BD Safepay

I am trialing BD IS, but cannot find out how Safepay works.
Anyone who can help?

EDIT: I found that if I go to a banking site Safepay comes up automatically. I also believe it protects in the case of an unsecured WiFi.

Thanks,
Jerry

 

Jerry

have you seen this thread; https://www.wilderssecurity.com/showthread.php?t=350972&highlight=SafePay

May also be of interest; https://www.networkworld.com/news/2...61.html?source=NWWNLE_nlt_security_2013-07-29

 

Thanks, Blackcat.
So far all is running smoothly.
Jerry

 

All these Safe Money features that attempt to protection your browser even if your machine is already infected, are totally useless. If your machine has been compromised, it has been compromised and nothing that you do on it can be considered to be protected or safe.

http://kasperskysucks.blogspot.com/2012/12/kaspersky-2013-safe-money-another-scam.html

It would appear that Kaspersky and Bitdefender are at each other's throats.

 

'kasperskysucks.blogspot.com' ... ok, not biased at all.

 

That web page is posting non-sense... you can check this:
MRG Effitas Online Banking Browser Security Assessment Project Q2 2013
For both performances with tests and real malware

I cannot beleive users here cannot distinguish from near to serious reviews and biased/low profile blog posts.

 

Thanks. I already knew that.
Jerry

 

I think each person needs to read the test methodolgy that MRG uses for its banking tests and draw their own conclusions.

MRG is using a simulator because as they state, it is the law in the UK. They are prohibited from using "live" financial malware in their tests. My own opinion is that their test is better than no testing and that is about it. It is not a "real world" test and more closely resembles a lab simulation.

The last Matousec banking test: http://www.matousec.com/info/reports/Online-Payments-Threats-2.pdf gives a more real world test in my opinion. BTW - guess who scored highest in this test? Kapersky.

 

MRG did use live financial malware, they test with 100 ZeuS samples, however with real financial malware, if it is able to steal login info, how do you know? It is sent to the criminals Command & Control server, so you would need to hack it to find out, which is unlawful. So then you can only test if the products are able to prevent infection or at least warn the user not to bank when the computer is compromised. If you want to test if products are able to prevent information stealing when infected, you'll have to use a simulator which uses the same techniques like real financial malware, but sends the captured info to a server controlled by you, so you can check if it is valid information or random encrypted characters.

Btw, if you read the Matousec report, they don't use live malware either.

 

The Matousec .pdf report gives a very detailed analysis of each test it performed. And it pretty much includes the entire spectum of commonly known financial malware techniques. It also included multiple keylogger tests.

In any case No.1 was Kapersky's Safe money and a close second was BitDefender's Safe Pay. Note that the version of Safe Pay tested was that included within Bitdefender IS.

Using EMET's 4 certifcate pinning will go a long way in blocked SSL man-in-the-middle malware.

 

Quote from the report:
"we have implemented 15 tests that share a main goal – to steal credentials
from PayPal and eBay.. ..The techniques of the created tests have been inspired by real-life malware"
Like you said, they create their own test tools which uses techniques used by commonly known real-life malware, so not live malware and the same concept as MRG's simulators, but they call it a test and MRG calls it a simulator. Here's Merriam-Websters definition of simulator:
": one that simulates; especially : a device that enables the operator to reproduce or represent under test conditions phenomena likely to occur in actual performance"
By this definition, Matousec's test can be called simulators as well.