible 8-5PM M-F PST.
     
    Last edited: Mar 14, 2005
  22. Don Pelotas

    Don Pelotas Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2,257
    How is this for "slow" :D :
     

    Attached Files:

  23. Stefan Kurtzhals

    Stefan Kurtzhals AV Expert

    Joined:
    Sep 30, 2003
    Posts:
    701
    Don, KAV is only so fast because it marks scanned, clean objects with some tag inside a NTFS stream. So basically, KAV remembers which objects were scanned before to skip scanning them again next time. Try scanning wit KAV on new data, that's alot slower.

    Also I see a problem with that "clean object marking". What happens if you got a brand new malware on your PC that is not detected by KAV yet? It gets marked as ok, next time you update your signatures, will it be scanned again or not? If you invalidate the tags each time you update the scanner's signatures, the tags become quite useless as KAV updates signatures very fast.
     
  24. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    But on the other hand it supports most packers on market and can detect like 99,9% of all Rbot/Spybot and similar variants just with generic signatures (you can achieve this only by supporting loads of packers).
    And this is the main reason for slowdown. AV must find which packers are used on specific file and such task isn't so easy on performance.
    I doubt heuristics can be that effective in a long time frame,especially for loads of a bit older stuff where Kaspersky generic sigs are almost bullet-proof.
     
  25. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Stefan,

    In the implementation of this strategy, KL did account for the issue you raise. There is an wait phase, which depends on settings (2 weeks for high speed, 1 year for recommended and in-depth according to comments I've seen, too bad it is not user settable) during which rescans do occur. After the wait-phase additional scanning will not occur unless the file changes. So it's rather unlikely that the scenario you mention will occur.

    But let's keep this discussion focused on BitDefender.

    Blue
     
Loading...
Thread Status:
Not open for further replies.