(2nd Try) Safepay, Keyloggers And Screenscrapers

( I posted this earlier and never got a valid reply. I'm trying again. )


Hi All,


Does SafePay somehow block keyloggers and screenscrapers that may be active on the computer? Consider the situation where (unbeknownst to me) I have very stealthy keylogger and screenscraper malware active on my Windows computer. I start up SafePay and then type in www.mybank.com, and then proceed to enter my user name and password. Can the keylogger and screenscraper grab the keystrokes and screenshots? If not, how does SafePay stop keyloggers and screenscrapers from working within SafePay?


If a BitDefender forum moderator can say with 99% confidence that keyloggers and screenscrapers cannot capture data within SafePay sessions, then that will be good enough for me. :)


Any details you can provide on how SafePay actually works would be most appreciated. From what I've seen SafePay looks like a great feature.


Thanks! Kind Regards,


Advait

Comments

  • columbo
    columbo
    edited September 2012

    Hi Advait, and welcome :)


    As you can see I am not a forum mod. or a Tech support mod. but did see your previous post, and was concerned that you wanted 99% confidence of absolutes, which I cannot personally give you (yet I am very confident about Safepay), but this:


    Safepay loads outside of your OS, and thus takes up the whole screen when loaded, thus making it "unreachable" to keyloggers, and snapshots (I would first run a complete system scan in which case Bitdefender has excellent detection/herustics and is set by default to scan for keyloggers). Safepay also has a built in virtual keyboard, as far as concerns in using the PC keyboard, for even greater security confidence. Please also read the 1st category of this pinned topic and see if that helps in understanding the excellent security of Safepay.


    If you have any other questions, feel free to ask. It may not always be tech. support, but there are many sharp members here :)


    Columbo

  • [[Hi, thanks for the info and especially thanks for the link to the pinned post about SafePay. Very helpful! My replies in double brackets below.]]


    Hi Advait, and welcome :)


    Safepay loads outside of your OS,


    [["Safepay loads outside of your OS" I'd love to understand more details what this means. Can a BitDefender employee or someone else give me some overview of what this means?]]


    Bitdefender Safepay offers the following features:


    • It blocks access to your desktop and any attempt to take snapshots of your screen.


    [[Looks like this means it can somehow stop screenscrapers. Very cool. Can a BitDefender employee or someone provide details on how this works? That will give me confidence.]]


    • It comes with a virtual keyboard which, when used, makes it impossible for hackers to read your keystrokes.


    [[OK, looks like this is saying that SafePay will not protect you from keyloggers unless you use the virtual keyboard. Correct me if I'm wrong. This is very nice.]]


    • It is completely independent from your other browsers.


    • It comes with built-in hotspot protection to be used when your computer is connected to unsecured Wi-fi networks.


    [[i presume this means the SafePay browser eforces 100% https connections. Is this true?]]


    [[Does the SafePay browser have any kind of JavaScript control? Enabling all JavaScript leaves the browser vulnerable to all kinds of web based attacks. How does the SafePay browser deal with JavaScript attacks? Or Java attacks, for that matter? Most people don't have their Java up to date. And Java attacks are widespread, rampant and very effective.]]


    [[is the SafePay browser fully sandboxed?]]


    [[Your answers will help me have better confidence in SafePay. Thanks and Kind Regards, -Advait]]

  • You're welcome :) It may have helped a little better to have changed the text color of your questions or to have made them bold ^_^


    It may take awhile for a Bitdefender support to provide answers...just so you know.


    Take care,


    Columbo

  • camarie
    camarie Principal Software Developer BD Staff
    Does SafePay somehow block keyloggers and screenscrapers that may be active on the computer?


    Yes. There are a handful of countermeasures against this:


    - Safepay runs in a separate desktop which does *not* allows hooks to be set (that is, including keyboard hooks) from another desktop, even if present;


    - even so, there is the Virtual Keyboard (which should pop automatically when focus is on an editable password input element) which allows you to type passwords or other sensitive data and does *not* use keyboard messages (subject to trap) but rather comunicates internally directly to browser (so no keyboard interception can get the characters 'typed' in virtual keyboard)


    - for screenshots, Safepay intercepts all combinations of Print Screen (Alt, Ctrl, Shift, Win - all of them) and pressing, say, PrtScr will get consumed by Safepay itself (which does nothing), so in Clipboard won't arrive any bitmap.


