One of the topics of interest at 7 Tutorials is security. Not only we write articles and tutorials about how to have a safe computing experience but we also review security products on a regular basis. One of the things we wanted to learn more about, is how security products are made: what are the steps involved? the most important challenges? etc. Luck has it that we got the chance to meet with Alexandru Constantinescu - Social Media Manager at Bitdefender, who immediately said: "Hey! Why don't you pay us a visit and learn more from our team? We accepted the invite and today we can share with you an extensive discussion about how security products are made."
Our Discussion Partners
BitDefender is a security company which should not require much of an introduction. Or at least not to our readers. They are the leading security company in Romania and they develop security products which received lots of praise and appreciation. Their products are constantly showing up in lists with top security solutions. We went to the BitDefender headquarters in Bucharest and had a lengthy discussion with Cătălin Coșoi - Chief Security Researcher (in the picture above) and Alexandru Bălan - Senior Product Manager. They are both very knowledgeable and friendly people, with whom we enjoyed having this conversation.How Security Products are Made
We did not waste a lot of time on introductions and we immediately started our conversation. What are the stages you go through, while developing a new version of a security product, such as an Internet Security Suite? The approach is not really different from your typical software development project. Let's say we just launched the 2012 version of our products. As soon as the launch ends, we start working on the 2013 version. First, we decide on the set of features and changes that will be introduced in this next version. In order to identify the features that will have a great impact for the next version, we have discussions with several audiences: reviewers, security experts, technical experts and users who are able to give us insights on what works, what doesn't and what could work well in the next version. On top of that, our own technical team gives input based on their expertise and vision of where they would like take the product. We also do a market analysis to better understand the direction(s) where other companies are heading. Based on all these inputs, we make a call on what gets included in the next version and what doesn't. Then, we have the development stage, with several test phases included. First, we have an internal preview when we test our pre-beta software. Next, we have several beta stages:- An internal beta – just like the internal preview, but with a slightly bigger audience testing the product;
- A private beta – where we choose a closed circle of users from outside the company to test the product. We involve up to a few thousand users and we choose people whose feedback we consider helpful. We include knowledgeable users, people with whom we had a longer collaboration, technical experts whose opinion we value, etc.;
- A public beta – it takes place 2 to 3 months prior to the actual launch. At this time, anyone interested can pick up the product, test it and provide feedback.
- Behave – this monitors and learns the general behavior of your applications;
- Active Virus Control – monitors the actions taken by an application and blocks those which are suspicious or mal-intentioned.
- Cloud – gathers information from lots of sources about malware and updates itself continuously. The data from the cloud is used by almost all protection modules included in our products.
- Honeypots;
- BitDefender SafeGo, with its support for both Facebook & Twitter;
- The data sent from our clients' computers about infections and suspicious activities;
- Our collaboration with other security providers;
- Public malware databases.




Discussion (4)
You folks Rock! I am finding these 7tutorials to be very well written and very understandable. Awesome info and cool facebook app. 8^)
I’m glad you enjoy our work and… thank you for the comment. 😀
Excellent article 7tutorials. Thanks a lot to you guys for taking time in going to BitDefender office, discussing with them and most importantly sharing this valuable information with us.
BTW, I thought Avast was the first one to have this push-update mechanism. But, BitDefender says it already have it. Nice to know these facts.
Finally, Thanks to BitDefender!
It would be interesting to know if they worked on the Stuxnet worm to decipher it.