BitDefender TrafficLight (BETA): Social Web Security, Re-invented

I should clarify I am testing the Chrome extension only. And - no such thing like report broken page or feedback there. Just a help link.

 

files on ur HD dont change constantly. and traffic light does give u an ignore option. just saying that a static whitelist of sites will not be right for something like this

 

To the left side of the SETTINGS button resides the Feedback button - "Share your opinion about TL with BitDefender'..

 

Have you tried the ignore option? Might be a bug but whenever you navigate inside the site that triggered BTL, you get the same warning. It is not really usable this way.

I have developed a blindness for social networking related junk. I would suggest rewording the pop-up tip from "share your opinion..." to something more explicit (like Submit feedback/Report issues") and changing the bubble to something else as well. (I do not want to chat as the bubble suggests, I want to report a problem.)

 

I've seen one of the blocked URLs images, when I installed TL to a relative (Chrome extension), and it was related to the EICAR file (the file eicar.com, if I'm not mistaken).

But, I went to the EICAR test website, and TL didn't spot anything? Does anyone else get the same result?

Could you guys simply create a test URL, where we could test whether or not it's working? Without having to test it with real malicious domains, that is.

 

well then id consider that to be a bug that should be addressed by BD

 

Here -http://trafficlight.bitdefender.com/features.html you may see an image showing that it blocks the EICAR file. But, Chrome extension does not block it. Going to its settings I see that it has "Malware Filter", so I'm assuming that Chrome extension should block this domain/file?

One other question. How are Google and Bing search results analysis performed? Are the links scanned in real-time for malicious content/fraudulent schemes? I'm asking this, because it flagged a domain no longer hosting a rogue security software. So, I'm assuming this ratings are provided by checking the domains against a database of known malicious domains?

 

The trafficlight.bitdefender.com/features.html page contains the features of the Webinstaller Product; we'll modify it to clearly reflect the differences between TL Product and TL Addons/Extensions - thanks for notice this!

Chrome extension has it's limitations - we simply don't receive notifications from Chrome when a file is downloaded
I know that Chrome Extensions SDK is still in development stage, let's hope that we'll soon have this support..

Regarding the search results, the links are scanned in our cloud servers only; scanning them with local engines also imply the download of all resulted sites and this can take quite long..
Maybe in a future version we'll put an option for advanced users - if they want to scan with cloud or with local engines
In the meantime, if you have the Webinstaller Product, you can access this hidden option here - http://www.bitdefender.com/settings/{75A055E2-0420-4215-A3AF-AB380BC611FD}

Also, if you have a website still flagged by the search results component, would you please report it thru the Feedback page - 10x

 

OK. That makes sense now! I was getting confused.

But, could you explain how exactly does TL's Malware Filter setting (Chrome extension) work? How will it protect me from malware?

Not exactly my doubt. I was wondering how TL (Chrome extension) scans the URLs that appear in Google and Bing search results. Will it verify the results against a database of known malicious domains... or will it simply scan the results for any malicious content, whether or not the website is already known to be hosting malicious content?

Chrome's extension obviously works differently from the full installer, which is why I'm making all these questions.

But, it would actually be nice to have a mixture of local and cloud protection... I think it would decrease the time to scan the URLs and decrease work on your side

Thanks for the tip.

Sure will...

 

@ Iulika0069

Could you guys work on the compatibility issues between TL and AVG LinkScanner Safe-Search extension?

Having both enabled TL never displays results, and Safe-Search doesn't show more info when placing the mouse cursor over its ratings. Disabling TL makes Safe-Search work OK. **

Safe-Search extension comes bundled with AVG LinkScanner -http://download.avgfree.com/filedir/inst/avg_smf_x86_all_2011_1321a3540.exe

The extension is placed under C:\Program Files\AVG\AVG10\Chrome

Simply press SHIFT and right-click the extension and copy as a path to Chrome and install it.

