bitter150

+1

+1

Support ticket has been sent to BD on 11.02.2015 - no answer so far... I did get an (late) answer from BD support, announcing: "BDIS v18.22 will fix this issue." BUT: I am really sorry, but version 18.22 did NOT solve existing security leak with Scan-SSL feature in Webprotection! Weak cipher algos are still included, pls…

I am sorry, but version 18.22 did NOT solve existing security leak with Scan-SSL feature in Webprotection! Weak cipher algos are still included, pls refer to attached screenshot and: https://www.ssllabs.com/ssltest/viewMyClient.html TLS_RSA_WITH_RC4_128_MD5 TLS_RSA_WITH_RC4_128_SHA You can check unsecure results with…

Dear BD support team, I did perform 3 manual updates of the program, actual version is BDIS 18.21.0.1497, v-engine 7.59530. Test on Windows-8.1(64bit) with: IE 11.0.9600.17631, update 11.0.16 Firefox 36.0 If enabling Scan-SSL in BDIS/Web protection, browsers are connecting with unsecure ciphers, given by BDIS working as a…

Support ticket has been sent to BD on 11.02.2015 - no answer so far...

Not only Firefox is affected but IE too. It seems to be a security issue and it must be fixed by BD ASAP!

Another ticket opened: 2015021110100002 BD seems to be not really facing this security issue... Turning off 'Scan SSL' feature affects mail-/ web- transport and isn't an option because nowadays several kinds of attacks are done by ssl encrypted sites/traffic, pls refer to common security related lecture. It is a fact: BD…

'Scan SSL' feature makes browsing unsecure because of Poodle vulnerability, pls refer to: http://forum.bitdefender.com/index.php?s=&...st&p=228137

Not sure why anyone would want to disable SSL scanning Of course if people want to make their computers insecure by turning off SSL scanning that should be their right. There seem to be issues with 'Web protection/Scan SSL': http://forum.bitdefender.com/index.php?showtopic=56731 If 'Scan SSL' is enabled, Poodle attacks are…

+1 fix needed!

+1 There is a post regarding this problem: http://forum.bitdefender.com/index.php?s=&...st&p=228105 Activating 'Scan SSL' breaks TLS configuration of browser, unsecure SSLv3 is allowed: https://www.poodletest.com/

I am not shure... If 'Scan SSL' in Privacy control settings is set to OFF, poddle attack isn't working. If 'Scan SSL' in Privacy control settings is set to ON, poddle attack is possible! S it seems that BD-IS (2014) is connecting as MITM with unsecure protocol SSLv3... Testsite https://www.poodletest.com/ FF browser…

So nice tool "BitDefenderBandwidthFix.exe" is not more necessary and can be removed? Really no hint?

Fixed: Switch BDIS firewall to automatic mode, access all necessary servers, switch back to Paranoid mode...

So nice tool "BitDefenderBandwidthFix.exe" is not more necessary and can be removed?

+1 Really no answer anywhere? What's about the BD behaviour if outlook must use non standard ports (Pop/Smtp) because of a mail proxy?

Disabling the SSL scan option might not be working because SSL scanning currently re-enables itself at startup. If you go to the setting it will appear to be disabled, but it is actually on. You'll need to check then re-uncheck the option at every OS startup. Try to disable "Check SSL" with admin rights!

6- Personal Firewall really really have more feature [Like "ONLINE Armor" From emsisoft company] +1

2. if you use wallet back that up and make a note of any other critical settings you would like in the new version for AV exclusions, firewall etc. because they will be lost. Thanks for explaination, but in my opinion there is still no backup tool for settings... So how to preserve all the settings while upgrading from…

At leatst for me , for multi installations an [import/Export Settings] button from/to a file can be very helpful. +1

+1 For now, the only way to keep the rule setting is to backup-paste a user.xml file from Setting folder. How to do so? Which file includes the firewall settings?

... We're check this out and we'll supply in a next update ... Some month have gone, no solution in last updates... Do you work on this issue? Thx...

Entschuldigung, aber als Newbie-Post gleich ein Offtopic... Schade eigentlich, werden die angesprochenen sicherheitsrelevanten Themen in keinster Weise reflektiert.

Dear Georgia, in my opinion it is a security issue because the injected BD certificate seems to be issued by Bitdefender itself: "Bitdefender Personal CA.Net-Defender" BD launches a certificate which hasn't been verified from an official CA, isn't it? So there seems to be NO direct validation of target server possible, in…

Bestimmt die die hier so Negativ über BD her ziehen, sind selbst Arbeiter von Avira, AVG oder GData usw. Respekt für diesen taffen Newbie-Post... Dieser Logik folgend sind dann alle die, die BD loben, Mitarbeiter von Bitdefender ? Wirklich enttäuschend ist, dass seitens BD außer Allgemeinplätzen eben nicht Stellung…

Is 'Scan SSL' activated in BD Win8 Security 'Privacy control settings'? Thx...

Dear Georgia, thanks, but the injected BD certificate seems to be issued by Bitdefender itself: "Bitdefender Personal CA.Net-Defender" Few days ago I did start a discussion because of thinking this to be a security related issue: http://forum.bitdefender.com/index.php?showtopic=48668 BD launches a certificate which hasn't…

Really not discussion about this security related issue?

Installiere bitte neu Ungern, da sich insbesondere die Firewall-Einstellungen nach wie vor nicht sichern lassen... Was bringt eine Reparatusinstallation?