BitDefender Internet Security ReviewVersion 2008, Build 11.0.15
by Coenraad de Beer (Webmaster & Founder of Cyber Top Cops)
Posted on 22-03-2008
The installation wizard is very thorough and requires minimal user interaction. I installed the product on Windows XP SP2 and Windows reported that the BitDefender Firewall NDIS Filter MiniPort did not pass the Windows Logo testing to verify its compatibility with Windows XP. I installed BitDefender Internet Security on two other PC's as well and had no problems with any incompatible devices during the installation process, so it must have been an isolated case with the specific test PC I initially used. Most advanced users know that this is just a bit of annoying bitching from Windows and it is safe to continue with the installation anyway.
A registration wizard is part of the final installation steps. It was nice to be able to evaluate the product without the need to create a BitDefender account, this gives me a little vote of confidence in BitDefender because they are not just interested in getting your e-mail address and personal details, they want you to evaluate their product without forcing you to sign up for any unnecessary stuff.
I encountered a minor glitch in the setup procedure, just after downloading the latest updates. The disabled "Finished" button never got enabled again after downloading the updates and I had to cancel the wizard to complete the installation. This is a small issue but it is something the developers of BitDefender may want to look at, because novice users will land in a flat spin when something like this happens, because they simply won't know what to do next.
It took about two weeks before I had a chance to install the demo for the first time, so there was about 15MB of updates to download. This is good too see, because this means that BitDefender is updated on a regular basis. BitDefender Internet Security can be configured to check for new updates in hourly intervals. The smallest and default interval is one hour, but the user can choose longer intervals if desired.
The BitDefender Security Center displays 4 main component monitors of the security suite:
- PC Security Monitor: Observes the status of the Antivirus, Antispam and Antiphishing components, including the age of the updates currently installed.
- Network Security Monitor: Observes the status of the Firewall.
- Identity Control Monitor: Keeps an eye on the status of the Privacy Control.
- Parental Control Monitor: Reports on the status of the Parental Control.
The Security Center will inform you if it detects any problems with a component of the security suite. BitDefender Internet Security therefore brags with an anti-malware shield, providing protection against viruses, spyware, Trojans, rootkits, etc.; a firewall, protecting your system from unauthorised inbound and outbound connection attempts; a spam filter; a privacy control shield, safeguarding your identity and preventing phishing attacks and finally a parental control shield, keeping your children safe from harmful content hosted on the web. The real-time shield scans accessed files, incoming & outgoing e-mails and network traffic. The protection provided by the shield can be expanded by scanning HTTP traffic as well, something that's becoming more important by the day, because you can become infected with malware by just visiting a malicious website. The BitDefender Internet Security Real-Time protection shield uses heuristic analysis technology called B-HAVE (Behavioural Heuristic Analyser in Virtual Environments).
BitDefender Internet Security will first of all try to disinfect an infected file. If the disinfection attempt fails, it will move the file to quarantine. When BitDefender finds a suspected file, it will deny all access to the file.
BitDefender is one of the very few Internet security suites that don't increase the loading times of the Windows Startup and Shutdown. You often find that your computer takes longer to start up after installing a security suite, but this is not the case with BitDefender Internet Security. BitDefender Internet Security doesn't affect the overall performance of your system too much and the system remains quite responsive, even during a Deep System Scan, but a slight decrease in performance was noticeable on my machine, after installing the security suite.
Isolation of Threats
Isolation of threats is very good and by the book. All access to infected files is denied, so you won't be able to execute, copy, move, modify or rename an infected file. This makes it impossible for an infection to spread through your system. Once BitDefender detects a threat it displays a Virus Alert dialog to inform the user that action has already been taken against the infected file, so when you see the Virus Alert, you can rest assured that BitDefender has everything under control.
The user interface of BitDefender Internet Security is quite impressive, yet very easy to understand and use. It is not difficult to find your way through the settings console and configuring the different components of BitDefender Internet Security is pretty easy and straightforward, thanks to clear descriptions and intuitive interface elements. One slight criticism against the interface is the inability to resize windows. Some screens, like the Scan Results Summary for instance, do not fit into a 800x600 screen resolution and I could not find a way to make the window smaller.
Virus alerts are displayed in a single top-level dialog, forcing the user to take notice of the alert. This has its uses but can become quite annoying on a severely infected machine. Bonus points to the developers of BitDefender for displaying all the threats in a single Virus Alert dialog and not in a separate dialog, pop-up, balloon or window for each threat detected. When BitDefender Internet Security detects another threat while the Virus Alert is still open, it will provide the user with a "more details" button, which will open a small text box with scroll-bars once you click on it. The user can then comfortably scroll through the log of threats detected by BitDefender. The Virus Warning alert can be disabled in the BitDefender Real-Time Protection Settings console if desired.
