The things I do are sketchy, yes. I just take action against more sketchy people. Very deplorable people. I need my devices secure if they want to harm me
I have done my part, as I like to decide based on the facts:
https://www.reddit.com/r/antivirus/s/MZ1ialxQkH
BD is nowhere near being recommended by me.
Deep Instinct is miles ahead, then ESET and Avast, then the rest (Sophos, F-Secure, Trend Micro).
What are the facts you’re basing your post on?
Honestly, happy to learn. I am doubting myself in the post above, as I truly couldn’t believe what I saw.
Mind throwing your hard numbers at me?
Thanks!
And about 1/3 of the endpoint security vendors participating in the MITRE ATT&CK evaluations or AV-Comparatives 
They are, they bought there definition database from the same third party. They do have different algorithms when it comes to scanning, but they operate off of the same database.
Hmm that’s unfortunate. They used to be good. Seems like that they went downhill
How would I know if I have such a key?
im cringing out of my skin 6 months later
Well you put a good effort in your test I have to say but it’s a massively faulty test.
So are you one of those guys who thinks that for testing an AV doing a right-click scan on a sample collection folder and that’s all an AV has to offer? Just signatures?
AV products have many other layers you know? They don’t invest millions in R&D for you to only check its signature creation. Every AV has an automated signature creation system. That’s the most basic part.
Products like Kaspersky and Bitdefender have multiple layers of protection. Signatures are not all of it.
Did you run those malware on your VM? Did you even verify how many of them are still functional and not trying to connect to dead C2C servers? Well, you didn’t execute them so you have no idea.
Start reading and learn what they offer and how their tech works,
BD tech:
Kaspersky tech:
Bitdefender patents:
You can search on your own for other AV vendors too.
Your way of testing Microsoft Defender is another easy way to see how you lack basic knowledge regarding AV products and how they work.
Microsoft Defender is an AV that is very heavily reliant on its cloud. Its on-device signatures are low in numbers and there are delays in them releasing signature updates for new threats.
You will never get a good result if you turn off its real-time protection, extract your malware zip collection, and then run a scan. Its 4% result surprised you but it didn’t surprise me at all because unlike you I actually know how most of the top AV products work and what’s their weakness and strength.
It seems you disabled every product’s real-time protection in order to extract your zip and run a scan.
The first rule of AV testing is to never turn off real-time protection. There could be exceptions like if you only want to check a certain product’s behavior blocking ability only but that’s not recommended because not every product works that way. Some can not real threat information unless they get information on the file from its main sensor.
If you had real-time protection turned on, MD would have checked those files first in the signature database, if not available it would have sent the metadata of the file to the cloud which would result in detection once it receives a response from the cloud. If sending metadata wasn’t sufficient then it would upload the whole file and run some light but power classifiers which would result in more detection. If even that’s not enough and MD cloud thinks the file needs further analysis then it would detonate it in a cloud sandbox and later blacklist the file and create automated signatures if required.
So when you disable real-time protection and run a scan, none of these happens and you will only very low detection rate if the samples are newer.
With that said, both ESET and Deep Instinct are fine products. I love ESET for many things but it has downsides also in regards to protection as it is heavily reliant on its signatures and heuristics. It often fails in my test regarding new ransomware and MBR destroyer malware.
Also look at tests performed by testing organizations like AV-Comparatives, AV-Test, MRG-Effitas. Talking about ESET, in a recent test by AV-Test, where some ransomware, data stealers among other malware were tested. ESET failed to detect one ransomware, another one it detected and blocked yet couldn’t stop the encryption process for whatever reason, another stealer was able to steal data even though ESET said that it blocked it.
All these match with my own test that I do on my VM. I used to test a lot in the past but don’t have enough time now. But even yesterday found a ransomware that ESET failed to detect but Bitdefender and Kaspersky were able to detect it after executing the sample by their behavior blocker. For BD only desktop shortcuts were encrypted, all other files remain intact.
With that said, I actually love ESET and may even install it on my main system in the coming days.
About Deep Instinct, it’s a business-oriented product. They didn’t create it with home users in mind. It provides very good protection but also produces false positives. I know someone who uses Deep Instinct because of its lightness but he had to whitelist a lot of things to make it work. But even then it often blocks some game-related files when he runs games. So now he turns it off completely before playing games and turns it back on after finishing.
