Banking Protection annoying bug!

NikK
NikK Posts: 903 Forum Champion

I've recently noticed a new behavior: If a normal(non-banking) website has a HTTPS reference to a PayPal image for donation, then Banking Protection starts. It even started while I was writing this post, after I added an image by URL from PayPal Smiley Embarassed

 

I have this problem in IE and Opera, but not in Firefox, which is also strange. I don't use Chrome but since Opera is Chromium based I guess the problem might occur in Chrome too.

 

 

The image above is enough to trigger Banking Protection in my IE or Opera. That's not how I expect Banking Protection to work.

Image URL is: https://www.paypal.com/en_US/i/btn/btn_donateCC_LG.gif  

 

EDIT: Sometimes I need to Refresh the page before Banking Protection starts. But my point is: it shouldn't start at all.

Comments

  • Simon
    Simon Posts: 2,667 Superuser

    I've noticed that too.  In fact, I've even had Banking Protection launch when viewing emails showing transactions, without the browser being open.

  • NikK
    NikK Posts: 903 Forum Champion

    Ok. It's probably the same reason: an HTTPS reference to show an image in an email.

     

    It would be interesting if someone with Chrome could test this by viewing this actual thread in Chrome.

    If Banking Protection doesn't start right away then Reload the page.

  • Ukko
    Ukko Posts: 3,611 Superuser

    About Firefox (I not sure... about that strange browser);


    But, for example, Banking Protection can be not start... if blocked "third-party" cookies (or simply "some kind of" items, which not related with current webpage.....  if here have something about privacy-filters).

    For example, it will be with Internet Explorer too.

     

    I mean about current "picture".

  • Ukko
    Ukko Posts: 3,611 Superuser

    about HTTPS - probably it's just "one of required things", which needed for initilization of Banking Protection.

     

    But here also.... just paypal marked as totally "related" item with online-payments/banking.

    I not sure.. but what if during that picture always goes "code" or other.. which certainly related with banking. :)

     

    Anyway - with somewhat reasons it's should be detected.. if user start do something around online banking.

     

    And sorry - I not really love paypal :) not sure.. that know - how it works :)

  • Simon
    Simon Posts: 2,667 Superuser

    @NikK wrote:
    I have this problem in IE and Opera, but not in Firefox, which is also strange. I don't use Chrome but since Opera is Chromium based I guess the problem might occur in Chrome too.

     


     

    It's funny, it doesn't load in Firefox either for me, but it does in SeaMonkey (which isn't officially supported for BP), and I thought SeaMonkey ran on the same engine as Firefox.  dunno.gif

  • [Deleted User]
    [Deleted User] Posts: 0 Former F-Secure Employee

    Hi all,

     

    Thank you for reporting. This is a known behaviour. This is made so to protect users when banking related action can be taken on a page as Ukko mentioned.

     

    This same behaviour should be on every browser.

    From my quick tests Banking protection triggers also on FF(27 & 29.0.1).

  • NikK
    NikK Posts: 903 Forum Champion

    Thanks for replying Ben.

     

    I read a lot of blogs daily and for example the well known security blog http://krebsonsecurity.com/ has never triggered BP before but now triggers it every time. At first I couldn't understand what was going on. Was my F-Secure software perhaps compromised or was krebsonsecurity hacked? (call me paranoid Smiley Wink)  I think this can confuse a lot of F-Secure users.

     

    The image in this case is part of a form that when clicked will redirect to https://www.paypal.com/cgi-bin/webscr  IMO, BP shouldn't start until you click that.

     

    I expected BP to know the difference when I'm actually visiting a banking site compared to when only an image is loaded from one. I think there must be room for improvements here.

     

    Edit: The only cool thing about this is that I'm probably the first person to trigger BP in a community page Smiley LOL

  • Ukko
    Ukko Posts: 3,611 Superuser

    Hello,

     

    Probably you able to use F-Secure SAS with current URL.

    They have special category (about URLs) with Banking Protection and situations - and maybe it's can be like part of that.

    They can to check it more "close" and create something like "should be or not".

     

     

    Anyway... for example.... my browsers will be without that behavior. Because.. current picture will be blocked by "filters" as "third party item".

    And just "direct" visit for that URL (picture) - work like Banking Protection.