    Consider the situation where (unbeknownst to me) I have very stealthy keylogger and screenscraper malware active on my Windows computer.


    That's why Bitdefender scans the computer when installing. It is always recommended to scan regularly for malware anyways - without trying to sell you a false sense of protection, if kernel mode gets infected, then a malware can do pretty much everything already.


    There are plans to integrate quick scan anyways to assess and clean the computer before a Safepay session begins. Stay tuned !


    I start up SafePay and then type in www.mybank.com, and then proceed to enter my user name and password. Can the keylogger and screenscraper grab the keystrokes and screenshots? If not, how does SafePay stop keyloggers and screenscrapers from working within SafePay?


    If a BitDefender forum moderator can say with 99% confidence that keyloggers and screenscrapers cannot capture data within SafePay sessions, then that will be good enough for me. :)


    See above.


    Any details you can provide on how SafePay actually works would be most appreciated. From what I've seen SafePay looks like a great feature.


    It is basically a browser with attack surface greatly reduced. Other than the features above (separate desktop, virtual keyboard, print screen interception), here's a handful of them:


    - does not load NPAPI plugins (except Flash which is everywhere)


    - does not load *any* browser extensions at all


    - if the connection is wireless and this is insecure (Open protection) then a VPN connection is dialed to Bitdefender, and for each navigation to an URL, if its domain is a bank, then a route thru the VPN connection is created so the traffic to www.mybank.com will route to Bitdefender VPN, while the normal traffic will use the existing connection as before (the VPN implementation already exists; the routing implementation is about to be released)


    - uses separate location for cookies and local storage, which is protected by shield service


    Regards,


    Cristian

  • Cristian Amarie,


    It says you're a newbie but it sounds like you're a BitDefender empyee and develper. Thanks for all the great info. Let me see if I can summarize my understanding:


    SafePay is safe as long as the user does the following:


    * Scans for and removes all rootkits (I presume "kernel mode malware" and a rootkit are the same thing. That true?). There are a number of good rootkit removers out there. I presume BitDefender has some kind of pre-boot scanner to remove rootkits? This true? If BitDefender periodically did a pre-boot rootkit scan, then the rootkit threat would be much reduced. Is there some way to check for rootkit infections after boot?


    QUOTE: "without trying to sell you a false sense of protection, if kernel mode gets infected, then a malware can do pretty much everything already." This is a good honest statement. I appreciate the honesty!


    * Scans for and removes all regular malware. Which is of course what BitDefender does if it's set for regular scans.


    * Uses the virtual keyboard.


    To be honest, the average user has no clue about rootkits. And if rootkits are not scanned for and removed, then SafePay could be compromised. That seems to be one serious weak point of SafePay for the average user. That true? My understanding is that rootkits are becoming more and more common and effective and stealthy.


    Sound like SafePay runs in a special separate desktop space just like mutiple users can have their own accounts and desktops. That true? And it sounds like the SafePay desktop space is special with lots of features to keep it very isolated from most running processes.


    Thanks again for the great info. Kind Regards,


    Advait

  • camarie
    camarie Principal Software Developer BD Staff
    It says you're a newbie but it sounds like you're a BitDefender empyee and develper.


    I am the lead developer for Safepay, so I think I can provide you information at first hand :)


    Thanks for all the great info. Let me see if I can summarize my understanding:


    SafePay is safe as long as the user does the following:


    * Scans for and removes all rootkits (I presume "kernel mode malware" and a rootkit are the same thing. That true?).


    Technically they are not equivalent; kernel mode malware being a generic class of malware programs executing in kernel mode - which teoretically have unrestricted access to pretty much everything in the operating system. Bitdefender have a top notch detection and removal for rootkits, but I am not an AV developer, so I suggest you to look for extensive informations in Antivirus forum, Bitdefender product website and product documentation for best usage and capabilities.


    There are a number of good rootkit removers out there. I presume BitDefender has some kind of pre-boot scanner to remove rootkits? This true? If BitDefender periodically did a pre-boot rootkit scan, then the rootkit threat would be much reduced. Is there some way to check for rootkit infections after boot?


    Yes, Bitdefender have a number of drivers executing at boot time and scanning for multiple sorts of root malware, as well as on-demand scan (if activated) and scheduled scans.


    * Scans for and removes all regular malware. Which is of course what BitDefender does if it's set for regular scans.


