It's a bit tricky theorizing what malware can or can't do - as soon as one nails down a limitation, along comes a creative exploit that breaks through that limitation.

That's right, I had that in mind.

This is why 'layered' security is so important - multiple security techniques like using a decent antivirus, keeping a system full patched from a security standpoint, using limited user accounts (to limit the penetration depth of malware), a good firewall that applies outgoing filtering, and consistency in applying 'safe hex' (extreme care in what is downloaded, not clicking on pop-ups or opening eMailed links, care in what sites are visited, etc). The more layers present, the harder for new malware to find or exploit an opening.

It's a bit tricky theorizing what malware can or can't do - as soon as one nails down a limitation, along comes a creative exploit that breaks through that limitation.

That's right, I had that in mind.

A complex, sophisticated malware program could likely do many, if not all, the things you describe - think in terms of Stuxnet-grade malware. But generally speaking, most 'normal' malware doesn't mess with altering existing files on a system - or at least, generally doesn't succeed if it tries. While some malware can delete a non-'system' legitimate file and replace it with a same-named version supporting or containing parts of the malware, usually the route taken is to sprinkle reasonable-sounding or randomly-structured filenames in various places on a system and then call up those files as needed from a central, running malware process.

Put another way, worrying about malware altering contents of an existing file is essentially worrying about the 0.1% segment of all the malware that's out there. The one exception is where the malware might take control of an app like a browser and use it to write things of its choosing into the browser files, but those are extremely specialized data files that usually affect nothing else.

Some such files the system or a programs creates itself in its folder(s), some such files may be downloaded by the user, some such files can be created by the user from files already on the system.
The last case is in question - can some malware insert itself into such an existing file? Can it replace such a file seamlessly with a similarly looking one of the same format?
Can malware mess with archived files created by the system and/or other legitimate software on the system?
I'm ruling freshly downloaded such files out - assuming the regular antimalware program manages it prompted by the user.

If one is archiving files using an imaging program like TrueImage, Paragon, or similar to create an archive backup file of a drive or a folder of files, malware will only ever appear within that archive if it was already present on the system at the time the archive was created. The malware can't normally infect such an existing archive after it's created. But it can independently infect the drive on which the archive is stored, as noted below. If one is archiving files by directly copying them to a backup drive or flash-stick, then again, the backups should be clean of malware if the original source folders were clean - except in that case where malware independently infects the drive on which the archive is stored.

When one is archiving files to another drive, either via an image file or directly copying the data files over, existing malware on a system can, in principle, infect that other drive the moment it's connected to the computer. In this regard, a lot depends on how the specific malware is designed; not all malware has the capability, but some does. The deeper the malware hooks into the kernel code of the operating system, the more readily it can replicate itself onto other drives or flash-sticks. If one is storing backups (or even an image file) to another drive, some malware has the capability of infecting that drive directly before the archive file(s) are ever copied onto it. If a persisting stub file from the malware is then somehow able to point back to that instance of itself on the backup drive, it can re-infect the main system as soon as that backup drive is accessed. In the case of malware that infects a disk's MBR, unless that infected drive is deep-reformatted, that malware will survive a mere light-formatting process and potentially call out to its stored instance on the backup drive to reinfect the supposedly-cleaned system all over again as soon as that drive is connected.

However, the most common cause of reinfection for most malware victims is that they discover malware on their system, go to great lengths to clean it all up, then later have other problems requiring a system restore or restoration from a backup set, whereupon the earlier-removed malware suddenly reappears from within the file collection of the archive. This is one of the major reasons it's important to try to figure out how and when any infection has occurred, and to delete any archives or system restore points that occurred between the infection time-point and the point of cleanup. Otherwise, reinfection from the backup set(s) will occur. Obviously, the more backups routinely made and the more careful the system observations by the user, the more quickly he will recognize an infection and be able to minimize the look-back period that has to be discarded before restoring.

