Review: BitDefender Total Security 2009by Steve Ragan - Oct 13 2008, 23:22
The Tech Herald took Total Security 2009 from BitDefender out for a spin.(IMG:BitDefender)
BitDefender is the small up-and-coming security vendor. With a focus on the end user and confusion-free usage, BitDefender’s Total Security 2009 package gives you well-rounded coverage in an appealing package. However, does the branding "Total Security" live up to its name? The Tech Herald put the software through its paces to find out.
BitDefender’s Total Security 2009 offers all the normal protection layers. The software offers layered defense from Malware by including an engine that scans for Rootkits, Worms, Trojans, and potentially harmful applications based on action alone. The firewall stops targeted scans for passive infection and includes parental controls. There are also little features to round out the software package.
Installing BitDefender Total Security 2009
The computer tested was an Intel Pentium D 3.4GHz (Dual Core), 1024MB RAM, with Windows XP SP3. BitDefender Total Security 2009 was installed with the base configurations enabled for this test.
The total time spent on the install process was just over six minutes. Afterward, there is a required re-boot of the system and a nine step post-install process to follow. The nine steps use a menu to walk you through the various settings and configuration options. Most are default coverage, but it is best to go through each step and learn what is going on behind the scenes. Like the Norton install process, you will also be asked to sign up for a BitDefender user account.
At the end of the nine-step configuration, you are prompted to update the software and run a scan. Make sure you do this, as the software is updated hourly in most cases, so you are already missing several update releases. The update process and the initial scan are the longest parts to the overall install and configuration, an initial scan took about 16 minutes.
What is unique about the install and initial scan is that after all that is said and done, the Total Security 2009 software wants to check for updates again. This is one of several system checks the software wants to complete, which is what is explained when you launch the system controls.
Using BitDefender Total Security 2009
Like other 2009 security products released recently, the main menu for Total Security 2009 looks much like a dashboard. However, while the navigation comes with two views, basic and advanced, BitDefender actually calls them dashboards.
The basic view offers simple point-and-click access to the various controls, and the advanced view does the same, but with a granular level of access that geeks have come to expect from BitDefender. Another plus for the navigation in either basic or advanced mode is the floating help. Hovering over a link or option updates the help section on the bottom of the navigation menu with details on what the specific setting or option does.
Since the basic view of the navigation menu is what most users will use, the testing and scoring for Total Security 2009 is based on this display. It is broken down into five tabs, and within each tab there is a series of options and controls.
The dashboard tab shows you overall status, as well as the ability to launch either a Full System Scan or a Deep Scan. The update options are on this tab as well. The security tab offers the ability to alter the settings of the monitored components. These include local security, online security, parental controls, and the vulnerabilities scan.
Local security is straightforward. This is where you enable or disable the firewall, disable the monitor that keeps track of how long it has been since your last scan, update tracking and real-time scanning and protections. Online security covers Anti-Phishing, Anti-Spam, and Identity control. The parental controls on Total Security 2009 are one of the little features that are included with the software. They offer a wide range of settings and cover every user account on the system.
Vulnerability scanning is another little added feature, and is new for the 2009 offering from BitDefender. Vulnerability scanning monitors the status of the various Microsoft-related updates. This will also monitor the overall security of a system by ensuring that passwords are set for each account.
The tune-up tab is where you can perform various system maintenance functions. These include registry cleaning, disk defragmentation, and basic cleaning that includes temp file removal and other junk that can build up over time on a system. You can also recover a registry backup from this menu as well.
The file manager tab is where you launch backups, either local or online, or you can restore them. The online backup option allows for 2GBs of storage and, like local backups, can be set for incremental backups to help save space. You can also restore files from the backup if infected or deleted by accident. The file vault, also enabled and accessed from this area, is where you can store items securely on the hard drive. The items in the vault are stored encrypted for an added layer of protection (right clicking on files allows you to add them to the vault).
You can manage the local network in the network tab. However, remember that you are limited to the number of computers monitored by your BitDefender license. You can cover as many computers as you want, but the typical purchase of Total Security 2009 covers three systems.
The final part of the navigation system is a single button at the top. The settings button opens a single interface to control all five tabs and their options.
Scanning with Total Security 2009
Scanning with Total Security 2009 is surprisingly quick. This was a surprise because one of the failings often mentioned in various BitDefender reviews is the lag and slow scanning speed. In the 2009 offering, scanning took almost one-third the normal time.
On the lab computer, 5.80GBs of space was used on the disk. Of that space, 561MB was used in a folder named 'content'. The content folder consisted of simple files to add bulk and give Total Security something to scan.
The files used included fonts, images and icons, PHP, HTML, and CSS files, as well as ZIP and RAR archives for a total amount of 21,816 files. It should be noted that none of these files were malicious.
Full System Scan (BitDefender Total Security 2009)
Scan One: 0:00:19:31
Scan Two: 0:00:17:38
Scan Three: 0:00:18:04
Scan Four: 0:00:17:59
Scan Five: 0:00:17:29
Average Scan Time: 0:00:18:08.2
While not the fastest scanning seen in The Tech Herald labs, BitDefender really stepped up on the scanning speed, living up to its marketing of a 60 percent increase in speeds.
