Password protected Uninstallation of Bitdefender products
In Bitdefender Total Security (BDTS) there is an option to password protect the product settings, but that is only for the settings, not for the uninstallation process of the product.
So, anyone who has access to my laptop, can easily uninstall/remove BDTS from my laptop, without me knowing that. That way, i will be exposed to malware, ransomware and other malicious software, because i will not have an AV solution installed on my laptop to deal with the malicious software. Also, that person could intentionally infect my laptop by pluging USB with malicious software to the laptop.
That is why it is a goog idea to password protect the uninstallation of Bitdefender products, where everytime someone wants to uninstall the product, first of all he/she will be asked to enter the password, just before starting the uninstallation process and after that he/she may continue with the uninstallation.
Finally, this option should be available not only in BDTS, but in ALL Bitdefender products for Windows/Mac/Android/iOS, like Password Manager, Mobile Security, Free etc.
Regards.
Comments
-
Agree, also as one of the members here who had a password-protected BD, his child was able to uninstall BD to bypass the Parental Controls.
All Bitdefender Home Product User Guides:https://www.bitdefender.com/consumer/support/user-guides/
3 -
I also agree with the same and this option is currently only available in Bitdefender mobile security for android (paid version) since one has to activate device administrator for the proper functioning of the application, and if someone tries to uninstall the application on android he will first have to deactivate the device administrator which will either require any of the protection method that a user has active on his android (fingerprint, pin or pattern lock)
Regards
Flex
(Bitdefender beta tester 2019/ 2020)
Life happens, Coffee helps!
Show your Attitude, when you reach that Altitude!
Bitdefender Ultimate Security Plus (user)
3 -
Hello guys,
Thank you so much for sharing your ideas here. I will forward your suggestion to the development teams in the upcoming product feedback & feature request session.
Best wishes to you!
Premium Security & Bitdefender Endpoint Security Tools user
2 -
I'm bumping this because yesterday I found about this vulnerability (It's by definition one) while uninstalling a password protected instance of Total Security, this has to be implemented ASAP, it's unbelievable Bitdefender didn't think about this when making the uninstaller and STILL hasn't fixed it 10 months later after this post.
-𝑺𝒂𝒖𝒓𝒊𝒌𝑺𝑰
1 -
The simplest solution that comes to mind is to change the user access control settings, so you will be prompted to enter the Windows admin password for uninstallation.
Premium Security & Bitdefender Endpoint Security Tools user
0 -
Instead of changing that to require a password for every UAC action on Windows, it’s far more logical to implement this on Bitdefender instead.
If we ask for something on this section of the forum, it’s not to “find a way around it” and make changes on Windows to fix a security mistake that Bitdefender failed to address, it’s so you can implement this.
Seeing this post, I can see I’m not the only one who can uninstall without password, so this is not an isolated bug; It’s a widespread security error.
-𝑺𝒂𝒖𝒓𝒊𝒌𝑺𝑰
1 -
Do we have any new information regarding this? Or was there a post I missed somewhere that maybe Windows hinders that ability?
TIA
All Bitdefender Home Product User Guides:https://www.bitdefender.com/consumer/support/user-guides/
1 -
While in above post I might have provided information related to android and might have stated my request to introduce the same for pc/mac, but after getting to know about development a little bit I think for windows/mac it may not get implemented.
What I think here is that the solution provided by @Alexandru_BD of enabling UAC is the best thing because if bitdefender will set password protection for mac/windows devices for its uninstallation, it can become a chaos for user who are not tech savvy and who forget the password easily.
So providing the option of asking a user whether they need to set password protection for uninstallation is not a bad idea but not a good idea as well and to me it seems useless when you have UAC available in windows itself. I think the development will also not agree of implementing this feature.
+1 with @Alexandru_BD for the resolution he provided for enabling the UAC.
Regards
Life happens, Coffee helps!
Show your Attitude, when you reach that Altitude!
Bitdefender Ultimate Security Plus (user)
1 -
@SaurikSI, there are around 20-30 antimalware products in the market. Can you list the majority of antimalware solutions which have the password protection for uninstalling their respective antimalware product. I remember kaspersky has this option. Can you provide some more antimalware products which display the same warning at the time of their product uninstallation.
Also, as far as I know when you use the product uninstallers built by the respective companies for their product uninstallation, they do not display any warning. The password protected barely happens for the product if uninstalled via windows uninstaller.
Like suppose if I will delete kaspersky product via windows uninstaller, kaspersky will warn me if I need to uninstall the product but if I will directly use the uninstaller created by kaspersky for their product, it will bypass that warning and will directly uninstall the product.
