Bank protection

I still feel unconfortable with this feature for two reasons:

 

1) It happens to kick in for non non banking and/does not kickin at all

2) It does not close itself when I leave the site which caused it to kikck in

 

I suggest there is somme more work to do on it

Comments

  • Ukko
    Ukko Posts: 3,769 Superuser

    Hello,

     

    Sorry for my reply.

     

    --> With release-notes there have known trouble for Microsoft Edge (where not supporting extension yet).

    But do you have examples of URL, where this happened? Because if it triggered by totally not banking resources (or banking-protection-rated resources)... this is trouble.

     

    My experience just about "not common" banking protection triggering during google search (pictures). Probably one/two times. Based on "established connections" (or trying to do that) with banking (or banking-rated pages/resources) URLs/resources. But do not meet this long time already.

    And known for me one URL, where Banking Protection will be triggered just when there have Browsing Protection extension enabled (and installed). Which in fact.. should to help proper handle "trigger" (with my opinion.. to do less f/p situations), but there force to launch banking protection.

    I usually with experience about Internet Explorer.

     

    --> About when you close web-site.

    How I can to understand Banking Protection flyer (and feature) will be work during time... when "related" tab (or process) will be active. Which mean "browser" (with this tab or process from tab) still work.

    If there something as not possible to do that.... probably required manual close flyer (and trigger to stop banking protection).

     

    But there also should be feature for autoclosing... but with my experience (and my bank-website) this is not work still.

    For this feature you have to create report with tag "Banking Logout URL:"  where will be provided URL - which related with "log out" button/url from payment/banking page. Not sure.. if this is work with some of pages, but with my "known" experience... not work (or should not work based on something as limitation maybe; or work, but not from first.). So.. I just not sure.. how feature should properly work. :)

     

    Probably it was added with FS Protection release-build 162 (?) or around this.

     

    Sorry for my reply.

    Thanks.

  • yeoldfart
    yeoldfart Posts: 571 Superuser

    I'd like to add it does not kick in on commercial urls such as Amazon and its kins... is it by design ?

  • yeoldfart
    yeoldfart Posts: 571 Superuser

    My suggestion is that you add the possibility for the user to create his own list of payment/bank urls right in the FS protection gui

  • Ukko
    Ukko Posts: 3,769 Superuser

    Hello,

     

    Probably amazon (paypal? and other pages. And also probably most of shopping pages) should not trigger banking protection, but able to do this randomly (or as part of design)... by "some of specific URLs under their service or by another "resources" under their pages".

     

    I not really use paypal/amazon... but probably I can to think.. that there should be banking protection activation just  during step... when you around step to "add certain credentials" (or like transferring to ?! payment service). As example - when we purchase F-Secure solution under their shop (and paypal service). This is work totally (?) like that.

    Some of "payment services" triggered banking protection from first (but.... maybe this is not common situation);

     

    Also there can be delay between "banking protection triggers" (if we close one - second will be after small time out and "repeated" request);

     

    ---

    ---

    About custom list of "urls" for banking protection feature.. probably there was reply.. how I can to remember... something like "this is can be and planned, but not known when". Will be interesting to get fresh information by F-Secure. :)

     

    Sorry for long reply... else one time. Smiley Sad

  • yeoldfart
    yeoldfart Posts: 571 Superuser

    yes Ukko imo all monetary transaction ought to be protected and checked (phising)

  • Ukko
    Ukko Posts: 3,769 Superuser

    I think that current design of Banking Protection do not provide "total another" layer of protection against phishing. This point still based on browsing protection (as part... of blocking harmful/suspicious pages).

    As potential malicious trick... I think there possible potential situation, when phishing page will trigger BP-flyer (but for that.... required a lot of steps and some of setting, which probably can be too much suspicious for user).

    ----

     

    But what about "suggestion" from your previous reply.. I think there can be delay with something around this (as part of design), because probably...  when we have to add some of specific URL to be under  "trigger for banking protection".

    So.. for most of valid pages... there required transfer to F-Secure SAS (as URL for trigger banking) for rate it.

    And if this is just "user's dreams"... so based on design of feature.. that can be partly enough launch two tabs (any of banking pages, which triggered flyer/feature) and your URL (which you think shoud be under "custom" list). As result... both tabs (in fact - all system or most of system connections/network connections will be restrictred / worked under this protection feature).

     

  • martink
    martink Posts: 445 Rising Star

    What I experience with banking protection in ULAV and TP is that it fires when there is a possibility to login with banking credentials. Eg if I go to OP.fi to seach which branches are serving coffee during the OP week and no intention to login banking protection is still launched.

     

    At that point I cannot send gmail emails from Thunderbird either.

     

    Secondly I I go to a particular commercial site where I login with my email and a password banking protection is launched. Until I login I can browse the site without bankin protection which is fine.

    Also after I have completed my usage which requires login ie logged out the banking protection stays on and I cannot get anywhere.

    That is also fine as I can stop it from the buttons provide.

  • yeoldfart
    yeoldfart Posts: 571 Superuser

    imo this feature needs an overhaul:

    - self triggering on bank connections

    - self triggering on commercial sites whenever you need to identify yourself on an https

    - self shutting down whenever you leave a.m. sites

    I do not trust it until now, I'd trust Eset 10 on that point (as a tester on current beta)

  • yeoldfart
    yeoldfart Posts: 571 Superuser
  • martink
    martink Posts: 445 Rising Star

    Say it worked as designed.

    How exactly is that?

    What is expected to allow and what not?

    Eg if you go to a banking site it apparently does not allow to go to a nonbanking site, but does it allow to go to another banking site.

    How does it identify a site to be blocked and allowed?

    Does it do more than blocking and unblocking?

  • yeoldfart
    yeoldfart Posts: 571 Superuser

    until further notice from the devs I can't trust it.

This discussion has been closed.
Feedback on New Design