Vipre I. S. Pro 9.3 ~ Real-World Protection Test Nov. 2015 ~ AV-Comparatives

Discussion in 'other anti-virus software' started by malexous, Feb 4, 2016.

  1. malexous

    malexous Registered Member

    Joined:
    Jun 18, 2010
    Posts:
    828
    Location:
    Ireland
  2. x ZauX x

    x ZauX x Registered Member

    Joined:
    May 8, 2010
    Posts:
    136
    Found this on their forum(https://support.vipreantivirus.com/support/discussions/topics/1000071647)

    What's New?
    • A faster engine reduces scan times
    • Cloud technology delivers bad URL blocking faster
    • A new product version, VIPRE Internet Security Pro, offering an enhanced Active Protection module
    Here is a listing of the improvements offered in VIPRE 2016 version 9.3:
    All versions: We have worked to reduce scan times, lighten our footprint, and improve our detections. This is how we are renewing our commitment to keeping the bad guys out.

    VIPRE Internet Security: The Web Filtering module can now look up URLs in the cloud. This lets us quickly deliver lists of known bad websites. This helps combat the swarm of malicious URLs created every minute.

    VIPRE Internet Security Pro: This is a new addition to the VIPRE family. On top of the features listed above, VIPRE Internet Security Pro also includes Advanced Active Protection. Advanced Active Protection has all of the features of Active Protection, plus an improved ability to monitor processes on the machine. New heuristic rules can determine whether the process is malicious. Malicious changes made by the process can be reversed where possible. Behaviors of suspicious processes can be sent to the cloud. This will allow further research on new threats to quickly improve the protection we offer.
     
  3. Securon

    Securon Registered Member

    Joined:
    Jan 11, 2009
    Posts:
    1,937
    Location:
    London On
    Good Evening! Finally, meaningful progress! If somebody is demoing the Internet Security Pro...give us your impressions and feedback. And can the Pro Version be used with Windows 7? Sincerely...Securon
     
    Last edited: Feb 5, 2016
  4. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    3,884
    I have given up on Vipre, and I was a longtime beta tester. I am registered at their beta forums, but they [ThreatTrack] don't seem interested because they have never advised me of the resumption of beta testing.
     
  5. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    Well, that's certainly a massive improvement.
     
  6. x ZauX x

    x ZauX x Registered Member

    Joined:
    May 8, 2010
    Posts:
    136
    I installed it yesterday and it's running great so far! Definitely a big performance improvement, noticed some slowdowns with older versions but they seem to have solved it :)
     
  7. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,069
    What's the new engine ? Bitdefender ? ...
     
  8. x ZauX x

    x ZauX x Registered Member

    Joined:
    May 8, 2010
    Posts:
    136
    They have their own in-house engine, guess it's greaty improved
     
  9. m0unds

    m0unds Registered Member

    Joined:
    Nov 12, 2015
    Posts:
    106
    Good for them - they've needed a boost since GFI ate Sunbelt. Happy to see some improvement.
     
  10. IBK

    IBK AV Expert

    Joined:
    Dec 22, 2003
    Posts:
    1,819
    Location:
    Innsbruck (Austria)
    If you install it you can see what the new/added engine (in the Pro version) is (based on the signature files and detection names for example).
     
  11. m0unds

    m0unds Registered Member

    Joined:
    Nov 12, 2015
    Posts:
    106
    seems that way. installed the IS pro trial in a vm, and it installed a number of bitdefender-signed components, as well as the BD definition set. (emalware.xxx)
     
  12. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    So, not really improved. They just shoved BitDefender in there. Move along, nothing to see here then. Sigh. And I thought they actually improved their inhouse engine. Oh well.
     
  13. m0unds

    m0unds Registered Member

    Joined:
    Nov 12, 2015
    Posts:
    106
    improvement's improvement. this isn't much different than emsisoft or f-secure or any other company augmenting bitdefender's engine with their own engine and cloud tech.

    that being said, i hope they focus on improving customer service. post GFI-acquisition and spin-off into threattrack, their CS has been hot garbage.
     
  14. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,010
    Location:
    Christchurch, UK
    A BitDefender clone at a snip of £45/$60 :isay:
     
  15. haakon

    haakon Registered Member

    Joined:
    May 25, 2015
    Posts:
    769
    Location:
    SW USA
    True to a degree.

    The "Bitdefender Engine" (BD Core and B-HAVE) SDKs are sold in several feature-sets, differing in scanning efficiency and method, and haven't changed in years. bdcore.dll has been v11.0.1.12 since early 2012; still is in BDIS 2016.

    The "Bitdefender Engine" is not Active Virus Control (now called Active Threat Control), their flagship product invented in 2010 in active development with a significant upgrade having just occurred in the past few days.

    Can you (or anyone) check to see if your installation includes files like avc3.sys, avccore.dll? Check if avcuf64.dll and avccuf32.dll are injected in running 64 and 32 bit processes.

    If so, then Vipre's Active Protection is AVC, making them only the third developer to implement that SDK, Lavasoft's not-free products and... I forget the other.
     
    Last edited: Feb 5, 2016
  16. haakon

    haakon Registered Member

    Joined:
    May 25, 2015
    Posts:
    769
    Location:
    SW USA
    Inaccurate and a notion obsolete for nearly a decade. The current BD products are an integration of several engines, some of which are available as SDKs for independent developers. I believe BD has abandoned their re-branding program.
     
