Kaspersky vs BitDefender ...Better Anti-Virus?

[Peter Mann]

Hi
I just finished a free trial with Kaspersky personal edition AV 5 and liked it a lot.
I'm now trying BitDefender 9 standard. Seems good.

Anyone have any opinions on which of these is better?

I used to use Norton but it's a gawdawfull system hog. Then I dl'd a trial of PC-Cillin internet Security 2006 but found it clunky and didn't like it.

 

[Hawk001]

Bit Defender seems to always be on top of the leader boards and bench marks. How do youl like it? Does it use alot of system resources? How does it compare to the others? I have been thinking about switching from AVG to NOD32 or Bit Defender.

 

[P3N1X0R]

i switched from avg to nod32, and love nod32, pretty slick interface. ive also used bitdefender, i liked it as well, its kind of a tossup between bitdefender, and nod32. but i ended up goin with nod32 in the end.

 

[Hawk001]

Which do you think is more effective, how about system resources.

 

[P3N1X0R]

couldnt really tell ya..

but of course going away from norton i could tell it uses less resources most definatly. all 3 of em too, avg, bitdefender, and nod32 use way less resources.

sorry tho i dont have anything concrete to show.

 

[Hawk001]

which do you think has a better virus database

 

[dwilson041781]

nice, small footprint and updates auto daily, sometimes twice.

 

[Hawk001]

which one

 

[P3N1X0R]

nod32, ive been at my pc for an evening, and seen it update 2 or more times in 1 day. its virus database is updated quite a bit compared to other av programs that update daily or whatnot, this thing updates constantly

nod32 FTW!

 

[Peter Mann]

I agree that Norton is maybe the worst byway of system resourses but I can't quantify the difference except to say that Kaspersky and now BitDefender run way virtually invisible.

As far as virus databases go, I just started to use BitDefender so I can't say, but Kaspersky's database is just awesome (when using the optional 'extended database'), and it's updated up to several times a day. There doesn't seem to be that option with BitDefender 9 Standard.

I might try the trial version of BitDefender Pro to see if it's different.

 

[sirholio]

The place I work says Norton is better, at least their money says so...

Here at home, AVG works for me, but I think the next time I format, I'll check out some of these other ones to see how well they work. anything has to be better than norton for resources.

 

[-(Xyphox)-]

Being in the Computer Repair and Servicing Industry, We have tested just about every AV out there, The best we have found and we recommand to all our customers is AVG and Nod32
Even the big Corpate Jobs we do, we install Nod32 or AVG hands down they are the best out right now

 

[ChingChang]

Another vote for NOD32.

It's amazing how well it works.

 

[Ice Czar]

NOD32

light on the resources, doesnt depend on signiture updates to catch malware
but gets signiture updates all the time anyway

& unlike many an AV scanner these days hasnt been exploited itself as far as I know
(the same cannot be said of Kaspersky)

however....
http://hardforum.com/showthread.php?t=1010473&highlight=unlike
an AV is but a single component in a layered defense
anyone that depends on just an AV to secure their computer is likely in for a surprise

 

[Peter Mann]

Well, I'm glad that ESET Nod32 was pointed out to me here on the forum. While it seems somewhat outside of the mainstream dominated by the likes of Norton and McAfee (can you spell B*L*O*A*T*W*E*A*R) , it clearly looks like an excellent product. I thought I had it good with Kaspersky and now BitDefender.......but my next 'trial' will be Nod32 and if you'all are right I'll then buy it.

Thanks for the tip!

 

[Ice Czar]

most of the layered defense I recommend can be pulled off with freeware, but it is worth laying down the sheckles for NOD32 and the full version of Processguard (though the freeware version is better than nothing)

 

[captndalton]

Process Guard is pretty cool, I've been running it at work for some time now along side Nod32. Makes for a nice combo

 

[Ice Czar]

IMO the greatest thing since sliced bread


and the next level would be adding Filechecker to watch the watchers, and keep track of discrepencies of things you "approve" with RootkitRevealer and HijackThis

and they are all freeware

 

[IceDigger]

I use NOD32 on on my clients business computers.

 

[Peter Mann]

While Nod32 seems to be the agreed best.....
no one mentioned AVAST!
http://www.avast.com/

Anyone ever try AVAST! ?

