June 17, 2006

BitDefender Antivirus: Review of Problems

[Updates have been inserted in brackets where appropriate.]

I have been evaluating BitDefender 9 Standard on my home computer for about two weeks. I like BitDefender's effectiveness, price, and features, but it has several problems. In this post I will describe the problems I have encountered so far.

1. Disruptive Email-Scanning Notification Windows
Whenever BitDefender is scanning a mail message, it adds a little window on the lower right of the screen. When multiple messages are being scanned, multiple windows are created. Sometimes the entire right side of my screen is covered with these windows. As each scan completes, the window associated with that scan disappears. Here's a photograph I took of my screen while BitDefender was scanning incoming mail.

Picture of screen while BitDefender scans incoming mail. Note the little windows along the right side.
In the picture above I was editing an HTML file in Win32pad when Eudora downloaded my mail in the background and BitDefender scanned the incoming mail. I use POPFile to filter spam. BitDefender adds separate windows for Eudora and POPFile for each incoming message.

Not only are these windows an intrusive distraction, but they take the Windows focus from the application. That means if I am typing in an application when mail arrives, my keystrokes stop working because BitDefender windows have taken the focus. The newest mail-scanning window becomes the active window. If I quickly click in the application to make the application the active window, the next BitDefender window just takes the focus again. The net effect is that I can't continue working while BitDefender is scanning incoming mail. I have to stop whatever I'm doing and wait for the mail scans to finish.

This mail-scanning behavior is outrageously bad. I don't understand why the ninth version of an antivirus program would be designed to behave this way. An antivirus program should work inconspicuously in the background. It should not distract the user with pop-up informational windows. It should not create multiple pop-up windows. It should not take the focus away from the current application. BitDefender describes the program as, "an 'install and forget' product" (here, as of 6/17/06). There's no way to forget an antivirus program that forces you to stop what you're doing every time mail arrives.

The mail-scanning windows have a negative impact on the user's work and provide little or no benefit. The windows should be removed from the program or at the least made optional so the user can turn them off. If BitDefender is determined to show the user when mail is being scanned, it should do so subtly without taking the focus away from the current application. For example, the color of the BitDefender icon in the system tray could be changed while mail scanning is in progress.

[UPDATE 8/10/06: The e-mail scanning notifications are optional (as they should be). The notification windows can be turned off as follows. In BitDefender select the "General" tab on the left. Select "Settings" in the top menu bar. Uncheck the box that says "Show on-screen notes". Click the "Apply" button at the bottom. Close the BitDefender window by clicking the "X" in the upper right corner. This setting option is poorly named. "On-screen notes" implies some sort of help feature to me. The option should be named more descriptively, like "Show e-mail scanning notices" for example.]

2. Incoming Mail Timeouts
Each time I receive an email with an attachment that's more than a few hundred kilobytes, BitDefender causes the mail download to fail with a timeout error. When a download times out I have to notice that the download has failed, disable BitDefender's virus shield, download the mail manually, and turn BitDefender's virus shield back on. Until two weeks ago I used Norton AntiVirus and I never had this problem. Norton AntiVirus sometimes added "X-Symantec-TimeoutProtection" lines to a mail's header. POPFile sometimes adds "X-POPFile-TimeoutPrevention" to a mail's header. Apparently timeouts are a common problem that other mail-handling programs like Norton AntiVirus and POPFile handle, but BitDefender does not.

[UPDATE 6/23/06: Some large incoming mails time out and some don't. Some headers of large mails contain BitDefender timeout lines and some don't. As a test I mailed myself a large file (over 4 MB). The outgoing message timed out. I disabled BitDefender, sent the mail again, and the message was sent properly. I enabled BitDefender and downloaded the large email. The incoming mail did not time out and 13 lines beginning with "X-BitDefender-TimeOut" had been inserted in the mail's header. I was wrong when I said BitDefender does not handle mail timeouts. It would be more accurate to say that BitDefender's timeout protection is unreliable. I never had mail timeouts when I used Norton AntiVirus and I have experienced several mail timeouts while using BitDefender.]