One thing that was missing from the BitDefender Security Center was a shortcut to the Quarantine list (more commonly known as the Virus Vault in other anti-malware applications). The only way to access the Quarantine list is to navigate through the Antivirus settings console to the Quarantine tab.
Scanning & Healing
- Fast-scan function: Yes (Called the My Documents Scan)
- Scanning of Single objects: Yes
- Customisable scanning: Yes
- Boot sector scanning: Yes
- Memory scanning: Yes
- Registry scanning: Yes
- System Area scanning: Yes1
- Cookies scanning: Yes
1. No predefined scan exists for the System Area only, but one can easily create a custom scanning task to scan the System Area (critical parts of the system) alone. The System Area is scanned during a Full or Deep System Scan.
Scanning is completely automatic, with no user interaction required during the scanning process. A Scanning Results Summary is presented to the user right after the scan, where the user can choose to take specific actions against specific infections, or one single action against all detected threats, with a single click of a button. Useful statistics are given during the scan, like the elapsed time of the scan, the number of files scanned per second (which is useful to see how fast the scanner is performing), the number of scanned items, infected items, suspect items, the number of ignored items (for instance password protected files), hidden files and hidden processes.
Suspect files are automatically sent to BitDefender Lab for analysis. The user can disable this behaviour if desired, but can only do so AFTER installing BitDefender Internet Security. I feel that this is sloppy from the developers of BitDefender and they are making life hard for the user by not presenting a simple choice to disable this feature completely, during the installation of the product. No, they only give you a prompt informing you about the feature and you are only told where and how to disable it. At least they tell the user how to disable it, but this is not good enough in my books, if I have privacy issues about the files on my computer, I don't want the feature enabled, period.
Another downside of the scanner is that it doesn't provide any alternative actions for dealing with infected archives, when all other disinfection attempts have failed. At least it gives you the location of the archive and the location of the infected object inside the archive, so you can delete it manually, but this can be a nightmare on a PC with a thousand infected archives. I am not going to trust anything in an archive containing an infected object, unless I created the archive myself and know what's supposed to be inside, so I would have liked to see an option to delete the whole archive (like many other anti-malware applications do), especially in cases where the infected archive is an installation package downloaded from the Internet.
The BitDefender Internet Security Firewall offers the user a lot of flexibility and the user-friendly and informative prompts, makes firewall training a breeze. Like any firewall, it has to be trained before it can function effectively. By default it will prompt the user if an unknown program tries to make a network connection. The name and file path of the application, the destination of the connection and the protocol used to make the connection is displayed in the notification alert. A default rule will be created, based on whether you allowed or blocked the application. Next time, when the program tries to make a connection, the firewall will automatically apply the newly created rule.
The program trying to make the connection is first scanned by the Antivirus component and then passed to the firewall. When the scanner found the file to be clean, BitDefender Internet Security always recommended that I allowed the application to make the connection. In my humble opinion I believe that this is a "fairly" safe call to make, but the mere fact that the file is not infected is in no way an assurance that the application is making a legitimate connection, so it still comes down to the user to use his/her own discretion.
One can manually add new rules for specific applications or general rules for all applications. In addition to this, you also create connection rules for the ICMP, TCP and UDP protocols. You either allow or deny access for a specific application (or all applications), when a specific protocol is used under specific circumstances. Advanced rule parameters include the ability to specify the direction (inbound or outbound) of the connection including the source and destination address of the connection. The source and/or destination address can either apply to any address, a specific host, a specific network, the local host or the local network only. You can apply these rules to connections on a specific port, a range of ports between 0 and 65535, or you can choose to apply the rule to any port.
Advanced settings include the ability to enable/disable Internet Connection Sharing, Stealth Mode (block port scans and denies ICMP attempts) and Wi-Fi Notifications. The firewall also monitors changes in program files that match firewall rules, making it harder for malware, which modifies legitimate programs already white-listed by the firewall, to bypass the firewall.
The Antispam Shield of BitDefender Internet Security is the only component of the security suite that really disappointed me. It is supposed to be compatible with Microsoft Outlook, Outlook Express, Windows Mail and Mozilla Thunderbird, but I had all kinds of problems trying to evaluate the component in Mozilla Thunderbird. I did not test it with Outlook and Windows Mail. A training wizard starts when you open your e-mail client for the first time after installing BitDefender Internet Security. The Antispam component seems to work better in Microsoft's e-mail clients, but the plug-in for Mozilla Thunderbird is far from perfect. The training wizard did not launch at first and the Antispam toolbar was greyed out, so I was unable to click on any of the buttons, I couldn't even launch the training wizard manually. I copied "bdtb.dll", "bdtb.ini" and "IBDTB.xpt" from "Program Files\BitDefender\BitDefender 2008" to "Program Files\Mozilla Thunderbird\components", but only managed to enable the "Spammers", "Friends", "Settings Wizard" and the "BitDefender Antispam" buttons on the Antispam Toolbar. I had to Repair the installation to get all the buttons on the toolbar to work. Even after all these efforts, I was unable to properly test the Antispam component in Mozilla Thunderbird because Thunderbird constantly crashed and the Antispam toolbar got disabled again. To say the least, this kind of effort cannot be expected from the end-user and the developers of BitDefender Internet Security really need to work on this department if they don't want to alienate Thunderbird users.
