Linux Passwords Warning — 2 Critical Vulnerabilities, Millions At Risk
Beware this Linux password vulnerability.
Although most critical security warnings that hit the headlines impact users of Microsoft's Windows operating systems, and occasionally Apple's iOS and macOS, Critical Linux security vulnerabilities are a much rarer occurrence. As news of not one, but two, such Linux vulnerabilities breaks, millions of users are advised that their passwords and encryption keys could be at risk of compromise. Here's what you need to know and do.
When security experts from a renowned threat research unit discover not one, but two, critical local information disclosure vulnerabilities impacting millions of Linux users, it would be an understatement to say that this is a cause for concern. When those same security researchers develop proof of concepts for both vulnerabilities, across a handful of Linux operating systems, the concern level goes through the roof.
The vulnerabilities, impacting the Ubuntu core-dump handler known as Apport, and Red Hat Enterprise Linux 9 and 10, plus Fedora, with the systemd-coredump handler, are both of the race-condition variety. Put simply, this is where event timing can cause errors or behaviours that are unexpected at best, critically dangerous at worst. The vulnerabilities uncovered by the Qualys threat research unit fall into the latter category.
Exploiting CVE-2025-5054 and CVE-2025-4598, Saeed Abbasi, a manager with the Qualys TRU, said, could 'allow a local attacker to exploit a Set-User-ID program and gain read access to the resulting core dump.' Because both impacted tools are designed to deal with crash reporting, they are well-known targets for attackers looking to exploit vulnerabilities to access the data contained within those core dumps. Abbasi conceded that there are plenty of modern mitigations against such risk, including systems that direct core dumps to secure locations, for example, 'systems running outdated or unpatched versions remain prime targets,' for the newly disclosed vulnerabilities.
Abbasi went on to warn that the successful exploitation of these Linux vulnerabilities could lead to the extraction of 'sensitive data, like passwords, encryption keys, or customer information from core dumps.' All users are urged to mitigate that risk by prioritizing patching and increasing access controls. Abbasi said that when it comes to the Apport vulnerability, Ubuntu 24.04 is affected, including all versions of Apport up to 2.33.0 and every Ubuntu release since 16.04. For the systemd-coredump, vulnerability, meanwhile, Abbasi warned that Fedora 40/41, Red Hat Enterprise Linux 9, and the recently released RHEL 10 are vulnerable.
I have reached out to Canonical and Red Hat for a statement regarding the Linux password exposure threats.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Forbes
11 hours ago
- Forbes
3 Trust-Centric Strategies For Today's Leaders
Trust is given—until it's not. That's true in many industries, from real estate to restaurants to SaaS. An organization's ecosystem of customers, partners, and end-users often inherently trusts that organization to safeguard data and maintain security. However, as cybercriminals become increasingly sophisticated, leaders have their work cut out for them to maintain that trust. And once trust is lost, it can be very difficult to earn it back. Within real estate, concerns around fraud and security are top of mind. The majority of property managers have seen an increase in fraudulent renter applications, payments fraud and data security issues in the last year, according to AppFolio's survey of 2,000 property management professionals. As a result, 40% of property managers are more concerned than they were one year ago about online fraud incidents and 37% are more concerned about data security. This mirrors broader fraud and security trends that every business leader should be paying attention to. Seventy-nine percent of organizations experienced payment fraud attacks in 2024, while data breaches continue to increase. In the current environment, leaders must work across their ecosystem to foster trust and prioritize security. Here are three key areas to focus on. Prioritizing trust starts with your own internal company culture and employees. It's important to create an environment where employees feel comfortable raising concerns and asking questions. One way to do this is by taking a rewards-based approach to employee cybersecurity training, versus a punitive approach. The goal is for employees to speak up if they, for example, spot a phishing attempt—and especially if they think they've fallen for one. Rather than shaming employees, leaders should positively recognize those who bring attention to security or fraud issues. I've seen everything from thank-you emails to a paid lunch used as positive incentives. Thumbs Up Another important part of this strategy is creating channels for employees to report issues quickly and effectively. Anonymous reporting channels can make employees more likely to report concerns and enable security teams to identify potential issues before they turn into major breaches. What's more, this type of channel supports a wider culture of trust and transparency. Many trust practices are