Bank Warns Of Safepay Outdated

This describes Safepay as part of BitDefender Total Sec 2015


Dear Bitdefender,


Recently, I had a ticket made, because one of my banks (in the Netherlands) shows me: you are using an outdated browser (when I am using safepay). This is rabobank.nl .


The browser identifies itself as Chrome (chromium based) version 35 and the bank scripts trigger on any version below 40... (I could check by looking at the browser traffic using wireshark, using my normal browser). At other banks, the browser sometimes is identified as Safepay 2015.3 *and then considered safe, but most Dutch banks only support a browser that identifies itself as the most current (& most current -1) version of the browser.


The main problem is, that in The Netherlands, bankings & government declared that everyone should use the most modern browser(s), otherwise, when you get hacked/scammed, the risk is also for the user. With a report of an old browser (because it identifies as chrome 35), a judge will more easily side with the banks lawyers, when an user is hacked, and (digitally) robbed of his money, one way or another.


I've read the 2014 discussion between Christian & an user on this forum, about the difficulty upgrading a version, because you need to test it completely before release, so I tend to think outside the box here... Is it possible, to let the safepay identify itself as SafePay 2015.3 AND (if not correctly identified by a site) a modern browser (-1) such as Firefox 35.compatible.Safepay.2015.3 or Chrome.41.compatible.Safepay.2015.3?


That way, the banks will accept the version (It is current) yet it is completely identifiable, and not making false claims (you are NOT FF35, you are FF35 compatible....)


The ticket was closed (your latest patch worked with the bank for 3 days, until a new version came out... alas, the problem has returned)


Kind regards.


Eric


Principal IT Infra Architect


The Netherlands - Rotterdam Area

Comments

  • camarie
    camarie Principal Software Developer BD Staff
    This describes Safepay as part of BitDefender Total Sec 2015


    Dear Bitdefender,


    Recently, I had a ticket made, because one of my banks (in the Netherlands) shows me: you are using an outdated browser (when I am using safepay). This is rabobank.nl .


    The browser identifies itself as Chrome (chromium based) version 35 and the bank scripts trigger on any version below 40... (I could check by looking at the browser traffic using wireshark, using my normal browser). At other banks, the browser sometimes is identified as Safepay 2015.3 *and then considered safe, but most Dutch banks only support a browser that identifies itself as the most current (& most current -1) version of the browser.


    The main problem is, that in The Netherlands, bankings & government declared that everyone should use the most modern browser(s), otherwise, when you get hacked/scammed, the risk is also for the user. With a report of an old browser (because it identifies as chrome 35), a judge will more easily side with the banks lawyers, when an user is hacked, and (digitally) robbed of his money, one way or another.


    I've read the 2014 discussion between Christian & an user on this forum, about the difficulty upgrading a version, because you need to test it completely before release, so I tend to think outside the box here... Is it possible, to let the safepay identify itself as SafePay 2015.3 AND (if not correctly identified by a site) a modern browser (-1) such as Firefox 35.compatible.Safepay.2015.3 or Chrome.41.compatible.Safepay.2015.3?


    That way, the banks will accept the version (It is current) yet it is completely identifiable, and not making false claims (you are NOT FF35, you are FF35 compatible....)


    The ticket was closed (your latest patch worked with the bank for 3 days, until a new version came out... alas, the problem has returned)


    Kind regards.


    Eric


    Principal IT Infra Architect


    The Netherlands - Rotterdam Area


    Thank you for signaling this to us. You are right, since also Chrome seems to follow the path of Firefox, updating for some minor things not the build or version info, but the major version.


    Between two Chrome major versions - I can't remember them now - there were 2 (TWO) changes, neither of them affecting functionality, and a bunch of bugfixes. Firefox is even worse, as we all know.


    The user agent override - with the user's consent, obviously - came up some time ago; at the time, the idea was considered a little bit too much for the regular user, which may be scared or confused seeing "user agent", "browser compatibility" and such nerdy messages - they just want the job done.


    But you nailed the point correctly, and it seems we're forced to deal with this quite shortly.


    I won't tell you right now which will be the solution adopted, since I have to call a meeting regarding this (it is quite important, and frankly I wasn't aware about the legal arguments you mentioned - thank you for pointing us about).


    So let me talk with the management and PM first, and come back with an answer.


    Regards,


    Cristian

  • Dear Christian,


    Thank you for your reaction! :)


    If I can be of any assistance (testing), just let me know


    Kind regards,


    Eric


    Thank you for signaling this to us. You are right, since also Chrome seems to follow the path of Firefox, updating for some minor things not the build or version info, but the major version.


    Between two Chrome major versions - I can't remember them now - there were 2 (TWO) changes, neither of them affecting functionality, and a bunch of bugfixes. Firefox is even worse, as we all know.


    The user agent override - with the user's consent, obviously - came up some time ago; at the time, the idea was considered a little bit too much for the regular user, which may be scared or confused seeing "user agent", "browser compatibility" and such nerdy messages - they just want the job done.


    But you nailed the point correctly, and it seems we're forced to deal with this quite shortly.


    I won't tell you right now which will be the solution adopted, since I have to call a meeting regarding this (it is quite important, and frankly I wasn't aware about the legal arguments you mentioned - thank you for pointing us about).


    So let me talk with the management and PM first, and come back with an answer.


    Regards,


    Cristian

  • Thank you for signaling this to us.....


    But you nailed the point correctly, and it seems we're forced to deal with this quite shortly.....


    I won't tell you right now which will be the solution adopted, since I have to call a meeting regarding this (it is quite important, and frankly I wasn't aware about the legal arguments you mentioned - thank you for pointing us about).


    So let me talk with the management and PM first, and come back with an answer.


    Regards,


    Cristian


    Cristian, sorry, but these issues have been reported about Safepay for a LONG time! Internet banking is very important for many of us and if our banks highlight the Safepay browser as being out of date, then even if it is not illegal, it is common sense to see that the bank will argue that we used an outdated (therefore insecure) browser to access our account, so any money stolen from an exploit being leveraged...well, tough, we lose our money!!!


    As a security company, how can BD even defend to use an outdated browser with KNOWN exploits / issues for e-banking?! It is completely incompatible with your mission to give the best security! Can you guys not see this ridiculous incompatability, even real danger, of using an outdated browser in Safepay?


    So do NOT call it SAFEpay if you cannot give adequate resources and priority to this product! Call it MaybeSafePay, or SometimesSafePay, or WeSayIt'sSafePayButIt'sNotReally......


    Give that to the CEO to think about, and do it today please!

  • Hello

    It is 2023 now and I get the same warning from my bank.

    Browser is outdated and Login is impossible.

    I work with Bitdefender total security newest version.

    Online banking is a top priority tool for me.

  • Flexx
    Flexx DEFENDER OF THE YEAR 2023 / DEFENDER OF THE MONTH ✭✭✭✭✭ mod

    Kindly contact the bitdefender support by visiting https://www.bitdefender.com/consumer/support/ and scroll down to the bottom of the webpage where you can get in touch with support representative either by email, chat or over a call.

    Alternatively, you can also share your query with bitdefender support team by dropping them an email at bitsy@bitdefender.com

    The support team will reply back to your query within next 24-48 hours excluding weekends.

    Regards

    Life happens, Coffee helps!

    Show your Attitude, when you reach that Altitude!

    Bitdefender Ultimate Security Plus (user)

  • Thank you for pointing it out.

    I have contacted support now.