 

[Hawk001]

IMO the greatest thing since sliced bread


and the next level would be adding Filechecker to watch the watchers, and keep track of discrepencies of things you "approve" with RootkitRevealer and HijackThis

and they are all freeware

The only extra process you need running all the time is AV, if your carefull were you go on the internet, and don't open random emails with attatchments, then the only on access protection you will need is AV. Although you should keep anti-spyware, malware, and adaware handy at all times, you only need there scanning features.

 

[Ice Czar]

didnt read the link huh?

the game has changed, there are no "safe links" email isnt the primary vector, spyware is the malware, your applications rather than the OS are the targets and behavior good or bad simply increases or reduces the risks it does not eliminates them.

its no wonder most of America is borged and botted

read please

anyone under the impression that email is the sole or even primary infection vector these days is sadly mistaken
there has been a 400% increase of infection via Instant Messaging
application exploits have shot through the roof (read your browser ect)
and AntiVirus software is absoltely not a "cure all"

not "downloading" while a prudent precaution isnt by any means foolproof
regardless of how careful one is in their habits its entirely possible to be exploited by simply clicking on the wrong link, and even websites that are "trusted" may in fact be poison as well.

there is only one cure
learn to secure a computer and keep it secure
your friend has a better appreciation of the risks then appearantly you do

http://hardforum.com/showthread.php?t=768776
http://hardforum.com/showthread.php?t=955135&highlight=enumerating

Id start by not employing IE (thus no activeX) using Firefox with the noscript extention
Processguard in at least the freeware version but perferably the paidware, a good AV scanner like NOD32 (which has so far avoided being exploited itself unlike so many other AV aps) and a rule based firewall and a hardware NAT router but most importantly proper and timely patches, service packs and application updates, meaning you have to pay attention

and finally a means to keep track of it all with security benchmarks
HijackThis and RootkitRevealer

I just love this quote regarding AV software exploits

Over the last 12 months, some of the biggest names in the anti-virus business have shipped critical software updates to cover code execution holes, and industry watchers say it's only a matter of time before a malicious hacker is motivated to create a devastating network worm using anti-virus product flaws as the attack vector.

"The big surprise is we haven't seen one yet," said Johannes Ullrich, chief technology officer at the SANS ISC (Internet Storm Center)

Alex Wheeler, an independent security researcher who specializes in auditing security software, maintains a list of remote heap overflows found in products sold by Symantec, Panda Software Inc., Kaspersky Lab and Sophos Inc.

Wheeler blamed the bulk of the bugs on poor coding techniques and also pointed to an alarming tendency among anti-virus vendors to avoid fixing the actual flaws by using "heuristics" exploit detection.

"[They] fix a bug in their code by trying to detect exploits with their own product, which of course still contains the bug,"

and this would be well worrth a read

The contemporary antivirus industry and its problems By Eugene Kaspersky

The number and variety of malicious programs is increasing year on year. The result is that many antivirus companies are simply unable to cope with the onslaught and are losing this 'virus arms race'. Users who chose products manufactured by such companies will not be protected against all malicious programs. Unfortunately, this may be a large number of users, as a lot of products marketed as 'antivirus solutions' shouldn't really be called this at all.

read your "free" AV's

Incidentally, five or ten years ago, it could honestly be said that an antivirus solution didn't need to protect systems against every new virus and Trojan. After all, the majority of new malicious programs which were appearing at this time would never penetrate the user's computer. They were written by adolescent cyber vandals, who either wanted to show off their coding skills, or to satisfy their curiosity. Users only really needed protection against the few In The Wild viruses which managed to actually penetrate victim machines. However, the situation has now changed. More than 75% of malicious programs - i.e. the overwhelming majority - are created by the criminal computer underground, with the aim of infecting a defined number of computers on the Internet. The number of new viruses and Trojans is now increasing every day by a few hundred - the Kaspersky Virus Lab receives between 200 and 300 new samples a day.

and since following links isnt everyones strong suite


The Six Dumbest Ideas In Computer Security

#2) Enumerating Badness
Back in the early days of computer security, there were only a relatively small number of well-known security holes. That had a lot to do with the widespread adoption of "Default Permit" because, when there were only 15 well-known ways to hack into a network, it was possible to individually examine and think about those 15 attack vectors and block them. So security practitioners got into the habit of "Enumerating Badness" - listing all the bad things that we know about. Once you list all the badness, then you can put things in place to detect it, or block it.

