Bullguard Security Vulnerabilities!

Divine_Barakah

Level 33
Thread author
Verified
Top Poster
Well-known
May 10, 2019
2,289
Was reading Bullguard review on TechRadar and was shocked tbh. What do you think guys?

Security vulnerabilities​

BullGuard Antivirus enables users to define exactly what they want to be checked in Quick and Full system scans, and we noticed these settings were stored in plain text files without any special protection. An attacker could replace the default settings with their own, turning off just about every scan option, greatly reducing the chance that BullGuard would detect anything at all.

As an example, running an initial Quick Scan on our review system with the default settings took around seven minutes. After replacing the Quick Scan file with our own, where every possible scanning option was turned off, it checked so little that the scan was complete in about five seconds.

In another more serious problem, we were able to disable BullGuard's file system filter driver with a single standard Windows command (requiring admin rights). As a result, BullGuard Antivirus wasn't able to detect malware as it was downloaded, unzipped or otherwise saved to, or opened from our hard drive.

It's important to put these issues into perspective. The scan settings vulnerability only affected on-demand scans, for instance, leaving BullGuard's real-time protection working as usual, blocking threats as they appear. And even if an attacker also disabled the filter driver, BullGuard Antivirus isn't finished. URL filtering will still block attempts to download malware from a known dangerous site, and the behavior monitoring layer is constantly looking out for suspicious processes.

We raised our concerns with BullGuard, anyway, and the company responded quickly. It rolled out a fix for the filter driver issue almost immediately, closing the more serious security hole. The lesser scan settings issue had already been fixed in BullGuard's Small Office Security product, BullGuard explained, and the consumer products will get the same update in the next release.

We're happy to accept that the risks here are largely theoretical. It would take some effort to exploit these vulnerabilities, and there's not the slightest evidence that's ever happened.

They still constitute worrying mistakes, though, especially leaving the filter driver unprotected. If BullGuard missed this issue, are there other problems it's failed to spot? We have no idea, but this has to be a concern.
 

Divine_Barakah

Level 33
Thread author
Verified
Top Poster
Well-known
May 10, 2019
2,289
Sounds good.
But what about this?
They still constitute worrying mistakes, though, especially leaving the filter driver unprotected. If BullGuard missed this issue, are there other problems it's failed to spot? We have no idea, but this has to be a concern.
I always prefer that security companies should work more on tuning and fixing bugs before introducing new features. I am not bashing Bullguard here (I do like it), but I am talking about every single security solution out there especially those "small" companies that purchase license from other big names.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top