Regards
Life happens, Coffee helps!
Show your Attitude, when you reach that Altitude!
Bitdefender Ultimate Security Plus (user)
0 -
it can become a chaos for user who are not tech savvy and who forget the password easily
For the love of God, that’s clearly a non-issue, few people set password protection on their security solution, and those who do obviously do it for a reason, and not asking for that password undermines the ENTIRE concept of this security.
Please stop treating everyone as babies, it’s getting tiring, especially on an environment like this, literally NO ONE who doesn’t know what they’re doing uses password protection.
Setting UAC is obviously is not what anyone is looking for, the OP paid for Bitdefender so they want a feature, UAC would apply to other programs too.
-𝑺𝒂𝒖𝒓𝒊𝒌𝑺𝑰
0 -
LOL, just replied before you mentioned me.
I honestly don’t remember, I think Kaspersky, ESET, and Avast (AVG too)
Kaspersky also implements password protection when completely exiting the AV (A feature a lot of people also requested, but my thread was rejected for paranoid and unreasonable reasons as well)
-𝑺𝒂𝒖𝒓𝒊𝒌𝑺𝑰
0 -
Well let's narrow down the things and get to a conclusion. If @Alexandru_BD said that he will send the feedback to the developers and came down with the solution regarding the UAC, that may clearly state that developers are not interested in introducing the feature. While I am not exactly sure about this, that is why I tagged @camarie who is one of the developers for bitdefender windows product who can provide us with an insight on this. Kindly wait for his reply since he visits the community forum on occasional basis.
Regards
Life happens, Coffee helps!
Show your Attitude, when you reach that Altitude!
Bitdefender Ultimate Security Plus (user)
1 -
ESET does not has this feature since I use it on my laptop and have installed and uninstalled it on my laptop. Avast & AVG might have this feature because their parent is Avast only and they have almost same setting and malware detection database. But still I cannot confirm about this.
Regards
Life happens, Coffee helps!
Show your Attitude, when you reach that Altitude!
Bitdefender Ultimate Security Plus (user)
1 -
Agree, setting a separate UAC is not the solution, IMO.
And if for some reason it can't be done, then it can't be done.
Cheers
All Bitdefender Home Product User Guides:https://www.bitdefender.com/consumer/support/user-guides/
1 -
This post is from the perspective of BD on Windows devices.
I guess if a person forgot their settings password, which would also lock BD from being uninstalled, how would they uninstall BD when needed, via Safe Mode (if that can be done)?
Granted, we're not talking about a password that is password generated and would be hard to remember, so in that sense if someone couldn't remember that password, why even have the option included in the app? This is maybe where a separate UAC could come in handy, in protecting an uninstall if it were a shared PC/notebook.
So in my being single, and the constant Admin of my devices, is the password protection something a family account Admin is enabling, after setting up a family member's BD settings?
Edit: I didn't reopen this thread to stir the pot, but I saw a post where a member mentioned that his kid seemingly found a way to disable BD parental controls, and this thread came to mind. But I do like the "iron sharpening iron" debate by the members here :)
All Bitdefender Home Product User Guides:https://www.bitdefender.com/consumer/support/user-guides/
1 -
why even have the option included in the app?
For the same reason we can set a password for the settings: All the security Bitdefender provides is totally useless if someone can just disable it. With the settings password you mitigate that, but you can still uninstall it without a password, which is a security vulnerability in an antivirus solution, that’s not good.
I hate this argument of “I wouldn’t use it myself, so don’t add it”, it’s the same I heard when I requested an option to complete close Bitdefender, it’s simple: If you don’t want to use it, just don’t! Just leave the option for those who will, the default mentality behind a software should be to help the user by giving freedom to choose, not restricting just in case.
This is by far the only aspect I dislike about Bitdefender, this trend of not giving advanced users their right to choose how to use their own PC and security solution that they own.
-𝑺𝒂𝒖𝒓𝒊𝒌𝑺𝑰
1 -
Good reasonings in your posts, no absolute disagreements from me. I did vote up, for this ability 15 minutes after this thread was posted. I also did vote up for your Exit Bitdefender, thread :) So, maybe I ask more questions than have answers for? :)
All Bitdefender Home Product User Guides:https://www.bitdefender.com/consumer/support/user-guides/
1 -
Fair enough 🤝🏻
-𝑺𝒂𝒖𝒓𝒊𝒌𝑺𝑰
1 -
I will discuss this with PM and the team. This is not a simple feature and it can easily put the user in the impossibility of uninstalling, at least via normal means.