The "Badness Gap"

Why is "Enumerating Badness" a dumb idea? It's a dumb idea because sometime around 1992 the amount of Badness in the Internet began to vastly outweigh the amount of Goodness. For every harmless, legitimate, application, there are dozens or hundreds of pieces of malware, worm tests, exploits, or viral code. Examine a typical antivirus package and you'll see it knows about 75,000+ viruses that might infect your machine. Compare that to the legitimate 30 or so apps that I've installed on my machine, and you can see it's rather dumb to try to track 75,000 pieces of Badness when even a simpleton could track 30 pieces of Goodness. In fact, if I were to simply track the 30 pieces of Goodness on my machine, and allow nothing else to run, I would have simultaneously solved the following problems:


* Spyware
* Viruses
* Remote Control Trojans
* Exploits that involve executing pre-installed code that you don't use regularly

Thanks to all the marketing hype around disclosing and announcing vulnerabilities, there are (according to some industry analysts) between 200 and 700 new pieces of Badness hitting the Internet every month. Not only is "Enumerating Badness" a dumb idea, it's gotten dumber during the few minutes of your time you've bequeathed me by reading this article.

Now, your typical IT executive, when I discuss this concept with him or her, will stand up and say something like, "That sounds great, but our enterprise network is really complicated. Knowing about all the different apps that we rely on would be impossible! What you're saying sounds reasonable until you think about it and realize how absurd it is!" To which I respond, "How can you call yourself a 'Chief Technology Officer' if you have no idea what your technology is doing?" A CTO isn't going to know detail about every application on the network, but if you haven't got a vague idea what's going on it's impossible to do capacity planning, disaster planning, security planning, or virtually any of the things in a CTO's charter.

In 1994 I wrote a firewall product that needed some system log analysis routines that would alert the administrator in case some kind of unexpected condition was detected. The first version used "Enumerating Badness" (I've been dumb, too) but the second version used what I termed "Artificial Ignorance" - a process whereby you throw away the log entries you know aren't interesting. If there's anything left after you've thrown away the stuff you know isn't interesting, then the leftovers must be interesting. This approach worked amazingly well, and detected a number of very interesting operational conditions and errors that it simply never would have occurred to me to look for.

"Enumerating Badness" is the idea behind a huge number of security products and systems, from anti-virus to intrusion detection, intrusion prevention, application security, and "deep packet inspection" firewalls. What these programs and devices do is outsource your process of knowing what's good. Instead of you taking the time to list the 30 or so legitimate things you need to do, it's easier to pay $29.95/year to someone else who will try to maintain an exhaustive list of all the evil in the world. Except, unfortunately, your badness expert will get $29.95/year for the antivirus list, another $29.95/year for the spyware list, and you'll buy a $19.95 "personal firewall" that has application control for network applications. By the time you're done paying other people to enumerate all the malware your system could come in contact with, you'll more than double the cost of your "inexpensive" desktop operating system.

One clear symptom that you have a case of "Enumerating Badness" is that you've got a system or software that needs signature updates on a regular basis, or a system that lets past a new worm that it hasn't seen before. The cure for "Enumerating Badness" is, of course, "Enumerating Goodness." Amazingly, there is virtually no support in operating systems for such software-level controls. I've tried using Windows XP Pro's Program Execution Control but it's oriented toward "Enumerating Badness" and is, itself a dumb implementation of a dumb idea.