    And it's mean... here can be situation, when current one picture... marked as one of "things" (because here HTTPS - it's just main reason for start banking protection - like if you visit.. for example... just main webpage by some of banks - which can be just HTTP; but also here... online-payment source-website like second reason...  and maybe some other reasons for started banking protection), which should be just with "active banking operation". Maybe also adminstrators/developers wrongly used that "mechanism by PayPal" in their services. Anyway - maybe F-Secure SAS can to speedy reaction for that. :)

  • Ukko
    Ukko Posts: 3,611 Superuser

    And like addition...

     

    Current "behavior" will be work around any "pictures" from "page", which should be with Banking Protection.

     

    Here I mean - if check any random bank-websites.... and if get any picture/any resource from page, where Banking Protection started (and should be start), enough that picture/resource for same behavior. Enough just "font-background"-picture too.

    Probably it's normal - because that pictures/resources should be used just with one page, where Banking Protection should be started.

     

    Some kind of addition - if someone have Banking Protection during that setting (if it's load from first or during direct visit).

     

    Spoiler
  • NikK
    NikK Posts: 903 Forum Champion

    Thanks for the suggestion! The problem with SAS is that there's no option to report a site that wrongly triggers BP and I'm forced to select one of the options. Anyway I selected another option and explained why.

     

    BUT, I already received a reply and it seems an automatic one unfortunately:

    "The submitted website has been verified to be clean and the appropriate rating is updated"

     

    So unless a human reads my explanation they won't understand what the problem is Smiley Sad

    But in the long run we can't submit all URLs with this problem. And Simon mentioned that even emails can trigger BP. No easy way to report that.

  • Ukko
    Ukko Posts: 3,611 Superuser

    OK :)

    It's sad.... (I mean about "answer" - if it choosed option about Banking Protection, but with other "sub-category");

     

    So... it's can be helpful next - http://www.f-secure.com/en/web/labs_global/submit-samples/banking-protection

    Here have specific e-mail for feedback about certainly Banking Protection.

     

    But I not recommend it.. by first suggestion... because:

     

     - I used it two times:

     

    First - I receive fast response (and it was.... long time ago);

     

    Second one - my letter was ignored.. and it was some kind of "recently" (maybe months ago).

     

    Because it.. I thought F-Secure SAS can be faster, speedy and certainly with "response".

    ---------------------------------------------------

     

    Also you can to try "re-ask" F-Secure SAS (I mean ticket, which created)... with question about "Look here... attention..." :)

    About other situations... maybe all close to "same" (I mean... when Banking Protection started... it's should be one or same reason for start it.  Except troubles around any live-search or other.... points around - which also "same", another kind of behavior, which more close to not really normal for user).

  • kgt
    kgt Posts: 2

    I ran into a similar problem: I wanted to pay an online ticket from SNCF, entered my credit card data, was connected to my bank, and the banking protection prevented the payment. Only after switching banking protection off (which had to be done during a very short period after the connection with my bank was opened) the transaction succeeded. I guess that it is the fault of SNCF which does not send some code, or SNCF's cashier is not whitelisted. Anyway it took me some time to believe that I had to switch off banking protection to get a successful transaction.

     

    Best wishes

    kgt

  • [Deleted User]
    [Deleted User] Posts: 0 Former F-Secure Employee

    Hey all!

     

    Just wondering if this behavior has been continuing, or if perhaps the "bug" has been exterminated?  At least I haven't noticed it in my own browsing.

  • kgt
    kgt Posts: 2

    I have not tried again, but next time I buy a ticket from SNCF I will try to pay without switching Banking Protection off. Anyway thanks for checking.

     

    Best wishes

    kgt

  • NikK
    NikK Posts: 903 Forum Champion

    @kgt To clarify, this thread was about a different problem - that Banking Protection started when it's not supposed to!

    BUT I sometimes get the same problem as you had, on non-banking sites that I use my bank card reader to log in to. Sometimes the only way to get these sites to work properly is to end the Banking Protection. You can try and add these sites to the exceptions list in browsing protection(Online Safety), but the problem is that you may need to add more than one address per site depending on how the site works.

     

    @Chrissy  I contacted the Banking Protection support(email) and they told me they made some changes + instructed me to clear the ORSP(Reputation) cache. When that didn't help I gave up. And I do still have Browsing Protection started when I go to page 1 in this thread (with IE 11).

    The general problem however isn't a big problem anymore as I've noticed that web sites should reference the domain paypalobjects instead of paypal, for images. It's only when someone doesn't know that and wrongly references paypal.com that Banking Protection will start.

This discussion has been closed.
Pricing & Product Info