nearly invisible when they're done right. This means customers often only think about cybersecurity and fraud protection once something's gone wrong. One thing the AppFolio team has been working on recently is more outward-facing trust initiatives that allow our customers to 'see' and 'feel' our security measures. This is especially important in real estate. We're supporting high-stakes processes like payments, insurance and resident applications every day. Small steps can go a long way here, like enabling two-factor authentication for sign-in so users feel that extra layer of security. On a larger scale, we also proactively communicate around our responsible AI practices, including how we keep customer data private and secure. Concerns around data privacy and security continue to grow amid the rise in generative AI tools, according to Deloitte. We take our responsibility to our customers seriously and follow a strict framework of Responsible AI Principles to evaluate innovation for Fairness, Reliability, Privacy and Security, Transparency, and Accountability. We make this framework available to our customers on our website. Organizations don't just have a responsibility to protect their customers, but to protect their customers' customers as well. Trust and user experience intersect in ways many leaders might not be thinking about. Protecting end-user data is always crucial. Within real estate, residents expect the software they interact with to be secure. Applying for a rental home, signing a lease and moving into a new home can be stressful and overwhelming. Residents deserve an experience they can trust, especially when providing personal and financial information. Here's the tricky part. While end-users expect a secure experience, they also expect a seamless one. Sometimes, fraud prevention and cybersecurity measures can get in the way of that. We've all felt the frustration of being locked out of an account after forgetting a password. In real estate, clunky verification processes can slow down residents' journey of finding a new home. It's important to undergo proper UX testing and take steps to balance security with convenience. Make sure security and fraud prevention tactics are paired with an efficient, frictionless experience for end-users. The Trust Chain The stakes are high for organizations that want to protect their customers, their end-users and their reputation. Fortunately, there are numerous tools and strategies leaders can use to establish trust throughout their chain of impact, from internal culture to customers to end-users. When in doubt, focus on transparent and open communication with all key stakeholders. Make sure employees can bring up potential fraud concerns without fear of reprimand, share clear and straightforward messaging with customers, and build secure end-user experiences without sacrificing usability. With these tactics in mind, leaders will be well equipped to maintain trust throughout their ecosystem and take on ever-evolving fraud and cybersecurity threats.
Forbes
12 hours ago
- Forbes
5 Steps To A More Secure Organization
Renee Schafer, Director of Ops at Data Security Inc., leads strategic decisions and manages departments including R&D, production and sales. Do you remember the last time you changed your password? Depending on your answer, you could either be helping or hurting your organization. Today, connecting with people, ideas, information and devices digitally has never been easier. However, this convenience comes with a downside: a rise in data privacy breaches and security leaks. Cyber threats are becoming more sophisticated, making it necessary to safeguard sensitive information. As data continues to grow exponentially and storage becomes an increasing need, the methods employed by hackers and data thieves also grow. Here's how to protect valuable information: If you have not done so in a while, you should consider changing or updating your password. It's even better to update all your passwords in case your information has been compromised since the last time you changed them. This is especially important if 'password' is your current password. Often overlooked, a strong and secure password or passkey is the easiest of all the ways to defend your information from onlookers and hackers. Although it seems like a simple measure, according to a list NordPass compiled of the top 200 passwords used in 2024, over 3 million people used '123456' as a password, estimating that it would take a hacker less than one second to crack it. The National Institute of Standards and Technology has resources for individuals looking to learn more about what kinds of passwords are sufficient for securing their confidential information. Use a password keeper application to store your passwords; the good ones even provide strong password suggestions. If you are not actively using your computer or device, remember to lock it to keep it restricted from others. If you are working in a shared space or public place where you don't know the people around you, always lock your devices. Locking your computer screen also ensures that you are keeping confidential data safe from internal IT sabotage. This is the type breach that happens from within your organization by an employee or