Levels of acceptance

germitch
edited September 30 in General Topics

There should be more information, pretty much everywhere, about WHAT is suspicious, wrong, or malicious, rather than just "this is bad you can't do it", and there should be significantly more options than "Add an exception to prevent warnings about any threats at all."

For one simple example, if a site's security certificate does not match its name, and I don't have Bitdefender, then I will get warned that the certificate is invalid, and I can view why it's invalid, see that the company accidentally registered that site under their main site's domain instead of this subsidiary company, and choose to allow the connection. If there are further security problems, then I'll still get warned of them. This is significantly better than WITH Bitdefender installed, where I get a "Suspicious page blocked for your protection" warning, which will not under any circumstances tell me what was wrong with the certificate, and my only recourse (given that "I understand the risks take me there anyway" does absolutely nothing, but that's a separate topic) is to add the site to my exceptions list.. which is an exception for ALL things, so if this slightly incorrectly registered site also hosts malware or has CSS or whatever else wrong with it, BD considers that A-OK since the first problem it saw was inconsequential.

That's far from the only example, there's a similar situation if an executable is signed wrong, or has a minor problem that BD considers "suspicious," or in many other cases. When not paying for your product is a better experience than paying for it, that seems like an issue

Comments

  • Gjoksi
    Gjoksi Defender of the month mod

    Hello.

    I'll tag @camarie and @Alexandru_BD here, so they can take a look at your idea.

    Regards.

  • Alexandru_BD
    Alexandru_BD admin
    edited September 30

    Hello,

    Here's my opinion on this, but be advised it's a long one. First, I'm unsure if we can consider this discussion an "ideation" topic, because it refers more to the level of information available in the UI, and this can usually be enhanced up to a point.

    Your concern is valid, and I think it highlights an important aspect in the way many security tools handle warnings and potential threats. Ideally, security software should offer more transparency and granularity in explaining what is flagged as suspicious, wrong, or malicious and why. Providing more detailed information empowers users to make informed decisions. But there's more than meets the eye here.

    In your example of an invalid security certificate, users would indeed benefit from knowing why the certificate doesn't match. When Bitdefender detects an issue with a certificate, apart from triggering a pop-up notification, it will also display more details about the block in the product notifications section. Let's say that a mismatch due to a registration error rather than a critical threat would allow users to safely bypass it if they deem it a low risk. This approach could also apply to executables with minor issues—users could be able to see the exact reason for a flag and choose to proceed with caution. However, some users may not have the technical expertise to properly assess the risks associated with warnings. Detailed information about certificates, executables, or other flagged issues could lead to confusion, and in some cases, may result in users accidentally overriding critical security measures. I think the aim is to strike a balance between empowering knowledgeable users and protecting less-technical users from making harmful decisions.

    Furthermore, I think providing too much technical detail could give cybercriminals valuable insight into the security mechanisms of a product. For example, knowing exactly why a certificate or file was flagged might allow attackers to modify their methods to bypass detection. By keeping some of this information generalized, a security vendor can better prevent the exploitation of known vulnerabilities.

    Even with more detailed information, not all users would be able to accurately interpret the significance of certain threats. For instance, a certificate mismatch might seem harmless, but it could be a symptom of a larger, hidden attack (like a man-in-the-middle attack). I think that if users are given too much discretion to allow connections based on technical data they don't fully understand, it could inadvertently increase their risk exposure.

    Naturally, being able to selectively allow certain issues, while maintaining protection against others (like malware), would provide a much-needed middle ground. Current setups, as you pointed out, might seem to prioritize blanket decisions over nuanced control, but in reality the picture is much bigger. Providing a high level of granularity for every flagged issue would overwhelm many users and clutter the user interface. A security solution should be designed to be user-friendly and efficient, reducing friction for the majority of users who prefer clear, decisive guidance over a more complex decision-making process. Detailed breakdowns of issues could lead to "decision fatigue," where users may eventually ignore warnings altogether, putting them at greater risk. I think that if we ask 1000 users randomly what information they wish to find in such notifications, 90% of them will agree they don't wish to read a novel there. The reality is that the majority of users wish to have a "set it and forget it" type of product that does the job silently in the background and gives them peace of mind. At least, this is what I've learned from many interactions with customers over more than a decade in various businesses. Of course, complete silence cannot be achieved all of the time, because a security software must communicate operation or detection issues, and there are still many situations where the user must be aware of what is happening.

    Bitdefender is built to offer strong, default protections without requiring constant input from the user. And I think that allowing even more nuanced options would inevitably lead to some users disabling protections without fully understanding the implications, weakening the security measures designed to protect their system. Advanced users like yourself may require security products or settings that offer more control, but for the majority of users, simplicity is key to ensuring they remain protected.

    Regards,

    Alex

    Premium Security & Bitdefender Endpoint Security Tools user

  • Thanks for a detailed response.

    I fully agree with all of those things. I think that a somewhat reasonable compromise between the competing objectives might be to make it more difficult, more granular, and less permanent to allow/bypass things, and make the easier ways of enacting a bypass less all-encompassing (e.g. "Allow just this specific incident once" and "allow just this specific certificate forever", rather than the only clear option being "add this entire domain/application to a 'don't scan at all' rule") without making the warning/alert prompts much, or any, more complicated than they already are. I would also prefer that it be possible to find more information if you go looking for it, since I'm fairly resourceful and had a lot of trouble digging anything up for the "why" in quite a few cases. It wouldn't need to be forcing you to read it all every time, just available in a "view detailed logs" section or something. Or even more so when I get a notification about something on my kids' computers.. I want to know exactly what they did, not that there was a suspicious something somewhere which was prevented somehow, so something as simple as "More Details →" would go a long way.

    Or oh, one other real-world example, my router performs regular port scans on all devices, and I thought it was pretty cool the first time BD caught it, but now it's getting old, and I don't see any way to say "ignore it if it comes from this specific device" vs. "never warn me about port scans". I'll admit there's a trade-off, and I wouldn't want to have to tweak tons of details for any and every rule, but the bar is pretty low right now, with literally no options at all in many cases, so I think there's at least a little room to add more without overwhelming anyone (especially if we're specifically talking about "whitelists" and how to add to them rather than notifications).

  • I appreciate your feedback on this @germitch.

    Premium Security & Bitdefender Endpoint Security Tools user