Install and Updates
Install and Updates
Downloading signature databases
Hi
I don't know if I'm writing in the right topic. If not, please move it to the right place.
Question. Do Bitdefender developers plan to finally reduce the signature database in terms of weight in MB? Downloading dozens of MB (sometimes even 500MB) each time doesn't make sense, does it? First, it's a lot of data constantly being written to the disk (SSD has limitations due to TBW) and second, it extends the update time. I don't think any AV on the market updates for that long! During the update, you can go make a coffee or replace the stopwatch with a calendar.
Why does all your competition download the signature database in a few seconds and it weighs at most a few MB - for example Kaspersky, Eset, Norton, etc.
Is Bitdefender really unable to change this for so many years? Do you at least plan to change it? When?
Comments
-
Hello.
This is something that should be addressed to @camarie, who works as Principal Software Developer at Bitdefender and @Alexandru_BD, who also works for Bitdefender.
Please, wait for their reply.
Regards.
1 -
In the past, I have also contacted the Bitdefender Malware Research Team through Bitdefender Support regarding the same issue, requesting the development of generic detections for specific types of malware. Specifically, I proposed detecting a common file associated with a particular malware type so that if a similar file appears with a different hash, it can still be identified by the same generic detection.
The response I received from the Bitdefender Malware Research Team via Bitdefender Support was that they have currently created a detection for that specific malicious file and may work on a generic detection in the future.
However, in my experience, such features never actually get implemented. Bitdefender signature-based detections have now become similar to Norton signatures from the 1990s.
This query can be answered by @Bogdan BOTEZATU, the Director of Threat Research and Reporting at Bitdefender, if @Alexandru_BD can get him to visit the forum once again.
Additionally, I have reached out to Bitdefender Support, and they have escalated the query to the Bitdefender Malware Research Department on a high priority basis. I will provide updates here as soon as I receive any further information.
Regards
Life happens, Coffee helps!
Show your Attitude, when you reach that Altitude!
Bitdefender Ultimate Security Plus (user)
2 -
Bitdefender is one of the best, if not the best AV package on the market today. Behavioral protection is very good and a world leader. Bitdefender is a pioneer in many solutions that increase security. So I don't understand how for so many years they haven't been able to rebuild the SDK and, for example, be on the same or similar to what Eset has. Why? Why does the user have to download a huge signature package of hundreds of MB every day? Bitdefender developers don't want to or can't rewrite or change it? It's not possible? The costs are too huge? Well, you can probably afford this expensive Bitdefender to finally get rid of this problem like these updates, which are one big misunderstanding.
0 -
Can any answers be expected to the questions asked?
0 -
The responsibility of compacting signatures lies with Bitdefender malware researchers, not Bitdefender product developers. Since Bitdefender Support has already escalated the issue to the Bitdefender malware research team, the response time may exceed the usual 72 hours. In most cases, it may take up to a week, as these inquiries are a lower priority for the Bitdefender malware researchers, who handle thousands of malware samples daily. Customer queries are addressed as time permits.
As the ticket has already been created, we appreciate your patience while awaiting a response from the Bitdefender malware research team. This post will be updated as soon as new information becomes available.
Regards
Life happens, Coffee helps!
Show your Attitude, when you reach that Altitude!
Bitdefender Ultimate Security Plus (user)
0 -
@Flexx I'll leave it to you to follow up here, once you receive a response from the security researchers on your ticket. And I'll keep this thread open and share my personal thoughts as well.
@spotify first of all, thank you for your appreciation. Obviously, we as forum moderators cannot really answer this question, so I think this needs to be answered by the teams who are responsible for this process. I say we wait for them to reply to Flexx, and he'll post back here.
Considering that there's a massive threat landscape out there, and there are millions of unique malware strains, including polymorphic variants, the signature databases have to cover all of them, so yes, I think their update size is justified. And as you probably know, the security solution uses multiple layers, traditional signatures, heuristic rules, AI components, behavioral patterns, etc, and these all need updating. I think compressing them may have side effects when it comes to optimization, and the developers must prioritize reliability over size, because large updates are known to be less prone to corruption or failures, than many tiny ones pushed one after another. Naturally, the signature updates should also include legacy support for old threats, in case users encounter older malware, so this may also bring more weight.
While better ways exist, such as cloud, AI (and Bitdefender also uses both cloud-based scanning and machine learning), I think signature-based detection is still foundational and very dependable, because it offers offline protection as well, it's predictable and reliable, and it's a proven detection method, especially for known malware.
Furthermore, I think this method could actually improve performance as well, since local signature scans are usually fast and don’t require server round-trips.
I speak for myself here, but I personally can live with this trade-off of having a bigger signature package, since I didn't notice any decrease in performance, or anything that could affect my daily work on the device when these updates take place. I guess it's just the way they prefer to do it, but I'm sure they have their legitimate reasons for doing it this way.Premium Security & Bitdefender Endpoint Security Tools user
0 -
Take it easy. I'm in no hurry.
I just hope someone comes back with an answer and explanation sooner or later.
Everyone understands the threats. And signatures are important. But the Bitdefender solution is a disaster. I don't know of any other solution on the market that downloads such a large amount of data when updating signature databases. I don't know of any other solution that takes so long to update. All of Bitdefender's competition doesn't have such problems, it doesn't download 0.5GB or more of signature databases with each update. And all of the competition doesn't lose security because of it. Just look at the AV-Comparatives or Av-Test tests. Downloading such data to an SSD drive day after day is killing it and reducing its lifespan (TBW).
