Bit Defender replacing search ads - with it's own ads~!

Discussion in 'other anti-virus software' started by DoctorPC, Feb 10, 2014.

Thread Status:
Not open for further replies.
  1. DoctorPC

    DoctorPC Banned

    Joined:
    Jan 9, 2014
    Posts:
    813
    I just installed Bit Defender to test it, and was a bit put off by how it replaces web advertisements - with it's own ads.. Of course, that happens with their search advisor enabled.

    Personally, I think this is a low ball move, and has really put me off on the product. I know it's not a serious thing security wise, but it seems a bit sleazy overall. See the screenshots below, first one with Bit Defender search advisor on, second with it off.. Note the replacement of all advertising on the page.

    Thoughts? To me this is manipulation, and a manipulation they shouldn't be doing, especially for a paid product.
     

    Attached Files:

  2. AVusah

    AVusah Registered Member

    Joined:
    Dec 24, 2012
    Posts:
    274
    This is pathetic...But why aren't you using an adblocking program in the first place? I can't even remember the last time I've seen Search ads.
     
  3. mattdocs12345

    mattdocs12345 Registered Member

    Joined:
    Mar 23, 2013
    Posts:
    1,785
    Location:
    US
    Yeah lol, they can replace adds as much as they want. They can even target me with adds but I don't even get to see them thanks to ABP :)
     
  4. DoctorPC

    DoctorPC Banned

    Joined:
    Jan 9, 2014
    Posts:
    813
    On my test laptop there is no adblocking product installed. Mostly because I want to try and inject malware and exploits into it during testing. So the reason I caught this was I was testing some aspects of BD tonight for a client on that particular test machine.

    I agree, it's pathetic. Regardless if you block ads or not, understand Bit Defender is hijacking your advertisements AND searches, and replacing them with their own injections. Leave it to me to discover this, and from what I can find - nobody else in the world has posted about this before. This is seriously a new low from a company, and it would absolutely disqualify Bit Defender from consideration in view of this.

    Other AV vendors should be taking note - Bit Defender is hijacking your links on major search engines. How do you feel about that?

    :thumbd: :thumbd:
     
  5. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,084
    That first image with "Ads related to..." looks like some Google inserted ads I've seen mentioned. Which have been known to include, in some cases, competitor ads:

    https://www.en.adwords-community.co...t-the-top-of-competitor-s/td-p/99010?nobounce
    https://www.en.adwords-community.co...ds-related-to-YYYYY-quot/td-p/135756?nobounce

    Now I know nothing to speak of about BitDefender, and for all I know this might be a behavior that it is know for. However, if I saw that I'd examine the client<->server traffic and firmly establish where the ads I'm seeing in the browser are coming from. Before concluding they were locally injected by some software I was running. Did you do so?
     
    Last edited: Feb 11, 2014
  6. DoctorPC

    DoctorPC Banned

    Joined:
    Jan 9, 2014
    Posts:
    813
    Let me make this clear.

    Bit Defenders HTTP scanner, and Site Advisor, replaces advertisements in search engines - with redirections to it's own product. When Bit Defenders web aspects are disabled, this does not happen. When they are re-enabled, one is 'fed' specific advertisements leading to Bit Defender, or exhorting the benefits of Bit Defender, and why everyone should buy it. Of course I examined traffic, and determined Bit Defender is 'serving' advertisements that benefit itself - replacing other, legitimate advertisements. Also I tested (briefly) how Bit Defender reacts - basically it looks at *ANY* search for *ANY* product that may be a 'competitor', and then redirects/replaces/hijacks/injects it's own advertisements into the stream.

    It's pretty cut and dry. Bit Defender is using their HTTP engine to subvert what paying customers see for advertisements. I'm really curious to hear how other AV companies feel about this blatant hijacking. I'm also curious to hear how people that run Bit Defender feel about this blatant intrusion into customer browsing, and specifically - hijacking/redirection. I'd also love to hear how Bit Defender plans to squirrel out of this one.
     
  7. Baedric

    Baedric Registered Member

    Joined:
    Apr 14, 2006
    Posts:
    163
    Strange, my search results differ from yours. BTW I am no BD apologist or fanboy.
     

    Attached Files:

  8. Inside Out

    Inside Out Registered Member

    Joined:
    Sep 17, 2013
    Posts:
    421
    Location:
    Pangea
    @ Bob: What happens when you use Chrome?
     
  9. daman1

    daman1 Registered Member

    Joined:
    Mar 27, 2009
    Posts:
    758
    Location:
    MICHIGAN,USA
    Im not seeing it either, Hmmm..:rolleyes: IE9
     

    Attached Files:

  10. entropism

    entropism Registered Member

    Joined:
    Dec 9, 2004
    Posts:
    322
    They're not actually replacing ads. The way it works is that they bid on keywords, in this case probably "antivirus", but possibly "Avira" as well. It's why you can put in "Buy ford truck" and get Chevy ads. Yeah, it looks bad in your example, but this is a coincidence, I promise.

    Oh, and by the way? I hate BD, I'm not one to defend them.
     
  11. Baedric

    Baedric Registered Member

    Joined:
    Apr 14, 2006
    Posts:
    163
    Here is what I see with Chrome.
     

    Attached Files:

  12. Baedric

    Baedric Registered Member

    Joined:
    Apr 14, 2006
    Posts:
    163
    Here is a better example.
     

    Attached Files:

  13. DoctorPC

    DoctorPC Banned

    Joined:
    Jan 9, 2014
    Posts:
    813
    I'm still getting the Bit Defender Hijack, regardless of browser.

