This post focuses on Bitdefender. But what I say here applies to other antivirus providers as well, in various ways. I am limiting the scope to Bitdefender merely to keep it relatively brief and focused on specific examples illustrating the larger point.
The following discussion begins with criticisms of Google Search, including its restriction of information available to the public regarding problems with or complaints about Bitdefender. Within the very limited list of websites returned by a Google search, it appeared that virtually no tech journalists considered it worthwhile to investigate misbehavior by, or problems within, Bitdefender Inc. or its antivirus software.
That seemed odd — because, in my experience within the first 48 hours after installing Bitdefender Total Security, there were definitely things that I found problematic. Already, within that period of time, Bitdefender had squirreled away some of my files to a place where I could not recover them. I was not finding answers in the user’s guide. Tech support had responded quickly, but had not given me a way to view or recover those files. And then, before I could file a simple inquiry about the option of creating an ISO for emergency booting, Bitdefender required me to upload a seemingly comprehensive inventory of processes, events, and files in my computer. Further inquiry revealed that users had actually submitted a number of complaints about Bitdefender to various consumer websites, and that recent events involving Bitdefender raised questions of its commitment to, and competence for, protection of users’ privacy and security.
The primary point is not that Bitdefender was unusually bad. I don’t know that to be the case. For all I knew, there were comparable problems with all of its competitors. The point is, rather, that tech journalists’ reviews of products like Bitdefender antivirus tend to operate much like those restrictive Google searches: they pose as if they are giving us the full scoop, when in fact they are providing what may be a carefully manicured, indeed deliberately deceptive, impression of the current state of knowledge.
In this world, people are often free to mislead others. The problem identified here is that, at Google and in these tech reviews, we are talking about the people who dominate their field, who tend to attract the bulk of public attention. It is not an overstatement to say that, in the minds of most users, if neither Google nor the mainstream tech news outlets don’t cover it, then it doesn’t exist. The result, elaborated in another post, is a supposedly free press that actually prevents the public from acquiring important information.
Getting Information About Bitdefender From Google
I started this post because I got disturbing results from a Google search. It was a search for criticisms of Bitdefender from the past year. It turned up a total of 103 hits. After discounting the ones in non-English languages and those that seemed irrelevant, I found remarkably few websites that criticized this software or the company that created it.
After some exploration of the results from that search, it occurred to me that this could be another instance of what a previous post calls “the train wreck of Google Search.” Sure enough, identical searches produced an estimated 4,570 hits on Bing and an unstated but long list of findings on DuckDuckGo.
The previous post complained that Google was restricting the amount of information available to the public on subjects of interest. It was bad enough that Google seemed to be doing this to save money: giving people only a tiny fraction of the available material would reduce demand on Google’s servers. It was even more disturbing to consider that Google seemed to be deliberately restricting information that its top executives might not want the public to see.
In another post, I discuss that criticism in terms of the familiar complaint that what conservatives call “mainstream media” often distorts or completely ignores information that runs contrary to a liberal agenda. It is as if karma requires decades of liberal political distortion, as a payback for the preceding centuries of conservative religious distortion.
But when you’re restricting public access to truth, why stop at politics? The concern expressed in this post is that the public may also not be getting the full story on software.
That concern came home to me as I proceeded with various searches, seeking information on problems with or complaints about Bitdefender antivirus software. In these days when ransomware is locking up large numbers of computers and generating millions of dollars in profit for cybercriminals, antivirus is one area where you really want to know what you’re buying, and what that software is doing once you install it.
What Is Bitdefender Doing With My Files?
That question arose for me because of what happened when I tried to get information about what Bitdefender was doing on my computer. I had just installed Bitdefender Total Security 2021 the previous day. And, as sometimes happens with new software, there were things about this antivirus package that didn’t seem to make sense. So I made efforts to find answers to two questions about the operation of the software. And instead of getting answers and being reassured, I seemed to be finding more to worry about.