    Exactly. A better degree of deterministic scans (i.e. not residing just on scheduled or demand scan) is always possible, meaning "do scan if I am doing this (example: using Safepay)", but there is always the tradeoff between "keep the system safe at all costs, even if user is annoyed by so extensive scans" and "user knows what's best for him". I suppose a common usage can be (a) schedule a scan on Monday morning and (B) use Safepay during the week, but that, as you can imagine, varies greatly from user to user, which also doesn't want to be annoyed all the time for the greater good.


    * Uses the virtual keyboard.


    To be honest, the average user has no clue about rootkits. And if rootkits are not scanned for and removed, then SafePay could be compromised. That seems to be one serious weak point of SafePay for the average user. That true? My understanding is that rootkits are becoming more and more common and effective and stealthy.


    Not especially. While you are right saying the average user doesn't know about rootkits, that's why Safepay have, for instance, a virtual keyboard. The user doesn't need to know a theory like 'if you have explorer infected and a keyboard hook installed, it can't set a hook in Safepay's desktop because that desktop does not allow hooks set from another desktops' or 'the virtual keyboard does not send keyboard messages to windows'. It's enough to say that a listener on keyboards won't see any key pressed from virtual keyboard because there is no key pressed - it's as simple as that.


    Sound like SafePay runs in a special separate desktop space just like mutiple users can have their own accounts and desktops. That true? And it sounds like the SafePay desktop space is special with lots of features to keep it very isolated from most running processes.


    Is a similar process, yes, only the separation is done at the desktop level in the same logon session - short story, you can have multiple windows stations (the one you are logged on, the Winlogon one that you see pressing Ctrl-Alt-Del etc.) and each such "station" can have multiple desktops. Safepay uses a desktop in the user station, only separated from other desktops exactly from preventing tampering from other programs running in the "normal" desktop.

  • Hello Cristian Amarie,


    Thanks for all the info. I used to run a one-man security consulting business for home users and small offices. I usually tell clients if they're serious about browsing safely, they need to use Ubuntu or IronKey. However, I'm always on the lookout for alternatives to these two options. It takes some skill to properly use Ubuntu and IronKey. They're not for the average user unless they have ready access to tech support.


    So when I saw SafePay it seemed like a good alternative. So if the user takes some reasonable precautions (especially regularly scanning for and removing rootkits and kernel mode malware, always using the virtual keyboard to enter passwords, etc) then SafePay may be an easier way to browse securely. It may not give the level of security offered by Ubuntu or IronKey, but it seems that SafePay is pretty close. Thus I'll start recommending SafePay to people for whom Ubuntu or IronKey is not an option.


    Thanks again, You were very helpful to offer such in-depth info. It will be helpful to others who want to get confidence in the security of SafePay. Kind Regards,


    Advait

  • Excellent follow up answers, Cristian, and follow up questions, Advait :) This information should be a Safepay Pinned Topic B)

  • Excellent follow up answers, Cristian, and follow up questions, Advait :) This information should be a Safepay Pinned Topic B)


    I think that would be valuable. For security, people should know how SafePay works and it's limitations. That way they can take the appropriate measures to maximize their security while using SafePay.


    But, too be honest, very very few users want to dive into the level of detail that we did here. I enjoy researching security details, I find it fun and very interesting. But the average user would probably rather get a root canal then dive into the technical details of internet security. :)


    Thanks again to Cristian for his very informative responses!


    Advait

  • But, too be honest, very very few users want to dive into the level of detail that we did here. I enjoy researching security details, I find it fun and very interesting. But the average user would probably rather get a root canal then dive into the technical details of internet security. :)


    Thanks again to Cristian for his very informative responses!


    Advait


    lol, :) you're probably right..."I just want it to work, and be about surfing".


    Now, if you've ever watched Marathon Man with Dustin Hoffman, and the "dentistry" he received, would rather, maybe, read this? <img class=" />

  • Nice discussion between Advait and Cristian Amarie.


    I copy any text and can paste in the SafePay and vice versa. Is this normal, because it means that Windows clipboard is still using in SafePay also?


    Also Cristian is talking about Scheduled Scan in his posts, but as far as I know Bitdefender 2013 don't have such feature as a new feature of AutoScan.


    And also there is no answer to the question "Is the SafePay browser fully sandboxed?"


    I don't understand the integrate Quick Scan before the start of SafePay session? Isn't it will be complicated when Quick Scan founds infection(s) while we are in hurry to use SafePay?


