Comparing Bitdefender Free to AntiVir PE

[Jim]

Hello,

Please add comments, pluses and minuses to mine:

Bitdefender Free Edition 7 :
< http://www.bitdefender.com/bd/site/products.php?p_id=24 >

+ Attractive skinnable user interface
- Takes up 12.1 MB RAM in total (no running virus guard)
- No real-time virus guard
- System reboot needed after update


AntiVir Personal Edition 6.24 :
< http://www.free-av.com/ >

+ Has real-time virus guard
+ Takes up 1.3 MB RAM (virus guard running)
- Not so attractive user interface
- Sometimes slow updating when you're far from Germany(?)


Cheers,

Jim
-=-

 

[Overcast]

Added one plus and one minus to Bitdefender and one minus to Antivir.

Please add comments, pluses and minuses to mine:

Bitdefender Free Edition 7 :
< http://www.bitdefender.com/bd/site/products.php?p_id=24 >

+ Attractive skinnable user interface
- Takes up 12.1 MB RAM in total (no running virus guard)
- No real-time virus guard
- System reboot needed after update

- Big download (9 MB compared to AntiVir's 4 MB)
+ Will scan individual folders and files from right click menu

AntiVir Personal Edition 6.24 :
< http://www.free-av.com/ >

+ Has real-time virus guard
+ Takes up 1.3 MB RAM (virus guard running)
- Not so attractive user interface
- Sometimes slow updating when you're far from Germany(?)

- Will only scan whole drives

 

[Jim]

Replaced one minus with a plus for AntiVir. It DOES scan individual files
from right click menu.

Jim

---------------

Please add comments, pluses and minuses to mine:

Bitdefender Free Edition 7 :
< http://www.bitdefender.com/bd/site/products.php?p_id=24 >

+ Attractive skinnable user interface
- Takes up 12.1 MB RAM in total (no running virus guard)
- No real-time virus guard
- System reboot needed after update
- Big download (9 MB compared to AntiVir's 4 MB)
+ Will scan individual folders and files from right click menu


AntiVir Personal Edition 6.24 :
< http://www.free-av.com/ >

+ Has real-time virus guard
+ Takes up 1.3 MB RAM (virus guard running)
- Not so attractive user interface
- Sometimes slow updating when you're far from Germany(?)
+ Will scan individual folders and files from right click menu
-=-

 

[Buchh@lter]

Am 26 Mar 2004 14:30:33 -0000 schrieb Jim

Hello,

Please add comments, pluses and minuses to mine:

Bitdefender Free Edition 7 :
< http://www.bitdefender.com/bd/site/products.php?p_id=24 >

+ Attractive skinnable user interface
- Takes up 12.1 MB RAM in total (no running virus guard)
- No real-time virus guard
- System reboot needed after update

+ System reboot is only needed if there is an update of the
core components (happens only once in two months or so)
+ good unpacking engine that scans inside several archive-formats
and unpacks run-time-compressed exe-files

AntiVir Personal Edition 6.24 :
< http://www.free-av.com/ >

+ Has real-time virus guard
+ Takes up 1.3 MB RAM (virus guard running)
- Not so attractive user interface
- Sometimes slow updating when you're far from Germany(?) - no unpacking engine


Cheers,

Jim
-=-

Best Regards

buchh@lter

 

[Overcast]

Hallo buchh@lter,

Thanks for your additions. I did a quick test to find out whether the
AntiVir scan engine discovers the eicar string inside eicar_com.zip
( http://www.eicar.org/anti_virus_test_file.htm )

AntiVir DID produce an alert, so it does have an unpacking engine. It will
scan inside ZIP archives.

Then, I created a self-extracting executable from the eicar_com.zip. This
produced eicar_com.exe.Scanning the executable, the AntiVir scanner did
NOT find the eicar string. I think this a serious drawback.

That said, when I tried to run the self-extracting executable, the AntiVir
Guard did produce an alert screen.

I changed your below entries accordingly.

