Antimalware Software

A Former User

I believe the actual BitDefender install file is around 6-7 Mb...

Megabit or megabite (MB)?

A Former User

One possible other issue is the periodic signature update size - some users report it runs as much as 60 MB in size, and is supposedly default-scheduled multiple times a day...

Would you mind explaining it in some plain English?:rolleyes:

Anyway, where shall one find the right copy of BitDefender?

blackbird71

blackbird71

In plainer English (hopefully), most AVs routinely check for updates to their virus signature database daily or even multiple times each day. Some of them update by downloading the entire signature database, some by simply adding changes to an existing local database. Each update size depends on how the AV program is coded or whatever changes (if any) have accumulated. How often the AV updates is determined by a setting in the AV program, with some default value always applied at install.

If you're dealing with a limited data package, how big a typical update would be and how often it updates are of very real concern to you. Some BitDefender users in the past few years have complained that their typical update size was 60 Mbytes, and their program's default setting was to check for updates multiple times each day. When BitDefender happened to update their own server database frequently for whatever reasons, then the limited-data-plan users would be facing fairly large downloads multiple time per day, based on the default AV settings. Since the download size would have to be whatever it would be, the recommended solution was always to reduce the checking setting to no more than once a day, if even that often.

My point was only to make you aware that the update size and rate of occurrence are possibly more important issues than the initial AV program download size if you're under a tight user data cap. Since I don't use BitDefender, you'll have to research this deeper to find more current or reliable answers for your particular situation. You might try BitDefender's forums for some better and more up-to-date details for their AV.

As far as program downloads, I always go right to the maker's own site. It's safer and usually more reliable than 3rd parties with their risks of out-of-date programs or bundling with trash-ware. Even if the maker's site uses a stub installer, it shouldn't magnify the overall program download size much at all, compared with a 3rd-party executable file. So in this case, I'd use BitDefender's own site to get the software.

A Former User

Is that bitdefender.com their own site?
How does it get along with the system's regular AVs?

blackbird71

blackbird71

I apologize for my confusing the BitDefender AV product's size with the anti-adware product you referenced a few posts up. I ran down the wrong rabbit-hole after that. Their anti-adware product is around 45 Mbytes in size and can be used as-is without an OS installation. It doesn't really update periodically, so that kind of data loading won't be a problem for a user with a data cap. The product generally is set up to use in a manual scanning manner.

However, some BD ART users have apparently run into conflict issues with certain AV's, Sophos in particular. BitDefender recommends when doing a scan that the user take their system offline, shut off any resident AV, perform their BitDefender Adware Removal Tool scan and removals (if any), then shut it off, reactivate the resident AV, and finally put the system back on line. There can also be conflicts with other anti-adware tools if they are active/running at the same time as a BitDefender scan. This is not uncommon for many (but not all) anti-malware/adware tools - they tend to not like each other very much if running at the same time. Sometimes this has to do with one tool activating an adware file to remove it, but the other tool seeing that and trying to grab control to kill it at the same time - most software doesn't tolerate that kind of competitive behavior very well.

Yes, bitdefender.com is the actual BitDefender site and a safe place to download from.

magaretz

magaretz

Well, my limitations are that the trial ends not further than in a month - then it's definitely uncertain.

A Former User

What trial, Magaretz?

A Former User

Does every regular AV allow to (temporarily) shut themselves down?
Or is there maybe a system control for that?

A Former User

My 360 doesn't seem to like Google Chrome very much: frequently doubting chrome files, now it's even deleted Chrome's updater file...

A Former User

Well, it appears that my 360, in settings, has something for Bitdefender, but I can't clearly understand what it is and what it is for: bitdefender bit .

Who knows what it is?
Does it mean 360 is ready to fight Bitdefender or does it mean that 360 is ready to cooperate with Bitdefender?

blackbird71

blackbird71

360 has the capability of using multiple local scanning engines as well as its cloud engine, one of which is BitDefender AV - or at least 360 had that capability in 2013: <http://www.wilderssecurity.com/threads/360-internet-security-free-triple-antivirus-engine-bitdefender-included.348585/ > The panel you show looks like one that allows the alternate local engines to be controlled from within 360. Otherwise, be careful when BitDefender is mentioned somewhere, since many or most references are to its more widely-known AV product, not its Adware Removal Tool product. That was the trap I fell into a few posts back.

Most AVs have a setting allowing them to be at least temporarily disabled, often accessible through the icon in Windows Tool Tray. I don't know about 360, though.

A Former User

Most AVs have a setting allowing them to be at least temporarily disabled, often accessible through the icon in Windows Tool Tray. I don't know about 360, though.

Yeah, the two items at the very bottom are called "Enter Silent Mode" and "Exit" (the latter's after a hr).
I don't know about the "Silent mode", but the other might be it.

blackbird71

blackbird71

'Silent mode' usually means the AV continues doing its thing, but it shuts off its normal alert messages along the way. That is, it quarantines or removes files or whatever 'silently'. In terms of avoiding conflicts with other anti-malware, it's doubtful that 'silent mode' will provide any relief. What one needs is some control like 'pause', 'temporarily suspend', etc. Otherwise, you'll have to Google a term like '360 AV turn off' or similar to find out what other users may have done.

A Former User

It takes 360 some ages to scan my archives... :wait:

The question is, can malware insert itself into already existing archives?
There are three types of archives I've come to think of:

programs' archived files, including that of the system;
the user's own archived files (presumably s/he checked them at some point before archiving already);
"ready" downloaded archives.
I can think that number 3 might be of risk, but I always check all downloaded files immediately - even if I had uploaded them myself or from "trusted sites".
What about numbers 1 & 2? Can those be of risk?

