Bit­de­fender An­tivirus for Mac re­view

Macworld (USA) - - Contents - BY GLENN FLEISHMAN

If you look at the lab rat­ings for Bit­de­fender An­tivirus for Mac, you could eas­ily as­sume that the soft­ware pack­age nails its fo­cus on mal­ware pro­tec­tion. It re­ceived the high­est pos­si­ble de­tec­tion scores from AV-TEST and AV Com­par­a­tives: 100 per­cent from AV-TEST for de­tec­tion of macos po­ten­tially un­wanted ap­pli­ca­tions (PUA), and above 99 per­cent for iden­ti­fy­ing Win­dows mal­ware.

But those scores don’t tell the whole story. When I tested ver­sion 6.1 of this soft­ware ( go.mac­world.com/bd61), Bit­de­fender fared poorly against down­loaded and de­com­pressed macos mal­ware. How­ever, af­ter that re­view, Bit­de­fender re­leased ver­sion 6.2, which

adds 200MB of free VPN ser­vice as part of the sub­scrip­tion price. An up­date fixes one of the bugs we found, the com­pany says, and I con­firmed that. Ac­cord­ingly, we’ve opted to re­view this up­dated ver­sion due to tim­ing and the fix for a bug we found sig­nif­i­cant.

Bit­de­fender also pro­vided more de­tail and a test­ing script for two file-pro­tec­tion fea­tures which are poorly ex­plained within the app, and which were dis­abled by de­fault at in­stal­la­tion. While the app’s main screen warns about some se­cu­rity fea­tures be­ing turned off, it still doesn’t for these.

IM­ME­DI­ATE IM­PROVE­MENTS

In our pre­vi­ous re­view of ver­sion 6.1, Bit­de­fender’s anti-mal­ware mon­i­tor­ing didn’t stop me when I de­com­pressed macos mal­ware from the Ob­jec­tive See ar­chive, nor when I tried to launch it. A man­ual “Cus­tom Scan” op­er­a­tion had to be per­formed to rec­og­nize the mal­ware.

With ver­sion 6.2, how­ever, as soon as I ex­panded the en­crypted ar­chive, Bit­de­fender in­stantly rec­og­nized the mal­ware, moved it into quar­an­tine, and dis­played a no­ti­fi­ca­tion about what had hap­pened. Dis­abling its pro­tec­tion, ex­pand­ing the ar­chive, and then re-en­abling it also re­sulted in an im­me­di­ate quar­an­tine of mal­ware files.

This be­hav­ior is what I’d ex­pect and marks a sub­stan­tial im­prove­ment.

In both ver­sions 6.1 and 6.2, the de­fault setup doesn’t ac­ti­vate the Safe Files fea­ture, which pro­vides pas­sive ran­somware pro­tec­tion. You must dig into the soft­ware’s pref­er­ences and turn it on man­u­ally. The com­pany says an in­stal­la­tion wizard should of­fer both Safe Files and the Time Ma­chine pro­tec­tion op­tion (which we’ll dis­cuss next) as op­tional fea­tures a

user can en­able.

When Safe Files is turned on, it pre­vents apps from cre­at­ing, mod­i­fy­ing, or delet­ing any­thing within pro­tected fold­ers; the start­ing set en­com­passes Desk­top, Doc­u­ments, Down­loads, and Pic­tures. You can add others, but ran­somware typ­i­cally tar­gets only files cre­ated by users, as those re­quire fewer per­mis­sions to mod­ify.

Ap­ple’s apps are all ex­empted from Safe Files au­to­matic block­ing, and there’s no way (or, re­ally, rea­son) to block them. I tested an Ap­ple-signed third-party app, Bare Bones’s Bbe­dit, and it was au­to­mat­i­cally ap­proved and shown in the Safe Files apps list. That approval be­hav­ior also can’t be mod­i­fied, but you can set Bit­de­fender to block third-party signed apps af­ter their first at­tempt to ac­cess a pro­tected folder. You can also man­u­ally add and re­move apps from the list and set them to ap­proved or blocked. All un­signed third-party apps are blocked by de­fault.

To test this fea­ture, I ran a piece of known ran­somware from the Ob­jec­tive

See ar­chive with Bit­de­fender’s real-time scan­ning fea­ture dis­abled (as that would pre­vent its ex­pan­sion and launch) but Safe Files turned on. Safe Files cor­rectly blocked the app. How­ever, I also tested a sim­ple Ter­mi­nal-based “bash” shell script, which uses a com­mand-line ZIP com­pres­sion tool, and the script and the ZIP com­pres­sion and en­cryp­tion weren’t stopped: macos’s Unix tools are signed by Ap­ple. Be­cause the script wasn’t known mal­ware, it also wasn’t blocked by the anti-virus data­base in Bit­de­fender.

This kind of pas­sive ran­somware pro­tec­tion dif­fers from that pro­vided by our top paid pick, Sophos Home Pre­mium, ( go.mac­world.com/shpm) which ac­tively looks for pat­terns of en­cryp­tion that ran­somware apps fol­low. Still, even pas­sive pro­tec­tion is bet­ter than none, since most ran­somware threats in­volve down­loaded apps, not free­stand­ing scripts. The com­pany could im­prove this pas­sive fea­ture by black­list­ing all Ap­ple­signed Unix apps from act­ing on the Safe Files fold­ers, too.