  17. m0unds

    m0unds Registered Member

    Joined:
    Nov 12, 2015
    Posts:
    106
    avcuf64.dll or avcuf32.dll are injected into running processes, and there's an AVCproxy service (signed by ThreatTrack) as well as avccore.dll and avc3.sys on disk.
     
  18. haakon

    haakon Registered Member

    Joined:
    May 25, 2015
    Posts:
    769
    Location:
    SW USA
    Thanks!!

    Checking the screenies at Softpedia, I'm really liking it. My BDIS 2016 licenses expire in June and up until just now, I haven't even given a thought to considering some thing else. This could be the perfect replacement for Bloatdefender and Kasberserksky.

    You might want to check the frequency of updates for files avc3.hxi, avc3.gx and avc.qx. These are updated once or twice a day and are in a directory separate from the usual sigs/defs, the mostly seen as the "plugins" directory - those are updated about 7-8 times a day. The avc3 files are not related to the "Engine version" (currently 7.64402) as detailed in the plugins\update.txt file. There's no update.txt for the avc3 files.

    While I have your undivided attention :) could you also look for bdcloud.dll, bdnc.dll, ascore.dll, wfcore.dll, bdfwcore.dll? I'm thinking Vipre is probably using their own cloud, anti-spam/fishing and firewall stuff - but you never know. (In fact, given all the criticisms of Vipre over the years, the firewall has always been Pretty Darned Good.)

    Those dlls may or may not be loaded even though they might exist in your directories, BTW.

    Fun, eh?
     
    Last edited: Feb 5, 2016
  19. m0unds

    m0unds Registered Member

    Joined:
    Nov 12, 2015
    Posts:
    106
    I see bdnc, but it doesn't appear to be loaded. Other files aren't present on disk at all. *EDIT* actually, it loads when AVC communicates with Bitdefender's systems. I was watching it w/wireshark (since it generally doesn't use SSL, and just sends filetype + MD5 hash and other telemetry via REST api, some return communication is via HTTPS)

    They do appear to be using an enhanced version of the old SBFW, it has the same IDP options and stuff that their VIPRE-integrated fw always had. They seem to be using their own anti-phishing/malicious URL stuff but they've integrated cloud lookups instead of relying only on local blocklists.
     
    Last edited: Feb 5, 2016
  20. x ZauX x

    x ZauX x Registered Member

    Joined:
    May 8, 2010
    Posts:
    136
    There are alot of references to Bitdefender Nimbus and AVC in some of the files, so they seem to be using both.
    But did they completely replace their own engine for bitdefender or are they using both?
     
  21. m0unds

    m0unds Registered Member

    Joined:
    Nov 12, 2015
    Posts:
    106
    they're still retrieving definitions for their own engine when it checks for updates, so i'm guessing they still use both.

    also, kind of dumb - they transmit the license key of the product in a url string when they query for updates. not a big deal, but i hoped they'd have thought of a better approach than that.
     
  22. x ZauX x

    x ZauX x Registered Member

    Joined:
    May 8, 2010
    Posts:
    136
    I wish they were more clear about these changes :thumbd:
     
  23. haakon

    haakon Registered Member

    Joined:
    May 25, 2015
    Posts:
    769
    Location:
    SW USA
    Curiosity got the better of me.

    BD Core and AVC so far is all I can find that's BD, sigs/defs as usual in directories app_exc, app_sig and Beetle. Yes, Beetle. Updates can be set for every 15 minutes.

    Everything else is theirs, five running processes: 35 libraries and three drivers (including a for-real HIPS).

    I haven't yet nailed down the cloud side of things but it's hitting USA amazonaws servers via SBAMSvc.exe as vsserv.exe does in BD, tho BD does go out to Romania sometimes. I'm pretty sure their server farms are determined by where you are on the planet.

    Lots of digging with Process Explorer needed. Maybe tomorrow...
     
    Last edited: Feb 5, 2016
  24. m0unds

    m0unds Registered Member

    Joined:
    Nov 12, 2015
    Posts:
    106
    Like I mentioned, it's hitting BD's REST API (which lives on EC2 w/a bunch of ELBs out in front, not an uncommon cfg). It communicates w/the API using JSON and without TLS/SSL the vast majority of the time.

    Example response I captured:

    VIPRE Product JSON API call to nimbus.bitdefender.net:
    Code:
    JavaScript Object Notation: application/json
        Array
            Object
                Member Key: "url"
                    String value: http://l.yimg.com/a/i/us/nws/weather/gr/33n.png
    

    BD API response:


    Code:
    JavaScript Object Notation: application/json
        Array
            Object
                Member Key: "status_code"
                    Number value: 0
                Member Key: "status_message"
                    String value: not found
                Member Key: "domain_grey" <-- returning domain conviction (good, bad, grey)
                    True value
                Member Key: "categories" <-- returning categorization data
                    Array
                        String value: portals
                        String value: marketing
    
    suppose it helps to add code tags...whoops.
     
  25. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,069
    Not a very original approach ... And once upon a time, VIPRE was very good when it was 'Counterspy'.
     
Loading...