Bitdefender Safepay is released

Discussion in 'other anti-malware software' started by camarie, Jul 25, 2013.

Thread Status:
Not open for further replies.
  1. chimpsgotagun

    chimpsgotagun Registered Member

    Joined:
    Dec 1, 2012
    Posts:
    55
    I too hate making mistakes when i can't see the text. Who is watching above my shoulders anyway, when I'm at home and no gypsies around? Perhaps screen capture key loggers?

    Anyway, try making those like drummer patterns, e.g. make yourself a diamond like shapes at keyboard, containing 4 keys, starting from different keys ofc. Then use different patterns, e.g. for 6 keys long from those 4 key shapes, and change the starting point, do another pattern, then one more - 18 characters. Use arrows in notes if needed.
     
  2. JoeBlack40

    JoeBlack40 Registered Member

    Joined:
    Apr 1, 2009
    Posts:
    1,584
    Location:
    Romania
    Installed yesterday night.My first impression...needs more work.First of all,installation was blocked at 97% and after 10 min,still there.Uninstalled and rebooted.Second install,after 5 more minutes,it completes it.It opens,but it asks me to register.I put my credentials (i have an Bitdefender account),but the program tells me that the services cannot start and cannot log me,and a restart is required.Ok,i restart.I open safepay,and the first screen is that it needs to make a scan to be sure that my system is malware clean...and it stays like this more than 20 minutes,with 0%....so,i've made the right thing.Uninstalled.
     
  3. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    I believe that can be set off in the settings section for the software.

    From what you descibed appears this software is imitating Trusteer Rapport. Rapport will do the scan silently and if it finds anything, it will force a "virtual browser" setup to do your bank site connection. I have tried Rapport multiple times on different WIN OSes and ended up uninstalling it each time.

    I have to concur with Fabian from Emsisoft when I asked if Emsisoft was going to include this Safepay feature in EAM paid. The response was a definite no due to issues you just described.
     
  4. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,219
    Location:
    USA
    What you're describing is Safepay having a problem on your system, not the way Safepay behaves when it works properly. I've not had any of the issues you describe. The main issue I see with Safepay is it's too inconvenient to use. That's a consequence of the extra security it provides, such as no plugin support and total address space isolation. The inconvenience may be worth it to some people though. There's a difference between a program not working properly and providing more security than we're willing to deal with - the latter is not a defect.
     
  5. JoeBlack40

    JoeBlack40 Registered Member

    Joined:
    Apr 1, 2009
    Posts:
    1,584
    Location:
    Romania
    I've set Privatefirewall on learning mode and disabled Avira's realtime protection...or maybe Safepay doesn't like my system.Anyway,it's not a must for me,so...And i can tell you that is nothing wrong with my system...the PC's are sometimes like humans,have their likes and dislikes.What won't work for me works for you and vice-versa.
     
    Last edited: Jul 28, 2013
  6. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,219
    Location:
    USA
    Software interactions are complex and sometimes impossible for us mere mortals to sort out. You're quite right that it doesn't imply there's anything wrong with our systems. You wouldn't believe what I've been going through this morning trying to transfer an Office 2013 license to a different computer - actually you probably would believe it :argh:
     
  7. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    Pretty good review here: http://www.pcadvisor.co.uk/news/security/3461075/bitdefender-safepay-offers-secure-browsing-for-online-banking-shopping/.

    I am getting up the nerve to give it a shot. Just did an image backup. If the malware scan cannot be stopped at Safepay start up each time via option setting, that will be a show stopper for me.

    I just remembered that PC Advisor article stated SafePay used Google's Chrome browser with a few Bitdefender mods. I refuse to have anything that is associated with Google on my PC.
     
    Last edited: Jul 28, 2013
  8. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,219
    Location:
    USA
    According to this article the Safepay browser is based on Chromium:

    https://www.networkworld.com/news/2...61.html?source=NWWNLE_nlt_security_2013-07-29

    Edit: The article at networkworld.com looks like a reprint of the one at pcadvisor.co.uk. They're not really reviews - no actual testing is done - just a recount of the feature set.
     
    Last edited: Jul 29, 2013
  9. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    Yes, I extrapolated at bit:

    The real question is if it protects the "two man's" - in the middle and browser, prevents any browser modification from external source, anti-screen and key capture, etc. etc. Only detail testing will determine that.

    A statement can be made that since you have created your own browser, you can do anything with you want - good or bad. Also as the creator you are 100% responsible for maintaining it security wise from the multitude of daily zero day stuff out there.
     
