Bitdefender engine: what does this mean exactly?

[pallino 4]

Dear EMSI Team,

 

what does it mean exaclty that you use Bitdefender engine?

Do you have the same scan engine as Bitdenfender?

Do you use their signatures and also the heuristics of BD or also other features/options?

Do you also get their signatures as soon as they are released?

 

 

thank you!

[Fabian Wosar 390]

We use all their on-demand file based technologies. We use our own technologies for everything else.

[gricardo21 2]

We use all their on-demand file based technologies. We use our own technologies for everything else.

With the exception that emsi doesnt disinfect viruses and ms scripts, doesnt remove malware within archive (they remove compressed the whole .rar .zip etc file instead) and doesnt scan password protected files. However you can live without those features... by the way what if we find an infected file by a virus, how can we cure/disinfect that file or a ms script?

[Fabian Wosar 390]

With the exception that emsi doesnt disinfect viruses and ms scripts, doesnt remove malware within archive (they remove compressed the whole .rar .zip etc file instead) and doesnt scan password protected files. However you can live without those features...

None of which is related to the on-demand scan.

by the way what if we find an infected file by a virus, how can we cure/disinfect that file or a ms script?

Replace the file with the clean original. In 99% of all cases disinfection won't work anyways, mostly because during infection certain information are overwritten which can't be restored, that ultimately the cured file will not be the same as the original one, which will lead to all kinds of subtle bugs.

[gricardo21 2]

None of which is related to the on-demand scan.

 

which are related to on-demand scans??? for me on-demand scan is when you tell the AV to scan an specific location or file, as bitdefender offers you more features in those cases...

 

 

Replace the file with the clean original. In 99% of all cases disinfection won't work anyways, mostly because during infection certain information are overwritten which can't be restored, that ultimately the cured file will not be the same as the original one, which will lead to all kinds of subtle bugs.

i´ve read about that, however why some AV are still offering that feature, as it will be useless. and for an infected OS is much better formatting than disinfecting? in the case of MS scripts most of the times it is just an script that is embedded within the file, it is just to remove that script and the file will be clean right?

[Fabian Wosar 390]

which are related to on-demand scans??? for me on-demand scan is when you tell the AV to scan an specific location or file, as bitdefender offers you more features in those cases...

You listed a bunch of cleaning engine features. Nothing of them are related to the scan engine and the capabilities we use during on-demand scans.

 

i´ve read about that, however why some AV are still offering that feature, as it will be useless. and for an infected OS is much better formatting than disinfecting? in the case of MS scripts most of the times it is just an script that is embedded within the file, it is just to remove that script and the file will be clean right?

Why are some AV vendors adding more and more features into their products until it turns into some unusable mess? Usually because users ask for it and the vendor oblige although they really should know better.

[gricardo21 2]

 

Why are some AV vendors adding more and more features into their products until it turns into some unusable mess? Usually because users ask for it and the vendor oblige although they really should know better.

well that´s right, however what about MS documents, they can be easily cleaned by just deleting the script that is embedded within them, if a personal file gets infected by a macro virus there must be the option to clean that mess.. no?

[Fabian Wosar 390]

That will not work in all cases. Resetting macros will only work if the file didn't contain macros to begin with that would also be removed by stripping all macros. It is also possible that a macro virus does not just infect an existing document by injecting new macros into it, but also by modifying existing ones. As a result, you end up with the same situation as before.

[gricardo21 2]

That will not work in all cases. Resetting macros will only work if the file didn't contain macros to begin with that would also be removed by stripping all macros. It is also possible that a macro virus does not just infect an existing document by injecting new macros into it, but also by modifying existing ones. As a result, you end up with the same situation as before.

indeed true but you are pointing one probability out of 100 most of the times MS scripts just attach their code at the end or the beginning in that way is very easy to clean the mess, the same applies to viruses they just add their code to the beginning or the end of the file (but not always), it is true that in most of the cases disinfecting files is not possible but hey... all AV states that cure is not always possible but at least they try to do it... back to the topic most of the scripts i´ve seen they just add the code at the beginning and the end, once i got infected with one macro virus. by that time all my homework was infected, i wasnt using any macro and bitdefender manage to clean very well the infection... 

well the point here is not the fact that it will work or not, we are aware that disinfection is not always possible but at least you can try to, as you use bitdefender engine you can easily implement their disinfecting core

[Fabian Wosar 390]

the same applies to viruses they just add their code to the beginning or the end of the file (but not always), it is true that in most of the cases disinfecting files is not possible but hey... all AV states that cure is not always possible but at least they try to do it...