former employee trying to cause harm to an individual or business operations. Although one thing alone cannot prevent something like this from occurring, it is the most cost-effective and time effective. Have you ever dumped old documents in your trash can at home or at work? Have you donated an old computer, thinking that just erasing your information using the recycle bin is enough? The truth is that these types of disposals do not keep your personal information away from thieves, and you are risking identity theft or a breach. Dumpster diving or looking for data through discarded devices is a frequent practice. The FBI reported that, in 2024 alone, data breaches exceeded $16 million in losses. Dispose of your data properly by using a degausser or even physically destroying the hard drive. Setting up restrictions for users could help eliminate internal theft and fraud and aid the investigation if an attack such as this were to occur. Instead of giving unlimited access to every user in your organization or company, evaluate which users need what information and set up controls so that there can be a close watch of these folders or files. In addition, provide training in how to deal with this sensitive information and have resources available in a locked location or a place with restricted access. When items such as hard drives or solid-state memory cards become unusable, simply throwing them away is risky business. Cyber criminals can confiscate these devices for sensitive data. But there is a whole industry dedicated to the correct and secure disposal of information technology to aid in eliminating those crimes. Each company has its own standards and procedures for data destruction. In addition, the type of memory and the type of information on the device determines the type of destruction necessary to ensure ultimate data security. If the device you are done with has a hard drive, simply the act of deleting will not completely erase information. Recovery efforts can easily get it back, which is why degaussing or physically destroying a hard drive—like those found in computers, servers or external storage devices—is crucial. If the device has a solid-state drive, physical destruction is necessary. A solid-state drive is found within laptops, and solid-state memory chips are found in smartphones and other modern storage devices. Because the growth of data being created is greater than the rate at which we are creating places to store it, safe keeping (or elimination) of this valuable data is of utmost importance. These methods are cost-effective, easily implemented and can significantly decrease the chances of theft or a data breach. Unfortunately there is no 100% guarantee. However, taking these precautions and consistently using them within your personal and professional life can help protect you and your organization. Forbes Business Council is the foremost growth and networking organization for business owners and leaders. Do I qualify?
CNET
14 hours ago
- CNET
Bitdefender Antivirus Review 2025: I Found This Top-Rated Security Software Effective and Efficient
CNET's expert staff reviews and rates dozens of new products and services each month, building on more than a quarter century of expertise. 9.5 / 10 SCORE Bitdefender Antivirus $90 at Bitdefender $120 at Walmart Score Breakdown Performance 9 /10 Security 10 /10 Customer Support 9 /10 Usability 10 /10 Value 9 /10 Features 10 /10 Pros Very easy to use Fast scanning Minimal usage of computer processing power and other resources Comprehensive digital footprint visualization Excellent security ratings in third-party tests Extensive protocols for protecting your data Cons Individual plans only permit up to five devices VPN can significantly slow down internet usage Bitdefender Antivirus 9.5/10 CNET Score $90 at Bitdefender Bitdefender has long been one of the most popular antivirus tools, protecting over 500 million users around the globe. In recent years, Bitdefender launched additional security tools to protect you from online scams, data breaches and even identity theft. But how well do these tools work? And is Bitdefender worthy of a spot on our best antivirus list? I purchased Bitdefender Ultimate Security and spent a few days testing its antivirus, scam detector and online data protection tools to answer this question. I found Bitdefender's safety tools to be comprehensive, intuitive and highly effective. Some tools, like the VPN, are less than perfect, but they still get the job done, giving you reasonable protection without needing to purchase additional products. Bitdefender antivirus features Bitdefender's core antivirus includes real-time protection from viruses and other malware, scan scheduling and manual scanning tools. You can purchase it on its own or as part of a security suite. Bitdefender security suites include many more features, including a scam detector that analyzes emails and texts for signs of fraud. This is similar to McAfee's newly launched scam detection tool. Other security tools Bitdefender offers include a VPN, password manager, ad blocker/anti-tracker, digital identity protection, dark web monitoring and data breach detection to help you protect your privacy online. Higher-tier plans also include identity theft