Safepay 2015 Deficiencies

Bought Bitdefender 2015 recently and am rather disappointed, especially with Safepay.


1. I use Lloyds and continually get an AG Player warning when logging on; surely Safepay should cope with modern banks (and Amazon as per a previous comment) without these tiresome messages.


2. My Safepay always tells me to install my Flashplayer but no matter how many times I go through the (now) boring procedure (rebooting afterwards), the installation fails. My Win 8.1 PC has Flashplayer enabled and so does Chrome so I do not know what the problem is - perhaps something to do with the Safepay browser being 'outdated' and not supported by Flashplayer?


3. Lloyds Bank does not appear as a proper shortcut on my Safepay page but as a black box; not confidence building & others have commented on this.


4. Adding shortcuts is tiresome (you are meant to re-type a link, rather than paste it; surely an error-prone procedure); it would be useful to be able to export and import them all rather than having to re-add each one separately.


5. It would be helpful to use the protected keyboard outside Safepay (for say webmail log-ins etc) and because of the general clunkiness of Safepay and tiresomeness of adding new shortcuts, it is often easier to ignore Safepay; why not have it as a Bitdefender app rather than a Safepay one.


6. While I understand the designer's comment in this Safepay forum about why Safepay Browser is behind the power curve, it is unsettling to get comments about its insecurity.


7. It should be easier to switch between Safepay and an ordinary browser, and to see them both on the same screen at the same time.


Safepay does not get my vote.

Comments

  • camarie
    camarie Principal Software Developer BD Staff

    Sorry to hear that you have these problems.


    Let's detail them as you enumerated.


    1. I use Lloyds and continually get an AG Player warning when logging on; surely Safepay should cope with modern banks (and Amazon as per a previous comment) without these tiresome messages.


    I suppose you are referring to this comment. I won't debate why a bank would attempt to load a relatively unknow player (Amazon sells things, I suppose is different from a bank) on local computer, it's their choice.


    *Why* Safepay does not load extensions and plugins other than Java and Flash I suppose is pretty clear (obviously, loading all kinds of unknown stuff will affect the security of the user).


    Now, I am not sure what would be your idea here: to support loading of AG player, or to eliminate the messages? Because the message is probably coming from the javascript of the page, not from Safepay.


    2. My Safepay always tells me to install my Flashplayer but no matter how many times I go through the (now) boring procedure (rebooting afterwards), the installation fails. My Win 8.1 PC has Flashplayer enabled and so does Chrome so I do not know what the problem is - perhaps something to do with the Safepay browser being 'outdated' and not supported by Flashplayer?
    Maybe the download link was phased out by Adobe, I know they changed something some weeks ago, but I cannot be sure. Can you tell us what version of the product you currently have installed? (We may come back with some more questions, I can't say right now).


    3. Lloyds Bank does not appear as a proper shortcut on my Safepay page but as a black box; not confidence building & others have commented on this.
    Do you refer to the bug where the title was too long and overlapping?


    4. Adding shortcuts is tiresome (you are meant to re-type a link, rather than paste it; surely an error-prone procedure); it would be useful to be able to export and import them all rather than having to re-add each one separately.
    Do you refer here to shortcut from other browsers?


    5. It would be helpful to use the protected keyboard outside Safepay (for say webmail log-ins etc) and because of the general clunkiness of Safepay and tiresomeness of adding new shortcuts, it is often easier to ignore Safepay; why not have it as a Bitdefender app rather than a Safepay one.
    Thanks for the suggestion; it is on our list.


    6. While I understand the designer's comment in this Safepay forum about why Safepay Browser is behind the power curve, it is unsettling to get comments about its insecurity.
    I'm not sure what do you mean. You are referring to the fact that Safepay is not using the very last version of Chromium?


    7. It should be easier to switch between Safepay and an ordinary browser, and to see them both on the same screen at the same time.
    That will imply that Safepay will have to run in the regular desktop, and not in the secured one. Last time when I tried to launch the other browsers into Safepay's desktop, Mozilla did not find the profiles and crashed, Google damaged the profiles and crashed some time later, and IE was frozen from the start. (We considered a task bar of apps to be launched by user, not only browsers).


    Needless to say, if most used apps crashed so bad right from the start, the idea was pushed back.


    It appears that without running the Explorer in the secure desktop, most of the apps will behave erratically. Or, this is the main reason we're *not* running Explorer, to avoid an infected process from the regular desktop to inject in Safepay. It is much to discuss here, but I hope we're on the right track.


    Anyways, I will retry soon the possibility of running other applications in the secure desktop. Thanks for suggestion.


    Regards,


    Cristian

  • Sorry to hear that you have these problems.


    Let's detail them as you enumerated.


    I suppose you are referring to this comment. I won't debate why a bank would attempt to load a relatively unknow player (Amazon sells things, I suppose is different from a bank) on local computer, it's their choice.


    *Why* Safepay does not load extensions and plugins other than Java and Flash I suppose is pretty clear (obviously, loading all kinds of unknown stuff will affect the security of the user).


    Now, I am not sure what would be your idea here: to support loading of AG player, or to eliminate the messages? Because the message is probably coming from the javascript of the page, not from Safepay. Can't comment on best solution other than to say I have to take my bank's s/w as I find it and haven't had such warnings with other s/w and feel that my 'viruschecker' should not pose such issues unless there is a real problem - and I know what you are going to say next...


    Maybe the download link was phased out by Adobe, I know they changed something some weeks ago, but I cannot be sure. Can you tell us what version of the product you currently have installed? (We may come back with some more questions, I can't say right now). Via Control Panel/Flash Player, I have PPAPI 16,0,0,235 installed while my BitDefender Safepay/Settings/Advanced still tells me I have no Flash Player plugin installed; I am not clear whether there is an addtl plugin required on top of the normal Flashplayer. All I can say is that I didn't have this problem 2 months ago and now I do, and it is a bit tiresome having (apparently) to check Flashplayer updates separately through Control Panel and Bitdefender.


    Do you refer to the bug where the title was too long and overlapping? The tile on the screen for Lloyds is just a black hole, unlike other Banking tiles which have the Bank logo there for easy identification; however the link works fine.


    Do you refer here to shortcut from other browsers? When I want to populate a link to a new bank, it is not easy to cut it from another browser (where navigation is easier) and paste it into the Safepay browser.


    Thanks for the suggestion; it is on our list.


    I'm not sure what do you mean. You are referring to the fact that Safepay is not using the very last version of Chromium? I don't really have a view on how Safepay should work re the main browser but the development path of most browsers is that they are updated regularly to incorporate security improvements (I believe) so I assume Safepay would also use the latest browser version as this wd incorporate these 'security improvement'. However thi difficulties of doing this are beyond me.


    That will imply that Safepay will have to run in the regular desktop, and not in the secured one. Last time when I tried to launch the other browsers into Safepay's desktop, Mozilla did not find the profiles and crashed, Google damaged the profiles and crashed some time later, and IE was frozen from the start. (We considered a task bar of apps to be launched by user, not only browsers).


    Needless to say, if most used apps crashed so bad right from the start, the idea was pushed back.


    It appears that without running the Explorer in the secure desktop, most of the apps will behave erratically. Or, this is the main reason we're *not* running Explorer, to avoid an infected process from the regular desktop to inject in Safepay. It is much to discuss here, but I hope we're on the right track.


    Anyways, I will retry soon the possibility of running other applications in the secure desktop. Thanks for suggestion.


    Thank you for your overall response


    Regards,


    Cristian