Bitdefender Total Security 2016 Review - Adds Ransomware Protection and Security Hub
key review info
- Application: Bitdefender Total Security 2016 Build 188.8.131.525
- Reviewed on:
- Bitdefender Central
- (11 more, see all...)
The 2016 edition of Bitdefender's antivirus lineup was released yesterday, bringing new features to the table for boosting security and keeping in touch with all personal devices.
The two primary features introduced in the latest version are Bitdefender Central, a security hub used for managing multiple devices with the tool installed (Windows, Mac OS X, Android) from a web interface, and Ransomware Protection, which prevents hijackers from encrypting and deleting your private data to hold it for ransom. In addition, the anti-malware program improves its firewall, password manager, financial security tool, anti-theft system, and parental control module.
Setup, sign-up, and initialization
Just like in the previous editions, Bitdefender can be configured during setup when it comes to the installation directory and proxy settings. It integrates new entries in the Explorer right-click menu for quickly scanning custom files and folders, shredding items, as well as creating, adding, removing, opening and locking the file vault.
After setup, it's necessary to sign up for an account to be able to activate Bitdefender, or you can log in with your Facebook, Google or Microsoft account instead. This account can be used on your other devices with Bitdefender installed, in order to connect them all and gain remote access through the Bitdefender Central web UI.
An initial scan is automatically carried out to establish your computer's security status, after which a small security widget is displayed on the screen, which indicates the AV status and provides fast access to the events log. Plus, you can drop files and folders in this widget to scan.
Slightly modified interface
As far as the design is concerned, the main app window keeps the same dark theme presented in the 2015 edition. However, the options are organized differently. The largest tile launches Bitdefender Central, while the other ones enable you to run a vulnerability or quick scan, access Safepay, trigger the Startup Optimizer or OneClick Optimizer, and check for updates.
The remaining modules are accessible from a separate area, where they are split into three parts: protection, privacy and tools. All configuration settings supplied by Bitdefender can be found here.
Autopilot, work, movie, and game profiles
The autopilot mode is activated by default, enabling the program to silently deal with any issues. For example, if it detects an infected file, it decides to move it to the quarantine or deny access without asking any questions. It also has a real-time optimization mode and three other profiles with optimized settings.
Background programs and maintenance tasks are postponed in work, movie and game profiles, while product settings are optimized to suit your needs, depending on the profile. You can delay automatic Windows Updates, adjust power plan options for movies or games, as well as create lists with applications, media players and games to take into account. There's also a battery mode with similar applicable options, which can disable external devices and network ports too.
AV scan modes and settings
In quick scan mode, Bitdefender takes into account only typical locations prone to malware infections, like Program Files or the Windows directory, the system scan mode verifies all hard disk contents, while the vulnerability scan mode checks for critical Windows Updates, application updates, weak passwords, and media autorun.
Custom scan profiles can be created by including any drives, folders or files in the scanner, as well as by scheduling it to run only once, at every Windows startup, or periodically. Meanwhile, the rescue mode helps you regain control of your machine if it's heavily infected with malware.
As far as advanced scan settings go, Bitdefender's on-access scanner is set to normal by default, a basic security level with low impact on system resources. You can switch to permissive move to minimize resources usage even further, or opt for aggressive mode if you suspect notable malware activity (moderate resources consumption).
In the default configuration, the real-time scanner verifies all files, network shares, keyloggers and boot sectors, looks inside small archives, checks incoming and outgoing emails along with HTTP traffic, and performs early boot scan. When encountering threats, it sets the course of action on its own. However, you can disable these options and ask it to scan only applications or new and changed files, as well as to automatically deny access to infected files or move them to quarantine.
Moreover, it's possible to adjust the Active Threat Control level, a feature that uses advanced heuristics to instruct Bitdefender how to deal with possible false positives. You can exclude any files, folders, extensions or processes from Active Threat Control's continuous scanner, disable autoscan for CD, DVD and USB devices, or activate autoscan for mapped network drives.