protection, stolen wallet protection, credit monitoring and investment monitoring to keep your financial data safe. Overall features sore Bitdefender provides antivirus protection for Windows, macOS, Android and iOS. The VPN and password manager are compatible with Chrome, Firefox, Safari and Microsoft Edge. This earns Bitdefender a 10/10 features ranking. Bitdefender antivirus plans and pricing If you only want antivirus software to protect a single Windows computer, you can choose the free version of Bitdefender Antivirus. Bitdefender also offers a free antivirus for Android. However, these products only cover one device each, and they don't include other safety tools like the VPN, digital identity protection or identity theft insurance. For total security, I recommend the Bitdefender Ultimate Security packages. All of these plans include full scam protection, a system-wide ad blocker/anti-tracker and a VPN with unlimited traffic allowances, plus varying levels of identity protection. Bitdefender Ultimate Security individual plans There are three Bitdefender Ultimate Security packages for individuals, with a maximum of five devices protected under each plan: Plan Identity protection features Who it's best for Price Bitdefender Ultimate Security Digital identity protection; breach detection; dark web monitoring; digital footprint visualization; real-time breach notifications Users who want to protect their information but don't have significant assets to protect $90 for the first year; $160 per year after Bitdefender Ultimate Security Plus Identity theft protection; stolen wallet protection, smart SSN tracker; identity theft insurance up to $1 million; credit reports and monitoring from one bureau Users with a moderate amount of assets to protect and/or significant reason to be concerned about identity theft $120 for the first year/ $190 per year after Bitdefender Ultimate Security Plus (Extended) Identity theft insurance up to $2 million; credit reports and monitoring from three bureaus; social engineering resolution + refund; ransomware resolution + refund; investment account alerts; change of address; court records monitoring Users with over $1 million of assets and/or significant reason to be concerned about identity theft $150 for the first year; $250 per year after Bitdefender Ultimate Security family plans There are also three Bitdefender Ultimate Security family plans, with features corresponding to the similarly named individual plans. These plans provide coverage for a maximum of five accounts and 25 devices and are priced as follows: Bitdefender Ultimate Security for families: $120 for the first year; $200 per year after $120 for the first year; $200 per year after Bitdefender Ultimate Security Plus for families: $180 for the first year; $270 per year after $180 for the first year; $270 per year after Bitdefender Ultimate Security Plus (Extended) for families: $200 for the first year; $350 per year after Bitdefender antivirus usability I purchased the Bitfender Ultimate Security plan and tested the software's usability in three key areas: account navigation, installation of the main antivirus and additional tools setup. Bitdefender impressed me at every turn with its simple layouts, fast installation and tutorials that helped me quickly get the hang of its many features. Account navigation It only took a couple of minutes to set up my Bitdefender account by entering my payment info and connecting Bitdefender to my Google account. I was directed to install the antivirus and VPN right away. I set the files to download and headed over to Bitdefender Central, a dashboard displaying my protected devices and existing services. Screenshot by Dianna Gunn/CNET Billing information, including the option to switch or cancel your plan, is accessed via the My Subscriptions link displayed clearly in the sidebar. Many websites -- including other antivirus sites like McAfee -- hide billing in hard-to-find corners or submenus, so I appreciated how easy it was to find this area of Bitdefender. Screenshot by Dianna Gunn/CNET Antivirus installation and setup Installing Bitdefender takes only a few clicks, mainly to give Bitdefender permission to access your data and override Microsoft Defender. Screenshot by Dianna Gunn/CNET The software takes a little longer to unpack than McAfee's antivirus, but I still had it up and running in five minutes. Once installed, Bitdefender launched an 'onboarding scan' that took roughly three minutes to quick-scan my computer for malicious files. From there, Bitdefender launched the core antivirus with tutorial boxes explaining its primary features. These tutorials are great for people who aren't technically inclined, and you can easily skip them if you don't need them. Screenshot by Dianna Gunn/CNET My only issue here is that clicking System Scan just launches a scan, with no option for scheduling scans. The scheduling tool is hidden away in Protection > Antivirus. This is frustrating because scan scheduling is one of the main reasons to buy antivirus software. However, it also seems to be a common issue among antivirus tools -- I had to go through a similar process to find the scan scheduling area of McAfee. Adding Bitdefender to my phone was also simple. I scanned a QR code in