So anyway, as I said your testing method was faulty even though your effort has to be applauded. It’s just that you lack knowledge about AV products. There is nothing wrong with not knowing something but you can always learn.
Read AV products tech documents, papers, blogs, tech explainers, etc. The more you read the more you learn.
What third party would that be? Both Kaspersky and Bitdefender spend a significant amount on R&D, including malware discovery and signature development. Bitdefender out licenses their engine and signatures to many other companies, and Kaspersky to a few, but their own are original.
This links to a post that’s two years old, but from some quick research it depends on what area you buy it in. I’m not sure, but you could buy it from another country’s website and see if the key works. However, I don’t see that as being possible unless you use a vpn to change your location. Briefly, in this post a person bought a three PCs license like he always did in the UK but it didn’t work in Belgium, where he travels to for business. It had worked in previous years. After the UK left the EU, the activation key would no longer work in Belgium. It only worked in the UK.
Thank you for your detailed feedback. However, it seems you’ve misunderstood the core of my request.
Despite your extensive writing, you provided no data points that I asked for. Not one. Additionally, your assumptions are incorrect. All my tests were conducted with real-time protection enabled. I’m unsure what led you to believe otherwise, but this misconception renders a significant portion of your response invalid. I have no interest in testing scenarios with disabled real-time protection as that is unrealistic. Extracting malware samples and having the AV attempt to stop the malicious code is a comprehensive way to test the combined techniques of these products, except for actual execution, which I avoided for specific reasons.
Some products performed better, some worse. For example, Bitdefender was a significant resource hog. This is why I asked others to re-run the tests. Your explanation of individual techniques was unnecessary; instead, you should investigate why Deep Instinct and ESET excelled in detection. Despite the millions of dollars invested in development, CPU utilization remains an issue for many products. Notably, AV-Comparatives doesn’t provide detailed CPU utilization metrics, offering only a four-level speed rating. I aimed to quantify this, and that’s why I asked others to replicate my tests.
Why does Bitdefender consume excessive CPU for extended periods while still missing many samples? Why do the techniques you mentioned not provide adequate protection? And why is it considered acceptable that “only shortcuts were encrypted”? This mindset is outdated.
Given these points, I question why anyone would choose a product that misses a majority of samples during real-time scanning when better options exist. That’s the essence of my initial response.
Once again, I ask you: Run the tests yourself and share your results. I’ve done so and posted my findings. I provided a PowerShell snippet to facilitate replication, particularly focusing on the real-time aspect. Not the “disable RT scanning, extract, and scan the folder” method. I mention folder scanning because I wanted to give Microsoft Defender another chance, as it caught only 4% of samples in real-time.
Since you conduct extensive testing, could you share the actual numbers you obtained?
Surprise, never got a reponse.
Damn, my essay is too big that Reddit won’t let me comment the whole thing. Lol.
I have shared it in pastebin and hopefully you can read it:
You handled this well. People like him I just instantly ignore, you can give an argument without sounding like an arrogant blowhard. That’s one aspect of tech discussion I personally detest.
The main brunt of these is stop the files from getting into your computer in the first place, finding ones on your computer in a secondary consern. You want to test them try each one going to a site that you know is going to flood your computer with stuff, or downloading things that are bad. See how many stop you.
looking at DI it don’t even look like a full product it looks like some one who is testing AI virus detection. While thats all well and good it needs to be worked into a full protection product like the others before anyone will be to interested in it.
chill guys brain laged due to all this essay competition
Just wanted to say thanks for all the info. For me personally its tough having to find a new AV, been with kaspersky for nearly 20 years. On one pc it got replaced with some shitty av, but on my other its still there. Noticed yesterday I couldn’t update the database. Used a vpn outside of the US and was able to get the latest. I got 98 days left and although I can still pull the database, I don’t want to have to use a vpn just to do so. Once my current license is over, I’ll be giving bitdefender a try.
I can’t pull the data base anymore. x.x It’s because it’s based in Russia, it’s got no links to the goverment there but oh no Russia bad. So they removed it from goverment PCs as it was the go to for the goverment. But a lot of goverment agents didn’t listen and keep using it so they banned it.
It’s stupid, you don’t have to ban it for everyone just because your angry people won’t listen to you.
Just use a VPN, set it outside US and you’ll be able to pull them.