If you want to be paranoid about your antivirus software, Bitdefender may not be the place to start. A person might tend to be more concerned about Kaspersky antivirus and its possible links with security agencies in the Russian government. Some contend that there are comparable grounds for concern about Bitdefender’s headquarters in Romania, which was a Soviet bloc country until 1989. But the present trend in Romania appears more pro-Western than pro-Russian. I cannot be entirely certain that my data would be safer in Palo Alto.
My initial concern about Bitdefender was that it ran a scan, it put a couple of my files into its quarantine, and I couldn’t figure out how to get them out, or even to look at them. They were batch (.bat) files. Normally, I would be able to inspect the contents of a .bat file, using Notepad, without risk of creating or spreading a malware infection.
I thought maybe I was missing something obvious, some option or tab within the Bitdefender interface that would open up the quarantine, like other antivirus programs offer. I did find guidance in the User’s Guide, but its instructions didn’t match the program’s current configuration: I wasn’t seeing what they said I should be seeing. So I went to Bitdefender’s support webpage and sent them an email, explaining the problem.
I didn’t appreciate that their support webpage insisted on compiling information about my system before it would even convey my question. They didn’t need to know what was on my computer in order to tell me where to look, within their program, for my quarantined files. I became more concerned as the process lingered. For a simple support inquiry, they sure seemed to be gathering a lot of data from my system.
On the initial question, there was good news and there was bad news. The good news was that the support people got right back to me and gave me instructions on how to view the files that Bitdefender had quarantined. The bad news was that I was right: there really wasn’t an ordinary link, within the Bitdefender antivirus interface, that would open the quarantine and show me my files. Instead, the email instructed me to open Windows File Explorer and look in C:\ProgramData\Bitdefender\Desktop\Quarantine.
For a leading antivirus program, that seemed pretty half-assed. But there was more bad news. There were not a mere two files in the Quarantine folder. There were 73 files there. Moreover, none of them were .bat files. Aside from a database file, the only filetypes found there were .bdq, .dat, and .ref. Of those three, only the .dat files were viewable as plain text in Notepad; the others just produced gibberish. And the .dat files consisted mostly of a mix of alphanumeric and gibberish characters.
I opened a handful of those .dat files in Notepad. Each had a path statement near the start, like “D:\Some Folder\Some Filename.lnk.” I use .lnk as an example, there, because that’s what a few of the filenames were: they were link files, referring specifically to links to Bitdefender software. Several others named .bat files like the ones that Bitdefender had said it was quarantining. But I could not read their contents, other than the path name, nor could I figure out how to recover them.
The batch filenames that I saw there, in those several Notepad files, no longer existed on my computer. This was what I was afraid of. Bitdefender had seemed to indicate that it was quarantining those files, not only from my data disk, but also from my backup drive. In other words, it decided that those files were dangerous; it quarantined every copy of them; and I still could not figure out how to get them out of quarantine, or even to view their contents in plain text. Unless some new information came along, they were gone from these drives — and I would have to make sure not to connect any other backup drives to this computer, as long as Bitdefender was on it.
Batch files can take a lot of work to create. I had spent countless hours developing mine, over the past 35+ years. I did not want to find myself in the situation described in one complaint on the Consumer Affairs website:
I am a systems engineer and have programmed Microsoft products for many many years, so I should know what I’m doing. I have certification and experience using Microsoft products. I recently retired from Duke Medicine as Senior IT Architect Active Directory responsible for 120,000 user accounts. …
I thought I’d take a break from Symantec products that I’ve been using for almost 30 years because I saw via the social media that BitDefender offered more and better security. SO I purchased the product and started using it on my Windows machines.
Immediately BitDefender deleted most of my Batch and powershell scripts because it said they were viruses. So I added all my script folders and scripts to the Exclusions, and still, every day I had to restore my scripts so that I could run them. … Every day I spend 30-60 minutes fixing and restoring what BitDefender keeps removing from my system. It’s a disaster as far as I’m concerned.
I have reported this and submitted my scripts to Bitdefender several times, (at least 4) to get this issue resolved. All I hear back from BitDefender is Crickets ….