    About keyloggers, Bitdefender (even with AVC and IDS enabled while no HIPS protection is available in Bitdefender) or any antivirus cannot detect all keyloggers available, using SafePay will not be useful if it is not fully snadboxed.

  • camarie
    camarie Principal Software Developer BD Staff
    Nice discussion between Advait and Cristian Amarie.


    I copy any text and can paste in the SafePay and vice versa. Is this normal, because it means that Windows clipboard is still using in SafePay also?


    Also Cristian is talking about Scheduled Scan in his posts, but as far as I know Bitdefender 2013 don't have such feature as a new feature of AutoScan.


    And also there is no answer to the question "Is the SafePay browser fully sandboxed?"


    I don't understand the integrate Quick Scan before the start of SafePay session? Isn't it will be complicated when Quick Scan founds infection(s) while we are in hurry to use SafePay?


    About keyloggers, Bitdefender (even with AVC and IDS enabled while no HIPS protection is available in Bitdefender) or any antivirus cannot detect all keyloggers available, using SafePay will not be useful if it is not fully snadboxed.


    1. Yes, Windows clipboard is used by Safepay. And yes, this is normal, since is a feature. Disabling clipboard will cripple Safepay, since users needs it. Nonetheless, it could be possible to refine this idea, thought, by adding, say, extra layers of security regarding clipboard. The user will copy and URL and paste into address, then navigate to it; while it could be possible that a malware to replace with a "bad" url (although VS shield will probably catch it), Safepay also sends the URL to scan and retrieve various flags *before* navigating. A malware URL will be blocked also by Safepay itself, even if virus shield is not working.


    2. About scheduled scans: my confusion (I am not working on scan modules). It was replaced by AutoScan, indeed. My bad.


    3. "Is the SafePay browser fully sandboxed?" I suppose the answer depends on what one may consider to be a sandbox.


    For example, if you ask questions such as "does Safepay accesses the file system", for example, the answer is "yes, but in a single location for cookies/storage which is defended by self protect".


    === Sandbox ===


    In computer security, a sandbox is a security mechanism for separating running programs. It is often used to execute untested code, or untrusted programs from unverified third-parties, suppliers, untrusted users and untrusted websites.[1]


    The sandbox typically provides a tightly controlled set of resources for guest programs to run in, such as scratch space on disk and memory. Network access, the ability to inspect the host system or read from input devices are usually disallowed or heavily restricted. In this sense, sandboxes are a specific example of virtualization.


    IMHO Safepay does (1) separate running programs, offers (2) a tightly controlled set of resources for guest (Safepay itself is its own sandbox, from this point of view), (3) have limited and controlled access to host (self-protected location for cookies and internet files mentioned above).


    An exception can be the download which uses a My Documents subdirectory for storing downloaded user files. But in this case Safepay just downloads them, does not execute, nor opens them since these are user's files, not Safepay's.


    I hope this brings a description on how Safepay relates to a sandbox. While tehnically it is not 100% a sandbox, overall I think it scores on (almost) all points describing one.


    Regards,


    Cristian

  • Again, thoughtful and in depth answers, Cristian :) Thank you for your time and effort, it is appreciated. As usual, nice follow up questions, ONT :)

  • 1. Yes, Windows clipboard is used by Safepay. And yes, this is normal, since is a feature. Disabling clipboard will cripple Safepay, since users needs it. Nonetheless, it could be possible to refine this idea, thought, by adding, say, extra layers of security regarding clipboard. The user will copy and URL and paste into address, then navigate to it; while it could be possible that a malware to replace with a "bad" url (although VS shield will probably catch it), Safepay also sends the URL to scan and retrieve various flags *before* navigating. A malware URL will be blocked also by Safepay itself, even if virus shield is not working.


    2. About scheduled scans: my confusion (I am not working on scan modules). It was replaced by AutoScan, indeed. My bad.


    3. "Is the SafePay browser fully sandboxed?" I suppose the answer depends on what one may consider to be a sandbox.


    For example, if you ask questions such as "does Safepay accesses the file system", for example, the answer is "yes, but in a single location for cookies/storage which is defended by self protect".


    === Sandbox ===


    In computer security, a sandbox is a security mechanism for separating running programs. It is often used to execute untested code, or untrusted programs from unverified third-parties, suppliers, untrusted users and untrusted websites.[1]


    The sandbox typically provides a tightly controlled set of resources for guest programs to run in, such as scratch space on disk and memory. Network access, the ability to inspect the host system or read from input devices are usually disallowed or heavily restricted. In this sense, sandboxes are a specific example of virtualization.