So you agree that most of the AVs will actually end up damaging the file trying to disinfect them more often than not, but it is okay that they damage your files, because "at least they tried"?

 

back to the topic most of the scripts i´ve seen they just add the code at the beginning and the end, once i got infected with one macro virus. by that time all my homework was infected, i wasnt using any macro and bitdefender manage to clean very well the infection...

It would be interesting to see if you would still think that way if you had used macros or Excel formulars for example and the AV had just ripped those all out, potentially destroying hours or even days of your work.

 

you use bitdefender engine you can easily implement their disinfecting core

I don't think you are in a position to judge that. While you may know the Bitdefender SDK, I am pretty sure you don't have access to our code base to accurately judge how easy something like that would be.

[gricardo21 2]

first dont get mad at me am just asking am not fighting with any one here

So you agree that most of the AVs will actually end up damaging the file trying to disinfect them more often than not, but it is okay that they damage your files, because "at least they tried"?
 

well if that would be true then all the major AV industries would have a hard time with that feature, still you can cure a infected system with out any further damage, if they cannot disinfect a file or the damage level will be more than repairing the file, they will just tell you "hey we couldnt clean that" but yes i agree with you that some times if would render the file damaged but still usable, in past i faced an infection while eset disinfect the file but it wasnt able to run it, i was able to open it with winrar... i understand your point but most ot the users are not going to ask "hey, men my pc got infected would you mind if you please copy a clean replacement of the file to my USB" they dont even know the difference between malware and viruses. I think that is much better to TRY rather than delete or quarantine the whole file in that position you are telling the user, ok that file is no longer usable and you need to find another replacement. if you say "AVs will actually end up damaging the file trying to disinfect them more often than not" then just leave the user that choice, rather than delete the whole file...

 

It would be interesting to see if you would still think that way if you had used macros or Excel formulars for example and the AV had just ripped those all out, potentially destroying hours or even days of your work.
 

i was younger by that time, know i do use macros for almost all my duties, as i stated above if the file can not be disinfected then the AV will tell you... "hey i couldnt handle that" but we are talking about less complicated infections... however... lets say that yours "days of works" become infected with a macro that modifies the current one... that file will be useless no? what is the point to keep it? that where backups become important... but again i would prefer to have a file with out macros rather than begin from the scratch to build up a new file. again let the user decide what he/she would do to handle that infection with that file.... disinfection is a risk that every user should take at her/his own. how would yo handle an infected MS file that contains a lot of information that is vital to you? you cant just open word and edit the macro... or can you edit a macro witout using word? 
 

 

I don't think you are in a position to judge that. While you may know the Bitdefender SDK, I am pretty sure you don't have access to our code base to accurately judge how easy something like that would be.

well sorry you are right i cant make an argument here as i dont know your code and dont know how easy would that be... however am giving my opinion some users of your product ask for that feature... in some other places... so i was wondering if you can add that... but as i can see you will never do that.... i didnt mean to offend you, am a coder, am i know that some times it isnt easy as it seems... but that is your choice you have the tools...

well there is no point to make any more argument my first point was if you will add a disinfection tool in EAM, it seems that not... the pros and cons of disinfecting file have been discussed in other forums, so i dont see the point to continue with this arguments.

I still believe that disinfection of a file is a risk that user may they as it own.

regards 
 

[Fabian Wosar 390]

I think we both made our points clear. So I will close the thread for now as we have been off-topic for a while now.