In a sense, "Enumerating Badness" is a special dumb-case of "Default Permit" - our #1 dumb computer security idea. But it's so prevalent that it's in a class by itself.

the full version of Processguard and extentions like noscript for firefox and a good rule based firewall all alow you to enumerate goodness

the drawback being your then the one that allows badness
which is why you still need an AV scanner to give you an idea if the file youve just downloaded is what it appears to be before you allow it to install and run

then there are direct exploits of the OS or an aplication (like the recent Windows MetaFile vulnerability WMF)
the only cure is hope a patch is released and you hear about it before your a victim

you can also cut down your attack profile (like standing sideways in a pistol duel)
dont use Instant Messaging? dont worry about that whole class of infections \ exploits

there are 2 other worthwhile strategies to consider
the first is the tripwire, processguard acts as a tripwire, as do noscript and the firewall
"whats this? why is it asking to run?" but lets say your making an install and you allow something to run by mistake that's where filecheckers come in, theyt checksum your security application to monitor if they have changed (read been subverted) Filechecker is such an application, Rootkitrevealer would be another in this case specializing in finding the all too common rootkit these days, while Hijackthis effectively scans common changes that occur with browser hijacks. These are the Guards that guard the guards, important to any indepth defense.

The second strategy is parallelism, meaning the ability to look from a clean system\OS at an infected one where the files that can be identified by a signiture arent active because the OS isnt loaded into memory, dual boots, LiveCDs and even seperate "clean" computers on a LAN facilitate this, and by seperating your OS and programs from your data with a partitioning strategy, its can become rather easy to nuke most infections with an overwrite rather than wading in and slugging it out toe to toe. XP's own restore points of course are infamous as warehouses for infections and should be immediately destroyed before even starting to disinfect a computer, but your own restore points taken from a "known good" snapshot are another matter especially if they are "offline", its not very common that malware imbeds itself in "data storage" it cant get a legup to memory most of the time and is easily caught with a scan

there is no one ap that offers security, its a matter of an indepth defense, practices, vigilence, good habits, and programs checking programs, this isnt that hard to actually learn and its very likely you can secure any given computer, it is however far more difficult to secure the computer form its own user, which is one of the reasons why securing a network is exponetially more difficult then securing a single computer.

If you want idiot proof security
run a LiveCD like Knoppix, it loads from ROM into RAM and a reboot will cure everything

And whoever up there is trying to teach me a lesson please, ive been on the net 3-4 years without a virus, not even spyware (excluding cookies). All it takes is common sense...

Now i do leave a firewall on all the time, but really ive never had anything go wrong and i don't understand how so many people get infected.

thats pretty funny considering that without comparative security benchmarks the best I can say about a given computer is its "probably" not infected

they say pride goes before the fall

run RootkitRevealer or Ice Sword (direct download) and account for all discrepancies then do comparative checksums on all your security aps verifying they havent been subverted and then maybe your correct
otherwise your just "hoping" your secure

Im sure your computer isnt what would be considered a high yeild asset, but why don't we look at what might be done to such an animal. While botnets have tripled in size and number since this time last year, the truely nefarious intrusions arent all that automated and for a high yeild target the objective truely is to avoid discovery at all costs, whatever the original mode of infection, removing or stealthing any files that would trigger a signiture based or heuristic detection becomes important (there are many examples of malware that "sleep" relocate, or subvert detection, but the rootkit employed to stealth the files is now the most common approarch) but the backdoor remains, to make it even more hard to locate its then employed with what is called port knocking

rather than opening ports for remote connection that are readily visible and detectable, a Trojan is planted which monitors the network traffic. Once the "secret knock" is intercepted the malware will awaken and open the pre-determined backdoor port, allowing the attacker access to the system.

By creating a dormant backdoor that requires the "secret knock" to open it the malware author keeps the backdoor secret. Again, that is good and bad. Good because every Tom, Dick and Harry hacker wannabe won't be out port scanning to find vulnerable systems based on the port opened by the malware. Bad because if it's dormant you won't know it's there either and there may not be any easy way to identify that you have a dormant backdoor on your system waiting to be awakened by port knocking.

which of course defeats a security port scan you implement as well

http://www.portknocking.org/

step 1 (A) client cannot connect to application listening on port n; (B) client cannot establish connection to any port

step 2 | (1,2,3,4) client connects to a well-defined set of ports in a sequence that contains an encrypted message by sending SYN packets; client has a priori knowledge of the port knocking daemon and its configuration, but receives no acknowledgement during this phase because firewall rules preclude any response

step 3 | (A) server process (a port knocking daemon) intercepts connection attempts and interprets (decrypts and decodes) them as comprising an authentic "port knock"; server carries out specific task based on content of port knock, such as opening port n to client

step 4 | (A) client connects to port n and authenticates using application’s regular mechanism

those high yeild targets are getting hit these days with zeroday exploits that are being squirreled away to make real money hitting targets, and since they dont see wide distribution they generally fly under the radar for quite awhile as opposed to exploits employed to build large and ultimately detected botnets, and are a major concern in security circles right now, but the run of the mill rootkit is so common as to be a major mence and infections that go undetected by people who "think" they are clean because they have mistakenly trusted subverted AV scanners is at an all time high, so....

