SafeOnline - credential protection not working

Discussion in 'Prevx Releases' started by scarybeast, Dec 15, 2010.

Thread Status:
Not open for further replies.
  1. scarybeast

    scarybeast Registered Member

    Joined:
    Dec 15, 2010
    Posts:
    6
    Hi all,

    I just installed SafeOnline (Facebook Edition) into my banking VM (an XP 32bit VMWare appliance). The application is working fine, except that the credential protection is not working at all. Verified that with IE8 and FF3.

    Just for my understanding: How I got it is that when i.e. a specific password has been saved to a site and I'm trying to enter the same password when I log on to a different site, SO should complain about this, right?

    In IE8 SO sometimes offers to save passwords to a protected site, sometimes it does not. Manually assigning credentials does work, but the complain message that I expect when I try to log on to a different site with an already saved password does not appear at all.

    This is what I think should happen:
    1. open https://bankingsite.com
    2. assign password "xyz" to the PrevX entry for https://bankingsite.com
    3. open http://someothersite.com
    4. try to login to http://someothersite.com with password "xyz"
    5. PrevX should complain here

    In my environment Step 5 is missing.

    So, anybody can help here? Maybe I have a misunderstanding of how SO should work?

    Thanks for any advice.
     
  2. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Hello,
    The credential monitoring components have some logic in plave to prevent poor user experience - first by assessing what the likelihood is that the destination website is not supposed to receive the credentials (i.e. some websites have domains linked to them that are completely different) and that the text of the password won't cause unnecessary disruption (i.e. protecting "xyz" will prevent someone fron typing the alphabet and is too short to be a value password)

    If you could either post here or PM me with more specific details on what websites you're trying and a general format of an example password, I'll be able to better determine if there is an issue in your case .
     
  3. scarybeast

    scarybeast Registered Member

    Joined:
    Dec 15, 2010
    Posts:
    6
    Ok, I'll post here as others might be interested in this issue, too.

    Let's say I have an email account at a german mail provider called "web.de". My password there matches [0-9A-Za-z]{10}, e.g. "bvbH22QM4E" (of course this is not my real password). The logon page is "https://www2.club.web.de/". The password "bvbH22QM4E" is then assigned to this URL. To simply test credential protection I tried to logon to e.g. "http://www.wilderssecurity.com" with some username and the password "bvbH22QM4E", which is already locked to "https://www2.club.web.de/". I also tried to logon to other websites with the same password, but PrevX always asks me to lock the password to these websites, too:

    Would you like SafeOnline to automatically secure the password you have entered? This will lock the password onto the current website to prevent any accidental phishing attacks.

    Best,
    Tobias
     
  4. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,279
    Location:
    UK
    Do your passwords contain any special characters such as underscores, full stops, etc? The reason I ask is because password credential protection doesn't work properly if they do.

    I have previously reported this and received confirmation that this is indeed an issue. This could possibly account for the behaviour you are seeing - just a thought.
     
  5. scarybeast

    scarybeast Registered Member

    Joined:
    Dec 15, 2010
    Posts:
    6
    Hi pegr,

    thanks for the thought. I have read here that this can cause trouble, but for me it's not the case. The password I tested with only contains digits, letters A-Z and a-z.
     
  6. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Thank you for the testing. Could you let me know what your OS language and keyboard language are so that I can try reproducing it here?

    Thank you! :)
     
  7. scarybeast

    scarybeast Registered Member

    Joined:
    Dec 15, 2010
    Posts:
    6
    Sure. I'm using german XP SP3 and a german keyboard layout. No german special characters or umlauts were used in my passwords, though (as already mentioned).

    To explain the english PrevX message: I simply installed PrevX to use english language.
     
  8. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    This could potentially be the problem. SafeOnline has some language-specific options to prevent any incompatibilities and it is possible that this is what is causing the issue. We'll be taking a look at correcting this and improving it into a generic workaround in one of the next updates. In the meantime, SafeOnline will still be protecting your credentials from identified malicious websites and will be protecting them against any local software trying to steal information.

    Let me know if you have any questions! Thank you for the report!
     
  9. scarybeast

    scarybeast Registered Member

    Joined:
    Dec 15, 2010
    Posts:
    6
    As I am already on this issue, I tried to verify if the behaviour could be PrevX-install-language related. I completely removed PrevX, rebooted and installed again, this time in german.

    The result is absolutely the same. PrevX asks me to lock a password to a site that it has already locked to a different site. I verified this with several sites, using https and plain http.

    By the way: the question

    Would you like SafeOnline to automatically secure the password you have entered? This will lock the password onto the current website to prevent any accidental phishing attacks.

    is anyway asked in english language, regardless of which language I use for installing PrevX in.
     
  10. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,012
    Location:
    Ontario, Canada
    I get the same when I use the same password on my Banking sites and it's always been that way but after you click yes on the Prevx window you have to go back and enter the last character of your password to enter!

    TH
     
  11. scarybeast

    scarybeast Registered Member

    Joined:
    Dec 15, 2010
    Posts:
    6
    Thanks, Triple.

    I'm trying to understand what you write and have to ask back:

    a) Does
    mean that I did not get the point of PrevX's password/credential protection feature?

    b)
    So that means I'll let PrevX lock the same password to one more site? But what if this is NOT e.g. my 2nd banking site, but a phishing site? Then it's too late already, isn't it?
     
  12. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    The issue isn't with the install language of Prevx, rather, it is likely with the OS language being German and Prevx not being able to accurately track the transmitted keystrokes. We're completely overhauling this feature to make it much easier to use in Prevx 4 which will allow it to also work cross-language much better.
     
  13. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,012
    Location:
    Ontario, Canada
    a) Going from your last post I was agreeing with you with what you are seeing!

    b) Prevx will let you lock it into other sites if you use the same passwords I have not come into contact with phishing banking site myself because I keep use my own links that's where the Prevx window pops-up to make sure you check and to make sure you want to enter the site and use the password there then you look at the info in the Prevx Tab and make sure it's Green on a HTTPS site with a lock!!

    HTH,

    TH

    Example: Capture16-12-2010-3.14.36 PM.jpg
     
Thread Status:
Not open for further replies.