The quarantine can be rescanned every time the program receives the latest virus definitions. Suspicious quarantined items are submitted to Bitdefender's labs for further analysis, but you can deactivate this as well as specify the quarantine storage time before auto removal.
Firewall and Intrusion Detection
The Bitdefender Firewall has received improvements for the 2016 edition to provide better performance and greater stability. It blocks port scans in the network and has some predefined rules for allowing or denying Internet access to applications, depending on which ones you have installed on our computer. You can modify this access level, view general rules (e.g. DNS over UDP or TCP, sending emails), or define new rules for any program by setting the permission and network type (trusted, home/office, public, untrusted). All network adapters are monitored and you can allow any of them to work stealthily, or specify exceptions for addresses.
The Intrusion Detection module identifies and blocks attempts to modify critical system files or registry entries. It notifies you about DLL injectors and prevents malware drivers from getting installed. Its degree of security is adjustable (permissive, medium, aggressive) and is set to permissive by default to generate few alerts about possible malware drivers and hijackers trying to disarm the AV software. The aggressive mode also detects keylogger attempts, Internet Explorer vulnerabilities, and attempts to change the desktop background or IE homepage.
Web protection and anti-spam
The web protection component ensures your safety when navigating the web via the Search Advisor, an assistant that tells you if the websites displayed in the search engine results have a good or bad reputation, SSL scanning, along with anti-fraud and anti-phishing protection. It lets you create a whitelist with URLs considered safe.
The anti-spam feature automatically scans messages from email clients (POP3), such as Thunderbird. It can block emails written in Asian and Cyrillic characters, as well as submit spam and legit samples to the Bitdefender Cloud. You can manage lists with friends and spammers when it comes to email addresses and domain names.
New feature: Ransomware Protection
Freshly introduced in Bitdefender Total Security 2016, the ransomware protection component is built to protect your personal files from being encrypted and held for ransom when a potentially unsafe application tries to change or delete them, such as CryptoLocker, WinLocker or MBR ransomware. Threats are determined by analyzing not only their behavior but also where they are launched from, like network shares.
By default, the module monitors the public and current user's Documents and Pictures directories, along with Dropbox, Box, OneDrive and Google Drive cloud sync folders, enabling you to remove any entry from the list, as well as to add any new folders to protect. You can set this module to autorun at system startup, and manage lists with trusted and blocked applications.
Safepay and Wallet
Acting like a browser sandbox, Safepay is a virtual environment isolated from the rest of the system, allowing you to securely navigate the Internet using a built-in web browser, equipped with a virtual keyboard to protect yourself from keyloggers. It lets you type financial data, such as credit card information when shopping online, without having to worry about fake websites trying to trick you into handing out your banking details.
There's also a password manager available for those who want to easily store multipurpose passwords when using web browsers, such as email accounts, banking data, or wireless networks. This wallet can contain multiple databases, each having its own access key, and it can be synced across multiple devices.
It supports Internet Explorer, Firefox, Chrome, Skype, Yahoo and Safepay, as well as form autofill. Starting with the 2016 edition and the introduction of Bitdefender Central, it's possible to have multiple wallets in the same account and manage them from other devices linked with that account. Wallets are automatically synced across all devices.
File security, system optimization, and parental control
A file shredder can be used to permanently delete files and folders to prevent third-party users from recovering them with specialized tools. The file encryption feature enables you to keep files in a password-protected vault, which can be mounted as a virtual drive with an adjustable size.
PC tune-up is facilitated by OneClick Optimizer that removes junk files and privacy-related data from the disk, such as browser cache, debug info, Windows junk files, and invalid or obsolete registry entries. It's backed by a Startup Optimizer capable of measuring the launch time of autostart apps to determine how the Windows boot time can be increased.
Controllable from Bitdefender Central, Parental Advisor gives you the possibility to keep track of your child's activity on any linked devices. After setting up his or her profile, it's necessary to deploy Bitdefender on the remote device. It lets you locate the remote device on the map, customize interests for websites to monitor and block, create website exclusions, find out who interacts with your child on Facebook, and block no caller ID interactions.
