Privacy Protection BD 10

Escalader

Hello!

Some of you may recognize me from other forums, maybe not.

I use BD 10 and have entered about 6 pieces of information into the privacy protection list under advanced settings.

Has anybody got any idea why it never seems to do anything, I go to on line banking, no messages but that may be because it is a https site. I just don't know how this feature works if it does work and what to expect from it!

Where can I read up on this important innovation? Is encryption used? Does it watch all ports for this possible outgoing information?

I wouldn't object to doing some testing but how to proceed?

Cheers

alexcrist

Hi Escalader,

Has anybody got any idea why it never seems to do anything, I go to on line banking, no messages but that may be because it is a https site.

That's correct: you don't get any alerts, because that site uses HTTPS, not HTTP.

HTTPS is a secured version of HTTP, which uses encrypted data transfer, therefore it's safe.

I just don't know how this feature works if it does work and what to expect from it!

I made a quick test: I added a phone number in Privacy Protection, then I used Google to search for that number. Instead of Google, I got a page saying:

BitDefender

This page has been blocked by BitDefender Privacy Protection!

This page has requested private information protected by BitDefender and has been blocked. To change the settings of Provacy Protection, open BitDefender Console, click on Antispyware > Advanced settings > Privacy

The translation of this text is approximate, cos I use the Romanian version of BitDefender and the page was in Romanian.

Where can I read up on this important innovation? Is encryption used? Does it watch all ports for this possible outgoing information?

You can read about it in the BitDefender Help file.

Keeping confidential data safe is an important issue that bothers us all. Data theft has

kept pace with the development of Internet communications and it makes use of new

methods of fooling people into giving away private information.

Whether it is your e-mail or your credit card number, when they fall into the wrong

hands such information may cause you damage: you may find yourself drowning in

spam messages or you might be surprised to access an emptied account.

Privacy Control helps you keep confidential data safe. It scans the HTTP or SMTP

traffic, or both, for certain strings that you have defined. If a match is found, the

respective web page or e-mail is blocked.

Encryption is used only to store the Privacy Settings (names, credit card numbers, etc...).

Only HTTP (port 80) and SMTP (port 25) are scanned by the Privacy Protection.

I wouldn't object to doing some testing but how to proceed?

You can proceed like I did: add some information in the Privacy Protection and then use an unencrypted connection to send them (either search for that information on the web: Google, Yahoo, etc... or send that information through an e-mail <<== try this if you own both the source address and the destination address, in case that something goes wrong. You wouldn't want someone else to find out your secrets, would you? )

Niels

Hi Escalader

BitDefender encrypts the information that you entered in the privacy module. You can see it when you add a new rule. When Privacy control is enabled BD will filter all outgoing http and smtp traffic to protect your confidential data when you make rules. For more information take a look at this manual : http://download.bitdefender.com/resources/..._v102_guide.pdf

There you will find more information about what it does.

Personnally I won't recommend using the cookies protection because otherwise you must always confirm it and add cookies for all sites where you must log your in.

Regards

Niels

Escalader

Hi Escalader,

That's correct: you don't get any alerts, because that site uses HTTPS, not HTTP.

HTTPS is a secured version of HTTP, which uses encrypted data transfer, therefore it's safe.

Only HTTP (port 80) and SMTP (port 25) are scanned by the Privacy Protection.

Hi Cris: thanks a lot! Very clear answer!

Why is the scan limited to these 2 ports? Can't packets leave my PC via other ports as well? Maybe I'm missing a key concept here!

Escalader

Hi Escalader

BitDefender encrypts the information that you entered in the privacy module. You can see it when you add a new rule. When Privacy control is enabled BD will filter all outgoing http and smtp traffic to protect your confidential data when you make rules. For more information take a look at this manual : http://download.bitdefender.com/resources/..._v102_guide.pdf

There you will find more information about what it does.

Personnally I won't recommend using the cookies protection because otherwise you must always confirm it and add cookies for all sites where you must log your in.

Regards

Niels

Hi Niels: Thanks for your advice! Yes, I already turned off the cookie thing, I will use the FW to manage those.

Do you know how strong the encrypt algorithm is that they use?

There is a similar tool I tried , but every time a new version comes out or you reinstall the user loses all his rules and secured data. Will that happen here? The reason was given as since the data is not really stored just the encrypted hash there is nothing to save/restore or lose?

Escalader

I made a quick test: I added a phone number in Privacy Protection, then I used Google to search for that number.

You can proceed like I did: add some information in the Privacy Protection and then use an unencrypted connection to send them (either search for that information on the web: Google, Yahoo, etc... or send that information through an e-mail <<== try this if you own both the source address and the destination address, in case that something goes wrong. You wouldn't want someone else to find out your secrets, would you? )

Hi again: I did the goggle search via FF with my address a 2 digit # then aaaaaa aaaa. Guess what? It did the search and found quite a few places in the world with that name. The numbers seem to be ignored

So I then tried emailing myself at my other address and that worked fine as well! Address passed happily along!

