BD Safepay

Discussion in 'other anti-virus software' started by JerryM, Aug 24, 2013.

Thread Status:
Not open for further replies.
  1. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,221
    I am trialing BD IS, but cannot find out how Safepay works.
    Anyone who can help?

    EDIT: I found that if I go to a banking site Safepay comes up automatically. I also believe it protects in the case of an unsecured WiFi.

    Thanks,
    Jerry
     
    Last edited: Aug 24, 2013
  2. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,010
    Location:
    Christchurch, UK
  3. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,221
    Thanks, Blackcat.
    So far all is running smoothly.
    Jerry
     
  4. qakbot

    qakbot Registered Member

    Joined:
    Aug 25, 2010
    Posts:
    380
    All these Safe Money features that attempt to protection your browser even if your machine is already infected, are totally useless. If your machine has been compromised, it has been compromised and nothing that you do on it can be considered to be protected or safe.

    http://kasperskysucks.blogspot.com/2012/12/kaspersky-2013-safe-money-another-scam.html

    It would appear that Kaspersky and Bitdefender are at each other's throats.
     
  5. vojta

    vojta Registered Member

    Joined:
    Feb 26, 2010
    Posts:
    830
    'kasperskysucks.blogspot.com' ... ok, not biased at all.
     
  6. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,730
    Location:
    localhost
  7. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,221
    Thanks. I already knew that.
    Jerry
     
  8. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    I think each person needs to read the test methodolgy that MRG uses for its banking tests and draw their own conclusions.

    MRG is using a simulator because as they state, it is the law in the UK. They are prohibited from using "live" financial malware in their tests. My own opinion is that their test is better than no testing and that is about it. It is not a "real world" test and more closely resembles a lab simulation.

    The last Matousec banking test: http://www.matousec.com/info/reports/Online-Payments-Threats-2.pdf gives a more real world test in my opinion. BTW - guess who scored highest in this test? Kapersky.
     
    Last edited: Aug 26, 2013
  9. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,771
    Location:
    Outer space
    MRG did use live financial malware, they test with 100 ZeuS samples, however with real financial malware, if it is able to steal login info, how do you know? It is sent to the criminals Command & Control server, so you would need to hack it to find out, which is unlawful. So then you can only test if the products are able to prevent infection or at least warn the user not to bank when the computer is compromised. If you want to test if products are able to prevent information stealing when infected, you'll have to use a simulator which uses the same techniques like real financial malware, but sends the captured info to a server controlled by you, so you can check if it is valid information or random encrypted characters.

    Btw, if you read the Matousec report, they don't use live malware either.
     
  10. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    The Matousec .pdf report gives a very detailed analysis of each test it performed. And it pretty much includes the entire spectum of commonly known financial malware techniques. It also included multiple keylogger tests.

    In any case No.1 was Kapersky's Safe money and a close second was BitDefender's Safe Pay. Note that the version of Safe Pay tested was that included within Bitdefender IS.

    Using EMET's 4 certifcate pinning will go a long way in blocked SSL man-in-the-middle malware.
     
    Last edited: Aug 26, 2013
  11. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,771
    Location:
    Outer space
    Quote from the report:
    "we have implemented 15 tests that share a main goal – to steal credentials
    from PayPal and eBay.. ..The techniques of the created tests have been inspired by real-life malware
    "
    Like you said, they create their own test tools which uses techniques used by commonly known real-life malware, so not live malware and the same concept as MRG's simulators, but they call it a test and MRG calls it a simulator. Here's Merriam-Websters definition of simulator:
    ": one that simulates; especially : a device that enables the operator to reproduce or represent under test conditions phenomena likely to occur in actual performance"
    By this definition, Matousec's test can be called simulators as well.
     
Thread Status:
Not open for further replies.