the Bitdefender dashboard, installed the program and gave it permission to protect my device. Like its Windows counterpart, Bitdefender for Android performed an immediate scan and then opened a dashboard where I could activate and configure various features. Unfortunately, the manual scan option isn't clearly labeled, but I found it in the menu at the bottom of the app with minimal difficulty. Screenshot by Dianna Gunn/CNET Additional tools Most of Bitdefender's additional safety tools, such as the scam detector and digital footprint monitoring tool, are accessed through the online dashboard. You enter your email address, provide the necessary permissions and let Bitdefender do the rest. The program will automatically run on its own, searching the web for your data and scanning your emails for signs of fraud while you go about your life. SecurePass, Bitdefender's password management tool, requires slightly more setup. You'll need to add the extension to your browser and create a master password before you can start adding your login credentials. This process is pretty similar to using other password managers like McAfee's True Key, though Bitdefender makes it somewhat easier for people switching from another password manager to bulk import login credentials. Bitdefender's VPN also requires a separate installation, but this process only takes a couple of minutes. Once set up, the VPN makes it easy to switch between locations, with both a search function and a list of available options. Overall usability score I found Bitdefender very pleasant to work with. You can get most of its features up and running in a few minutes by entering some basic information and clicking a few buttons. Clear labeling and built-in tutorials further simplify things for tech newbies, making Bitdefender accessible to even the least technically inclined among us. This earns Bitdefender a 10/10 usability ranking. Bitdefender antivirus performance With the basics set up, I spent three days testing the Bitdefender antivirus and online data protection tools, focusing on three areas of the security suite's performance: Background performance: How much of an impact Bitdefender made on everyday activities and the percentage of my computer's resources it used How much of an impact Bitdefender made on everyday activities and the percentage of my computer's resources it used Active scans: The percentage of my computer's resources Bitdefender used during active scans and how this affected my ability to complete everyday tasks The percentage of my computer's resources Bitdefender used during active scans and how this affected my ability to complete everyday tasks Additional tools: How fast additional tools were and how much they affected my ability to do ordinary tasks like surfing the web Most tools in the Bitdefender security suite had excellent performance during my tests. The antivirus active scans were particularly impressive, finishing much faster than comparable McAfee scans without using additional resources. However, the VPN significantly slowed down my browsing experience, so you may want to purchase a separate VPN. Note: I performed all tests on a Lenovo ThinkPad with an Intel i5 Processor. Bitdefender may perform differently on your computer, especially if you have an older setup. Real-time protection Bitdefender ran smoothly in the background while I did everyday activities like surfing the web, simple image editing and text document creation. Task Manager showed that Bitdefender was consistently using around 0.1% of CPU power and 1% to 2% of my disk space. This means you should be able to run Bitdefender without issue while performing high-resource activities like playing video games or editing videos. Active scans Resource usage during Bitdefender's onboarding scan ranged from 5% to 10% for both CPU power and disk space, allowing me to continue my regular activities without issue. This seemed impressive when compared to my first McAfee scan, which used significantly more resources and took multiple hours. However, this was a quick scan, not a full scan, and both the time and resource usage were similar to McAfee's quick scans. Screenshot by Dianna Gunn/CNET My first full scan took around 20 minutes and used between 40% and 50% of my CPU's resources, plus between 10% and 20% of my computer's disk space. Again, this was much faster than the first scan I did with McAfee, but the resource usage was similar to what I experienced with McAfee scans. The second and third full scans were even faster, taking around 10 minutes each, but used the same level of resources. I also ran two quick scans, which both took around two minutes and used around 10% of my CPU's power and around 10% of my disk space. This left plenty of resources for me to continue basic activities like surfing the web, plus more complex activities like video gaming. This was also comparable in speed and resource usage to the quick scans I ran when testing McAfee. Additional tools I started testing Bitdefender's additional tools by connecting the scam detector to my email address. The program began scanning incoming emails right away, marking them as safe or unsafe. I appreciated how simple this was and how little it interfered with my email usage. However, it only