  10. camarie

    camarie Registered Member

    Joined:
    Aug 17, 2012
    Posts:
    12
    Location:
    RO
    I understand your concern. We will probably fully integrate Wallet in Safepay in the near future - and I suppose this will help users having to deal to many complex passwords.

    Cristian
     
  11. camarie

    camarie Registered Member

    Joined:
    Aug 17, 2012
    Posts:
    12
    Location:
    RO
    Safepay does not do anything on its own. What can happen - and I suppose this happened, without any other proof - that you can go on www.acme.com which have an IFRAME to a commercial to another domain which is a bank. Depending on geolocation, for example, or DNS, as pointed out already, a commercial URL can be to a romanian bank (I have seen this, obviously, being in Romania). The HTTP traffic generated to the bank URL is intercepted by the traffic light component, which fires internally an event to a Safepay bridge component; this checks the domain, sees it's a bank, and fires Safepay (if set to automatic) or displays an alert (if set to ask mode).
    As for redirects, absolutely no. There is no redirection done by Safepay in any circumstances. The only thing Safepay does with an URL is to check it and block (not redirect) if matches one of the malware categories (malware, phising, fraud etc.)

    As for keylogger, this is plain false. Safepay intercepts print screen combinations, monitors clipboard for images and replaces them with a placeholder, and uses virtual keyboard to communicate directly with browser and bypass keyboard events generation (this is anti-keylogger). The forum's user comment in "Is Safepay really safe?" was probably a manifestation of frustration, which can be understandable, but cannot be taken seriously. I wrote the entire code of critical components of Safepay (in fact, except UI parts and update, I wrote them all), so I think I am entitled to a better opinion.

    The certificate implementation is a tough one, if possible. Besides obvious technical questions (a bank won't lend us certificates to test just for our sake), at least in Romania many banks emits certificates than can be used only in IE. The problem is still in analysis, but I didn't arrive at a complete way yet.

    Regards,
    Cristian
     
  12. NormanF

    NormanF Registered Member

    Joined:
    Feb 20, 2009
    Posts:
    2,874
    Its Google's open-source Chromium browser, to which BitDefender adds some proprietary features for extra hardening. :thumb:
     
  13. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    Below are the two comments from the Bitdefender forum related to redirects.

    Relating to this comment, it is obvious the poster was not visiting a web site in Romania. Nor do I suspect anywhere in Europe for that matter. So I really don't believe some browser cross-linking was responsible. In any case, this behavior is totally unacceptable for software that is supposed to be providing a secured connection to one's financial institution.

    Again, this type of behavior is unacceptable for software that is supposed to be providing a secured connection to one's financial institution.

    There are other postings of bizarre behavior of Safepay on the Bitdefender forum of SafePay and these relate to individuals who do not have the stand alone version.

    My opinion is wait till software "matures" a bit and has been independently tested by MRG.
     
  14. Well early eighties when real time connections between banking back offices and their offices were installed, there were no development frames or services, one had to design and program reusible frameworks yourself.

    When using encrypted semaphore's to identify pairs of connections (bank office worker at one of the many the green terminals at one of the many offices and one of the three back office mainframe centers on the back bone grid), I ran into a rookie problem of not having a university math grade.

    When you collect some characteristics of the user side of the connection and encrypt them into an identifying key (with date/time stamp to release the connection when it became unresponsive/hanged), you are surprised how many encryption clashes were generated in practise (different input fields from different sources leading to the same encrypted id key) when the system load increases.

    Identical connection identifyers (derived through encryption) caused the same jumps in workflow. An office employee A at location B, from mainframe server 1 got the connection of employee C at location D, from mainframe server 2 when he/she switched from screen (in general entered data and pressed enter, next , previous etc)

    This is because the connection actually is not a contineous connection, but when the employee is typing the connection is swapped out to save bandwith and server processing threads (asynchroneous communication). I looked for bugs, but in the end it was a rookie mistake: no sufficient math knowledge to calculate the chance of encryption key clashes. A key clash generates an identical key, hence the unexplanable jumps in connections. When you look at the length of the key/encryption compared to the number of users a rookie in math thinks he is safe, but as soon as the input is collected from different fields (fixed pairs), the risk increases exponentially.

