If my PC is infected ...?

I am brand-new to Bitwarden. It was installed by my computer security consultant, who also ripped out Norton 360 and replaced it with ESET Endpoint Antivirus. Nevertheless, Norton Safe Web (which puts the little green checkmarks, red Xs, etc.) next to the links in search results, apparently still functions – perhaps because it’s an extension.

I’ve been keeping Bitwarden open in my browser because I’ve been adding passwords to it and learning how to use the software. When I searched today for a website I used to visit, I found a link that I thought might belong to it; and there was no indication from Norton Safe Web one way or the other (I’ve noticed that it can lag sometimes in assigning safety ratings). However, as soon as I clicked on it, I was blocked and the most severe alert available in Norton Safe Web appeared, warning me that the site was known to be dangerous.

I was immediately concerned that, despite Norton’s blocking me, I might nevertheless be infected. Searching the web, I found some reassurance, but it was suggested I run an antivirus program anyway. Since Norton 360 is no longer on my machine, I ran the ESET program, which found nothing. I’m in the process of running Malwarebytes to check for malware.

I have just spent part of the afternoon loading my most sensitive passwords into the vault, and now, since the vault was open, I’m wondering if I should now go in, change all the passwords to these sites and change the password for Bitwarden as well. I’ve been reading that, if a computer is compromised, and Bitwarden is opened, the violator has access to everything.

I have a couple of questions: (1) Am I just being a worrier? (2) Should I leave Bitwarden closed at all times unless I need it to log onto a site?


P.S. I selected “cloud-default,” above, because I had to select something, but I have no clue what it means.

@Ann Welcome to the forum!

Yes! For exactly this reason. If you find that you are in the habit of logging in to multiple sites in a similar timeframe but not immediately one after the other (e.g., within a half-hour of each other), then you could extend the vault time-out period to suit your work habits. But generally, keep your vault locked when not in use.

Technically, this is true. However, the malicious link that you clicked on was blocked, and your malware scans came up clean. In addition, to access your vault data, malware would have to scrape the contents of your computer’s RAM and analyze those contents; my understanding is that malware that exists today typically doesn’t go through such trouble. It’s theoretically possible, but unlikely to occur in practice.

Thus, your vault is probably OK. However, if you know that you are going to be worrying, at couldn’t hurt to change at least the most sensitive passwords (for bank accounts, etc.). You might also change your master password and rotate your account encryption key.

This is the correct tag for you. Some advanced users run the Bitwarden server software on their own server hardware instead of registering for a cloud account on bitwarden.com — in that case, the self-hosted tag should be selected.

1 Like

Hello Ann, and welcome to the community!

  1. You virus app/extension blocked the connection. You ran multiple virus apps on your computer and found nothing. It’s a rare malware/compromise that would happen just because you click on a link. I would have been comfortable by just the first measure, blocking the connection.

  2. Yes. It’s better to keep Bitwarden in “locked state” as much as possible, because your Bitwarden vault in memory would be encrypted as well. Bitwarden considers the locked state to be safe. You can lock you BW vault by using PIN or biometrics, and set the timeout action to “Lock” and the timeout period to be as short as you can stand. Personally I find Biometric unlock to be really helpful (but some people may go for PIN because they already use biometrics to unlock their devices), and so is “Login with device” feature (although some people avoid it because your password hash and master key get sent around encrypted using Bitwarden server as an intermediary).

ps: BW users have the option to self-host their own servers/vaults. By “cloud-default”, a poster basically indicates that they are not self-hosting, but is using the Bitwarden cloud/storage service.

Also, in my experience and understanding, using a Linux distro dramatically reduces your chances of becoming infected. A number of easy, accessible Linux distros these days.