There is also the bonus of the little things related to the scanner. Unless you disable the option, anytime a network share or USB drive is accessed on the computer for the first time, Total Security 2009 will insist on scanning it. The scanning will also cover downloads from the various Instant Messenger products, and if both parties are using a BitDefender 2009 product, the conversation between IM applications is secured.
Scanning remained consistent, as shown in the results. BitDefender’s scanner is interesting when you look at how it works. For example, like other 2009 products from various vendors, Total Security 2009 almost ignores operating system files. It scans them, but if the OS file is known, it’s a simple passive scan. Also important to note is that Total Security 2009 will remember clean files from past scans.
What happens is that once a file is scanned, it is entered into a database of known good files unique to each system. This database is checked each time a scan is run. If the CRC (hash file) of the file being scanned matches what's in the database, it can be skipped, because it is a known clean file. If the file is accessed, by the system or user, the CRC changes, and thus it will be scanned the next time scanning occurs.
Malware testing on Total Security 2009 consisted of 39 samples. The initial test placed all 39 samples in a single folder, each inside a password-protected ZIP archive. Total Security 2009 was then initiated to scan the folder and attempt to detect the Malware and, if possible, remove it.
While scanning, you can clearly see that Total Security is able to scan inside the zipped file. However, it detected none of the password-protected archives as being malicious. The second part of the test, where each malicious sample was placed into a single ZIP archive with no password protection, completed with Total Security 2009 identifying all 39 samples as malicious.
The final malicious sample test involved an executable zip file with several hundred KeyGens. KeyGens are used to crack commercial software, and most of the ones you download online are malicious. This file is known to be malicious, as several of the KeyGens included in the package are Malware.
When attempts were made to extract the KeyGens, the process failed. BitDefender’s Total Security detected “Trojan.Zlob.CVU” and halted the self-extracting archive. Adding to this is the quarantine of the archive, where no access was granted to it.
Malicious URL Detection
The malicious URL detection test consisted of five URLs, known to be malicious and picked at random from a current list of rouge Web sites. These sites contain Drive-By-Downloads, or malicious software, each with the goal of infecting the user who visits them.
Each site was tested as follows: Did Total Security block the site outright (Firewall or Toolbar warning)? Or did Total Security detect any malicious software after interacting with the site?
To pass this test, Total Security had to complete one of the two options. The idea being to either warn the user straight off, by using the Toolbar or Firewall; or, if a user downloaded something, say fake Spyware tools, it had to detect the Malware and remove it.
When scanning this site. BitDefender prevented the page from even loading, as the firewall detected “Adware.FakeAntiVirus.L”. The message reported that “BitDefender could not disinfect, delete or quarantine the following item. Access has been denied.”
However, while detecting the page as malicious and issuing “denied access” to it, the page pop-up warning of a slow system and potential problems was allowed. This led to the fake AV launching a pretend scan of the system.
Despite that, BitDefender prevented all of the XP Anti-Virus related Malware from harming the system. It passed this test based on the fact that no Malware was installed.
This site loaded as normal. As was the case in our recent Norton test, there was no warning from BitDefender. What is offered is a fake Anti-Virus program (Antivirus Pro), which, once downloaded, instantly warns the user of several problems, and will gladly fix and remove these issues once registered.
Microsoft warns the user that the setup.exe file is untrusted. Ignoring the warning, the file was installed.
The nature of this URL, and the software downloaded, is a scam. The cost of $29.95 USD includes the offer of $9.95 USD for software updates, and $9.95 USD to get Anti-Spyware protection. There was no warning about Phishing or scams from BitDefender, and it did not warn about the software.
When viewing the checkout section to place an order to remove all the “problems” Antivirus Pro detected, the page was SSL protected with a certificate signed by VeriSign, using a payment portal service by Plimus.com.
BitDefender failed this test, because this scam has been around in various forms for a while. More information can be found here.
BitDefender detected this site as sending “Trojan.HTML.Zlob.AG” and duly prevented the page from loading.
BitDefender blocked this site from installing a fake codec. The codec was tagged as “Trojan.Dropper.SMN”.
This Web site is one of the new Malware-spreading sites that are designed to look like YouTube. The video, often pornographic, will require a codec to be installed before playing. The codec will then make an external connection to another server and download Malware.
While the firewall for Total Security 2009 asked for permission to let the codec connect, it claimed the file was clean after a scan. However, the firewall acted only after the codec was downloaded and installed, compared to other tests where the codec was blocked outright.
Likewise, Internet Explorer attempted to block the codec. Once the permission was granted to scan, the system was infected.
The VirusTotal score is here. As of October 12, 2008, only seven of the 36 engines detected the malicious file.
The codec installed AntiMalware 2009, a known malicious AntiVirus program. The malicious AV engine found over 1400 supposed infections, and offered to remove them all for a fee.
Like other fake AV programs, purchasing this is nothing more than a scam. You are asked for your name, bank name, credit card information, phone number and address when you order, all of which is harvested and sold to criminals.