if you feel confident your secure, thats fine, but there are alot of other people veiwing this thread, and while a cavailer attitude may serve you well, its not something most of them can afford, making light of the risks involved or proposing that there is some one stop solution is disinformation and a diservice to the membership.

 

[fibroptikl]

NOD32

I'm thinking about buying it.

 

[Hawk001]

I understand how internet and security for it works, and don't need an explanation. If your smart, check your sources before your download something on the internet, scan files with your AV before you open them (if you just downloaded them) (this is because when you do this, you are scanning them with a stronger scan), use spam filters (gmail has a great one), and don't click on random links that you recieve. Then you will be fine.

 

[Ice Czar]

and don't click on random links that you recieve.

you mean like these?
Pushing Spyware through Search

or lets say....

let me say this one more time slowly for the hearing impaired and those that don't click on links to read articles,
your AV scanner, your image editor, your browser could be the next exploited target,
and no "surfing habits" are going to protect you
every website you visit could be compromised, or not even the "real" website
hell I could have uploaded a compromised PIC to this thread as an exploit, which if one lacked the WMF patch could have exploited you

anyone claiming to "know" how security works, at best knows where it "was" yesterday
its a moving target and the threat vectors are constantly changing

anything that can be coded can be compromised
the only real defense is current information and layered applications that checkup on each other
especially since subverting security aps is the first order of business of most malware these days
even then there are undisclosed zero day exploits a growing trend

that or a LiveCD loading from ROM to RAM

 

[Hawk001]

you mean like these?
Pushing Spyware through Search

More like someone that randomly IMs you with a link, as says to click on it, or a random link in an email.

 

[MooCow]

I usually leave AVG Free edition and MS Antispyware running on people's PC's after I fix them, also I install Firefox and remove the IE icon from the desktop... really... I have to do that.

I can't believe that Norton shit still sells, I mean they do have a grip on the market, through BB and just being "Norton", the name thats been around for a while. But their AV demands everything from your PC, a lot of your CPU and RAM like its a dedicated program running like you're playing a game

 

[uzor]

On the AV front, how effective is Nod32 at detecting/removing Trojans? I've been looking at solutions other than my current, as this seems to be one area that it lacks in. As a disclaimer, I am in the process of reading the rest of the information in this thread, and looked at the Paranoia 101 sticky, but wanted to know/check whether I should be looking into a separate Trojan scanner, or if Nod32 will do it all.

Thanks in advance.

 

[MaXimus]

NOD32 is the best in the world.

 

[Ice Czar]

NOD32 and any of the other top flight virus scanners (read Eugene Kaspersky's article) will suffice, back in the day I employed TDS-3 as a standalone trojan detector. But these days trojans as part of a blended threat package are the AV industry's bread and butter.

A modern malware package is more often than not going to drop a Trojan, where viruses were self replicating just for kicks or proof of exploit "you better fix this" malware. These days its all about money and to borg and bot a box you need a backdoor into it, theyll drop keyloggers, disable AV scanners and circumvent the the firewall phoning home. They are a blended threat and generally have multiple attack vectors. (are able to spread more than one way)

Generally they dont want whats on your box, just the bandwidth, youll be part of a DDoS (distributed denial of service) and your box with hundered to thousands of others will be used to hold sites hostage, exploiting a ransom of protection money. Youll be a member of a criminal bot net. (your box will also try to compromise others) for instance you might just become a spam server

When its really bad someone actually comes for a looksee around your box and tries to scavenge Identity info, passwords to other networks, ebay accounts, credit card numbers.
The average joe blow user really isnt the target there but it can happen.

These days "viruses" are almost a thing of the past, its blended threat automated worms to build botnets or very hard to detect subversions where they think there might be a long term advantage to harvest info and make money.