No messages no nothing no blocking?

Niels

Hi Escalader

Why it's limited? Because that are the common ports for sending confidential files. There are other ports which can send information e.g port 20 is used for file transfer. Here you will find more info about ports:

http://vlaurie.com/computers2/Articles/ports.htm

Sorry but I don't know how strong the algorithm is they use for encrypting the files.

Regards

Niels

alexcrist

Hi again: I did the goggle search via FF with my address a 2 digit # then aaaaaa aaaa. Guess what? It did the search and found quite a few places in the world with that name. The numbers seem to be ignored

So I then tried emailing myself at my other address and that worked fine as well! Address passed happily along!

No messages no nothing no blocking?

I'll do some more testing to see what's happening and I'll come back to tell you.

Niels

I think the reason is that Firefox isn't supported by the privacy control. But only Internet explorer. Because FF is more secure then IE.

alexcrist

I think the reason is that Firefox isn't supported by the privacy control. But only Internet explorer. Because FF is more secure then IE.

False. I made the test using Ff. I never use IE (I never did).

BD should support ports HTTP and SMTP, whatever application uses them.

Niels

False. I made the test using Ff. I never use IE (I never did).

BD should support ports HTTP and SMTP, whatever application uses them.

You are right I tested it now. I always thought that it was only for Internet Explorer.I also only use FF. But that's why I also wrote I think. But in the future I will test it first.

alexcrist

Hi Escalader,

It seems that it only works if you add to Privacy Control only ONE word for each rule. It must not contain spaces or other symbols (" !@#$%^&amp;*().,`~[]{};':"<>/? ")

Example:

• if you add: 123456, it will work even if you search for 123456789
  
• if you add: 123.456, 123 456 or something like that, it won't work at all.

Also, I don't know what's the difference between Rule Types, but I'll do some more research and maybe I'll find out.

Escalader

Hi Escalader,

It seems that it only works if you add to Privacy Control only ONE word for each rule. It must not contain spaces or other symbols (" !@#$%^&amp;*().,`~[]{};':"<>/? ")

Example:

• if you add: 123456, it will work even if you search for 123456789
  
• if you add: 123.456, 123 456 or something like that, it won't work at all.

Also, I don't know what's the difference between Rule Types, but I'll do some more research and maybe I'll find out.

Chris, Niels: Yes, thanks very much to both of you. I will join in in the testing since it is such an important reason we use internet security. Not only to find and destroy malware but to prevent private or personal information from leaving our PC's!

Here is the big problem I have found on my ISP. THey use port 110 and port 587 for in/out email!

So now you see why I asked about a wider range or ports being scanned for private data!

BD should expand their scope of ports! IMHO of course!

alexcrist

@Escalader:

First of all, it's Cris, not Chris (you're the second user that mistakes my name)

Second: I totally agree with you. Malicious programs that steal you private information most probably won't use HTTP and SMTP to send out that information.

You could post your request here: http://forum.bitdefender.com/index.php?showforum=13 and maybe it will appear in BD 11

Escalader

@Escalader:

First of all, it's Cris, not Chris (you're the second user that mistakes my name)

Second: I totally agree with you. Malicious programs that steal you private information most probably won't use HTTP and SMTP to send out that information.

You could post your request here: http://forum.bitdefender.com/index.php?showforum=13 and maybe it will appear in BD 11

Sorry about your name MY ERROR! my only excuse is being anglo! typing not my strong suite in an informal world!

I will post the suggestion as you said, do we know if the BD technical people monitor this forum for idea like this?

Anyone here can misspell my name and I won't notice or care....

alexcrist

Hey, don't worry about misspelling my name. I realise that I have a name that is very similar to an English name (Chris), but that's not my fault, it's my parent's fault

Since this is the Official BitDefender Forum and that thread was created by Forum Moderators, then yes, that thread is monitored by BD's Officials.

Escalader

Hey, don't worry about misspelling my name. I realise that I have a name that is very similar to an English name (Chris), but that's not my fault, it's my parent's fault

Since this is the Official BitDefender Forum and that thread was created by Forum Moderators, then yes, that thread is monitored by BD's Officials.

Okay, Cris!

I posted the link to our privacy issue thread in products so we wait I guess for a response.

Escalader

Okay, Cris!

I posted the link to our privacy issue thread in products so we wait I guess for a response.

Hi Cris:

I'm concerned all our work on privacy feature and expanding ports scanned will get lost as our thread seems to get pushed further down list by new issues. I did post the link to the thread in feature request but when I go there now it seems missing? Maybe I'm looking in a wrong way, still learning my way around this forum.

alexcrist

It's missing. It's right here.

Don't worry about the thread beeing pushed downwards. It won't be deleted.

And besides, the link you posted in the "Feature request" board will direct anyone to this thread even if it will be the last in the list

Escalader

It's missing. It's right here.

Don't worry about the thread beeing pushed downwards. It won't be deleted.

And besides, the link you posted in the "Feature request" board will direct anyone to this thread even if it will be the last in the list

Great! I see it!