Does some antimalware software allow for "trusting", skipping scanning some existing files on system? Will it be of sense to apply such "trusting"/skipping?

blackbird71

blackbird71

There are a number of factors influencing what malware can and cannot do on a computer. In general and unless otherwise blocked, malware can insert its own payload files among the various legitimate files collected on drives or within folders - though which drives or folders are more easily accessible for infection is greatly affected by the access compartmenting that occurs when employing the OS's limited user accounts or group-policies for files and folders. In some cases, some legitimate files can even be replaced by similarly-named malicious file versions. However, malware is usually not able to directly and effectively alter the contents of existing complex files without causing corruption that renders the infected file unusable - thus the risk of infection in that manner is considered minimal.

If one is archiving files using an imaging program like TrueImage, Paragon, or similar to create an archive backup file of a drive or a folder of files, malware will only ever appear within that archive if it was already present on the system at the time the archive was created. The malware can't normally infect such an existing archive after it's created. But it can independently infect the drive on which the archive is stored, as noted below. If one is archiving files by directly copying them to a backup drive or flash-stick, then again, the backups should be clean of malware if the original source folders were clean - except in that case where malware independently infects the drive on which the archive is stored.

When one is archiving files to another drive, either via an image file or directly copying the data files over, existing malware on a system can, in principle, infect that other drive the moment it's connected to the computer. In this regard, a lot depends on how the specific malware is designed; not all malware has the capability, but some does. The deeper the malware hooks into the kernel code of the operating system, the more readily it can replicate itself onto other drives or flash-sticks. If one is storing backups (or even an image file) to another drive, some malware has the capability of infecting that drive directly before the archive file(s) are ever copied onto it. If a persisting stub file from the malware is then somehow able to point back to that instance of itself on the backup drive, it can re-infect the main system as soon as that backup drive is accessed. In the case of malware that infects a disk's MBR, unless that infected drive is deep-reformatted, that malware will survive a mere light-formatting process and potentially call out to its stored instance on the backup drive to reinfect the supposedly-cleaned system all over again as soon as that drive is connected.

However, the most common cause of reinfection for most malware victims is that they discover malware on their system, go to great lengths to clean it all up, then later have other problems requiring a system restore or restoration from a backup set, whereupon the earlier-removed malware suddenly reappears from within the file collection of the archive. This is one of the major reasons it's important to try to figure out how and when any infection has occurred, and to delete any archives or system restore points that occurred between the infection time-point and the point of cleanup. Otherwise, reinfection from the backup set(s) will occur. Obviously, the more backups routinely made and the more careful the system observations by the user, the more quickly he will recognize an infection and be able to minimize the look-back period that has to be discarded before restoring.

Most antimalware allows 'whitelisting' of both files and folders which skips them when scanning. Ordinarily, it's wise to avoid whitelising a folder unless you really, really have to since it gives a sanctuary for malware to hide. In cases where a folder has to be whitelisted, one should use access controls to govern very tightly which user accounts can alter the folder's contents.

A Former User

I was talking about archived files, Professor - like zips, rars and such.

Some such files the system or a programs creates itself in its folder(s), some such files may be downloaded by the user, some such files can be created by the user from files already on the system.
The last case is in question - can some malware insert itself into such an existing file? Can it replace such a file seamlessly with a similarly looking one of the same format?
Can malware mess with archived files created by the system and/or other legitimate software on the system?
I'm ruling freshly downloaded such files out - assuming the regular antimalware program manages it prompted by the user.

blackbird71

blackbird71

It's a bit tricky theorizing what malware can or can't do - as soon as one nails down a limitation, along comes a creative exploit that breaks through that limitation. Nevertheless, malware usually only starts by inserting its files directly into a system's file structures along side what's already there, though sometimes with names that mimic legitimate file names. The worst problems arise when the malware executes and starts running. At that point, what malware can and cannot do depends on the depth of its infection. Rootkits that deeply hook the OS kernel code can mask all sorts of illicit activities they carry out, they can redirect user inquiries about files and names, hide entire folders, and do all sorts of other things. Conversely, 'mild' adware may only append a few bits of URL code to a browser shortcut command. Arrayed in between those extremes are all the various other kinds of malware.

A complex, sophisticated malware program could likely do many, if not all, the things you describe - think in terms of Stuxnet-grade malware. But generally speaking, most 'normal' malware doesn't mess with altering existing files on a system - or at least, generally doesn't succeed if it tries. While some malware can delete a non-'system' legitimate file and replace it with a same-named version supporting or containing parts of the malware, usually the route taken is to sprinkle reasonable-sounding or randomly-structured filenames in various places on a system and then call up those files as needed from a central, running malware process.

Put another way, worrying about malware altering contents of an existing file is essentially worrying about the 0.1% segment of all the malware that's out there. The one exception is where the malware might take control of an app like a browser and use it to write things of its choosing into the browser files, but those are extremely specialized data files that usually affect nothing else.

A Former User

It's a bit tricky theorizing what malware can or can't do - as soon as one nails down a limitation, along comes a creative exploit that breaks through that limitation.

That's right, I had that in mind.

blackbird71

blackbird71

It's a bit tricky theorizing what malware can or can't do - as soon as one nails down a limitation, along comes a creative exploit that breaks through that limitation.

That's right, I had that in mind.

This is why 'layered' security is so important - multiple security techniques like using a decent antivirus, keeping a system full patched from a security standpoint, using limited user accounts (to limit the penetration depth of malware), a good firewall that applies outgoing filtering, and consistency in applying 'safe hex' (extreme care in what is downloaded, not clicking on pop-ups or opening eMailed links, care in what sites are visited, etc). The more layers present, the harder for new malware to find or exploit an opening.