If you use the cloud, why aren't the old ones from Windows XP or even older sitting there? With all due respect, all of the competition has it solved better and you can go on and on - from Eset, through Kaspersky, Norton, AVG, Avast, Fsecure and many, many others.
There is no drop in performance, since Bitdefender takes up so much RAM. And how does the hardware not feel it and doesn't affect the operation of the system? After all, the SSD drive gets a kick of data every day.Eset, which also relies heavily on signature databases in its protection, has almost none with Bitdefender updates. Sarcasm. :)
But seriously, in the example Eset signature updates are kb, not MB or GB.
By the way - how does cloud scanning work? I'm curious. If a given file/document looks like a threat, does Bitdefender send such a file to your cloud? Or how does it happen?
0 -
Everyone understands the threats. And signatures are important. But the Bitdefender solution is a disaster. I don't know of any other solution on the market that downloads such a large amount of data when updating signature databases. I don't know of any other solution that takes so long to update. All of Bitdefender's competition doesn't have such problems, it doesn't download 0.5GB or more of signature databases with each update.
It appears that you may be experiencing issues with either your Bitdefender product or the software you are using to monitor its data usage. If your concern is specifically about Bitdefender signature database updates, I would like to highlight that several well-known security solutions, such as Emsisoft, eScan, and others, utilize the Bitdefender signature database. Additionally, many corporate anti-malware solutions also rely on Bitdefender's signature-based detection.
A fresh installation of Emsisoft Anti-Malware and eScan Anti-Malware typically results in a Bitdefender signature database download of around 30 MB. Subsequent daily updates for the Bitdefender signature database are generally small, averaging between 5 MB and 10 MB over a 24-hour period. If your Bitdefender product is downloading significantly larger amounts—such as 500 MB or more—this suggests a potential issue with the software installation or the integrity of the signature database.
To verify this, I recommend downloading and running the Emsisoft Emergency Kit, which is a portable scanner rather than a full anti-malware suite. After installing it, update the database and check the actual download size for the Bitdefender signatures. In my own testing, Bitdefender’s signature folder size remained under 15 MB, even after multiple update intervals.
If your Bitdefender product continues to download excessive amounts of data, I strongly suggest uninstalling and reinstalling the software to ensure a clean installation. Additionally, reaching out to Bitdefender's support team may help identify the root cause of the issue. Please let us know if you require further assistance.
Eset, through Kaspersky, Norton, AVG, Avast, Fsecure and many, many others.
Now, without going into deep details, I'm going to provide information at a surface level. ESET, followed by Kaspersky, has its own malware detection engine. AVG and Norton use Avast's malware detection engine. F-Secure is based on Avira's malware detection engine, and there are others as well. Below, I've shared two links where you can explore the third-party vendors that various antimalware products use in their software.
https://www.av-comparatives.org/list-of-consumer-av-vendors-pc/
https://www.av-comparatives.org/list-of-enterprise-av-vendors-pc/
Eset, which also relies heavily on signature databases in its protection, has almost none with Bitdefender updates. Sarcasm. :)
But seriously, in the example Eset signature updates are kb, not MB or GB.Furthermore, I have installed ESET on another PC, and the reason its signature updates appear in KB-sized increments is that ESET has significantly reduced the creation of traditional static signatures (those manually crafted by malware researchers). Instead, ESET primarily relies on machine learning (ML), the Host-based Intrusion Prevention System (HIPS), and cloud-based detection mechanisms. This information was confirmed by Marcos, an administrator on the ESET forum.
You can check the following link to see how ESET updates are released, as stated in the support article provided by ESET Support:
Therefore, before comparing two security products, it is essential to understand how each solution functions, as not all anti-malware products operate in the same manner. A thorough technical analysis is required before drawing conclusions.
By the way - how does cloud scanning work? I'm curious. If a given file/document looks like a threat, does Bitdefender send such a file to your cloud? Or how does it happen?
Now, regarding the operation of cloud scanning (which is generally similar across most antimalware solutions), we'll focus specifically on Bitdefender's implementation.
- Combines Local & Cloud: Analyzes suspicious files using both local scanning and cloud-based threat intelligence.
- Initial Local Scan: When a file is accessed or run, Bitdefender first scans it locally.
- Uses signature detection (matching known threats).
- Uses heuristic analysis (checking for suspicious code or behavior).
- Safe Files: If the local scan confirms the file is safe, nothing more happens.
- Suspicious Files: If a file looks suspicious but isn't definitively malware:
- A hash (unique file fingerprint) may be sent to Bitdefender's cloud servers.
- Cloud Check (Known Files): If the cloud has seen this hash before, it quickly returns a verdict (safe/malicious).
- Cloud Analysis (Unknown Files): If the file is unknown to the cloud:
- Part or all of the file may be uploaded for deeper analysis.
- Cloud analysis uses AI, behavioral detection, and sandboxing (running the file safely in isolation).
- Malware Confirmation: If the cloud determines the file is malicious:
- The global threat intelligence database is updated.
- This protects all Bitdefender users from the newly identified threat.
- Privacy Defaults:
- By default, only metadata and file hashes are sent.
- Personal files (like documents or images) are not uploaded unless you explicitly permit it in the settings.
Regards
Life happens, Coffee helps!
Show your Attitude, when you reach that Altitude!
Bitdefender Ultimate Security Plus (user)
1
