BitDefender TrafficLight (BETA): Social Web Security, Re-invented

Ah, OK...

The FP can wait a bit, not really that I could not live with it. Already downloaded the new version of BSA anyway. Thanks.

 

Any reason why a cloud security mechanism reads as much as 500 MB or more during (one and a half hour) browsing.

Please explain

 

TL Chrome Extension scans for phishing pages, also with a version of local anti-phishing engines
So, if your Internet traffic where like 500MB, I expect that the tool you used to monitor TL extension to report that it read approx the same amount of data (from disk, not Internet)

BTW, could you tell how you mesure / which tool was used? 10x

 

The tool used was process explorer. My eyebrows did raise because I was not expecting so much I/O from a cloud based application. I could replicate the same under IE9, but difference between Chrome and IE9 are major. Could it be that IE9 generates only 10% of the disk I/O compared to Chrome.

To give an example, Chrome browsing session generated over 500 MB disk I/O, more or less same session with IE9 as browser generated just under 50 MB of disk I/O. The two browsing sessions were not completely identical, because I did not log my flow of events (was not actually testing it).

Regards Kees

 

Testing the firefox extension in Firefox 4. I have two issues. Search advisor is not working in seach results and the other is trafficlight site blocked information appears only after the malicious website is almost fully loaded. The redirection must happen a little quicker.

 

Take a look at post #146. The answer is there. It's related to how Chrome allows extensions to work. Unfortunately, AFAIK, unless Google changes that, will BitDefender TrafficLight team be able to work it out?

 

I am trying the Firefox extension given in post #141 as attachment. Forgive my ignorance, will the firefox extension work the same way as chrome extension? Are they both related?

 

How does TL compare with the Norton Insight feature that monitors downloads? I'm not asking which is better , just how the technologies differ and whether or not they're likely to step on each other. I know that "insight" is reputation based, but is that all or does Symantec do some verification in the cloud as well?

 

I think it's more comparable to Safe Web. Insight is a completely different type of program.

 

I'm not a Firefox user, but I believe that Mozilla is more open to extensions (what they need to work), so I'd assume you wouldn't be facing the same issue.

 

Yes, you're right. I thought TL scanned file downloads as well, but it doesn't.

 

For what I could see:
- insights looks like reputation check of IE9's smartscreen

- malware component of traffic light installer (not the chrome extention version) does check downloads also, don't know whether it is on hash or on real datafile(executable, packed file, etc).

 

As far as I understood from my dev team, FF extension will be able to scan for downloaded files, I'll get back with this in the next days..

Regarding TL installer, all the traffic is scanned with the full-blown anti-malware & anti-phishing engines - the same engines as BitDefender v2011

 

I have been trialing BD AV 2011 and havent used it in awhile. I have to admit, I am very impressed. It has really changed, the level of detection is almost unreal from what I have found. Right now I would put it number one in detection.

 

Wow..!! But does that mean that.. suppose softpedia hosts a software which is detected by Bitdefender, and then will Softpedia site be blocked?

 

Only that webpage / download link, not the whole domain - that's the beauty of TrafficLight

 

Try this one.
The redirection issue is still in progress..

 

I downloaded and installed the installer of TrafficLight. I downloaded 20 malware samples off two sites. TrafficLight did not stop any of them from being downloaded to desktop. The installed application, doesn't it scan files downloaded?

 

Thanks. Search advisor is working now

 

First of all, let's check if TrafficLight is installed properly:
- did you checked (at install time) the SSL Scan option? Are those samples on a SSL web-server?
- is the drag button (and the TL 'interface') appears in the loaded pages?
- is the eicar test file working?

If TL it's working, the only reason is.. at this moment we simply don't have detection on those samples
Can you please indicate the source of the malware samples? 10x.

 

I'm using it right now (Just the extension of Chrome).

I wonder if has some means of tests it, i.e. make sure it is really working, how?

 

I can point you to a domain (last time I checked was serving a rogue security app), which TrafficLight does flag red. You could always try that avenue and verify if it's working.

This does make me question the efficienceness of TL Chrome's extension. If, due to the limitations in Chrome's extensions SDK, TL only blocks the web site after the web site is pretty much loaded, could this mean that a drive-by download could happen anyway (Let's exclude Chrome itself, from the equation)? If so, the only advantage I see in the extension is to provide search engine ratings, no?

 

Such a web-page should be marked (in our cloud servers) as infected too, and blocked from the first moment you enter that page.
If not, indeed, you are not protected by TL Chrome Extension..

I'll get back with more info on this later on.

The rest of the features / 'advantages' remains:
- anti-phishing protection, with both cloud and local engines
- [comming soon] anti-fraud protection
- link scanner, as you mention
- all the extension are subject to active development and we'll try to include other security-related features, while keeping the small footprint on your system

And, not at last, if you are using Windows, you can give it a try to the TrafficLight Webinstaller - which also is in continuous development and we strive to bring an improved version in the next weeks

 

wen is the official version of the firefox extension going to be released on your trafficlight website/firefox addons site?

 

It could be of some help to us you shared some of the links you tested on. If not on the forum maybe you could send some more info at : trafficlight@bitdefender.com