There appeared to be a real risk that, if I didn’t watch it like a hawk, Bitdefender could wipe out my years’ worth of batch scripting, and I would never get it back.
Bitdefender Inc. Seems Very Invasive
I probably wouldn’t have bothered to write this blog post if that had been the end of it. But that was yesterday. Today, I ran into another problem with Bitdefender Total Security.
Today’s problem started out as a simple question. I was adding programs to a YUMI multiboot drive. That is, as discussed in another post, I use YUMI to install various software tools and operating systems (OSs) on a single USB drive. I point the YUMI software toward a downloaded ISO file, containing a compressed package of the files needed to run a program; YUMI installs those files onto the USB drive; YUMI then creates a menu; and, when I boot a computer using that USB drive, it gives me a choice of which of those tools or OSs I would like to run.
So I wanted an ISO file for Bitdefender Total Security. This wasn’t an unusual request; many other programs offer the option of creating a bootable USB drive for emergency recoveries, and usually that involves at least the option of creating an ISO. I had ISOs from other antivirus programs (e.g., Kaspersky, F-Secure), and even an old Bitdefender ISO. It seemed reasonable to request an updated one from Bitdefender.
I planned to continue hunting for that ISO. I was disappointed not to see a related option in the program’s interface (e.g., in its Utilities area), but I was sure there must be a way to download or create one.
What concerned me more was what happened when I went back to the Bitdefender support page and again proceeded to send them an email:
Their Bitdefender System Log (BDSysLog_i.exe) tool ran for more than an hour. It created a 23MB file named bdsyslog.zip. The file was compressed and encrypted. I could not tell how much larger its contents would be when uncompressed, nor could I see what those contents were: I did not have the password to get through the encryption.
I assumed the encryption was in place to protect me while the contents were in transit to Bitdefender. This implied that the contents could be sensitive. For some users, that was quite likely. As I observed, the Bitdefender System Log seemed to collect a comprehensive set of data from my system. I didn’t personally have anything to hide. But I could imagine that some users might be interested to see, as I did, that the Bitdefender tool spent quite a bit of time examining Event Logs, for instance, and prefetch data. Consider what Magnet Forensics (2014) says about the latter:
Prefetch files are great artifacts for forensic investigators trying to analyze applications that have been run on a system. … [T]hese files contain some valuable data on a user’s application history on a computer.
That sort of thing may not be concerning for most users. The problem is that, for some users, it may be. This is supposed to be security software, after all. You would not expect it to be accumulating information about your computing activities, and shipping that information off to God knows where, to people who may or may not be the ones whom you (or even Bitdefender) would want to see it. You don’t have to wander through online security forums very long before realizing that a number of people are very concerned about what certain nations’ secret police or security agencies are capable of.
I just mentioned Event Logs and prefetch data. This image names Browsers as another of the 29 areas that the Bitdefender tool investigated:
On my computer, that …\Chrome\UserData\Default... folder contained about 1GB of material. A Cache folder accounted for nearly half of that. Obviously, Bitdefender did not squeeze the full contents of that folder down into a 23MB .zip file. This image raises the possibility that they were interested only in that folder’s information about Extensions.
But I think most people will realize that this is still enormous overkill, for purposes of answering a simple question about whether I can create or download an emergency recovery ISO. This smacks of an entity, like Google, that is actively collecting huge amounts of user information for marketing purposes, to an extent that may disserve the person who thought that s/he was the real customer.
I could not tell whether, along with all the other data it was collecting, Bitdefender’s tool was uploading an actual list of files on my computer. N-Able (2020) said that, during a Bitdefender virus scan, by default, “every file is logged.” I found that it took only a few MB to store a compressed list of all files on my computer. Such a list could easily have been included in that 23MB .zip file. Needless to say, a list of specific file names could be hugely revealing for some users (e.g., “Video of sex with Mike Pence’s wife.mpg”).