Most antimalware allows 'whitelisting' of both files and folders which skips them when scanning. Ordinarily, it's wise to avoid whitelising a folder unless you really, really have to since it gives a sanctuary for malware to hide. In cases where a folder has to be whitelisted, one should use access controls to govern very tightly which user accounts can alter the folder's contents.

The question is, can malware insert itself into already existing archives?
There are three types of archives I've come to think of:

1. programs' archived files, including that of the system;
2. the user's own archived files (presumably s/he checked them at some point before archiving already);
3. "ready" downloaded archives.
   I can think that number 3 might be of risk, but I always check all downloaded files immediately - even if I had uploaded them myself or from "trusted sites".
   What about numbers 1 & 2? Can those be of risk?

Does some antimalware software allow for "trusting", skipping scanning some existing files on system? Will it be of sense to apply such "trusting"/skipping?

Most AVs have a setting allowing them to be at least temporarily disabled, often accessible through the icon in Windows Tool Tray. I don't know about 360, though.

Yeah, the two items at the very bottom are called "Enter Silent Mode" and "Exit" (the latter's after a hr).
I don't know about the "Silent mode", but the other might be it.

Most AVs have a setting allowing them to be at least temporarily disabled, often accessible through the icon in Windows Tool Tray. I don't know about 360, though.

Who knows what it is?
Does it mean 360 is ready to fight Bitdefender or does it mean that 360 is ready to cooperate with Bitdefender?

However, some BD ART users have apparently run into conflict issues with certain AV's, Sophos in particular. BitDefender recommends when doing a scan that the user take their system offline, shut off any resident AV, perform their BitDefender Adware Removal Tool scan and removals (if any), then shut it off, reactivate the resident AV, and finally put the system back on line. There can also be conflicts with other anti-adware tools if they are active/running at the same time as a BitDefender scan. This is not uncommon for many (but not all) anti-malware/adware tools - they tend to not like each other very much if running at the same time. Sometimes this has to do with one tool activating an adware file to remove it, but the other tool seeing that and trying to grab control to kill it at the same time - most software doesn't tolerate that kind of competitive behavior very well.

Yes, bitdefender.com is the actual BitDefender site and a safe place to download from.

If you're dealing with a limited data package, how big a typical update would be and how often it updates are of very real concern to you. Some BitDefender users in the past few years have complained that their typical update size was 60 Mbytes, and their program's default setting was to check for updates multiple times each day. When BitDefender happened to update their own server database frequently for whatever reasons, then the limited-data-plan users would be facing fairly large downloads multiple time per day, based on the default AV settings. Since the download size would have to be whatever it would be, the recommended solution was always to reduce the checking setting to no more than once a day, if even that often.

My point was only to make you aware that the update size and rate of occurrence are possibly more important issues than the initial AV program download size if you're under a tight user data cap. Since I don't use BitDefender, you'll have to research this deeper to find more current or reliable answers for your particular situation. You might try BitDefender's forums for some better and more up-to-date details for their AV.

As far as program downloads, I always go right to the maker's own site. It's safer and usually more reliable than 3rd parties with their risks of out-of-date programs or bundling with trash-ware. Even if the maker's site uses a stub installer, it shouldn't magnify the overall program download size much at all, compared with a 3rd-party executable file. So in this case, I'd use BitDefender's own site to get the software.

One possible other issue is the periodic signature update size - some users report it runs as much as 60 MB in size, and is supposedly default-scheduled multiple times a day...

Would you mind explaining it in some plain English?:rolleyes:

Anyway, where shall one find the right copy of BitDefender?

I believe the actual BitDefender install file is around 6-7 Mb...

Megabit or megabite (MB)?

One possible other issue is the periodic signature update size - some users report it runs as much as 60 MB in size, and is supposedly default-scheduled multiple times a day, though it seemingly can be set to less frequent settings. Again, all this is based on postings I've read, not on first-hand experience. You might want to spend a little 'quality' time sifting through Google responses to dig further into the update size and frequency questions. At least the initial download should be a one-time cost regarding its size.

It cleans good though...