scanned emails in my inbox, not my spam folder. This makes sense -- Bitdefender lets email spam filters do the work there -- but I'd prefer comprehensive scanning across channels. Next, I ran the vulnerability scanner. This took around three minutes and identified several settings on my computer and browsers that could cause security problems. Bitdefender also provided advice on how to fix these issues, complete with buttons taking me to the settings areas of programs that contained vulnerabilities. This scan used 8% of my CPU's power and 0.1% of my disk resources, making it easy to run in the background while I performed other tasks. Digital footprint visualization and data monitoring took much longer to run their initial scans -- around an hour -- which makes sense because they're pulling data from all over the web. However, this process ran entirely on the Bitdefender website, so it wasn't using my computer's resources. In fact, the scanner didn't even need me to keep the site open, and it continued running scans after I shut my computer down, using the data it found to create a graphic representation of my digital risk level. Screenshot by Dianna Gunn/CNET The digital footprint went beyond McAfee's online account manager by finding not just accounts but also cookies and other data collected online. It turned up 667 websites with my data, which makes sense because I've used the same email address for 20 years and do most of my socializing and shopping online. Bitdefender provided buttons for me to request data removal from each of these sites, making it easy to regain control over my information. Bitdefender also gave me a digital identity protection score, which was much lower than my McAfee protection score. Bitdefender had me deep in the red, while McAfee put me in the yellow/mid-range. This is despite Bitdefender only finding three recent data breaches rather than the several years' worth of breaches McAfee uncovered, so I'm uncertain why the calculations are different. Regardless, Bitdefender caught many potential security issues and gave me actionable steps to fix them, leaving me thoroughly impressed. Finally, I set out to determine how much the Bitdefender VPN slows down internet usage. I started by running three Ookla speed tests without the VPN active. These tests showed that my base internet has an average ping of 3.6 Ms (milliseconds), an average download speed of 580.96 Mbps (megabits per second) and an average upload speed of 819.53 Mbps. (Disclosure: Ookla is owned by the same parent company as CNET, Ziff Davis.) I followed this with three tests connected to my fastest VPN server, located in Canada. This had minimal impact on my internet speed, with the ping staying at 3.6 Ms (milliseconds), download speed dropping slightly to 555.01 Mbps and a notably slower -- but still good -- upload speed of 550.99 Mbps. I didn't notice much change in my browsing experience with this VPN setting, either. Next, I tested my internet speed with the VPN set to various locations. I performed three tests for each VPN location and came up with the following averages: US UK France Germany Singapore Australia Download (Mbps) 469.85 282.28 123.86 340.43 277.24 275.65 Upload (Mbps) 269.25 5.39 34.5 428.71 99.6 242.59 Ping (Ms) 70.33 191.33 246.33 193.33 458 396 While not as extensive as our full VPN reviewing process, this shows that Bitdefender's VPN causes significant drops in speed. The difference wasn't hugely noticeable when using the US server, but I experienced significant slowdowns when using other servers. This suggests that Bitdefender's VPN isn't great, and that you're better off separately buying one of our most recommended VPNs. Overall performance score Bitdefender's performance impressed me at almost every turn. I appreciated how quickly it performed scans, its limited resource usage was and its thorough digital footprint tools. The only major disappointment was the VPN, which drastically reduced my internet speed, but this is a common problem among antivirus-based security suites -- I experienced it during my McAfee review, too. This earns Bitdefender a 9/10 performance ranking. Bitdefender antivirus security Next, I analyzed Bitdefender's third-party lab test results to determine how well it protects your devices from malware. I also scoured Bitdefender's privacy policies and searched for records of data breaches to determine how well Bitdefender protects your data. Antivirus Bitdefender's antivirus has earned a 6 out of 6 security ranking on every AV-Test test since June 2022. Bitdefender has also received numerous three-star protection awards from AV-Comparatives, a third-party lab whose tests are generally considered industry-standard. Most recently, in March 2025, AV-Comparatives found that Bitdefender had an online protection rate of 99.97%. The offline detection rate -- which measures Bitdefender's ability to detect malicious files on things like USB keys -- was slightly lower, at 98.7%, but not nearly as low as McAfee's 79.3% offline detection rate. This shows that Bitdefender provides comprehensive protection for both online and offline activities, with regular enough updates to protect you from new and evolving threats. Security for additional tools SecurePass uses the internationally