The uninstall should be no different than the other application, though, because the vast majority of the users, and Microsoft themselves, expect a certain way to follow. Inside the application, yes, one can ask for password, make user perform additional validations, invoke UAC etc. since changing a setting or starting an operation which may prove sensitive could justify the additional stress.
But the uninstallation, at least as the user experience, is mostly handled by Windows. It is possible, true, to incorporate into the uninstaller an additional initial step that asks for an additional validation via UAC, and from a member of the Administrators group, but this will complicate the process anyway.
Perhaps a new setting, default OFF, maybe called "Perform program maintenance only by an administrator", which will do the same validation (ask for an admin password via UAC), and if validates, it will be set to ON. If one wants to set it to OFF, the same thing has to be done as well. Thoughts?
4 -
@camarie that's kinda what I was wondering on my end, as far as Windows allowing it. How many times over the years have I ever seen an app have the ability to be password protected from a Windows uninstall?
All Bitdefender Home Product User Guides:https://www.bitdefender.com/consumer/support/user-guides/
1 -
Bitdefender's settings password option is compromised anyway. I've been chasing a related problem for over a year: Bitdefender, or something, will change the state of a setting even though the password option is active. The setting in question is Firewall, Alert Mode. It will deactivate itself without a prompt for the password. I tolerated this issue until I enabled the setting password option, and realized that it was compromised. That broke my trust in the product. Back to Norton.
1 -
I still use Bitdefender, but I do have a problem with the attitude of this company, just look at this thread: The level of debate, mental gymnastics and downright excuses people are willing to do here to avoid fixing a CLEAR security vulnerability is appalling, and we’re talking about a SECURITY product, I never expected it would be so hard to understand why it’s ridiculous to have a settings password but not a password to uninstall the WHOLE SECURITY SOLUTION ITSELF!
It’s always “We’re not going to add this useful feature because think of the rookie users”, rookie users would NOT activate something like this in the first place! This is literally compromising the security of a lot of users just for the newbies.
-𝑺𝒂𝒖𝒓𝒊𝒌𝑺𝑰
0 -
It is frustrating. I dealt with support a couple of times and gave up. The forum has been more helpful. To your point, the forum reveals ongoing themes and ignored issues. It does not take much to spoil a good thing. I continue to use BD on my laptop--smaller footprint and resource needs--but was forced to use Norton for my desktop because I need total integrity on that platform.
1 -
Yeah, if you’re surprised by this, just look at this request I made: https://community.bitdefender.com/en/discussion/91650/exit-bitdefender
It is clearly popular, but they came up with any sort of excuses to avoid implementing this (Some of them valid, some of them mental gymnastics), I addressed every single of their points and provided with a solution that would work for everyone, but they always find a way to say “Think of the rookies”
I even suggested putting a mandatory warning so even rookies are aware of what they’re doing, but nothing…
-𝑺𝒂𝒖𝒓𝒊𝒌𝑺𝑰
1 -
Hi @SaurikSI,
In regard to the password protected uninstall, as @camarie pointed out, this would complicate the process, but it's something that should be further analyzed by the development teams to assess if it's feasible or not.
Concerning the 'Exit Bitdefender' feature, the security modules can be temporarily disabled one at the time depending on the user's needs and the antivirus protection can be paused as well. Furthermore, the antivirus can also be easily uninstalled and reinstalled, if necessary.
In conclusion, the exit feature suggested at the link above has not been approved for development and will not make it into production, for the reasons explained in the respective thread. When it comes to software usage, depending on its purpose and functionality, there are two perspectives: the user's perspective and the developer's angle. The developer is responsible to create an efficient UI which covers the needs of various user categories and leaves room for customization as well, to streamline the user experience. Everytime he does that, he needs to put himself in the user's shoes and test multiple scenarios of usage. With this in mind, the final product must be applicable to all categories of users. Moreover, if we are talking about security and the PURPOSE of a cybersecurity solution, as a vendor you cannot take risks and leave any doors open. Think of the bigger picture here and the implications on a larger scale. As an experienced user, you may choose to take chances and expose yourself, knowing what you are doing, but from the security provider's perspective, if such a feature is considered to pose a vulnerability and does not meet certain security standards (and this is not an excuse, it is a finding from people who know very well what threats we face in the virtual world), it won't be made available to the users.
Regards,
Alex
Premium Security & Bitdefender Endpoint Security Tools user
3
