Website Rendering In Bitdefender's Safepay

DIVERSE
DIVERSE ✭✭✭
edited November 2022 in Privacy

Just wondering whether BitDefender has a position on how 'accurately' or 'completely' the SafePay browser/client/application should render webpages.

I tried using it filling in the online form at https://secure.amp.com.au/ddc/public/ui/term-deposit/ , but some of the graphical elements just looked like little squares.

I realise that there are a lot of different ways that websites can be set up, and I don't know how compliant with relevant standards the above website is. And indeed in this case SafePay was still usable, albeit more awkward than an 'ordinary' browser. But I can imagine in some other cases inability to render some graphical elements could be a practically insurmountable obstacle.

—DIVERSE

Tagged:

Comments

  • Hello @DIVERSE,

    The page should be displayed normally when using Safepay, as the secure browser does not have any blockers that could prevent the bank pages from being displayed entirely. However, I think this requires a more in-depth investigation, if the issue persists. I'm not excluding a temporary website issue at that time, as I could not reproduce this behavior. I have accessed the link you have provided using Safepay, went further and clicked on "continue" and the content was displayed in full, with the graphical elements in place.

    Regards

    Premium Security & Bitdefender Endpoint Security Tools user

  • DIVERSE
    DIVERSE ✭✭✭
    edited October 2022

    Can I ask how you manage to take a screenshot? This is something that seemed to elude me with SafePay (as mentioned on a previous thread).

    Regarding the URL I provided above, most of the graphical elements were there, I guess, but there were some little squares further in to the online application process that I believe were intended to be rendered differently.

    —DIVERSE

  • Well, since Safepay blocks any attempt to take snapshots of your screen, I have used a virtual machine where Bitdefender is already installed and took the snapshot using the snipping tool from my device 😁

    Premium Security & Bitdefender Endpoint Security Tools user

  • DIVERSE
    DIVERSE ✭✭✭
    edited November 2022

    Hello, Alexandru.

    Following up on this, I think the easiest thing I can do is take a screenshot from an ordinary browser, and describe the difference in SafePay.

    From https://secure.amp.com.au/ddc/public/ui/term-deposit/ , the graphical elements circled in magenta are rendered in SafePay as just plain squares.


    If you click through as, say, a new customer with a new application for a personal account for yourself, then there are more examples:


    —DIVERSE

    P.S. Do you think SafePay could be opened in Sandboxie to take a screenshot?

  • Hi @DIVERSE,

    I don't think you can isolate the Safepay process to work with sandboxie. Safepay does not have a separate executable that can be opened in a sandbox environment, it is designed to be the only open application, for security reasons. This means that it will have screen focus priority from any other app.

    Also, I'm not sure if Safepay could alter the manner in which a webpage is being displayed. Have you tried to access the above website using a VPN connection? It would be interesting to see what happens then.

    Regards

    Premium Security & Bitdefender Endpoint Security Tools user

  • Hi, Alexandru.

    I've tried it today again with & without VPN after BIS was updated (to 26.0.30.102). The behaviour for that website is the same as reported previously.

    [Incidentally, I noticed that I missed circling one other glitch: the telephone icon at top right of the page in the previous screenshots also appears as a hollow square in SafePay.]

    —DIVERSE

  • I have asked our engineers to test the behaviour of the website while using Safepay and they could not reproduce the issue. So I suspect a local issue. I have also tested myself, clicked all the available options and the website seems to be properly displayed on my end.

    Not sure what else can be done here, apart from a more detailed investigation by the Support engineers...

    Regards

    Premium Security & Bitdefender Endpoint Security Tools user

  • Hello.

    I have also tested the website and here are the results:

    Something is wrong.

    Regards.

  • Thanks for testing it at your end too, Gjoksi. That looks the same as what I saw.

    I was wondering why one of the circular icons in the first screen shot is able to be displayed for us, but not any of the others. Speculation: could it be that the image files are located on different (sub)domains? [I believe that some email clients (or, at least, spam raters) warn if images in an email come from a different domain to the sender's domain.] Or perhaps some images are sourced from HTTP and others from HTTPS???

    Update: I can't really understand the source code of their page, but there is a slight difference in the round icons at https://secure.amp.com.au/ddc/public/ui/term-deposit/main.14fd00774e2b6fa2c7e4.js

    welcomePoints:[{icon:"icon--time-2",text:"It will take about 10-15 minutes"},{icon:"icon--18-plus",text:"You must be over 18 years old"},{icon:"ic--coin_single",text:"You will need your bank account details for the initial deposit"},{icon:"icon--id",text:"You must have valid forms of identification"},{icon:"icon--clipboard",text:"You will be able to save a partially completed application and return to it later until the application is submitted"},{icon:"icon--delete",text:"Partially completed applications will be removed after 30 days"}]
    

    All of the icons are referred to with the pattern "icon--[...]", with the exception of the dollar sign, which has the pattern "ic--[...]". Speculation: maybe (as above), this is another sign of the images having different origins. Or is it possible that "ic--[...]" is correct, and "icon--[...]" is a misprint that other browsers are somehow fault-tolerant to? (Seems unlikely, but who knows!)

    —DIVERSE

  • I forgot to mention here that my OS is also Windows 8.1. The latest release of BD/Safepay was being used.

    —DIVERSE