recognized AES-256 encryption and HTTPS protocols most password managers use to protect your data. It doesn't stop there, though. It also uses SHA512 and BCRYPT encryption protocols to provide what it says is 'military-grade' security. You can further protect your passwords by setting up two-factor authentication with your phone or other secondary device. Bitdefender's VPN uses AES-256 encryption to protect data sent to and from VPN servers, plus the Perfect Forward Secrecy and Hydra protocols. This means every VPN session generates a new encryption key, and each encryption key is deleted from the software's memory the instant the session ends. This makes it safer than McAfee's VPN, which keeps encryption keys and will share them with law enforcement. Bitdefender doesn't keep logs of VPN activity, either, so you won't have to worry about the company sharing information from your VPN sessions with third parties or law enforcement. Notably, McAfee also doesn't keep logs, but it does still have some data that can be accessed through its encryption keys. Bitdefender's VPN also underwent a third-party audit in 2025, verifying the effectiveness of its privacy measures. However, Bitdefender doesn't state who conducted this audit or link to the audit, so we can't confirm its quality or results. Privacy policy and data breaches Bitdefender has an extensive privacy policy for home users outlining how your data will be used for training its security tools, with pseudonymization in place for most data points. This policy states that Bitdefender will generally only share your information with data processors for the purposes of providing improved customer support and personalized email marketing. While this may not be perfect for people highly concerned about privacy, it's much better than the lengthy list of third-party vendors McAfee reserves the right to share your data with. The only other context in which Bitdefender says it will share your data is if it's requested to do so by law enforcement. This is common among most antivirus tools and is unlikely to become an issue for the average person, but it's important to know going in. Bitdefender has additional security protocols for parental control data, ensuring that only you can access information about your children's device usage. This includes a refusal to share such data with third parties for marketing purposes and strict limitations on how data is stored, ensuring high-level security for your kids. All of these protocols have proven effective, as Bitdefender hasn't experienced a known security breach in well over five years. This shows that your data -- and your family's data -- is safe with Bitdefender. Overall security score Bitdefender's extensive encryption protocols keep your data safe from all kinds of malicious actors. Its privacy policy has gaps for certain marketing vendors and law enforcement, but Bitdefender's anonymization, pseudonymization and data erasure policies mean there won't be much personally identifiable data for them to share. This earns Bitdefender a 10/10 for security. Bitdefender antivirus customer support Bitdefender provides several ways for you to get support, starting with a knowledge base filled with tutorials and a community expert forum where you can get advice from users in the cybersecurity space. You can also connect directly with customer support via 24/7 live chat, email and phone. I tested most of these communication methods (excluding the community expert forum) to see how fast and helpful Bitdefender's support team is. I was somewhat frustrated at the beginning, as Bitdefender made me go through several steps before I could speak to a person, but the customer service agents I spoke to were fast, polite and helpful. Knowledge base Bitdefender's knowledge base is laid out well, with a search bar at the top and buttons to access various types of tutorials. Most of these links lead to step-by-step guides that use a mix of images and text to guide you through various tasks. They use beginner-friendly language rather than technical jargon to make tasks accessible to everyone, regardless of technical expertise. Screenshot by Dianna Gunn/CNET Bitdefender also has an extensive collection of video tutorials that walk you through setting up its various tools, plus strategies you can use to improve your overall digital security. This is a nice bonus, as many tech companies don't provide video tutorials at all or severely limit the video tutorials available. McAfee, for example, only had a few videos in its knowledge base when I tested it, which could be frustrating for people who prefer to learn visually. Direct communication Contacting Bitdefender is a highly involved process. You'll need to open the support area, select the type of issue you're having and confirm the subscription you're on. Bitdefender then suggests a variety of tutorials. These tutorials can be helpful, but I was a little discouraged by what felt like a determined attempt to keep me away from Bitdefender's customer support team. Opening live chat directed me to an AI bot, which answered a few basic questions almost instantly. Unfortunately, it wasn't eager to pass me on to a live agent. I asked to speak to a person three times, and each time, the AI asked