    IMHO Safepay does (1) separate running programs, offers (2) a tightly controlled set of resources for guest (Safepay itself is its own sandbox, from this point of view), (3) have limited and controlled access to host (self-protected location for cookies and internet files mentioned above).


    An exception can be the download which uses a My Documents subdirectory for storing downloaded user files. But in this case Safepay just downloads them, does not execute, nor opens them since these are user's files, not Safepay's.


    I hope this brings a description on how Safepay relates to a sandbox. While tehnically it is not 100% a sandbox, overall I think it scores on (almost) all points describing one.


    Regards,


    Cristian


    You missed about telling Quick Scan.


    1) I understand your first half of the reply and its a good idea to put an extra layer of security for clipboard. But I can't understand the second half of the reply. Kindly elaborate further.


    And what about the Browser Vulnerabilities and Exploits in SafePay since Sandbox can successfully protect against them.

  • camarie
    camarie Principal Software Developer BD Staff
    You missed about telling Quick Scan.


    1) I understand your first half of the reply and its a good idea to put an extra layer of security for clipboard. But I can't understand the second half of the reply. Kindly elaborate further.


    And what about the Browser Vulnerabilities and Exploits in SafePay since Sandbox can successfully protect against them.


    Quickscan:


    Safepay will probably offer the option to the user to perform a scan before starting a Safepay session.


    Clipboard protection:


    Yes and no. There are pros and cons for this which I won't enumerate here - enough would be to say that Clipboard is used to all programs, and Safepay cannot impose to others "offer me the information in this way". All it can to is to enumerate entries and filter them itself, but can't stop - and for sure won't - alter the ability of other programs to write data in Clipboard. If a malware is suspected to do this, again, is the AV detection which will stop it, not Safepay.


    Sandbox:


    I'm not sure what exactly you would like me to clarify, the previous post contains several things.


    Browser vulnerabilities/exploits:


    This kind of protection is the AV responsability. (I'm not working on the AV team, but I can tell you that Safepay is protected by the same mechanism as the rest of TS binaries). What Safepay does, in short, is to minimize the attack surface, not to substitute the antivirus.


    Safepay is, after all, an user process, not a system process, and not everything is done in one place. The vulnerability analysis is on the AV team, so I suggest you to ask in that forum sections for more details.


    Cristian

  • Hi


    What do you mean by the statement "A malware URL will be blocked also by Safepay itself, even if virus shield is not working."? As far as i know the Privacy Module in 2013 also protect SafePay. Is this what you say as "Virus Shield" or is it something different?


    And about Browser vulnerabilities/exploits I want to say about the browser-based threats from exploiting browser vulnerabilities to gain control of your system just like the Sandbox do.

  • camarie
    camarie Principal Software Developer BD Staff
    Hi


    What do you mean by the statement "A malware URL will be blocked also by Safepay itself, even if virus shield is not working."? As far as i know the Privacy Module in 2013 also protect SafePay. Is this what you say as "Virus Shield" or is it something different?


    And about Browser vulnerabilities/exploits I want to say about the browser-based threats from exploiting browser vulnerabilities to gain control of your system just like the Sandbox do.


    Safepay uses the cloud engines for multiple purposes itself (to detect if a page can open a popup in a new tab, if the URL is safe to navigate to - that is, is it either bank or clean, not malware). This is done directly by Safepay using cloud interrogation, this is why I said is working even without virus shield.


    About browser vulnerabilities: I got it. (Although Sandbox I suppose does not gain control of a system as a vulnerability does - it separates/filters what a host program can do).


    As any vulnerability (not only browser), is is used to execute arbitrary code to change user settings, alter home page, or execute arbitrary code.


    A browser exploit is a form of malicious code that takes advantage of a flaw or vulnerability in an operating system or piece of software with the intent to breach browser security to alter a user's browser settings without their knowledge. Malicious code may exploit ActiveX, HTML, images, Java, JavaScript, and other Web technologies and cause the browser to run arbitrary code.



    So far browser settings, those are protected by the product and are not accessible directly by the user (even Safepay cannot do this directly and have to communicate with virus shield, which contains components responsible to settings I/O). Bookmarks/favorites are protected as well, on a smaller scale - not being a shared feature with others.


    Both types of settings are not accessible from Javascript or HTML (when you go in Favorites or Settings you notice that there is simply no web browser there, just a HTML view which is coded internally doing no I/O with browsing part).