Regards,
Overcast



Hello,

Please add comments, pluses and minuses to mine:

Bitdefender Free Edition 7 :
< http://www.bitdefender.com/bd/site/products.php?p_id=24 >

+ Attractive skinnable user interface
- Takes up 12.1 MB RAM in total (no running virus guard)
- No real-time virus guard
- System reboot needed after update
+ System reboot is only needed if there is an update of the
core components (happens only once in two months or so)
+ good unpacking engine that scans inside several archive-formats
and unpacks run-time-compressed exe-files



AntiVir Personal Edition 6.24 :
< http://www.free-av.com/ >

+ Has real-time virus guard
+ Takes up 1.3 MB RAM (virus guard running)
- Not so attractive user interface
- Sometimes slow updating when you're far from Germany(?)
+ will unpack zip files
- won't unpack nor scan inside run-time-compressed exe-files

 

[FromTheRafters]

Then, I created a self-extracting executable from the eicar_com.zip. This
produced eicar_com.exe.Scanning the executable, the AntiVir scanner did
NOT find the eicar string. I think this a serious drawback.

I don't.

In order to properly detect the EICAR test string, that
string should be the first (and in some cases the only)
68-70 bytes in the file. Scanning "inside" an archive file
is somewhat misleading because what actually happens
is that the contents of the archive are extracted and the
resulting extracted file is scanned (and the first 68-70
bytes is now the EICAR test string) - and so it should
be detected as such.

When a self-extracting archive file is made, the resulting
executable should not be detected as the EICAR test
file - however, once it is extracted as a stand alone file
it should be detected when scanned because it *is* the
EICAR test string at that point.

One would hope that any real malware inside a self-extracting
(with possibly self-executing contents) archive file would be
detected on demand using the scanner's emulation method, but
I don't believe that the purpose of the EICAR test string is to
actually *test* the scanner, it is more just to have a file that is
safe, yet gets detected as malware, so you can see how an AV
program reacts to a malware detection.

 

[Buchh@lter]

Am Sun, 28 Mar 2004 18:11:32 -0500 schrieb FromTheRafters

I don't.

In order to properly detect the EICAR test string, that
string should be the first (and in some cases the only)
68-70 bytes in the file. Scanning "inside" an archive file
is somewhat misleading because what actually happens
is that the contents of the archive are extracted and the
resulting extracted file is scanned (and the first 68-70
bytes is now the EICAR test string) - and so it should
be detected as such.

When a self-extracting archive file is made, the resulting
executable should not be detected as the EICAR test
file - however, once it is extracted as a stand alone file
it should be detected when scanned because it *is* the
EICAR test string at that point.

One would hope that any real malware inside a self-extracting
(with possibly self-executing contents) archive file would be
detected on demand using the scanner's emulation method, but
I don't believe that the purpose of the EICAR test string is to
actually *test* the scanner, it is more just to have a file that is
safe, yet gets detected as malware, so you can see how an AV
program reacts to a malware detection.

self extracting archives are not the problem. the problem are
runtime-compressed executables like trojans or other malware
that is runtime-compressed with upx or a similar tool. these
files will not extract their content to the hard drive where
the on-access-scanner can catch them. These files decompress
themselfes into the ram when executed.

 

[FromTheRafters]

Am Sun, 28 Mar 2004 18:11:32 -0500 schrieb FromTheRafters


self extracting archives are not the problem.

No, but they *are* the subject matter I was responding to.
Placing the EICAR test string (EICAR.COM) in a runtime
unpacker would be another misguided attempt to use the
test string.

the problem are runtime-compressed executables like trojans
or other malware that is runtime-compressed with upx or a
similar tool. these files will not extract their content to the hard
drive where the on-access-scanner can catch them. These files
decompress themselfes into the ram when executed.

True, they can be a problem. I think that such things are detected
by allowing the executable to unpack the malware code within an
emulated environment. If the scanner supports the particular type
of packer involved, it might just be able to perform the unpacking
without even having to execute the malware in emulation.