Littlebits said:
Password manager and adblocker are not really part of securing online banking (password manager is really a convenience tool, while adblocker is a browser supplement; my bank generates a different password for each logon - and expires it in few minutes, and does not pop advertising neither).
Not all banking sites are the same, I have a set password for my online bank that I have to change every 3 months. Password manager like LastPass can encrypt your data and keep you from logging on to a fake banking site. I believe it is a must have for online banking. It is true not most banking sites will have ads but wonder if you happen to stumble upon a fake banking site with phishing ads? I would like to have an adblocker just in case.
It is true that some banks allows a fixed password (for some time, or for good), and others generates one every logon. Data encryption in LastPass (or name your password manager) is done when save/load data - we're doing the same in BD Wallet - not when populating browser page fields. (Don't ignore that LastPass phising is available in Pro version AFAIK). This is a longer discussion, anyways - LastPass is a dedicated product for password management, Safepay is a secure browser. But point taken.
Littlebits said:
Just two features I don't think you will find in Chrome - startup scan of processes and system files, and VPN protection.
Doesn't your real-time AV already scan your processes and system files?
VPN protection is offered in many freeware products like Steganos OkayFreedom, Hotspot Shield, Spotflux, SafeIP, Tor Browser Bundle, SecurityKISS and Expat Shield. But BitDefender wants to change you for the same services.
For sure BD didn't invented VPN, and the user with sufficient technical knowledge can configure and use whatever he likes. Safepay integrates all these in a single mechanism. About charging, it's not so simple. Some of the providers listed above are free up to a traffic quota, others have investors - again, is a longer discussion. Everyone have to generate revenue one way or another.
Littlebits said:
It doesn't provide phishing protection against fake websites.
Yes it does. Every URL is scanned in our cloud database for malware, phising, fraud, spam, untrusted etc. And Safepay blocks the page if this occurs. Can you elaborate on this?
Are you trying to say that Safepay will detect every single zero-day malicious site? I don't think so. Malicious sites are created so fast that no solution will detect them all no matter how good the detection rate appears to be according to testing sites.
Every single 0-day? No. I don't thing somebody does. What I can say is that AS/APH teams here are working around the clock 24/7 and continuously hunt for these kinds of attacks.
Littlebits said:
Such as?
I doubt a Chrome extension, which is nothing more than a bunch of Javascript/HTML/manifest files packed in a CRX zip file, will protect your computer. Do they have self protect on binaries, or protect themselves against another extension?
Most Chrome extension run sanboxed, so if one crashes or has compatibility issues it does not effect the other extensions. Google has disabled the ability to add extensions from third-party sources, only extension from Google Web Store are allowed and they are all reviewed by Google before they are allowed to be listed in the store. Of coarse in the past some have got by Google but now Google has cracked down on most of them. Still if anyone has doubts, they can run Google Chrome in Sandboxie or BufferZone Pro which will protect their computer. Also can add Trusteer Rapport banking protection which is free which will protect all browsers and allow users to keep their settings and extensions.
Extensions can still be added to Chrome via registry and extension list manipulation (but that's not the point here).
Again, I'm sure there are alternate ways to life a more secured life
- about Trusteer Rapport I heard is very obtrusive (Sandboxie and BufferZone I don't know). Protect all browsers is not Safepay purpose - when you begin tamper other browsers, user data, HTTP traffic, you're opening new possibilities to problems.
Safepay takes a different route: 1. minimize attack surface (disable extensions, hooks, keyboard); 2. remain as light as possible (60 seconds scanner at startup - optional) and scan in cloud URLs 3. does NOT interfere with user's other browsers and data. It's more a virtual environment for use when you need, not a general purpose browser or a protection tool for all user traffic.
These differences noted, you may like or not Safepay, that's entirely up to you
- and judging from the first comment, you do not - which is absolutely fine. I'm just pointing out on differences, and hope to bring some more details about what Safepay is - and what is not.