me to specify the topic I needed help with. When I stated a topic, the AI responded with a detailed answer about the topic and asked if I needed more help. It wasn't until my fourth 'speak to a person' request that I was connected with a human. The good news is that when I was connected, I received a response almost instantly. The agent I spoke to was polite, helpful and sorted my issues out in under five minutes. Bitdefender has several phone lines available, including Canadian phone lines in English and French. When I called, I was directed to a customer service agent almost immediately, who answered my questions clearly and succinctly. The whole interaction took less than three minutes and was even more pleasant than my chat with McAfee's phone support. Finally, I sent Bitdefender an email requesting a refund for my trial account. I received an automated email right away with a support ticket number and got a response in roughly an hour and a half. There were a few more emails back and forth, with an hour or so of waiting between each email, and my issue was resolved in around four hours. It wasn't the fastest service I've ever received, but I've certainly had worse email support -- and I couldn't find email support for McAfee at all. Overall customer support score Bitdefender makes you jump through a lot of hoops before you can speak to a person, but once you get to someone, you'll receive fast, high-quality support. The knowledge base is also extensive and user-friendly, so there's a good chance you won't need to speak to a person very often. This nets Bitdefender a 9/10 customer support ranking. Bitdefender antivirus value Finally, let's take a look at how Bitdefender's plans and pricing compare to other top antivirus tools. Specifically, let's consider McAfee and Norton, our other contenders for the title of best antivirus: Basic plan cost Mid-range suite cost and devices Most expensive suite cost and devices Standout security features Bitdefender $25 for the first year; $50 per year after $90 for the first year; $160 per year after; coverage for five devices $150 for the first year; $250 per year after; coverage for five devices Scam protection; digital footprint visualization; identity theft insurance of up to $2 million McAfee $40 for the first year; $120 per year after $90 for the first year; $200 per year after; coverage for unlimited devices $200 for the first year; $280 per year after; coverage for unlimited devices Scam protection; online account manager; identity theft insurance of up to $2 million Norton $30 for the first year; $60 per year after $50 for the first year; $120 per year after; coverage for five devices $100 for the first year; $200 per year after; coverage for five devices Genie Scam Protection; cloud backup; LifeLock identity theft protection; $25,000 ransomware insurance We can use this data to draw some conclusions about Bitdefender's value relative to other popular antivirus tools: Bitdefender's basic antivirus is at the low end of the cost spectrum , with the lowest introductory price andthe lowest renewal price of our top three antivirus tools. , with the lowest introductory price andthe lowest renewal price of our top three antivirus tools. Bitdefender's higher-tier plans are in the middle of the cost spectrum , with prices slightly above Norton's but not quite as high as McAfee's. This is particularly notable because Bitdefender provides a full $2 million of identity theft insurance on its highest-tier plan, which is otherwise only available through McAfee. , with prices slightly above Norton's but not quite as high as McAfee's. This is particularly notable because Bitdefender provides a full $2 million of identity theft insurance on its highest-tier plan, which is otherwise only available through McAfee. Bitdefender's five-device limit reduces its value since Norton's highest-tier plan -- which is actually less expensive -- can protect up to 10 devices. Moreover, McAfee's plans provide coverage for unlimited devices and are only slightly more expensive than Bitdefender's. Overall value score In short, Bitdefender provides great value for the average user and even better value for those with significant assets to protect. Its identity theft protections are more affordable than similar protection from McAfee. However, the five-device limit makes it less than ideal for users who have many computers or phones to protect. This earns Bitdefender a value ranking of 9/10. Bitdefender: Is it right for you? Before we get into my final recommendations, let's take a look at how Bitdefender performed in each of the categories we analyzed: Features: 10/10 10/10 Usability: 10/10 10/10 Performance: 9/10 9/10 Security: 10/10 10/10 Customer support: 9/10 9/10 Value: 9/10 This gives Bitdefender an overall ranking of 9.5/10, proving that it deserves its place on our list of the best antivirus tools. In fact, Bitdefender's excellent performance and value make it significantly better for most people than our former top antivirus pick, McAfee. However, Bitdefender's individual plans only cover up to five devices, so McAfee -- which earned an 8.8/10 rating during my hands-on testing and offers plans for unlimited devices -- may be a better choice if you have more than five devices.