I had to do the remainder of the testing in Outlook Express. The Antispam filter did not deliver any false positives and the Bayesian filter quickly picked up spam e-mails after a bit of training. Under the hood of this spam filter lies a pretty impressive multi-layered spam filtering system. All e-mails are processed in the following order:
White List/Black List Filter
The White List in BitDefender Internet Security is called the Friends list and the Black List is called the Spammers list. The filter can be configured to allow/block specific e-mail addresses, e-mail addresses from specific domains, or e-mail addresses containing specific domain suffixes (like .com). If the sender's e-mail address matches an entry in the Friends list, the e-mail is moved to the Inbox, if it matches an entry in the Spammers list, the e-mail will be tagged as spam. The e-mail is passed to the next filter if no match is found on either list.
BitDefender Antispam will by default block any e-mail written in Asian characters, but this filter's capabilities can be expanded to Cyrillic characters as well. If the e-mail is not written in any of these two character sets, it is passed to the Image filter.
This filter scans the images embedded into an e-mail. This is a very useful feature, because many spammers hide the contents of the e-mail in images these days, especially enlargement patch, stock and viagra spammers. The image signature is compared to a set of signatures stored in the BitDefender database of image signatures. If a match is found, the e-mail will be filtered as spam, otherwise the URL filter will be applied next.
The URL filter works on the same principle as the Image filter, the only difference is that the URL's in the e-mail are compared to a set of known phishing, malicious and spam-related URL's stored in a database. The URL filter is the first of a three-part spam scoring system. It adds a spam score to the e-mail, based on the links found in the e-mail and passes the e-mail on to the NeuNet filter.
NeuNet (Heuristic) Filter
This heuristic filter scans the e-mail for words, phrases and other common characteristics of spam. It also checks the subject line for the phrase SEXUALLY-EXPLICIT, something that's required by federal law since 19 May 2004, if the e-mail contains sexually oriented material. This filter also adds a spam score to the e-mail if it finds any spam-related words or phrases in the e-mail. The e-mail is then passed to the final filter, the trainable Bayesian filter.
The classic anti-spam filter that can be trained by indicating which e-mails you regard as spam and which ones you regard as non-spam. Training is easy, as with most Bayesian filters. You hit the "Spam" button to tell the filter which e-mails should be regarded as spam, or you hit the "Not Spam" button if the filter accidentally marked a legitimate e-mail as spam. A final spam score is added to the e-mail based on the outcome of the Bayesian Filter's analysis. The aggregate score of the last three filters are used to determine whether the e-mail should be classified as spam or not.
Despite the issues with Thunderbird, it still remains a pretty impressive spam filter with a lot of potential.
The Privacy Control component consists of 4 important sub-controls, an Antiphishing Toolbar and a System Info Tab. Each sub-control operates on the basis of rules that either allow or deny specific activities or actions. Just like the Spam Filter and Firewall, it may take some time to configure this tool for optimal operation, because everyone has different privacy needs. This control basically needs to adapt to your browsing habits and the applications you install on your computer. The sub-components of the Privacy Control are as follows:
This control scans HTTP and SMTP traffic for sensitive data, specified by the user through the creation of rules. All the data captured in these rules are encrypted for safety reasons and users are advised to enter only a part of the data you want to protect. A good example is your credit card number. You create a rule where you enter, lets say, 5 consecutive digits of your credit card number. BitDefender encrypts these 5 digits and stores it in the Identity Control database. Whenever BitDefender Internet Security detects that this information is being transmitted over the Internet, it will block the transmission before it reaches its destination. For instance a malicious program steals your credit card number after you entered it on your favourite shopping site. If the program tries to send the credit card number to a server where a criminal can download it, BitDefender will block the transmission, whether the program used HTTP or SMTP traffic to transmit the information. Trusted sites can be added to a white list to prevent legitimate transmissions of sensitive data from being blocked. The effectiveness of this control remains to be seen and one may argue that it creates a new set of dangers by storing sensitive data in a database on your computer. But the control still encrypts the information and could be a very effective tool against keyloggers and malicious monitoring programs, like spyware.