Accessible via online registration or login using a Facebook, Google or Microsoft account, Bitdefender Central represents a centralized system for remotely managing all devices linked to your account. If Bitdefender is not already installed on them, you can do this remotely.
It's possible to add owner information (including profile photos), edit device names, enable/disable autopilot, deploy quick/full/vulnerability scans and one-click optimization, locate devices in Google Maps, wipe data, lock devices with a Windows password or pin code, activate sound alerts (for smartphones and tablets), as well as access the parental control module.
Events and general settings
Statistics are recorded for the antivirus, web protection, vulnerability, firewall, intrusion detection, anti-spam, ransomware protection, file encryption and tune-up events, as well as virus definition updates. The auto-updates can be disabled or you can change their frequency, server, silent mode, and delayed PC reboot.
Bitdefender can be password-protected, and you can disable notifications for product offers and security reports, as well as enable paranoid mode to get notified for any suspicious event.
How Ransomware Protection works
This security feature auto-blocks programs labeled as potentially unsafe and shows a systray notification, where you can either allow access or close the alert (to keep it blocked). When clicking the button to allow access, Bitdefender opens the list with blocked applications and wordlessly requests you to select the program and click the "allow" button again.
Although we understand the security factor implied by the two-step confirmation, it can become a tedious task to browse a long list with blocked programs every time you need to locate one to allow (new entries are added to the bottom of the list, not the top). On top of that, in the next step, the systray dialog doesn't automatically disappear, so you still have to manually close it.
Entries removed from the blocked applications list are automatically moved to the trusted list. This means that if you want to recheck Bitdefender's efficiency for a blocked program, it's necessary to remove its entries from the blocked list and then the trusted list.
Evaluation results and observations
To test malware detection ratio, we asked Bitdefender to scan a 682MB folder with 5,000 malware files and set Active Threat Control to aggressive level. The real-time guard instantly responded and started eliminating items. It finished the job after roughly 15 minutes and left behind 269 files, resulting in a 94.64% success rate.
Quick scans were very fast, along with other scan types in general. However, CPU and RAM usage was high during this time, while RAM consumption remained high even when BD was idle. This seems unusual for Bitdefender, since it's widely known for its minimal impact on computer performance.
We have noticed other irregularities on Windows 7 and 8. In some cases, it caused Internet connection problems that weren't resolved by disabling its components, such as decreased webpage loading speed or network failure. These issues were fixed after uninstalling Bitdefender.
We initially ran the malware test on Windows 7, 8 and 10. However, there were significant differences between Windows 7/8 and Windows 10 concerning the detection ratio, although the same malware files and AV settings were applied. BD Security Center frequently crashed and restarted on Windows 10, which prevented us from properly testing Bitdefender on the latest OS. It never crashed on Windows 7 and 8.
To be honest, we have noticed that many programs are manifesting compatibility issues with Windows 10. This is somewhat understandable, since the OS is still new, but it's unclear if the problem lies with the software developers or the operating system.
Bitdefender Central lets you remotely manage linked devices from a web UI, featuring map localization, device locking, audio alerts, and parental control. It supports Windows, Mac OS X and Android. This kind of device centralization feature is typically offered in enterprise editions, not for the general consumer.
Another feature that's not shared with most AV tools is that BD identifies password-protected archives and asks you for the access key to scan contents. Otherwise, the items can be skipped.
Since Total Security has multiple security layers, it has multiple active processes. Security Service used a lot of memory in all our tests, even when BD was idle. Overall, Bitdefender feels heavier than the 2015 edition regarding resources consumption.
The ransomware protection component needs a little more work when it comes to usability.
It doesn't have an entry in the systray menu for temporarily turning off the real-time guard, nor a button for temporarily turning off all components (this can be done only separately). Unless autopilot is enabled, it's not possible to disable notifications.
However, you don't have to take our word for it. You can download and test Bitdefender Total Security 2016 for yourself (the first 30 days are free). If you're looking for a lighter feature set, check out Bitdefender Internet Security 2016 or Bitdefender Antivirus Plus 2016.