One may wish to assume that whatever goes to Bitdefender will never be leaked to a third party who might be able to deduce that certain people were running programs that they should not have been running, or that they were using non-work software at times when they were supposedly at work, or that for other reasons their application usage history (or other matters exposed by the collected data) could pose problems for the individual. But why does Bitdefender raise such worries in the first place?
I disliked Bitdefender when I first tried its free antivirus, and found that it required me to log into their network every time I booted my computer. That was creepy. None of the other antivirus programs required that. Why would a person who was concerned about privacy, security, and malware protection want to register his/her online activities with a software company?
By this point, I wasn’t getting a good vibe from Bitdefender. I was regretting that I had bought their software. As before, they were not making things easy for me. But I still intended to work through the User’s Guide, explore its many options, and make the best of my purchase.
The Whitewashing Style of Tech Product Reviews
What really motivated me to write this post was that software reviews did not seem connected to users’ reality. I bought Bitdefender because of technical reviews offering conclusions like this one from PCMag (Rubenking & Eddy, 2020):
With outstanding antivirus lab results and a collection of features that puts many security suites to shame, Bitdefender Antivirus Plus is an excellent choice for protecting your PC.
I found many other reviews (by e.g., U.S. News, PCWorld, TechRadar, SoftwareLab) that were functionally similar. These reviewers all seemed to discuss a software installation from a laboratory perspective: if you install the software on a clean machine, and subject it to certain stresses and comparisons, you will see what we saw. Our review is scientifically legitimate in the sense of being replicable: under controlled conditions, the software does objectively offer X features and exhibit Y behaviors.
That is fine, as far as it goes. The problem is that it does not go far enough. It does not support, for instance, PCMag’s quoted statement: Bitdefender is “an excellent choice for protecting your PC.” PCMag’s review was a failure because PCMag did not attempt to evaluate what “protecting your PC” might entail. We have already seen two examples of failure in that promise: (1) your PC might have batch files that Bitdefender will screw up, as in the case of the systems engineer (above), and (2) your PC might have information on your computing activities that you don’t wish to send off, without any explanation, to some unknown destination, in order to get an answer to a simple question.
It was not hard to recall the mentality of a kid who is having fun playing with hardware or software. I could sympathize with a reviewer who just wanted to compare program features, to talk about how Bitdefender offers a better VPN than Avast, or whatever. That sort of review could appeal to a person’s wishful thinking, to the belief or hope that securing a computer system could be a straightforward matter of taking the right technical steps, including acquisition of the right antivirus software.
But as PCMag’s words acknowledge, you were going to be reading its review to ascertain whether Bitdefender would work for “your PC.” PCMag could not answer that question without trying to find out what might be happening on your PC. It is true that PCMag could never fully know what happens on everyone’s PC. In that sense, the PCMag reference to “your PC” was always going to offer false hope. A better phrasing might refer, instead, to the question of whether Bitdefender addresses the concerns most prominently registered by its users.
For example, the systems engineer’s complaint about batch files came from a Consumer Affairs webpage. Other users have registered their complaints at the Better Business Bureau (BBB). These complaints tend to involve the practical side of getting Bitdefender to work as advertised, in a non-laboratory situation. If sources like PCMag were paying attention to these real-world experiences — testing them, contacting the complaining consumer where possible, asking Bitdefender about them — you can bet that Bitdefender would try to make sure that its software really would work on “your PC.”
A reader cannot always know whether a given complaint is rendered in good faith after a capable effort to make the software work as expected. Journalism and customer support are always, to some extent, a matter of translating private experience into public terms. For example, after reading some of those Consumer Affairs and BBB complaints, I wanted to know whether I was going to run into what those people were complaining about. As I understand them, their problems included the following:
- Apparently Bitdefender offers a Box subscription, in which people invest a lot of time and spend a lot of money; and then Bitdefender is overcharging for, or making it difficult for those people to renew, those subscriptions.
- Bitdefender’s virus scan reportedly “stomps .DAT files” resulting in “corruption of Pervasive/Actian/Btrieve database files resulting in massive record loss.”
