BitDefender TrafficLight (BETA): Social Web Security, Re-invented

Build 79336

 

Thanks. Just checked the extension with latest chromium build and chromium passes block reflected XSS test

 

Just go to about:flags and enable the XSS Auditor. No extension needed for this.

 

Any 'web security' is bound to fail some times so the only solution for now it seems is sandboxie so...... may it be AVG linkscanner,BitDefender TrafficLight etc is not fool proof.

 

You got it wrong. For some reason Google Chrome would fail the "block reflected XSS test", with BitDefender TrafficLight installed. BitDefender TrafficLight is not providing such protection.

I gave it a run with Chromium, with BitDefender TrafficLight, and Chromium passed the test.

Google Chrome, according to user sm1 would pass the test with the extension uninstalled.

There seems to exist a conflict between Google Chrome and the extension... but not with Chromium.

 

Ah, OK...

 

Hello guys,

As Jaymzu, I'm part of the TrafficLight team too and I'll try to keep an eye on this thread

Regarding the youtube problem, we didn't manage to reproduce (and therefore isolate) the problem, so I'll ask you guys to post here or on the TrafficLight (TL ) page some details about this issue:
- most important, if it's the extension or the full product (webinstaller)
- operating system, Browser, other AV / security solution installed
- it happens all the time or just randomly
- after some Refreshes, it start working?

As for the http://www.browserscope.org/security/test page, it's a known issue that we're try to fix; some clarifications still:
- the interface (small button & 'toolbar') does not appear, but
- the http/https traffic is still intercepted and scanned for malware/phishing

 

Also, we're planning a new release early next week with some minor changes and with support for SeaMonkey, Avant and SRWare Iron browsers..
L.E.: I'm referring to the full product (webinstaller)

 

Hello Iulika0069. Welcome.

Will this "issue" be addressed, as pointed by user SweX in the next version?

 

so when will the firefox standalone add-on be released?

 

Thanks for supporting Iron!

 

Yes, it will be fixed

 

I'll get back with this next week.
It's a matter of [a few] days..

 

It will be better separate addons are available for popular browsers like IE.Firefox, Chrome, Opera and Safari as this will not conflict with web scanning part of av installed in the system and also the addon will work properly with browsers isolated by programs like sandboxie, bufferzone and geswall

 

The extension has a bug for me with Chrome. It deactivates some login boxes then I can not click to type in.

 

Hy guys,

Regarding the Firefox extension, at the moment we have some issues and I wouldn't want to release a version which will cause browsers to crash or use up processor (like one bug we had).

Regarding the fact that tomorrow is Friday and during weekend will probably not be released , I would count next week as a release date, and if not an official release , maybe a preview for this community since you guys have provided us with lots of feedback.

Best regards,

Daniel

 

By the way , an update will be available which will be adding support for some extra browsers Avant , SRWare Iron , SeaMoney, Maxthon and some minor fixes.

Users who already have TrafficLight installed will be updated to the new version , for all the others you cand download it tomorrow from our website.

Probably it will be the first and last major update , since we are looking into performance tuning regarding browsing speed penalties .

Best regards,

Daniel

 

Hi zeustl,
Thanks for the news. Waiting agerly for the major change...

 

What about the AntiFraud Filter?

 

AntiFraud filter will be available first for the extension , we are still working on it since we don't want to give FP's on legit websites.

 

Could you be so kind and give one or two sites where you noticed this issue, we would be really gratefull.

Thanks

 

I'm confused about this.
I just went into about:flags and enabled the xss auditor.
I don't have traffic light installed yet.
Am I protected now or not?
Thanks.
Hugger

 

It has nothing to do with XSS auditor. With this extension installed chrome 10 fails block reflected XSS test done by browserscope.org. If this extension is removed chrome passes this test. This issue is not seen in chromium builds but only with official google chrome 10.

 

Hey ,

About this issue , i tested it with the extension switched off (uninstalled it even) and Block reflected XSS fails even so.

Deleted every thing in Chrome and the test look like this
PASS postMessage API
PASS JSON.parse API
FAIL toStaticHTML API
PASS httpOnly cookie API
PASS X-Frame-Options
PASS X-Content-Type-Options
FAIL Block reflected XSS
PASS Block location spoofing
PASS Block JSON hijacking
PASS Block XSS in CSS
PASS Sandbox attribute
PASS Origin header
PASS Strict Transport Security
PASS Block cross-origin CSS attacks
FAIL Content Security Policy
PASS Cross Origin Resource Sharing
PASS Block visited link sniffing

 

zeust1, you should have first tested chrome before the extension is installed. For me chrome passes block reflected XSS test without the extension in every time I did the test.