3. Eudora Mailbox Files Quarantined
During my first full-system scan BitDefender detected a suspected bad java script in at least one message in each of three Eudora mailbox files. Rather than cleaning, quarantining, or deleting the specific messages, BitDefender moved the entire mailbox files to quarantine. I turned off BitDefender and reloaded the three mailbox files from a backup. (I later discovered that quarantined files can be restored from BitDefender's quarantine screen.) I wanted to find and delete each problem message manually so that the mailbox files would not be quarantined again during the next scan. BitDefender's report only identified each message by its position in the mailbox file -- like "message 367". I would have to manually count the messages to find and delete the messages containing the bad java scripts. I found and deleted one message manually.

Rather than attempt to find and delete the other two messages manually, I turned BitDefender's virus shield back on, listed Eudora mailbox files in Windows Explorer, and right clicked on one of the mailbox files I had restored. I selected "BitDefender Antivirus v9" from the right-click menu and BitDefender scanned the file. This time BitDefender found and cleaned the bad message without moving the file to quarantine. The mailbox contained the same number of messages before and after the cleaning. I then requested a scan of the other restored mailbox file and BitDefender reported that it successfully cleaned that file too. I do not know why BitDefender handled the same files differently on a manual scan and a full-system scan.

[UPDATE 6/18/06: I scanned C: and BitDefender reported finding and deleting the two viruses in mailbox files that it had previously found and claimed to have deleted. It did not move the mailbox files to quarantine. I immediately scanned the same two files again and BitDefender again reported finding and deleting the same two viruses. I scanned the two files a third time and again BitDefender said it found and deleted the same two viruses. BitDefender claims to delete the viruses on each scan, but then finds the same viruses in the same mail messages on subsequent scans. These scans reveal a disturbing bug in BitDefender. Sometimes BitDefender falsely reports the deletion of a virus. I suggest repeating the scan of any file from which BitDefender reports deleting a virus. I used a text editor on the two mailbox files to find and delete the two java scripts BitDefender was reporting.]

I am apprehensive of how BitDefender will handle good incoming messages if there's something bad in a message arriving at the same time. I ran a test by turning off BitDefender and mailing myself several messages, one of which contained the EICAR test virus. I then turned BitDefender back on, waited a few minutes, and downloaded my mail. My test was foiled because my ISP, BellSouth, has an arrangement whereby Symantec checks all mail for viruses. The message in which I included the EICAR test virus had a line inserted saying Symantec had removed the virus.

4. Incoming Mail Scan Wakes Up Monitor
I have my 21-inch monitor set to power-off after fifteen minutes of inactivity. When BitDefender scans incoming mail it activates my monitor as if I had moved the mouse or pressed a key.

5. Less-Important Problems
The quarantine screen does not show a quarantined file's original location, nor does it show the date and time a file was quarantined. If I want to restore a file that was quarantined from multiple locations, there's no way to know which instance of the file to restore.

BitDefender creates folders and files in my C:\Windows\Temp directory. These files are not automatically removed. An example folder name is "tmp000031c1". Each folder contains one file of zero bytes. An example file name is "tmp00000000". The folders and files accumulate until they are deleted manually or through a programmed clean-up process.

BitDefender may prevent the game Unreal from running. I realized I had not tried to play a game since installing BitDefender, so I tried Unreal and the game aborted with an error that said something like "Flip Failed Surface Busy". I rebooted and disabled BitDefender. Then Unreal ran fine.

[UPDATE 10/12/06: I have played Unreal several times now while BitDefender was running, without crashing.]

My computer is more unstable and requires rebooting more frequently since I installed BitDefender. The most recent time I was forced to reboot, my computer was frozen with two mail-scanning windows on the lower right of the screen.


My system info:
Windows 98 SE
POPFile 0.22.2
Eudora 4.3.2
BitDefender 9 Standard (build 9.5)