The Registry Control prevents malware from infiltrating the Startup sections of the Windows Registry. The user receives a prompt each time a program tries to modify the Windows Registry, giving the user the opportunity to allow or deny the modification.
Keeping your browsing habits private. This control exercises control over the creation of cookies by websites.
The web is full of harmful scripts and you can become infected just by visiting a harmful website. The scripts control informs the user when a website tries to execute a script or active content. Rules are created for each site you visit, so you won't be annoyed with prompts for sites you already indicated as trustworthy.
BitDefender Internet Security also installs an Antiphishing toolbar for Internet Explorer, to protect the user against phishing attacks while browsing the web. This layer of protection is useless for Firefox users, because it is designed for Internet Explorer only and Firefox has its own built-in anti-phishing protection anyway.
System Info Tab
The last component of the Privacy Control is the System Info tab. It gives you a birds-eye view of the applications registered to run at Startup. This tool is not very useful to the novice user and it is best for newbies to stay clear of this tool. It is not very user friendly and there is no solid indication to the user whether it is safe to remove certain entries or not. This tool may only be useful to advanced users.
The Parental Control provides protection through a combined effort from the parent and BitDefender Internet Security itself. The parent specifies which websites, games and keywords to block, while BitDefender contains its own black list of inappropriate websites. All the settings of the Parental Control can be password protected via the Advanced tab of the BitDefender Internet Security settings console. It may take some time to get the Parental Control to work the way you would like it to work, but if you are serious about protecting your child from the harmful content on the web, you will soon realise that the time you spend on configuring this tool, is an investment in the online safety of your children. The Parental Control module is divided into five different controls:
The parent can block specific URL's, URL's starting or ending with certain keywords, URL's belonging to specific domains or URL's containing specific domain suffixes. Exceptions can be specified via a white list of sites in cases where the URL matches specific criteria, but where the parent is confident that the site does not contain any content that's harmful to children.
A black list of applications is used to prevent the execution of specific applications like chat clients or games.
Keyword Filtering Control
POP3 and HTTP traffic are scanned for inappropriate keywords. Any e-mails or web pages containing these keywords are blocked. This control combined with the Web Control can become a highly effective shield against content harmful to minors and sensitive persons, you only need to spend some time adding the necessary keywords and URL's.
The Web Time Limiter
This is something that's present in almost any parental control tool. It is a very simple tool where you specify certain time intervals when access to the Internet is allowed or denied. This can be narrowed down to specific times of the day for specific days of the week.
Heuristic Web Filter
This filter is not enabled by default, which is quite understandable because it can be a bit oversensitive and often delivers false positives. The filter analyses web pages for potential inappropriate content, depending on the tolerance level you choose. If you slide the tolerance level to Adult, it will display all web pages, regardless of their content. The Teenager tolerance level is the default level and is medium restrictive (recommended for ages between 14-18). The Child level is highly restrictive and is recommended for users under the age of 14. This is merely a guideline and it is up to the parents to decide what their children are allowed to view. So you may want to play with this feature to see what it blocks and what it lets through. Whenever the Heuristic Web Filter detects possible inappropriate content it gives the user the choice to add the site in question to a white list. If the Parental Control settings is password protected you will need to supply the password to add the site to a white list. I would rather spend more time configuring the Web Control and Keyword Filtering Control than trying to white list all the false positives delivered by this control.
One thing that's often overlooked is the un-install program. I was really impressed with the way BitDefender handled the situation when the Un-installer crashed unexpectedly. A "manual" un-install option is presented to the user, allowing the user to force a un-install, thereby cleaning the registry from any entries that may have been left behind by the failed un-install attempt. It may be called a manual un-install tool, but the actual removal process is pretty automated. The only interaction required by the user is to reboot the PC once the process has been completed. Failed un-installs of security products often cause severe system corruptions, so it is nice to see that the developers of BitDefender took the un-install process one step further than many other security products.
BitDefender Internet Security un-installed quite nicely on the second attempt, without any side effects thereafter.
BitDefender Internet Security delivers outstanding protection against malware, combined with a flexible and user-friendly firewall, comprehensive privacy protection controls and a parental control that can be quite effective once it has been configured properly. The multi-layered spam filter has the potential to take spam filtering to the next level, but support for alternative e-mail clients like Mozilla Thunderbird is not quite what it should be. Resource usage is not too bad, but there is room for improvement and the user-friendly interface ensures makes it easy to operate the software without any unnecessary effort. BitDefender Internet Security respects the integrity of your system and is easy to un-install.
BitDefender Internet Security:
|Isolation of Threats:||9|
|Scanning & Healing:||7|
(Compatibility, Filtering & Effectiveness):
(Anti-Phishing, Privacy & Parental Control):
Did you like this review? Please send us your comments.