Bit­de­fender sep­a­rately hides a pow­er­ful fea­ture for pre­vent­ing files from

be­ing mod­i­fied in Time Ma­chine back­ups. (You can turn it on by click­ing a check­box in the pro­gram’s Pro­tec­tion pref­er­ences.) If and when ef­fec­tive ran­somware spreads among macos users, Time Ma­chine back­ups will be prime tar­gets: the mal­ware would want to en­crypt not just ac­tive files in a user’s home directory, but also any back­ups of those files that are on con­nected vol­umes.

With this pro­tec­tion op­tion turned on, Time Ma­chine back­ups can only be mod­i­fied by Ap­ple’s backup soft­ware. No other apps can mod­ify the vol­ume. In test­ing, this proved out. Try­ing to re­move and mod­ify files from the Finder, Ter­mi­nal, and other apps was con­sis­tently blocked by Bit­de­fender, while Time Ma­chine op­er­a­tions worked as ex­pected.

A FEW DOWN­SIDES

The app’s main in­ter­face is min­i­mal with a re­fresh­ingly crisp ap­pear­ance, but that’s be­cause Bit­de­fender stashed al­most ev­ery func­tion and view in the pref­er­ences dia­log. That makes sense for tweaky set­tings about scan­ning, tech­ni­cal logs, and in­ter­face con­trols—but pref­er­ences also in­cludes the quar­an­tine area, which isn’t a pref­er­ence and should be eas­ier for a user to ac­cess, as well as the Safe Files in­ter­face, which may need to be con­sulted fre­quently when us­ing new apps in a pro­tected folder.

Also, files held in quar­an­tine show just a mal­ware ID, file path, and but­tons for Re­store and Delete. You get noth­ing to click for more in­for­ma­tion, no re­pair op­tion, and no other de­tail. It doesn’t note, for in­stance, that se­lect­ing a quar­an­tined file and click­ing Re­store re­turns a de­fanged piece of mal­ware to a lo­ca­tion you select—the nasty guts are re­moved, which would be help­ful in­for­ma­tion for a user click­ing on it.

Bit­de­fender doesn’t in­stall its na­tive web browser plug-ins au­to­mat­i­cally. In­stead, you have to click a link in the app,

then click on an­other link on a web page, and in­stall it. (The com­pany says it’s work­ing to stream­line this in fu­ture ver­sions.) The plug-ins adds friendly green check­marks to links that aren’t in data­bases of ma­li­cious pages, and af­firm the links are safe when you hover over the marks. Try­ing to visit pages laden with mal­ware (in our test, via the WICAR ar­chive) blocked the page load­ing with a mes­sage and dis­played a no­ti­fi­ca­tion. All of this func­tions just as it did in ver­sion 6.1.

Bit­de­fender does of­fers cloud sup­port for cer­tain re­mote-ac­cess op­er­a­tions but it’s a rel­a­tively small set com­pared to what you can do in the app. You can see the sta­tus of pro­tected com­put­ers and their most re­cent scans, but you can’t per­form re­mote con­fig­u­ra­tion changes. You can trig­ger an ab­bre­vi­ated scan or a full scan, though.

I also tested the in­cluded parental con­trols in pass­ing. The web fil­ter­ing worked so well that it couldn’t be turned off. Af­ter us­ing the cloud-based in­ter­face to con­fig­ure a pro­file and en­able it on the test Mac, I then dis­abled it—but de­spite re­boots and other at­tempts, and con­tact­ing the com­pany’s rep­re­sen­ta­tive, it didn’t ac­tu­ally dis­en­gage. Be­fore at­tempt­ing an unin­stall and re­in­stall, I tried re-en­abling parental con­trols again on the Mac with a new child’s pro­file and then dis­abling it again. That process did the trick.

An in­cluded VPN ser­vice in­stalled eas­ily and pro­tected a con­nec­tion with a sin­gle click, but only in­cludes 200MB of VPN us­age per day. With such a low cap, the fea­ture doesn’t do much to bol­ster Bit­de­fender’s appeal against cheaper (and higher rated) com­peti­tors—you’ll pay $60 a year for pro­tec­tion on up to 3 Macs, whereas our top pick is $50 per year for up to 10 com­put­ers (Mac or PC). You can opt to up­grade to a paid an­nual sub­scrip­tion with un­lim­ited band­width us­age, but that is an ad­di­tional cost.

THE BOT­TOM LINE

Bit­de­fender’s ster­ling marks from se­cu­rity labs for mal­ware de­tec­tion is now matched by its per­for­mance—this new re­lease prop­erly de­tects and quar­an­tines down­loaded macos mal­ware in­stantly. How­ever, the soft­ware needs a bet­ter-or­ga­nized app in­ter­face, as well as im­prove­ments in browserex­ten­sion in­stal­la­tion and its parental-con­trols fea­ture. Bit­de­fender also re­mains ex­pen­sive com­pared to our top pick and other com­peti­tors with a sim­i­lar set of fea­tures. ■

The Safe Files fea­ture pas­sively pro­tects se­lected fold­ers against un­signed and blocked apps mod­i­fy­ing any­thing within them.

When an un­signed app first tries to mod­ify files in a folder pro­tected by Safe Files, Bit­de­fender warns and of­fers op­tions.

The Bit­de­fender browser ex­ten­sions mark links as safe or oth­er­wise.

Newspapers in English

Newspapers from USA

© PressReader. All rights reserved.