Page 1 of 1

Bitdefender 2017 issue

Posted: April 9th, 2017, 9:48 pm
by Morlis
Greetings,

First thing I'd like to say is that I do not believe this is WarcraftPets issue, I do believe it is Bitdefender 2017 (hereafter BD). I did want to make others aware if they are using this antivirus software and experiencing what I was.

Not long ago I upgraded my old version of BD to BD 2017 and suddenly I was having issues with extremely long load times on this site, and it caused Wowhead.com to never load and time out eventually. At first I thought it was just my internet being pesky. However I found my other two computers in the house were still operating at normal load times, just the one I loaded BD 2017 on was having issues.

By trial and error I found the issue. First I went into all the modules of BD and turned off everything, and boom, load times were normal and Wowhead loaded just fine again. So I went back and started turning modules back on one by one and when I got to the Scan SSL option, my load times on WarcraftPets were very long again and Wowhead stopped working again. So there we have it. I went to Wowhead's forums as well and found that this issue was already identified and there is a post about it there as well. Since I did not see a post here, I figured I'd mention it in case anyone else is experiencing this.

As far as I can tell the Scan SSL option verifies a websites Security Certificate. For some reason on some websites it takes a very long time to achieve this if at all, it will time out if it takes to long. I am not into web development so my understanding of this is very limited.

Recap: If you have Bitdefender 2017 and have experienced slow load times or not loading at all, try turning off SSL Scan. To achieve this go to:
Bitdefender Main screen > View Modules > Web Protection gear symbol (their Options button) > Scan SSL set to Off.

P.S. I am under the impression that BD is aware that Scan SSL is having issues and are working on it. I am not 100% on that, their forums are not exactly easy to navigate. :roll:

Re: Bitdefender 2017 issue

Posted: April 10th, 2017, 5:57 pm
by Jerebear
I know the main page is not secure (firefox reminds me everytime), so maybe it is barfing on that. Have you tried bypassing the main page and going directly to a topic or something just to see if that helps?

Re: Bitdefender 2017 issue

Posted: April 10th, 2017, 6:51 pm
by Morlis
Yes, every time I loaded a new page it would take a long time, no matter where I went. After shutting off Scan SSL all pages load at my normal pace.

Re: Bitdefender 2017 issue

Posted: April 11th, 2017, 6:03 am
by Aranesh
The reason for this usually is that SSL does not equal SSL. TLDR at the bottom ^^
The way SSL works - encrypting data before sending it through the net between your browser and the website server - is in principle identical among them all. It does create an additional delay - encryption means processing power and that equals longer time needed to transfer data, but regular web servers have no issue with that. Unless the server is very, very old, the difference is barely noticeable.

The difference in certificates however is in how they are issued. There is a wide array of possibilities, from completely anonymous certificates up to a signed company certificate with name and address of the owner (check for example paypal.com - you'll notice their name in green next to the padlock, that's a named company certificate).
None of this is required for a web page to work, but mainly google is pushing very hard for SSL encryption. For example by highlighting it stronger in Chrome, and mainly by prioritizing search results based on the type of encryption used.

What BitDefender and some other virus scanners do is check the actual certificate. It has nothing to do with the routing or the actual encryption - it only checks if the certificate and its registered owner are legit. But wait - I just said there are anonymous certificates, right? And here's the thing: If I own a certificate, I can - in a nutshell - have other certificates refer to mine. These secondary ones are then "anonymous", but they point towards the one with an actual name in it, which makes them legit as well.
And this referral game can be played indefinitely. If any of the steps in between is now located on a server that is slow, or if there's many, many steps, a certificate check can indeed create huge delays or even timeouts. This does not necessarily mean that the certificate is weaker or worse, not at all! As long as the main source is good, all is well. And the one warcraftpets.com is using is perfectly fine. All it does is adding inconvenience if your scanner is doing regular certificate checks - which in my opinion is completely unnecessary. As explained - the encryption method is mostly the same, and the encryption is what keeps your data safer, not the certificate owner. So my personal recommendation: Turn off the SSL Scan entirely ^^

As to the warning that the page is not secure - this is sadly very misleading.
If a page has NO encryption at all, there is no error message. No warnings, no nothing. Chrome and Firefox are simply OK with that. There's no green padlock on the address bar, and that's it!

But if a page does have a valid SSL encryption, yet some link or picture within the page points to a non-encrypted source, by an oversight or whatever, especially Firefox is so nice to show a warning sign. Even though the page is definitely better secured than the non-encrypted variant.

Long text, and I hope at least somebody finds it interesting and learned something ^^'


TLDR: Turn off SSL Scan, it's useless. Warcraftpets.com is perfectly fine and encrypted.

Re: Bitdefender 2017 issue

Posted: April 11th, 2017, 6:17 am
by Salus
I think general consensus nowadays is that running a 3rd party Antivirus program actually reduces the security of your PC (assuming Win7 or later). I would remove BitDefender entirely. Windows Defender (Win 8-10) or Microsoft Security Essentials (Win7) should be all you need.

edit - just to expand on Aranesh, I believe the SSL Scan feature actually uses a BitDefender certificate installed on your computer to actually make itself a man-in-the-middle. It decrypts and then re-encrypts SSL traffic with its own certificate. Again, this is a reduction in security and just an additional vector for attackers to exploit.