- Apr 28, 2015
- 9,081
If You search in Google, almost every av firm has been hacked at some point : Hacker hits Symantec and accesses passwords
Bitdefender Trafficlight still transmits every site in clear text?
- Thread starter Tiamati
- Start date
The point is that it isn't uncommon for famous AV companies to be targeted by malicious people.
Though, whether those attacks actually succeed is another question altogether
- Mar 16, 2019
- 4,038
Btw, if you check Fabian's comment, he never really said that Trafficlight sends every url back to them in clear text. He just said they send every url. Here's the comment: Privacy Alert - Mozilla removes all Avast Firefox extensions
I myself tested back then and it was same as now. The data was being sent encrypted. Personally I'm okay with urls being sent back to them because they're not sending any personal data and not selling users data like Avast.
I myself tested back then and it was same as now. The data was being sent encrypted. Personally I'm okay with urls being sent back to them because they're not sending any personal data and not selling users data like Avast.
- Jul 14, 2015
- 808
Read this statement on BD forum :
Bitdefender TrafficLight monitors the HTTP traffic and sends the URL links to our labs for analysis purposes. If you access a malicious website, TrafficLight will detect it and will block it.
The content of a web page is scanned (read), but TrafficLight doesn't collect passwords, phone numbers or credit card information.
Rest assured that Bitdefender monitors data only to protect your computer against malicious attacks. You can find more information about data collection in the End User License Agreement attached to this mail.
forum.bitdefender.com
Bitdefender TrafficLight monitors the HTTP traffic and sends the URL links to our labs for analysis purposes. If you access a malicious website, TrafficLight will detect it and will block it.
The content of a web page is scanned (read), but TrafficLight doesn't collect passwords, phone numbers or credit card information.
Rest assured that Bitdefender monitors data only to protect your computer against malicious attacks. You can find more information about data collection in the End User License Agreement attached to this mail.
The Bitdefender Expert Community
Join the Bitdefender Expert Community to find answers, exchange ideas and connect with other cybersec savvy people!
forum.bitdefender.com
- Mar 16, 2019
- 4,038
Do you happen to know if it can/does scan malicious scripts in a webpage?Read this statement on BD forum :
Bitdefender TrafficLight monitors the HTTP traffic and sends the URL links to our labs for analysis purposes. If you access a malicious website, TrafficLight will detect it and will block it.
The content of a web page is scanned (read), but TrafficLight doesn't collect passwords, phone numbers or credit card information.
Rest assured that Bitdefender monitors data only to protect your computer against malicious attacks. You can find more information about data collection in the End User License Agreement attached to this mail.
The Bitdefender Expert Community
Join the Bitdefender Expert Community to find answers, exchange ideas and connect with other cybersec savvy people!
- Apr 1, 2019
- 2,881
This is the same case with smartscreen I believe.
- Nov 8, 2016
- 580
The problem with that post is that it gave me the impression (in the first moment) that the clear text could be read by anyone. Furthermore, i saw a lot of people in this forum and others considering that BTL should not be used because it was sending clear text (meaning it was not encrypted). However when i checked, i realized that it was not exactly that. So i made THIS post to make it clear to everyone. The urls are sent in clear text indeed but through encrypted connection and under a restrict privacy policy. Not so bad as Fabian made it sound.
- Apr 1, 2019
- 2,881
The fact that both BTL and Smartscreen check full urls and have some of the best results in testing may not be a coincidence.
- Mar 16, 2019
- 4,038
Hmm you're right. It's nice that you created this thread. Any confusion anyone had should be clear now.
Hmm I think so.
- Jul 14, 2015
- 808
If BdTL finds malicious things on a webpage its only blocks the bad things , not the whole webpage
Don't know exactly about scripts....
Last edited:
Once the URLs leave your machine, you lose control over what it's used for. Whether that's okay to you is a matter of your trust and personal preference -- I'm personally concerned but I err on the side of extreme caution when it comes to my privacy and trusting vendors with my private data. Examples of how this information can be abused:
Finally you have to consider whether or not URLs are private to you. While at first glance they don't seem super private, there are cases where they could be:
Just some stuff to think about. For some people maybe you genuinely are okay with this. For others, this might give you more pause. By default, your URLs over HTTPs are reasonably private. Most browsers' have a built in SmartScreen or URL screening service but they tend to use tiered hashes and they tend to fetch packs of hashes in a way that does not reveal when you visited what.
- How well is the destination controlled to BitDefender? Is it certificate pinned? Is it correctly checking certificate chains to begin with? Could it be combined with something like an enterprise SSL filtering system to reveal your URLs to parties other than BitDefender?
- Who within BitDefender has access to the scanning server? Could they hire an unscrupulous employee or intern and use that as a way of monitoring your browser history?
- What else is or could BitDefender do with this data if they get acquired or money gets tight? Privacy Policies usually allow for them to be modified with just a notification to you to read the lengthy document again.
- Who could compel BitDefender to give away this data?
Finally you have to consider whether or not URLs are private to you. While at first glance they don't seem super private, there are cases where they could be:
- The time and location from which you accessed a URL could be just as sensitive as the URL itself. This might reveal whether you are home or on your phone, or whether you're looking at personal or non-personal stuff while at work, etc etc etc.
- Many services (Facebook photos, OneDrive, many cloud photo viewer services) send photos to you as a long URL where a randomly generated key in the URL is basically the only form of authentication. They assume that by delivering this URL to you via HTTPS, if you were able to produce this URL again, you must be the original user since nobody else could've seen it. As a result, they will usually grant you access to private photos/files simply by producing the URL, without any cookies or anything else around it.