    In my case the time it took to mature was three months, as a team lead I had to explain to board of directors and was asked to seek work elsewhere. :oops:
     
    Last edited by a moderator: Jul 31, 2013
  15. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,219
    Location:
    USA
    It's appropriate to play devil's advocate and say we don't know anything about the user who posted the "Romanian bank" redirect comment. We don't know what he actually did Vs what he thinks he did, and since he immediately closed the program he doesn't know either. Proper testing is required to see if the behaviors can be reproduced.
     
  16. When it is caused by encrypted key clashes, proper testing is a problem. It is very hard to reproduce the problem in a test environment, because you won't get the system load of the real production environment nessecary to generate an identical encrypted key.
     
  17. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,306
    I assume that Safepay can be used with any AV such as F-Secure?
    Thanks,
    Jerry
     
  18. harsha_mic

    harsha_mic Registered Member

    Joined:
    Mar 11, 2009
    Posts:
    815
    Location:
    India
    Sorry in advance if the question is not meaningful, i would just like to get an opinion on these by our beloved experts :)..


    What difference it does make or adds an extra protection offered by safepay
    when compared to firefox when configured as below
    - Adds Noscript (and allow only first party domains)
    - Add ABP
    - Block Mixed Content (thru about:config)
    - Rapport
    - PDF.js is set as default for viewing online PDFs
    - Flash runs in its own sandbox
    - No Java

    I know few of them since this is based on chromium -
    - Has its own sandbox, so chrome content would be restricted
    - It does not block ads..
    - I think it does allow third party scripts..

    If it adds any value, what can be done to configured in Firefox to bring in Parity. At this point, with above configuration in firefox, i do not see any slow downs while browsing multiple sites. Just occasional hangs for a second or two when firefox is started initially or opening multiple sites at once. I think i would be adding Request Policy 1.0 when it comes out of beta.
    And FFv23 brings CSP..I believe it puts an end to XSS to a certain level.

    Thanks,
    Harsha.
     
    Last edited: Aug 1, 2013
  19. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,868
    Location:
    Outer space
    The protection idea of Safepay and alternatives from competitors is generally not to create a very secure browser to prevent infection, but to protect the browser from the rest of the system. If you would be infected by a banking trojan, then the the trojan cannot alter the browser process, log keystrokes, capture screenshots etc.
    EDIT: I just saw you also listed Rapport(as in Trusteer?), so then you already have that protection, without having to open a separate browser.
     
  20. harsha_mic

    harsha_mic Registered Member

    Joined:
    Mar 11, 2009
    Posts:
    815
    Location:
    India
    Yes..

    Excellent Thanks. I want my all browsers to have minimum protection even when the system is infected (though i hate to see myself in this situation :) , For any doubtful activity, i always open the browser in sandboxie just to be sure..) like banking trojans. I think rapport should be coming into play here...

    And thanks for the reply.
     
  21. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,306
    I installed the free version on my laptop where I have F-Secure. All went well, and I went to my bank and PayPal. No problems.

    However, my main objective is to secure the laptop when using an unsecured WiFi. I have in the past needed to do some financial transaction away from home in a hotel. It appears that only the paid version will provide the security needed in those cases.
    I realize that using unsecured WiFi is not a good situation, but if necessary I would like to have the additional security.

    I have KIS on my desktop, and was using Avast Pro on the laptop. I am trying out the free F-Secure AV, and hoped the free version of Safepay would do the job. I do understand that it is not unreasonable for one to pay for such applications, and I appreciate BDs providing the free version anyway.
    F-Secure is running so well I might keep it for the year, but would like to have the security if on an unsecured WiFi

    Regards,
    Jerry
     
  22. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    What would be an interesting test for Safepay is to add it as an app to EMET 4.0 and see what happens. I strongly suspect that Safepay will crash.
     
  23. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    I came across this thread in the Bitdefender forum of what actually Safepay provides: http://forum.bitdefender.com/index.php?showtopic=37584. I really didn't see anything "earth shattering" in the protection provided.

    Trusteer Rapport will block all attempts at browser modification; good or bad. Note: I am not by any means recommending Trusteer Rapport.
     
  24. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,306
    BD Safepay makes the claim that the paid version will be effective when using an unsecured WiFi. KIS does not according to my question on their forums.
    Of course the advice is not to use an unsecured WiFi, but that is no help if you must do a financial transaction on the unsecured WiFi.

    I am not sure that Trusteer will provide security when using an unsecured WiFi.

    Jerry
     
  25. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,219
    Location:
    USA
    For the simple reason that what you pay for is a VPN subscription.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.