Does Safepay session get killed by Bitdefender update?

DIVERSE

Hello, all.

Just now I'd launched Safepay, loaded a finance-related website in one tab, successfully logged in to my account, navigated through a couple of links …and then the Safepay session suddenly died — Safepay was shut down.

Everything else on the laptop continued to function normally, AFAIK.

Shortly after being returned from Safepay to the "default" desktop, a Windows notification appeared above the System Tray asking if I'd like to turn on Virus Protection. Which is the typical message that comes up when there isn't any protection active. I did not click "OK", because from past experience I have observed that there may be only a short wait until protection is restored without my intervention.

Then a while later (circa 60 seconds), a message appeared from Bitdefender ("BD"):

"Update completed

Bitdefender is running with the latest improvements and fixes."

So this leads me to wonder whether the automated BD update in the background caused the Safepay session to be killed.

If so, I have to say it's not very user-friendly at all. For one thing, it's a hassle to log in to some of these accounts with the MFA, and navigating the menus, which is just tedious. For another thing, a user could be halfway through entering some information — maybe for a transaction, maybe for a pay claim, maybe changing an account password — when the Safepay session is killed, which could, theoretically, corrupt that data entry.

My suggestions for better behaviour would be one of the following:

• Warn the user that a BD update is in progress, and ask whether Safepay can be closed in order to complete the update.
  • If the user answers, "No," then a reminder can be shown at regular intervals to remind them — perhaps hourly.
  • This seems like a good balance of user-friendliness and risk-avoidance to me.
• Warn the user that a BD update is in progress, and advise them that Safepay will be closed in (say) fifteen minutes' time so that the update can be completed.
  • Display a countdown timer directly in Safepay so that the user knows exactly when the session will be ended, and will not forget about the prior warning/advice, nor lose track of time.
  • Optionally there could be a "snooze" facility for the user to restart the timer. If the user walks away from the device, the timer will not be reset, so the update would almost certainly be completed within a few hours.
• Silently wait until the user closes Safepay, and then complete the update.
  • This entails more risk, as the user won't be aware of the pending update that has 'stalled'. Personally I don't usually keep Safepay open for more than an hour, but maybe some users do.
  • A compromise could be to silently wait for up to (say) one hour. If the user hasn't manually closed the Safepay session after an hour, then proceed to one of the two abovementioned options.

Petersl

https://community.bitdefender.com/en/discussion/103377/does-safepay-session-get-killed-by-bitdefender-update

Hi,

I agree with @DIVERSE , before BD start updating to the newest versions it should maybe ask first if it's convenient for the user to update now or later or perhaps be able to set a time for a version update.

It's annoying that this update happens when you are for example using an internet browser because when this update is in progress you no longer have the bitdefender protection and you revert back to plain windows defender.

Alexandru_BD

Hi,

@camarie I believe we have discussed this topic before, but I can't really find the thread right now.
What's your input on this?

Much appreciated!

camarie

The update process stops the running processes that needs to be updated, yes. This is by design and affects all modified processes or their runtimes, dlls etc. Particularily Safepay, which has a Chromium runtime behind - and not compatible at all between versions - needs to be stopped.

I agree that is not the best user experience, but when the update is set to be performed automatically, that's what it does. I will propose a mechanism similar with the one in Windows - where applications are queried before a restart is to be performed, and if one application vetoes this, then the update is postponed - but that is a very big change and very risky as well; as you know, Bitdefender consists of many executables, services, scheduled tasks, update itself, external components such as shell extensions, Outlook addins etc. as well as device drivers. Needless to say, orchestrating all these with pre/post/update is a heavy change, and risky as well. But that being said, I will propose it nonetheless. At least for the processes with an interface, as Safepay, Security Center, various wizards and such.

DIVERSE

Thanks for giving this serious consideration, @camarie.

I hear what you're saying about the magnitude of a change to make the BD application update behaviour similar to that of Windows OS updates. If the BD team ultimately feel that it's feasible, then that's great. If not, please consider some of the other alternatives that I mentioned above, as a Plan B or a Plan C.

camarie

I will propose it nonetheless to the team. When and how this might be done, I cannot say yet.