- Bitdefender apparently auto-renews its subscription at a higher price without reminding users that this was part of the original deal. There is nothing wrong with allowing users to auto-renew. But auto-renewing without notice is likely to convey an impression that this supposedly protective company is just one more sleaze at paytime. As if to emphasize the cultural differences between America and Romania, Bitdefender’s website reportedly prevents people from canceling auto-renew. To quote one user’s reaction,
Do not buy this product unless you want to do business with a security company who ends up stealing your money and refuses to quickly refund it. They should never ever have the kind of access to paypal account. As far as I am concerned they are no different to a thug who robs you on the street.
- Customer service fails to respond to complaints involving money (e.g., autorenewal, overcharge) or malfunctioning software features (e.g., problems in the banking app).
- The antivirus software is non-intuitive, to such an extent that it may require hours of troubleshooting.
- The software requires the user to sign in to Bitdefender after every reboot, and then tells the user that servers are unavailable.
- Those who buy anything less than the top-of-the-line Bitdefender product apparently receive constant pop-up ads for additional Bitdefender services.
- The software interferes excessively with normal web browsing; it does not offer a silent or critical mode, as Norton does, that would be less obtrusive. The warnings of suspicious connections or links are “everywhere,” and the pop-up message “blocks you from any further typing.”
- Updating to Bitdefender Total Security results in locked data vaults, producing “a disaster” for one user who “can’t do online trading without the locked data!”
That is just a sample of the complaints I saw on those two websites. It is not surprising that a user who has experienced such problems would conclude that reviews at sites like PCMag are basically bought in exchange for “kickbacks” — that there is “no truth on the Internet anymore.” The conflict of interest for sources like PCMag has long been clear: companies like Bitdefender are buyers of our advertising space, so ultimately we can’t say anything too negative about them. That may or may not explain the failure of tech journalism discussed in this post. It does obviously undermine the pretense that PCMag is truly seeking to identify what will be good for “your PC.”
It may be tempting to suppose that the total of ~125 complaints and reviews presently available at the Consumer Affairs and BBB webpages merely convey the views of a tiny minority of incompetents and kooks who will turn up in any large-scale activity. Here, again, a competent review could have demonstrated the credibility of such an assumption; it could have investigated to see whether any of the complaints just listed, for example, turned out to be legitimate.
The failure to investigate — the seemingly obvious avoidance of evidence that appears to contradict PCMag’s assurances — tends to suggest, rather, that what we have, in those two consumer-oriented complaint websites, is just the tip of the iceberg. These people seem to be unusual, not because they had complaints, but rather because they went to the trouble of registering those complaints with those websites. It seems they may be the one in a hundred, if not one in a thousand, who does speak up.
The Company You Keep
Consumer complaints, like the examples just cited, have a quality different from the narrowly feature-oriented reviews commonly provided by outlets like PCMag. The latter are almost invariably amoral. That is, they only care about whether the product works on a relatively plain-vanilla system, challenged only by carefully controlled variations (e.g., specific viruses).
That sort of inquiry is not at all bad. It is merely incomplete. In the real world, personalities and profits skew what happens with the software that has supposedly been analyzed objectively. Among other things, when people feel that they have been overcharged or hoodwinked, those narrow concerns about product functionality can be suddenly and predictably demoted to minor importance.
That may be especially true in the case of antivirus software. In this area, we are talking about a company that is supposedly protecting you. It certainly takes a lot of trust for countless thousands of users to give companies like Bitdefender access to their systems, lists of their files, information about their bank accounts, and other extremely sensitive materials. Abuses of trust in this sphere tend to undermine the whole foundation for the product.
In the realm of system security, it can be very relevant to know whether a company like Bitdefender does, or does not, conduct itself in an honorable and competent manner. To cite other examples, people definitely care about whether VeraCrypt has passed a security audit, or whether LastPass has had its servers breached. Microsoft is not a security company per se, but the discovery that it could and did behave in a manner hostile to users was nonetheless disturbing if not shocking to a large segment of the public.