- Some services leak information about you via the URL. For example, this reply page I'm typing of has a unique asset request for macdefender.83059/ to deliver me my avatar and profile info. The size of the asset in the title bar is unique to the fact that I'm logged in, as opposed to just viewing a post by me. This could be used to deanonymize you.
- Some services give a ton of information about what you're doing as part of the URL scheme -- I've seen banking sites contain URLs that include your checking / routing account numbers, or video players say exactly what time you paused some TV show, or send out an analytics URL frame like that every time you tap. For example, almost every streaming TV service reports their ratings this way to their own analytics server. By transmitting those URLs to BitDefender, you've given them personal information that was only intended to be given to your streaming TV services. You might be okay with saying "Ok NetFlix knows what I watched and when, it's impossible for me to hide that from them", but are you okay extending that to BitDefender as well?
- This data is transmitted whether or not it's an internal or external website. Company intranets tend to have a lot more private information. What if your next secret product has an internal wiki and you're sending the title of those wiki pages over to BitDefender?
Just some stuff to think about. For some people maybe you genuinely are okay with this. For others, this might give you more pause. By default, your URLs over HTTPs are reasonably private. Most browsers' have a built in SmartScreen or URL screening service but they tend to use tiered hashes and they tend to fetch packs of hashes in a way that does not reveal when you visited what.
Guess it's the comparison between products that send full URLs and those don't. And if Bitdefender actually needs to send URLs.
My question is, does anyone know if sending hashes would reduce Bitdefender's protection?
- Apr 1, 2019
- 2,881
Just for anyone wondering, looking at the headers for Malwarebytes Browser Guard they seem to send hashes instead of full urls if I am reading the content properly. They also use TLS 1.3. I'd say if you are using Bitdefender as your AV and don't want HTTPS inspection then BD Trafficlight is a good addition, they could abuse your data anyway so you must trust them to run their AV. If you don't then MBG may be the way to go.
A lot of browsers have this functionality built in, including Google Chrome. And most browsers implementing these use the second form of the Safe Browsing APIs where you download hashed prefixed packs of URLs, Overview | Safe Browsing APIs (v4) | Google Developers
As a result, instead of a single hashed URL lookup, your browser will download a large pack of definitions that encompass a lot of different URLs with the same prefix, adding a bit of extra anonymity and also resulting in fewer repeat lookups if you are visiting similar sites.
As a result, instead of a single hashed URL lookup, your browser will download a large pack of definitions that encompass a lot of different URLs with the same prefix, adding a bit of extra anonymity and also resulting in fewer repeat lookups if you are visiting similar sites.
- Apr 1, 2019
- 2,881
However in our own @Evjl's Rain 's testing it seems SafeBrowsing isn't as effective as Malwarebytes Browser Guard, WD BrowserProtection, and Trafficlight.
- Apr 1, 2019
- 2,881
However looking back over the old tests Chrome was just barely behind the top extensions, and really none of these sites stay live for very long anyway. So, you are probably right, extensions at least with Chrome, FF, or Edge may be mostly redundant.
That's very much possible and believable. Factors could range from the quality of Google's databases compared to premium third party products, to the kind of caching they have to do to give you downloadable packs of URL hashes.
A lot of it boils down to the balance between privacy, trust, and protection that the user desires.
According to Fabian, he considers Malwarebytes Browser Guard to be one of the privacy-concious extensions.
So not only MBG does really good in testing but it's also good for privacy.
Mozilla removes all Avast Firefox extensions
As i said so many times here and there, the masses' rule and whining geeks can cry, shout, make hundreds of post in their insignificant blogs, they are basically just a good laugh to those companies. CEO: Wow! look at that article bashing us, Joe , how many users we lost since this was...
malwaretips.com
- Nov 8, 2016
- 580
I checked and despite i run some sites, MBG only connected to one url for update. It was in clear text and used TLS 1.2.
The url was:
The "Console" tab showed that it was inspecting pages and whitelisting them, probably based on its local database. However i can't confirm that. But, if i'm correct, the requested url would be a way to update the mentioned database. Maybe, if Malwarebytes acts comparing and processing your sites/files/images/scripts with a list locally, it would explain why so many people complain about its impact in performance and loading pages. If you visit a few pages and check the console tab, you'll see that it does a LOT more process than BTL
However it's not clear if the database updated by MBG contains a whole list of sites, or only the ones you visit. It seems to be the first option, cause after the update, i loaded a few pages without any further requests from MBG. Despite that, after some digging, and exploring less known pages, MBG requested some info using hashs and TLS 1.3.
There is no way i can confirm, but i would assume that MBG works locally with a database of frequently asked pages. But if you access anything that is not usual, it will request it through TLS 1.3 using hashs. That's good. Maybe someone could help me to confirm that. Maybe @Fabian Wosar
Indeed. However we must keep attention with browsers not fully compatible with AV, like Brave. For example, it can't be protected by kaspersky antipishing protection, but it can use BTL for that.
Good to know. Unfortunately, it's heavy. =[
- Apr 1, 2019
- 2,881
That’s interesting. I turned it on for the first time in a while and it connected to the same URL several times, but under security it listed TLS 1.3. However I didn’t check all of the connections to see the security. Also, I bet if I leave it on and go back it’ll just make the one connection like you noted to update. Definitely a lot going on under the hood. It doesn’t give me many problems browsing. I just turn off the very poor ad blocking when I’m using it.
Similar threads