    Now the difference may be - I am running a 30-Day full trial key. I had assumed the 30-Day key was the same as the paid key, but it looks like ad hijacking is part of the package for the trial activated key? I've now tried this on two seperate PC's, and the results are the same. Bit Defender (30-day trial key) is hijacking all of my searches. Also, I was running Opera without the BD plugin, I noticed you guys are running the BD plugin.

    So to clarify - to help pin this;

    1) Running 30-Day full trial key - Bit Defender IS 2014
    2) Running Under Opera w/no Adblocker at all.
    3) BD browser plugins not activated.

    My guess is - it's the trial key that hijacks advertisements, and this functionality is removed once the product is paid for. Brilliant, albeit a bit underhanded, and they just lost a 50 seat enterprise license pack I was due to order for a client because of this. Avira got the sale.
     
  14. Baedric

    Baedric Registered Member

    Joined:
    Apr 14, 2006
    Posts:
    163
    I am also running a 30 day trial key...
     

    Attached Files:

  15. DoctorPC

    DoctorPC Banned

    Joined:
    Jan 9, 2014
    Posts:
    813
    Turn off Encrypted Google.

    Try again.
     
  16. Baedric

    Baedric Registered Member

    Joined:
    Apr 14, 2006
    Posts:
    163
    Similar results as before.
     
  17. daman1

    daman1 Registered Member

    Joined:
    Mar 27, 2009
    Posts:
    758
    Location:
    MICHIGAN,USA
    Before purchasing my 2 year key i too had the trial version i did not see what your seeing.
     
  18. DoctorPC

    DoctorPC Banned

    Joined:
    Jan 9, 2014
    Posts:
    813
    Well I duplicated it a half dozen times, over two machines now. Not sure what else I can do..

    Toggle Site Advisor on = Bit Defender intercepts/replaces ads. Turn Side Advisor off, it doesn't. Really unsure of what I can do at this point, or if I even want to waste time on it since it already disqualified BD for a client. Screenshots show it was taking place directly related to Site Advisor status. o_O
     
  19. daman1

    daman1 Registered Member

    Joined:
    Mar 27, 2009
    Posts:
    758
    Location:
    MICHIGAN,USA
  20. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,724
    Location:
    localhost
    May be is country dependent? Possibly you are on different countries. Just a wild guess :)
     
  21. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,084
    You could, if you wanted to, post more detailed "how to verify this for yourself" instructions. Including download source, hash, and other info about the version you are using.

    Simply seeing an ad for BitDefender is not proof it was BitDefender that injected it, so such instructions would explain how you verify that it is actually BitDefender that is replacing and/or injecting ads. That the ads are only seen when a BitDefender feature is enabled suggests that the feature is in some way responsible, but you'd want to drill a bit deeper and prove the hypothesis by observing the underlying mechanism(s) in action. Do you see HTTP responses being modified, is it achieved through DOM manipulations, etc. IOW, a more detailed description of "and then redirects/replaces/hijacks/injects it's own advertisements into the stream" could help.

    In this crazy world of advanced tracking/profiling/ad-targeting we must consider the possibility that some behaviors will be very specific to us and what we've done. For example, it seems theoretically possible that if Google saw someone search for product X and/or in some other way determined that they downloaded/used a *trial* then Google might serve product X ads to that person. In at least some cases, part of the testing process would involve steps to eliminate such possibilities (logging out of accounts, deleting cookies, changing IP Address, verifying that a product isn't making its presence known to a remote server by adding a header or routing traffic through its VPN/proxy, disabling browser and/or AV features which phone home info about downloads/URLs/file-hashes, so forth).

    Note: Not picking at you DoctorPC, just trying to "ask questions that should be asked" so to speak.
     
    Last edited: Feb 11, 2014
  22. Max29

    Max29 Registered Member

    Joined:
    Sep 2, 2013
    Posts:
    33
    Location:
    United States
    I bought the $9.95 2 yr. Bit Defender got it downloaded but could not register it, then could not provide a password that they would accept. A number of emails to Bit Defender about the problem then finely got it. Next I found it to be a free copy of 2013 instead of the 2014 that I purchased. Then reading all the negative problems this company has. I deleted this crap. Live and learn.
     
  23. daman1

    daman1 Registered Member

    Joined:
    Mar 27, 2009
    Posts:
    758
    Location:
    MICHIGAN,USA
    No problems here with BD did you try posting over at the BD forum?

    where did you buy your license from?
     
  24. Austerity

    Austerity Registered Member

    Joined:
    Jun 21, 2013
    Posts:
    367
    Location:
    Georgia / USA
    As I am trying Bitdefender Total Security, this is forgivable because you simply disable "Search Advisor"...which I would disable anyway.
     
  25. DoctorPC

    DoctorPC Banned

    Joined:
    Jan 9, 2014
    Posts:
    813
    Agreed. It's still pretty sleazy.

    Anyway, I am tired of these AV packages with so much useless bloat. Because how useful is a site advisor, poorly done privacy cleaner, system vulnerability scanner? All of that is really useless fluff.

    Webroot itself seems to be getting slower, more sluggish with each new revision. I have gone back to the old fashioned, light, effective, and basic Avira. I hope Avira doesn't succumb to bloating their product like every other vendor. Bit Defender is laden with bloat, and replacing ads is just another strike against it. But the client elected a 50 seat of something else anyway, this was just icing on the cake.
     
Loading...
Thread Status:
Not open for further replies.