AntiMalware 2009 trashed the test system, hijacking the browser, altering the desktop, and sending a stream of Malware, some of which was eventually flagged by BitDefender’s Total Security, but it was too little too late to save the system.
Because the malicious software was allowed by Total Security, it failed this test.
Spam Detection and Filtering
BitDefender Total Security 2009 comes with the ability to check e-mail for malicious files and Spam. The testing in the lab used Outlook Express or Outlook, depending on the requirements of the vendor. However, most vendors offer protection for all Microsoft products.
The Anti-spam features are basic in nature, with little to worry about or configure. The Anti-Spam system is trainable, but this takes some time. Out of the box, the Anti-Spam protection covered 74 percent, rounded up. There was a detection failure rate of 26 percent.
There were 355 e-mails in total during the test, each of them Spam. Total Security 2009 blocked 262 of them, leaving 93 to flag on your own. Two of the e-mails correctly blocked as Spam contained malicious files. These rogue attachments were cleaned before they entered the Inbox.
Instead of earning a zero for this test (out of a possible five points) Total Security 2009 earns one point. This is because the Anti-Spam filtering needs to be trained. So, out of the box with no training, a detection rate of 74 percent is still something of a positive. However, if you want solid e-mail protection, you will need to train the Spam filter and use the Whitelist and Blacklist options BitDefender provides.
Extras and other features
Total Security 2009 has lots of little hidden gems. The network manager is a great plus, and the parental controls could stand out as a separate program on their own. The PC Tune-up tools work rather well, as does the registry cleaner. The IM encryption is a great foundation for personal security, and the idea behind this came from BitDefender’s customers. The home network management, likewise, came from customer research.
Secured file access from the file vault was an interesting perk as well. However, the largest perk, while overlapping with the operating system itself, was the Microsoft update manager. Total Security checks to ensure that Windows Updates are enabled, and that you are current with all patches. As mentioned, this is a bit of an overlap, but one that is well worth including.
What stands out in BitDefender’s test is that the software is a serious improvement over previous offerings. It delivers rounded coverage against Malware and packs in a solid list of extras. For the price, this is a good program to have around. The company is, of course, aiming for top spot when it comes to AV Vendors, so it constantly listens to clients and normal customers in an effort to implement most of their suggestions.
Total Security 2009 is a great product, and has lots of room to grow. Do not let the fact that the company might be one you have never heard of throw you off track. It’s well worth a try.
The final score for BitDefender Total Security 2009 is 91.0 out of 100.
Total Security 2009 was installed on a Windows XP computer with Internet Explorer 7 and Service Pack 3. The Microsoft updates were current and all additional software updated. The system was an Intel Pentium D 3.4 GHz CPU (Dual Core) with 1024MB RAM.
The following is a breakdown of the lab testing with point values.
Installation (10 points total)
This test covers how fast the software installs, and rates the configuration options. How simple is it to install?
Total Security 2009 earned 9 points.
Navigation and Controls (10 points total)
This test rates how easy the software is to navigate and use. Are all the menus and controls easy to locate? Are the various functions and controls easy to understand? Is there help for the options? If help is available, how easy is it to locate?
Total Security 2009 earned 10 points.
Scanning (15 points total)
Scanning covers the scanning speed, the various scanning options, and control. One aspect that is important in the control measurement was how easy it was to halt a scan in progress.
Total Security 2009 earned 14 points.
Detection (15 points total)
This test centered on signature updates and controls, as well as monitoring and detection. One of the focal points was how accurate the detection was when locating Malware.
Total Security 2009 earned 15 points.
Resources (15 points total)
Does the software drain system resources? Can the software be completely disabled? If there are help files available, how complete are they? Are the help documents easy to follow and are they relevant?
Total Security 2009 earned 15 points.
Software Options (10 points total)
Does the software include other features that layer security? Are there other features that are added in that are non-security related? Are these features useful? Do they overlap one another or other features on the computer?
Total Security 2009 earned 10 points.
Malware Testing (10 points total)
This test uses 39 samples of Malware, each worth .26 points (rounded up). The goal is to have each one discovered by the detection engine. The test is in two parts, where the samples are zipped in a password-protected archive and scanned, and then placed into an unprotected archive and scanned.
There is a loss of one point if there was no detection for password-protected archives. This is because some engines will flag password-protected files for inspection, which is a good protection point. As the bulk of the AV market allows exemptions for various files and file types, the legit password-protected files could later be exempted.
Total Security 2009 earned 9 points.
The KeyGen Test (5 points total)
The KeyGen test is a simple test to pass for any vendor. As the self extracting executable launches, the fist thing it does is write a temp file that links to a downloader. The downloader, as well as the various KeyGens in the archive, all link to Malware.
Total Security 2009 earned 5 points.
Malicious URL Testing (5 points total)
The malicious URL test takes five random URLs, known to be malicious, and judges the software's reaction to what the user does. The software is judged based on its response to visiting the site and its reaction to any software downloaded. The software must react in order to pass this test.
Total Security 2009 earned 3 points.
Spam Blocking Test (5 points total)
This test rates the Spam-blocking ability of the software. A full score means that software blocked 95 percent of the Spam samples sent.
Total Security 2009 earned 1 points.