BitDefender reporting outlook.com as 'insecure'

Outlook version
Outlook 2016 64 bit
Email Account
#1
I'm havings strange issues with my BitDefender 2018 v 22.0.2.78. One is that it's reporting the contents of my outlook.com Inbox as 'insecure' - it must have JavaScript enabled before it can provide reports. Expert advice to me is to disable JavaScript.

BitDefender have given inconsistent replies and are again investigating.

I thought you might be interested to learn about it in case any of you use Bitdefender and are having/not having similar problems. The top line of this snip shows the problem:

Bitdefender Outlook emails vulnerable7 BEST ONE 2018-05 30th.PNG

It's a paid-for version but I don't think I'll be renewing it in December - too many niggling issues.
 
Last edited by a moderator:
Outlook version
Outlook 2016 32 bit
Email Account
Office 365 Exchange
#2
Thanks for the information. It's definitely weird, because the 'not secure' marker often means the url doesn't match the certificate or some element is loading from a non-secure link.

JavaScript on or off is a personal decision - I keep it on, but I need it for several sites. Java, on the other hand, is never installed on my systems.
 
Outlook version
Outlook 2016 64 bit
Email Account
#3
In fact, Bitdefender said I had to have Java enabled, not JavaScript: "The only browser that Bitdefender communicates with when showing the Security Report is Internet Explorer. Therefore, it is necessary that you update Java before viewing the latest Security Report."

I replied "Internet Explorer is effectively obsolete and Microsoft hasn't been maintaining it for quite a while. If you continue to restrict Security Reports to IE, you'll surely lose all your customers." The next day I told them "In addition to IE being allowed to die, there is another flaw in your insistence on Java - see this article: MSN News report
This latest discovery is sure to be publicised by the main players such as Qualys and Krebs, Microsoft too.
"

They replied that they could after all report in Edge, Chrome etc but insisted "However, enabling Java is still necessary regardless of the browser you use."
I'm still waiting for a reply.
 
Outlook version
Outlook 2016 64 bit
Email Account
#4
I should have highlighted the inconsistency of Bitdefender referring to Java. The article mentioned above states that Intel has said of their discovery of a fourth Spectre-style CPU security flaw, that "the attack is so far known to work in a language-based runtime environment like the sort you'd see in a web browser (say, JavaScript)". It's nothing to do with Java.
 
Outlook version
Outlook 2016 64 bit
Email Account
#6
still happening. I asked the MS Community Moderators to escalate to someone who would contact Bitdefender - I gave them copies of Bitdefender notices saying that the MS or outlook certificates etc were flawed but they aren't interested.
 
Outlook version
Outlook 2016 32 bit
Email Account
Office 365 Exchange
#7
Depending on the mod and if they have contacts with bitdefender, they may have passed it along and not told you. (I do that alot.)
One is that it's reporting the contents of my outlook.com Inbox as 'insecure' - it must have JavaScript enabled before it can provide reports.
Bitdefender says js needs enabled or the the not secure link in the address bar says that? I had a guy yesterday saying outlook.com was reported as insecure - he uses norton. My best guess was an ad triggered it, but i hadn't heard if he has a paid version or not.
 

Similar threads

Top