Thus antiVirus scanners are now the "detection" tool before infection, but if for some reason they fail, you have to block the exploit with other tools or at the very least have a tripwire go off so you know your infected, without that, the AV scanner is compromised and its just a feel good device with no real protection.

as far as NOD32 specifically, its very light on resources, dosent install a million and one registry entries and services strangleholding your OS, its not bloated, but here are the real reasons, they have always been a leader in hueristic detection not signature based, never the less it updates signitures automatically all the time as well. More importantly so far it seems to have avoided its own exploitable flaws. It always does very well in any real world test.

However as mention no single program is going to offer you complete protection, and any vendor saying they can is blowing smoke up your butt. You need to take actions to define exactly what is an isnt allowed to happen on your box, you need to decrease your attack profile and employ more common sense when allowing things to happen, and you need a means to check the integrity of the security applications you have

ProcessGuard
NOD32
Firefox + noscript extention
A good rule based software firewall + a hardware firewall (NAT router will do)
Filechecker
RootkitRevealer
HijackThis \ Startuplist
google news > add malware, virus, exploit, trojan, rootkit, worm, backdoor and hotfix as news categories and read the headlines daily
Windows Update and Baseline Security Analyser

in the event you are forced to employ IE
How to secure IE

make a list of allowable sites and lock out everything else

other AV scanners worth considering would be
Kaspersky and F-Secure IMO

 

[Monkey34]

Ice Czar wins again!

Whoot! Whoot!

((sorry, just another convert here))

 

[Hawk001]

I haven't read this entire thread. But here is my $0.02 about AVs.

AVG tends to be less system intensive then Avast and is less annoying (avast tells you every time in a big caption with a wierd guy talking that it has updated, a new version is available, there is news, anything that is related to Awil software). Avast has a slightly better detection rate. Avast likes to put every feature in its own category, to give you an almost false sence of security and points. Avast also uses a different process for every single feature it is using. AVG uses one for control center and one for email scanner i believe. NOD 32 is much less system intensive then every AV i have used or seen. NOD32 has a better detection rate and has 2 proesseses (one is the UI which uses about 5KB of RAM). NOD32 has a much better on access scaner then Avast and AVG, and uses less resorces while doing it. Mcafee, Norton, and all of those other highely comercial products tend to be how I described Avast only using more RAM for every service, and having a slightly better dection rate, yet not as good as NOD32. My suggestion, get NOD32.

 

[Hawk001]

However as mention no single program is going to offer you complete protection, and any vendor saying they can is blowing smoke up your butt. You need to take actions to define exactly what is an isnt allowed to happen on your box, you need to decrease your attack profile and employ more common sense when allowing things to happen, and you need a means to check the integrity of the security applications you have

ProcessGuard
NOD32
Firefox + noscript extention
A good rule based software firewall + a hardware firewall (NAT router will do)
Filechecker
RootkitRevealer
HijackThis \ Startuplist
google news > add malware, virus, exploit, trojan, rootkit, worm, backdoor and hotfix as news categories and read the headlines daily
Windows Update and Baseline Security Analyser
in the event you are forced to employ IE
How to secure IE
make a list of allowable sites and lock out everything else
other AV scanners worth considering would be
Kaspersky and F-Secure IMO

I haven't had a single virus, trojan, worm, malware, or any types of malicous spyware or adaware in years. Could you explain to me how this is possible when I run the following.

Startup manager/Hijack this
Firefox w/ adblock
NOD32 w/ latest signatures
Windows updates daily
IESPYAD
Spybot/Adaware
Windows Firewall w/ NAT Hardware firewall
You can install all of the above applications in Ice Czar's post if you want, and sleep well at night if that makes you happy. But really all of that is NOT needed. If something tells you that it is legit software and you click on it, you are going to get the adaware/ spyware/ malware or what ever it is. It is the person between the keyboard and chair.

 

[dwilson041781]

if u havent been affected by anything yet its only a matter of TIME, and its best to take precautions as with everything in life.

VERY GOOD Advice from Ice Czar and damn good article. STICKY???

 

[Rich Tate]

NOD32 works great for virus filled [H] boxes. I won't check my mail without it.

Oh and if you guys haven't realized, don't bother arguing with Ice, he wins everytime.