I don't have my Chromium installation in the default folder, so I did that. I'm not sure if it would install if it detected it in its normal folder. Give it a try.

I'd appreciate if TL could work together with Safe-Search.

-edit-

All that is needed is to install LinkScanner, and the extension will be automatically installed. I run Chromium with JavaScript disabled most of the time, and forgot that with JavaScript disabled extensions won't work.

-edit 2-

** I decided to give both TL and LinkScanner one more try together, and this time TL displayed a rating for the first search result (first URL), but it kept itself on a loop for every other URL... same for LinkScanner (no rating would appear, at all).

Hope you guys can solve this. If you can't solve it on your side, perhaps you could in conjuction with AVG?

 

It will check each page that was fully loaded (OnDocumentComplete method) with our cloud servers - for both malware and phishing
Only the link page is sent, not the content or any parts of it
If the cloud servers respond with 'this is malware/phish' - the page is blocked

I'm sure that you already know this, still, to generally clarify once again: the full TL Product scans the accessed pages with local engines (malware and phishing)

Is the same process as above - only the links are scanned in the cloud
If your question is 'how internally your cloud works?', unfortunately I'm not allowed to disclose that info right now

In Chrome extension we have a version of local anti-phishing engines

Do you use it? I mean, uncheck the option, to allow TL to download and scan (locally) all search result links?

 

We'll look into this issue; by 'TL' you mean the webinstaller product, right?

 

Two things here:

1/ I actually get the page loaded first (almost completely) with the Chrome extension and then "blocked".

2/ This is another FP at the same time.

 

No, I mean TrafficLight, Chrome extension. I still haven't tried the webinstalle version, to be honest.

Maybe someone else could check if the same issues happen between LinkScanner Search-Shield component (provides ratings) and TrafficLight (webinstaller version) for Internet Explorer and other browsers.

 

Not yet. As I mentioned in my previous post (the one before this one), I'm using Chrome extension, and not the webinstaller version. But, I thanked the tip, because it might be useful if I start using the webinstaller version.

 

It's my pleasure to disclose to you guys a sneak preview of the TL FF Add-on
We've shrank the drag button and make it green/red/yellow/grey; and, of course, resolve the issues that kept us from release it sooner

Enjoy it

P.S. Delete '.txt' extension from the file name (forum restrictions..) and open it into FF..

 

By the way, something I forgot to previously ask. Will BitDefender, once the beta phase ends, provide the full version as an offline installer, or will we still have to use a web downloader? It would be nice to have an offline version, just in case it's necessary to reinstall (an O.S clean install, for example). It would spare monthly traffic for those people using limited traffic connections.

 

Later edit: you are referring to the fact that you already have an older offline version, and you just let the product make the update of the anti-malware & anti-phishing engines.. And update the product, too, if it;s the case..
We'll think at this..

 

Thanks for the "sneak peek". A quick test shows that the TL FF extension does not interfere with streaming Youtube video as the web installer did a while back.

By the way, is there a test URL that will trigger TL to block?

Thanks!

 

Not yet..

You can test with http://www.eicar.org/anti_virus_test_file.htm - at this moment only with eicar.com.txt

In the next version of the Firefox Add-on we should be able to scan the downloads too (in Chrome, this will not be available yet, as I mentioned in an earlier post)

 

1) It's a Chrome Extension SDK 'feature'

2) I've forwarded this to my colleagues who are in charge with the cloud services

 

Hopefully, Google will make the needed changes to allow extensions such as TrafficLight to properly work. One just needs to ask when they'll do it.

 

I don't know, Google seems to be pretty uptight about their APIs and other internal workings.

 

Not really sure about this, as I get the same thing with FF.

 

1. I was talking strictly about the part you mention - 'I actually get the page loaded first (almost completely) with the Chrome extension and then "blocked"'

2. It was a false positive from our cloud servers, should be fixed by now - 10x again for repoting this!