    ActiveX and Java are not supported, so no attack using this route either.


    Even supposing remains HTML and images to execute something, it cannot do much either: if is to execute native code AV will catch it; JS code cannot alter settings, set home page (home page is Favorites, not a web page) or open popups (which are checked every time in cloud if opener/popup URL is either a favorite or a bank - no other type of URL can open popups).


    Does this answer to your question?


    Cristian

  • Safepay uses the cloud engines for multiple purposes itself (to detect if a page can open a popup in a new tab, if the URL is safe to navigate to - that is, is it either bank or clean, not malware). This is done directly by Safepay using cloud interrogation, this is why I said is working even without virus shield.


    About browser vulnerabilities: I got it. (Although Sandbox I suppose does not gain control of a system as a vulnerability does - it separates/filters what a host program can do).


    As any vulnerability (not only browser), is is used to execute arbitrary code to change user settings, alter home page, or execute arbitrary code.


    A browser exploit is a form of malicious code that takes advantage of a flaw or vulnerability in an operating system or piece of software with the intent to breach browser security to alter a user's browser settings without their knowledge. Malicious code may exploit ActiveX, HTML, images, Java, JavaScript, and other Web technologies and cause the browser to run arbitrary code.



    So far browser settings, those are protected by the product and are not accessible directly by the user (even Safepay cannot do this directly and have to communicate with virus shield, which contains components responsible to settings I/O). Bookmarks/favorites are protected as well, on a smaller scale - not being a shared feature with others.


    Both types of settings are not accessible from Javascript or HTML (when you go in Favorites or Settings you notice that there is simply no web browser there, just a HTML view which is coded internally doing no I/O with browsing part).


    ActiveX and Java are not supported, so no attack using this route either.


    Even supposing remains HTML and images to execute something, it cannot do much either: if is to execute native code AV will catch it; JS code cannot alter settings, set home page (home page is Favorites, not a web page) or open popups (which are checked every time in cloud if opener/popup URL is either a favorite or a bank - no other type of URL can open popups).


    Does this answer to your question?


    Cristian


    Hi


    I appreciate your reply. Its a long time since I got such detailed reply on this forum. You have knowledge and excellent way of expressing it.


    About Browser Vulnerability and Exploits prevention Sandbox, I read this from Bitdefender Manual.

  • Safepay uses the cloud engines for multiple purposes itself (to detect if a page can open a popup in a new tab, if the URL is safe to navigate to - that is, is it either bank or clean, not malware). This is done directly by Safepay using cloud interrogation, this is why I said is working even without virus shield.


    About browser vulnerabilities: I got it. (Although Sandbox I suppose does not gain control of a system as a vulnerability does - it separates/filters what a host program can do).


    As any vulnerability (not only browser), is is used to execute arbitrary code to change user settings, alter home page, or execute arbitrary code.


    A browser exploit is a form of malicious code that takes advantage of a flaw or vulnerability in an operating system or piece of software with the intent to breach browser security to alter a user's browser settings without their knowledge. Malicious code may exploit ActiveX, HTML, images, Java, JavaScript, and other Web technologies and cause the browser to run arbitrary code.



    So far browser settings, those are protected by the product and are not accessible directly by the user (even Safepay cannot do this directly and have to communicate with virus shield, which contains components responsible to settings I/O). Bookmarks/favorites are protected as well, on a smaller scale - not being a shared feature with others.


    Both types of settings are not accessible from Javascript or HTML (when you go in Favorites or Settings you notice that there is simply no web browser there, just a HTML view which is coded internally doing no I/O with browsing part).


    ActiveX and Java are not supported, so no attack using this route either.


    Even supposing remains HTML and images to execute something, it cannot do much either: if is to execute native code AV will catch it; JS code cannot alter settings, set home page (home page is Favorites, not a web page) or open popups (which are checked every time in cloud if opener/popup URL is either a favorite or a bank - no other type of URL can open popups).


    Does this answer to your question?


    Cristian


    I have read with enthusiasm its clarification on the operation of SafePay. I'm just curious about computer security, but I think the feature "Safepay" makes the difference from other products.


    After everything that I have investigated and tested it on security for access to bank and shop online, SafePay sends me a different perception of safety, and better, than any other feature offered by the competition.


    Congratulations on your excellent idea Safepay.


    Votes to improve, always, bitdefender products.