It may not seem logical from a narrow product-functionality perspective, but for human purposes it can be important to know whether your antivirus company is really committed to the protection of users and the elimination of security threats. In that context, readers of antivirus software reviews, in sources like PCMag, might be very interested in these words from an article in MIT Technology Review (Dudley & Golden, 2021), beginning with its headline:
The Colonial pipeline ransomware hackers had a secret weapon: self-promoting cybersecurity firms
Five months before DarkSide attacked the Colonial pipeline, two researchers discovered a way to rescue its ransomware victims. Then an antivirus company’s announcement alerted the hackers.
On January 11 , antivirus company Bitdefender said it was “happy to announce” a startling breakthrough. It had found a flaw in the ransomware that a gang known as DarkSide was using to freeze computer networks of dozens of businesses in the US and Europe. Companies facing demands from DarkSide could download a free tool from Bitdefender and avoid paying millions of dollars in ransom to the hackers.
But Bitdefender wasn’t the first to identify this flaw. Two other researchers, Fabian Wosar and Michael Gillespie, had noticed it the month before and had begun discreetly looking for victims to help. By publicizing its tool, Bitdefender alerted DarkSide to the lapse, which involved reusing the same digital keys to lock and unlock multiple victims. The next day, DarkSide declared that it had repaired the problem, and that “new companies have nothing to hope for.”
“Special thanks to BitDefender for helping fix our issues,” DarkSide said. “This will make us even better.”
DarkSide soon proved it wasn’t bluffing, unleashing a string of attacks. This month, it paralyzed the Colonial Pipeline Co., prompting a shutdown of the 5,500-mile pipeline that carries 45% of the fuel used on the East Coast—quickly followed by a rise in gasoline prices, panic buying of gas across the Southeast, and closures of thousands of gas stations. Absent Bitdefender’s announcement, it’s possible that the crisis might have been contained, and that Colonial might have quietly restored its system with Wosar and Gillespie’s decryption tool.
Instead, Colonial paid DarkSide $4.4 million in Bitcoin for a key to unlock its files.
When you read something like that, you have to ask, “Whose side are you on?” It was as if Bitdefender was trying to notify DarkSide of this vulnerability. The article contends that Bitdefender engaged in what Wikipedia describes as “glory hounding to the detriment of actual victims.” Ironically, Wikipedia said, Bitdefender’s publicity-seeking solution to the DarkSide bug was flawed: it was buggy and would damage files that it decrypted.
Bitdefender (2021) did respond to that DarkSide episode. Unfortunately, mainstream reviews of antivirus software published after those events (by e.g., U.S. News) tended not to. This disserved tech readers. Those recent reviews did not necessarily have to carry a full discussion of that episode. But those purporting to offer a full review (e.g., Tech Advisor, 2021) surely owed their readers at least a heads-up as to major events that might affect the decision of whom to entrust with one’s most carefully guarded digital secrets.
I realize that some tech readers may prefer not to read about squishy, real-world stuff. They just want to know if the product works. But the type of journalistic failure at issue here does not observe that distinction. The writers who failed to report on the DarkSide episode also failed to mention what The Register (2020) describes as “a remote code execution bug” that came to light just a few months earlier. That Register article says that Bitdefender Total Security — the very product reviewed by Tech Advisor (2021) — contained a bug that “could be exploited by a hostile website to take control of a computer running Bitdefender’s antivirus package.” Worse yet, the bug was inside the SafePay secure browser, which was supposed to protect Bitdefender users while making online payments. And yet Tech Advisor breathed not a word of that to its readers, on its way to a ringing 4.5-star endorsement of Bitdefender Total Security 2021 as offering “excellent malware protection.”
There are no levels of protection against journalistic malfeasance. The reporters who fail to tell you about the unpleasant squishy stuff may also be failing to tell you about the unpleasant code-level stuff. In the tech press, and also for that matter at Google, the question is whether they are telling you the truth, the whole truth, and nothing but the truth, or are rather manipulating you to promote their preferred products, companies, or viewpoints.